Page 2 of 6 FirstFirst 1234 ... LastLast
Results 21 to 40 of 114

Thread: Cyber attacks on the USA (catch all)

  1. #21
    Council Member
    Join Date
    Aug 2007
    Location
    Montreal
    Posts
    1,602

    Default Lazy Hacker and Little Worm Set Off Cyberwar Frenzy

    Quote Originally Posted by marct View Post
    Dark Reading just published a report on the recent DDOS attacks on US and South Korean systems.
    Unlike the unnamed South Korean intelligence official in the report who attributes this to sophisticated state action, the view in most of the tech community seems to be that this is pretty primitive stuff:

    Lazy Hacker and Little Worm Set Off Cyberwar Frenzy
    By Kim Zetter
    Wired, July 8, 2009

    Talk of cyberwar is in the air after more than two dozen high-level websites in the United States and South Korea were hit by denial-of-service attacks this week. But cooler heads are pointing to a pilfered five-year-old worm as the source of the traffic, under control of an unsophisticated hacker who apparently did little to bolster his borrowed code against detection.

    Nonetheless, the attacks have launched a thousand headlines (or thereabouts) and helped to throw kindling on some long-standing international political flames — with one sworn enemy blaming another for the aggression.

    ...

    Security experts who examined code used in the attack say it appears to have been delivered to machines through the MyDoom worm, a piece of malware first discovered in January 2004 and appearing in numerous variants since. The Mytob virus might have been used, as well.

    ...

    In the recent attack, experts say the malware used no sophisticated techniques to evade detection by anti-virus software and doesn’t appear to have been written by someone experienced in coding malware. The author’s use of a pre-written worm to deliver the code also suggests the attacker probably wasn’t thinking of a long-term attack.
    That, of course, doesn't exclude an unsophisticated NORK recycling some stale hacker tools, but it does perhaps place it in context.

    Sam, any thoughts on this one?
    They mostly come at night. Mostly.


  2. #22
    Council Member marct's Avatar
    Join Date
    Aug 2006
    Location
    Ottawa, Canada
    Posts
    3,682

    Default

    Quote Originally Posted by Rex Brynen View Post
    Unlike the unnamed South Korean intelligence official in the report who attributes this to sophisticated state action, the view in most of the tech community seems to be that this is pretty primitive stuff:

    In the recent attack, experts say the malware used no sophisticated techniques to evade detection by anti-virus software and doesn’t appear to have been written by someone experienced in coding malware. The author’s use of a pre-written worm to deliver the code also suggests the attacker probably wasn’t thinking of a long-term attack.
    It does make one wonder about the "security" on the affected computers, doesn't it?
    Sic Bisquitus Disintegrat...
    Marc W.D. Tyrrell, Ph.D.
    Institute of Interdisciplinary Studies,
    Senior Research Fellow,
    The Canadian Centre for Intelligence and Security Studies, NPSIA
    Carleton University
    http://marctyrrell.com/

  3. #23
    Council Member Stan's Avatar
    Join Date
    Dec 2006
    Location
    Estonia
    Posts
    3,817

    Default I won't begin to pretend

    to be of Sam's caliber and a bit hesitant when it comes to using "attack" for a DDoS. But, when the system is down, I'd call that a successful WHATEVER. If they managed to shut down Foggy Bottom, I would assume they done good (and may have done us a slight favor in the process
    If you want to blend in, take the bus

  4. #24
    i pwnd ur ooda loop selil's Avatar
    Join Date
    Sep 2006
    Location
    Belly of the beast
    Posts
    2,112

    Default

    The DDOS is one of the lowest forms of disruption you can use. The worm code used was really old, the number of machines infected was really small, and the strategy used was really poor. Not to make light of this but knocking a few websites off the web really only takes an old pop-singer taking the long dirt nap.

    The security service attacked by DDOS is availability but it only really matters in high performance, low latency systems, and web servers aren't that kind of animal. As to the strategy used by this adversary it really showed a low level of sophistication. Instead of targeting a few websites and possibly hiding a compromising exploit in the noise they attacked numerous websites with little hope of sustaining that kind of broad based attack.

