Hacker Wars: Hacker Breaches U.S. Army Database

Hackers-With-An-AgendaIt appears that the ongoing campaign of cyber warfare has claimed yet another victim, once again a government institution. In the latest in a long series of institutions and organizations plagued by cyber crime, the U.S. Army Corps of Engineers announced that back in January, a hacker compromised a U.S. Army database that holds sensitive information about vulnerabilities in U.S. dams.

The database in question was the U.S. Army Corps of Engineers’ National Inventory of Dams, a source that contains information about 79,000 dams throughout the US and tracks such information as the number of estimated deaths that could occur if a specific dam failed. It’s accessible to government employees who have accounts, and non-government users can query the database, but are not permitted to download data from it.

hacker_damThe breach was first reported by Free Beacon, a non-profit online publication, and has since been confirmed by the Army Corps of Engineers. Pete Pierce, a spokesman for the ACE, released a statement, saying that:

The U.S. Army Corps of Engineers is aware that access to the National Inventory of Dams (NID), to include sensitive fields of information not generally available to the public, was given to an unauthorized individual in January 2013 who was subsequently determined to not to have proper level of access for the information. [U.S. Army Corps of Engineers] immediately revoked this user’s access to the database upon learning that the individual was not, in fact, authorized full access to the NID.

The Corps of Engineers further indicated on their website that account usernames and passwords had since changed “to be compliant with recent security policy changes.”

Unnamed U.S. officials told the Free Beacon that the breach was traced to “the Chinese government or military cyber warriors,” but offered no information to support the claim. It is well known by intrusion specialists that hackers can use proxy servers or hijacked computers to conduct a breach and make it look as if the source was a specific country or individual.

hackers_securityMichelle Van Cleave, a former senior adviser to the Executive Agent for Homeland Security and Department of Defense and a former consultant to the CIA, went on record as saying that the breach appeared to be part of an effort to collect “vulnerability and targeting data” for future cyber or military attacks, though she didn’t say how she came to this conclusion.

If the intrusion was the work of the Chinese military, then it’s possible this was nothing more than a fact-finding mission on their part, designed to gather information on America’s infrastructure and hydroelectric facilities. The far worse possibility was that this was the result of private hackers, who sought to obtain information about US dams are part of a planned attack, looking to see which dam would cause the most harm if it were disabled by a physical or cyber-attack.

Whether it was the result of government-sponsored hackers, private hackers, or potential terrorists, it is clear that in the wake of the recent intrusions into US government databases, and the recent bombing in Boston, that security forces in the US will be on the lookout for similar breaches. In an age of electronic warfare, the best defense is not a good offense, but the ability to identity enemies and deploy countermeasures.

Source: Wired.com

Cyberwars: The Biggest Cyber Attack in History?

cyber_virusIt’s been declared: the largest cyber attack in the history of the internet is happening right now. But you can forget about the US and China, this one is going on between private organizations, both of whom . In short, the fight comes down to Cyberbunker – a decommissioned NATO bunker located just outside of Kloetinge in the Netherlands – and a non-profit anti-spam organization named Spamhaus.

But first, a little background information is required for those of us not well-versed in the comings and goings of cyberwarfare (I include myself in this mix). Cyberbunker, as its name suggests, is an internet service provider and data haven that hosts websites and data stores for various companies. Founded in 1998, it began with the mission of hosting companies and protecting their data-assets from intrusion and attack.

cyberbunkerSpamhaus, on the other hand, is a non-profit that tracks internet addresses that are sources of email spam, and adds their addresses to a blacklist. Companies that use this blacklist—which include pretty much every email provider and most internet service providers on the planet—automatically block those addresses. Hence, to be blacklisted by this organization is to have your bottom line seriously effected.

The conflict between these two belligerents began in 2011, when Spamhaus began targeting Cyberbunker through one of its clients – and internet service provider named A2B. At the time, Spamhaus was trying to convince said provider that Cyberbunker was a haven for spam email, which led A2B to drop them as a client. Shortly thereafter, Cyberbunker moved onto a new internet service provider, leaving Spamhaus free to blacklist them directly.

