Cyber Defense Weekly March 8, 2010
| White House cyber czar: There is no cyberwar | |
| Howard Schmidt, the new cybersecurity czar for the Obama administration, has a short answer for the drumbeat of rhetoric claiming the United States is caught up in a cyberwar that it is losing. "There is no cyberwar," Schmidt told Wired.com in a sit-down interview Wednesday at the RSA Security Conference in San Francisco. "I think that is a terrible metaphor and I think that is a terrible concept," Schmidt said. "There are no winners in that environment." Instead, Schmidt said the government needs to focus its cybersecurity efforts to fight online crime and espionage. His stance contradicts Michael McConnell, the former director of national intelligence who made headlines last week when he testified to Congress that the country was already in the midst of a cyberwar - and was losing it. Schmidt's official title is cyber-security coordinator at the White House, a job he took over just before Christmas. Schmidt has no budgetary authority, but he said that doesn't make him powerless, because his office is in the White House. He's been there before as an adviser to President George W. Bush, and he's been the president and board member of countless security associataions. One of his first moves in his new job was to publish an unclassified summary of the country's 12-point cybersecurity plan, known as the Comprehensive National Cybersecurity Initiative, a move toward transparency that he announced Monday as the keynote speaker at the world's premier security conference. | |
| Tracing attack source key to cybersecurity strategy, Chertoff says |
|
| The difficult task of identifying the true sources of cyber attacks remains one of the biggest challenges in the development of a national cybersecurity strategy, former Department of Homeland Security Secretary Michael Chertoff told Computerworld in an interview at the RSA Security conference here today. Chertoff, who is participating in a panel discussion at the conference, said there is a growing need for the U.S to create a strong, formal strategy for responding to cyberattacks against American interests. Such a strategy would need to clearly articulate possible U.S. responses to attacks, which could include diplomatic and other tools. Chertoff noted that by comparison, physical attacks are relatively easy to track down and respond to. "In the Cold War we could attribute an attack. It was clear where it came from and we could respond," he said. Finding the source of cyber attacks, though, is far more complicated, he said. While investigators could find the physical systems from which an attack is launched, the owner of the systems could have nothing to do with the criminal activity. | |
|
Fatal System Error - New book by Joseph Menn |
|
 Fatal System Error penetrates both the Russian cyber-mob and the American mafia as the two fight over the Internet's massive spoils. It takes readers into the murky hacker underground, traveling the globe from San Francisco to Costa Rica, London, and Russia. Using unprecedented access to mob businesses and Russian officials, it shows how top criminals earned protection from the Russian government and how Barrott Lyon and Andrew Crocker got closer to the titans of the underground economy than any previous outsider. Joseph Menn covers cybersecurity and other technology issues for the Financial Times.
|
|
| Coming to grips with the growing cyber threat |
|
| It is almost impossible to understand the dangers that face our military, government, business and personal computer networks without being a high-level cyber security expert. What makes it even more difficult to fully grasp the threat is that you can't see it coming. There is no naval armada on the horizon or army marching towards us. This ever-present danger is a constant, powerful, ceaseless attack that comes from all directions and from many different sources. According to recent statements by the Director of National Intelligence, David Blair, this already huge threat is "growing at an unprecedented rate." But to a person who has not been the victim of a cyber attack or has not lost his or her identity or money due to online scams and traps, this threat is not a daily concern. Having a network brought down or data stolen is something that only happens to "the other guy." Often a person starts practicing good information assurance and cyber security only after they have become a victim. That's the equivalent of no longer walking through dark alleys in bad neighborhoods in strange cities only after having been mugged a few times. This behavior makes it much more likely that cyber attacks will be frightening successful. Yet, without that personal experience of being a victim, it is very easy to see protecting against cyber threats as something less than a top priority, especially in a working world that is increasingly complex, fast paced and choked with information overload. There's just too much to do to worry about the "hidden dangers" of cyber threats. | |
| Lockheed seeks to predict cyber security threats | |
| Lockheed Martin Corp, the No. 1 information technology provider to the U.S. government, is working hard to better predict and protect against increasingly sophisticated and stealthy cyber attacks. Lockheed, also the Pentagon's biggest contractor, is opening a second internal security intelligence center in Denver this week to complement the one it opened in May 2008 in Gaithersburg, Maryland, north of Washington. Some analysts and software developers at the Gaithersburg center starred in a video Lockheed recently posted on YouTube which portrays the cyber security problem as a complex chess match between U.S. government and industry on one side, and a host of smart attackers from nation states and criminal groups on the other. "It is a cat-and mouse game between the two sides," said Eric Hutchins, a Lockheed cyber intelligence analyst. "They're constantly trying to develop new ways of attacking us and we're constantly trying to develop new ways of defending us." Cyber attacks are becoming more sophisticated, persistent, stealthy and targeted, Lockheed officials say, which points to greater activity by nation states and more criminal entities rather than the random, individual activities of the past. | |
| Businesses now on notice | |
