“While it is true that Facebook has at least 60,000 servers, it is still possible to bring it down.”
These are the words of the anonymous voice that purports to represent Anonymous in a video posted to YouTube today.
“An online war has begun between Anonymous, the people, and the government of the United States,” the narrator begins. The reason: SOPA, PIPA and other perceived threats to Internet rights.
In order to bring down Facebook, the video asks for everyone who understands and supports Anonymous’ position to participate in this online protest. This is a protest that began over the last week, says the narrator, with attacks on the CBS.com, Warner Brothers, and FBI sites.
The narrator suggests that anyone who supports the cause download a program in order to participate in a Facebook attack.
Read more…
New documentary We Are Legion puts an actual human face on Anonymous, the hacktivist group whose members usually are seen wearing Guy Fawkes masks — if they are seen at all.
Considering Anonymous’ retaliatory acts against websites run by the Department of Justice and the entertainment industry just last week in response to the government takedown of file-sharing site Megaupload, We Are Legion: The Story of the Hacktivists could almost be mistaken for a 93-minute news segment.
But unlike most news segments about the group, the documentary contains genuine moments with actual Anons (some maintain their anonymity in the doc, but others don’t).
“The last two or three days we’ve seen a lot of what Anonymous does,” We Are Legion director Brian Knappenberger said in an interview with Wired.com here Saturday, the morning after the documentary’s premiere at the Slamdance Film Festival. “You know, there was a film about the Weather Underground that came out a few years ago, and that was made 30 years after they were blowing up buildings, and I love that film. But picture making a film like that while they were still blowing up buildings — that’s what I’m talking about.”
We Are Legion might be the first to portray the group’s members as true revolutionaries, and it could serve as a time capsule if the kind of online sit-ins and retaliatory strikes that Anonymous has helped create become the new model for civil disobedience across the globe.
Read more…
On Jan. 19, 2012, Business Week reported that a Chinese citizen in the U.S. since 2000 on a work visa had pilfered software code from our country’s Federal Reserve and now faces legal action in U.S. vs. Zhang.
Bo Zhang, 32, a computer programmer hired to work on the highly confidential source code last year, claimed he took the code in order to hedge his bets if he fired from the Fed job.
“He asserted that he took it for private use and in order to ensure that it was available to him in the event that he lost his job [with the New York Fed],” according to prosecutors in the case.
Espionage motivates code theft at the Federal Reserve?
In the spy world, infiltrating high levels of other governments and gaining access to key confidential data is job one. In a world in which economic upheavals are an everyday language and knowing your enemies financial structures and money movements is just as crucial.
Read more…
With attacks on data and IT infrastructure on the rise — along with the costs and potential business impact of attacks — security professionals are starting to express a sense of futility in their work.
This is especially so following the past couple of years, which have included high-profile and successful attacks on companies that would be expected to have the wherewithal to protect their infrastructure, including RSA Security, Google, NASDAQ Directors Desk, Symantec, and many others.
“There’s a sense that no matter what you do, what steps are taken, if someone wants to hack your systems, your data, they can,” says the security analyst at a midwest manufacturer. “It’s becoming insanely frustrating.”
The U.S. — in what some have argued is a move that both shows the importance of the IT infrastructure and the futility of traditional electronic defenses — last year stated that the government would use military force in retaliation against certain cyber attacks.
“Frustration in the industry has certainly been growing, so much that more on the defensive side have been wondering what could be done to more proactively combat attackers,” the analyst says.
Read more…
Anonymous has sure been quiet lately, but today’s federal bust of Megaupload riled ‘em up good: a retaliatory strike against DoJ.gov has left it completely dead.
DownForEveryoneOrJustMe.com is reporting the department’s site as universally nuked, and an Anonymous-affiliated Twitter account is boasting success. This is almost certainly the result of a quickly-assembled DDoS attack—and easily the widest in scope we’ve seen in some time. If you had any doubts Anonymous is still a hacker wrecking ball, doubt no more.
The combination of the hacking nebula’s SOPA animosity—they’ve been a vocal opponent of the bill since its inception—combined with today’s sudden Megaupload news has made the group bubble over: hundreds upon hundreds of Anon operatives are in a plotting frenzy, chatting about which site will go down next. In Anon’s eyes, the government and media interests are responsible for the undue destruction of Megaupload (and the arrest of four of its operators), so it’ll be exactly those entities that’re feeling the pain right now. Pretty much every company that makes movies, TV, or music, along with the entirety of the federal government, is in Anonymous’ crosshairs.
