It’s time for the Cyber Attacks Timeline for the first half of January 2014. I wish we had a better start for this Infosec year. Not even a month has passed (actually this timeline covers the first two weeks) and we have already seen several massive breaches (Snapchat) and other resounding events, maybe less relevant from a mere numeric perspective, but equally meaningful for the high profile of the victims involved (Microsoft).
Besides Snapchat, other important organizations have been targeted by Cyber crooks with very bad consequences: World Poker Tour (175,333), Staysure (93,000 individuals involved) and OpenSUSE (79,500 victims) are the most noticeable examples. On the cyber crime front other meaningful events include a wave of attacks against Video Games industries, and the hacking of Yahoo advertise network, infecting, potentially 27,000 users per hour.
Hacktivists of the Syrian Electronic Army are back with the result that even Microsoft is now part of the list of their victims (however their web site was also hacked in the same period). Other hacktivists very active in the same period include the infamous RedHack collective.
Last but not least, the control room of the Nuclear Plant of Monju in Japan was found infected with a malware capable of allegedly exfiltrate 42,000 emails.
As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
It looks like the consumerization of warfare is unstoppable and getting more and more mobile. After our first post of Jume the 16th, today I stumbled upon a couple of articles indicating the growing military interest for consumer technologies.
Network World reports that the National Security Agency is evaluating the use of COTS (Commercial Off-The-Shelf) products for military purposes and is evaluating several different commercially available smartphones and tablets, properly hardened and secured. The final goal is to have four main devices, plus a couple of infrastructure support services. Meanwhile, trying to anticipate the NSA certification process, U.S. Marines are willing to verify the benefits of a military use of smartphones and consequently issued a Request For Information for trusted handheld platforms.
In both cases, the new technologies (smartphones and tablets) are preferred since they are able to provide, in small size and weight, the capability to rapidly access information in different domains (e.g., internet, intranet, secret), geolocation capabilities which are useful in situation awareness contexts, and , last but not least, the capability to connect with different media (eg, personal area network [PAN], wireless local area network [LAN], wide area network [WAN]).
Nevertheless, in a certain manner, the two approaches, albeit aiming to the same objective, are slightly different. NSA is evaluating the possibility to harden COTS in order to make them suitable for a military use, but since this process of hardening, certification and accreditation may take up to a couple of years, which is typically the life cycle of a commercial smartphone or tablet (it sounds quite optimistic since one year is an eternity for this kind of devices), the RFI issued by the Marines Corps is soliciting for system architectures and business partnerships that facilitate low-cost and high-assurance handhelds, where high-assurance means at least meeting the common criteria for evaluated assurance level (EAL) of 5+ or above. From this point of view the Marines’ approach seems closer to (and hence follows) the approach faced by the U.S. Army which is already testing iPhones, Android devices and tablets for us in war (a total of 85 apps, whose development took about $4.2 million, we could nearly speak about a Military iTunes or Military Android Market!).
But the adoption of consumer technologies does not stop here and will probably soon involve also the use of technologies closely resembling the Cloud. As a matter of fact, the NSA plans to develop in the near future a secure mobile capability, referred to as the “Mobile Virtual Network Operator,”, which will be be able to establish a way to provide sensitive content to the military and intelligence “in a way that roughly emulates what Amazon does with Kindle”, as stated by said Debora Plunkett, director of the NSA’s information assurance directorate, speaking at the Gartner Security and Risk Management Summit 2011 (but the NSA will not be the first to pilot this kind of technology since the NATO is already adopting Cloud Computing).
Probably this is only one side of the coin, I’m willing to bet that the consumerization of warfare will soon “infect” armies belonging to different countries and consequently the next step will be the development of weapons (read mobile military malware) targeted to damage the normal behavior of the military smartphones and tablets. On the other hand the Pentagon has developed a list of cyber-weapons, including malware, that can sabotage an adversary’s critical networks, so it is likely that these kind of weapons will soon affect mobile devices…
- NSA wants bulletproof smartphone, tablet security (infoworld.com)
- Consumerization of Warfare (paulsparrows.wordpress.com)
- NSA Reveals Cloud Plans, May Open-Source Some of Its Software (readwriteweb.com)