I love the Russians. I know, strange to hear that from an American in modern day with a new “cold war” (seemingly) beginning to gain steam. Let’s say, I respect them. Their hackers in particular. Their response to a cyberattack is to launch a full-on offensive attack against the attacker, quite a different response from the Chinese who tend to just block attackers, or the Americans, who never even notice an attack is taking place.
That China filters their Internet traffic is no secret – their societal system (many believe) requires that information be filtered. What is more interesting, are the *words* that are filtered. Several research groups have studied China’s walled-off Internet infrastructure (via search engine results, reverse engineered software and hardware products, leaked router or firewall settings, etc.) and compiled lists of words and phrases that are banned or filtered inside China. Here is a large sample of their findings.
Although I’m disappointed that JPMorgan Chase delayed the disclosure of the breach that touched more than 83 million U.S. households (they knew about it at least four months ago), I’m even more upset at what they disclosed – that key customer financial data was not stolen. JPMorgan may tout the expertise of their security team who bravely stopped the attack before the hackers could get their mitts on customer accounts and passwords, I see a pretty good indication that this was *not* what the attackers were after. At this point, there’s a pretty good clue that the attack was a government or military-sponsored endeavor, likely originating from Russia.
If your Linux/Unix (or Apple Mac OS X) applications are running with root permissions and call on the shell, this vulnerability (called “Bash Bug” or “$hellshock”) is huge as it allows an attacker to remotely execute shell commands by attaching malicious code into environment variables used by the OS. The flaw is present in GNU Bash versions 1.14 through 4.3 (yup, this bug’s been around for 22 years now). Basically the flaw allows the attacker to create environment variables that contain trailing code – and the code gets executed as soon as the bash shell is invoked. And yes, it’s exploitable over the network.
If you are suspicious of Tor, tired of the laggy connection, or simply want a more stable means to ensure your connection is encrypted and secure, you can easily create a VPN connection through a VPN connection which ensures anonymity and hard-core encryption of your network stream (with kill switches to protect your identity if the VPN connection is dropped).
The UK government has said it wants to hand out life sentences to anyone found guilty of a cyberattack that results in loss of life, serious illness, serious injury, or serious damage to national security (or a “significant risk thereof”. The plan, which frighteningly, is broadly written, is proposed as an update to Britain’s Computer Misuse Act 1990 and would also hand out harsher sentences to any hacker carrying out industrial (commercial) espionage. Even minor hacking crimes can result in sentences up to 14 years.
The OpenSSL encryption flaw, known as the Heartbleed bug, is being called one of the biggest security flaws ever seen on the Internet. One security analyst called it “catastrophic” and said that on a scale of 1 to 10, the vulnerability was an 11. The newly discovered vulnerability isn’t “big news” because of its complexity, but for the fact that the amazingly simple bug existed for two years before anyone noticed allowing millions of servers to remain vulnerable and open to hacker attacks.
Kaspersky Labs recently launched this beautiful interactive global map that shows online threats around the world as they happen. Data used to drive the map comes from Kaspersky’s malware monitoring software. The different colored lines represent various attack vectors that are being detected through their software. For instance, pink lines represent an IDS scan while blue represents web vulnerability scans.
For the first time in the 21-year-old history of the famed hacker’s convention, government employees are being asked to stay away from the DEFCON event. Def Con has always catered to hackers, researchers and others interested in security research and employees from the CIA, FBI, and NSA have always been welcome and in fact, regularly attend the annual event. General Keith Alexander, the head of National Security Agency, even gave a keynote speech at last year's event. Alexander was asked at the time whether the government was snooping on its citizens and denied that the NSA was gathering information on all Americans. But there will be no federal speakers this year. Def Con is asking all federal employees to stay away from the event entirely.
PublicResource.org, an organization that specializes in publishing government archive, had to make an embarrassing call to the IRS this week. Apparently the IRS IT department does not have a filter installed to monitor for errant data uploads which allowed a regularly-refreshed IRS database report of the nonprofit industry to be uploaded with a smattering of unintended data. The IT mistake allowed the database to be uploaded with tens of thousands of private Social Security Numbers included in the public reports. The IRS quickly shut off public access to the database, hopefully before wily hackers caught whiff of it. PublicResource noted that this was not the first time the IRS mistakenly published the database with embedded private data.
Steampunk rears its ugly head again. An Oakland artist and teacher was arrested at Oakland International Airport for wearing a suspicious watch. Geoffrey McGann, 49, was arrested at 7:45 PM on Thursday after airport security found him wearing a watch with wires, toggle switch, and fuses protruding from it. Airport security thought the watch looked like either a bomb or a timing device for a bomb and called in the bomb squad to investigate. After handing the watch around amidst a chorus of “oohs” and “aahs”, the watch was deemed safe and classified by TSA as “pretty cool”.
According to sources, the Department of Homeland Security was advised last week, to create a “cyber skills task force” that would act as a reserve army of cyber specialists in order to mold top-notch cybersecurity talent to address U.S. cybersecurity emergencies. Called the “CyberReserve” and similar to the National Guard program, CyberReserve would ensure professional “hackers” are on hand to respond to security-related national emergencies.
Researchers at the University of California San Diego have monitored a botnet that they believe scanned the entire IPv4 address space, possibly in less than two weeks. Using a network block called the UCSD Network Telescope, also known as the UCSD darknet, researchers noticed the illicit activity in February 2011.