Cyber Defense Weekly March 15, 2010
| From Richard Stiennon: A solution for Google in China |
|
 The Wall Street Journal reports today that:
A top Chinese minister warned Google Inc. "will have to bear the consequences" if it stops filtering its search results in China, suggesting there is little room for compromise in the high-profile showdown over censorship. Here is an idea for Sergey, Larry, and Eric. It may provide an option that allows them to continue to operate from China while avoiding the onus of censoring Google search results. The idea stems from a village in Turkey. If you have been to Istanbul (not Constantinople) you will have noticed the many Internet Cafes, a situation born of high connect charges from home. In 2004 the government of Turkey imposed censorship on these Internet cafes, making them responsible for blocking objectionable content that included pornography and anti-Attaturk writings. The owners of Internet cafes in a small city not far from Istanbul found that the local police would make frequent spot checks and were always able to discover illegal sites that led to high fines, even though the cafés had invested in web filtering solutions to comply with the law. Their solution was simple and elegant. The café owners banded together and invested in the equipment and software needed to filter censored content at a point in the network that could cover them all: their ISP. Then they turned control over to the police. The café owners avoided the fines, the police stopped harassing them, and the letter of the law was enforced. What if Google were to take the same route? |
|
| Fatal System Error: A MUST read for IT professionals, legislators, and law enforcement - according to Network World Magazine | |
 Fatal System Error penetrates both the Russian cyber-mob and the American mafia as the two fight over the Internet's massive spoils. It takes readers into the murky hacker underground, traveling the globe from San Francisco to Costa Rica, London, and Russia. Using unprecedented access to mob businesses and Russian officials, it shows how top criminals earned protection from the Russian government and how Barrott Lyon and Andrew Crocker got closer to the titans of the underground economy than any previous outsider. Joseph Menn covers cybersecurity and other technology issues for the Financial Times.
|
|
| FBI Warns Brewing Cyberwar May Have Same Impact as 'Well-Placed Bomb' |
|
| NATO and America's European allies are sounding the alarm over what they say are increased cyber attacks originating from China that are targeting key government and intelligence computers. The warning comes on the heels of an FBI report last week detailing the "real ... and expanding threat" of cyber terrorism, especially from Al Qaeda. FBI Director Robert Mueller warned Thursday that cyber-terrorists "will either train their own recruits or hire outsiders... as a means to damage both our economy and our psyche -- and countless extremists have taken this to heart," he said. Mueller said that a cyber-attack could have the same impact as a "well-placed bomb." He also accused "nation-state hackers" of seeking out U.S. technology, intelligence, intellectual property and even military weapons and strategies. NATO's warning focuses on China, for secret intelligence material to be protected from a recent surge in cyberwar attacks originating in China. The cyber-penetration of key offices in NATO and the EU has led to restrictions because there are concerns that secret intelligence reports might be vulnerable, the London Times reports. | |
| IRGC's Cyber Department hacks 29 US-backed websites | |
| The Islamic Revolution Guards Corps (IRGC) on Sunday announced that its cyber teams have hacked 29 websites affiliated with the US espionage network. According to a statement released by the Persian-language website, Gerdab, affiliated to the IRGC's Center for Combating Organized Crimes, the hacked websites acted against Iran's national security under the cover of human rights activities. The IRGC has recently set up the new center to detect and combat organized crimes on the internet. The newly-established center is tasked with monitoring the internet to detect and campaign against organized crimes, espionage, economic and social corruption, money laundering and cultural inroad. Read on... |
|
| Security and privacy? Forget about it | |
| As the Obama administration grapples with the thorny issue of beefing up the United States' cybersecurity infrastructure, and as security experts warn of impending cyberwarfare, a debate is raging over how much surveillance is enough. One of the biggest problems about implementing cybersecurity is that it involves a measure of surveillance, and the line between surveillance and snooping is razor thin. Thin enough, in fact, that Einstein 3, the latest iteration of the Federal government's intrusion detection program, has aroused privacy concerns because it can examine the content of email. That, some privacy advocates believe, makes it almost equivalent to warrantless wiretapping. The security community is divided over the issue. Some security advocates contend that surveillance is essential to our nation's security for the federal government to know who's saying what, especially in this day and age, when cyberthreats have become so sophisticated and yet so easy to create through prepackaged software kits that you don't need to know much about computers to create malware. For example, the three Spanish men who created the Mariposa botnet, which infected 13 million PCs worldwide, are believed to have purchased their virus over the Internet. Pro-surveillance security advocates contend that we can depend on the feds and our intelligence agencies not to cross the line into snooping without a cause. | |
| ZeuS botnet code keeps getting better... for criminals | |
| New capabilities are strengthening the ZeuS botnet,, which criminals use to steal financial credentials and execute unauthorized transactions in online banking, automated clearing house (ACH) networks and payroll systems. The latest version of this cybercrime toolkit, which starts at about $3,000, offers a $10,000 module that can let attackers completely take control of a compromised PC. Zeus v.1.3.4.x (code changes are always underway by the author and owner, who is believed to be one individual in Eastern Europe) has integrated a powerful remote-control function into the botnet so that the attacker can now "take complete control of the person's PC," says Don Jackson, director of threat intelligence at SecureWorks, which released an in-depth report on ZeuS this week. This new ZeuS feature, which was picked up from an older public-domain project from AT&T Bell Labs known as "Virtual Network Computing," gives ZeuS the kind of remote-control capability that might be found in a legitimate product like GoToMyPC, Jackson says. SecureWorks calls this a "total presence proxy," and it's so useful to criminals, just this one VNC module for ZeuS costs $10,000. | |
|
MediaWidget |
|
 Easy iPod and iPhone transfer, backup, and recovery MediaWidget is an easy to use iPod utility designed to help you get more out of your iPod. Recover lost or missing music, backup and restore all of your iPod content, play music on your PC directly from your iPod, and that's not all. |
|
|
VideoWizard |
|
 Convert DVDs and videos to the iPod, iPhone, PSP, Zune, and AppleTVWith VideoWizard, you can convert DVDs and video files of all types to play on your iPhone, iPod, PSP, Zune, and AppleTV, all from a simple, easy-to-navigate interface.
