| Detailed
Information
Here are some recent news items discussing this
growing threat.
China and cyberwarfare:
http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2007/06/15/wcyber115.xml
America prepares for 'cyber war' with China
By Alex Spillius in Washington 15/06/2007
China is striving to overtake the United States as the dominant power in cyberspace, according to a senior American general, in what is emerging as a new theatre of conflict between nation states and a growing priority for the Pentagon.
Lt Gen Robert Elder, commander of the 8th Air Force, said that all of America's foes, including Iran, were looking at ways of hacking into US networks to glean trade and defence secrets.
But efforts by China set it apart. "They're the only nation that has been quite that blatant about saying 'we're looking to do that'," said Gen Elder in Washington.
Gen Elder is to head a new cyber command centre being set up at Barksdale Air Force Base in Louisiana, already home to about 25,000 military personnel involved in everything from electronic warfare to network defence.
The command's focus is to control the "cyber domain", which the Pentagon now sees as critical to everything from communications to surveillance to infrastructure security, and just as important as "kinetic war".
His remarks follow last month's annual report by the Pentagon on China's military power which said China regarded computer network operations as critical to achieving "electromagnetic dominance" early in a conflict.
China's People's Liberation Army had established units to develop viruses to attack enemy computer systems and networks, the Pentagon said.
China also was investing in electronic countermeasures and defences against electronic attack, including infrared decoys and false-target generators.
The US military now defines cyberspace as much broader than merely defending or attacking computer networks.
Michael Wynne, the air force secretary, recently described the dangers as including remotely detonated roadside bombs in Iraq as well as interference with global positioning satellites and financial transactions over the internet.
He said America's nerve centre "resides in cyberspace. Our military command and control, and precision strike capability all rely on ensured access to the electronic spectrum."
Caitlin Harrington, an aviation specialist at Jane's Defence Weekly, said: "The US military is taking this very seriously. It is similar to the once-emerging question of dominance of outer space."
Gen Elder said a cyber war would probably involve precision targeting of enemy military networks, command centres or air defence systems.
The clearest example so far of cyber conflict came earlier this year when Estonia claimed that state-sponsored Russian hackers had attacked official websites in retaliation for the removal of a Soviet-era monument in its capital, Tallinn.
Government email and private online banking had to be shut down temporarily, while telecommunications companies and news organisations were also affected.
Nato allies and European specialists found that some of the attacks originated from IP (internet protocol) addresses that appeared to belong to the administration of Russian president Vladimir Putin.
The Chinese foreign ministry rejected the Pentagon's report as "brutal interference" in internal affairs and insisted that Beijing's military preparations were purely defensive.
Increased Threats Worldwide
http://www.eweek.com/article2/0,1895,1892115,00.asp
SANS Warns of Attack Shift to Apps, Network Devices
SANS, NISCC and the U.S. Department of Homeland Security issued a dire
warning about the impact of software vulnerabilities on national security.
Paller said that unknown enemies—possibly sponsored by states hostile to
the U.S. —are conducting round-the-clock electronic attacks against
companies and government Web sites to gather and transmit privileged
information.
He cited coordinated "phishing" attacks that placed Trojan horse programs
on systems owned by leading British companies and the U.K. government in
June, and coordinated Chinese attacks on U.S. government computers, dubbed
"Titan Rain," that netted military flight planning software as examples of
widespread hacking of "devastating attacks that are being carried out
against U.S. government and military contractor sites," SANS said.
Unlike worms and viruses, the new wave of malicious attacks are super
stealthy and may lurk for months or years, only "waking up" to snatch
sensitive information and send it back to those orchestrating the attack,
said Paller.
