Monday, August 28, 2006

Cyber War Strategies and Tactics

Starting from the basic premise that "All warfare is based on deception", the Cyberspace offers an unprecedented amount of asymmetric power to those capable of using it. Cyber wars are often perceived as innocent exchange of "virtual shots" between teenage defacement groups, whereas if one's willing the embrace the rough reality, Hacktivism remains a sub-activity of Cyberterrorism, where Information Warfare unites all these tactics.

Quality techno-thrillers often imply the notion of future warfare battles done in the virtual realm compared to actual spill of blood and body parts -- death is just an upgrade. Coming back to today's Hacktivism dominated mainstream news space, you may find this paper on Cyberwar Strategy and Tactics - An Analysis of Cyber Goals, Strategies, Tactics, and Techniques, and the development of a Cyber war Playbook, informative reading :

"To create a cyberwar playbook, we must first understand the stratagem building blocks or possible moves that are available. It is important to note however that these stratagem building blocks in and of themselves are not strategic. Instead, it is the reasoned application of one or more stratagems in accomplishing higher-level goals that is strategic in nature. We thus need to understand the situations in which the stratagems should be applied and how. We can begin to predict and choose the most effective stratagem for a given situation as we become more experienced. Example stratagems include:

Fortify Dodge
Deceive Block
Stimulate Skirt
Condition Monitor


Stratagems may also have sub-stratagems. Examples are:

Deceive.Chaff --- Block.Barricade
Deceive.Fakeout --- Block.Cutoff
Deceive.Conceal --- Monitor.Eavesdrop
Deceive.Feint --- Monitor.Watch
Deceive.Misinform
--- Monitor.Follow


These stratagems are very high level and can be supported through many tactical means. Each building block defines a stratagem and contains one or more possible tactical implementations for that stratagem, including requirements, goals that may be satisfied using the stratagem, caveats, example uses, and possible countermeasures."

No matter the NCW doctrine, UAVs intercepting or hijacking signals, "shock and awe" still dazzles the majority of prone to be abused by cheap PSYOPS masses of "individuals".

Related resources and posts:
Network Centric Warfare basics back in 1995
Information Warfare
Cyber Warfare
Who's Who in Cyber Warfare?
North Korea's Cyber Warfare Unit 121
Hacktivism Tensions - Israel vs Palestine Cyberwars
Achieving Information Warfare Dominance Back in 1962

Sunday, August 27, 2006

Bed Time Reading - Spying on the Bomb

Continuing the Bed Time Reading series, and a previous post related to India's Espionage Leaks, this book is a great retrospective on the U.S Nuclear Intelligence from Nazi Germany to Iran and North Korea.

In-depth review with an emphasis on India's counterintelligence tactics:

"India's success in preventing U.S. spy satellites from seeing signs of the planned tests days to weeks in advance was matched by its success in preventing acquisition of other types of intelligence. India's Intelligence Bureau ran an aggressive counterintelligence program, and the CIA, despite a large station in New Delhi, was unable to recruit a single Indian with information about the Vajpayee government's nuclear plans. Instead, the deputy chief of the CIA station in New Delhi was expelled after a botched try at recruiting the chief of Indian counterintelligence operations. Former ambassador Frank Wisner recalled that `we didn't have... the humans who would have given us an insight into their intentions'." Ambassadors do not keep aloof from the CIA's work, evidently. Their denials are false.

NSA's eavesdropping activities did not detect test preparations. "It's a tough problem," one nuclear intelligence expert told investigative journalist Seymour Hersh. India's nuclear weapons establishment would communicate via encrypted digital messages relayed via small dishes through satellites, using a system known as VSAT (very small aperture terminal), "a two-way version of the system used by satellite television companies". Good show. At the end of the day, Americans admitted that even if they had been better informed, they could not have prevented Pokhran II just as they could not deter Pakistan from staging its tests at Chagai."

Was the USSR's tactic of helping the enemies of their enemies, thus ruining the Nuclear-club monopoly by making the A-bomb a public secret, the smartest or dumbest thing they ever did? Monopolies are bad by default, but balance is precious as the "rush must always be tempered with wisdom". How about a nice game of chess instead?

Related resources and posts:
Nuclear
Who needs nuclear weapons anymore?
North Korea's Strategic Developments and Financial Operations
Japan's Reliance on U.S Spy Satellites and Early Warning Missile Systems

Saturday, August 26, 2006

Steganography and Cyber Terrorism Communications

Following my previous post on Cyber Terrorism Communications and Propaganda, I'm continuing to summarize interesting findings on the topic. The use of encryption to ensure the confidentiality of a communication, be it criminals or terrorists taking advantage of the speed and cheap nature of Internet communications, is often taken as the de-facto type of communication. I feel that it's steganographic communication in all of its variety that's playing a crucial role in terrorist communications. It's never been about the lack of publicly or even commercially obtainable steganographic tools, but the ability to know where and what to look for. Here's a brief comment on a rather hard to intercept communication tool - SSSS - Shamir's Secret Sharing Scheme :

"No other medium can provide better speed, connectivity, and most importantly anonymity, given it’s achieved and understood, and it often is. Plain encryption might seem the obvious answer, but to me it’s steganography, having the potential to fully hide within legitimate (at least looking) data flow. Another possibility is the use secret sharing schemes. A bit of a relevant tool that can be fully utilized by any group of people wanting to ensure their authenticity and perhaps everyone’s pulse, is SSSS - Shamir's Secret Sharing Scheme. And no, I’m not giving tips, just shredding light on the potential in here! The way botnets of malware can use public forums to get commands, in this very same fashion, terrorists could easily hide sensitive communications by mixing it with huge amounts of public data, while still keeping it secret."

Intelligence officials/analysts are often confronted with the difficult task of, should they actively work on scanning the entire public Internet, or single partitions of the known chaos, namely the majority of Islamic/Jihadi related web sites. Trouble is, it's heck of a short sighted approach, and way too logical one to actually provide results. Moreover, in all the fuss of terrorists using steganography, even encryption to communicate, the majority of experts -- shooting into the dark -- have totally neglected the very concept of disinformation. To be honest, I'm a little bit surprised on the lack of such, picture the media buzz of a recently found map of key region and encoded messages embedded in public image, continue with the public institutions raising threat levels, vendors taking advantages of this "marketing window" when in between, someone gained access to a third-party's E-identity and used to creatively communicate the real message.

It's a public secret that the majority of already obtained Terrorist Training Manuals on the Web give instructions on primitive, but IT-centered approaches for anonymity such as encryption, use of proxies, and yes, steganography as well. Yet another public secret, these very same training manuals are actual copies of unclassified and publicly obtained Intelligence, Military and Security research documents. Here's a chapter on Secret Writing and Cipher and Codes. Primitive, but still acting as an indicator of the trend.