    In many ways attacking web servers is like painting mustaches on bill boards of super models. Web servers are not critical infrastructure, the attack is more annoying than dangerous, and the media response is likely going to be out of proportion to the attack.

    As an aside most DDOS are actually user generated not any kind of cyber warfare. Users get all excited as they did in the Michael Jackson death and swarm to news websites crippling them instantly (like what happened to CNN). The second thing is that it is often the system admins who pull something down to keep sophisticated adversaries from hiding in the noise and using the web servers as jump off points to more tasty targets. And, finally AKAMI and other distributed systems vendors deal with DDOS as a business.

    That doesn't mean it is nice, friendly, or isn't a probe to test responses. You must take these things seriously or the next one might be against the central power distribution grid telemetry computers in Chicago. A DDOS there would be catastrophic.
    Sam Liles
    Selil Blog
    Don't forget to duck Secret Squirrel
    The scholarship of teaching and learning results in equal hatred from latte leftists and cappuccino conservatives.
    All opinions are mine and may or may not reflect those of my employer depending on the chance it might affect funding, politics, or the setting of the sun. As such these are my opinions you can get your own.

  5. #25
    Council Member AdamG's Avatar
    Join Date
    Dec 2005
    Location
    Hiding from the Dreaded Burrito Gang
    Posts
    2,805

    Default Biggest-ever series of cyber attacks uncovered, U.N. hit

    BOSTON (Reuters) - Security experts have discovered the biggest series of cyber attacks to date, involving the infiltration of the networks of 72 organizations including the United Nations, governments and companies around the world.
    Security company McAfee, which uncovered the intrusions, said it believed there was one "state actor" behind the attacks but declined to name it, though one security expert who has been briefed on the hacking said the evidence points to China.
    The long list of victims in the five-year campaign include the governments of the United States, Taiwan, India, South Korea, Vietnam and Canada; the Association of Southeast Asian Nations (ASEAN); the International Olympic Committee (IOC); the World Anti-Doping Agency; and an array of companies, from defense contractors to high-tech enterprises.

    http://in.news.yahoo.com/biggest-eve...041202195.html


    Exclusive: Operation Shady rat—Unprecedented Cyber-espionage Campaign and Intellectual-Property Bonanza

    http://www.vanityfair.com/culture/fe...ady-rat-201109
    A scrimmage in a Border Station
    A canter down some dark defile
    Two thousand pounds of education
    Drops to a ten-rupee jezail


    http://i.imgur.com/IPT1uLH.jpg

  6. #26
    Council Member carl's Avatar
    Join Date
    Nov 2005
    Location
    Denver on occasion
    Posts
    2,460

    Default

    AdamG:

    I figure it this way. The nation of China is doing this. They will not stop no matter how often they are asked to or how politely they are asked. So, will it eventually come to cyber-counterattacks to disable/destroy the control computers in China? Would that result in a free for all? Or will we eventually have de-internationalize the internet and physically cut connections with China (if that is even possible)?

    I don't know much about this kind of thing which is why I ask.
    "We fight, get beat, rise, and fight again." Gen. Nathanael Greene

  7. #27
    Council Member Dayuhan's Avatar
    Join Date
    May 2009
    Location
    Latitude 17° 5' 11N, Longitude 120° 54' 24E, altitude 1499m. Right where I want to be.
    Posts
    3,136

    Default

    I'd have to assume this goes on in multiple directions. The Chinese won't issue a press release when they find out they've been hacked, but that doesn't mean it doesn't happen.

    I pity the poor schmuck who has to read the take from the UN.

