January 30, 2012 By Dan Lohrmann
Major technology vendors announced the formation of the Domain-based Message Authentication, Reporting and Conformance (DMARC) system today. This new email authentication framework should reduce the number of phishing scams that try to trick users into thinking emails are from someone else. Participating vendors, many of which provide free email services, aim to make spoofed domains in messages a thing of the past.
Leading technology companies like Google, Microsoft, AOL and Facebook are participating in the system – which is explained and can be examined in detail at DMARC.org. Here is a quote from the new website:
“DMARC standardizes how email receivers perform email authentication using the well-known SPF and DKIM mechanisms. This means that senders will experience consistent authentication results for their messages at AOL, Gmail, Hotmail, Yahoo! and any other email receiver implementing DMARC. We hope this will encourage senders to more broadly authenticate their outbound email which can make email a more reliable way to communicate.”
Coverage of the press announcement was widespread today with numerous headlines all over the Internet such as:
USA Today – Tech companies team up to combat e-mail scams
Information Week - Google, Microsoft Say DMARC Spec Stops Phishing and
Tech Crunch - DMARC Promises a World Of Less Phishing
Here’s an excerpt from the Tech Crunch article:
“The move follows an announcement in November that Google, Microsoft, Yahoo, AOL, and Agari were authenticating emails from Facebook, YouSendIt, and other e-commerce companies and social networks.
DMARC said the anti-phishing initiative has actually been going on for the last 18 months.
According to Google, about 15 percent of all e-mail comes from members of DMARC, but by published their DMARC records, these records can not be domain spoofed. This makes the anti-phising group much more effective at stopping criminal gangs from using phasing to dupe unsuspecting users.”
Are there any downsides to DMARC? Not really, in my opinion.
However, as many at Slashdot pointed out in their comments today, this system still doesn’t stop unwanted spam from within gmail or yahoo (or wherever) – it only ensures that the email is not from a fake domain. The benefit is tied to ensuring that the domain is genuine – which is a huge step forward – but not a complete solution. So as the critics point out, we still need to be careful to esnure that you are reading a message from the correct user. For example: there are mutiple people with the same name in Yahoo mail.
Nevertheless, I agree with the major vendors that this is an important step forward in fighting phishing attacks.
What are your thoughts on this announcement?
January 25, 2012 By Dan Lohrmann
The Federal Trade Commission’s website at www.onguardonline.gov remained down for a second day after it had suffered a security breach. According to Government Computer News (GCN.com), the group Anonymous hacked the site in protest over proposed anti-piracy laws and recent anti-piracy arrests.
Here’s a quote from GCN's story:
"The OnGuardOnline.gov site, intended to give people cybersecurity advice, was hacked early Jan. 24, with the home page replaced by the Anonymous logo, a rap song and a message threatening more attacks if anti-piracy legislation in Congress — which has stalled after a massive online protest Jan. 18 — were to pass.
FTC, which operates the site with several other agencies, took it offline after the hack...."
Since the protest last week, many legislators have backed away from Stop Online Piracy Act (SOPA) because of the public outcry and pushback from many technology companies.
Meanwhile Computerworld ran an article that said the European Union’s proposed privacy rules could hinder the Internet. Here's an excerpt:
“The rules, proposed by E.U. Justice Commissioner Viviane Reding, include the so-called "right to be forgotten," allowing Internet users to have data about them deleted if there are no legitimate reasons for retaining it. The proposal would require companies with more than 250 employees to appoint data protection officers, and it would require companies to report data breaches within 24 hours.”
This new hacking trend is not slowing down, and ushers in a new cyber chapter in my view. If “hacktivists” can manipulate public opinion and get the results that they desire (like stopping new legislation), we will surely see more of this behavior in the years ahead when developments don't match the goals of various online groups.
What is your view on these developments?
January 20, 2012 By Dan Lohrmann
This is turning into a wild week for headline-grabbing cyber activity. Immediately following Internet protests of proposed new legislation to crack down on Internet piracy, the Department of Justice (DOJ) moved quickly to shut down one of the most popular websites known for illegal downloads called Magaupload.
According to the Washington Post:
“Federal authorities Thursday indicted two firms and shut down one of the Web’s most popular sites for sharing illegally pirated material, triggering a quick response from hackers who claimed credit for taking down the Web sites of the Justice Department, Recording Industry Association of America and other media companies in retaliation.”
This story was making headlines across the tech world, with Computerworld Magazine reporting that: Anonymous retaliates for Megaupload shutdown, attacks DOJ, others. Here’s an excerpt from that article:
“The hacker group Anonymous is claiming responsibility for attacks that have taken down websites run by Universal Music, the U.S. Department of Justice and the Recording Industry Association of America in retaliation for the government's removal of the Megaupload websites.
‘The government takes down Megaupload? 15 minutes later Anonymous takes down government and record label sites,’ the Anonymous Twitter feed read.
That note was followed shortly by this one: "Megaupload was taken down w/out SOPA being law. Now imagine what will happen if it passes. The Internet as we know it will end. FIGHT BACK." The tweet referred to the Stop Online Piracy Act, an Internet piracy bill being considered in the U.S. Congress.”
Other details were also available over at USA Today:
“An indictment accused Megaupload.com of costing copyright holders at least $500 million in lost revenue. The indictment was unsealed one day after websites including Wikipedia and Craigslist shut down in protest of two congressional proposals intended to make it easier for authorities to go after websites with pirated material, especially those with headquarters and servers overseas.
Megaupload is based in Hong Kong, but some of the alleged pirated content was hosted on leased servers in Ashburn, Va., which gave federal authorities jurisdiction, the indictment said.”
