Cyberwars: The Month of Cyberattacks

hackers_securityThe month of August has been a busy time for online security specialists, due to numerous cyberattacks being reported close to each other. First came word that supermarket chain Supervalu had been hacked, followed by news of security breaches at a largest American medical group, the Nuclear Regulatory Commission and then the UPS Store. In all cases, the intrusions led to the theft of millions of users’ personal data.

The worst of the lot appears to have been the massive cyberattack on Community Health Systems, one of the largest hospital chains in the US that oversees 206 hospitals in 29 states. According to the company, the intrusion led to stolen Social Security numbers, patient names, addresses, birth dates and telephone numbers of some 4.5 million patients. And as usual, the attack is believed to have had the backing of a foreign government. is the largest known attack to involve hospital patient information since the US government began tracking these types of data breaches in 2009. According to Elysium Digital data security expert Joseph Calandrino:

One possible goal of this attack is to facilitate future targeted attacks. The type of data that was stolen from the hospital system is often used to verify a person’s identify. The exposure of this data creates a risk that the hackers could leverage it to gain access to other accounts and information.

As is so often the case these days, it is believed the cyberattack originated in China. Security firm Mandiant, which investigated the breach in April and June, said the hackers belong to a group that targets crucial infrastructure, such as defense, engineering, financial services, and health care companies. It’s unclear if these hackers are affiliated with the Chinese government.

Unit-61398-Chinese-Army-Hacking-Jobs-With-Great-BenefitsVarious security experts have long accused China of waging a cyberwar on US government and private company websites. For example, a report that was released by Mandiant back in 2013 linked Unit 61398 of the China’s People’s Liberation Army to a large number of cyberattacks on US soil. However, the Chinese government has flatly denied that it is involved in cyber-espionage or hacking.

Community Health Systems has since reported that it stopped the cyberattack by removing the malicious software used by the hackers and is notifying its patients of the breach. It has also been reported that the hack may have been facilitated by the Heartbleed bug, a flaw in OpenSSL that hackers use to exploit to obtain encrypted data. The timing certainly seems apt, as the bug was revealed back in April and the attack took place between April and June.

nsasecurity_primary-100041064-largeHowever, this was were merely one of several breaches that took place over the past few months. In addition to the CHS, UPS, and numerous major outlets, cybersecurity firm Hold Security identified what was arguably the largest known data breach in history earlier this month. In this attack, the Russian cybergang Cybervor allegedly stole 1.2 billion username and password combinations and more than 500 million email addresses.

With these latest attacks, it appears that large-scale security breaches carried out by individual hackers and sponsored by nation-states is becoming the new normal. And as these kinds of attacks become more common, cybersecurity experts are concerned that people may suffer from “alert fatigue”, where they will basically cease caring about and not be aware of breaches that affect them.

RAND_hqIn addition, security experts would like people to keep in mind that there is a difference between a spike in activity and reporting on activity. Much like the problems of violence, teen sex and crime rates, there is likely a gap between an actual increase and the perception of one. As Lillian Ablon, a researcher for the RAND Corporation, explained:

Back during Operation Aurora [in 2009], when Google got hacked, Google coming out [in 2010] was a big step in the industry. Before that, companies didn’t really talk about being breached.

Legally, companies and government agencies are required to report security breaches to the public only when customer data is involved, and only in 47 states. Alabama, New Mexico, and South Dakota lack mandatory reporting laws, and few laws on the books extract penalties when a breach occurs. Still, whatever the magnitude of the number of security breaches, it’s also true that we are living in an increasingly uncertain world when it comes to keeping our data safe.

internetNaturally, public vigilance is a good policy, but its not exactly a solution. When the hacks at the Nuclear Regulatory Commission, the Community Health Systems, the Cybervor attack, and hack of the DHS, the attacks were suspected of coming from abroad. More and more, attacks are being staged from a location that is far removed from the source, and backed by third parties who are likely unknown.

Security experts believe that the eventual solution will require businesses to rethink how they operate, putting a much bigger emphasis on security. But the consequences of that could have global economic implications, if better security hurts competitiveness. In the short term, it means that customers who do business with companies that suffer security breaches will need to be that much more vigilant.

That means not reusing passwords for multiple accounts, using two-factor authentication when available, and keeping a close eye on bank statements and credit card activity. And as for the breaches themselves, there’s not much you can do except be prepared to hear about more of them, more often. For better or for worse, it is the age we live in, where big data means big data intrusion!

