It is time for the summary of the second half of February, two weeks of remarkable cyber attacks against high-tech giants, massive breaches and Twitter Account Hijackings.
Probably the most resounding events of this period (maybe more for the high profile of the victims than for the actual effects) are the two attacks, allegedly originating from China, (with a common root cause, the compromising of an iPhone developer forum) carried on against Apple and Microsoft.
But not only the two high-tech giants, other illustrious victims have fallen under the blows of hacktivists and cyber criminals. The list is quite long and includes Bank of America, American Express, Casio, ZenDesk, cPanel, Central Hudson Gas & Electric Corporation, etc.).
Last but not least, the unprecedented trail of Cyber attack against Twitter Profile belonging to single individuals (see Donald Trump) or Corporations (Burger King and Jeep). Maybe it is time to change the passwords…
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
A special thanks to Kim Guldberg AKA @bufferzone for continuously advising me about significant cyber events through the Submit Form! Much Appreciated!
As usual, here is the list of the main cyber attacks for April 2012. A first half of the month which has been characterized by hacktivism, although the time of the resounding attacks seems so far away. Also because, after the arrest of Sabu, the law enforcement agencies (which also were targeted during this month, most of all in UK), made two further arrests of alleged hackers affiliated to the Anonymous Collective: W0rmer, member of CabinCr3w, and two possible members of the infamous collective @TeaMp0isoN.
In any case, the most important breach of the first half of the month has nothing to deal with hacktivism, targeted the health sector and occurred to Utah Department of Health with potentially 750,000 users affected. According to the Last Ponemon Study related to the cost of a breach ($194 per record) applied to the minimum number of users affected (250,000), the monetary impact could be at least $ 55 million.
Another interesting event to mention in the observed period is also the alleged attack against a Chinese Military Contractor, and the takedown of the five most important al-Qaeda forums. On the hacktivist front, it worths to mention a new hijacked call from MI6 to FBI, but also the alleged phone bombing to the same Law Enforcement Agency. Both events were performed by TeamPoison, whose two alleged members were arrested the day after.
For the sample of attacks I tried to identify: the category of the targets, the category of the attacks, and the motivations behind them. Of course this attempt must be taken with caution since in many cases the attacks did not target a single objective. Taking into account the single objectives would have been nearly impossible and prone to errors (I am doing the timeline in my free time!), so the data reported on the charts refer to the single event (and not to all the target affected in the single event).
As usual the references are placed after the jump.
By the way, SQL Injection continues to rule (the question mark indicates attacks possibly performed by SQL Injection, where the term “possibly” indicates the lack of direct evidences…).
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @pausparrows on Twitter for the latest updates.
Update December 26: 2011 is nearly gone and hence, here it is One Year Of Lulz (Part II)
This month I am a little late for the December Cyber Attacks Timeline. In the meantime, I decided to collect on a single table the main Cyber Attacks for this unforgettable year.
In this post I cover the first half (more or less), ranging from January to July 2011. This period has seen the infamous RSA Breach, the huge Sony and Epsilon breaches, the rise and fall of the LulzSec Group and the beginning of the hot summer of Anonymous agsainst the Law Enforcement Agencies and Cyber Contractors. Korea was also affected by a huge breach. The total cost of all the breaches occurred inthis period (computed with Ponemon Institute’s estimates according to which the cost of a single record is around 214$) is more than 25 billion USD.
As usual after the page break you find all the references.
This awful infosec July is over, and finally we can sum up the Cyber Attacks reported during this month. I collected all the available information and inserted it inside the following chart. Where possible (that is enough information available) I tried to estimate the cost of the attacks using the indications from the Ponemon’s insitute according to which the average cost of a Data Breach is US $214 for each compromised record. The total sum (for the known attacks) is around $7.6 billion, mainly due to the “National Data Breach” of the South Korean Social Network Cyworld.
Approximately 16 attacks were directly or indirectly related to Antisec or Anonymous, they promised an hot summer and unfortunately are keeping their word…
Useful resources for compiling the (very long) chart were taken from:
- 2011 Cyber Attacks (and Cyber Costs) Timeline (Updated) (paulsparrows.wordpress.com)
- 2011 CyberAttacks Timeline (paulsparrows.wordpress.com)
- 50 Days of Hunt (paulsparrows.wordpress.com)
- LulzSec hacking: a timeline (telegraph.co.uk)
- Anonymous Denies Paternity For the CNAIPIC Hack (paulsparrows.wordpress.com)
As already suggested, I considered the original 2011 Cyber Attacks Timeline graph by Thomson Reuters not enough complete since it did not show some important attacks occurred during this tremendous 2011. This is the reason why I decided to draw an enhanced version which shows, according to my personal opinion (and metric), the list of 2011 major cyber attacks both for size and impact. Moreover in this version I added the cost of the breaches (where possible), and the alleged kind of attack perpetrated.
All the data were taken from the bulletins or statements released by the victims, or from the tweets released by the attackers.
Costs were calculated, where possible, using the indications from the Ponemon’s insitute: the average cost of a Data Breach is US $214 for each compromised record, if the targeted company decided to respond immediately the cost is around UD $268 for each compromised record, which drops to US $ 174 if the company takes longer to react.