    Noted this in the Vanity Fair piece:

    Forensic investigation revealed that the defense contractor had been hit by a species of malware that had never been seen before: a spear-phishing e-mail containing a link to a Web page that, when clicked, automatically loaded a malicious program—a remote-access tool, or rat—onto the victim’s computer.
    What kind of idiot clicks on a link in an e-mail of unknown origin? Doesn't everyone over 8 years old know better? Ok, maybe not everyone... but anyone on a computer that holds even potential access to confidential information should certainly know better.
    “The whole aim of practical politics is to keep the populace alarmed (and hence clamorous to be led to safety) by menacing it with an endless series of hobgoblins, all of them imaginary”

    H.L. Mencken

  8. #28
    Council Member bourbon's Avatar
    Join Date
    Jun 2007
    Location
    Boston, MA
    Posts
    903

    Default

    Quote Originally Posted by Dayuhan View Post
    What kind of idiot clicks on a link in an e-mail of unknown origin? Doesn't everyone over 8 years old know better? Ok, maybe not everyone... but anyone on a computer that holds even potential access to confidential information should certainly know better.
    Phishing attacks do not appear to come from an unknown origin, but instead are designed to appear to come from a trusted source.

  9. #29
    Council Member bourbon's Avatar
    Join Date
    Jun 2007
    Location
    Boston, MA
    Posts
    903

    Default

    The above VF article is actually a web exclusive to a longer article for the print edition. The hacking of the UN and International Olympic Committee -which the web exclusive and media dwell upon- are marginal-issues next to what is revealed in the longer article.


    Enter the Cyber-dragon
    , by Michael Joseph Gross. Vanity Fair, September 2011.
    Hackers have attacked America’s defense establishment, as well as companies from Google to Morgan Stanley to security giant RSA, and fingers point to China as the culprit. The author gets an exclusive look at the raging cyber-war—Operation Aurora! Operation Shady rat!—and learns why Washington has been slow to fight back.

  10. #30
    Council Member Backwards Observer's Avatar
    Join Date
    Jun 2008
    Posts
    511

    Default

    Perhaps McAfee (and Intel) should immediately cease all business with China and shut down their operations there until all cyber-espionage ceases. That might be an appropriate first move considering the seriousness of this. People might also consider a boycott of Intel and McAfee until this is settled.

    Intel looks for security in $7.7 billion McAfee deal

    NEW YORK (CNNMoney.com) -- Intel Corp., the world's largest chipmaker, said Thursday it has agreed to acquire security software maker McAfee for $7.68 billion.
    Intel looks for security in $7.7 billion McAfee deal - CNN Money - August 19, 2010.

    ...

    Intel chips in with Chinese investment

    BEIJING - Intel Capital, the global investment arm of the chipmaker Intel Corp, announced on Wednesday that it has invested $22 million in three Chinese technology companies this year. It will also invest in least six more in the coming five months.

    The three companies are the Shanghai-based online e-commerce outfit, 6DX Change Inc, which operates the online fashion and lifestyle e-retailer website YaoDian100.com; high-definition smart TV and cable smart set top box provider Beijing JoySee Technology Co Ltd, a subsidiary of the US-listed China Digital TV holding Co Ltd; and a second Shanghai-based outfit, BOCOM Intelligent Network Technologies Co Ltd, a provider of intelligent sensing and networking technologies for digital security and surveillance
    Intel chips in with Chinese investment - China Daily - August 4, 2011

    ...

    McAfee Inc. to Establish New Wholly-Owned Subsidiary in China


    Forming New Chinese Subsidiary Part of Expanded McAfee Investment in China, Company Aims To Boost China Business

    BEIJING & SANTA CLARA, Calif., December 15, 2009 - McAfee, Inc. (NYSE:MFE) today announced it is establishing a new wholly-owned subsidiary in China. The new subsidiary forms part of a new investment McAfee is making in China and the Chinese market.

    “China offers compelling opportunities for McAfee,” said Dave DeWalt, McAfee president and chief executive officer, at a press event in Beijing today. “China has great potential as a center for manufacturing, research and development for McAfee and is also a significant burgeoning market for our products. McAfee has continuously strengthened its presence in China over the last decade and we are planning to expand our investment in the near term to take full advantage of the opportunities China presents.”

    [...]

