About these ads

Archive

Posts Tagged ‘Information security’

The Unbearable Lightness of Being an APT

April 25, 2012 2 comments

Or better “The Unbearable Lightness of (Human) Beings and APTs”. Immediately after my post on Cyber Weapons, I was pointed out that APTs are not Cyber Weapons. On a more general perspective, APTs are not things but (groups of) human beings who have the capability and the intent to target specific entries with multi-factor attacks. Said in few words an APT is not a “what” but is a “who”. On the other hand, how many could afford to hire (and pay) a double agent capable of implanting a malware inside a nuclear complex through an infected USB thumb?

An Oxford dictionary for Information Security has not already been published, hence this term is commonly used to refer to cyber threats or long-term sophisticated hacking attacks. The latter is the interpretation closer to what I meant in compiling the chart.

The Evolution Of Cybercrime [Infographic]

A couple of days ago I held a presentation at the Cyber Crime Conference in Rome about the strategies for thwarting Cybercrime. While preparing the slides I collected some material with which I prepared the following infographic dealing with the evolution of Cyber Crime.

The romantic times of phone phreaking are definitively gone and today the Cyber Crime is an organized industry with a complex ecosystem which generated in 2011, $ 388 billion in 24 countries. A value dangerously close to the value of global drug trafficking.

Scroll down the infographic and discover the HACK factor (Hacktivism, Availability, Cloud/Mobile and Know-How) which influences the rapid growth of the Cyber Crime Phenomena.

The First Italian Cybercrime Report is Available [Infographic]

March 21, 2012 7 comments

Yesterday, during the Italian Security Summit 2012, the Italian Clusit Association has unveiled the first Italian Cybercrime Report for which I acted as a contributor (in particular I compiled the section dedicated to the Italian Cyber Attacks), putting also at disposal my 2011 Cyber Attacks Timeline for the Report’s introduction.

This is a great result for our Security Community, not only because such a similar holistic work had never been compiled before in Italy, but also because it pinpoints the possible trends and scenarios for 2012 and hence provide guidelines useful to delineate security strategies for professionals and organizations.

Most of all, the Report has been enriched by data collected by the Italian Cyber Police. An unprecedented event in Italy that provides a real deep insight the Cybercrime impacts in everyday life as never done before in our country.

Said in few words, it worths a read, and even if, so far, it is in Italian, we are working for a short English Version.

In the meantime I provide you with an amusing preview. In compiling the report, Andrea Zapparoli Manzoni, a dear friend and most of all one of the report contributors, did a great job by cataloguing all the 406 international attacks that I collected in my 2011 timeline. I consequently decided to summarize the results of this huge work in the following Infographic. The result is quite impressive, isn’t it?

Middle East Cyber War Timeline (Part VIII)

March 18, 2012 1 comment

This last week has seen some remarkable events an undoubtable revamp of data leaks inside the Middle East Cyberwar.

Not only the infamous 0xOmar, the initiator of the Middle East Cyber War, reappeared, leaking alleged secret data from some Israeli Virtual Israeli Air Force School websites; but also the Pakistani zCompany Hacking Crew has re-entered the scene unchaining the original weapon, that is the Credit Card leak. As a matter of fact ZHC published 5,166 records containing working credit cards, usernames, emails and addresses of individual supporters of the Zionist Organisation of UK & Ireland (zionist.org.uk).

On a different front, the massive defacements of websites all over the world in support of #OpFreePalestine continued. Under the label of the same operation, the Anonymous also “doxed” several companies and individuals on pastebin.

As far as the two main contenders (Iran and Israel) are concerned, the strategies seem quite different.

Iran has shown a cyber activity culminated in the alleged attack against the BBC Persian Service. For this nation, it is also important to notice its “cyber autarky”, maybe a choice forced by the embargo, that led to the creation of an internal email service, in contrast to the traditional Gmail, Yahoo, etc. This happens few weeks after the decision to develop an internal Antivirus.

On the opposite front, Israel keeps on its apparent cyber silence. Is it the prelude for the feared military action against Iran?

If you want to be constantly updated on the Middle East Cyber War, at this link you find the complete timeline. Also follow @paulsparrows on Twitter for the latest updates!

Read more…

After latest F-35 hack, Lockheed Martin, BAE Systems, Elbit under multiple cyber attacks….right now.

March 14, 2012 2 comments

Cross Posted from TheAviationist.

I have just published a timeline covering the main Cyber Attacks targeting Military Industry and Aviation, but it looks like the latest events will force me to post an update, soon.