For an eye opening analysis of how organized and extensive is the threat
from criminal groups such as the Russian mafia operating within US borders
- that affect our personal and financial security, check out this site:
http://www.gangland.net/russianmafia.htm
WebAttacker Unseats WMF as Most Popular Exploit
http://www.eweek.com/article2/0,1895,1987275,00.asp By Matt Hines July
11, 2006
“Thompson said that Russia will continue to serve as a hotbed for new
exploit activity based on the inability of local law enforcers to crack
down on the malware writers.
Russian attackers are also stipulating that individuals buying their code
promise not to launch attacks on companies or other users in the country
for fear of drawing increased scrutiny.
"It's debatable just how much the government there is doing to try and
stop these guys, and as long as they stay out of Russian companies there
probably won't be a lot of motivation to do so," Thompson said.
"As long as this current situation is allowed to continue, I think it's
safe to say that Russia will remain a big part of the attacks."
Return of the Web Mob
April 10, 2006 By Ryan Naraine
http://www.eweek.com/article2/0,1895,1947561,00.asp
Ken Dunham, you could say, spends his life peeking
at the bowels of the Internet. As director of the Rapid Response Team at
VeriSign-owned iDefense, of Dulles, Va., Dunham and his team of malware
hunters infiltrate black hat hacker forums, chat rooms and newsgroups,
posing as online criminals to gather intelligence on the dramatic rise in
rootkits, Trojans and botnets.
Based on all the evidence gathered over the last two years, Dunham is
convinced that groups of well-organized mobsters have taken control of a
global billion-dollar crime network powered by skillful hackers and money
mules targeting known software security weaknesses.
"There's a well-developed criminal underground market that's connected to
the mafia in Russia and Web gangs and loosely affiliated mob groups around
the world. They're all involved in this explosion of phishing and online
crime activity," Dunham said in an interview with eWEEK.
Just two years after the Secret Service claimed a major success with
"Operation Firewall," an undercover investigation that led to the arrest
of 28 suspects accused of identity theft, computer fraud, credit card
fraud and money laundering, security researchers say the mobsters are
back, with a level of sophistication and brazenness that is "frightening
and surreal."
"They never really went away," Dunham said. "They scurried away for a few
months and tightened their security controls. It became harder to get on
their lists and into their chat rooms."
Not these days. A law enforcement official familiar with several ongoing
investigations showed eWEEK screenshots of active Web sites hawking credit
card numbers, Social Security numbers, PayPal and eBay credentials, and
bank login data by the bulk.
"They're very public about all this, especially on the Russian sites. It's
almost comical how open and barefaced they are," said the official, who
requested anonymity because of the sensitive nature of the ongoing probe.
Black hat hackers have set up e-commerce sites offering private exploits
capable of evading anti-virus scanners. An e-mail advertisement
intercepted by researchers contained an offer to infect computers for use
in botnets at $25 per 10,000 hijacked PCs.
Skilled hackers in Eastern Europe, Asia and Latin America are selling
zero-day exploits on Internet forums where moderators even test the
validity of the code against anti-virus software.
"I saw one case where an undetectable Trojan was offered for sale and the
buyers were debating whether it was worth the price. They were doing
competitive testing to ensure it actually worked as advertised," said Jim
Melnick, a member of Dunham's team.
"We even have proof of actual job listings on Russian-language sites
offering lucrative pay for coders who can create exploits and launch
denial-of-service attacks. We've seen evidence of skilled hackers stealing
corporate data on behalf of competitors. This isn't just about credit card
and bank information. It has all the elements on traditional mafia-type
crime," Melnick said.
Roger Thompson, a computer security pioneer who created the first
Australian anti-virus company in the late 1980s, is convinced the
secretive Russian mafia is masterminding the use of sophisticated rootkits
in botnet-seeding Trojans. "They are paying to recruit bright young
hackers and using teenage kids around the world to move money around.
They're into everything: spyware installations, denial-of-service
shakedowns, you name it. It's the traditional mafia finding it easy to
make money on the Internet," said Thompson, who now runs Exploit
Prevention Labs, in Atlanta.
Turf wars in the criminal underworld.
Yury Mashevsky, a virus analyst at Kaspersky Lab, said there is even
evidence of turf wars in the criminal underworld. "They use malicious
programs that destroy the software developed by rival groups and include
threats directed at each other, anti-virus vendors, police and law
enforcement agencies in their creations," Mashevsky said, in Woburn, Mass.
He has also seen fierce online confrontation in the battle to control the
resources of infected computers. In November 2005, Mashevsky discovered an
attempt to hijack a botnet. "[The] network of infected computers changed
hands three times in one day. Criminals have realized that it is much
simpler to obtain already-infected resources than to maintain their own
botnets, or to spend money on buying parts of botnets which are already in
use," he said.
On message boards and newsgroups where malicious code is put up for sale,
Mashevsky said flame wars and attacks against each other to steal virtual
property amounts to normal everyday activity.
Dunham, who frequently briefs upper levels of federal cyber-security
authorities on emerging threats, said there have been cases in Russia
where mafia-style physical torture has been used to recruit hackers. "If
you become a known hacker and you start to cut into their profits, they'll
come to your house, take you away and beat you to a pulp until you back
off or join them. There have been documented cases of this," Dunham said.
One key aspect of Web mob activity that flies under the radar is use of
"money mules," or individuals who help to launder and transfer money from
hijacked online bank accounts. On career Web sites such as Monster.com, a
job listing for a "private financial receiver," "shipping manager," or
"country representative" invariable is an active attempt to recruit people
around the world to withdraw funds and deliver it to crime bosses,
according to a detailed research report by iDefense on the so-called money
mules. Money is transferred into the mule's account, withdrawn as cash and
then wired to an offshore account. "We've only scratched the surface of
what's going on in the underworld. It's like the iceberg that took down
the Titanic. No one knew how big and dangerous it was," Dunham said.
He cited the recent discovery of MetaFisher, also known as SpyAgent, a
Trojan connected to a Web-based command and control interface that
highlighted just how advanced the attackers have become. "In just a few
weeks, MetaFisher spread to thousands of computers. We found conclusively
that these attacks were going on undetected for more than a year. Can you
imagine the amount of data that has already been stolen? It's
unimaginable," Dunham said.
Eric Sites, vice president of R&D Sunbelt Software, in Clearwater, Fla.,
showed eWEEK screenshots of the Web interface that showed specific
targeted phishing attacks against European banks and keeps detailed
statistics on actual bot infections around the world. The interface also
can be used to add exploits, keep track of anti-virus signature
definitions and keep track of callback from injected machines.
"This isn't the work of the guy in the basement. This is organized and
simplified to make it super easy to control all those bot drones," Sites
said.
Hackers, Extortion Threats Shut Down Game Site
By Ryan Naraine December 16, 2005
http://www.eweek.com/article2/0,1895,1903020,00.asp
White Wolf Publishing Inc., a company responsible
for some of the most popular role-playing game brands, has shut down
operations after international hackers exploited a software flaw and stole
user data that included user names, e-mail addresses and encrypted
passwords.
Following the breach, the company, based in Stone Mountain, Ga., said the
hackers attempted to extort money by threatening to post the potentially
sensitive user data on the Internet.
"We have no intention of paying this money, and are in contact with the
FBI in an attempt to bring these criminals to justice," White Wolf said in
a notice posted online.
"As far as we can ascertain, they were unable to access any credit card
data (nor have they claimed they did). However, it is possible for the
encrypted passwords they accessed to be decrypted given enough time," the
company said.
White Wolf recommended that users and fans that may have used the same
user name and password for other Internet services change those passwords
immediately.
Although Web site breaches and data theft are commonplace, security
researchers say the brazen extortion attempt against White Wolf confirms
earlier fears that attacks against small businesses sites are being done
by well-organized international crime groups.
