About these ads


Posts Tagged ‘Wall Street Journal’

16-31 January 2013 Cyber Attacks Timeline

February 7, 2013 1 comment

Two Weeks Living Dangerously! I have no other words to describe this second half of January (first two weeks here) that has shown an unprecedented level of attacks! And if a good day starts with the morning, this will be a very troubled year from an information security perspective.

Not only the peaks of DDoS attacks against the US Banks have reached an unstoppable peak, but, most of all, at the end of the month details have been unveiled about a massive cyber-espionage campaign allegedly orchestrated by Chinese hackers against some major US media including The New York Times, The Wall Street Journal, The Washington Post and Bloomberg News.

A very very long list of targets this month, with some high profile victims such as the U.S. Sentencing Commission, whose web site has been hacked twice and turned into an Asteroid game, but also Renault Argentina that suffered 37,000 accounts leaked.

To summarize this month is really impossible, you just have to scroll down the timeline to realize the hacking spree in this January 2013.

If this trend continues, I will have to decrease the frequency of publication…

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). To do so, you can use this form.

16-31 January 2013 Cyber Attacks Timeline

Read more…

About these ads
Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

The Party Is Not Over! 250,000 Twitter accounts compromised!

February 2, 2013 6 comments

The Information Security Community is still commenting the Cyber Attacks against U.S. media companies and here it is another clamorous news in this February Weekend!

twitterposOn the wake of the admissions made by The New York Times and The Wall Street Journal, Twitter has revelaed in a blog post, to have detected, over the last week, unusual access patterns that led to identify unauthorized access attempts to some user data. They even discovered, and were able to shut down, one live attack, but their effort did not prevent the attackers to access user information for 250,000 users. The compromised data for the affected users includes : usernames, email addresses, session tokens and encrypted/salted passwords.

As a precautionary security measure, the social network has reset the passwords and revoked the session tokens for the affected accounts. The impacted users would have received (or will soon receive) an email, notifying them to create a new password.

This is not the first time that a primary social network is hacked: on June 2012 LinkedIn had 6.5 million accounts compromised.

The problem is that our online experience is getting harder and harder: counting (and immediately patching) all the exploitable 0-day vulnerabilities of the browsers and their components  is getting harder and harder (see the Java saga for example), and apparently even protection technologies are not so useful

A Strange Coincidence

February 2, 2013 2 comments

After the revelation of the Chinese attack against the Gray Lady, other U.S. media companies have admitted to have been targeted by (probably state-sponsored) Chinese Hackers in 2012. Immediately after the NYT, even the Wall Street Journal has revealed to have been infiltrated, and similar rumors have emerged for Bloomberg and the Washington Post in what appears to be a systematic hostile campaign.

In particular the attack against the NYT has apparently confirmed the inadequacy of signature-based antivirus against targeted attacks. As the same New York Times admitted, over the course of three months, the foreign attackers installed 45 pieces of custom malware, but the antivirus in use, made by Symantec, was only able to detect one instance of malware over the entire sample.

The security firm has immediately replied to those allegations:

“Advanced attacks like the ones the New York Times described … underscore how important it is for companies, countries and consumers to make sure they are using the full capability of security solutions. The advanced capabilities in our endpoint offerings, including our unique reputation-based technology and behaviour-based blocking, specifically target sophisticated attacks. Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough.”

Said in few words: signatures alone are not enough. The sophistication of the next generation targeted attacks require advanced security capabilities such as reputation and behavioral analysis.

According to the scant information available even the Washington Post used Symantec technology to protect its assets, and even in this case it could not prevent the hostile attackers to systematically compromise computer systems.

I wonder if this double coincidence could somehow be connected to the infamous leak of Symantec antivirus source code which occurred (or better was made public) approximately one year ago (the 6th of January 2012). As a consequence of the breach (that allegedly dates back to 2006) the source code of two old products (Symantec Antivirus Corporate Edition 10.2 and Symantec Endpoint Protection 11) were leaked on the Internet. Of course the affected products have been greatly modified since then, nevertheless it is likely that any core functions have not evolved, so in theory, hostile hackers could have taken a (detailed) look at them and have consequently found ways to evade the antivirus (some claim that a similar scenario happened for the infamous RSA breach).

Of course this is just a speculation, maybe the reality is much more simple: traditional antivirus technologies are not enough to thwart sophisticated targeted attacks.

Some Random Thoughts On Location Tracking

April 27, 2011 1 comment

The Apple and the Android (almost) never agree in anything, but the issue of the Location Tracking has done the miracle and if there is one only point that Cupertino and Mountain View have in common, it is just the bad habit to track user’s position without his/her knowledge.

