Cyberwars: The Month of Cyberattacks

hackers_securityThe month of August has been a busy time for online security specialists, due to numerous cyberattacks being reported close to each other. First came word that supermarket chain Supervalu had been hacked, followed by news of security breaches at a largest American medical group, the Nuclear Regulatory Commission and then the UPS Store. In all cases, the intrusions led to the theft of millions of users’ personal data.

The worst of the lot appears to have been the massive cyberattack on Community Health Systems, one of the largest hospital chains in the US that oversees 206 hospitals in 29 states. According to the company, the intrusion led to stolen Social Security numbers, patient names, addresses, birth dates and telephone numbers of some 4.5 million patients. And as usual, the attack is believed to have had the backing of a foreign government.

https://i2.wp.com/www.chs.net/wp-content/uploads/2013/12/hma-map.pngThis is the largest known attack to involve hospital patient information since the US government began tracking these types of data breaches in 2009. According to Elysium Digital data security expert Joseph Calandrino:

One possible goal of this attack is to facilitate future targeted attacks. The type of data that was stolen from the hospital system is often used to verify a person’s identify. The exposure of this data creates a risk that the hackers could leverage it to gain access to other accounts and information.

As is so often the case these days, it is believed the cyberattack originated in China. Security firm Mandiant, which investigated the breach in April and June, said the hackers belong to a group that targets crucial infrastructure, such as defense, engineering, financial services, and health care companies. It’s unclear if these hackers are affiliated with the Chinese government.

Unit-61398-Chinese-Army-Hacking-Jobs-With-Great-BenefitsVarious security experts have long accused China of waging a cyberwar on US government and private company websites. For example, a report that was released by Mandiant back in 2013 linked Unit 61398 of the China’s People’s Liberation Army to a large number of cyberattacks on US soil. However, the Chinese government has flatly denied that it is involved in cyber-espionage or hacking.

Community Health Systems has since reported that it stopped the cyberattack by removing the malicious software used by the hackers and is notifying its patients of the breach. It has also been reported that the hack may have been facilitated by the Heartbleed bug, a flaw in OpenSSL that hackers use to exploit to obtain encrypted data. The timing certainly seems apt, as the bug was revealed back in April and the attack took place between April and June.

nsasecurity_primary-100041064-largeHowever, this was were merely one of several breaches that took place over the past few months. In addition to the CHS, UPS, and numerous major outlets, cybersecurity firm Hold Security identified what was arguably the largest known data breach in history earlier this month. In this attack, the Russian cybergang Cybervor allegedly stole 1.2 billion username and password combinations and more than 500 million email addresses.

With these latest attacks, it appears that large-scale security breaches carried out by individual hackers and sponsored by nation-states is becoming the new normal. And as these kinds of attacks become more common, cybersecurity experts are concerned that people may suffer from “alert fatigue”, where they will basically cease caring about and not be aware of breaches that affect them.

RAND_hqIn addition, security experts would like people to keep in mind that there is a difference between a spike in activity and reporting on activity. Much like the problems of violence, teen sex and crime rates, there is likely a gap between an actual increase and the perception of one. As Lillian Ablon, a researcher for the RAND Corporation, explained:

Back during Operation Aurora [in 2009], when Google got hacked, Google coming out [in 2010] was a big step in the industry. Before that, companies didn’t really talk about being breached.

Legally, companies and government agencies are required to report security breaches to the public only when customer data is involved, and only in 47 states. Alabama, New Mexico, and South Dakota lack mandatory reporting laws, and few laws on the books extract penalties when a breach occurs. Still, whatever the magnitude of the number of security breaches, it’s also true that we are living in an increasingly uncertain world when it comes to keeping our data safe.

internetNaturally, public vigilance is a good policy, but its not exactly a solution. When the hacks at the Nuclear Regulatory Commission, the Community Health Systems, the Cybervor attack, and hack of the DHS, the attacks were suspected of coming from abroad. More and more, attacks are being staged from a location that is far removed from the source, and backed by third parties who are likely unknown.