Spamhaus attack … did it affect you?When they did, Cyberbunker responded in a way that seemed to suggest they wanted to live up to the reputation Spamhaus was bestowing on them. This involved massive retaliation by launching a cyberattack of some 300 billion bits of data per second, designed to clog Spamhaus’s connection to the internet and shut down their infrastructure.

Might sound like a tiff between two internet companies and nothing more. But in truth, this attack was so big that it began affecting service for regular people like you and me who happen to rely on some of the internet connections the attack is commandeering. In short, millions were effected by this “largest attack in internet history”, as their internet slowed down and even shorted out. Some even went as far as to say that it “almost broke the internet”.

internetBut for many others, this attack went unnoticed. In fact, according to an article by Gizmodo, most people were relatively unaffected. While some companies, like Netlix, reported sluggish streaming, they did not go down, mega net-enterprises such as Amazon reported nothing unusual, and organizations that monitor the health of the web “showed zero evidence of this Dutch conflict spilling over into our online backyards”.

In short, the attack was a major one and it had a profound impact on those sites it was directed at, and the collateral damage was noticeable. But aside from that, nothing major happened and this tiff remains a war between an organization known for spamming and one known for targeting them. And it shows no signs of slowing down or stopping anytime soon.

computer-virus.istockAccording to Patrick Gilmore, chief architect at the internet hosting service Akamai who was interviewed by the New York Times, the bottom line for CyberBunker is that “they think they should be allowed to spam.” CyberBunker is explicit on its homepage that it will host anything but child pornography and “anything related to terrorism.”

So while this latest incident did not cause “Infopocalype”, it does raise some interest questions. For one, how hard is it to wage a full-scale cyberwarfare in this day and age? Apparently, it is rather easy to create massive networks of “zombie PCs and use them to carry out related attacks, not to mention cheap since the hardware and software is hardly sophisticated.

cyber-war-1024x843And as it stands, numerous groups, including military hackers, are engaged in a back and forth with government and industrial giants that involves stealing information and spying on their activities. If things were to escalate, would it not be very easy for hackers or national cyberwarfare rings – especially ones operating out of China, Israel, Iran, Russia or the US – to try and shut down their enemies infrastructure by launching terabytes of useless data at them?

Oh, I shudder to think! An entire nation brought to its heels by adds for Russian brides, discount watches and cheap Viagra! But for the moment, it seems this latest apocalyptic prediction has proven to be just as flaccid as the others. Oh well, another day, another dollar…

Sources: qz.com, gaurdian.co.uk, gizmodo.com

The Hacking Continues…

hackers-1Cyberwarfare has been making it into the news quite a bit of late. From the international cyber-spying virus known as “Red October”, to China’s hacking of the New York Times and Bloomberg L.P., to intrusions into major software companies and social utilities, it seems no one is immune or unassailable in the digital age. What’s more, there are indications that it is nation states that may be leading the charge.

The latest victim in the ongoing war was Microsoft, which recently admitted that it too has been targeted by hackers. The announcement came in the midst of such tech giants as Apple, Facebook, and Twitter reporting security breaches linked to a software developer’s website, which would apparently infect programmers’ computers after they visited the site.

hacker_@In a statement posted by general manager Matt Thomlinson, Microsoft experienced intrusions of a similar nature. Though they did not specify who these hackers were, Mike Isaac at AllThingsD recently identified the website in question as iPhoneDevSDK, a site popular with mobile-app developers. In response, iPhoneDevSDK recently told users that it discovered that an administrative account on its site had been hacked, which allowed hackers to inject infectious code into its Web pages.

Once again, there are many who suspect that these attacks are linked to sources in China. In recent years, the Chinese government has been indicted in several attacks on American media chains as well major companies, as part of a wider campaign to steal trade secrets and monitor and manipulate how China is portrayed in the news.

As it stands, it is not yet clear whether this represents a part of that campaign, or if private hackers are simply using extra-covert means to conduct a little anti-corporate mischief on the side. Personally, I hope it’s the latter, as the idea of nations inciting cyberwarfare against each other is not exactly the most comforting notion! But then again, knowing that they are spying on each other kind of gives those of us who are afraid of “Big Brother” a bit of a reprieve doesn’t it?

