After the revelation of the Chinese attack against the Gray Lady, other U.S. media companies have admitted to have been targeted by (probably state-sponsored) Chinese Hackers in 2012. Immediately after the NYT, even the Wall Street Journal has revealed to have been infiltrated, and similar rumors have emerged for Bloomberg and the Washington Post in what appears to be a systematic hostile campaign.
In particular the attack against the NYT has apparently confirmed the inadequacy of signature-based antivirus against targeted attacks. As the same New York Times admitted, over the course of three months, the foreign attackers installed 45 pieces of custom malware, but the antivirus in use, made by Symantec, was only able to detect one instance of malware over the entire sample.
The security firm has immediately replied to those allegations:
“Advanced attacks like the ones the New York Times described … underscore how important it is for companies, countries and consumers to make sure they are using the full capability of security solutions. The advanced capabilities in our endpoint offerings, including our unique reputation-based technology and behaviour-based blocking, specifically target sophisticated attacks. Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough.”
Said in few words: signatures alone are not enough. The sophistication of the next generation targeted attacks require advanced security capabilities such as reputation and behavioral analysis.
According to the scant information available even the Washington Post used Symantec technology to protect its assets, and even in this case it could not prevent the hostile attackers to systematically compromise computer systems.
I wonder if this double coincidence could somehow be connected to the infamous leak of Symantec antivirus source code which occurred (or better was made public) approximately one year ago (the 6th of January 2012). As a consequence of the breach (that allegedly dates back to 2006) the source code of two old products (Symantec Antivirus Corporate Edition 10.2 and Symantec Endpoint Protection 11) were leaked on the Internet. Of course the affected products have been greatly modified since then, nevertheless it is likely that any core functions have not evolved, so in theory, hostile hackers could have taken a (detailed) look at them and have consequently found ways to evade the antivirus (some claim that a similar scenario happened for the infamous RSA breach).
Of course this is just a speculation, maybe the reality is much more simple: traditional antivirus technologies are not enough to thwart sophisticated targeted attacks.
- Symantec: don’t blame us for New York Times hack (go.theregister.com)
- Symantec Gets A Black Eye In Chinese Hack Of The New York Times (forbes.com)
The Apple and the Android (almost) never agree in anything, but the issue of the Location Tracking has done the miracle and if there is one only point that Cupertino and Mountain View have in common, it is just the bad habit to track user’s position without his/her knowledge.
After the well known issue of iPhone hidden (so to say) location tracking, Wired was able to discover why Apple devices collect these kind od data, unleashing 13-page letter sent by Apple’s general counsel Bruce Sewell in July 2010, explaining its location-data-collection techniques. The letter was written in response to a request from Congressmen Joe Barton and Edward Markey asking for Apple to disclose such practices (Incidentally, Markey authored the “Do Not Track” bill to stop online companies from tracking children).
Although no comment so far has arrived from Apple, I was disappointed in discovering, from a Cisco Blog Post, dealing with the same argument, that a similar
bad habit collection has been detected for Google’s Android (at least the Android needs the root permission to grab the data).
In both cases the alleged main purpose of this data collection is to provide better location services. Instead my feeling is that the main benefit in this situation is not for the user, but for the marketing and/or advertising agencies which could come in possession of the data.
Interesting to notice the iPhone 3GS Software License Agreement states that:
By using any location-based services on your iPhone, you agree and consent to Apple’s and its partners’ licensees’ transmission, collection, maintenance, processing and use of your location data to provide such products and services.
Location data – Google offers location-enabled services, such as Google Maps and Latitude. If you use those services, Google may receive information about your actual location (such as GPS signals sent by a mobile device) or information that can be used to approximate a location (such as a cell ID).
Until now, nothing special, except the fact that Latitude asks for the user’s consent to share the data with the other, which, if I am not wrong, does not occurr for Google Maps. But the interesting point come a some lines below:
In addition to the above, we may use the information we collect to:
- Provide, maintain, protect, and improve our services (including advertising services) and develop new services; and
- Protect the rights or property of Google or our users.