Although perpetrated with very different timelines, origins and motivations behind them, the last three days have seen a new wave of attacks against military industry that has unexpectedly become the point of intersection between cybercrime and cyberwar.

The first clamorous attack was disclosed a couple of days ago, when the Sunday Times revealed that alleged Chinese Hackers were able to penetrate into computers belonging to BAE Systems, Britain’s biggest defence company, and to steal details about the design, performance and electronic systems of the West’s latest fighter jet, the costly F-35 Joint Strike Fighter. The hacking attack has raised concerns that the fighter jet’s advanced radar capabilities could have been compromised and comes few weeks after papers about the future British-French drone were stolen in Paris.

Apparently, once again, an APT-based attack, or maybe one of its precursors, since it was first uncovered nearly three years ago. In any case, according to the sources and the little information available, it lasted continuously for 18 months, exploiting vulnerabilities in BAE’s computer defences to steal vast amounts of data. A fingerprint analogous to other similar cyber operations, allegedly generated from China such as Operation Aurora or the controversial operation Shady RAT.

Details of the attack have been a secret within Britain’s intelligence community until they were disclosed by a senior BAE executive during a private dinner in London for cyber security experts late last year.

Curiously the F-35 seems to be a very attracting prey for hackers as it was already the victim of a Cyber Attack in 2009; once again the latest attack is believed to be originated from China, who is showing a restless cyber activity.

Although completely different for impact and motivations, a second attack has just been announced by the infamous hacking collective Anonymous, which, in name of the #OpFreePalestine operation, has published the contact details for senior staff at BAE (hit once again), Lockheed, Gulfstream Aerospace, a division of General Dynamics, and the United States Division Of Israeli Owned Arms Company Elbit Systems. An attempt to embarrass military industry considered involved in the events happening in Palestine.

Although the data dumps apparently contain little valuable information (according to V3.co.uk many of the telephone numbers listed are for company headquarters, while several of the names appear to be out of date), the latest attacks represent a quantum leap in the Middle East Cyber War, after the “reign of terror” threatened by Anonymous against Israel.

The F-35 JSF is not only the most advanced stealthy fighter plane of the next future. It is also the most expensive. That’s why some partners have been compelled to downsize their initial requirements because of cuts imposed by the increasing unit price (with the new contract the total unit cost for an LRIP 5 jet is 205.3 million USD!!).

Apparently these cuts are interesting even the IT Security budgets of the manufacturers.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated) at hackmageddon.com. And follow the author of this article @pausparrows on Twitter for the latest updates.

The Italian Job

March 13, 2012 5 comments

The Italian Anonymous did it again and today have attacked for the second time in few days the vatican.va website. Actually this time their attack has apparently been deeper since the infamous collective also posted a small portion of a database claimed to have been leaked from radiovaticana.org, the website of the official Vatican Radio.

The inevitable statement on pastebin (so far only in Italian) quotes Imperva, the Israeli Company Focused on Application Security which claimed, few days ago, to have prevented, in August, a summer attack against the Vatican, using the collected information to profile a typical Anonymous DDoS attack.

Of course the pastebin suggests that this attack has been a kind of retaliation against the information disclosed by Israeli Security Company in their detailed report, nevertheless this has been only the last DDoS attack in Italy in this troubled weekend that has seen several websites falling under the LOIC shots: Saturday the Italian Railways have been hit (three domains), and yesterday Equitalia, the company owning the concession, on behalf of the Government, to collect taxes.

This (un)expected revamp of DDoS activity in Italy comes approximately nearly a couple of months after the LOIC attacks unchained by the MegaUpload shutdown, and nearly nine months after the waves of attacks which made the Italian Summer a very hot season for Information Security.

Besides, so far the preferred targets of The Anonymous in Italy have been Government and Politician Websites, targeting the Vatican Site, looks like this time the Anonymous crossed the line.

As a matter of fact I have decided to write down in a table all the hacktivism-led attacks carried on Italy from the 2011 onwards. I have collected the information on the attacks during the gathering of the necessary material to prepare my timelines for 2011 and 2012. In reading the list, please consider that several DDoS attacks were only claimed by the attackers, so it is really difficult discriminate if they were succesful or not, nevertheless I thought it appropriate to insert them all to provide a global view.

So far, you will notice that the Hackvism in Italy has passed three main phases: the summer phase, maybe interrupted by the wave of arrests in July; the winter phase, as quoted above, immediately after the Megaupload shutdown on the wake of the anti-SOPA/PIPA/ACTA movements; and the current phase (may we define it a spring phase?) triggered by the delicate internal sociopolitical situation….

