Tag Archives: International relations

ASEAN Phishing Expeditions

Mila Parkour, the indefatigable phish researcher from DC, points to some recent spear-phishing attacks which to me help confirm that Southeast Asia, and ASEAN in particular, has become something of a focus for the chaps in China.

They also highlight just how vulnerable diplomats in the region are because of poor security.

One is a phish apparently coming from the Indonesian foreign ministry, in particular one Ardian Budhi Nugroho, whom the email correctly describes as from the Directorate of ASEAN Political Security Cooperation. The subject matter is topical and credible:

Dear Sirs/Mesdames,
Enclosed herewith letter from Director for ASEAN Political-Security Cooperation, informing the date of the next Direct Consultations between ASEAN and P5 Nuclear Weapon States, which will be held on 4 – 6 October 2011 in New York. A Tentative Programme of the Direct Consultations is also attached for your kind reference. Thank you for your attention and continued cooperation.

The only good thing about these phishes is that they reveal something of the attacker’s interests. These attacks are timed carefully a week or so ahead of key meetings–in this case a Oct 4-6 meeting in New York of ASEAN and P5 Nuclear Weapon states (one of those states, of course, is China). The email was sent on Sept 20.

The email address given, aseanindonesia@yahoo.com, doesn’t appear to be genuine, but it could easily be. Look, for example, at the email addresses listed here. More than half are either ISP or webmail addresses.

Diplomats need to get wise to these kinds of attacks by using their domain’s email addresses and being more sophisticated about their communications (not sending attachments, for one thing, and telling me they don’t.)

How does all this work? We don’t know who received this but it’ll probably be a list of diplomats attending the talks–not hard to find, as we can see from the above list. It only needs one member of each delegation to open the infected attachment for their whole delegation to be in danger of China–or whoever is behind this attack–to be able to monitor everything they do.

Cyberwar, Or Just a Taste?

Some interesting detail on the Estonian Cyberwar. This ain’t just any old attack. According to Jose Nazario, who works at ARBOR SERT, the attacks peaked a week ago, but aren’t over:

As for how long the attacks have lasted, quite a number of them last under an hour. However, when you think about how many attacks have occurred for some of the targets, this translates into a very long-lived attack. The longest attacks themselves were over 10 and a half hours long sustained, dealing a truly crushing blow to the endpoints.

There’s some older stuff here, from F-Secure, which shows that it’s not (just) a government initiative. And Dr Mils Hills, who works at the Civil Contingencies Secretariat of the UK’s Cabinet Office (a department of government responsible for supporting the prime minister and cabinet), feels that cyberwar may be too strong a term for something that he prefers to label ‘cyber anti-social behaviour’.

Indeed, what surprises him is that such a technologically advanced state — which uses electronic voting, ID cards and laptop-centric cabinet meetings — could so easily be hobbled by such a primitive form of attack, and what implications that holds:

What IS amazing is that a country so advanced in e-government and on-line commercial services has been so easily disrupted. What more sophisticated and painful things might also have already been done? What else does this indicate about e-security across (i) the accession countries to the EU; (ii) NATO and, of course, the EU itself?

Definitely true that this is probably just a little blip on the screen of what is possible, and what governments are capable of doing.

(Definition of Cyberwar from Wikipedia here.)

 

Russia Declares Cyberwar?

The Guardian reports on what some are suggesting may the first outbreak of official cyberwar between one country and another, after Russian hackers, official or not, have flooded Estonian websites with Denial of Service attacks (DDoS):

clipped from www.guardian.co.uk

Without naming Russia, the Nato official said: “I won’t point fingers. But these were not things done by a few individuals.

 

“This clearly bore the hallmarks of something concerted. The Estonians are not alone with this problem. It really is a serious issue for the alliance as a whole.”

Anyone For Banda Aceh?

Tourism to South and Southeast Asia may have taken a hit in the aftermath of the tsunami, but clearly not every travel agent thinks it’s a no-no — even to the capital of the hardest hit region, Indonesia’s Aceh. This contextual ad appeared on Google doing a search for Banda Aceh. The blurb is unsurprising, given the situation:

Banda

Good luck. I’m sure the Acehnese will be very pleased to see you, but you might have to bring your own stuff.

Indonesian Tsunami Relief Effort

I’m not in Indonesia at the moment, but my thoughts are with those tens of thousands of people in Aceh and the rest of Sumatra island, coping with the aftereffects of the tsunami. For those of you wishing to make contributions to the relief effort, one organisation is worth considering: Radio 68H, a network of independent radio stations throughout Indonesia with a strong presence in Aceh.

They have set up a fund (Indonesian only; English language page to be available soon) to help (as far as I know it’s in rupiah):

Name: PT Media Lintas Inti Nusantara
Bank: BCA
Branch: Utan Kayu, Jakarta
Number: 5800091090

I feel confident they will use the money frugally and wisely.

 

Did A Computer Virus Bring Down The Soviet Union?

Did software, deliberately programmed by the CIA to fail, hasten the end of the Soviet Union?

The Washington Post reports (registration required) that “President Ronald Reagan approved a CIA plan to sabotage the economy of the Soviet Union through covert transfers of technology that contained hidden malfunctions, including software that later triggered a huge explosion in a Siberian natural gas pipeline.”

It quotes a new memoir by Thomas C. Reed, a former Air Force secretary who was serving in the National Security Council at the time (At the Abyss: An Insider’s History of the Cold War, to be published next month by Ballantine Books) as saying the pipeline explosion was just one example of “cold-eyed economic warfare” that made the Soviet Union eventually “understand that they had been stealing bogus technology, but now what were they to do? By implication, every cell of the Soviet leviathan might be infected. They had no way of knowing which equipment was sound, which was bogus. All was suspect, which was the intended endgame for the entire operation.”

Aspects of this operation have been revealed before, but it’s still a pretty extraordinary tale, and makes one realise the power that software holds over us. And given that all this happened in 1982 or even earlier, does that make the CIA the first successful virus writers? The record is presently held by Fred Cohen, who created his first virus when studying for a PhD at the University of Southern California and presented his results to a security seminar on 10 November, 1983, according to the BBC website.

News: Terrorist List Hit By, Er, Virus

 AP reports that the State Department’s electronic system for checking every visa applicant for terrorist or criminal history failed worldwide for several hours late Tuesday because of a computer virus, leaving the U.S. government briefly unable to issue visas. The virus crippled the department’s Consular Lookout and Support System, known as CLASS, which contains more than 12.8 million records from the FBI, the State Department and U.S. immigration, drug-enforcement and intelligence agencies. Among the names are those of at least 78,000 suspected terrorists. There was apparently no backup.