"This started early in 2004 when the botnet owners used mostly
denial-of-service attacks to extort money from banks and ISPs. We used to
think of those as experimental attacks, but it's become much more brazen
and organized today," said John Pescatore, research director for Internet
Security at Gartner Inc.
"From the experimenting stage, it moved to vandalism, and we had all these
defacement attacks. After that, it became politically motivated and we
kind of expected the next phase to be cyber-crime. That's the stage we're
in today with these kinds of extortion attacks," Pescatore said in an
interview.
He said the White Wolf breach was a classic example of hackers targeting
small businesses in extortion schemes.
"They are picking on the smaller businesses that are less likely to defend
themselves. Once the banks started paying for distributed
denial-of-service protection, the small businesses became a prime target,"
he said.
Pescatore said pornography and online gambling sites are perennial targets
for denial-of-service extortion schemes and pointed out that companies
like Prolexic Technologies Inc. have found a lucrative niche in providing
DDoS mitigation services.
Andrew Jaquith, senior analyst with Yankee Group Research Inc., said the
White Wolf situation is "the equivalent of guys with ski masks running
around breaking knees."
"We haven't seen evidence that this is a widespread phenomenon, but
there's enough chatter in the security underground that the risk of this
happening to any small business is very real," Jaquith said.
He said smaller companies that cannot afford to budget for DDoS mitigation
technology should consider perimeter defense from a managed services
provider.
"It's hard to defend against something that's already stolen. Once the
data is gone, like in White Wolf's case, you're basically at the mercy of
the attacker."
"If there's one thing the last 18 months have shown us with botnets and
pervasive malware is that hackers will take advantage of whatever angle
they think they'll get. If this is what works, we'll see more of it,"
Jaquith added.
Gartner's Pescatore said companies that collect sensitive data from
customers have a responsibility to find and patch software flaws that are
exploited by hackers.
Officials from White Wolf did not respond to requests for comment. On
message boards dedicated to role playing games, fans of the site said the
breach likely occurred via flaws in the PHPBB software used by White Wolf.
The PHPBB Web forum software has been the target of attacks by an Internet
worm known as Net-Worm.Perl.Santy.A or Santy. The worm uses Google search
to randomly find sites running PHPBB and overwrites several different
files to deface the forums.
"Most of these data breaches occur because companies leave gaping holes
unpatched," Pescatore said. "These businesses need to start using
vulnerability management and intrusion-detection software, preferably from
a managed services provider. They should also be encrypting stored data to
provide added protection [for users]."
FBI: Hackers Must Help Fight Web Mob
By Ryan Naraine August 2, 2006
http://www.eweek.com/article2/0,1895,1998034,00.asp
LAS VEGAS—The FBI's point man for Internet crime
wants hackers to join the fight against international gangs of Web
mobsters.
Larkin's presentation, which centered on the sharing of cyber-crime "war
stories," included an inside peek of the way the FBI tracks the morphing
of spam, phishing and malware attacks.
"The nature of the threat is complex and more sophisticated. They're not
just script kiddies anymore. It's highly organized crime networks, with
roots in Eastern Europe," Larkin said.
He said the crime networks are comprised of "specialist cells" handling
specific functions of the attacks. One cell might deal only with ways to
get spam e-mails around filters while another cell within the network work
on creating malware to exploit high-profile security vulnerabilities.
Larkin confirmed that the Web mob activity also included a human element
in the United States that is used as money mules to re-ship goods
overseas.
He said online merchants have blocked shipments to suspicious destinations
in West Africa, only to find that U.S. re-shippers were involved in the
bogus transactions.
Now, he said the FBI is working with online job sites like Monster.com and
CareerBuilder to quickly identify potential scam listings.
Larkin also warned that online criminals have "adjusted their operations"
to use new forms of social engineering, including telemarketing and the
use of penny stock scams driven by spam e-mail.