Security experts believe that the eventual solution will require businesses to rethink how they operate, putting a much bigger emphasis on security. But the consequences of that could have global economic implications, if better security hurts competitiveness. In the short term, it means that customers who do business with companies that suffer security breaches will need to be that much more vigilant.

That means not reusing passwords for multiple accounts, using two-factor authentication when available, and keeping a close eye on bank statements and credit card activity. And as for the breaches themselves, there’s not much you can do except be prepared to hear about more of them, more often. For better or for worse, it is the age we live in, where big data means big data intrusion!

Sources: cnet.com, (2), (3)

Hacker Wars: The Invasion Continues!

cyber-war-1024x843State-sponsored hacking has been a major concern lately. From Russia’s “Red October” virus, which spied on embassies and diplomats in multiple countries, to China’s ongoing intrusion into government and corporate databases in the US, it seems as though private hackers are no longer the only ones we need to worry about.

The latest incident in this invasion of privacy and airing of personal information comes again from Russia, where a mysterious website has been posting personal information about some rather high-profile American figures. These include First Lady Michelle Obama, Vice-President Joe Biden, Jay-Z, Britney Spears, U.S. Attorney General Eric Holder, Sarah Palin, Arnold Schwarzenegger, and the head of the FBI.

michelle-obama_fullIn addition to taunting messages and unflattering pictures, the site includes Social Security numbers, credit reports, addresses and phone numbers. No reasons are listed on the site as to why these particular people were selected, but it seems clear at this point that they were chosen due to their high-profile nature and/or positions of importance within the US government. As of last Tuesday, both the FBI and Secret Service announced that they were investigating the website.

Though it is not definitively clear where the hackers are operating from, all indications point to Russia. The first clue came when it was revealed that site bore the internet suffix originally assigned to the Soviet Union (.su), a practice which is not uncommon with Russian hackers these days. In addition, it is also connected to a Twitter account, which carried an an anti-police message posted in Russian.

hackers_securityAt the moment, neither the White House or the Secret Service is offering assessments or comments on the matter. But some thoughts have been offered by Los Angeles Police Commander Andrew Smith, who spoke on behalf of Chief Charlie Beck, who’s information was also posted. According to Beck, this is not the first time that top police officials have had their private information posted online:

“People get mad at us, go on the Internet and try to find information about us, and post it all on one site. The best word I can use to describe it is creepy. It’s a creepy thing to do.”

Frank Preciado, assistant officer in charge of the LAPDs online division, added that the information on the police chief was likely taken from what is supposed to be a secure database of city employees. And it might just offer some insight into this latest, sweeping act of inforpiracy. When all is said and done, it appears that this may simply be a case of a small but qualified group of misfits engaging in public mischief.

internetHowever, of greater concern is the fact that with this latest act of high-profile hacking, a trend that citizens were forewarned might be coming true. In December of 2012, internet security company McAfee warned of an impending attack by Russian hackers against American banks. Dubbed “Project Blitzkrieg”, the threat of the attack surfaced on a Russian hacking forum in the previous September, and McAfee was quick to advised that it was a credible one.

As of December 2012, Russian hackers had effectively infected 500 databases in the US with the promise of more to come. The cybercriminal known as vorVzakone – whose name means ‘thief in law’ – was identified as the head of the operation, whose plans called for the release of a Trojan horse virus that would allow him and his accomplices to seize control of banks’ computers to steal information and money.

cold_war

Clearly, all of these incidents amount to a major public concern. But of greater concern to me is the fact the lines being drawn in this new era of cyber-warfare are eerily familiar. Not long ago, China and Russia were locked in an ongoing feud with the US and its allies, a war fueled by ideology but based on the cultivation of technology and espionage networks.

Granted, only China’s case of cyberwarfare against the US appears to be government-backed. But between the “Red October” virus,  “Project Blitzkrieg”, and the fact that Russian hackers are in the habit of using a Soviet-era suffix to designate their activities, it seems that Russia is fertile ground for a renewed standoff with the West as well. And given that the targets have been western governments and financial institutions, would it be so farfetched to assume the government might be marginally involved?