    Current McAfee operations in China include sales, manufacturing of the McAfee Unified Threat Management Firewall and an R&D team focused on mobile security, localization and security research. With the establishment of a new local subsidiary and the planned increased investment, McAfee intends to significantly grow its China business over the next few years.
    McAfee Inc. to Establish New Wholly-Owned Subsidiary in China - McAfee Newsroom - December 15, 2009.

    McAfee China Website
    Last edited by Backwards Observer; 08-04-2011 at 07:42 AM. Reason: add link

  11. #31
    Council Member AdamG's Avatar
    Join Date
    Dec 2005
    Location
    Hiding from the Dreaded Burrito Gang
    Posts
    2,805

    Default U.S. water plant malfunction, not a cyber attack (amended title)

    Foreign hackers caused a pump at an Illinois water plant to fail last week, according to a preliminary state report. Experts said the cyber-attack, if confirmed, would be the first known to have damaged one of the systems that supply Americans with water, electricity and other essentials of modern life.

    Companies and government agencies that rely on the Internet have for years been routine targets of hackers, but most incidents have resulted from attempts to steal information or interrupt the functioning of Web sites. The incident in Springfield, Ill., would mark a departure because it apparently caused physical destruction.
    http://www.washingtonpost.com/blogs/...TZYN_blog.html
    A scrimmage in a Border Station
    A canter down some dark defile
    Two thousand pounds of education
    Drops to a ten-rupee jezail


    http://i.imgur.com/IPT1uLH.jpg

  12. #32
    Council Member carl's Avatar
    Join Date
    Nov 2005
    Location
    Denver on occasion
    Posts
    2,460

    Default

    For those who are knowledgeable about this kind of thing, do you think somebody was running some kind of test in preparation for bigger things? What was the purpose of the attack? Also, why does a local water utility have to be connected to the internet?
    "We fight, get beat, rise, and fight again." Gen. Nathanael Greene

  13. #33
    Council Member bourbon's Avatar
    Join Date
    Jun 2007
    Location
    Boston, MA
    Posts
    903

    Default

    Quote Originally Posted by carl View Post
    For those who are knowledgeable about this kind of thing, do you think somebody was running some kind of test in preparation for bigger things? What was the purpose of the attack? Also, why does a local water utility have to be connected to the internet?
    Carl,

    I think the rules of the road for cyberwarfare are being written as we speak; but generally speaking, just as every weapon needs to be tested before it can see the battlefield – so too will every cyberwarfare capability.

    The difference being there really isn’t cyberwar proving grounds. This means that enemy infrastructure networks need to be regularly penetrated and I imagine occasionally fooked with – just to ensure you still have the capability.

    Why does a water utility need to be connected to the internet? Remote access brings efficiency and cost savings -- one group of SCADA engineers can control multiple sites remotely, instead of having to have SCADA engineers at every site 24/7.
    “[S]omething in his tone now reminded her of his explanations of asymmetric warfare, a topic in which he had a keen and abiding interest. She remembered him telling her how terrorism was almost exclusively about branding, but only slightly less so about the psychology of lotteries…” - Zero History, William Gibson

  14. #34
    Council Member AdamG's Avatar
    Join Date
    Dec 2005
    Location
    Hiding from the Dreaded Burrito Gang
    Posts
    2,805

    Default

    Hacking is becoming a growing problem on Earth. It may seem strange to mention Earth, as there’s not much to hack outside of our planet’s atmosphere unless you count satellites. Even then, how feasible would it be to gain access to the systems running such devices?

    Well, China not only has people working on such things, it has been discovered they actually managed to take control of two NASA satellites for more than 11 minutes.

    The successful attacks occurred in 2007 and 2008. The more serious of the two happened in ’08 when NASA had control of the Terra EOS earth observation system satellite disrupted for 2 minutes in June, and then a further 9 minutes in October. During that time, whoever took control had full access to the satellites’ systems, but chose to do nothing with it.
    http://www.geek.com/articles/geek-pi...utes-20111119/
    A scrimmage in a Border Station
    A canter down some dark defile
    Two thousand pounds of education
    Drops to a ten-rupee jezail


    http://i.imgur.com/IPT1uLH.jpg

  15. #35
    Council Member Backwards Observer's Avatar
    Join Date
    Jun 2008
    Posts
    511

    Default 'hacking' and chinese 'cuisine'

    UPDATE1-US commander cannot pin down satellite anomaly

    The command responsible for U.S. military space operations lacks enough data to determine who interfered with two U.S. government satellites, anomalies behind perhaps the most explosive charge in a report on China sent to the U.S. Congress on Wednesday.