Sources:, (2), (3)

Cyberwars: The Heartbleed Bug and Web Security

heartbleed-iconA little over two years ago, a tiny piece of code was introduced to the internet that contained a bug. This bug was known as Heartbleed, and in the two years it has taken for the world to recognize its existence, it has caused quite a few headaches. In addition to allowing cybercriminals to steal passwords and usernames from Yahoo, it has also allowed people to steal from online bank accounts, infiltrate governments institutions (such as Revenue Canada), and generally undermine confidence in the internet.

What’s more, in an age of cyberwarfare and domestic surveillance, its appearance would give conspiracy theorists a field day. And since it was first disclosed a month to the day ago, some rather interesting theories as to how the NSA and China have been exploiting this to spy on people have surfaced. But more on that later. First off, some explanation as to what Heartbleed is, where it came from, and how people can protect themselves from it, seems in order.

cyber_securityFirst off, Heartbleed is not a virus or a type of malware in the traditional sense, though it can be exploited by malware and cybercriminals to achieve similar results. Basically, it is a security bug or programming error in popular versions of OpenSSL, a software code that encrypts and protects the privacy of your password, banking information and any other sensitive data you provide in the course of checking your email or doing a little online banking.

Though it was only made public a month ago, the origins of the bug go back just over two years – to New Year’s Eve 2011, to be exact. It was at this time that Stephen Henson, one of the collaborators on the OpenSSL Project, received the code from Robin Seggelmann – a respected academic who’s an expert in internet protocols. Henson reviewed the code – an update for the OpenSSL internet security protocol — and by the time he and his colleagues were ringing in the New Year, he had added it to a software repository used by sites across the web.

Hackers-With-An-AgendaWhat’s interesting about the bug, which is named for the “heartbeat” part of the code that it affects, is that it is not a virus or piece of malware in the traditional sense. What it does is allow people the ability to read the memory of systems that are protected by the bug-affected code, which accounts for two-thirds of the internet. That way, cybercriminals can get the keys they need to decode and read the encrypted data they want.

The bug was independently discovered recently by Codenomicon – a Finnish web security firm – and Google Security researcher Neel Mehta. Since information about its discovery was disclosed on April 7th, 2014, The official name for the vulnerability is is estimated that some 17 percent (around half a million) of the Internet’s secure web servers that were certified by trusted authorities have been made vulnerable.

cyberwarfare1Several institutions have also come forward in that time to declare that they were subject to attack. For instance, The Canada Revenue Agency that they were accessed through the exploit of the bug during a 6-hour period on April 8th and reported the theft of Social Insurance Numbers belonging to 900 taxpayers. When the attack was discovered, the agency shut down its web site and extended the taxpayer filing deadline from April 30 to May 5.

The agency also said it would provide anyone affected with credit protection services at no cost, and it appears that the guilty parties were apprehended. This was announced on April 16, when the RCMP claimed that they had charged an engineering student in relation to the theft with “unauthorized use of a computer” and “mischief in relation to data”. In another incident, the UK parenting site Mumsnet had several user accounts hijacked, and its CEO was impersonated.

nsa_aerialAnother consequence of the bug is the impetus it has given to conspiracy theorists who believe it may be part of a government-sanctioned ploy. Given recent revelations about the NSA’s extensive efforts to eavesdrop on internet activity and engage in cyberwarfare, this is hardly a surprise. Nor would it be the first time, as anyone who recalls the case made for the NIST SP800-90 Dual Ec Prng program – a pseudorandom number generator is used extensively in cryptography – acting as a “backdoor” for the NSA to exploit.

In that, and this latest bout of speculation, it is believed that the vulnerability in the encryption itself may have been intentionally created to allow spy agencies to steal the private keys that vulnerable web sites use to encrypt your traffic to them. And cracking SSL to decrypt internet traffic has long been on the NSA’s wish list. Last September, the Guardian reported that the NSA and Britain’s GCHQ had “successfully cracked” much of the online encryption we rely on to secure email and other sensitive transactions and data.

Edward-Snowden-660x367According to documents the paper obtained from Snowden, GCHQ had specifically been working to develop ways into the encrypted traffic of Google, Yahoo, Facebook, and Hotmail to decrypt traffic in near-real time; and in 2010, there was documentation that suggested that they might have succeeded. Although this was two years before the Heartbleed vulnerability existed, it does serve to highlight the agency’s efforts to get at encrypted traffic.