Meanwhile Minnesota Senator Al Franken and the attorney general of Illinois are separately pressing Apple and Google to provide more information about the location data they collect about their end users…
- Lawmakers quiz Apple, Google about location tracking (infoworld.com)
- Grab Your Data? There’s An App For That! (paulsparrows.wordpress.com)
- IPhone Stored Location Even if Disabled (online.wsj.com)
- Apple, Google Collect User Data (online.wsj.com)
- iPhone Location Tracking: Important, Even if it Doesn’t Matter to You (blogs.cisco.com)
So far what is happening in Libya has offered to myself and to my dear colleague, friend and aviation guru David Cenciotti many opportunities to analyze the points of convergence in modern wars between information security and military operations.
In several posts I tried to figure out the role of new technologies in modern wars (now you should be familiar and even a little bit bored with the term Mobile Warfare), and probably this article describing a real operation aimed to hijack the Libyana Cellular Network by the Rebel Forces is the best example to describe how real modern wars may be fought with Cyber weapons.
Apparently this is a pure (cyber)military operation and there is no trace of conventional military forces, nevertheless (I am getting older!) after publishing the article I just felt like I missed something. Only a couple of days later, David made me notice I missed a fundamental link between the cyber operation and his real passion: the aviation. He had to quote a passage of the original Wall Street Journal article to make me realize the missing element:
The new network, first plotted on an airplane napkin and assembled with the help of oil-rich Arab nations, is giving more than two million Libyans their first connections to each other and the outside world after Col. Gadhafi cut off their telephone and Internet service about a month ago.
How could I miss it! The new hijacked network was first plotted on an airplane napkin: here the point of convergence between Cyber Operations and aviation, even if in this case the support provided by aviation was only logistic and not military, in the sense that it provided, so to speak, the necessary “infrastructure” to plot the initial schema of the network.
Of course this is a kind of joke since in this case the role of cyber weapons (the hijack plan) and conventional weapons (the airplane) was well distinct and consequently the boundary of cyber world and real world was not overcome (as if to say: the cell network was not bombed). Nevertheless these joyful thoughts come out in the same day in which an (apparently unrelated) opposite example has shown that the boundary between the two worlds can be easily overcome and cyber weapons may become as lethal as real weapons: the example is Stuxnet, since just today Iran admitted the real extent of the damage caused by this terrible malware.
In recent weeks, Iranian media reported about dozens of large-scale accidents and explosions in Iran’s industrial sites, especially facilities dealing with oil and petrochemicals. Iran reported at least ten deaths in these explosions.
“Enemies have attacked industrial infrastructure and undermined industrial production through cyber attacks. This was a hostile action against our country,” Iran’s official IRNA news agency quoted Jalali as saying. “If it had not been confronted on time, much material damage and human loss could have been inflicted.”
The fact that Stuxnet damaged some Iranian Nuclear Facilities and delayed the Nuclear Program is something well known. The fact that the malware even caused some victims between the technicians of the industrial sites targeted is something completely new and unprecedented. From a metaphorical point of view Stuxnet acted as a portal between cyber and real battlefields, where unfortunately victims are not virtual. Another unenviable record demolished by this terrible malware that is leaving an indelible mark on the information security landscape .
- Another Stuxnet from the “Stars”? (paulsparrows.wordpress.com)
- Will Energy Facilities Be The Next Targets Of Cyber-War? (paulsparrows.wordpress.com)
- Mobile Warfare (paulsparrows.wordpress.com)
- Tweets Of Freedom (paulsparrows.wordpress.com)
- Mobile Warfare in Syria (paulsparrows.wordpress.com)
- Corps of (Network and Security) Engineers (paulsparrows.wordpress.com)
- The Thin Red Line (paulsparrows.wordpress.com)
- Mobile Warfare In Libya Comes True (paulsparrows.wordpress.com)
An interesting article from The Wall Street Journal confirmed what I have been writing in my posts since a couple of weeks: Mobile Technologies are destined to play a crucial role in modern conflicts (what I defined Mobile Warfare) and the traditional Military Corps of Engineers will necessarily have to be complemented by Corps of Network and Security Engineers dedicated to establish and maintain connectivity in war zones.
