Korean Hackers??? and how our hands are tied...

Josh Rogin at Federal Computer Week has another interesting article on recent attacks traced back to South Korean servers AND a good discussion on what elements of current United States Policies may be limiting our ability to respond to cyber attacks.

This question is becoming more critical all the time. Cyber attacks are increasing in number and in sophistication everyday. It is only a matter of time before someone initiates an attack that will catch us off-guard, much the way 9/11 caught us off-guard.

Air Force General Ronald Keys, Commander of Air Combat Command had several interesting points:

The recent UltraDNS attacks raised several questions for DOD policy makers, Keys said. “How do you react to that attack? How do you trace it back? What are the legalities included? What do you do when you do find them? It’s a huge challenge,” he said.
The enemy is no stranger to cyber attacks:
“We’re already at war in Cyberspace, have been for many years,” said Keys. Terrorists use the Internet extensively, through remotely detonated bombs, GPS, Internet financial transactions, navigation jamming, blogs, bulletin boards, and chat rooms.
This statement is the most intriguing - mostly because it is true:
Cyberspace is the only warfighting domain in which the U.S. has peer competitors, Keys said.

Chinese Hackers...

There is a great article in Federal Computer Week on Chinese hackers and their all-out attacks against the Department of Defense. One key point from the article, to ponder:

A recent Chinese military white paper states that China plans to be able to win an “informationized war” by the middle of this century.
Their innovation is also of interest...
China is also using more traditional hacking methods, such as Trojan horse viruses and worms, but in innovative ways.

For example, a hacker will plant a virus as a distraction and then come in “slow and low” to hide in a system while the monitors are distracted. Hackers will also use coordinated, multipronged attacks, the official added.
The field of information warfare may not be as "front-page picture-worthy" as bombed out husks of military equipment but it is just as real. The bad guys are out there!



Improving your memory

I have a real fondness for foreign language...by which I mean honest-to-goodness languages from foreign countries and languages that are just plain foreign, like programming languages.

For many astute readers, dealing with a topic such as information security can be like dealing with a foreign language...there are many new terms to remember and new definitions tied to terms you thought you already knew.

Trying to remember these or any other facts, can be difficult. Mindtools offers some tips on how to remember things. If you find that you can't remember material you've read, can't remember people's names, or can't remember computer geek terminology, try some of the tips they offer.



Know your target and what is beyond

There is an interesting story about a man who was mistaken for a large rodent and shot! Apparently, John Cheesman was snorkeling when someone saw him and mistook him for a large rodent, the Nutria. The guy, William Roderick, allegedly shot Cheesman in the head. Mr. Cheesman is apparently doing well and had the bullet fragments removed. Mr. Roderick is being charged with assault, being a felon in possession of a firearm, possession of methamphetamine and marijuana.

The take home message for the Astute Reader?

"Know your target and what is beyond" - This is a critical concept to understand, in all aspects of life, not just firearm safety. If you don't have a clear plan, when you enter into a venture, you are often doomed to failure...

This includes:

  • information security
  • personal goals
  • shopping trips
  • school and work assignments
  • career plans
  • finances
  • raising kids
If you don't have a good plan, then spend the time to make one...Franklin Covey's Mission Statement Builder might be a good place to start.



Hacked in 39 seconds...

Just a quick point of reference regarding how prevalent probes and scans are on the Internet.

When you connect to the Internet, your computer is almost immediately being scanned by the bad guys. The researchers in this article found that their test computers were assaulted 2,244 times in 24 hours, or an average of every 39 seconds.

What does the astute reader do to keep themselves safe? Keep your defenses up - anti-virus, firewalls, etc.



Denial of Service Attacks on Internet Servers...

The Domain Name Servers that support the Internet were subjected to a major Denial-of-Service (DoS) attack, earlier this week. Domain Name Servers translate domain names (such as www.google.com) into IP addresses that computers can recognize. The servers were flooded with bogus traffic that was intended to prevent legitimate traffic from reaching the servers, thus denying legitimate users from accessing the services they desire.

In this case, the attack was not overly successful, partly due to the redundancies in place to protect the servers. The graph shows "dropped queries" or traffic that did not make it to the 13 servers that form the backbone of the Internet. Red means >90% of traffic was dropped to a particular server. In this attack, only two of the servers were significantly interrupted.

This is not the first time such an attack has been attempted. For more information on DoS, take a look at my presentation (pdf) on a similar attack that occurred in 2002.

The graph comes from RIPE.



Dolphin Stadium web site hacked...

There is an article in ZDNet about an exploit on the website for Dolphin Stadium.

Apparently, the web server was hacked and the bad guys changed the web page to include a single line of code. That one line of code directs your computer to visit the bad guy's web site, in the background, where it then downloads a piece of malicious software, including a Trojan keystroke logger and a backdoor.

  • The keystroke logger records every keystroke you make (including your passwords and user IDs).
  • The backdoor grants the bad guy full access to your computer.
Further investigation of this issue has shown that other websites related to the Super Bowl were also infected and...hundreds of unrelated websites have also been infected...including the U.S. government's Center for Disease Control's website.

Yet another classic illustration of why it is so important to keep your systems patched and protected with up-to-date anti-virus files, etc. It doesn't take a visit to a shady web site to catch a nasty computer disease.



Using voice commands to take over your computer

Depending on who you ask, it might be an "exploit"...it might not. Speech recognition, that is.

It seems that computers with speech recognition capabilities are susceptible to accepting spoken commands. This has apparently been confirmed by Microsoft in relation to their new operating system, Vista.

Vista will accept spoken commands and execute them. What this means, is that a webpage, such as MySpace or a malicious computer program could play sounds that will interact with the speech recognition program, and initiate malicious activity on your computer, such as file deletions, etc.

Such a sound wave file would slip right by anti-virus software.

To be sure, there are a number of issues that need to be worked out...not the least of which is getting the commands to play when you are not at your computer to stop the process. But do not worry...it will not be long, before the bad guys figure out a way to do so...

One example...taken from the MySpace model...would be to play a typical wave file that has music for the first few minutes and then silence for 40 or 50 minutes, at which time the audio commands would begin to play.

Guess this could mean the end of the "open mike."

Another link related to this topic.