For some time now, security experts have speculated about whether the NSA cracked SSL communications; and if so, how the agency might have accomplished the feat. But now, the existence of Heartbleed raises the possibility that in some cases, the NSA might not have needed to crack SSL at all. Instead, it’s possible the agency simply used the vulnerability to obtain the private keys of web-based companies to decrypt their traffic.

hackers_securityThough security vulnerabilities come and go, this one is deemed catastrophic because it’s at the core of SSL, the encryption protocol trusted by so many to protect their data. And beyond abuse by government sources, the bug is also worrisome because it could possibly be used by hackers to steal usernames and passwords for sensitive services like banking, ecommerce, and email. In short, it empowers individual troublemakers everywhere by ensuring that the locks on our information can be exploited by anyone who knows how to do it.

Matt Blaze, a cryptographer and computer security professor at the University of Pennsylvania, claims that “It really is the worst and most widespread vulnerability in SSL that has come out.” The Electronic Frontier Foundation, Ars Technica, and Bruce Schneier all deemed the Heartbleed bug “catastrophic”, and Forbes cybersecurity columnist Joseph Steinberg event went as far as to say that:

Some might argue that [Heartbleed] is the worst vulnerability found (at least in terms of its potential impact) since commercial traffic began to flow on the Internet.

opensslRegardless, Heartbleed does point to a much larger problem with the design of the internet. Some of its most important pieces are controlled by just a handful of people, many of whom aren’t paid well — or aren’t paid at all. In short, Heartbleed has shown that more oversight is needed to protect the internet’s underlying infrastructure. And the sad truth is that open source software — which underpins vast swathes of the net — has a serious sustainability problem.

Another problem is money, in that important projects just aren’t getting enough of it. Whereas well-known projects such as Linux, Mozilla, and the Apache web server enjoy hundreds of millions of dollars in annual funding, projects like the OpenSSL Software Foundation – which are forced to raise money for the project’s software development – have never raised more than $1 million in a year. To top it all off, there are issues when it comes to the open source ecosystem itself.

Cyber-WarTypically, projects start when developers need to fix a particular problem; and when they open source their solution, it’s instantly available to everyone. If the problem they address is common, the software can become wildly popular overnight. As a result, some projects never get the full attention from developers they deserve. Steve Marquess, one of the OpenSSL foundation’s partners, believes that part of the problem is that whereas people can see and touch their web browsers and Linux, they are out of touch with the cryptographic library.

In the end, the only real solutions is in informing the public. Since internet security affects us all, and the processes by which we secure our information is entrusted to too few hands, then the immediate solution is to widen the scope of inquiry and involvement. It also wouldn’t hurt to commit additional resources to the process of monitoring and securing the web, thereby ensuring that spy agencies and private individuals are not exercising too much or control over it, or able to do clandestine things with it.

In the meantime, the researchers from Codenomicon have set up a website with more detailed information. Click here to access it and see what you can do to protect yourself.

Sources:,, (2),

Crypto Wars: The Tech World vs. the NSA

cyber_securitySix years ago, something interesting took place at Microsoft’s Windows annual Crypto conference in Santa Barbara. In the course of the presentations, two members of the company’s security group (Dan Shumow and Niels Ferguson) gave a talk that dealt with internet security and the possibility that major systems could be hacked.

They called their presentation “On the Possibility of a Back Door in the NIST SP800-90 Dual Ec Prng”. That’s a name few people outside of the techy community would recognize, as it refers to a pseudorandom number generating program that is used extensively in cryptography. And thought the presentation was only nine slides and a few minutes long, they managed to capture the attention of the crowd with some rather stark observations.

cyber_security1Basically, they laid out a case showing that the new encryption standard, given a stamp of approval by the U.S. government, possessed a glaring weakness that made one of the program’s algorithms susceptible to cracking. But the weakness they described wasn’t just an average vulnerability, it had the kind of properties one would want if one were intentionally inserting a backdoor to make the algorithm susceptible to cracking by design.

At the time, no one thought much of it. But today, that’s all changed, thanks to Edward Snowden. Apparently, cryptographers and journalists are seeing a connection between the talk given by Shumow and Ferguson and the classified NSA documents Snowden leaked. Apparently, some of that information confirms that the weakness in the Dual_EC_DRBG algorithm might be indeed a backdoor.

nsa_aerialEarlier this month, an article appeared in the New York Times that implied that the backdoor was intentionally put there by the NSA as part of a $250-million, decade-long covert operation by the agency to weaken and undermine the integrity of a number of encryption systems used by millions of people around the world.

Naturally, these allegations not only stoked the fires over the NSA’s long history of spying on databases, both domestic and foreign, it has also raised questions over the integrity of the rather byzantine process that produces security standards in the first place. The National Institute of Standards and Technology (NIST) approved Dual_EC_DRBG and the standard, is now facing criticism alongside the NSA.

nist_aerialbigAnd while NIST has since been forced to re-open the program to examination and public discussion, security and crypto firms around the world are scrambling to unravel just how deeply the suspect algorithm infiltrated their code, if at all. Some even went so far as to publicly denounce it, such as corporate giant RSA Security.

