My apologies folks for my stingy presence in the ether as of late. Been busy with house-sitting, writing, and a slew of other distractions. But now that I’m home again at the tail end of summer vacay, you can expect to hear more from me before school starts. And there are a number of stories that I have backlogged over the past few weeks and wish to write about. Not the least of which was a series of developments in this ongoing feud we call cyberwarfare.
First up, there was the major cyberattack that occurred in early August against one of the Department of Homeland Security’s (DHS) biggest contractors. Known as the US Investigations Services – which performs government background checks – the breach involved the hacking of their computer systems, apparently for the sake of stealing personal information on a number of DHS employees.
As the US Investigations Services said on their website:
Experts who have reviewed the facts gathered to-date believe it has all the markings of a state-sponsored attack. We will support the authorities in the investigation and any prosecution of those determined to be responsible for this criminal attack.
The scope of the breach is unclear, but to be on the safe side, the DHS has temporarily suspended working with this contractor. What’s more, USIS indicated that the extent and nature of the hacking “has all the markings of a state-sponsored attack.” If true, this would be the latest in a long-series of suspected state-sponsored cyberattacks that have targeted US government services and employees.
As recent as March of this year, officials within the US government claimed that hackers linked to the Chinese military – the infamous PLA Unit 61398 – had infiltrated government servers in an attempt to steal information on thousands of federal employees with top-secret clearance. This was just the latest round in an ongoing game of blame and counter-blame, with the US and Chinese governments discovering breaches and pointing the finger at each other.
Meanwhile, the DHS and FBI are busily trying to determine what information may have been compromised and who, amongst its many employees, could have been effected. As DHS spokesman Peter Boogaard said in a recent interview with the Washington Post:
Our forensic analysis has concluded that some DHS personnel may have been affected, and DHS has notified its entire workforce. We are committed to ensuring our employees’ privacy and are taking steps to protect it.
On their own, cyber-intrusions and data breaches have a way of making people nervous. But when the combatants are major governments, and the victims number in the thousands, its an especially disconcerting situation. Add to that the fact that the victims are the very people responsible for ensuring the protection of citizens, and you have a trifecta of concern. Alas, this was not the only time this sort of thing took place during the month of August…
In what is being labelled as the biggest “the largest data breach known to date”, the Russian criminal hacker organization known as Cybervor committed a cyberattack that covers an enormous number of records. According to the New York Times report, these include some 1.2 billion username and password combinations, anf 542 million unique email accounts lifted from 420,000 compromised domains.
In the latest development, Hold Security’s Deep Web Monitoring practice in conjunction with our Credential Integrity Services discovered what could be arguably the largest data breach known to date.
And while the numbers alone make this sound like a very scary development, the security experts who gathered in Las Vegas for the annual Black Hat hacker conference earlier this month went on record to say that there was little cause for concern. Their advice, put simply, was “don’t panic”. Or, as CrowdStrike president and chief security officer Shawn Henry put it, “There’s nothing to see here, move along.”
A former executive assistant director of the Federal Bureau of Investigation with extensive experience in the world of cyberattacks and geopolitics, Henry added that he was surprised that people were shocked by the news. Apparently, the breach does not represents a single, concerted attack, but rather an “aggregate of lots of breaches, an example of fragility of the online world in which we operate.”
In that respect, Henry does have a point. As recent revelations about the OpenSSL bug (aka. Heartbleed) and the NIST SP800-90 Dual Ec Prng cryptographic program showed, internet security protocols and encryption codes are often vulnerable due to the fact that they have “backdoors” and flaws that can be exploited by those with the right kind of knowledge.
Research analyst Andrew Conway, who works for the Web and messaging security analysis firm CloudMark, also expressed skepticism at the perceived severity of the report. As he put it:
My take is that everything in the story is true. It was presented in the most alarmist possible way. The big misconception is comparing this with something like the Target breach. There’s no evidence that any financial data was involved.
A bigger concern to Conway is that SQL injection attacks are still being used at all. SQL injection attacks occur when a short, malicious script is inserted into a database that feeds information to the Web site. And these are one of the easiest coding vulnerabilities to fix, which leads many to conclude that website and domain owners are being far too lax when it comes to security practices.
Interestingly enough, there has also been speculation that this data heist is somehow connected to the ongoing conflict between Russia and the Ukraine. This remains unconfirmed, however, on-the-ground conflicts have been known to contribute to cyberattacks because law enforcement agencies – the traditional enforcers of anti-cybercrime law – are often reluctant to get involved when there are armies involved.
CrowdStrike’s Shawn Henry said that these kinds of cyberattacks, whether simple SQL injections or more advanced attacks, will continue until Russia starts taking cybercrime seriously:
If we had a host government, Russia in this case, that was actively and aggressively pursuing adversaries who are engaged in illegal activity, we’d be in a stronger place… This is not a US problem, this is a global problem [that requires] economic, diplomatic, and civil actions. This is a long term problem with no short term solution.
In the meantime, the best advice is to change your passwords. In fact, until such time as the internet has a single security agency overseeing it, staffed by an international cadre of programmers and cryptographers who are experts in their field, we might want to all consider doing that on a regular basis!