    "What I have seen is inconclusive," General Robert Kehler, commander of the U.S. Strategic Command, said in a teleconference from Omaha, Nebraska, home to the military outfit that conducts U.S. space and cyberspace operations.

    [...]

    China's military is a prime suspect, the bipartisan, 12-member commission made clear, though it added that the events in question had not actually been traced to China.
    US Commander cannot pin down satellite anomaly - Reuters - Nov 16, 2011.

    How does the excerpt in bold translate to the geek.com headline of "Chinese hackers took control of NASA satellite for 11 minutes"? Are they saying that the USAF General in charge of US Strategic Command is engaging in 'political correctness', incompetent, or worse, lying? Or is geek.com part of the re-activated Grill Flame program?

    I did enjoy this comment on the geek.com article, however:

    You have obviously never been to china...they will eat each other before they become a "super power"
    Attached Images Attached Images

  16. #36
    Council Member davidbfpo's Avatar
    Join Date
    Mar 2006
    Location
    UK
    Posts
    12,505

    Default May help with the water 'attack'?

    Not my field, but I think some clues and understanding is found here:http://www.schneier.com/blog/archive....html#comments
    davidbfpo

  17. #37
    Council Member carl's Avatar
    Join Date
    Nov 2005
    Location
    Denver on occasion
    Posts
    2,460

    Default

    Quote Originally Posted by Backwards Observer View Post
    Are they saying that the USAF General in charge of US Strategic Command is engaging in 'political correctness', incompetent, or worse, lying?
    After watching other Generals and high ranking State and Defense Dept. people pretend that what is isn't for the past decade in various parts of the world, I think it very plausible that the USAF General in question is doing all three at the same time.
    "We fight, get beat, rise, and fight again." Gen. Nathanael Greene

  18. #38
    Council Member Backwards Observer's Avatar
    Join Date
    Jun 2008
    Posts
    511

    Default anything that lies on anything that moves

    Quote Originally Posted by carl View Post
    After watching other Generals and high ranking State and Defense Dept. people pretend that what is isn't for the past decade in various parts of the world, I think it very plausible that the USAF General in question is doing all three at the same time.
    Dang, and I thought I was cynical.

  19. #39
    Council Member carl's Avatar
    Join Date
    Nov 2005
    Location
    Denver on occasion
    Posts
    2,460

    Default

    When you think about it, you would expect politically correct, incompetent and dishonest to all run together.
    "We fight, get beat, rise, and fight again." Gen. Nathanael Greene

  20. #40
    Council Member Backwards Observer's Avatar
    Join Date
    Jun 2008
    Posts
    511

    Default cold war humour redux

    Quote Originally Posted by carl View Post
    When you think about it, you would expect politically correct, incompetent and dishonest to all run together.
    Yeah, but in China it's the other way round. (applause)


    quote

    John Kenneth Galbraith - Wikipedia

Similar Threads

  1. Russo-Ukraine War 2016 (April-June)
    By davidbfpo in forum Europe
    Replies: 1088
    Last Post: 07-01-2016, 08:44 PM
  2. The Threat from Swarm Attacks (catch all)
    By davidbfpo in forum Doctrine & TTPs
    Replies: 4
    Last Post: 08-07-2012, 11:42 AM
  3. USAF Cyber Command (catch all)
    By selil in forum Media, Information & Cyber Warriors
    Replies: 150
    Last Post: 03-15-2011, 09:50 PM
  4. Attacks in Iraq Down Considerably
    By SWJED in forum Blog Watch
    Replies: 1
    Last Post: 01-23-2006, 10:33 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •