Archive
1-15 April 2013 Cyber Attacks Timeline
I know, I am a little late this month. We have just entered May and I was able to publish the first part of the Timeline of April. I will try to maintain the usual rhythm and to be more punctual for the next releases.
Anyway, the first part of April has offered many interesting port with several large scale attacks and massive breaches. The first category includes the Darkleech malware against Apache, and the gigantic brute-force attack against WordPress. The second category includes the attacks against two primary Japanese portals, the FPS War Z, Scribd, Linode, and, most of all Schnucks Markets, targeting potentially 2.4 million users.
But not only Cyber Crime in this month, even the hacktivists were quite active with their OpIsrael 2 (and its controversial damage report), the wake of attacks against North Korean web sites, and even the sixth week of DDoS attacks against the U.S. Banks carried on under the so-called Operation Ababil.
Hard times for System Administrators!
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
Read more…
1-16 February 2013 Cyber Attacks Timeline
Here is the summary of the Cyber Attacks Timeline for February. A month that will probably be remembered for the “sophisticated” cyber attacks to the two main social networks: Facebook and Twitter.
But the attacks against the two major social networks were not the only remarkable events of this period. Other governmental and industrial high-profile targets have fallen under the blows of (state-sponsored) cyber criminals: the list of the governmental targets is led by the U.S. Department of Energy and the Japan Ministry of Foreign Affairs, while Bit9, a primary security firm, was also targeted, leading the chart of Industrial targets.
Hacktivists have raised the bar and breached the Federal Reserve, leaking the details of 4,000 U.S. Banks executives. Similarly, the Bush family was also targeted, suffering the leak of private emails.
Even if the list is not as long as the one of January, it includes other important targets, so, scroll it down to have an idea of how fragile our data are inside the cyberspace. Also have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). To do so, you can use this form.
1-15 January 2013 Cyber Attacks Timeline
So here we are with the first Cyber Attacks Timeline for 2013 covering the first half of January.
Apparently the new year has begun with an intense activity by Cyber Crooks. Hacktivists and Cyber Criminals had many time to spend in front of their keyboards during the holiday break, and as a consequence the number of breaches with more than 10.000 accounts compromised is incredibly high. WWF China, the City of Steubenville, Ohio and The German Chamber of Commerce are only three examples of institutions that suffered massive breaches during the beginning of this year.
But the massive breaches are not the only remarkable events of this period: the waves of DDoS Attacks against US banks continued (and promise to extend also in the next weeks), Kaspersky Lab discovered a new massive Cyber Espionage Campaign dubbed “Red October”, and also the Japan Farm Ministry was hit by yet another Cyber Attack, allegedly originating from China…
If this is only the beginning… 2013 promises to be pretty much troubled for system administrators…
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). To do so, you can use this form.
Big in Japan: Yet Another Targeted Attack Against a Japanese Target
Updated 3/12/2012 to include the cyber attack targeting the Upper Chamber of Japanese Parliament discovered on 2 November 2011.
The New York Times has recently reported the news related to a (yet another) targeted cyber-attack against JAXA (Japan Aerospace Exploration Agency). This targeted attack has allegedly led to the exfiltration of sensitive information related to Epsilon, a solid-fuel rocket prototype supposed to be used also for military applications, suggesting the targeted attack is probably part of a cyber-espionage campaign.
The targeted attack has been carried on by mean of a malware installed in a computer at Tsukuba Space Center. Before being discovered, on November 21, the malicious executable has secretly collected data and sent it outside the agency.
This is the second known targeted attack against JAXA in less than eleven months: on January 13, 2012, a computer virus infected a data terminal at Japan’s Space Agency, causing a leak of potentially sensitive information including JAXA’s H-2 Transfer Vehicle, an unmanned vessel that ferries cargo to the International Space Station. In that circumstance officials said that information about the robotic spacecraft and its operations might have been compromised.
