background preloader

Cyber Weapons: The New Arms Race

Cyber Weapons: The New Arms Race
In the early morning hours of May 24, an armed burglar wearing a ski mask broke into the offices of Nicira Networks, a Silicon Valley startup housed in one of the countless nondescript buildings along Highway 101. He walked past desks littered with laptops and headed straight toward the cubicle of one of the company’s top engineers. The assailant appeared to know exactly what he wanted, which was a bulky computer that stored Nicira’s source code. He grabbed the one machine and fled. The whole operation lasted five minutes, according to video captured on an employee’s webcam. Palo Alto Police Sergeant Dave Flohr describes the burglary as a run-of-the-mill Silicon Valley computer grab. Intellectual-property theft is hardly unheard of in Silicon Valley. Those familiar with the burglary refuse to talk about it on the record, citing orders handed down by the federal investigators. Cyber attacks used to be kept quiet. Stuxnet set Iran’s nuclear program back months. Christopher J.

Hacker Attack Disrupts Al-Qaeda Communications UPDATE: Analysis of the attack available here: The Game of Whack-A-Mole: Was Al-Shamukh Hacked? Reports are circulating that indicate unidentified hackers have caused a major disruption to online communications channels used by the terrorist organization Al-Qaeda. Flashpoint Partners' Evan Kohlmann, whose research was key to NBC news breaking the story, said the online terrorist forum was not merely compromised or defaced, but had actually been "wiped clean". “Al-Qaeda's online communications have been temporarily crippled, and it does not have a single trusted distribution channel available on the Internet," said Kohlmann. Kohlmann indicated that the attackers used “relatively sophisticated techniques” and that the network will probably take several days to return to an operational state. "Al-Qaeda the brand name just lost its broadcast channel. “Hacking attacks by amateur cybervigilantes typically involve one technique, be it DDOS or SQLI.

Sorry, but the TDL botnet is not 'indestructible' | Malware The sophistication of the TDL rootkit and the global expanse of its botnet have many observers worried about the antimalware industry's ability to respond. Clearly, the TDL malware family is designed to be difficult to detect and remove. Several respected security researchers have gone so far as to say that the TDL botnet, composed of millions of TDL-infected PCs, is "practically indestructible." As a 24-year veteran of the malware wars, I can safely tell you that no threat has appeared that the antimalware industry and OS vendors did not successfully respond to. It may take months or years to kill off something, but eventually the good guys get it right. With each ratcheting iteration of new malware offense, you had analysts and doomsayers predicting this or that particular malware program would be difficult to impossible to defend against. Even today's malware masterpiece, Stuxnet -- as perfect as it is for its intended military job -- could be neutralized if it became superpopular.

Security researchers discover 'indestructible' botnet 30 June 2011Last updated at 11:34 Cracking the TDL-4 botnet is going to be hard, say security experts. More than four million PCs have been enrolled in a botnet security experts say is almost "indestructible". The botnet, known as TDL, targets Windows PCs and is difficult to detect and shut down. Code that hijacks a PC hides in places security software rarely looks and the botnet is controlled using custom-made encryption. Security researchers said recent botnet shutdowns had made TDL's controllers harden it against investigation. The 4.5 million PCs have become victims over the last three months following the appearance of the fourth version of the TDL virus. The changes introduced in TDL-4 made it the "most sophisticated threat today," wrote Kaspersky Labs security researchers Sergey Golovanov and Igor Soumenkov in a detailed analysis of the virus. A botnet is a network of computers that have been infected by a virus that allows a hi-tech criminal to use them remotely.

Chinese Military Slips Up And Broadcasts Cyberwar Campaign Against U.S. Targets Kioptrix Saying it’s been awhile is an understatement. Almost 2 years without a new vulnerable VM and over 2 years without a blog post. I only have myself to blame, but work and family life takes up most of my waking hours. This is a hobby and hobbies come last. I must start by saying how shocked I am with the reception my VMs have received since their inception. I never expected this little project would turn out the way it did. Why the new VM The original idea behind my VMs has always been about learning, not only for the people downloading them but for me as well. This new machine is no different. Why build these things… Which brings me to another point I wish to blabber about, why build these things. If you’re building a VM to submit to vulnhub.com (as an example), then you need to pay attention to how your machine reacts to scans and attacks. So I’ve come to the part where I’m babbling and writing for the sake of writing which is my queue to stop. -loneferret About the VM

Hackers of the World Unite Computer networks have been on guard for decades against individuals trying to “hack” them. But networks now face a larger danger from mass attacks, warns IT security analyst Richard Stiennon. “The new trend is to mobilize forces over the Internet to engage in the equivalent of mass online protests,” writes Stiennon in his latest book, Surviving Cyberwar. Political groups, organized-crime syndicates, and some governments launch distributed denial of service (DDoS) attacks, which direct hundreds, thousands, or millions of computers to simultaneously strike a single Web site. In 2007, when Estonia enacted laws that some Russian-Estonians opposed, denial of service attacks from some 80,000 IP addresses based in Russia sabotaged the Web sites of Estonian government agencies, banks, and telecommunications companies. Stiennon blames many attacks on Nashi, a 120,000-member Russian nationalist youth association. He points out that DDoS attacks carry few risks for the perpetrators.