Read more and check for updates…
The year 2011 was one of the landmark years for high-profile cyber attacks. As the trend is said to continue in 2012 with more sophisticated and targeted attacks, security is a major concern for the IT users of all the segments from Home Users to SMB to Enterprise.
The year 2012 will build the foundation for India’s future IT-related crimes. Hactivism will gain momentum. Anonymous, which is mostly active in European Countries and the US, will be seen making active inroads into Asian Countries, especially in India in 2012. India will see a sharp rise in both money mules related activities and credit card-related crimes. As the list of petty criminals is huge in India, the activities of money mules will be outsourced to the country.
The number of data thefts has tripled in the past five years and the graph tends to rise with every passing year. Right from the Government, corporate, data centres and small to medium-sized companies, all have been targeted. With the introduction of IT consumerization, issues such as managing and supporting consumer devices and securing data from criminals, malware and other threats have emerged. Mobility in enterprise sector brings new challenges for managing data, as well as the wide range of devices in the network.
Social engineering attacks pose great risk to large amounts of valuable data that SMBs hold due to lack of data security budgets. Hence, the need to look beyond the basics of policy and procedure development to more advanced technologies such as network monitoring, data leakage prevention, and log file analysis arises. Social engineering tactics on social media that drive its users to disclose sensitive information and download malware are skyrocketing with its increasing popularity, especially amongst the SOHO users.
Read more…
A top federal prosecutor has a message for companies: If you’ve been hacked, tell us.
Speaking at a cyber security conference in New York on Thursday, Manhattan U.S. Attorney Preet Bharara said companies should trust in the discretion of prosecutors and the FBI and come forward with information about a security breach, rather than keep it an internal secret.
“When industry delays or minimizes, it is harder to assess vulnerabilities and harder to formulate solutions,” Bharara said. “When industry delays unduly in disclosing to us, or minimizes, it is that much harder to get the bad guy.”
Cyber security experts say that corporations rarely acknowledge breaches, and often keep them secret from law enforcement out of fear that news of a compromise will damage their reputation, hurt stock prices and possibly lead to further attacks.
Bharara addressed that fear, calling it unacceptable in the face of increasingly virulent cyber attacks.
Trying to maintain secrecy was “the equivalent of sticking one’s head in the sand,” Bharara said. “Get over it.”
Read more…
Each year, Security Director News takes time away from reporting the news and views of interest to the security professional, and reports on the security professionals themselves.
Our 20 Under 40 list, populated by security professionals under the age of 40, gives us the opportunity to reach out to our readers and ask them: Who are the young, up-and-coming security professionals being noticed? Who’s exhibiting the characteristics that will make a future leader of the profession?
We were thrilled to receive more than 100 nominations for this year’s list. Hard decisions were made, but we think we’ve highlighted 20 of the most distinguished security professionals in the business today who are under 40 years of age.
We have security professionals from such high-profile companies like Facebook, Chevron, FedEx Office, Ernst & Young, Thomson Reuters and Office Depot. We also have security professionals from the higher education (Georgetown University), healthcare (Alamance Regional Medical Center) and municipal (City of Toronto) sectors.
The list includes several former police officers, several ex-military personnel and a former FBI employee. However, the majority of the members on this list came up through the ranks of security professionals, from such humble beginnings as being a 17-year-old loss prevention associate at Kmart to having a summer job installing security camera systems. But through hard work, dedication, and a passion for the profession, these 20 individuals have risen up through the ranks and are being noticed. You may have heard of them. They sit on boards, chair committees, and champion causes. They may very well be the future leaders of the security profession.
Read more…
For several years, Japan has been developing a computer virus that can track, identify, and disable cyberthreats, according to a story in the Yomiuri Shimbun newspaper.
Fujitsu reportedly is working on the cyberweapon for Japan’s Defense Ministry under a 178.5 million yen ($2.32 million) project initiated in fiscal 2008 by the ministry’s Technical Research and Development Institute.
The system “can identify not only the immediate source of attack, but also all ‘springboard’ computers used to transmit the virus,” the Yomiuri reported, citing anonymous sources.
“Test runs in closed networks have helped the ministry to confirm the cyberweapon’s functionality and compile data on cyber-attack patterns.”
But whether Fujitsu’s “active defense” virus would work in the real world is a big question. Security experts have said it would rarely be effective due to the layered nature of server deployment. Furthermore, innocent third parties could be mistaken for the attackers.