Unfortunately the above cyber-attacks are not episodic circumstances, confirming that Japan is a hot zone from an information security perspective, and a coveted target for cyber espionage campaigns. Undoubtedly, the strategic importance of this country in the global chessboard and hence its internal secrets and the intellectual property of its industries are more than a good reason for such similar targeted cyber-attacks.
The list is quite long…
19 September 2011: Mitsubishi Heavy Industries, Japan’s biggest defense contractor, reveals that it suffered a hacker attack in August 2011 that caused some of its networks to be infected by malware. According to the company 45 network servers and 38 PCs became infected with malware at ten facilities across Japan. The infected sites included its submarine manufacturing plant in Kobe and the Nagoya Guidance & Propulsion System Works, which makes engine parts for missiles.
24 October 2011: An internal investigation on the Cyber Attack against Mitsubishi finds signs that the information has been transmitted outside the company’s computer network “with the strong possibility that an outsider was involved”. As a consequence, sensitive information concerning vital defense equipment, such as fighter jets, as well as nuclear power plant design and safety plans, was apparently stolen.
25 October 2011: According to local media reports, computers in Japan’s lower house of parliament were hit by cyber-attacks from a server based in China that left information exposed for at least a month. A trojan horse was emailed to a Lower House member in July of the same year, the Trojan horse then downloaded malware from a server based in China, allowing remote hackers to secretly spy on email communications and steal usernames and passwords from lawmakers for at least a month.
27 October 2011: The Japanese Foreign Ministry launches an investigation to find out the consequences of a cyber-attack targeting dozens of computers used at Japanese diplomatic offices in nine countries. Many of the targeted computers were found to have been infected with a backdoor since the summer of the same year. The infection was allegedly caused by a spear-phishing attack targeting the ministry’s confidential diplomatic information. Suspects are directed to China.
2 November 2011: Japan’s parliament comes under cyber attack again, apparently from the same emails linked to China that already hit the lawmakers’ computers in Japan’s lower house of parliament. In this circumstance, malicious emails are found on computers used in the upper chamber of the Japanese parliament.
13 January 2012: Officials announce that a computer virus infected a data terminal at Japan’s space agency, causing a leak of potentially sensitive information. The malware was discovered on January 6 on a terminal used by one of its employees. The employee in question worked on JAXA’s H-2 Transfer Vehicle, an unmanned vessel that ferries cargo to the International Space Station. Information about the robotic spacecraft and its operations may thus have been compromised and in fact the investigation shows that the computer virus had gathered information from the machine.
20 July 2012: The Japanese Finance Ministry declares to have found that some of its computers have been infected with a virus since 2010 to 2011 and admits that some information may have been leaked. 123 computers on 2,000 have been found infected and, according to the investigation, the contagion started in January 2010, suggesting that information could have been leaked for over two years. The last infection occurred in November 2011, after which the apparent attack suddenly stopped.
16-30 September 2012 Cyber Attacks Timeline
Part One with 1-15 September 201 Timeline Here.
September is over and it’s time to analyze this month from an Information Security perspective with the second part of the Cyber Attack Timeline.
Probably this month will be remembered for the massive outage of six U.S. Banks (Bank of America, JPMorgan Chase, Citigroup, U.S. Bank, Wells Fargo and PNC ) caused by a wave of DDoS attack carried on by alleged Muslim hackers in retaliation for the infamous movie (maybe this term is exaggerated) “The Innocence of Muslims”.
China has confirmed its intense activity inside the Cyber space. Alleged (state-sponsored?) Chinese hackers were allegedly behind the attack to Telvent, whose project files of its core product OASyS SCADA were stolen after a breach, and also behind a thwarted spear-phishing cyber attack against the White House.
Adobe suffered a high-profile breach which caused a build server to be compromised with the consequent theft of a certificate key used to sign two malware strains found on the wild (with the consequent necessary revoke of the compromised key affecting approximately 1,100 files).