March 2011

04/03/2011 finmeccanica.it DDOS Military Industry
04/03/2011 eni.it DDOS Energy
04/03/2011 unicredit.it DDOS Finance

June 2011

21/06/2011 ilpopolodellalibertà.it DDoS Political Parties
21/06/2011 governoberlusconi.it DDoS Political Parties
21/06/2011 pdl.it DDoS Political Parties
21/06/2011 governoberlusconi.it DDoS Political Parties
21/06/2011 silvioberlusconifansclub.org DDoS Political Parties
21/06/2011 forzasilvio.it DDoS Political Parties
22/06/2011 governo.it DDoS Government
22/06/2011 camera.it DDoS Government
22/06/2011 senato.it DDoS Government
22/06/2011 interno.it DDoS Government
22/06/2011 regione.campania.it DDoS Government
22/06/2011 pdl.it DDoS Political Parties
22/06/2011 renatobrunetta.it DDoS Political Parties
22/06/2011 innovazionepa.gov.it DDoS Government
23/06/2011 governo.it DDoS Government
23/06/2011 agcom.it DDoS Government
23/06/2011 leganord.org DDoS Political Parties
24/06/2011 governo.it DDoS Government
24/06/2011 giustizia.it DDoS Government
28/06/2011 agcom.it DDOS Government
29/06/2011 camera.it DDoS Government
29/06/2011 pdl.it DDoS Government
29/06/2011 mediaset.it DDoS Entertainment
30/06/2011 telecomitalia.it DDoS ISP
30/06/2011 poste.it DDoS Mail
30/06/2011 borsaitaliana.it DDoS Finance

July 2011

01/07/2011 leganord.org DDoS Political Parties
01/07/2011 agcom.it DDoS Government
02/07/2011 innovazionepa.gov.it DDoS Government
02/07/2011 governo.it DDoS Government
03/07/2011 agcom.it DDoS Government
04/07/2011 agcom.it DDoS Government
06/07/2011 19 Universities:                  unisi.it
unisa.it
uniroma1.it
anotonianum.eu
econoca.it
uniba.it
unibocconi.it
unifg.it
unime.it
unimib.it
uniurb.it
unibo.it
unipv.it
unina2.it
unile.it
polimi.it
unito.it
unimo.it
SQLi? Education
31/07/2011 vitrociset.it Defacement Contractor

August 2011

03/08/2011 vitrociset.it Defacement Contractor
06/08/2011 sappe.it Defacement Law Enforcement Agencies

September 2011

02/09/2011 Undisclosed Bank ? Finance

November 2011

29/11/2011 fiocchigfl.it Defacement Military Industry

December 2011

06/12/2011 torino-lione.it Defacement Transportation
06/12/2011 ghiglia.it Defacement Political Parties
19/12/2011 fabriziocorona.it Defacement Entertainment
19/12/2011 costantinovitaliano.it Defacement Entertainment

January 2012

10/01/2012 leganord.org Defacement Political Parties
13/01/2012 italia.gov.it DDoS Political Parties
22/01/2012 siae.it DDoS Entertainment
22/01/2012 universalmusic.it DDoS Entertainment
22/01/2012 copyright.it DDoS Entertainment
22/01/2012 giannifava.org DDoS Political Parties
22/01/2012 leganord.org DDoS Political Parties
24/01/2012 giustizia.it DDoS Government
26/01/2012 italia.gov.it DDoS Government

February 2012

11/02/2012 circondarialetorino.it Defacement Law Enforcement Agencies
17/02/2012 rivagroup.com DDoS Military Industry
17/02/2012 enel.it DDoS Energy
18/02/2012 mauriziopaniz.it Defacement Political Parties
22/02/2012 binetti.it Defacement Political Parties
27/02/2012 polizia.it DDoS Law Enforcement Agencies
27/02/2012 carabinieri.it DDoS Law Enforcement Agencies

March 2012

07/03/2012 vatican.va DDoS Religion
10/03/2012 trenitalia.it DDoS Transportation
10/03/2012 RFI.it DDoS Transportation
10/03/2012 viaggaintreno.it DDoS Transportation
11/03/2012 equitalia.it DDoS Services
12/03/2012 vatican.va DDoS Religion
12/03/2012 radiovaticana.org Defacement Religion
Follow

Get every new post delivered to your Inbox.

Join 3,088 other followers