Source: businessinsider.com

Cyberwarfare: Not Just for Anarchists Anymore!

Hack the Planet by von Shin Kurohoshi
Hack the Planet by von Shin Kurohoshi

For those deeply concerned about internet security and privacy, the year of 2013 certainly opened with a bang. First, there was the news that a cyberspy ring – apparently operating out of Russia – had been spying on embassies, governments and research institutions around the world for the past five years using a virus dubbed “Red October”. This was back in January, when the Moscow-based antivirus firm known as Kaspersky Lab announced the discovery of the international intrigue.

Then, on Jan. 30th, the New York Times announced that they too have been the target of hackers, this time from China. In a statement released by the newspaper, the company claimed that Chinese hackers have been persistently attacking their publication for the last four months, infiltrating its computer systems and getting passwords for its reporters and other employees.

Jin_jiaboaThe timing of the attacks coincided with a Times investigation, published online on Oct. 25, that found that the relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings. The hackers tried to cloak the source of the attacks on The Times by first penetrating computers at United States universities and routing the attacks through them.

With the help of  Mandiant, the internet security company hired by The Times, they were able track the intruders, study their movements and help erect better defenses to block them. In the end, The Times reported that they had successfully expelled the attackers and kept them from breaking back in. However, the fact these hackers were able to infiltrate the network of a private news organization in the first place was much cause for worry.

Cyber-WarFor one, this is not the first time that hackers, originating in China, have used these sort of subterfuge tactics to hack US databases. According to experts at Mandiant, their company has tracked many such intrusions back to the Chinese mainland, all of which used the same approach of cloaking their efforts using US servers. In addition, this incident, which smacked of state-involvement, did not occurr in a vacuum.

Back in 2008, internet security experts indicated that Chinese hackers had begun targeting Western journalists as part of a wider campaign to identify and intimidate their sources and contacts, and to anticipate stories that might damage the reputations of Chinese leaders. The purpose behind this far-reaching and growing spy campaign aimed at corporations, government agencies, activist groups and media organizations inside the US seemed to be for the purpose of controlling China’s public image, domestically and abroad, as well as stealing trade secrets.

cyber-war-1024x843But of course, China is hardly alone in these sorts of covert cyber-warfare. As already mentioned, Russia has already shown signs of developing cyber weapons to assist in spying abroad, and there’s mounting evidence that Israel, Iran and the US are on board too. Starting in 2008, Iran’s main nuclear enrichment plant was hit by a sophisticated computer worm that caused damage to it, thus putting a crink in their efforts to become a nuclear power.

While no one took responsibility for this incident, the evidence seemed to indicate that the worm originated from sources within Israel and the US. Attacks which took place later on American banks and oil companies within the US were believed to have been caused by Iran, in retaliation for the worm that hurt their main source of enriched uranium and a key component in their nuclear program.

anonymous_flagFor some time now, hacking federal databases has become something of a sport for various groups and causes who are seeking to reveal government secrets and expose their inner workings to public scrutiny. The “Hacktivist” group known as Anonymous is a perfect example, a group closely linked to Assange (of Wikileaks) who’s most recent infiltration of the Federal Reserve Bank made the news earlier this month as well.

But as I’m sure all will agree, it’s one thing when private citizen attack domestic and foreign databases, and quite another when nations attack each others. While cyber criminals may constitute a vague and slippery enemy, one which is much harder to identify and prosecute, nation-states constitute a far more frightening one. Not only are their resources far more vast, the consequences of battling them are far greater.

Knowing who your enemy is, and that they have nuclear capabilities and the ability to strike at you physically… Yes, I think that’s a much scarier prospect! While the old ways of plausible deniability and covert action may apply, no one likes the idea of subtle attacks which could escalate into a full-scale conflict. Even if it is waged entirely by computer, the effects are still likely to be felt!

Source: NYTimes.com, money.cnn.com