Last but not least, the Hacktivism fever has apparently dropped. September has offered some attacks on the wake of the #OpFreeAssange campaign, and a new wave of attacks at the end of the month after the global protests set for September, the 29th, under the hashtag of #29s.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
What is a Cyber Weapon?
What is a Cyber Weapon? At first glance this seems an immediate question to answer, but should anyone try to analyze the meaning of this term more deeply, probably he would be quite surprised and disappointed in discovering that the answer is not so immediate since an exact definition has not been given (at least so far).
A real paradox in the same days in which The Pentagon, following the Japanese Example, has unveiled its new strategy aimed to dramatically accelerate the development of new Cyber Weapons. And do not think these are isolated, fashion-driven examples (other nations are approaching the same strategy), but rather consider them real needs in the post-Stuxnet age, an age in which more and more government are moving their armies to the fifth domain of war [you will probably remember the (in)famous episode, when F-Secure was able to discover Chinese Government launching online attacks against unidentified U.S. Targets].
Recently Stefano Mele, a friend and a colleague of the Italian Security Professional Group, tried to give an answer to this question in his paper (so far only in Italian but it will be soon translated in English) where he analyzes Cyber Weapons from a legal and strategical perspective.
As he points out “Correctly defining the concept of Cyber Weapon, thus giving a definition also in law, is an urgent and unavoidable task, for being able to assess both the level of threat deriving from a cyber attack, and the consequent political and legal responsibilities attributable to those who performed it”. Maybe this phrase encloses the reason why a coherent definition has not been given so far: a cyber weapon is not only a technological concept, but rather hides behind it complex juridical implications.
Having this in mind, according to Stefano’s definition: a cyber weapon is:
A device or any set of computer instructions intended to unlawfully damage a system acting as a critical infrastructure, its information, the data or programs therein contained or thereto relevant, or even intended to facilitate the interruption, total or partial, or alteration of its operation.
The above definition implies that cyber weapons may span in theory a wide range of possibilities: from (D)DoS attacks (which typically have a low level of penetration since they target the “surface” of their targets), to “tailored” malware like Stuxnet, characterized by a high intrusiveness and a low rate of collateral damages.
One could probably argue whether a cyber weapon must necessarily generate physical damages or not, in which case, probably, Stuxnet, would be the one, so far, to encompass all the requirements. In any case, from my point of view, I believe the effects of a cyber weapon should be evaluated from its domain of relevance, the cyberspace, with the possibility to cross the virtual boundaries and extend to the real world (Stuxnet is a clear example of this, since it inflicted serious damages to Iranian Nuclear Plants, including large-scale accidents and loss of lifes).
With this idea in mind, I tried to build a model to classify the cyber weapons according to four parameters: Precision (that is the capability to target only the specific objective and reduce collateral damages), Intrusion (that is the level of penetration inside the target), Visibility (that is the capability to be undetected), and Easiness to Implement (a measure of the resource needed to develop the specific cyber weapon). The results, ranging from paintball pistols to smart bombs, are summarized in the above chart.
As you may notice, in these terms a DDoS attack is closer to a paintball pistol: the latter has a low level of penetration and the effects are more perceived than real (it shows the holder’s intention to harm the victim rather than constituting a real danger ), nevertheless it may be used to threaten someone, or worst to make a robbery. The same is true for a DDoS, it is often used to threaten the target, its action stops at the surface and usually the effects are more relevant in terms of reputation of the victims than in terms of damages done. Nevertheless, for the targets, it may lead to an interruption of service (albeit with no physical damages) and monetary losses.
On the opposite site there are specific “surgical” APTs: they have a high level of penetration with reduced collateral damages, they are able to go hidden for long time, but require huge investments to be developed, which ultimately make their adoption not so easy.
Of course, in between, there is a broad gray area, where the other Cyber Weapons reside depending on their positioning according to the four classification parameters identified… So, at the end what do you think? Do you agree with this classification?