But of course, a number of crypto experts have noted that the Times hasn’t released the memos that purport to prove the existence of a backdoor. What’s more, the paper’s direct quotes from the classified documents don’t mention a backdoor or efforts by the NSA to weaken it or the standard, only the efforts of the agency to push the standard through NIST’s committees for approval.

nsasecurity_primary-100041064-largeOne such person is Jon Callas, the CTO of Silent Circle – a company that offers encrypted phone communication. Having attended the Crypto conference in 2007 and heard the presentation by Shumow, he believes that the real problem may lie in the fact that the algorithm was poorly made:

If [the NSA] spent $250 million weakening the standard and this is the best that they could do, then we have nothing to fear from them. Because this was really ham-fisted. When you put on your conspiratorial hat about what the NSA would be doing, you would expect something more devious, Machiavellian … and this thing is just laughably bad. This is Boris and Natasha sort of stuff.

Sources at Microsoft agree. In addition to the presenters – who never mention the NSA in their presentation and went out of their way to avoid accusing NIST of any wrongdoing – a manager who spoke with WIRED on condition of anonymity believes the reporters at the Times saw the classified documents dealing with the program, read about the 2007 talk, and assumed their was a connection.

cryptographyBut Paul Kocher, president and chief scientist of Cryptography Research, says that regardless of the lack of evidence in the Times story, he discounts the “bad cryptography” explanation for the weakness, in favor of the backdoor one:

Bad cryptography happens through laziness and ignorance. But in this case, a great deal of effort went into creating this and choosing a structure that happens to be amenable to attack.

Personally, I find it interesting that the NSA would be so committed to making sure a program passed inspection. Especially one that had a fatal flaw that, when exploited properly, could be used to give someone who knew about it access to encrypted information. But of course, it’s not like the NSA has been known to invade people’s privacy, right? RIGHT?

Clearly, all there is at this point is speculation. One thing is certain though. In the coming weeks and months, the NSA is going to be the recipient of even more flak over its monitoring and cryptographic activities. Whether this effects any change in policy remains to be seen, but I doubt anyone will be holding their breaths.


The Future is Here: The Real-Life Tricorder

medical_tricorderIt was only a matter of time, I guess. But we really should have known that with all the improvements being made in biometrics and biotechnology – giving patients and doctors the means to monitor their vitals, blood pressure, glucose levels and the like with tiny devices – and all the talk of how it looked like something out of science fiction that it wouldn’t be long before someone took it upon themselves to build a device right out of Star Trek.

It’s known as a the Scanadu Scout, a non-invasive medical device that is capable of measuring your vitals simply by being held up to your temple for a mere 10 seconds. The people responsible for its creation are a startup named Scanadu, a group of research and medtech enthusiasts who are based at the NASA Ames Research Center. For the past two years, they have been seeking to create the world’s first handheld medical scanner, and with the production of the Scout, they have their prototype!

scanaduAll told, the device is able to track pulse transit time (to measure blood pressure), temperature, ECG, oximetry, heart rate, and the breathing rate of a patient or subject. A 10 second scan of a person’s temple yields data that has a 99% accuracy rate, which can then be transmitted automatically via Bluetooth to the user’s smartphone, tablet or mobile device.

The device has since been upgraded from its original version and runs at a rate of 32 bits (up from the original 8). And interestingly enough, the Scouts now runs on Micrium, the operation system that NASA uses for Mars sample analysis on the Curiosity rover. The upgrade became necessary when Scanadu co-founder Walter De Brouwer, decided to add an extra feature: the ability to remotely trigger new algorithms and plug in new sensors (like a spectrometer).

medtechOne would think that working with NASA is effecting his thinking. But as Brouwer points out, the more information the machine is capable of collecting, the better is will be at monitoring your health:

If we find new algorithms to find relationships between several readings, we can use more of the sensors than we would first activate. If you know a couple of the variables, you could statistically predict that something is going to happen. The more data we have, the more we can also predict, because we’re using data mining at the same time as statistics.

One of the Scout’s cornerstone algorithms, for example, allows it to read blood pressure without the inflating cuff that we’ve all come to know and find so uncomfortable. In the future, Scanadu could discover an algorithm that connects, age, weight, blood pressure, and heart rate with some other variable, and then be able to make recommendations.

2009_world_subdivisions_flu_pandemicEveryone who pre-orders a Scout has their data sent to a cloud service, where Scanadu will collect it in a big file for the FDA. Anyone who opts-in will also gain access to the data of other users who have also elected to share their vitals. Brouwer explains that this is part of the products early mission to test the parameters of information sharing and cloud-medical computing:

It’s going to be a consumer product in the future, but right now we are positioning it as a research tool so that it can be used to finalize the design and collect data to eventually gain regulatory approval. In the end, you have to prove how people are going to use the device, how many times a day, and how they are going to react to the information.

In the future, De Brouwer imagines this kind of shared information could be used for population scanning, kind of like Google Flu Trends does, except with data being provided directly from individuals. The focus will also be much more local, with people using the Scout’s stats to able to see if their child, who suddenly has flu symptoms, is alone of ir other kids at their school are also sick. Pandemics and the outbreaks of fatal diseases could also be tracked in the same way and people forewarned.

medical-technologyNaturally, this raises some additional questions. With it now possible to share and communicate medical information so easily between devices, from people to their doctors, and stored within databases of varying accessibility, there is the ongoing issue of privacy. If in fact medical information can be actively shared in real-time or with the touch of a button, how hard will it be for third parties to gain access to them?

The upsides are clear: a society where health information is easily accessible is likely to avoid outbreaks of infectious disease and be able to contain pandemics with greater ease. But on the flip side, hackers are likely to find ways to access and abuse this information, since it will be in a public place where people can get at it. And naturally, there are plenty of people who will feel squeamish or downright terrified about the FDA having access to up-to-the-moment medical info on them.

It’s the age of cloud computing, wireless communications, and information sharing my friends. And much as people feel guarded about their personal information now, this is likely to take on extra dimensions when their personal medical info is added to the mix. Not a simple or comfortable subject.

But while I’ve still got you’re here, no doubt contemplating the future of medicine, take a look at this video of the Scanadu Scout in action:


Cyberwars: The Biggest Cyber Attack in History?

cyber_virusIt’s been declared: the largest cyber attack in the history of the internet is happening right now. But you can forget about the US and China, this one is going on between private organizations, both of whom . In short, the fight comes down to Cyberbunker – a decommissioned NATO bunker located just outside of Kloetinge in the Netherlands – and a non-profit anti-spam organization named Spamhaus.

But first, a little background information is required for those of us not well-versed in the comings and goings of cyberwarfare (I include myself in this mix). Cyberbunker, as its name suggests, is an internet service provider and data haven that hosts websites and data stores for various companies. Founded in 1998, it began with the mission of hosting companies and protecting their data-assets from intrusion and attack.

cyberbunkerSpamhaus, on the other hand, is a non-profit that tracks internet addresses that are sources of email spam, and adds their addresses to a blacklist. Companies that use this blacklist—which include pretty much every email provider and most internet service providers on the planet—automatically block those addresses. Hence, to be blacklisted by this organization is to have your bottom line seriously effected.

The conflict between these two belligerents began in 2011, when Spamhaus began targeting Cyberbunker through one of its clients – and internet service provider named A2B. At the time, Spamhaus was trying to convince said provider that Cyberbunker was a haven for spam email, which led A2B to drop them as a client. Shortly thereafter, Cyberbunker moved onto a new internet service provider, leaving Spamhaus free to blacklist them directly.

Spamhaus attack … did it affect you?When they did, Cyberbunker responded in a way that seemed to suggest they wanted to live up to the reputation Spamhaus was bestowing on them. This involved massive retaliation by launching a cyberattack of some 300 billion bits of data per second, designed to clog Spamhaus’s connection to the internet and shut down their infrastructure.

Might sound like a tiff between two internet companies and nothing more. But in truth, this attack was so big that it began affecting service for regular people like you and me who happen to rely on some of the internet connections the attack is commandeering. In short, millions were effected by this “largest attack in internet history”, as their internet slowed down and even shorted out. Some even went as far as to say that it “almost broke the internet”.

internetBut for many others, this attack went unnoticed. In fact, according to an article by Gizmodo, most people were relatively unaffected. While some companies, like Netlix, reported sluggish streaming, they did not go down, mega net-enterprises such as Amazon reported nothing unusual, and organizations that monitor the health of the web “showed zero evidence of this Dutch conflict spilling over into our online backyards”.

In short, the attack was a major one and it had a profound impact on those sites it was directed at, and the collateral damage was noticeable. But aside from that, nothing major happened and this tiff remains a war between an organization known for spamming and one known for targeting them. And it shows no signs of slowing down or stopping anytime soon.

computer-virus.istockAccording to Patrick Gilmore, chief architect at the internet hosting service Akamai who was interviewed by the New York Times, the bottom line for CyberBunker is that “they think they should be allowed to spam.” CyberBunker is explicit on its homepage that it will host anything but child pornography and “anything related to terrorism.”

So while this latest incident did not cause “Infopocalype”, it does raise some interest questions. For one, how hard is it to wage a full-scale cyberwarfare in this day and age? Apparently, it is rather easy to create massive networks of “zombie PCs and use them to carry out related attacks, not to mention cheap since the hardware and software is hardly sophisticated.

cyber-war-1024x843And as it stands, numerous groups, including military hackers, are engaged in a back and forth with government and industrial giants that involves stealing information and spying on their activities. If things were to escalate, would it not be very easy for hackers or national cyberwarfare rings – especially ones operating out of China, Israel, Iran, Russia or the US – to try and shut down their enemies infrastructure by launching terabytes of useless data at them?

Oh, I shudder to think! An entire nation brought to its heels by adds for Russian brides, discount watches and cheap Viagra! But for the moment, it seems this latest apocalyptic prediction has proven to be just as flaccid as the others. Oh well, another day, another dollar…


Hacker Wars: The Invasion Continues!

cyber-war-1024x843State-sponsored hacking has been a major concern lately. From Russia’s “Red October” virus, which spied on embassies and diplomats in multiple countries, to China’s ongoing intrusion into government and corporate databases in the US, it seems as though private hackers are no longer the only ones we need to worry about.

The latest incident in this invasion of privacy and airing of personal information comes again from Russia, where a mysterious website has been posting personal information about some rather high-profile American figures. These include First Lady Michelle Obama, Vice-President Joe Biden, Jay-Z, Britney Spears, U.S. Attorney General Eric Holder, Sarah Palin, Arnold Schwarzenegger, and the head of the FBI.

michelle-obama_fullIn addition to taunting messages and unflattering pictures, the site includes Social Security numbers, credit reports, addresses and phone numbers. No reasons are listed on the site as to why these particular people were selected, but it seems clear at this point that they were chosen due to their high-profile nature and/or positions of importance within the US government. As of last Tuesday, both the FBI and Secret Service announced that they were investigating the website.

Though it is not definitively clear where the hackers are operating from, all indications point to Russia. The first clue came when it was revealed that site bore the internet suffix originally assigned to the Soviet Union (.su), a practice which is not uncommon with Russian hackers these days. In addition, it is also connected to a Twitter account, which carried an an anti-police message posted in Russian.

hackers_securityAt the moment, neither the White House or the Secret Service is offering assessments or comments on the matter. But some thoughts have been offered by Los Angeles Police Commander Andrew Smith, who spoke on behalf of Chief Charlie Beck, who’s information was also posted. According to Beck, this is not the first time that top police officials have had their private information posted online:

“People get mad at us, go on the Internet and try to find information about us, and post it all on one site. The best word I can use to describe it is creepy. It’s a creepy thing to do.”

Frank Preciado, assistant officer in charge of the LAPDs online division, added that the information on the police chief was likely taken from what is supposed to be a secure database of city employees. And it might just offer some insight into this latest, sweeping act of inforpiracy. When all is said and done, it appears that this may simply be a case of a small but qualified group of misfits engaging in public mischief.

internetHowever, of greater concern is the fact that with this latest act of high-profile hacking, a trend that citizens were forewarned might be coming true. In December of 2012, internet security company McAfee warned of an impending attack by Russian hackers against American banks. Dubbed “Project Blitzkrieg”, the threat of the attack surfaced on a Russian hacking forum in the previous September, and McAfee was quick to advised that it was a credible one.

As of December 2012, Russian hackers had effectively infected 500 databases in the US with the promise of more to come. The cybercriminal known as vorVzakone – whose name means ‘thief in law’ – was identified as the head of the operation, whose plans called for the release of a Trojan horse virus that would allow him and his accomplices to seize control of banks’ computers to steal information and money.


Clearly, all of these incidents amount to a major public concern. But of greater concern to me is the fact the lines being drawn in this new era of cyber-warfare are eerily familiar. Not long ago, China and Russia were locked in an ongoing feud with the US and its allies, a war fueled by ideology but based on the cultivation of technology and espionage networks.

Granted, only China’s case of cyberwarfare against the US appears to be government-backed. But between the “Red October” virus,  “Project Blitzkrieg”, and the fact that Russian hackers are in the habit of using a Soviet-era suffix to designate their activities, it seems that Russia is fertile ground for a renewed standoff with the West as well. And given that the targets have been western governments and financial institutions, would it be so farfetched to assume the government might be marginally involved?

The means may have changed, but the overall purpose remains the same. Infiltrate, destabilize, and steal information from the enemy. Are we looking at a renewed Cold War, or just the last gasps of an ideological confrontation that was supposed to have died years ago? Only time will tell…


The Hacking Continues…

hackers-1Cyberwarfare has been making it into the news quite a bit of late. From the international cyber-spying virus known as “Red October”, to China’s hacking of the New York Times and Bloomberg L.P., to intrusions into major software companies and social utilities, it seems no one is immune or unassailable in the digital age. What’s more, there are indications that it is nation states that may be leading the charge.

The latest victim in the ongoing war was Microsoft, which recently admitted that it too has been targeted by hackers. The announcement came in the midst of such tech giants as Apple, Facebook, and Twitter reporting security breaches linked to a software developer’s website, which would apparently infect programmers’ computers after they visited the site.

hacker_@In a statement posted by general manager Matt Thomlinson, Microsoft experienced intrusions of a similar nature. Though they did not specify who these hackers were, Mike Isaac at AllThingsD recently identified the website in question as iPhoneDevSDK, a site popular with mobile-app developers. In response, iPhoneDevSDK recently told users that it discovered that an administrative account on its site had been hacked, which allowed hackers to inject infectious code into its Web pages.

Once again, there are many who suspect that these attacks are linked to sources in China. In recent years, the Chinese government has been indicted in several attacks on American media chains as well major companies, as part of a wider campaign to steal trade secrets and monitor and manipulate how China is portrayed in the news.

As it stands, it is not yet clear whether this represents a part of that campaign, or if private hackers are simply using extra-covert means to conduct a little anti-corporate mischief on the side. Personally, I hope it’s the latter, as the idea of nations inciting cyberwarfare against each other is not exactly the most comforting notion! But then again, knowing that they are spying on each other kind of gives those of us who are afraid of “Big Brother” a bit of a reprieve doesn’t it?


Cyberwarfare: Not Just for Anarchists Anymore!

Hack the Planet by von Shin Kurohoshi
Hack the Planet by von Shin Kurohoshi

For those deeply concerned about internet security and privacy, the year of 2013 certainly opened with a bang. First, there was the news that a cyberspy ring – apparently operating out of Russia – had been spying on embassies, governments and research institutions around the world for the past five years using a virus dubbed “Red October”. This was back in January, when the Moscow-based antivirus firm known as Kaspersky Lab announced the discovery of the international intrigue.

Then, on Jan. 30th, the New York Times announced that they too have been the target of hackers, this time from China. In a statement released by the newspaper, the company claimed that Chinese hackers have been persistently attacking their publication for the last four months, infiltrating its computer systems and getting passwords for its reporters and other employees.

Jin_jiaboaThe timing of the attacks coincided with a Times investigation, published online on Oct. 25, that found that the relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings. The hackers tried to cloak the source of the attacks on The Times by first penetrating computers at United States universities and routing the attacks through them.

With the help of  Mandiant, the internet security company hired by The Times, they were able track the intruders, study their movements and help erect better defenses to block them. In the end, The Times reported that they had successfully expelled the attackers and kept them from breaking back in. However, the fact these hackers were able to infiltrate the network of a private news organization in the first place was much cause for worry.

Cyber-WarFor one, this is not the first time that hackers, originating in China, have used these sort of subterfuge tactics to hack US databases. According to experts at Mandiant, their company has tracked many such intrusions back to the Chinese mainland, all of which used the same approach of cloaking their efforts using US servers. In addition, this incident, which smacked of state-involvement, did not occurr in a vacuum.

Back in 2008, internet security experts indicated that Chinese hackers had begun targeting Western journalists as part of a wider campaign to identify and intimidate their sources and contacts, and to anticipate stories that might damage the reputations of Chinese leaders. The purpose behind this far-reaching and growing spy campaign aimed at corporations, government agencies, activist groups and media organizations inside the US seemed to be for the purpose of controlling China’s public image, domestically and abroad, as well as stealing trade secrets.

cyber-war-1024x843But of course, China is hardly alone in these sorts of covert cyber-warfare. As already mentioned, Russia has already shown signs of developing cyber weapons to assist in spying abroad, and there’s mounting evidence that Israel, Iran and the US are on board too. Starting in 2008, Iran’s main nuclear enrichment plant was hit by a sophisticated computer worm that caused damage to it, thus putting a crink in their efforts to become a nuclear power.