Coverage of yesterday's events streteched over to the United Kingdom. The Guardian newspaper reported that: "The US government has closed down one of the world's largest filesharing websites, accusing its founders of racketeering, money laundering and presiding over 'massive' online piracy."
Meanwhile, a more detailed list of activity and timelines was seen over at Gizmodo.com. The bold headline read: THEY ARE BACK with a long list of websites that were attacked (including the FBI and EMI Records) and more than eleven updates.
This flurry of activity is revealing a new face in the global Internet battle over online laws and content controls in cyberspace. Some online are even calling it the long-awaited cyber war - but not me. However, the war of words and company protests are showing up in real-life indictments and the shutting down of popular sites offering illegal copies of copyright material.
Many commentators (including myself) have been saying that the virtual world (Internet) today often resembles the wild west of bygone years or like the 1930s with mobs in Chicago. This week’s events are showing these analogies to be fairly accurate.
One more thing - in a related development, all four Republican candidates for President stood together to oppose the proposed SOPA Internet piracy legislation in last night's debate. The White House has already stated that the legislation has flaws. I wrote about this topic earlier in my previous blog post this week.
What do you think? Where is this cyber battle heading? Will the global Internet police be able to stop Anonymous anytime soon? Or, will the global protesting grow with hackers outgunning law enforcement in cyberspace? Are these protests a good thing or not?
January 17, 2012 By Dan Lohrmann
Just when you thought you’ve seen it all online …. Along comes something else that’s new and raises plenty of serious tough questions.
On January 18, 2012, Wikipedia and a long list of other popular websites will go dark to protest the proposed Stop Online Piracy Act (SOPA). The Internet is full of stories on this topic. USA Today ran a front page story covering the fast-approaching event. Here’s an excerpt:
“Mozilla, Word Press and TwitPic have joined a growing list of websites that plan to go dark Wednesday to protest the proposed Stop Online Piracy Act (SOPA) and the Protect Intellectual Property Act, CBS News reports….
Wikipedia, Reddit and Boing Boing have already announced that they plan to go offline Wednesday.
Jimmy Wales, co-founder of Wikipedia, tweeted: ‘All US Citizens: #WikipediaBlackout means nothing unless you call your Senators. Do it now! Give friends the number too!’"
We’ve seen Cyber Sit-ins, hackers shutting down and slowing down websites and even a website dedicated to starting a cyber protest of your choice, but this may be even more disruptive.
Without taking sides, here are just some of the tough questions that this protest raises:
1) Have we put too much trust in Wikipedia and these other websites for educational or other purposes?
2) Where are the lines for websites shutting down to protest new or proposed government regulation or any other issue in society?
4) Will these protests help or hurt the chances for this legislation to pass?
5) Does this set a dangerous precedent for others websites and/or causes?
One thing seems certain: cyber protests are here to stay. I certainly expect to see more online activity like this. It will be very interesting to see how the public reacts.
What are your thoughts? Is this a good way to protest SOPA, or a big mistake for Wikipedia and others?
January 12, 2012 By Dan Lohrmann
A highly sophisticated malware network called "Shnakule" has recently been singled out as increasingly dangerous. Many security firms are rapidly reacting and even changing their views on cyber crime operations as a result of new information. The Shnakule operation employs a massive network of servers to attack websites as well as compromise pages to exploit vulnerabilities and infect end user computers.
The Department of Homeland Security (DHS) Open Source Infrastructure Report, which happens to be a very good resource for cyberecurity pros to check and review daily, posted a link to this United Kingdom (UK) article on January 10. I urge readers to take time to learn more on Shnakule. Here’s an excerpt from the UK article:
“Shnakule spans a number of attack vectors and is believed to have been used for multiple attacks, with active servers ranging from hundreds to thousands of systems at a time….
… He said the company's findings defy conventional knowledge of how malware and cyber crime operations work….
… Rather than looking to block attacks based on the individual activity of a site or domain, Blue Coat believes firms will need to take a wider approach and single out servers and domains that have been connected with malicious networks in the past….”
It is worth noting that the Shnakule malware network is not new in 2012. Blue Coat issued this press release back in September 2011.
Back on July 6, 2011, Blue Coat issued this piece which called Shnakule the most dangerous malware in the early part of 2011.
Here’s an excerpt from that report:
“For the first half of 2011, Shnakule was the leading malware delivery network, both by size and effectiveness. On average during that period, this network had 2,000 unique host names per day with a peak of more than 4,300 per day. It also proved the most adept at luring users in, with an average of more than 21,000 requests and as many as 51,000 requests in a single day. Shnakule is a broad-based malware delivery network whose malicious activities include drive-by downloads, fake anti-virus and codecs, fake flash and Firefox updates, fake warez, and botnet/command and controls. Interrelated activities include pornography, gambling, pharmaceuticals, link farming, and work-at-home scams.
Not only is Shnakule far reaching as a standalone malware delivery network, it also contains many large component malware delivery networks. Ishabor, Kulerib, Rabricote and Albircpana, which all appear on the top 10 list of largest malware delivery networks, are actually components of Shnakule and extend its malicious activities to gambling-themed malware and suspicious link farming.”
My point is that DHS is highlighting this article now in open source, which means that the threat continues to grow in 2012. Risk mitigation techniques are paramount against this type of large, complex, sophisticated threat. Government enterprises to need take this malware network threat seriously and react appropriately.
Any comments or expereinces to share regarding Shnakule?
Building effective virtual government requires new ideas and hard work. Security professionals need to be enablers of innovation. From helpful Internet training to defending cloud computing architectures to securing mobile devices, Dan Lohrmann will cover what's hot and what's not in protecting your corner of cyberspace.