"Whatever is the hot story of the day, it will be in a cyber exploit
tomorrow," he warned, noting that phishing attacks during the Hurricane
Katrina devastation escalated to the point where 5,000 potential scam
domains were registered a full two days before the storm made landfall.
Social Engineering Attacks:
From interview with Kevin Mitnick: The great pretender
By Tom Espiner, ZDNet UK, June 15, 2006
http://www.zdnetindia.com/insight/security/stories/149826.html
What are some of the give-away signs to look for in
a potential social engineering attack? Mostly it’s gut instinct:
• If something doesn't look or feel right.
• If someone is calling on the telephone, but they refuse to give any
contact information ? that's a red flag.
• If they make a request that's out of the ordinary ? that's a red flag.
• If they make a request for something sensitive ? that's when
verification is necessary, depending on company policy."
• If somebody is flattering you, they might be trying to influence you to
cooperate.
• Or, they might use an authority ruse ? they pretend to have a higher
status than you to force information from you.
Spyware, Bots, Rootkits Flooding Through Unpatched IE Hole
By Ryan Naraine September 19, 2006
http://www.eweek.com/article2/0,1895,2017620,00.asp
The newest zero-day flaw in the Microsoft Windows
implementation of the Vector Markup Language is being used to flood
infected machines with a massive collection of bots, Trojan downloaders,
spyware and rootkits.
Less than 24 hours after researchers at Sunbelt Software discovered an
active malware attack against fully patched versions of Windows, virus
hunters say the Web-based exploits are serving up botnet-building Trojans
and installations of ad-serving spyware.
"This is a massive malware run," says Roger Thompson, chief technical
officer at Atlanta-based Exploit Prevention Labs. In an interview with
eWEEK, Thompson confirmed the drive-by attacks are hosing infected
machines with browser tool bars and spyware programs with stealth rootkit
capabilities.
The laundry list of malware programs seeded on Russian porn sites also
includes a dangerous keystroke logger capable of stealing data from
computers and a banker Trojan that specifically hijacks log-in information
from financial Web sites.
According to Sunbelt Software researcher Eric Sites, the list of malware
programs includes VirtuMonde, an ad-serving program that triggers pop-ups
from Internet Explorer; Claria.GAIN.CommonElements, an adware utility;
AvenueMedia.InternetOptimizer; and several browser plug-ins and tool bars
and variants of the virulent Spybot worm.
eWEEK has confirmed the flaw—and zero-day attacks—on a fully patched
version of Windows XP SP2 running IE 6.0. There are at least three sites
hosting the malicious executables, which are being served up on a
rotational basis.
In some cases, a visit to the site turns up an error message that reads
simply: "Err: this user is already attacked."
The attack is closely linked to the WebAttacker do-it-yourself spyware
installation tool kit. On one of the maliciously rigged Web sites, the
attack code even goes as far as referencing the way Microsoft identifies
its security patches, confirming fears that a well-organized crime ring is
behind the attacks.
The URL that's serving up the exploit includes the following:
"MS06-XMLNS&SP2," a clear reference to the fact that the flaw is a
zero-day that will trigger a quick patch from Microsoft.
A Microsoft spokesman said the company is aware of the public release of
detailed exploit code that could be used to exploit this vulnerability.
"Based on our investigation, this exploit code could allow an attacker to
execute arbitrary code on the user's system. Microsoft is aware of limited
attacks that attempt to exploit the vulnerability," the spokesman said in
a statement sent to eWEEK.
The company plans to ship an IE patch as part of its October batch of
updates due Oct. 10. An emergency, out-of-cycle patch could be released if
the attacks escalate.
Microsoft has added signature-based detection to its Windows OneCare
anti-virus product. A formal security advisory with pre-patch workarounds
will be posted within the next 24 hours.
=========================================
So I assume now that the web sites providing the most free porn are
suspect to be mafia sponsored - and probably they seed lots of references
around the internet pointing to this free porn on these target sites.
Dangerous indeed!
=========================================
|