The most comprehensive Scan of the USENET for steganography was conducted back in 2001, primarily because of the post 9/11 debate on the use of steganography by terrorists. Surprisingly, the experiment didn't find a single hidden image -- out of a dictionary based attack on the JSteg and JPHide positive images of course :

"After scanning two million images from eBay without finding any hidden messages, we extended the scope of our analysis. A detailed description of the detection framework can be found in Detecting Steganographic Content on the Internet. This page provides details about the analysis of one million images from the Internet Archive's USENET archive. Processing the one million images with stegdetect results in about 20,000 suspicious images. We launched a dictionary attack on the JSteg and JPHide positive images. The dictionary has a size of 1,800,000 words and phrases. The disconcert cluster used to distribute the dictionary attack has a peak performance of roughly 87 GFLOPS."

Concerns about the invaluable sample :
- Used primarily USENET as a possible source for images
- Excluded music and multimedia files, and the hard to detect while in transmission TCP/IP covert communication channels -- information can indeed move with the speed of an error message
- Cannot scan the Dark Web, the one closed behind common crawlers blocking techniques or simple authentication
- Cannot scan what's not public, namely malware-infected hosts, or entire communication platforms hosted on a defaced web server somewhere, temporary communication dead boxes -- and while taking about such, free web space providers can provide interesting information given you know where and what to look for as always

The bottom line is that if someone really wants to embed something into a commodity data such as video, picture or an MP3 file, they would. Generating more noise when there's enough of it is on the other hand a smart approach I feel is getting abused all the time. How to deal with the problem? Ensure your ECHELON approaches are capable of detecting the patterns of the majority of public/commercial steganography tools. And according to public sources, that seems to be the case already :

"R2051 Steganography Decryption by Distributive Network Attack Develop a distributive network analysis application that can detect, identify, and decrypt steganography in multiple types of files, including commonly used audio, video and graphic file formats.The application must quickly and accurately detect and identify files containing steganography and extract the hidden messages and data from the file. Decryption of any messages or data encoded before the use of a steganography program is not required. The system must allow for easy, low-cost, frequent updating to counter new emerging programs. It must detect, extract, and decrypt messages in any file that has used any currently commercially available steganography programs as well as commonly encountered non-commercial programs. These would include, but are not limited to, the following: Covert.tcp; dc-Steganograph; EzStego; FFEncode; Gzsteg; Hide 4 PGP; Hide and Seek 4.1; Hide and Seek 5.0; Hide and Seek for Windows 95; jpeg-jsteg; Paranoid, Paranoid1.1.hqx.gz; PGE - Pretty Good Envelope; PGPn123; S-Tools : S-Tools 1.0 (Italy, Finland); S-Tools 2.0 (Italy, Finland); S-Tools 3.0 (Italy), Finland); S-Tools 4.0 (Italy, Finland); Scytale; Snow; Stealth, Stealth 2.01 ; Steganos 1.4; Steganos for Windows 95 and upgrade 1.0a; Stego by John Walker; Stego by Romana Machado; Stegodos; Texto; wbStego; WitnesSoft; and WINSTORM"

The rest is making sense out of the noise and OSINT approaches for locating the "bad neighborhoods".

Figure courtesy of Bauer 2002 at the FBI's Overview of Steganography for the Computer Forensics Examiner.

Microsoft's OneCare Penetration Pricing Strategy

In a previous post, Microsoft in the Information Security Market, I commented on Microsoft's most recent move into the information security market, and the anti-virus market segment. Moreover, several months earlier I pointed out 5 things Microsoft can do to secure the Internet and why it wouldn't, namely,

- Think twice before reinventing the security industry
- Become accountable, first, in front of itself, than, in front of the its stakeholders
- Reach the proactive level, and avoid the reactive, in respect to software vulnerabilities
- Introduce an internal security oriented culture, or better utilize its workforce in respect to security
- Rethink its position in the security vulnerabilities market

Recently, the much hyped debate on whether Microsoft's Anti Virus would take a piece of the anti virus market seem to have finally materialized with the help of basic pricing strategies :

"Helped by low pricing, Microsoft's Windows Live OneCare landed the number two spot in sales at US stores in its debut month, according to The NPD Group. The antivirus and PC care package nabbed 15.4 per cent of security suite sales at retailers such as Best Buy and Amazon.com, according to NPD's data. The average price was $29.67, well below Microsoft's list price of $49.95. Online at Amazon.com, OneCare is available for only $19.99."

Ya-hoo? Not so fast since stats like these exclude the hundreds of licensing deals, co-branding, ISPs affiliation and resellership positions, as well as shipped-ready PCs with software from the rest of the vendors :

"Symantec noted that NPD covers retail sales only, and does not include consumer sales through internet service providers and PC makers, for example. "We just had a record June quarter in consumer sales, said Mike Plante, a marketing director at the company. You can't really draw market share conclusions from the NPD data alone, particularly with just a month of data."

I wonder what would Microsoft's strategy consist of by the time their offering reaches the growth stage, and starts maturing, perhaps bargaining by offering software discounts and one-stop-shop services. I've once pointed out on another anti virus market statistics concern, namely Panda Software's -- private company, no SEC or stockholders to bother about -- stated earnings right next to the rest of publicly traded companies. My point is that, if Gartner were to offer a better grasp of this vibrant market segment, they'd better have used F-Secure which is a publicly traded anti virus vendor, as it would greatly improve an analysts confidence in the provided data, wouldn't it?

Penetration pricing is all about gaining market share, and Microsoft's case reminds of how RealNetworks were ready to lose cents on each and every song sold through their digital music service, but to offer, at least temporary, a competitive alternative to iTunes.

Security cannot be bought, a false sense of security can though. Whereas risk exposure and risk mitigation define a scientific approach going beyond a visionary security management, it's arguable which one dominates, as marketing and branding often do the job -- if (true) advertising does its job, millions of people keep theirs. Case in point, Symantec which currently has the largest market share -- greatly depends on the geographical area and number of anti virus products included -- is indeed the market leader, but it doesn't necessarily mean it offers the "leading" product. Exactly the opposite, the most popular, available, one that usually comes with Norton's powerful and well known brand offering.

Why wouldn't Microsoft want to license Kaspersky's, F-Secure's or Symantec's technology for instance? Because that would have been like a Chinese growth syndrome so to speak. The Chinese economy is shifting from a source of raw materials, to an actual manufacturer, a little bit of vertical integration given you have something to offer to the market at a particular moment in time and start counting the new millionaires. The higher proportion of the business machine you own, the greater the profits at the end of quarter, and with the key regions across the world still getting online, malware is only going to get more attention from both sides of the front.

From a business point of view, you can twist a user's actual wants so successfully you can make it almost impossible to remember what was needed at the first place -- long live the sales forces! It is often arguable whether anti virus software has turned into a commodity the way media players did, but for the end user -- the one with the powerful bandwidth available -- price and availability speak for themselves. Controversial to some recent comments on why the most popular anti virus products don't work, mostly because malware authors are testing their "releases" on these products, they actually do it on all anti virus products the way pretty much everyone aware is testing suspicious files, or evaluating vendors' response times.

Don't get surprised if next time you buy a cheeseburger, the dude starts explaining the basics of zero day protection, and offer you a ZIP-based discount if any on an anti virus solution -- with up to three licenses for your wired family. Co-branding, licensing and industry outsiders are on the look for fresh revenues, and with malware representing the most popular threat as well as security "solution" bought, stay tuned a McDonald's Anti Virus "on-the-go". Hopefully one using a licensed technology from a vendor with experience and vision.