The means may have changed, but the overall purpose remains the same. Infiltrate, destabilize, and steal information from the enemy. Are we looking at a renewed Cold War, or just the last gasps of an ideological confrontation that was supposed to have died years ago? Only time will tell…

Sources: cbc.ca, dailymail.co.uk

Cyberwarfare: Not Just for Anarchists Anymore!

Hack the Planet by von Shin Kurohoshi
Hack the Planet by von Shin Kurohoshi

For those deeply concerned about internet security and privacy, the year of 2013 certainly opened with a bang. First, there was the news that a cyberspy ring – apparently operating out of Russia – had been spying on embassies, governments and research institutions around the world for the past five years using a virus dubbed “Red October”. This was back in January, when the Moscow-based antivirus firm known as Kaspersky Lab announced the discovery of the international intrigue.

Then, on Jan. 30th, the New York Times announced that they too have been the target of hackers, this time from China. In a statement released by the newspaper, the company claimed that Chinese hackers have been persistently attacking their publication for the last four months, infiltrating its computer systems and getting passwords for its reporters and other employees.

Jin_jiaboaThe timing of the attacks coincided with a Times investigation, published online on Oct. 25, that found that the relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings. The hackers tried to cloak the source of the attacks on The Times by first penetrating computers at United States universities and routing the attacks through them.

With the help of  Mandiant, the internet security company hired by The Times, they were able track the intruders, study their movements and help erect better defenses to block them. In the end, The Times reported that they had successfully expelled the attackers and kept them from breaking back in. However, the fact these hackers were able to infiltrate the network of a private news organization in the first place was much cause for worry.

Cyber-WarFor one, this is not the first time that hackers, originating in China, have used these sort of subterfuge tactics to hack US databases. According to experts at Mandiant, their company has tracked many such intrusions back to the Chinese mainland, all of which used the same approach of cloaking their efforts using US servers. In addition, this incident, which smacked of state-involvement, did not occurr in a vacuum.

Back in 2008, internet security experts indicated that Chinese hackers had begun targeting Western journalists as part of a wider campaign to identify and intimidate their sources and contacts, and to anticipate stories that might damage the reputations of Chinese leaders. The purpose behind this far-reaching and growing spy campaign aimed at corporations, government agencies, activist groups and media organizations inside the US seemed to be for the purpose of controlling China’s public image, domestically and abroad, as well as stealing trade secrets.

cyber-war-1024x843But of course, China is hardly alone in these sorts of covert cyber-warfare. As already mentioned, Russia has already shown signs of developing cyber weapons to assist in spying abroad, and there’s mounting evidence that Israel, Iran and the US are on board too. Starting in 2008, Iran’s main nuclear enrichment plant was hit by a sophisticated computer worm that caused damage to it, thus putting a crink in their efforts to become a nuclear power.

While no one took responsibility for this incident, the evidence seemed to indicate that the worm originated from sources within Israel and the US. Attacks which took place later on American banks and oil companies within the US were believed to have been caused by Iran, in retaliation for the worm that hurt their main source of enriched uranium and a key component in their nuclear program.

anonymous_flagFor some time now, hacking federal databases has become something of a sport for various groups and causes who are seeking to reveal government secrets and expose their inner workings to public scrutiny. The “Hacktivist” group known as Anonymous is a perfect example, a group closely linked to Assange (of Wikileaks) who’s most recent infiltration of the Federal Reserve Bank made the news earlier this month as well.

But as I’m sure all will agree, it’s one thing when private citizen attack domestic and foreign databases, and quite another when nations attack each others. While cyber criminals may constitute a vague and slippery enemy, one which is much harder to identify and prosecute, nation-states constitute a far more frightening one. Not only are their resources far more vast, the consequences of battling them are far greater.

Knowing who your enemy is, and that they have nuclear capabilities and the ability to strike at you physically… Yes, I think that’s a much scarier prospect! While the old ways of plausible deniability and covert action may apply, no one likes the idea of subtle attacks which could escalate into a full-scale conflict. Even if it is waged entirely by computer, the effects are still likely to be felt!

Source: NYTimes.com, money.cnn.com