This is exactly what happened in Libya where the rebels, with the support of a Libyan-American telecom executive Ousama Abushagur and oil-rich Arab nations, were able to hijack Libyana Phone Network, the cellular network owned by one of the Colonel’s sons, to steal from Libyana a database of phone numbers, and to build from (partial) scratch a new cell network serving 2 million Libyans, renamed “Free Libyana”. This action was aimed to restore internal Cellular communications after Gaddafi shut down the country’s cellular and data networks.
The operation was led from Abu Dhabu by Ousama Abushagur, a 31-year-old Libyan telecom executive. Mr. Abushagur and two childhood friends started fund-raising on Feb. 17 to support the political protests that were emerging in Libya. During one mission to bring humanitarian aid convoys to eastern Libya, they found their cellphones jammed or out of commission, making nearly impossible planning and logistics. This was the reason why Mr.Abushagur decided to draw a plan for hijacking the Libyana Network, divert the signal and establish a new backbone free of Tripoli’s control, also with the intention to provide backing to the rebels forces which were beginning to feel the effects of the loyalist counteroffensive.
In a race against time to solve technical, engineering and legal challenges, U.A.E. and Qatar (whose officials didn’t respond to requests for comment) provided diplomatic (and economical) support to buy the telecommunications equipment needed in Benghazi. A direct support was provided also by Etilsat, Emirates Teleccomunications Corporation, which refused to comment as well). The support of the Gulf nation was necessary also because, meanwhile, it looks like that Huawei Technologies Ltd., the Chinese Company among the original contractors for Libyana’s cellular network backbone, refused to sell equipment for the rebel project, causing Mr. Abushagur and his engineers to implement a hybrid technical solution to match other companies’ hardware with the existing Libyan network.
By March 21, most of the main pieces of equipment had arrived in the U.A.E. and Mr. Abushagur shipped them to Benghazi with a team composed by three Libyan telecom engineers, four Western engineers and a team of bodyguards: the Corps of Network Engineers committed to build the new infrastructure in the war zone.
Since Col. Gaddafi’s forces were bombing the rebel capital, Mr. Abushagur diverted the Corps of Network Engineers and their equipment to an Egyptian air base on the Libyan border (another indirect show of Arab support for rebels). Once in Libya, the Corps paired with Libyana engineers and executives based in Benghazi. Together, they fused the new equipment into the existing cellphone network, creating an independent data and routing system free from Tripoli’s command. To be free from Tripoli was also a security requirement, since Col. Gaddafi had built his telecommunications infrastructure in order to route all calls (and data) through the capital in order to be easily intercepted and eavesdropped.
After implementing the network, the new Telco had to attract “customers”. A war zone is not the ideal place for advertisement, so nothing better than capturing the Tripoli-based database of phone numbers, and inserting Libyana customers and phone numbers into the new system called “Free Libyana.” The last piece of the puzzle was securing a satellite feed, through Etisalat, with which the Free Libyana calls could be routed.
An important detail: all the operation was successfully performed without the support of allied forces, the result is that rebels now can use cellphones to communicate between the front lines and opposition leaders.
If for a moment we forget that we are speaking about cellular networks, we could assimilate this event as part of a civil war operation, in which friendly countries and dissidents from abroad endeavor to provide weapons to rebels in order to turn the tide of a conflict (examples of which the history is full). In this circumstance this operation did not turn the tide of the conflict (at least so far but mobile warfare, while important, has still a smaller weight in a conflict than real warfare), nevertheless, for sure, restored mobile communications are supporting the leaders of the rebellion to better communicate among them and to better organize the resistance against the loyalists: as a matter of fact the March cutoff forced rebels to use flags to communicate on the battlefield. I will never tire of saying that the events in the Mediterranean area do (and did) not rely solely on conventional weapons but also on weapons of communications (the mobile warfare) through which rebels forces provided abroad the information necessary to witness exactly the brutal internal events and rallied international backing.
After so much theory depicted in my posts, finally the first real and meaningful example of the importance of mobile warfare in the events of Northern Africa, and that example! One single event has unleashed the importance of mobile technologies in war zone and the crucial role played by specialized teams dedicated to establish and maintain communications: the Corps of (Network and Security) Engineers.