Related posts:
Look who's gonna cash for evaluating the maliciousness of the Web
Spotting valuable investments in the information security market
Valuing Security and Prioritizing Your Expenditures
Budget Allocation Myopia and Prioritizing Your Expenditures

Futuristic Warfare Technologies

The future of warfare will definitely have to do with technologies and convergence, at least the near one. Some logical developments such as, remote sensing intercontinental UAVs, autonomous warfare, remotely controlled forces, network centric warfare, higher reliance on AI probability and decision-making scenarios, are just warming up the major innovations we're about to witness -- whether defensive or offensive is an entirely different topic. In the very long term though, Nano warfare, Robot wars and Cyber wars reaching the levels of VR warfare, are among the fully realistic scenarios. Very informative slides on the Future Strategic Issues/Future Warfare [Circa 2025], and here are some important key points that made me an impression :

Technological Ages of Humankind
- Hunter/Killer groups [ Million BC 10K BC]
- Agriculture [ 10K BC 1800 AD]
- Industrial [1800-1950]
- IT [1950-2020]
- Bio/NANO [2020?]
- Virtual

The developments
- Chem/bio Antifunctionals/Anti fauna
- Binary agents distributed via imported products (Vitamins, Clothing, Food)
- Blast Wave Accelerator - global precision strike "On the Cheap"
- Bio/Chem/Molec./Nano Computing
- Ubiquitous Optical Comms
- Micro/Nano/Ubiquitous Sensors
- BioWeaponry
- Volumetric weaponry
- Cyber/Artificial Life (Beyond AI) -?
- Transoceanic UUV's, UAV's -- Boing's X45 series
- Spherical Submarines to deal with the accoustics issue

To sum up, the best warriors win their battles without waging war -- or at least not against themselves.

Face Recognition At Home

In a previous post, Biased Privacy Violation I mentioned two web sites, DontDateHimGirl.com, DontDateHerMan.com and the associated privacy implications out of these. Just came across to MyHeritage.com whose face recognition feature works remarkably well -- for relatives and everyone in between varying on the sample.

"Recognizing faces is done by algorithms that compare the faces in your photo, with all faces previously known to MyHeritage Face Recognition, through photos and meta-data contributed by yourself and other users. So the more photos added to the system, the more powerful it becomes. If people in your photos are not recognized well, it is likely that MyHeritage.com has never encountered them before. By adding these photos to MyHeritage.com and annotating the people in the photo manually, MyHeritage.com will "learn" these faces and will be able to recognize them in future photos, even in different ages of the same person's life. Note: the algorithms used by MyHeritage Face Recognition are likely to find relatives of people in your photo, due to the genetic-based facial similarities that exist between relatives. You can use this to form connections between people whom you never even knew were related."

Face recognition @home just got a boost and so did the obvious privacy implications out of the ever-growing families database, and its natural abuse by interested (third) parties.

Tuesday, August 22, 2006

Cyber Terrorism Communications and Propaganda

Further expanding the previous discussion on Tracking Down Internet Terrorist Propaganda, and patterns of Arabic Extremist Group Forum Messages' Characteristics, there've also been some recent developments on Hezbollah's never-ending use of U.S hosting companies as a media/communication/fund raising/recruitment/propaganda platform:

"Hezbollah used the Broadwing Communications fiber-optic network to deliver its Al-Manar web site to the world last week after finding a weakness in a Broadwing customer's connection. When that happened, Hezbollah television's web site was suddenly hosted, of all places, in Texas. When Broadwing discovered what had happened, they cut the T1 connection to their customer until the customer resolved the problems on its end, and the Al-Manar site disappeared back into the ether—only to pop up a few hours later on a server in India. Hezbollah's tactics are laid out in a brief Time article that also discusses the people trying to shut Hezbollah down. And it's not the people you might think. Those in the war and security business are no doubt involved, but some of the work is done by amateurs, as well. Volunteers from the Society for Internet Research track jihadi websites and tactics across the Internet, then alert domain registrars and web hosting companies to the presence of potentially illegal material on their servers."

Al Manar TV has long been known for delivering Hezbollah's PSYOPS through constantly relocating its stream, but information warfare capable enemies seem to be able to hijack the signal as it recently happened. Moreover, according to Haganah's most recent Table of American Internet Service Providers of Hezbollah -- detailed analyses -- Register.com remains a popular choice.

Cyber terrorism is a complex and often misunderstood term that originally emerged as the direct effect of Techno Imperialism sentiments, and, of course, the balancing power of the Internet when it comes to cyber warfare capabilities. In another great research Cyber Terrorism: A Study of the Extent of Coverage in Computer Security Textbooks, the author summarized the most commonly encountered Cyber Terrorism categories and keywords, and discussed the different explanations of the term. As for Cyber terrorism, the first issue that comes to the mind of the average expert are the SCADA systems whose IP based connectivity remains a growing concern for governments utilizing these. Which is exactly the least issue to worry about, today's Cyber terrorism is still maturing, tomorrow's Cyber terrorism will be taking advantage of cyber warfare capabilities on demand or through direct recruitment/blackmailing practices of individuals capable of delivering them. Here's a neat table representing the maturity/evolution of Cyber terrorism.

For the time being, propaganda and recruitment are so far the most indirect and popular practices, whereas the concept itself is truly maturing thus becoming even more evident. Thankfully, various researchers are already actively combining AI and various web crawling approaches while analyzing the presence of terrorists on the web -- and here's a good starting point.

Related resources and posts:
Cyber Terrorism
Hacktivism
Information Warfare
Cyberterrorism - don't stereotype and it's there!
Cyberterrorism - recent developments
The Current, Emerging, and Future State of Hacktivism
Terrorist Social Network Analysis
Hacktivism Tensions - Israel vs Palestine Cyberwars

Virus Outbreak Response Time

In a previous posts I discussed various trends related to malware families, and mentioned CipherTrust's Real Time PC Zombie Statistics. You might also be interested in IronPort's Virus Outbreak Response Times for the last 24 hours which currently tracks, IronPort themselves, Sophos, Trend Micro, Symantec, and McAfee. Although vendor's bias often exist, let's just say that self-serving statements can easily be verified by doing a little research on your own -- it doesn't cost a fortune to run a geographically diverse honeyfarm. However, what bothers me is the vendors' constant claims on exchanging malware samples for the sake of keeping the E in front of E-Commerce, whereas response time "achievements" often get converted into marketing benchmarks to be achieved. Protecting against known malware is far more complex than it seems, and it is often arguable whether zero day malware, or known malware has the highest impact when infecting both, corporate, and home PCs. Basically you have powerful end users getting themselves infected with months old malware and later on collectively becoming capable of causing damage on a network that's already aiming at achieving the proactive protection level. Ironic isn't it? If detailed statistics truly matter, VirusTotal has the potential to dominate the analysts community without bias.

Response times used to matter once, now it's all up to proactive protection approaches, and, of course, revenue generation from both sides. Moreover, sometimes even a signature based approach doesn't work, especially when it comes to packet based or web application based malware. Avoid the signatures hype and start rethinking the concept of malware on demand, open source malware, and the growing trend of malicious software to disable an anti virus scanner, or its ability to actually obtain the latest signatures available.

