Friday, March 29, 2013

NYTimes reports "destructive" attacks on financial institutions, although some may still be (just) DDOS; Amex targeted


The New York Times, in an alarming story in “Business Day” Good Friday by Nicole Perlroth and David E. Sanger, reports “Cyberattacks meant to destroy, not just disrupt”, link here
  
American Express customers were confronted with blank screens Thursday (or even a defaced site).  I just tried my own account and everything worked fine.

Wells Fargo was slow Wednesday afternoon, but was working by evening.  I had to use a terminal in the bank to look at my account Wednesday.

There is absolutely no evidence that customer accounts have been tampered with (although I admit that these days I check accounts very frequently).  Some of the attacks seem to be DDOS, so It’s hard to say they are “destructive”.   But apparently Amex was hacked.  
  
The NYTimes article suggests involvement by Iran and North Korea, although some of this could be due to more conventional hacking.   “Weaker” states will try to create the appearance of existential threats to a world that their leadership claims victimizes them.    

Wednesday, March 27, 2013

Spamhaus fights off largest DDOS ever; Internet slows


The Huffington Post reports that Spamhaus has been fighting off the largest DDOS (Distributed Denial of Service) attack ever in the history of (Al Gore’s) Internet, link here

Spamhaus hosts a recommended blacklist of IP addresses from which entities (like ISP’s) should not accept email.  It could be useful for companies  or even governments trying to prevent fraudulent use of their sites, too. 

The BBC has reported that one of the targets of the blacklist is Cyberbunker, which hosts “almost” anything (story by Dave Lee (website url) here).
    
The Spamhaus site was responsive today, link here. Note that the “.com” site seems to be a questionable clone, parts of which are blocked by McAfee. 
  
I have not noticed much more spam than usual on my email accounts.  Most of it is very obvious and transparent when it gets through spam filters.  Some of it seems to have spoofed Facebook friends as senders, and usually offers a link to a malicious site in the email body.  

Yesterday (Tuesday) the Wells Fargo site was very slow and unresponsive all afternoon, although employees denied any DDOS.  Terminals inside the banks did work.   Today the site works.

NBC News reported the attack this evening, with story here.  NBC reports users in some geographical areas may be affected, as may some sites, especially Netflix.  I just tried Netrflix (dinner time) and found it only slightly slower than normal.  

Tuesday, March 26, 2013

Facebook pseudo-virus transmits c.p. upon click


A virus, or perhaps a “pseudo-virus”, is circulating on Facebook.  A video showing an incident of child pornography reported by media and police to have been created in 2005 has appeared on some people’s newsfeeds.  When one clicks on the video, it gets sent to all the person’s Friends.
  
In the past, there have been cases where people have been prosecuted when child pornography was found on their personal computers or inadvertently sent from them.  Obviously this won’t happen this time, but the idea that this could happen is scary.
   
A typical news report comes from a Hartford TV station, here

I haven’t seen anything like this in my own Facebook feed. 
  
NBC Washington also sent out a story here and aired it at 4:50 PM today, link here

Tuesday, March 12, 2013

Experts continue to advise caution with public WiFi networks


“Digital Matters” has an article on AOL today, “Why Public WiFi Hotspots are trouble spots for users, by Kent Lawson, link here.

Some of the dangers include “Evil Twins” (Argo-fake hotpsots), sniffers, ARP(Address-Resolution Spoofing) and “Sidejacking or Session hijacking”, which sound particularly malignant, where the attacker clones the user’s account.
  
The article does place a lot of faith in https, and recommends disabling file and print sharing features. 
The article appears on an AOL blog called “Lifestore” and not on Huffington.  
  
How safe is it really to use a “free” WiFi connection in a hotel.  I haven’t had any trouble, but I tend to prefer my secure Verizon  iPad hotspot if possible (it’s often faster than the hotel’s).  In high rise hotels in Manhattan I sometimes have trouble with the hotspot and use the hotel’s.   

Tuesday, March 05, 2013

Recent media reports show how power grids can be compromised by cyber attacks -- careless employees


American and western power grid and energy installations can be vulnerable to cyberattack mainly through phishing attacks by email to employees. That concept is buried in a detailed story I the New York Times Monday March 4, “As hacking against U.S. rises, experts try to pin down motive”, link here

Defense, utility and energy systems should normally be disconnected from the public Internet, including ordinary surfing and links from social media.  However corporate email seems to be available on proprietary internal systems, and this provides a way for compromise.  And apparently this has happened a few times, possibly with US agencies and the Saudi oil systems, among others.
  
It’s a little surprising that this would be a problem, as presumably companies and government agencies should have strict rules about what can be done on process control systems.  Emails and communications would presumably be heavily screened before sent over to specialized systems, which often have specialized hardware and firmware designed for harsh environmental conditions.  It’s a little surprising that power companies could have the vulnerabilities implied by these reports.  

Monday, March 04, 2013

Underground rings sell mass access to compromised PC's


Dancho Danchev  (the name reminds me of Donnie Darko) is reporting, on the Werbroot threat blog, a growing underground “business” in selling access to supposedly infected hosts in various countries, with PC’s in the United States bringing in the most money because of the higher standard of living and more purchasing power. 
  
It’s hard to see how the lists could be reliable.  Computers that have been cleaned (by updated anti-malware products or preferably by using a different product such as what Geek Squads uses) would no longer work, nor would computers when turned off. 
  
Yet, this seems like a tremendous cash cow for some criminals – and one wonders why they can’t use their talents to make a legitimate living working in legitimate security operations.  Maybe this is an example of the “Red Widow” problem.
  
The Webroot  Threat Blog story is here
  
  
The video above demonstrates activity around the world for several major botnets for a particular day in June. 2012.