| Recent events have put businesses on notice; they are far game when it comes to cyber attacks for socio-political and national security/military reasons. The major reason given when you investigate critical systems vulnerabilities is the high price of improving security and with the recent economic conditions many feel this is a proper justification. When the topic of cyber attack or even cyber war come up, many in the private sector feel the U.S. government is at least partially responsible for protecting them from foreign attack. Given that more than 80 percent of the critical infrastructure is privately owned and operated, and an estimated sixty plus percent of the control systems are directly connected to the Internet, the exposure is clear. Nearly all security experts with deep knowledge of critical infrastructure systems believe this makes them not only vulnerable, but a primary target. The risk of cyber attacks are now foreseeable risks and as such businesses must address these risks. | |
| DDoS attacks - 10 years on |
|
| Ten years ago, on 14 February 2000, DDoS or distributed denial-of-service attacks - which attempt to cause disruption to an online service or application - knocked a number of high profile websites leaving them offline for several hours, including a well known auction site, the website of a global news channel and an internationally recognized online retail site. Fast forward a decade and DDoS attacks have evolved to be more sophisticated, more prevalent and more dangerous than ever. Most recently, the website of a prominent Russian newspaper was targeted causing major disruption for the publication and its readers. Botnets are a key player in DDoS attacks. Right now, we know that the most prominent spam-sending botnets control over five million active PCs. The actual number of botnets in existence is likely to be much higher as an infected bot only becomes visible when it is active - in other words spewing out spam or pummelling a site with a distributed denial of service attack. However, most DDoS attacks are used against websites in order to saturate its capacity and prevent legitimate users from visiting the websites, when in truth it can be a lot more sophisticated than that. DDoS attackers don't care how they are able to hit mail servers, they will use a number of tactics to reach as many businesses as they can. | |
|
MediaWidget |
|
 Easy iPod and iPhone transfer, backup, and recovery MediaWidget is an easy to use iPod utility designed to help you get more out of your iPod. Recover lost or missing music, backup and restore all of your iPod content, play music on your PC directly from your iPod, and that's not all. |
|
|
VideoWizard |
|
 Convert DVDs and videos to the iPod, iPhone, PSP, Zune, and AppleTVWith VideoWizard, you can convert DVDs and video files of all types to play on your iPhone, iPod, PSP, Zune, and AppleTV, all from a simple, easy-to-navigate interface.
Click here for more info and to purchase
|
|
| The new P2P initiative Government and industry need to pool cyber threat intelligence | |
| No, we are not talking about peer-to-peer networks. We are referring to public and private cyber defense and intelligence collaboration. The recent events and media attention centered on cyberattacks on Google and 33 other organizations, which include defense contractors, are clear indicators that cyber defense, security and intelligence must be increased and based on a foundation of cooperation and collaboration between the public and private sectors. It is clear that cyber intelligence must become an integrated, proactive component of cyber defense not only in the government and military sectors but also in the private sector. Most activities related to cyber threats intelligence can be characterized as reactive. In most cases, they are based on vulnerability disclosures, current events or an actual attack. The cyber threat environment demands that organizations take proactive measures based on near real-time cyber intelligence collected from a broad base of sources in the public and private sector. | |
| The human element complicates cyber security |
|
| Cyberspace is an untamed frontier. Data networks everywhere remain vulnerable to cyber threats. As Rep. Michael McCaul (R-Texas) recently pointed out, virtually every sector of cyberspace faces danger, including the U.S. military. Congressional hearings on cybersecurity have revealed that most federal networks have been hacked, McCaul said. Many attacks are classified as espionage, with foreign countries stealing government information. One data dump was equivalent in size to the Library of Congress. "I hope as with 9/11, we don't turn a blind eye and have a denial-of-service attack before we address this issue," McCaul said. Legislation passed in early February by the House could go a long way toward addressing the issue. McCaul and Rep. Daniel Lipinski (D-Ill.) are the primary sponsors of the Cybersecurity Enhancement Act of 2009, which would dedicate federal funds toward beefing up cybersecurity in the public and private sectors. The Senate is considering similar legislation. | |
| Creative approaches to malware detection | |
| Cyberwar and advanced persistent threats (APT) are fun terms thrown around a lot lately. Everyone seems to have their own slightly varied opinion on what they each mean. Personally, I don't care all that much what the different nuances of each are as long as I can understand the associated threats and deal with them appropriately. In my recent Tech Insight article, I covered some of the defenses that should be in place if you ever come under fire during cyberwar. I think what it really comes down to is that you can end up being attacked whetheryou are in the energy, finance, or similar critical industry. If you have customers or information that interests the attacker, then you could be a target -- just look at Google and the other companies hacked during the "Aurora" attacks. Until someone proves otherwise, I keep coming back to the root cause of most attacks: the lack of due diligence in securing the resources. The software, tools, and know-how are there; companies just aren't putting them together in order to be effective. With lax defenses, I think the biggest hurdle of preparation is in the incident response and detection areas. Traditional means of detecting malware are failing at finding advanced, targeted bots, and backdoors. There are no reliable IDS signatures to detect them (if there are, they're bleeding edge); they're blending in to look like normal software (similar names, not packed and/or not crypted [compressed and/or encrypted], etc.); use normal looking communication protocols (HTTPS/HTTP) to essentially, hide in plain sight. | |