March 2012 Cyber Attacks Timeline (Part II)
First Part: March 2012 Cyber Attacks Timeline (Part I)
It is time for the second part of the March 2012 Cyber Attacks Timeline, a month that will probably be remembered for the breach occurred to Global Payments, a credit card processor, whose aftermath may potentially affect up to 10 million credit card holders belonging, among the others, to Visa and MasterCard.
On the hacktivism front, not even three weeks after the arrest of several LulzSec members, a new hacking crew has appeared whose name, LulzSecReborn, clearly reminds the infamous collective and its Days of Lulz. They entered the scene with a noticeable, albeit discussed, leak: more than 170.000 records from a military dating site.
Other remarkable hacktivism-led cyber attacks include the so called #OpFariseo, a wave of Cyber Attacks targeting websites related to the visit of the Pope in Mexico, and a new cyber attack to PBS. It is also important to notice the debut of the Anonymous in China, a debut characterized by a massive wave of defacements.
Last but not least, among the events of this month there is one which in particular deserves a mention, and is the leak which targeted Vector Inc., a Japanese computer selling firm, potentially affecting more than 260,000 users.
As usual after the jump you will find all the references.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @pausparrows on Twitter for the latest updates.
November 2011 Cyber Attacks Timeline (Part II)
The second half of November has confirmed the trend seen in the previous report covering the first half of the month. The period under examination has confirmed a remarkable increase in Cyber Attacks from both a quality and quantity perspective.
Although the month has been characterized by many small attacks, several remarkable events have really made the difference.
Among the victims of the month, Finland deserves a special mention in this unenviable rank: the second half of the month has confirmed the emerging trend for this country, which suffered in this period two further breaches of huge amounts of personal data, for a global cumulative cost, computed on the whole month, around $25 million.
But Finland was not the only northern European country hit by cybercrookers (maybe the term cyberprofessionals would be more appropriate): Norwegian systems associated with the country’s oil, gas and energy sectors were hit with an APT based cyber attack resulting in a loss of sensitive information including documents, drawings, user names and passwords.
But once again the crown of the most remarkable breach of the month is placed upon the head of South Korea which suffered another huge data dump affecting users of the popular MMORPG “Maple Story” affecting theoretically 13 million of users, nearly the 27% of the Korean population, for an estimated cost of the breach close to $2.8 billion.
The list of affected countries this month includes also 243,089 Nigerian users, victims of the hack of Naijaloaded, a popular forum.
Microsoft has been another victim in this November, with a phishing scam targeting Xbox Live users. Details of the scam are not clear, although each single affected user in U.K. might have lost something between £100 and £200 for a total cost of the breach assimilable to “million of Pounds”.
November will make history for showing for the first time to information security professionals the dangers hidden inside the SCADA universe (and not related to Nuclear Reactors). The echo of Stuxnet and Duqu is still alive, but this month was the the turn of SCADA water pumps, that have suffered a couple of attacks (Springfield and South Houston), the first one allegedly originated from Russia and the second one from a “lonely ranger” who considered the answer from DHS concerning the first incident, too soft and not enough satisfactory. My sixth sense (and one half) tells me that we will need to get more and more used to attacks against SCADA driven facilities.
The Anonymous continued their operations against governments with a brand new occurrence of their Friday Releases, targeting a Special Agent of the CA Department and leaking something like 38,000 emails. Besides from other some sparse “small” operations, the other remarkable action performed by the Anonymous collective involved the hacking of an United Nations (old?) server, that caused personal data of some personnel to be released on the Internet.
November Special mentions are dedicated (for opposite reasons) to HP and AT&T. HP for the issue on their printers discovered by a group of Researchers of Columbia Univerity, which could allow a malicious user to remotely control (and burn) them. AT&T deserved the special mention for the attack, unsuccessful, against the 1% of its 100 million wireless accounts customer base.
In any case, counting also the “minor” attacks of the month, the chart shows a real emergency for data protection issues: schools, e-commerce sites, TVs, government sites, etc. are increasingly becoming targets. Administrators do not show the deserved attention to data protection and maybe also the users are loosing the real perception of how much important is the safeguard of their personal information and how serious the aftermaths of a compromise are.