Read more…
As we turn the page to 2012, it makes sense to sit back and take a look at what happened during the past twelve months in the IT Security world. If we were to summarize the year in one word, I think it would probably be “explosive.” The multitude of incidents, stories, facts, new trends and intriguing actors is so big that it makes it very hard to crack into top 10 of security stories of 2011. What I was aiming for with this list is to remember the stories that also indicate major trends or the emergence of major actors on the security scene. By looking at these stories, we can get an idea of what will happen in 2012.
1. The rise of Hacktivism
It’s difficult to imagine someone reading this list who has not yet heard of Anonymous, LulzSec or TeaMp0isoN. Throughout 2011, these groups, together with others were actively involved in various operations against law enforcement agencies, banks, governments, security companies or just major software vendors. Sometimes working together, in other cases, working against each other, these groups emerged as one of the main actors of 2011, through incidents such as security breaches of networks belonging to the United Nations, security intelligence firm Stratfor, FBI contractor IRC Federal, US Defense contractor ManTech or the CIA website. Interestingly, some of these incidents, such as the Stratfor hack revealed major security problems such as the storing of CVV numbers in unencrypted format, or extremely weak passwords used by the administrator.
Overall, the rise of hacktivism was one of the major trends of 2011 and no doubt, it will continue in 2012 with similar incidents.
2. The HBGary Federal hack
Although related to the first item on this list, I’d like to point this out as a separate story. In January 2011, hackers from the ‘Anonymous’ hacker collective broke into HBGary Federal’s webserver “hbgaryfederal.com” through an SQL injection attack. They were able to extract several MD5 hashes for passwords belonging to the company CEO, Aaron Barr and COO, Ted Vera. Unfortunately, both used passwords were very simple: six lowercase letters and two numbers. These passwords allowed the attackers to get access to the company’s research documents and tens of thousands of mails stored on Google Apps.
Read more…
Well, here we are, the start of 2012. If you’re like me, you’ve read a bunch of stories online about the top news stories, movies and books of 2011. But what about the top 10 cyber security stories of 2011? That’s what I am here for, to give you the rundown!
This is a very condensed version of an article that will appear in this month’s Virus Bulletin. To get the full details rather than my snippets here, you’ll need to refer to that.
Oh, yeah, in full disclosure, this is really the top 10 stories of January through the first half of November – in order to meet my editing deadline. Now without further ado, here they are.
1. Microsoft shuts down Rustock
For years, the spamming botnet with the biggest footprint was the Rustock botnet. Its characteristics were to “wake up” at a specific time each time day, send tons of spam messages, and go back to sleep. But on March 16, 2011, the US Department of Justice, working with Microsoft, Shadowserver, and some other partners obtained a court order to seize command-and-control servers that were responsible for running the Rustock botnet in the United States. Virtually overnight, spam from Rustock plummeted and has never recovered:
2. Spam volumes go way down
Starting in late 2010 and continuing throughout 2011, something odd happened: spam started to decline. And it didn’t just decline a little, it declined a lot:
What caused this steep decline? The answer: nobody knows for certain. But what we do know is this: the battle against spam isn’t over, it’s just shifted from one form to another.
Read more…
Cybercrime touched the lives of so many Americans in 2011 that it felt as pervasive as the common cold and as painful as the flu. According to a report by security giant Symantec, someone is a victim of a cybercrime 14 times every second. In the last year, over 430 million people have been the victims of cybercrime. All this information does not mean that we need to throw out all our fancy digital devices and gadgets. Instead, these staggering statistics mean that careful attention to cyber security is a necessary part of smart living.
But to understand how to be prepared, we need to look back at cybercrime in 2011.
More “Catchy” Viruses
Viruses and malware were the most common types of cybercrime last year. Viruses are usually transmitted through unsuspecting users who visit or download from corrupt sites and who open emails containing malicious software — or “malware.” In 2011, 54 percent of online adults experienced a virus or malware attack.
Many of the most potent viruses this year were transmitted via links to corrupted sites or email attachments, often hitting as a disguised news story.
•We’re used to getting emails about packages being delivered. This year, hackers exploited that comfort and sent out emails impersonating DHL that launched a virus into the user’s computer.
•A popular “news” scam was a report about Fidel Castro’s death that launched a virus.
•A faked video of the death of Osama bin Laden was another virus circulated this year.
•Lady Gaga’s Twitter account was hacked and attackers sent out a link to a site where users could get a free iPad 2. Users were directed to a corrupted website.
Read more…