After the well known issue of iPhone hidden (so to say) location tracking, Wired was able to discover why Apple devices collect these kind od data, unleashing 13-page letter sent by Apple’s general counsel Bruce Sewell in July 2010, explaining its location-data-collection techniques. The letter was written in response to a request from Congressmen Joe Barton and Edward Markey asking for Apple to disclose such practices (Incidentally, Markey authored the “Do Not Track” bill to stop online companies from tracking children).

Although no comment so far has arrived from Apple, I was disappointed in discovering, from a Cisco Blog Post, dealing with the same argument, that a similar bad habit collection has been detected for Google’s Android (at least the Android needs the root permission to grab the data).

In both cases the alleged main purpose of this data collection is to provide better location services. Instead my feeling is that the main benefit in this situation is not for the user, but for the marketing and/or advertising agencies which could come in possession of the data.

Interesting to notice the iPhone 3GS Software License Agreement states that:

By using any location-based services on your iPhone, you agree and consent to Apple’s and its partners’ licensees’ transmission, collection, maintenance, processing and use of your location data to provide such products and services.

Moreover I did a similar research in the Android Privacy Policy and discovered that:

Location data – Google offers location-enabled services, such as Google Maps and Latitude. If you use those services, Google may receive information about your actual location (such as GPS signals sent by a mobile device) or information that can be used to approximate a location (such as a cell ID).

Until now, nothing special, except the fact that Latitude asks for the user’s consent to share the data with the other, which, if I am not wrong, does not occurr for Google Maps. But the interesting point come a some lines below:

In addition to the above, we may use the information we collect to:

  • Provide, maintain, protect, and improve our services (including advertising services) and develop new services; and
  • Protect the rights or property of Google or our users.

And in this case no explicit consent is provided (even if it is indicated in the privacy policy that one user should read. For sure who loses is the user’s privacy (but we should be used to this), and most of all user’s security, since in both cases it is not so hard to dig the data from a stolen devices, giving the impression that main concern of engineers was more to make the data available “to improve services” rather then to store them in a secure manner.

Meanwhile Minnesota Senator Al Franken and the attorney general of Illinois are separately pressing Apple and Google to provide more information about the location data they collect about their end users…

Cyber Weapons and Real Wars

So far what is happening in Libya has offered to myself and to my dear colleague, friend and aviation guru David Cenciotti many opportunities to analyze the points of convergence in modern wars between information security and military operations.

In several posts I tried to figure out the role of new technologies in modern wars (now you should be familiar and even a little bit bored with the term Mobile Warfare), and probably this article describing a real operation aimed to hijack the Libyana Cellular Network by the Rebel Forces is the best example to describe how real modern wars may be fought with Cyber weapons.

Apparently this is a pure (cyber)military operation and there is no trace of conventional military forces, nevertheless (I am getting older!) after publishing the article I just felt like I missed something. Only a couple of days later, David made me notice I missed a fundamental link between the cyber operation and his real passion: the aviation. He had to quote a passage of the original Wall Street Journal article to make me realize the missing element:

 The new network, first plotted on an airplane napkin and assembled with the help of oil-rich Arab nations, is giving more than two million Libyans their first connections to each other and the outside world after Col. Gadhafi cut off their telephone and Internet service about a month ago.

How could I miss it! The new hijacked network was first plotted on an airplane napkin: here the point of convergence between Cyber Operations and aviation, even if in this case the support provided by aviation was only logistic and not military, in the sense that it provided, so to speak, the necessary “infrastructure” to plot the initial schema of the network.

Of course this is a kind of joke since in this case the role of cyber weapons (the hijack plan) and conventional weapons (the airplane) was well distinct and consequently the boundary of cyber world and real world was not overcome (as if to say: the cell network was not bombed). Nevertheless these joyful thoughts come out in the same day in which an (apparently unrelated) opposite example has shown that the boundary between the two worlds can be easily overcome and cyber weapons may become as lethal as real weapons: the example is Stuxnet, since just today Iran admitted the real extent of the damage caused by this terrible malware.

In recent weeks, Iranian media reported about dozens of large-scale accidents and explosions in Iran’s industrial sites, especially facilities dealing with oil and petrochemicals. Iran reported at least ten deaths in these explosions.

“Enemies have attacked industrial infrastructure and undermined industrial production through cyber attacks. This was a hostile action against our country,” Iran’s official IRNA news agency quoted Jalali as saying. “If it had not been confronted on time, much material damage and human loss could have been inflicted.”

The fact that Stuxnet damaged some Iranian Nuclear Facilities and delayed the Nuclear Program is something well known. The fact that the malware even caused some victims between the technicians of the industrial sites targeted is something completely new and unprecedented. From a metaphorical point of view Stuxnet acted as a portal between cyber and real battlefields, where unfortunately victims are not virtual. Another unenviable record demolished by this terrible malware that is leaving an indelible mark on the information security landscape .