As usual, references for each single cyber attack are reported below. Have a (nice?) read and most of alle share among your acquaintances the awareness that everyone is virtually at risk.
Related articles
- November 2011 Cyber Attacks Timeline (Part I) (paulsparrows.wordpress.com)
November 2011 Cyber Attacks Timeline (Part I)
Update 12/01/2011: November Cyber Attacks Timeline (Part II)
This first half of November has been very hard for Steam. The Valve Online Gaming Platform suffered a security breach putting at risk a potential sample of 37 million of users and hence wins the crown for the Major Breach of the First Half of November.
Also a sportswear giant like Adidas fell among the victims of cybercriminals, with a “sophisticated attack” targeting 500,000 users.
This month was also hot for the Cold Finland which has suffered two security breaches involving more than 30,000 users (a third breach also happened on November, the 16th, affecting 16,000 users but of course will be reported in the next report).
Two other CAs (KPN and Digicert Sdn Bhd Malaysia, not to be confused with Digicert US-based CA) were compromised. Also F-secure discovered a sample of malware signed with a valid certificate stolen from a Malasyan company.
On a larger scale, after 2 years of hunt, FBI uncovered a huge Botnet in Estonia, which stole $14 million from 4 million users worldwide, while on the other side of the Globe, Brazilian ISPS were targeted by a massive DNS Poisoning attack.
Not even Facebook was safe this month, whose (too) many users were targeted with a malware posting pornographic images on their wall exploiting an Internet Explorer Vulnerability.
As far as hactivism is concerned, the political events in the real world had a predictable echo in the Cyber space, with an attack to Palestine the day after the nation was admitted as a full member of UNESCO.
As a retaliation, some Israeli Government web sites were targeted with a wave of DDoS attacks by the infamous Anonymous hacking group. In any case the Anonymous were active also in other Cyberwar fronts acting a couple of defacements and DDoS (in one case they targeted the Muslim Brotherhood) and were also the authors to one of the two attacks in Finland (the one towards a right-wind party).
A group of Hackers called TeaMp0isoN claimed to have hacked more than 150 Email Id’s of International Foreign Governments even if this statement is controversial.
What is not controversial is the Cyberwar declared against Mexico which was targeted, in November, by a massive waves of Cyber Attacks.
Besides these noticeable events, the month was characterized by many other minor attacks and dumps among which, particularly noticeable are: the attacks to a couple of banks (DDoS and defacements) and Universities (UCLA and Standford hit by data breaches), and the Fox Business Twitter Account Hacking (Oops they did it again!).
The month ends with the first example of malware targeting ambulance.
Please notice that I decided henceforth not to insert attacks targeting a limited amount of users and most of all, claimed without clear evidence: in this month I discovered a claimed fake attack to Italian Police announced recycling old data.