At the bottom line, achieving ROSI when it comes to false malware positives is yet another growing concern for the majority of enterprises wisely spending their security dollars.

U.S Air Force on MySpace

Seems like the U.S Air Force is joining MySpace:

"The Air Force profile will show users five video clips that the Recruiting Service says gives them “a behind-the-scenes look at the extraordinary things airmen accomplish every day,” according to a press release. Users will be able to view longer videos of airmen as they fly jets, call in air strikes, navigate satellites and jump out of airplanes, the service said. They also can vote on which commercial will kick off the Air Force’s new “Do Something Amazing” advertising campaign, scheduled for Sept. 18 during the FOX network’s “Prison Break” television show."

It's like using a Yahoo Group mailing list to break the ice and keep it teen-friendly. Now, teens all over the U.S know which buddy to avoid. I'm sure Privacy advocates will pick this up shortly, given "someone" isn't already data mining MySpace profiles for targeted propositions -- of course they are.

Sunday, August 20, 2006

North Korea's Strategic Developments and Financial Operations

Catching up with the latest developments at the hottest -- at least from a national security point of view -- zone in Asia. North Korea seems to be taking external provocations rather seriously, and feeling endangered for the colapse of its regime is actively working on its nuclear test sites development, disinformation in between for sure. According to a recent article at Reuters, North Korea may be preparing nuclear bomb test :

"ABC reported the activity at the suspected test site included the unloading of large reels of cable outside an underground facility called Pungyee-yok in northeast North Korea. It said cables can be used in nuclear testing to connect an underground test site to outside observation equipment. The intelligence was brought to the attention of the White House last week, the report said. Fears about North Korea's nuclear ambitions were exacerbated when Pyongyang defied international warnings and fired seven missiles into waters east of the Korean peninsula on July 5."

Excluding an opinionated Weapons of Mass Deception expert's interest in developments like these, speculations remain a powerful driving force for everyone involved. Consider a basic principle in life, it is often assumed that gathering together a bunch of handicapped people is the best solution for their "fragile" situation, compared to actually trying to integrate instead of isolate them. I find the same issue as the cornerstone when dealing with countries on purposely isolating themsleves, thus limiting the international accountability and ensuring the continuity of the twisted reality.

Meanwhile, the U.S is actively working on closing down North Korean bank accounts, and worsening its relations with major financial institutions worldwide, in reseponse to which North Korea is diversifying and openning accounts at 23 banks in 10 countries :

"North Korea has opened accounts at 23 banks in 10 countries following the U.S. imposition of financial sanctions on a bank in Macau last year, a Japanese newspaper reported Saturday. The Sankei Shimbun said on its Web site the 10 countries include Vietnam, Mongolia and Russia, quoting sources familiar with North Korean affairs. In September, the United States banned all American financial institutions from transacting with a Macau-based bank, Banco Delta Asia, accusing it of aiding North Korea in circulation of counterfeit U.S. dollars allegedly printed in the communist state. The U.S. also confirmed last month that the Bank of China, a major Chinese lender, had frozen all of its North Korean accounts suspected of being connected with the North's alleged counterfeiting activities."

And while China is realizing its growing economic potential, thus complying with such efforts as well, helping the enemies of your enemies still remain a fashionable concept in the silent war.

Related resources and posts:
Satellite Imagery of Pre-Launch and Post-Launch at the Taepodong Launch Facility and Affected Vegetation
A-Bomb North Korean Propaganda
North Korea - Turn On the Lights, Please
Japan's Reliance on U.S Spy Satellites and Early Warning Missile Systems
Open Source North Korean IMINT Reloaded
North Korea's Cyber Warfare Unit 121

Saturday, August 19, 2006

On the Insecurities of Sun Tanning

You definitely don't need a CISSP certificate to blog on this one, just make sure you don't forget that there should be a limit on everything, even the hugs on the beach.

Wednesday, August 16, 2006

AOL's Search Queries Data Mined

While one of AOL's searchers was publicly identified, enthusiasts are tweaking, and randomly scrolling the then leaked, now publicly available search queries data. Here's someone that's neatly data mining and providing relevant summary of the top result sites, and the top keywords. SEO Sleuth :

"was created out of the recently released AOL search data. Welcome to the AOL Keyword Analyser. This tool provides insights that have never before been publically available on the web. I claim: First tool on the web as far as I know that allows you to view what keywords people searched for it in search engines. First time you can see how much organic traffic each site gets from a search engine. First opportunity the public can see how many clicks individual SERPs get."

Surprising results speaking for the quality of the audience by themselves. Meanwhile, the EFF is naturally taking actions.

Related posts:
Data mining, terrorism and security
Shots From the Wild - Terrorism Information Awareness Program Demo Portal

Saturday, August 12, 2006

Bed Time Reading - Symbian OS Platform Security: Software Development Using the Symbian OS Security Architecture

Prr, did I hear someone start counting mobile malware samples, prr?

Try getting to know the OS itself, the main proof of concept faciliator representing today's constantly growing mobile malware family. A review of this recommended bed time reading book :

"Symbian OS is an advanced, customizable operating system, which is licensed by the world's leading mobile phone manufacturers. The latest versions incorporate an enhanced security architecture designed to protect the interests of consumers, network operators and software developers. The new security architecture of Symbian OS v9 is relevant to all security practitioners and will influence the decisions made by every developer that uses Symbian OS in the creation of devices or add-on applications. Symbian OS Platform Security covers the essential concepts and presents the security features with accompanying code examples. This introductory book highlights and explains:

* the benefits of platform security on mobile devices
* key concepts that underlie the architecture, such as the core principles of 'trust', 'capability' and data 'caging'
* how to develop on a secure platform using real-world examples
* an effective approach to writing secure applications, servers and plug-ins, using real-world examples
* how to receive the full benefit of sharing data safely between applications
* the importance of application certification and signing from the industry 'gatekeepers' of platform security
* a market-oriented discussion of possible future developments in the field of mobile device security"

Malware authors indeed have financial incentives to futher continue recompling publicly available PoC mobile malware source code, and it's the purchasing/identification features phones, opening a car with an SMS, opening a door with an SMS, purchasing over an SMS or direct barcode scanning, mobile impersonation scams, harvesting phone numbers of infected victims, as well as unknowingly interacting with premium numbers are the things about to get directly abused -- efficiently and automatically. And whereas there are more people on Earth with mobile phones compared to those with PCs, it doesn't necessarily mean everyone's having a smart phone -- perhaps Bill Gates "remarkable" cash on the poor proposition could soon undermine the $100 laptop one.

People are getting more aware on the social engineering basics of today's mobile malware, and running a mobile phone anti-virus would be nothing more than a marketer's dream come true -- end users positioning themselves as security savvy buyers. Mobile operators tend to have God's eye view on their networks, therefore epidemics are far from reality, targeted attacks (events and places where the masses gather or pass by), and directly exploiting the lack of awareness in certain regions could make an impact. South Korea's advances in mobile communications let its citizens have more phone bandwidth than an average ADSL user, but I would still have to see this getting abused at a level going beyond the sophisticated impersonation scams going on all the time.

