January 25, 2012 By Dan Lohrmann
The Federal Trade Commission’s website at www.onguardonline.gov remained down for a second day after it had suffered a security breach. According to Government Computer News (GCN.com), the group Anonymous hacked the site in protest over proposed anti-piracy laws and recent anti-piracy arrests.
Here’s a quote from GCN's story:
"The OnGuardOnline.gov site, intended to give people cybersecurity advice, was hacked early Jan. 24, with the home page replaced by the Anonymous logo, a rap song and a message threatening more attacks if anti-piracy legislation in Congress — which has stalled after a massive online protest Jan. 18 — were to pass.
FTC, which operates the site with several other agencies, took it offline after the hack...."
Since the protest last week, many legislators have backed away from Stop Online Piracy Act (SOPA) because of the public outcry and pushback from many technology companies.
Meanwhile Computerworld ran an article that said the European Union’s proposed privacy rules could hinder the Internet. Here's an excerpt:
“The rules, proposed by E.U. Justice Commissioner Viviane Reding, include the so-called "right to be forgotten," allowing Internet users to have data about them deleted if there are no legitimate reasons for retaining it. The proposal would require companies with more than 250 employees to appoint data protection officers, and it would require companies to report data breaches within 24 hours.”
This new hacking trend is not slowing down, and ushers in a new cyber chapter in my view. If “hacktivists” can manipulate public opinion and get the results that they desire (like stopping new legislation), we will surely see more of this behavior in the years ahead when developments don't match the goals of various online groups.
What is your view on these developments?
January 20, 2012 By Dan Lohrmann
This is turning into a wild week for headline-grabbing cyber activity. Immediately following Internet protests of proposed new legislation to crack down on Internet piracy, the Department of Justice (DOJ) moved quickly to shut down one of the most popular websites known for illegal downloads called Magaupload.
According to the Washington Post:
“Federal authorities Thursday indicted two firms and shut down one of the Web’s most popular sites for sharing illegally pirated material, triggering a quick response from hackers who claimed credit for taking down the Web sites of the Justice Department, Recording Industry Association of America and other media companies in retaliation.”
This story was making headlines across the tech world, with Computerworld Magazine reporting that: Anonymous retaliates for Megaupload shutdown, attacks DOJ, others. Here’s an excerpt from that article:
“The hacker group Anonymous is claiming responsibility for attacks that have taken down websites run by Universal Music, the U.S. Department of Justice and the Recording Industry Association of America in retaliation for the government's removal of the Megaupload websites.
‘The government takes down Megaupload? 15 minutes later Anonymous takes down government and record label sites,’ the Anonymous Twitter feed read.
That note was followed shortly by this one: "Megaupload was taken down w/out SOPA being law. Now imagine what will happen if it passes. The Internet as we know it will end. FIGHT BACK." The tweet referred to the Stop Online Piracy Act, an Internet piracy bill being considered in the U.S. Congress.”
Other details were also available over at USA Today:
“An indictment accused Megaupload.com of costing copyright holders at least $500 million in lost revenue. The indictment was unsealed one day after websites including Wikipedia and Craigslist shut down in protest of two congressional proposals intended to make it easier for authorities to go after websites with pirated material, especially those with headquarters and servers overseas.
Megaupload is based in Hong Kong, but some of the alleged pirated content was hosted on leased servers in Ashburn, Va., which gave federal authorities jurisdiction, the indictment said.”
Coverage of yesterday's events streteched over to the United Kingdom. The Guardian newspaper reported that: "The US government has closed down one of the world's largest filesharing websites, accusing its founders of racketeering, money laundering and presiding over 'massive' online piracy."
Meanwhile, a more detailed list of activity and timelines was seen over at Gizmodo.com. The bold headline read: THEY ARE BACK with a long list of websites that were attacked (including the FBI and EMI Records) and more than eleven updates.
This flurry of activity is revealing a new face in the global Internet battle over online laws and content controls in cyberspace. Some online are even calling it the long-awaited cyber war - but not me. However, the war of words and company protests are showing up in real-life indictments and the shutting down of popular sites offering illegal copies of copyright material.
Many commentators (including myself) have been saying that the virtual world (Internet) today often resembles the wild west of bygone years or like the 1930s with mobs in Chicago. This week’s events are showing these analogies to be fairly accurate.
One more thing - in a related development, all four Republican candidates for President stood together to oppose the proposed SOPA Internet piracy legislation in last night's debate. The White House has already stated that the legislation has flaws. I wrote about this topic earlier in my previous blog post this week.
What do you think? Where is this cyber battle heading? Will the global Internet police be able to stop Anonymous anytime soon? Or, will the global protesting grow with hackers outgunning law enforcement in cyberspace? Are these protests a good thing or not?
January 17, 2012 By Dan Lohrmann
Just when you thought you’ve seen it all online …. Along comes something else that’s new and raises plenty of serious tough questions.
On January 18, 2012, Wikipedia and a long list of other popular websites will go dark to protest the proposed Stop Online Piracy Act (SOPA). The Internet is full of stories on this topic. USA Today ran a front page story covering the fast-approaching event. Here’s an excerpt:
“Mozilla, Word Press and TwitPic have joined a growing list of websites that plan to go dark Wednesday to protest the proposed Stop Online Piracy Act (SOPA) and the Protect Intellectual Property Act, CBS News reports….
Wikipedia, Reddit and Boing Boing have already announced that they plan to go offline Wednesday.
Jimmy Wales, co-founder of Wikipedia, tweeted: ‘All US Citizens: #WikipediaBlackout means nothing unless you call your Senators. Do it now! Give friends the number too!’"