- http://www.guardian.co.uk/world/2011/nov/01/palestinians-hit-cyber-attack-unesco
- http://www.cyberwarnews.info/2011/11/02/dump-of-steam-accounts/
- http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_nitro_attacks.pdf
- http://thehackernews.com/2011/11/fraud-communities-owned-and-exposed-by.html
- http://www.cyberwarnews.info/2011/11/03/opdarknet-official-and-last-release/
- http://www.cyberwarnews.info/2011/11/03/accounts-dumped-from-hiphopinstrumental-net/
- http://www.cyberwarnews.info/2011/11/03/peru-government-websites-defaced-by-challenges-hackers/
- http://nakedsecurity.sophos.com/2011/11/03/another-certificate-authority-issues-dangerous-certficates/
- http://www.cyberwarnews.info/2011/11/04/bayareaconnection-net-defaced/
- http://www.cyberwarnews.info/2011/11/04/yet-another-pointless-account-dump-hundreds-dumped-from-www-jjs2-com/
- http://threatpost.com/en_us/blogs/another-dutch-ca-kpn-stops-issuing-certificates-after-finding-ddos-tool-server-110411
- http://thehackernews.com/2011/11/capitalone-bank-taken-down-by-anonymous.html
- http://www.networkworld.com/news/2011/110411-hacker-selling-access-to-compromised-252771.html?source=nww_rss
- http://www.phiprivacy.net/?p=8227
- http://thehackernews.com/2011/11/anonymous-attack-on-israeli-government.html
- http://www.itworld.com/security/222033/fake-threat-against-facebook-dwarfs-anonymous-real-attacks-israel-finland-portugal
- http://pplware.sapo.pt/informacao/site-freeport-pt-foi-atacado-entre-outros/
- http://www.databreaches.net/?p=21359
- http://www.itworld.com/security/222033/fake-threat-against-facebook-dwarfs-anonymous-real-attacks-israel-finland-portugal
- http://www.yomiuri.co.jp/dy/national/T111105002386.htm
- http://www.cyberwarnews.info/2011/11/08/massive-amount-of-accounts-dumped-from-adidas-com/
- http://www.theregister.co.uk/2011/11/07/adidas_hack_attack/
- http://www.cyberwarnews.info/2011/11/08/massive-amount-of-accounts-dumped-from-adidas-com/
- http://thehackernews.com/2011/11/international-foreign-government-e.html
- http://www.theregister.co.uk/2011/11/09/teamp0ison_publishes_stupid_password_list/
- http://news.softpedia.com/news/16-000-Finns-Affected-by-Data-Breach-232851.shtml
- http://nakedsecurity.sophos.com/2011/11/08/anonymous-attacks-el-salvadoran-sites/
- http://www.smh.com.au/business/privacy-of-millions-at-mercy-of-a-usb-device-20111107-1n3wm.html
- http://thehackernews.com/2011/11/ump-french-political-party-got-hacked.html
- http://www.cyberwarnews.info/2011/11/08/premierleaguepool-co-uk-accounts-dumped-by-sen/
- http://www.cyberwarnews.info/2011/11/08/60k-accounts-dumped-from-ohmedia-by-teamswastika/
- http://www.cyberwarnews.info/2011/11/08/dump-of-accounts-from-beachvolley-se/
- http://www.cyberwarnews.info/2011/11/08/khadraglass-com-hacked-and-accounts-dumped-by-inj3ct0r/
- http://www.cyberwarnews.info/2011/11/09/scamming-email-account-dumpers-are-surfacing-50k-french-accounts-dumped/
- http://thehackernews.com/2011/11/possible-credit-card-theft-in-steam.html
- http://www.fbi.gov/news/stories/2011/november/malware_110911/malware_110911
- http://www.theregister.co.uk/2011/11/10/it_manager_charges/
- http://thehackernews.com/2011/11/bangladesh-supreme-court-website-hacked.html
- https://twitter.com/#!/igetroot/status/134865652543520768
- http://thehackernews.com/2011/11/operation-brotherhood-shutdown-by.html
- http://nakedsecurity.sophos.com/2011/11/14/ambulance-service-disrupted-by-computer-virus-infection/
- http://www.cyberwarnews.info/2011/11/12/ucla-department-of-psychology-hacked-by-inj3ct0r/
- http://www.ehackingnews.com/2011/11/social-network-site-findfriendzcom.html
- http://www.cyberwarnews.info/2011/11/13/dump-of-information-by-inj3ct0r/
- http://www.f-secure.com/weblog/archives/00002269.html
- http://www.cyberwarnews.info/2011/11/14/dump-of-accounts-from-congress-of-sonora/
- http://www.cyberwarnews.info/2011/11/14/2-more-government-dumps-by-metalsoft-team/
- http://www.cyberwarnews.info/2011/11/14/another-big-dump-of-accounts-from-sec404-mexican-hackers/
- http://www.cyberwarnews.info/2011/11/14/another-mexican-government-congress-hacked-canaldelcongreso-gob-mx/
- http://www.cyberwarnews.info/2011/11/14/dump-of-data-from-another-mexican-congress-sinaloa-state-congress/
- http://www.cyberwarnews.info/2011/11/14/ministry-of-economy-mexico-hacked-by-sec404/
- http://www.cyberwarnews.info/2011/11/14/unit-of-transparency-and-access-to-public-information-website-hacked/
- http://www.cyberwarnews.info/2011/11/14/national-commission-of-physical-culture-and-sport-hacked-and-accounts-leaked/
- http://nakedsecurity.sophos.com/2011/11/14/hacked-sky-news-twitter-account-james-murdoch-arrested/
- http://news.softpedia.com/news/Anonymous-Attacks-Anonymous-For-Being-Trolls-234949.shtml
- http://nakedsecurity.sophos.com/2011/11/16/facebook-explains-pornographic-shock-spam-hints-at-browser-vulnerability/
The China Cyber Attacks Syndrome
A w
eek ago, the Office of the National Counterintelligence Executive published a report to Congress concerning the use of cyber espionage to attempt to gain business and industrial secrets from US companies. Easily predictable, the results present a frightening picture!