Worth taking your time to read this book, go through Chapter 1 discussing "Why a Secure Platform?" is the basics of mobile devices security, as well.

Related posts:
Privacy issues related to mobile and wireless Internet access
Digital forensics - efficient data acquisition devices
The Cell-phone Industry and Privacy Advocates VS Cell Phone Tracking
Mobile Devices Hacking Through a Suitcase

Bed Time Reading - The Baby Business
Bed Time Reading - Rome Inc.

Anti Satellite Weapons

Continuing the discussion on the ongoing weaponization of space, and the consequently emerging space warfare arms race. Micro satellites directly matching other satellites trajectories, and taking advantage of high energy concentration in the form of lasers? For sure, but why bother damaging an entire reconnaissance satellite when you can basically spray its lenses to prevent it from using its core function:

"But the ability to operate autonomously near another satellite could also be used for offensive purposes, says Theresa Hitchens of the Center for Defense Information in Washington DC, US. If an ANGELS-like satellite were sent towards another country's satellite, it could be used as a weapon, she says. "It’s not far fetched to think that you could equip such little satellites with radio frequency jammers or technologies to block image capability," she told New Scientist. For example, a mini satellite could spray paint on the lens of a satellite's camera in order to blind it, she says. "There's a huge potential for this to be used as an anti-satellite weapon of some sort."

Quite a creative space provocation, isn't it?

Related resources and posts:
Anti Satellite Weapons
Anti Satellite Weapons @ FAS
Is a Space Warfare arms race really coming?
Weaponizing Space and the Emerging Space Warfare Arms Race

Friday, August 11, 2006

China's Internet Censorship Report 2006

Censorship is as bad, as looking directly into the sun which causes blindness, and still remains the among the few key prerequisites for successfully running a modern communism type of government, namely the leader's appearance. And while it's obvious that wearing eyeglasses is supposedly making you look smarter, I'm certain that it's not reading on candles, but censorship that's causing the overal blindness of party members on average.

Human Rights Watch recently reseased a very comprehensive report on China's Internet censorship philosophy, technologies, social implications and the business parties involved.

Meanwhile, the blocked since 2002 Blogger.com seems to be again accessible in China. A battle victory for free speech? Don't be naive, the reason it's still accessible is that they figured out how to censor what needs to be censored -- reverse model consisting of allowing everything, and blocking as well as monitoring access to potentially dangerous blogs. Less negative public opinion for sure, a good indication on why the Great Firewall has the potential to get breached into from within. Here are key summaries of what made me an impression:

01. URL de-listing on Google.cn, Yahoo! China, MSN Chinese and Baidu

02. Comparative keyword searches on Google.cn, Yahoo! China, MSN China, Baidu, Yahoo.com, MSN search and Google.com

03. The words you never see in Chinese cyberspace - courtesy of Chinese hackers located a document within the installation package of QQ instant messaging software :

falun, sex, tianwang, cdjp, av, bignews, boxun, chinaliberal, chinamz, chinesenewsnet, cnd, creaders, dafa, dajiyuan, dfdz, dpp, falu, falun, falundafa, flg, freechina, freedom, freenet, GCD, gcd , hongzhi , hrichina , huanet , hypermart , incest , jiangdongriji , lihongzhi ,making , minghui , minghuinews , nacb , naive , nmis , paper , peacehall , playboy , renminbao , renmingbao , rfa , safeweb, sex , simple , svdc , taip , tibetalk , triangle , triangleboy , UltraSurf , unixbox , ustibet , voa, voachinese, wangce, wstaiji, xinsheng, yuming, zhengjian, zhengjianwang, zhenshanren, zhuanfalun

04. The Great Firewall of China: Keywords used to filter web content :

Names of People
Bao Tong, Chen Yonglin, Cui Yingjie, Ding Jiaban, Du Zhaoyong, Gao Jingyun, Gao Zhisheng, He Jiadong, He Weifang, Hu Xingdou, Hu Yuehua, Hua Guofeng, Huang Jingao, Jiang Mianheng, Jiang Yanyong, Jiang Zemin, Jiao Guobiao, Jin Zhong, Li Zhiying, Liang Yuncai, Liu Jianfeng, Liu Junning, Liu Xiabobo, Nie Shubin, Nie Shubin (repeated),Sun Dawu, Wang Binyu, Wang Lixiong, Xu Zhiyong, Yang Bin, Yang Dongping, Yu Jie, Zhang Weiying, Zhang Xingshui, Zhang Zuhua,Zhao Yan, Zhou Qing, Zhu Chenghu, Zhu Wenhu, Zi Yang (in English), Ziyang (in Chinese), Ziyang (in English), zzy (in English, abbreviation for Zhao Ziyang)

Chinese Politics
17th party congress, Babaoshan,Beat [overthrow] the Central Propaganda Department, Blast the Central Propaganda Department, Block the road and demand back pay, Chief of the Finance Bureau, Children of high officials, China liberal (in English), Chinese Communist high officials, Denounce the Central Propaganda Department, Down with the Central Propaganda Department, Impeach, Lin Zhao Memorial Award, Patriots Alliance, Patriots Alliance (abbreviated), Patriots Alliance Web, Police chase after and kill police, Pollution lawsuit, Procedures for dismissing an official, Red Terror, Set fires to force people to relocate, Sons of high officials, The Central Propaganda Department is the AIDS of Chinese society, Villagers fight with weapons, Wang Anshi’s reform and the fall of the Northern Song dynasty, Specific Issues and Events, Buy corpses, Cadres transferred from the military, Cashfiesta (English), Cat abuse, Changxin Coal Mountain, China Youth Daily staff evaluation system, Chinese orphanage, Chinese Yangshen Yizhi Gong, Demobilized soldiers transferred to other industries, Dongyang, Dongzhou, Fetus soup, Foot and mouth disease, Fuzhou pig case, Gaoxin Hospital, High-speed train petition, Hire a killer to murder one’s wife, Honghai Bay, Horseracing, Jinxin Pharmaceutical, Kelemayi, Linyi family planning, Market access system, Mascot, Military wages, No Friendlies, Prosecutor committed suicide, Pubu Ravine, Shanwei government, Suicide of deputy mayor, Suicide of Kuerle mayor, Swiss University of Finance, Taishi village, Top ten worst cities, Wanzhou, Weitan [Village], Zhang Chunxian welcomes supervision against corruption, Falun Gong

Terms related to the banned Falun Gong spiritual movement, including phrases from its “NineCommentaries” manifesto against the Communist Party
Chinese Communist Party brutally kills people, dajiyuan (in English), Defy the heavens, earth and nature. Mao Zedong, Epoch Times, Epoch Times (written with a different character), Epoch Times news Web site, Evaluate the Chinese Communist Party, Evaluate the Chinese Communist Party (abbreviated), falundafa (in English), flg (in English), Fozhan Qianshou Fa, Guantong Liangji Fa, In the Chinese Communist Party, common standards of humanity don’t exist, Li Hongzhi, lihongzhi (in English), Master Li, minghui (in English), Mother and daughter accused each other, and students and teachers became enemies, New Tang dynasty TV Station, Nine Commentaries, No. 1 evil cult in the world, Obedient citizens under its brutal rule, People become brutal in violence, Chinese Communist Party, People developed a concept of the Chinese Communist Party, but, People who could escape have escaped, and had people to seek refuge with, Quit the party, Run the opposite direction of the so-called ideals of Communism, Shenzhou Jiachifa, Spring Festival Gala of the World’s Chinese, Steal people’s painstaking work, Truth, Compassion, Tolerance [Falungong slogan], Zhenshanren (in English) [same slogan in English]