We’ve seen Cyber Sit-ins, hackers shutting down and slowing down websites and even a website dedicated to starting a cyber protest of your choice, but this may be even more disruptive.
Without taking sides, here are just some of the tough questions that this protest raises:
1) Have we put too much trust in Wikipedia and these other websites for educational or other purposes?
2) Where are the lines for websites shutting down to protest new or proposed government regulation or any other issue in society?
4) Will these protests help or hurt the chances for this legislation to pass?
5) Does this set a dangerous precedent for others websites and/or causes?
One thing seems certain: cyber protests are here to stay. I certainly expect to see more online activity like this. It will be very interesting to see how the public reacts.
What are your thoughts? Is this a good way to protest SOPA, or a big mistake for Wikipedia and others?
January 12, 2012 By Dan Lohrmann
A highly sophisticated malware network called "Shnakule" has recently been singled out as increasingly dangerous. Many security firms are rapidly reacting and even changing their views on cyber crime operations as a result of new information. The Shnakule operation employs a massive network of servers to attack websites as well as compromise pages to exploit vulnerabilities and infect end user computers.
The Department of Homeland Security (DHS) Open Source Infrastructure Report, which happens to be a very good resource for cyberecurity pros to check and review daily, posted a link to this United Kingdom (UK) article on January 10. I urge readers to take time to learn more on Shnakule. Here’s an excerpt from the UK article:
“Shnakule spans a number of attack vectors and is believed to have been used for multiple attacks, with active servers ranging from hundreds to thousands of systems at a time….
… He said the company's findings defy conventional knowledge of how malware and cyber crime operations work….
… Rather than looking to block attacks based on the individual activity of a site or domain, Blue Coat believes firms will need to take a wider approach and single out servers and domains that have been connected with malicious networks in the past….”
It is worth noting that the Shnakule malware network is not new in 2012. Blue Coat issued this press release back in September 2011.
Back on July 6, 2011, Blue Coat issued this piece which called Shnakule the most dangerous malware in the early part of 2011.
Here’s an excerpt from that report:
“For the first half of 2011, Shnakule was the leading malware delivery network, both by size and effectiveness. On average during that period, this network had 2,000 unique host names per day with a peak of more than 4,300 per day. It also proved the most adept at luring users in, with an average of more than 21,000 requests and as many as 51,000 requests in a single day. Shnakule is a broad-based malware delivery network whose malicious activities include drive-by downloads, fake anti-virus and codecs, fake flash and Firefox updates, fake warez, and botnet/command and controls. Interrelated activities include pornography, gambling, pharmaceuticals, link farming, and work-at-home scams.
Not only is Shnakule far reaching as a standalone malware delivery network, it also contains many large component malware delivery networks. Ishabor, Kulerib, Rabricote and Albircpana, which all appear on the top 10 list of largest malware delivery networks, are actually components of Shnakule and extend its malicious activities to gambling-themed malware and suspicious link farming.”
My point is that DHS is highlighting this article now in open source, which means that the threat continues to grow in 2012. Risk mitigation techniques are paramount against this type of large, complex, sophisticated threat. Government enterprises to need take this malware network threat seriously and react appropriately.
Any comments or expereinces to share regarding Shnakule?
January 4, 2012 By Dan Lohrmann
It’s that time of year when we ask: where are we heading in regards to cybersecurity in 2012? Also, where have we been? Here’s a bit of what I’ve been reading over the past week.
There are plenty of blogs, articles and technology answers to this question. Washington Technology mentions: How you will remember 2011. William Jackson, who I usually enjoy reading over at Government Computer News, writes about 5 cyber threats (pain points) coming in 2012 and also 3 personal resolutions that you can make to improve security.
I can also point to plenty of industry lists available describing upcoming advances in cloud computing, implementing more secure smartphones, or even the coming surge in mobile payments. There are also plenty of threat prediction articles regarding online security, such as this over-arching cyber threat piece from McAfee by my friends over at Government Security News.
In my opinion, most of these lists are fairly predictable, even if they are accurate. In fairness, I’ve written plenty of these pieces in the past, and the lists haven't changed a whole lot from last year. I looked back at my 2008 predictions at CSO Magazine from four years ago, and noticed that all of those items could happen in 2012 as well. (As in 2008, we have another Summer Olympics coming up – this time in London.)
This year, I’d like to focus the question a bit further for government security teams that are prioritizing cybersecurity projects for the coming year.
So what will government cybersecurity teams be working on in 2012 – or what should they seriously consider that may not be on their current “to do” project list? Here’s my list of top cyber projects being worked on:
1) Advances in Identity Management (Yes, here it is again, and the importance of ID management isn’t going away anytime soon.)
2) Internet Protocol version 6 (IPv6)
3) Domain Name Service security (DNSsec)
No, this list is not in priority order, since different enterprises are in different places on these projects. Nevertheless, there is plenty of evidence that these projects are all heating up nationwide – if they are not already well underway or implemented for large enterprises. Notice that I provided a link to articles in each area, so you can read more about the current trend if you’d like more background.
A word of warning for state and local governments, if none of these topics/projects are on your government’s security radar screen and/or you have no plans to address these issues, you may be heading for trouble. I realize that many organizations are just putting out cyber fires, dealing with hackers and trying to deal with breaches and daily operations challenges. However, strategic planning needs to be on your agenda for cybersecurity in 2012. I strongly recommend action.
What is your security team working on in 2012?
Building effective virtual government requires new ideas and hard work. Security professionals need to be enablers of innovation. From helpful Internet training to defending cloud computing architectures to securing mobile devices, Dan Lohrmann will cover what's hot and what's not in protecting your corner of cyberspace.