| Spanish police take down massive Mariposa botnet | |
| Spanish authorities have arrested three men in an operation that has crushed a major botnet network of infected computers. The Mariposa botnet, which appears to be one of the world's largest, took over millions of computers, many of which continue to be infected, security researchers said Tuesday. An informal group of volunteers, calling itself the Mariposa Working Group, disabled Mariposa's command-and-control servers on Dec. 23 and handed over information about the criminals behind it to law enforcement in Spain and the U.S. Spain's Guardia Civil is expected to disclose more details of the arrests on Wednesday, during a morning press conference. Mariposa-infected computers were linked to 13 million unique Internet Protocol addresses, said Pedro Bustamante, a researcher with Panda Security. It's hard to pinpoint the exact size of the botnet from that number, but it appears to be one of the world's largest. Researchers studying the notorious Conficker botnet have linked it to half as many IP addresses. | |
| Cyber warfare expected to grow |
|
| The global cyber warfare market was worth a total of $8.12 billion in 2009, according to Visiongain, a business information provider for the telecommunication, pharmaceutical and defense industries. The London-based Visiongain's defense report, "Cyberwarfare Market 2010-2020," examines the leading cyber nations and analyses the range of factors driving strong global sales growth. Recent events have demonstrated the potential of cyber warfare, and this is driving strong growth in cyber security, Visiongain said in its report. Estonia came under cyber attack in 2007 at the time of a political dispute with Russia. The Internet sites of Estonian banks, companies, government ministries, newspapers and political parties were targeted by distributed denial-of-service, or DdoS, attacks. A year later, Georgian Web sites were attacked by civilians as Russia carried out military strikes during the South Ossetia War. During 2009, serious cyber attacks continued to occur with attacks on the institutions of countries such as South Korea and the United States. | |
| White House cyber security plan revealed | |
| White House Internet security adviser Howard A. Schmidt on Tuesday announced the availability of an unclassified version of the Obama administration's Comprehensive National Cybersecurity Initiative, the nation's plan to secure public and private sector computer networks. Speaking at the RSA Conference in San Francisco, Schmidt said, "Today, I'm pleased to announce that the administration has updated the classification guidance for the Comprehensive National Cybersecurity Initiative, or CNCI, which began in 2008 and forms an important component in our cybersecurity efforts within the federal government. As of noontime today, in about 15 minutes, you will be able to go to whitehouse.gov/cybersecurity and download the unclassified description of the CNCI and each of the 12 initatives under the CNCI." Schmidt repeated President Obama's statement from last year that the cyber threat is one of the most serious economic and security challenges faced by the nation. And he repeated the frequently heard call for greater cooperation and information sharing to defend against cyber attacks. "We must all partner together to make sure cybersecurity is secure," he said. The government's plan aims to strengthen the nation's cyber defenses while protecting civil liberties and maintaining government transparency. | |
| US urges 'action' needed to fight net attacks |
|
| Homeland Security secretary Janet Napolitano has admitted there is an urgent need to step up efforts to protect Americans from cyber attacks.Her comments at the world's largest security conference hosted by vendor RSA, comes as the cyber threat grows ever more sophisticated. Incidents like the attack on Google in China have underscored the issue. "We need to do more and we need to do it faster," Secretary Napolitano told the audience in San Francisco. She said the government was working with a "sense of urgency" and that the Department of Homeland Security, DHS, "stands at a very important juncture". Secretary Napolitano stressed that even in working with the private sector, "again the sense of urgency needs to be increased". Michael Chertoff, former DHS secretary, under President George W Bush, agreed. "We are seeing in the intervening time the adversaries, whether they be criminals or nation states or terrorists, are not taking time off. So with each passing year, the need to move faster becomes greater." | |
| Chinese attacks like the one against Google are on pace to double this year |
|
| Recent Internet attacks from China against Google and other U.S. companies will more than double this year if the pace during the first two months continues, a security expert says. This type of attack has been increasing over the past two years, with F-Secure spotting 1,968 such examples in 2008, 2,195 in 2009 and 895 so far this year, said Mikko Hypponen, chief research officer for F-Secure, who during RSA Conference held a private briefing on the attacks. Unlike other malware attacks, these are fashioned for specific targets and are used only once. "In these cases, you are the only organizations in the world to get hit and no one else, and the attacker has done his homework," Hypponen said. Operation Aurora, the attack against Google earlier this year, is one of thousands observed by security vendor F- Secure, but one of the few where the victim has made the incident public. Similar activity dates back at least six years targeting governments, businesses with military contracts, and non-governmental agencies advocating for human rights, he said. Some human-rights groups are hit an average of 10 times per month, and one in particular has been attacked continuously since 2004, he said. "Whoever wants to gain access to these people's computers is very, very serious," Hypponen said. While he has no smoking-gun evidence that China is behind the attacks, tying IP addresses to China and the massive scale and coordination of the attacks point to the Chinese government. | |