The Total Cost is an incredible number: nearly US $ 18 billion.
Useless to say, Sony achieves rank #1 with US $ 13.4 billion. In this unenviable chart, Epsilon gains the second place with an estimated cost for its breach, of US $ 4 billion.
The others breaches, although not comparable with the previous ones, if summed, allow to achieve the grand total.
Even if smaller in size, and apparently in importance, I decided to insert in the chart also the attack to Comodo Certificates, happened in March, the 24th. In this annus horribilis, it came immediately after the RSA affaire and it has decreed, together with the RSA breach, the fall of the modern bastions of Strong Authentication (in few days tokens and certificates have proved to be vulnerable). Moreover I consider the message of the author a memorable declaration of Cyberwar. On the trail of the RSA breach the wave of attacks towards US contractors is noteworthy as well.
Hackers focused on Media Sites (Fox, PBS, Sony, Sony BMG), with a clear message against censorship (and probably the neverending problem of copyright). Interesting the second attack to PBS made to show the poor skill of LuzSecs by Warv0x, one of their enemies. In the last part of June Videogame industry was the preferred target (also Epic suffered a breach) with different intentions: LulzSec attacked Nintendo and Bethesda (the second attack resulted in data breach for the victim), but offered to avenge Sega (the manufacturer of Dreamcast), after the disastrous breach.
Direct attacks to governments focused essentially on LOIC based DDoS, albeit some infamous breaches to related sites (as in case of Infoguard/FBI and NATO) lead to Data Breaches.
Last but not least, please notice the intense activity from LulzSec in their intense “50 days of living dangerously”, just before the sudden dissolution of the group happened on June, the 25th.
- What do RSA, Epsilon and Sony breaches have in common? (paulsparrows.wordpress.com)
- It was only a matter of time… (paulsparrows.wordpress.com)
- More Random Thoughts on the RSA Breach (paulsparrows.wordpress.com)
- 2011 CyberAttacks Timeline (paulsparrows.wordpress.com)
It looks like the consumerization of warfare is unstoppable and getting more and more mobile. After our first post of Jume the 16th, today I stumbled upon a couple of articles indicating the growing military interest for consumer technologies.
Network World reports that the National Security Agency is evaluating the use of COTS (Commercial Off-The-Shelf) products for military purposes and is evaluating several different commercially available smartphones and tablets, properly hardened and secured. The final goal is to have four main devices, plus a couple of infrastructure support services. Meanwhile, trying to anticipate the NSA certification process, U.S. Marines are willing to verify the benefits of a military use of smartphones and consequently issued a Request For Information for trusted handheld platforms.
In both cases, the new technologies (smartphones and tablets) are preferred since they are able to provide, in small size and weight, the capability to rapidly access information in different domains (e.g., internet, intranet, secret), geolocation capabilities which are useful in situation awareness contexts, and , last but not least, the capability to connect with different media (eg, personal area network [PAN], wireless local area network [LAN], wide area network [WAN]).
Nevertheless, in a certain manner, the two approaches, albeit aiming to the same objective, are slightly different. NSA is evaluating the possibility to harden COTS in order to make them suitable for a military use, but since this process of hardening, certification and accreditation may take up to a couple of years, which is typically the life cycle of a commercial smartphone or tablet (it sounds quite optimistic since one year is an eternity for this kind of devices), the RFI issued by the Marines Corps is soliciting for system architectures and business partnerships that facilitate low-cost and high-assurance handhelds, where high-assurance means at least meeting the common criteria for evaluated assurance level (EAL) of 5+ or above. From this point of view the Marines’ approach seems closer to (and hence follows) the approach faced by the U.S. Army which is already testing iPhones, Android devices and tablets for us in war (a total of 85 apps, whose development took about $4.2 million, we could nearly speak about a Military iTunes or Military Android Market!).
But the adoption of consumer technologies does not stop here and will probably soon involve also the use of technologies closely resembling the Cloud. As a matter of fact, the NSA plans to develop in the near future a secure mobile capability, referred to as the “Mobile Virtual Network Operator,”, which will be be able to establish a way to provide sensitive content to the military and intelligence “in a way that roughly emulates what Amazon does with Kindle”, as stated by said Debora Plunkett, director of the NSA’s information assurance directorate, speaking at the Gartner Security and Risk Management Summit 2011 (but the NSA will not be the first to pilot this kind of technology since the NATO is already adopting Cloud Computing).
Probably this is only one side of the coin, I’m willing to bet that the consumerization of warfare will soon “infect” armies belonging to different countries and consequently the next step will be the development of weapons (read mobile military malware) targeted to damage the normal behavior of the military smartphones and tablets. On the other hand the Pentagon has developed a list of cyber-weapons, including malware, that can sabotage an adversary’s critical networks, so it is likely that these kind of weapons will soon affect mobile devices…
- NSA wants bulletproof smartphone, tablet security (infoworld.com)
- Consumerization of Warfare (paulsparrows.wordpress.com)
- NSA Reveals Cloud Plans, May Open-Source Some of Its Software (readwriteweb.com)