Security Blog

Your source for information security news and views.

Subscribe to feed Viewing entries tagged cyber warfare

Throwing Stones in a Glass Infrastructure

Posted by Ken Kousky
Ken Kousky
Ken Kousky has not set their biography yet
User is currently offline
on Tuesday, 22 February 2011
in MyBlog

We must all understand that the net is fragile and it can be taken down. We have seen this 'kill switch' in action recently in Egypt. Libya is also taking its cue from Egypt and in spite of social unrest its government has also began shutting down network access. Things are slipping out of hand very quickly but Americans can breath a sigh of relief, or can we?

It seems our government is getting ahead of this situation before we meet a similar issue. Senators Joseph Lieberman and Susan Collins reintroduced legislation that prohibits this type of 'Internet Kill Switch' from being initiated by the president. A right to bear arms and a right to assemble lead into our right to the net.

One issue still remains, now that this type of mass Internet blackout technique has surfaced we must not only be concerned with the authorities doing it but everyone else who can now see that this capability does indeed exist.

Taking down the Internet is easier then you may think. The net has two fundamental services. First being a name and address service, this is handled through the Domain Name Service infrastructure and without it we don't have email, VoIP, web traffic or any web 2.0 technologies, including the growing Cloud infrastructure. The second service is routing. IP routers run software and can be attacked through a wide range of exploits. Last week, researchers at the University of Minnesota described a targeted DDoS attack that could knock out these services.

Another aspect the Egyptian outage showed us is that nation-states either already have or are aggressively building the tools to disrupt the internet. Think back to the Stuxnet attacks, Iran acknowledges that a joint effort between the United States and the Israelis caused serious damage to the Iranian power infrastructure by damaging centrifuges in their nuclear power plant. If we can attack their infrastructure and get away with it, why would we think they won't attack ours. Mass terrorism could very well go cyber sooner than we know it. Last week, the head of the National Security Agency said that the United States should expect to be attacked. Thats right, EXPECT it.

I think the message is clear, for Cloud computing and for general business continuity, resiliency and back up systems are not luxuries, they're mandatory!


Hits: 818 0 Comments

Weekend Think Tank: Cyber Warfare

Posted by Patrick Snyder
Patrick Snyder
Patrick Snyder has not set their biography yet
User is currently offline
on Friday, 04 February 2011
in MyBlog

We are living in a world of cyber war. There isn't a single event now of days that doesn't involve the internet. From the malicious stuxnet attack on Iranian nuclear facilities, to Operation Payback's mass execution of the Low Orbit Ion Cannon botnet by thousands of pro-WikiLeaks supporters, even the Egyptian internet blackout, all related to some form of hacktivism or cyber warfare.

Computers and the internet have become a powerful weapon in todays world. Whether it be for financial gain, political activism, or malicious attacks. In properly trained hands a computer can be a more destructive weapon than any knife, gun, or bomb. Mind you not just anyone can walk into a gun shop and purchase a gun, but even young kids can walk into the nearest Best Buy and pick up a computer. With a click of a mouse and tap of a keyboard our worlds most valuable infrastructures can be shattered to bits. With the introduction of stuxnet we were introduced to the real life threat of SCADA system attacks which are able to strike far beyond our bank accounts and damage our much relied on power, nuclear, and utility facilities causing life threatening dangers.

On the banking end of things, for those who have not heard the rumors, the malicious and powerful offspring of the Zeus and SpyEye malware is now being released and is already in use by a few cybercriminals. Banks still fight off Zeus related attacks in attempts to protect customer credentials and prevent malicious transactions. The mutant malware boasts new skills regarding information harvesting and botnet capabilities.  It even offers a graphical user interface, similar to Windows interface, during remote control operations (talk about using our own technology against us).

As mentioned in an earlier entry, the enemy is cloning us bit by bit, byte by byte. With each advancement we make they mimic our actions following in our footsteps. For every piece of technology we release in the fight against cybercrime, malicious attackers have been able to reverse engineer it, thus the battle continues.

Within McAfee's release of the 2011 Threat Predictions we caught a glimpse of what criminals could very well have in mind for the unfolding year. Many of these threats we have already had a taste of in previous years. These threats include Exploiting Social Media, Mobile, Apple, Applications, Sophistication Mimics Legitimacy, Botnet Survival, Hacktivism, and Advanced Persistent Threats. Sounds like the enemy is targeting us for the war of a lifetime. In a nutshell the worst case scenario is that our enemies, for potentially political reasons, will be able to find us no matter where we are, hit us with crippling malware, which they will hide in applications we use and trust everyday, relentlessly strike over and over without fail, and closely monitor their chaos to ensure the most effective damage. Imagine a Stuxnet/Operation Payback attack, with a Zeus/SpyEye malware tool, capable of attacking our increasing array of mobile technologies, stealing our money, stealing our identities, maybe even stealing our lives, and never even giving us a chance to see it coming.

Well here is our chance. To look out beyond the enemy at our gates. We can see their plans and their weapons being built. It's time for us to adjust our game plan and defenses as well. We must use what we know about our enemies to build better strategies and stay on top of security. 

Cyberwar requires the same ideology as chess. A good chess player (our enemy) thinks one move ahead. But we can be that great chess player that thinks five moves ahead.

What are some of your opinions on this years upcoming cyber threats? How do you plan on staying five moves ahead?

Hits: 807 0 Comments

Who's Winning the War?

Posted by Ken Kousky
Ken Kousky
Ken Kousky has not set their biography yet
User is currently offline
on Wednesday, 06 August 2008
in MyBlog

Winning the war, no this isn't about Iraq or al-Qaeda, but it is about a massive asymmetric war raging on the Internet. Botnets now are able to claim millions of nodes to harness for malicious use, and the question we have to continually ask is how are we doing?

Today's headlines read that 11 perpetrators allegedly involved in hacking 9 major U.S. retailers were indicted. They're allegedly involved in the channeling of over 40 million credit cards and debit cards. We took down 11 bad guys, and the press suggests that we've made a major dent.

However, the Commerce Department has previously said that they believe that online fraud and crime today is larger than the illicit drug industry in the United States. The illicit drug industry has produced over 500,000 prison inmates. The war on illicit drugs costs billions of dollars and involves international aid to foreign governments to assist them in drug eradication, and it engages virtually all aspects of our legal system from local police to large dedicated federal teams. One significant argument for the imbalance of resources is that drug-related crimes are much more likely to involve threats to life and physical safety. However, as we explore the digitization of our modern life, it's hard to believe that cyber attacks won't impact life as medical systems, SCADA controls and other critical resources become exposed to cyber exploits.

Three questions we need to ask:

1) How serious are these threats?

2) How are we doing in mitigating these threats?

3) What can we learn from our risk analysis to better defend employment of new medical systems, VoIP implementations, and the ongoing connection of defenseless consumer products linked to the Internet?

I've frequently posed the question what happens when our VCR's, refrigerators and cars are all IP devices and one day turn on us? Our job is to make sure that day never comes, but some days I wake up thinking we're losing the war.

"What do you think?"

This is an active forum, and we'd love to hear your feedback.

Hits: 681 0 Comments