SEOUL, South Korea — The North Korean government was the source of high-profile cyberattacks in July that caused Web outages in South Korea and the United States, news reports said Friday. The IP address – the Web equivalent of a street address or phone number – that triggered the Web attacks was traced back to North Korea's Ministry of Post and Telecommunications, the chief of South Korean's main spy agency reportedly told lawmakers. The ministry leased the IP address from China, Won Sei-hoon of the National Intelligence Service told lawmakers Thursday, according to JoongAng Ilbo newspaper. South Korea's Yonhap news agency carried a similar report. The spy agency declined to confirm the reports. Two lawmakers on parliament's intelligence committee contacted Friday also refused to confirm the reports. The Unification Ministry, which monitors North Korea, said it cannot comment on intelligence matters. More... http://www.huffingtonpost.com/2009/10/30/cyberattacks-traced-to-no_n_339701.html
The increasing number of cyber attacks on military networks and servers has raised the question of what the global defense community is doing to safeguard military systems and protect the larger global Internet. This week's issue of ACM Ubiquity features an interview with Chris Gunderson, and expert in "network centric" warfare, on this question and how military philosophy must change to adapt to the rise of information networks.
'Ugly can of worms'
Author: Dan Goodin in San Francisco
Cybercriminals have laced about 2,000 legitimate websites with a potent malware cocktail that surreptitiously attacks people who browse to them, a security researcher warned Friday.
Unlike past outbreaks of the mass web attack known as Gumblar (http://www.theregister.co.uk/2009/05/14/viral_web_infection/), this round actually plants exploit code on the website servers themselves. Curiously, the directory and file name of the malicious payload is in most cases unique and identical to a legitimate file that existed on the website.
The trick makes it extremely difficult for webmasters and anti-malware programs to detect the threats.
"This is an ugly can of worms," said Mary Landesman, the ScanSafe security researcher who warned of the mass attack. "Any time you see a new technique evolve like this the concern is we'll be seeing much more of this in the future, and certainly it complicates the remediation of the compromised website."
Previously, Gumblar planted links in thousands of compromised websites that silently redirected users to a handful of servers that hosted the exploits. That method allowed white hats to foil the attack by shutting down one or two domains. With the malware embedded directly in the compromised websites, the take-down process is significantly more time consuming.
Also making matters hard for Landesman to get the sites cleaned up: Most of the websites belong to small businesses that cater to non-English speakers. Few of them have dedicated security employees, and even when representatives can be located, the person contacting them must speak multiple languages.
While the websites are relatively small, Gumblar architects have planted links in online discussion forums across the web that often cause RSS readers to automatically send users to the booby-trapped pages. Landesman suspects black-hat search engine optimization may also be causing the infected sites to be featured prominently in results returned by Google and others.
People who are unfortunate enough to visit the sites won't see anything unusual. But behind the scenes, a PHP script checks their version of Adobe Reader and Adobe Flash, and if either is out of date, hijacks their PCs using known vulnerabilities. If both of those programs are up to date, the script tests to see if the system is vulnerable to several bugs Microsoft has patched in the last few months.
Hijacked machines will be installed with a backdoor that gives the hijackers complete control. They are also equipped with malware that manipulates search results returned by Google.
It's unclear exactly how the sites are getting compromised. Landesman suspects FTP passwords for the sites have been lifted from administrators' computers using key-logging malware. ®
Original URL: http://www.theregister.co.uk/2009/10/16/gumblar_mass_web_compromise/
Because it will be difficult to prevent cyber attacks on critical civilian and military computer networks by threatening to punish attackers, the United States must focus its efforts on defending these networks from cyber attack, according to a new RAND Corporation study. -- EurekAlert! http://www.eurekalert.org/pub_releases/2009-10/rc-umf100809.php
“Laptops are more prevalent today than they have ever been. With such an explosion in notebook use, there are that many more targets for thieves looking to pawn our stuff for a quick buck, or even worse, steal our data for more nefarious uses. Once your laptop is stolen, a burglar can access almost anything on it—that is, unless you take the right precautions.” -- Ars Technica. Full Story at: http://tinyurl.com/pc55yj
|
|
A new program tries to find young people that could meet the government's need for more highly skilled cybersecurity professionals. The U.S. Cyber Challenge is looking for 10,000 young Americans with the skills to be cybersecurity practitioners, researchers, guardians, and cyberwarriors. The program will provide participants with competition, training, recognition and a chance to win scholarships. It is led by the Center for Strategic and International Studies and includes the Defense Department’s Cyber Crime Center, the Air Force Association and the SANS Institute ... --
|
[Space War, Jul 24 2009] San Francisco (AFP) July 22, 2009 - Bureaucracy and a shortage of employees with technology prowess have left the US government without the talent it needs to defend against cyber attacks, a study warned recently. The "pipeline of potential new talent" are inadequate, while complicated processes and rules hamper efforts to recruit and retain federal workers with needed technology skills for cybersecurity, according to the study, titled "Cyber IN-Security." ... Full Story: http://tinyurl.com/kqcrks