While no one took responsibility for this incident, the evidence seemed to indicate that the worm originated from sources within Israel and the US. Attacks which took place later on American banks and oil companies within the US were believed to have been caused by Iran, in retaliation for the worm that hurt their main source of enriched uranium and a key component in their nuclear program.

anonymous_flagFor some time now, hacking federal databases has become something of a sport for various groups and causes who are seeking to reveal government secrets and expose their inner workings to public scrutiny. The “Hacktivist” group known as Anonymous is a perfect example, a group closely linked to Assange (of Wikileaks) who’s most recent infiltration of the Federal Reserve Bank made the news earlier this month as well.

But as I’m sure all will agree, it’s one thing when private citizen attack domestic and foreign databases, and quite another when nations attack each others. While cyber criminals may constitute a vague and slippery enemy, one which is much harder to identify and prosecute, nation-states constitute a far more frightening one. Not only are their resources far more vast, the consequences of battling them are far greater.

Knowing who your enemy is, and that they have nuclear capabilities and the ability to strike at you physically… Yes, I think that’s a much scarier prospect! While the old ways of plausible deniability and covert action may apply, no one likes the idea of subtle attacks which could escalate into a full-scale conflict. Even if it is waged entirely by computer, the effects are still likely to be felt!


Cybersleuths Uncover Worldwide Spy Virus



“I’m frightened because our enemies are no longer known to us. They do not exist on a map. They’re not nations, they’re individuals. And look around you. Who do you fear? Can you see a face, a uniform, a flag? No! Our world is not more transparent now, it’s more opaque! It’s in the shadows.” 

This was one of the most memorable lines from the recent Bond movie Skyfall, as spoken by Dame Judi Dench in her role as M, director of MI6. It’s memorable because of how it managed to capture the essence of spy work in the post-Cold War digital age, and because it pretty much resounds with audiences who are increasingly fearful for their privacy.

In a story that I know I must comb for material for my next cyber novel, a team of cyber sleuths recently uncovered a cyberspy ring that has been spying on embassies, governments and research institutions around the world for the past five years. The virus, which has been dubbed “Red October”, is of uncertain origin, though the culprits are believed to be Russian (hence the name).

Red-October-Infection-MapFor the past five years, the virus has been harvesting documents and data from computers, smartphones and removable storage devices (such as USB sticks), largely from victims in Easter Europe and Central Asia. However, 69 countries were reported as being targeted in total, including the U.S., Australia, Ireland, Switzerland, Belgium, Brazil, Spain, South Africa, Japan and the United Arab Emirates. So far, these victims remain unidentified except to say that in most cases, they were government agencies and embassies, institutions involved in nuclear and energy research and companies in the oil and gas and aerospace industries.

The virus was uncovered by the Kaspersky Lab, a Moscow-based antivirus firm that specializing in internet security. In a statement released on Monday the 14th: “The main purpose of the operation appears to be the gathering of classified information and geopolitical intelligence, although it seems that the information-gathering scope is quite wide.” The virus is still active, they say, but now that the operation is a matter of public record, there’s no telling if it will continue or not.

hackers1What’s more interesting is the fact that the spy ring set up an extensive and complex infrastructure consisting of a chain of at least 60 command-and-control servers that appear to rivals the massive infrastructure used by the nation-state hackers that were behind the infamous Flame spay malware that was responsible for infiltrating computers in Iran and across the Middle East last year. However, Kaspersky went on to claim that this network was not associated with Flame, meaning that there is another hacker ring out there that is equally powerful and motivated, and has comparable infrastructure.

All of this calls to mind the Anonymous and the whole debate about hacking and its ethics. Whereas the concept was born of a desire to make information free, deconstruct corporate and government control of media, and break down barriers between nation states, examples like this remind us that there are also insidious hackers, the ones who’s motivation is questionable and who’s actions are less than benign. Alongside “black hat” hackers, the people who spawn malware, spyware, and other viruses from their basements, hackers have it pretty bad on the PR front!

anonymousBut good or bad, the reality is that hacking and information wars are becoming an increasingly decentralized and democratic affair. For some, this is a good sign, an indication that we are moving towards a truly open and free society. For others, its a very bad sign, since we really have no idea how to contain threats that emerge from what are essentially non-entities.

I swear to God I didn’t pick this story to promote my new book, people! But for some reason, the news cycle seems to have decided to break a story that specifically addresses what I was trying to capture with that book and its planned sequels. So in addition to all the people these “Red October” individual may have screwed over, it seems that they’ve made me look like a shameless self-promoter! I don’t know what your agenda is, be it general mischief, anti-secrecy, freedom of information, or just plain anarchism, but did you ever once think of ME???