Click here for more info and to purchase
|
|
| Cyberattacks raise e-banking security fears |
|
| The unabated plundering of online bank accounts belonging to small and mid-size businesses is raising significant questions about the authentication and fraud detection mechanisms now used in financial institutions. Such cyberthefts have led multiple businesses to file lawsuits against their banks, and prompted government regulators to call on financial institutions to improve security systems. The FDIC recently disclosed that during the final 2009 quarter alone, cyberthieves stole mre than $150 million from small and mid-size business accounts. In most of those cases, the FDIC said, thieves obtained a business's valid banking login credentials by illegal means. The hackers used the stolen credentials to send money from the accounts to overseas bank accounts via wire transfers. Banks, by and large, have mostly contended that the thefts occurred because the victims failed to adequately protect their banking credentials. Since banks are not required to reimburse commercial accounts for losses resulting from such thefts, most of the impact on them has come from a public relations standpoint. | |
| India's cyber-defenses full of holes | |
| It's reminiscent of an action movie. The year is 2017 and two rival countries - India and China - are fighting a war. The conflict is not being fought with guns, tanks and aircraft but computers, bots, viruses and Trojans. The soldiers are not troops, but hackers. The scenario was enacted by the Indian military last year in a cyber-warfare simulation called the "Divine Matrix". Officially, the likelihood of a Chinese cyber-strike has since been played down. This is a big mistake, experts say, given the poor state of India's cyber-security. A recent investigation by McAfee, the software security firm, revealed that as cyber-attacks rise globally, India is emerging as an easy hunting ground. Worse, the vulnerability not only poses a threat to the government, military, and infrastructure, it also carries a huge risk for international businesses that have outsourced IT operations or bought software in India. "That India is under-prepared is well known, and experts often raise concerns about how the government's IT systems could be crippled in a war," said Shivarama Krishnan, an IT security expert at a firm of global consultants. "While that threat is valid, I think the real worry is someone attacking the IT systems of the private sector." | |
| North Korea builds an operating system | |
| North Korea has an Internet community, but one that is strictly regulated. This includes building its own operating system, based on Unix. Called Red Star, it features a front end that makes it look identical to Microsoft Windows XP. One difference is a custom browser called "My Country" that, for example, can only use a local search engine called "My Country BBS." The North Korean computer users can only search the North Korean Internet, with only a few people allowed access to the international Internet. Most of those belong to North Korean Cyber War organizations, or Internet security personnel who decide what to import for use on the isolated North Korean Internet. South Korean Internet users have had some contact with North Korean web users, most of it bad. Attacks on South Korean data networks were up 20 percent last year, with hundreds of serious attempts each day, to hack in and steal defense secrets. | |
| Meet USCybercom: Why the US is fielding a cyber army |
||
The US is in the process of creating a unified cyber command, to fight the wars of the future. The Pentagon has no doubt that the next conventional war will include a cyber element. Looking out of a window in London's Canary Wharf, Daniel Kuehl gestures randomly towards a high-rise. "Let's just assume that somewhere in that building there are a bunch of cyber systems, networks, routers, that are militarily important to take out," he said. "Which would you think would be the better way of doing it in terms of this neighbourhood? To make it stop working through a bunch of key strokes or to put a laser-guided, 1,000-lb weapon through the third floor and blow it to shreds? "We're really good at that second operation - but there might be some advantages to doing it the first way." The Pentagon is creating its first fully fledged cyber command - USCybercom - to improve its ability to wage war with key strokes. |
||