With no surprise it turned out that the biggest dangers and perpetrators of cyber-espionage operations against American business are China and Russia.
- Chinese actors are the world’s most active and persistent perpetrators of economic espionage. US private sector firms and cybersecurity specialists have reported an onslaught of computer network intrusions that have originated in China, but the Intelligence Community cannot confirm who was responsible.
- Russia’s intelligence services are conducting a range of activities to collect economic information and technology from US targets.
- Some US allies and partners use their broad access to US institutions to acquire sensitive US economic and technology information, primarily through aggressive elicitation and other human intelligence tactics. Some of these states have advanced cyber capabilities.
Unfortunately the predictions for the near future are not encouraging: the authors of the report judge that the governments of China and Russia will remain aggressive and capable collectors of sensitive US economic information and technologies, particularly in cyberspace.
This is mainly due to three factors: a technological shift with a growing number of devices connected to the Internet (according to a Cisco Systems study, the number of devices connected to the Internet is expected to increase from about 12.5 billion in 2010 to 25 billion in 2015). An economical shift driven by the Cloud Paradigm which requires the information to be ubiquitous and always available and, last but not least, a cultural shift which bring users to a growing use of social media for personal and professional use with a dangerous overlapping.
With these considerations in mind I decided to concentrate on a single table all the attacks with cyber espionage implications reported in 2011 for which China was directly or indirectly (or allegedly) considered responsible. The details (and links) of each single attack can be found on my 2011 Cyber Attacks Timeline Master Index (of course the list does not include the infamous Operation Aurora and the attack to G20 during the French Leadership since these events occurred during 2010).
U.S., Canada, Japan and Korea are among the countries hit by the Cyber Attacks from Far East. The most known attack is for sure the one perpetrated against RSA, whose wake affected several U.S. Contractors. Moreover the same attack was not an isolated episode, but the tip of an iceberg hiding 760 affected organizations worldwide.
Shady Rat and the IMF attack were other noticeable events as also the breach reported against the Cyworld the Korean Social Networks in which 37 million users were affected.
A frightening scenario that also generated some resounding fake attacks during 2011 (do you remember the Renault affair?)
A new cold (cyber)war at the gates?
Related articles
- Cyber-espionage attempts on US businesses are on rise (arstechnica.com)
About The Author
Support My Work!
Share:
News
08/13/2011 - My Post on Android Malware Mentioned on Engadget.
04/14/2011 - The Article Smart Grid: L'ultima Frontiera del Cybercrime published on ICT Security Magazine May 2011.
03/14/2011 - Security Summit 2011: Paolo Passeri guest at Round Table "Mobile Security: Rischi, Tecnologie, Mercato"
02/14/2011 - The Article Gears of Cyberwar published on ICT Security Magazine January 2011.
Visitors from…
