About these ads

Archive

Posts Tagged ‘IEEE’

1-15 September 2012 Cyber Attacks Timeline

September 19, 2012 Leave a comment

Here it is the usual compilation for the Cyber Attacks in the first half of September, a period which has apparently confirmed the revamping of hacktivism seen in August.

Several operations such as #OpFreeAssange (in support of Julian Assange), #OpTPB2 against the arrest of The Pirate Bay Co-Founder Gottfrid Svartholm Warg, and #OpIndipendencia in Mexico have characterized the first half of September. Curiously the hacktivists have also characterized this period for a couple of controversial events: the alleged leak of 1 million of UDIDs from FBI (later proven to be fake) and the alleged attack to GoDaddy (later proven to be a network issue, that is the reason why I not even mentioned it in this timeline). Other actions motivated by hacktivists have been carried on by Pro-Syrian hackers.

From a Cyber Crime perspective, there are two events particularly interesting (even if well different): the alleged leak of Mitt Romney’s tax returns and yet another breach against a Bitcoin Exchange (Bitfloor), worthing the equivalent of 250,000 USD which forced the operator to suspend the operations.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Read more…

About these ads

The Two Faces of Hacking

July 20, 2011 1 comment

My colleague Massimo Biagiotti suggested me this interesting matrix from IEEE which originally indicated some of the biggest and best stories assessed along two dimensions: innovation and impact.

Actually I cleaned it up a little bit in order to show only some of the events happened in 2011, which were inserted in the original matrix. As a reference I left some events of the previous years (inserted in the original matrix as well) in order to have a kind of normalization. They include the infamous Ufo Hacker, the Greek Cellphone Caper, and finally the Palin’s Email Hacking.

As you may easily notice, Stuxnet deserves the Top of the Rock for Innovation and Impact. The infamous malware (the terror the nuclear power plants) has divided the infosec community in different factions: those who consider the malware as the first example of next-gen cyber-weapons developed (maybe by Israel and the U.S.) to seriously damage and delay the Iranian nuclear program (whose development took at least ten years of work), or those who consider it the work of an amateur, a script kid, possibly an astronomer with knowledge of the Holy Bible. Regardless of the real origin, because of its huge exploitation of 0-day vulnerabilities (which make it really contagious) the malware has established a new level, and probably a new standard for the information security landscape.

The RSA breach ranks in a considerable position as well. As known, compromised seeds were used to attack several main contractors of U.S. Defense (L-3, at the beginning of April but disclosed at the end of May, Lockheed Martin, on May, the 22nd, and Northrop Grumman on May, the 26th). As I told in one few posts ago I am afraid that also the Mother of All Breaches, that is the breach of 24,000 files by a Contractor, happened in March but disclosed by Pentagon last week, may be somehow related to the RSA Breach. As a consequence of the latter breach, a classified US military weapons system will have to be redesigned. Because of the impact, this breach should also be included in the matrix.

Probably the effects of the Epsilon Data Breach have been underestimated, since it is likely that security concerns, in terms of phishing, for the owners of breached e-mail addresses will last for years.

Obviously the matrix could not miss the infamous Anonymous and LulzSec Hacking groups. Their actions are considered quite simple with a major impact for the Lulz Boat. The Anonymous group is perhaps unfairly considered only for DDoS, and probably the matrix was drawn before the events of the last days such as the Monsanto Hack performed by Anonymous (whose impact is quite huge and denotes a growing interest of the group towards social problems), or the Sun Hacking (at this link some technical details on the hack).

Finally a quick consideration, of course it is a coincidence, but I could not help noticing that the author of the Ufo Hack, Gary McKinnon, has been diagnosed with the Asperger’s Syndrome, a form of Autism. Curiously the same disease has been diagnosed to Ryan Cleary, the alleged LulzSec member arrested in U.K. on June, the 21st. Probably some individuals suffering of autism spectrum disorders establish with machines the links and relationships they are not able to establish with the other human beings. This explains in part why they are so able with hacking…

Again, thanks to Massimo for reporting this really interesting (and enjoying) link.

Follow

Get every new post delivered to your Inbox.

Join 3,086 other followers