Overseas Web Sites, Publications and Dissident Groups
Century China Foundation, China Issues Forum, China Renaissance Forum, China Society Forum, China Spring, Chinese Current Affairs, Chinese World Forum, EastSouthWestNorth Forum, EastWestSouthNorth Forum, Forum of Wind, Rain and the Divine Land, Freedom and Democracy Forum, Freedom to Write Award, Great China Forum, Han Style, Huatong Current Affairs Forum, Huaxia Digest, Huayue Current Affairs Forum, Independent Chinese PEN Center, Jimaoxin Collection, Justice Party Forum, New Birth Web, New Observer Forum, North American Freedom Forum, reminbao (in English), remingbao (in English), Small Reference, Spring and Summer Forum, Voice of the People Forum, Worldwide Reader Forum, You Say I Say Forum, Zhengming Forum, Zhidian Jiangshan Forum, Zhongshan Wind and Rain Forum

Taiwan
Establish Taiwan Country Movement Organization, Great President Chen Shui-bian, Independent League of Taiwan Youth, Independent Taiwan Association, New Party, Taiwan Freedom League, Taiwan Political Discussion Zone

Ethnic Minorities
East Turkestan, East Turkestan (abbreviated), Han-Hui conflicts [ethnic conflicts], Henan Zhongmu, Hui [muslim ethnic minority] rebellion, Hui village, Langcheng Gang, Nancheng Gang, Nanren Village, Tibet independence, Xinjiang independence, Zhongmu County

Tiananmen Square
Memoirs of June 4 participants, Redress June 4, Tiananmen videotape, Tiananmen incident, Tiananmen massacre, Tiananmen generation, World Economic Herald

Censorship
Cleaning and rectifying Web sites, China’s true content, Internet commentator, News blockade

International
Indonesia, North Korea falls out with China, Paris riots, Tsunami

Other
Armageddon, Bomb, Bug, Handmade pistol, Nuclear bomb, Wiretap, Chinese People Tell the Truth, Chinese People Justice and Evil, China Social Progressive Party, Chinese Truth Report, Dazhong Zhenren Zhenshi, Jingdongriji (English), Night talk of the Forbidden City, People’s Inside Information and Truth

Take your time to understand the Twisted Reality courtesy of China's Internet Censorship efforts, and learn more on how to undermine censorship.

Related resources and recent posts:
Censorship
China's Interest of Censoring Mobile Communications
South Korea's View on China's Media Control and Censorship

Thursday, August 10, 2006

Malware Statistics on Social Networking Sites

Huge traffic aggregators such as the majority of social networking sites,attract not only huge percentage of the Internet's population on a regular basis, but also malware authors taking advantage of the medium as an infection vector -- and why not as a propagation one as well?

ScanSafe just came up with some nice stats on the average number of social networking pages hosting malware - based on five billion web requests, there's one piece of malware hosted in 600 social networking pages :

"According to an analysis of more than five billion Web requests in July, ScanSafe found that on average, up to one in 600 profile pages on social-networking sites hosted some form of malware. The company also reported that the use of social-networking sites, often assumed to be popular only with teens, accounted for approximately 1 percent of all Web use in the workplace. “Social-networking sites have been newsworthy because of the concern over our children’s safety, but beyond unsafe contact with harmful adults, these sites are an emerging and potentially ripe threat vector that can expose children to harmful software,” said Eldar Tuvey, CEO and co-founder, ScanSafe. “Users are frequently subject to unwanted spyware and adware that can compromise their PCs, track online behavior and degrade PC performance.

SpiDynamics recent research into Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript , Hacking RSS and Atom Feed Implementations, and the countless web application vulnerabilities in popular portals turn this into a malware author's wet dream come true. You can also go through my key points on web application malware I made at the beginning of 2006, the "best" is yet to come.

Related resources and posts:
Malware
Malware Targets Social Networks - podcast
The Current State of Web Application Worms
Web Application Email Harvesting Worm

Analyzing the Intelligence Analysts' Factors of Productivity

Outstanding perspective, given the author is an ex-CIA analyst himself. Controversial to the common wisdom of a Project Manhattan type of departamental seperation -- everyone's working to achieve the same goal, whereas no one knows what the others are doing -- there's a growing trend of better analyzing and responding to an intelligence analyst's productivity needs. Watchin' the Analysts greatly descibes the Intelligence Community's efforts to sense and respond to these growing trends of collaboration, in between figuring out how to balance the possible security implications. Great reading, especially the infamous news headline on how the CIA got "hacked" through an internal unofficial communication chat room, one that they were unaware of by the time. The paper discusses LinkedIn, Del.icio.us, Blogs, and highlights the basic truth that "Anything You Can Do, I Can Do Meta..", an excerpt :

"Analysts interact among themselves, as a complex community web of knowledge. Analysis of those sorts of networks would be worthwhile, and is being done in the commercial sector, through a variety of tools. In the fall of 2000, the CIA shut down a so-called “chat room” operating unofficially over Agency networks; four employees lost their jobs, with other employees and contractors given reprimands. I had left the Agency in 1994, but numerous of those involved were friends and former colleagues. My impression was that what occurred was more embarrassing than threatening, and that agency management ought to understand how and why such virtual communities form—whether they’re facilitated or frustrated by the “official” infrastructure—and appreciate their value. Various network visualization tools would have readily revealed anomalous (at least as far as official business was concerned) traffic, but analysts will want and need an environment that fosters creativity and community, and ought to be given one."

However, there's a certain degree of internal censorship going on, the way employers often have strict guidelines on employees blogging activities, the CIA recently fired an analyst over an internal blog posting related to the Geneva Convention and torture. Risk management solutions, besides visualization are, of course, taking place as well.

Related resources and posts:
Intelligence
Visualization, Intelligence and the Starlight Project
"IM me" a strike order
Covert Competitive Intelligence
India's Espionage Leaks
Japan's Reliance on U.S Spy Satellites and Early Warning Missile Systems

AOL's Search Leak User 4417749 Identified

A Chief Privacy Officer and basic common sense anyone?

As you all know, during the weekend 20M search queries of 650,000 AOL users leaked, and are all over the Internet available for download. It's simple unbeliavable that the only measure to ensure the privacy of the data was the "unique ID", and how often does the excuse of improving search results pop out. No need for subpoenas this time, but basic use of filtering techniques.