“Cyber War Will Not Take Place” I had the absolute honor of receiving a copy of Dr. Thomas Rid’s article entitled, “Cyber War Will Not Take Place“. This is, hands down, one of the best arguments I have seen that there has been no cyber war in the past, there currently is no cyber war going on today, and a cyber war will probably not take place in the future: ABSTRACT For almost two decades, experts and defense establishments the world over have been predicting that cyber war is coming. Dr. Topics covered include: The Siberian pipeline explosion in 1982The attack on EstoniaThe assault on Georgia‘Moonlight Maze’ cyber-espionage incidentIsrael’s bombing raid on SyriaStuxnet“Anonymous” attacks on HBGary, and many more Each case is dissected and compared to Carl von Clausewitz’s definition of what war really is: “Clausewitz still offers the most concise concept of war. This article is an exceptional read and I highly recommend it. Dr. Like this: Like Loading...

Features / eWorld : Cyber attack, the new battle line With unprecedented levels of dependence on the internet, cyber attacks will be on the rise if steps are not taken to shield the system. In the movie Sneakers (1992), Robert Redford is tricked into stealing a decoder device that can break encryption codes and hack into the most secure computer systems. Turns out, the perpetrators behind the operation want the device to destabilise the world economy and unleash anarchy. Then again in the action movie Live Free or Die Hard (2007), Bruce Willis fights cyber terrorists who want to take control of the US' transportation grids (including airports, railroads, and traffic lights) and the stock markets. Reel life scripts are usually far removed from real life. Consider this. Another report by IT security firm Trend Micro has warned that Indian defence companies are the current target of cybercriminals. Eyeing the State Treading carefully In fact, there are times when even the simplest of tactics can succeed in sabotaging networks. Crisis Management

Bureau Recommends: US accuses China and Russia of vast cybertheft The Chinese and Russian governments are using cyber attacks on American companies to steal ‘tens of billions of dollars’ worth of military, technology and economic secrets, a new report by U.S. intelligence officials claims. This is the first time that the US have directly and publicly accused China and Russia of being the top offenders in the theft of American information. ‘Chinese actors are the world’s most active and persistent perpetrators of economic espionage,’ while Russia’s intelligence services ‘are conducting a range of activities to collect economic information and technology from U.S. targets,’ according to the report by the Office of the National Counterintelligence Executive. Related story: Syrian Government accused of using online spy technology to monitor dissidents. The Bureau recommends the Washington Post’s in-depth coverage and exploration of the story, which sets it in a historical context and provides expert commentary. Read the full report here.

Cyber attacks could wreck world oil supply Cyber Soldiers: Hackers in Fatigues Earlier this month the U.S. Army Intelligence and Security Command activated the 780th Military Intelligence Brigade, with two battalions – Fort Meade located 781st MI Battalion and the 782nd MI, located at Fort Gordon, Ga. The new brigade will support the U.S. and Army Cyber Commands conducting signals intelligence, computer network operations, and when directed, offensive operations, in support of DOD, Army and interagency operations worldwide, while denying the same to its adversaries. The intent is to support General Keith B. Alexander, commander of USCYBERCOM and director of the NSA. Col. This ceremonial activation in the U.S. underscores the quiet building of cyber units throughout the world. For instance, consider the media presumption that a UAV – RQ-170 Sentinel drone fell from the sky intact and into the hands of the Iranian revolutionary guard, who proudly displayed their cyber “coup”. The origin of the word “Cyberspace” is cybernetics and space. Comments comments

Do You Like Online Privacy? You May Be a Terrorist Public Intelligence A flyer designed by the FBI and the Department of Justice to promote suspicious activity reporting in internet cafes lists basic tools used for online privacy as potential signs of terrorist activity. The document, part of a program called “Communities Against Terrorism”, lists the use of “anonymizers, portals, or other means to shield IP address” as a sign that a person could be engaged in or supporting terrorist activity. Logging into an account associated with a residential internet service provider (such as Comcast or AOL), an activity that could simply indicate that you are on a trip, is also considered a suspicious activity. The “Potential Indicators of Terrorist Activities” contained in the flyer are not to be construed alone as a sign of terrorist activity and the document notes that “just because someone’s speech, actions, beliefs, appearance, or way of life is different; it does not mean that he or she is suspicious.”

Related: