In its latest security report Cisco identifies a trend I hadn’t heard of before with malware writers: Closer inspection of those computers they’ve successfully penetrated to see whether there’s something interesting there, and then if there is targeting that company (or organisation) with a more tailored follow-up attack: Attackers can—and do— segregate infected computers into interest areas and modify their methods accordingly. For example, after initial infection by a common downloader Trojan, subsequent information may be collected from infected machinesto identify those systems more likely to lead to sensitive information. Subsequently, those “interesting” machines may be delivered an entirely different set of malware than would
I know I’ve drawn attention to this before, but the timeline of McAfee’s Operation Shady RAT by Dmitri Alperovitch raises questions again about WikiLeaks’ original data. Alperovitch points out that their data goes back to mid-2006: We have collected logs that reveal the full extent of the victim population since mid-2006 when the log collection began. Note that the actual intrusion activity may have begun well before that time but that is the earliest evidence we have for the start of the compromises. This was around the time that Julian Assange was building up the content that, he recounted in emails at the time, that his hard
A group of security professionals who have good credentials and strong links to the U.S. government have outlined a Stuxnet-type attack on Libyan infrastructure, according to a document released this week. But is the group outlining risks to regional stability, or is it advocating a cyber attack on Muammar Gadhafi? The document, Project Cyber Dawn (PDF), was released on May 28 2011 by CSFI – the Cyber Security Forum Initiative, which describes itself as non-profit organization headquartered in Omaha, NE and in Washington DC with a mission “to provide Cyber Warfare awareness, guidance, and security solutions through collaboration, education, volunteer work, and training to assist the
This Google Gmail phishing case has gotten quite a bit of attention, so I thought I’d throw in my two cents’ worth. (These are notes I collated for a segment I did for Al Jazeera earlier today. I didn’t do a particularly good job of getting these points across, and some of the stuff came in after it was done. ) Google says the attack appears to originate from Jinan, but doesn’t offer evidence to support that. I think it would be good if they did. Jinan is the capital of Shandong Province, but it’s also a military region and one of at least six
(Updated timeline to include subsequent accounts) There was, by all accounts, no Internet or phone access to Bin Laden’s compound. Had there been, might he have known about the attack in advance from social media? This depends on what was being said on twitter, and when. Although lots of people in Pakistan are on Facebook, twitter would have been more useful. There’s no clear timeline yet about when the US launched its attack on the compound. But had Osama’s people been monitoring the keyword ‘abbottabad’ (or people who had previously mentioned the word), which would have been smart, they would have known that something was
via infosecisland.com Is the Jester, a patriotic hacker better known for bringing down allegedly jihadist websites, injecting fake news strories about Libya to demoralize Gaddafi’s forces? Anthony Freed of infosec reckons so. Very good piece, and opens up all sorts of interesting avenues for dark hacktivism.
Was social media the driving force behind the uprisings in Tunisia and Egypt? Commentators in the West are divided. Some insist that Hosni Mubarak would never have fallen without Facebook and Twitter. To which others respond that these tools promote only weak forms of organization and were incidental to the protests gaining momentum. The question is of more than academic interest to those either trying to predict when the next regime fall will come or, perhaps, trying to help it along. via online.wsj.com An oped piece I wrote for the Journal. I’ll post my original text later.
In all the hoo-ha about the Arab Revolutions some interesting WikiLeaks cables seem to be slipping through the net. Like this one from 2008 about Estonia’s view of the cyberattack on Georgia. Estonia had learned some tough lessons from Russia’s cyberattack on its defenses the previous year, so was quick to send cyber-defense experts to “help stave off cyber-attacks emanating in Russia”, according to the Baltic Times at the time. The cable, dated Sept 22 2008, reports on meetings with Estonian officials on both the lessons from its own experience and some candid commentary on Georgia’s preparedness and response. Here are some of the points:
The BBC World Service Business Daily version of my piece on the relationship between communications and political change . (The Business Daily podcast is here.) Loose Wireless 110216 To listen to Business Daily on the radio, tune into BBC World Service at the following times, or click here. Australasia: Mon-Fri 0141*, 0741 East Asia: Mon-Fri 0041, 1441 South Asia: Tue-Fri 0141*, Mon-Fri 0741 East Africa: Mon-Fri 1941 West Africa: Mon-Fri 1541* Middle East: Mon-Fri 0141*, 1141* Europe: Mon-Fri 0741, 2132 Americas: Tue-Fri 0141*, Mon-Fri 0741, 1041, 2132 Thanks to the BBC for allowing me to reproduce it as a podcast.
I’m not going to get into the rights and wrongs of the WikiLeaks thing. Nor am I going to look at the bigger implications for the balance of power between governed and governing, and between the U.S. and its allies and foes. Others have written much better than I can on these topics. I want to look at what the cables tell us about the sorting, sifting and accessing of this information. In short, what does this tell us about how the world’s most powerful nation organized some of its most prized data? To start, with, I want to revisit a conversation I had sitting