Seems like AOL searcher 4417749 has been identified by a NYtimes reporter :

"Buried in a list of 20 million Web search queries collected by AOL and recently released on the Internet is user No. 4417749. The number was assigned by the company to protect the searcher’s anonymity, but it was not much of a shield. No. 4417749 conducted hundreds of searches over a three-month period on topics ranging from “numb fingers” to “60 single men” to “dog that urinates on everything.” And search by search, click by click, the identity of AOL user No. 4417749 became easier to discern. There are queries for “landscapers in Lilburn, Ga,” several people with the last name Arnold and “homes sold in shadow lake subdivision gwinnett county georgia.” It did not take much investigating to follow that data trail to Thelma Arnold, a 62-year-old widow who lives in Lilburn, Ga., frequently researches her friends’ medical ailments and loves her three dogs. “Those are my searches,” she said, after a reporter read part of the list to her."

Hope AOL gets to win the Big Brother Awards, nominated for sure.

Related resources and posts:
Privacy
Still worry about your search history and BigBrother?
The Feds, Google, MSN's reaction, and how you got "bigbrothered"?
What search engines know, or may find out about us?
Security vs Privacy or what's left from it
Snooping on Historical Click Streams
Brace Yourself - AOL to Enter Security Business

Wednesday, August 09, 2006

Big Momma Knows Best

Wish it was the Chinese equivalent of Big Brother I'm refering to, in this case it's a mother of six tracking down teenagers who toilet-papered her house, and mind you, she didn't even bother to use MySpace, instead :

"Base persuaded supermarket managers to tally daily toilet-paper buys for the week and a Stater Bros. manager said there was a run on bathroom tissue two days before her home was vandalized. At 7:30 p.m. Feb. 17, someone bought 144 rolls of toilet paper, cheese, dog food, flour and plastic forks, the same items found on her lawn and house. It was a cash transaction, making it difficult to trace the purchaser, but the store had video surveillance. The video showed four teenagers making the purchase, one of them wearing a Norco High School letterman's jacket with a name stitched across the back. The store's parking lot surveillance camera showed the truck they were using. Base then borrowed a Norco High yearbook and used online databases to get the name, phone numbers and addresses of the teens on the store tape."

One question remains though. If she managed to socially engineer the supermarket's staff to pass her transactions info, even a surveillance camera footage, I wonder where they were shopping from, and would her detective work findings hold in court given how they were obtained. What if they used a distributed shopping practice?

You may also find a previous post on Big Brother in the Restroom, a relevant one.

UPDATE: Great post at Angela Gunn's Tech_Space. Keep your friends close, your neighbors closer!

JitterBugs - Covert Keyboard Communication Channels

WarTyping, keyboard acoustic emanations, and here comes a full-scale covert espionage tool recently discussed in an in-depth research at the 15th USENIX Security Symposium. Researchers at the CS department of University of Pennsylvania developed a working prototype of a JitterBug Covert Channel :

"This paper introduces JitterBugs, a class of inline interception mechanisms that covertly transmit data by perturbing the timing of input events likely to affect externally observable network traffic. JitterBugs positioned at input devices deep within the trusted environment (e.g., hidden in cables or connectors) can leak sensitive data without compromising the host or its software. In particular, we show a practical Keyboard JitterBug that solves the data exfiltration problem for keystroke loggers by leaking captured passwords through small variations in the precise times at which keyboard events are delivered to the host. Whenever an interactive communication application (such as SSH, Telnet, instant messaging, etc) is running, a receiver monitoring the host's network traffic can recover the leaked data, even when the session or link is encrypted. Our experiments suggest that simple Keyboard JitterBugs can be a practical technique for capturing and exfiltrating typed secrets under conventional OSes and interactive network applications, even when the receiver is many hops away on the Internet."

The trade-off remains on whether physically restoring the device would remain undetected, compared to directly streaming the output outside the network. I'll go for the covert network timing whereas insecurities and flexibility are always a matter of viewpoint.

UPDATE: The future defined - Projection Keyboards

Related resources:
Espionage Ghosts Busters
Covert Channel
Gray-World Team
IP Covert Timing Channels: An Initial Exploration
Information Theory of Covert Timing Channels
Detection of Covert Channel Encoding in Network Packet Delays

Monday, August 07, 2006

Malware Bot Families, Technology and Trends

In case you want to know more about the evolution of bots, and ease of assembling a botnet, why families take the largest zombie share compared to single bachelors only, or which technologies dominate the threatscape - go through the slides of this study on identifying "interesting" bot technologies within a large malware collection. Bot Feature & Technology Trends by Robert Lyda also highlights distribution of bot variants from the following families :

GaoBot
SpyBot
MyTob
PolyBot
PoeBot
gBot
BrepiBot
DanishBot
NetBot
KvdBot
TriBot
TongBot
SdBot
KwBot
BugBot

As well as :

- Emergence of Bots as of eggdrop's 1993 appearance
- 2005 Bot Family Percentage per Month
- Bot Feature Percentage of All Variants
- Bot Feature Percentage Over All Variants
- Bot Technology Trends for 2005
- Bot Packing Analysis
- Prelevance of the Top 12 Packing Tools

To bottom line - bot families result in anti virus software detecting over 200,000 pieces of malware already, trouble is the majority of them have long converted into family members rather than staying bachelors only as it used to be. Malware on demand and Open Source Malware, combined with the ease of packing, are definitely making their impact.

Related resources and posts:
Malware
Splitting a Botnet's Bandwidth Capacity
An Intergalactic Security Statement
Malware Search Engine

Sunday, August 06, 2006

DVD of the Weekend - The Final Cut

This weekend's featured DVD is a marvelous representation of a full-scale 1984 type of mass surveillance society, but compared to an utopian party acting as the caring BigBrother, here it's the inavitable advances of technology, and availability of services leading to the ultimate digital preservation of our entire living -- through our own eye-embedded implants. Worth taking your time to watch this "remixing" of reality leading to the ultimate saint, but I have to agree with SFAM's comments on the "usefulness" of the technology for compiling a 30 min funeral clip only. The rest is the plot itself.

A brief summary of The Final Cut :

"In a near undefined future, people may have a Zoe microchip implanted in their nervous system to permit their families retrieve the best moments of their memories and watch on video after their deaths. This process is called "Rememory" and Alan H. Hakman (Robin Williams), a man traumatized by an incident in his childhood, is the best cutter of the Eye Tech Corporation. The company is facing groups that oppose to the "Rememory" and the ex-cutter Fletcher (Jim Caviezel) is leading these opponents. When Alan is assigned to prepare the final cut of the memories of the Eye Tech lawyer Charles Bannister, his Zoe chip is disputed by Fletcher. Meanwhile, Alan finds that he has also an implanted microchip, which is against the rules of a cutter."

You can also go through CyberPunkReview's comments and snapshots of The Final Cut.

Related resources:
Surveillance
Privacy

UPDATE: Seems like Blogspot is only searching through 7 out of my 209 posts, and ignoring the conspiracy theory you can still do it the old fashioned way - Surveillance, Privacy, Malware, Censorship, Cyber terrorism, Intelligence, etc.

