CYBER ATTACKS, A NEW BOTNET, AND A TAKEDOWN.
A series of cyber attacks were launched this week. Many of which appear to be politically motivated.
According to their Online Security Blog, Google has noticed “highly targeted and apparently political motivated attacks,” against activists. The attacks exploit a publicly-disclosed MHTML vulnerability in Windows XP and later Windows operating systems.
Over the weekend, The Irrawaddy (exiled independent Burmese media based in Thailand) was attacked by hackers posting fake articles on its Web site. The articles were detailed and strategic—the authors used made up quotes by actual contributors to The Irrawaddy. One article attempted to tarnish exiled media by exercising an editorial line used by the Burmese junta which portrays exiled Burmese as those living lavishly and funded by Western governments. As such, the editor of the Irrawaddy expressed that it is “clear that someone who has intelligence on the ground…has been assigned to write fake articles to cause damage to us[.]” Although direct attribution is difficult to make, another exiled Burmese media organization, the Democratic Voice of Burma, has stated, “Fake articles were posted by a hacker on a popular exiled Burmese news website over the weekend in what may be a new tactic in the Burmese junta’s cyber offensive on independent media.”
Hackers for Iran’s Revolutionary Guard’s paramilitary Basij group announced that they have launched attacks on Web sites of “enemies.” Associated Press has noted that this was a rare acknowledgement from the country that it is involved in “cyber warfare.” According to the acting commander of the Basij, General Ali Fazli, the attack was in retaliation for similar attacks on Iran. Since the release of Stuxnet (which targeted Iran’s uranium enrichment program), Iran has been stepping up on its cyber-capabilities.
Finally, on Thursday, the security firm RSA announced that its security systems had “identified an extremely sophisticated cyber attacked in progress being mounted” against it. RSA’s investigation has determined that the attack falls into the Advanced Persistent Threat (APT) category. As Kim Zetter explains in Wired, an APT attack is distinct from other types of attacks in terms of the data that is targeted: “Unlike most intrusions that go after financial and identity data, APT attacks tend to go after source code and other intellectual property and often involve extensive work to map a company’s infrastructure.” The attack on RSA has resulted in the extraction of information pertaining to its SecurID two-factor authentication products from its systems.
A group of security researchers have discovered a new type of DDoS botnet—known as the JKDDOS botnet—which launches attacks against large corporate investment groups, particularly those with mining-related interests. Between October 21 and 31, 2010, the JKDDOS botnet was launched against a well-known investment company based in New York City, on six separate occasions. According to Jeff Edwards of Arbor Networks, the longest attack lasted 33 hours. The botnet is controlled through a command infrastructure in China. The Register’s John Leydon has suggested that JKDDOS is a “tool in an underground denial of service for hire service.” The Arbor Networks analysis of the JKDDOS botnet can be found here.
It was reported this week that a coordinated effort between Microsoft, Pfizer, network security provider FireEye and security experts at the University of Washington was successful in taking down the Rustock botnet—the world’s largest spam botnet, which sent over 1,000 thousand spam e-mails per second prior to the takedown. On Wednesday March 16, M86 Security Labs reported that spam had completely stopped and that known Rustock control servers had stopped responding. This story first emerged on Brian Kreb’s blog. Microsoft’s announcement can be found here.
CYBER SECURITY INDUSTRY AND GOVERNMENT INITIATIVES
Thursday’s Information Technology Security Forum at Stanford drew an audience of 300 security technologists and entrepreneurs from Silicon Valley and policy makers from Washington. For VentureBeat, the message at the forum was that cyber security will become a hot sector with large returns. Amid rising cyber security threats, such as this week’s discovery of vulnerabilities in Adobe products as well as recent concerns over mobile-device vulnerabilities and Stuxnet, governments, law enforcement, big companies, start-ups and venture capitalists are turning their eyes towards cybersecurity. This article from VentureBeat details the forum as well as the economy of cybersecurity and provides a list of the mega acquisitions in the security market. It is expected that the security tech market will see a 14 percent growth rate to USD 82 billion by 2012. While the article states “acquisitions are one sign that the ecosystem is healthy,” some academics have questioned the impact of concentration and centralization of capital in Internet related industries on the Internet itself. A recent piece by John Bellamy Foster and Robert McChesney looks at this problematique.
Meanwhile, the US government has continued to step up on national cyber security capabilities. This week, the US Department of Defense announced that it will begin supplying the country’s top Internet service providers with military cyber security tools for the purpose of stopping and detecting network attacks. This trial run may be loosely based off the Defense Industrial Base Information Sharing Environment program—a collaboration between the DoD and a group of 40 defense contractors whereby contractors voluntarily share information about attacks on their networks, malware, and data thefts in return for DoD help in fixing weaknesses in their computer systems. The project is expected to run for five years, and the DoD is looking for USD 113 million to fund the project’s expansion and to include more suppliers.
The United Kingdom will launch a similar project. The Cyber Security Operations Centre (CSOC) will begin to partner up with major communications, power, and transport providers so that the intelligence agency can start analyzing streams of data for evidence of attacks. Negotiations between PM David Cameron and critical infrastructure firms to share their network data with CSOC have recently begun.
In Australia, a new cyber investigations unit under the Australian Security and Intelligence Organization will be set up with the mandate of investigating and providing advice on state-sponsored cyber attacks against the country. In Canada, industry insiders have claimed that attackers have been penetrating the country’s power grid and as a result, have been calling for government action.