Mobile Warfare In Libya Comes True

April 14, 2011 8 comments

An interesting article from The Wall Street Journal confirmed what I have been writing in my posts since a couple of weeks: Mobile Technologies are destined to play a crucial role in modern conflicts (what I defined Mobile Warfare) and the traditional Military Corps of Engineers will necessarily have to be complemented by Corps of Network and Security Engineers dedicated to establish and maintain connectivity in war zones.

This is exactly what happened in Libya where the rebels, with the support of a Libyan-American telecom executive Ousama Abushagur and oil-rich Arab nations, were able to hijack Libyana Phone Network, the cellular network owned by one of the Colonel’s sons, to steal from Libyana a database of phone numbers, and to build from (partial) scratch a new cell network serving 2 million Libyans, renamed “Free Libyana”. This action was aimed to restore internal Cellular communications after Gaddafi shut down the country’s cellular and data networks.

The operation was led from Abu Dhabu by Ousama Abushagur, a 31-year-old Libyan telecom executive. Mr. Abushagur and two childhood friends started fund-raising on Feb. 17 to support the political protests that were emerging in Libya. During one mission to bring humanitarian aid convoys to eastern Libya, they found their cellphones jammed or out of commission, making nearly impossible planning and logistics. This was the reason why Mr.Abushagur decided to draw a plan for hijacking the Libyana Network, divert the signal and establish a new backbone free of Tripoli’s control, also with the intention to provide backing to the rebels forces which were beginning to feel the effects of the loyalist counteroffensive.

In a race against time to solve technical, engineering and legal challenges, U.A.E. and Qatar (whose officials didn’t respond to requests for comment) provided diplomatic (and economical) support to buy the telecommunications equipment needed in Benghazi. A direct support was provided also by Etilsat, Emirates Teleccomunications Corporation, which refused to comment as well). The support of the Gulf nation was necessary also because, meanwhile, it looks like that Huawei Technologies Ltd., the Chinese Company among the original contractors for Libyana’s cellular network backbone, refused to sell equipment for the rebel project, causing Mr. Abushagur and his engineers to implement a hybrid technical solution to match other companies’ hardware with the existing Libyan network.

By March 21, most of the main pieces of equipment had arrived in the U.A.E. and Mr. Abushagur shipped them to Benghazi with a team composed by three Libyan telecom engineers, four Western engineers and a team of bodyguards: the Corps of Network Engineers committed to build the new infrastructure in the war zone.

Since Col. Gaddafi’s forces were bombing the rebel capital, Mr. Abushagur diverted the Corps of Network Engineers and their equipment to an Egyptian air base on the Libyan border (another indirect show of Arab support for rebels). Once in Libya, the Corps paired with Libyana engineers and executives based in Benghazi. Together, they fused the new equipment into the existing cellphone network, creating an independent data and routing system free from Tripoli’s command. To be free from Tripoli was also a security requirement, since Col. Gaddafi had built his telecommunications infrastructure in order to route all calls (and data) through the capital in order to be easily intercepted and eavesdropped.

After implementing the network, the new Telco had to attract “customers”. A war zone is not the ideal place for advertisement, so nothing better than capturing the Tripoli-based database of phone numbers, and inserting Libyana customers and phone numbers into the new system called “Free Libyana.” The last piece of the puzzle was securing a satellite feed, through Etisalat, with which the Free Libyana calls could be routed.

An important detail: all the operation was successfully performed without the support of allied forces, the result is that rebels now can use cellphones to communicate between the front lines and opposition leaders.

If for a moment we forget that we are speaking about cellular networks, we could assimilate this event as part of a civil war operation, in which friendly countries and dissidents from abroad endeavor to provide weapons to rebels in order to turn the tide of a conflict (examples of which the history is full). In this circumstance this operation did not turn the tide of the conflict (at least so far but mobile warfare, while important, has still a smaller weight in a conflict than real warfare), nevertheless, for sure, restored mobile communications are supporting the leaders of the rebellion to better communicate among them and to better organize the resistance against the loyalists: as a matter of fact the March cutoff forced rebels to use flags to communicate on the battlefield. I will never tire of saying that the events in the Mediterranean area do (and did) not rely solely on conventional weapons but also on weapons of communications (the mobile warfare) through which rebels forces provided abroad the information necessary to witness exactly the brutal internal events and rallied international backing.

After so much theory depicted in my posts, finally the first real and meaningful example of the importance of mobile warfare in the events of Northern Africa, and that example! One single event has unleashed the importance of mobile technologies in war zone and the crucial role played by specialized teams dedicated to establish and maintain communications: the Corps of (Network and Security) Engineers.


Get every new post delivered to your Inbox.

Join 2,705 other followers