Saturday, August 05, 2006

Future in Malicious Code 2006

What's new on the malware front? Quite some new developments to be included in Q2's summary for 2006, I'm about to finalize any time now. Just came across to a great continuation of my original Malware - Future Trends publication, this time courtesy of the Royal Canadian Mounted Police, quoting and further expending the discussion on my key points :

- Mobile malware will be successfully monetized
- Localization as a concept will attract the coders' attention
- Open Source Malware
- Anonymous and illegal hosting of (copyrighted) data
- The development of Ecosystem
- Rise in encryption and packers
- 0day malware on demand
- Cryptoviral extortion / Ransomware will emerge
- When the security solutions (antivirus etc.) ends up the security problem itself
- Intellectual property worms
- Web vulnerabilities, and web worms - diversity and explicit velocity
- Hijacking botnets and infected PCs
- Interoperability will increase the diversity and reach of the malware scene

A brief summary :

"This report will provide an overview of the numerous malicious code trends experts are observing and those they predict will be seen in the foreseeable future. This is not a document that will chart the future of malicious code as that would be impossible. Malware writers move very quickly. They are adaptable and very often they are exploiting vulnerabilities before the rest of the security industry is fully aware of them. Their flexibility and reaction speed is essential if they wish to continue to make a profit and stay ahead of the anti-virus companies who are constantly devising new ways to detect and remove hostile code. As a result, some of the trends covered in this document may never fully evolve and others that have not been mentioned will, no doubt, appear.This document will give readers a better sense of what is coming “down the pipe” and perhaps, a better idea of what to look for when dealing with tomorrow’s malicious code."

Professionally questioning a vendor's or mogul's self-mythology is the anti-mogul speciality. Don't just slice the threat on pieces and take credit for slicing it, let's discuss the pie itself.

Meanwhile, keep an eye on my Delicious Information Warfare summaries, and syndicate them if time equals opportunities.

Friday, August 04, 2006

Mobile Devices Hacking Through a Suitcase

Define:nerd

"Luca Carettoni and Claudio Merloni are security consultants at Milan, Italy-based Secure Network. The two created the BlueBag to raise awareness about the potential of attacks against Bluetooth-enabled devices, they said in an interview at the Black Hat security event in Las Vegas. The BlueBag is a roll-aboard suitcase filled with hardware. That gear is loaded with software to scan for Bluetooth devices and launch attacks against those, the two men said. We started evaluating how Bluetooth technology was spread in a metropolitan area, Carettoni said. We went around airports, offices and shopping malls and realized that a covered bag can be used quite effectively for malicious purposes."

Outstanding execution of the idea, I still wonder what would the content of the suitcase look like through an X-ray if they ever get to pass through one of course. Go through the entire photo session at Black Hat 2006, by Joris Evers @CNET NEWS.com's team, as well as over the basics of bluetooth (in)security.

Thursday, August 03, 2006

Achieving Information Warfare Dominance Back in 1962

The point here isn't the consolidation indicated in the article :

"The consolidation involves Singer’s headquarters staff, and subordinate Naval Security Group Activities (NSGA) and detachments (NSGD). When fully completed, the action will combine the Navy's enlisted Cryptologic Technicians and Information Warfare officers into the same organization as the Navy’s Information Systems Technicians and Information Professional officers. The IO warfare area is composed of five core integrated capabilities: Electronic Warfare, Computer Network Operations, Psychological Operations, Military Deception and Operational Security. These combine with related capabilities to provide “Information Dominance,” the concept of controlling an adversary’s use of the information and communications environment while protecting one’s own."

but the advances of intercepting electromagnetic emissions reflected off the Moon back in 1962, through the NRRO 600-Foot Steerable Parabolic Antenna :

"Naval Radio Research Observatory (NRRO). This observatory is to be erected at Sugar Grove, West Virginia for exploiting lunar reflective techniques for the purposes of intelligence collection, radio astronomy, and communications-electronics research. A 600-foot steerable parabolic radio antenna will provide for the reception of electromagnetic emissions reflected off the moon. As an intelligence device it will provide for reception and analyzing emissions from areas of the world not now accessible by any other known method, short of physical penetration. The Observatory is planned to be operational in FY 1962."

Here's more info on the concept :

"Although the 600-ft telescope was never built, a satellite-based alternative, called `GRAB' (Galactic RAdiation Background), was launched in June of 1960. Again, this was a dual-use system. The world's first elint satellite and astronomical observatory were integrated into the same satellite bus, with astronomy serving as an operational front for the whole. A second GRAB was launched in 1962. This interface of classified and basic research tells us about the pursuit of science and science-based technologies during the Cold War."

Nowadays it just seems to be full of bird listeners using parabolic microphones, activists "hacking" TV and Radio signals, and others conducting sophisticated TECHINT on the war field.

Related resources:
InformationWarfare
Cyber Warfare
PSYOPS
Intelligence

One Time Password Generating Credit Card

This is cute as it solves a major problem with customers having to use, and more easily lose tokens. Neat integration with the push of a button on the one time password generating credit card :

"It took InCard four years to develop the card, Finkelstein said. The company combined technology from a Taiwanese display maker, a U.S. battery manufacturer and a French security team, he said. A Swiss partner, NagraID, owns the rights to the process to combine the pieces and actually manufacture the technical innards of the card. The biggest development challenges were the ability to bend the card, power consumption and thickness, Finkelstein said. The result is a card that's as thin and flexible as a regular credit card and is guaranteed to work for three years and 16,000 uses. "Which is about 15 times a day, seven days a week," Finkelstein said."

Compliance with the FFIEC, or an emerging trend of convergence, trouble is it doesn't solve the majority of issues related to phishing attacks, rather it has the potential to undermine other companies' offerings. Now all they need is someone who'll take the role of an evangelist besides the well networked company executives.

Related posts:
Anti Phishing Toolbars - Can You Trust Them?
Heading in the Opposite Direction
No Anti Virus Software, No E-banking for You

Wednesday, August 02, 2006

But Of Course It's a Pleasant Transaction

Great example of automated bots attacking Ebay's core trust establishing process- the feedbacks provided by users taking advantage of the wisdom of crowds to judge on their truthfulness :

"Again, a sharp eye may notice that feedback comments received from sellers are identical, and read almost in the same order. This is because most 1-cent-plus-no-delivery-cost sellers automate the whole transaction: should someone buy their eBooks for one cent each, some scripts email it automatically to the buyer, and leaves a standard feedback comment on the buyer’s profile. So, if we recollect everything, the following is probably happening:

1. Someone is massively creating randomly named, fake user accounts (probably in a more or less automated fashion).
2. Those fake users, powered by automated web spider software, are set to scavenge eBay for 1-cent "buy it now" items and buy them.
3. Automatically, the 1-cent item seller script is emailing the buyer with the item, and posts its standard feedback on his profile.
4. The fake user automatically responds with a standard feedback comment on the seller’s profile.

In a nutshell: Two bots are talking. And doing business."

The use of CAPTCHAs, and ensuring the bots never manage to register themselves, is as important as the automated the process of bypassing CAPTCHA authentication . Expect to see a much better random generation of pseudo users, and their feedbacks compared to these one. And since Ebay is no longer an intermediary, but a platform, bots got plenty of seed data to begin their life with, don't they?

These very same techniques apply to common networks such as the Internet Relay Chat, and the majority of instant messengers where malware tries to, either take advantage of a momentum and forward itself to a buddy, or keep the discussion going until the time for a fancy photo session exchange has come.