The Biggest Military Hacks of All Time

The biggest military hack of all time, the Pentagon hacker, the NASA hacker - hold your breath, it's another media hype or traffic acquisition headline strategy by the majority of online media sites. Who else are we missing? The NASA port scanner, the true walking case study on tweaking NMAP for subconscious espionage purposes, the CIA IRC junkies that managed to talk them into talking with "them", and Bozo the clown chased by the Thought Police for his intentions.

Great examples of buzz generating, deadline-centered news articles you can always amuse yourself with, and feel sorry for the lack of insightful perspectives nowadays -- I'm slowly compiling a list of best of the best news items ever, so let there be less intergalactic security statements, and less flooding web sites with Hezbollah data stories.

In case you've somehow missed Gary McKinnon's story, don't you worry as you haven't missed anything spectacular, besides today's flood of reporters with claimed prehistoric IT security experience -- you must make the different between a reporter, a journalist, and a barking dog thought. Perhaps the only objective action done by an industry representative was the Sophos survey on Gary McKinnon. It would be much more credible to differentiate the severity of the hack, depending on which military or government network was actually breached, don't just go where the wind blows, barely reporting, where's YOUR opinion if ANY?

Was it the NSANet, the Joint Worldwide Intelligence Communications System [JWICS], the Secret Internet Protocol Router Network (SIPRNET), or the Unclassified but Sensitive Internet Protocol Router Network (NIPRNet) actually breached?

Moreover, were the following real-life examples a paintball game or something :

- Solar SunRise
"SOLAR SUNRISE was a series of DoD computer network attacks which occurred from 1-26 February 1998. The attack pattern was indicative of a preparation for a follow-on attack on the DII. DoD unclassified networked computers were attacked using a well-known operating system vulnerability. The attackers followed the same attack profile: (a) probing to determine if the vulnerability exists, (b) exploiting the vulnerability, (c) implanting a program (sniffer) to gather data, and (d) returning later to retrieve the collected data."

- Dutch hackers during the Gulf War
"At least one penetrated system directly supported U.S. military operations in Operation Desert Storm prior to the Gulf War. They copied or altered unclassified data and changed software to permit future access. The hackers were also looking for information about nuclear weapons. Their activities were first disclosed by Dutch television when camera crews filmed a hacker tapping into what was said to be U.S. military test information."

- The Case Study: Rome Laboratory, Griffiss Air Force Base
"However, events really began in 1994, when the two young men broke into an Air Force installation known as Rome Labs, a facility at the now closed Griffiss Air Force Base, in New York. This break-in became the centerpiece of a Government Accounting Office report on network intrusions at the Department of Defense in 1996 and also constituted the meat of a report entitled "Security and Cyberspace" by Dan Gelber and Jim Christy, presented to the Senate Permanent Subcommittee on Investigations during hearings on hacker break-ins the same year. It is interesting to note that Christy, the Air Force Office of Special Investigations staffer/author of this report, was never at Rome while the break-ins were being monitored."

- Moonlight Maze
"It was claimed that these hackers had obtained large stores of data that might include classified naval codes and information on missile guidance systems, though it was not certain that any such information had in fact been compromised."

- Titan Rain
"Titan Rain hackers have gained access to many U.S. computer networks, including those at Lockheed Martin, Sandia National Laboratories, Redstone Arsenal, and NASA."

- Chinese hackers who supposedly downloaded 10 to 20 terabytes from the NIPRNet -- it's like I love you from 1 to 50, and you?

From another perspective, the biggest military hack doesn't have to come from the outside, but from the inside, as soldiers are easily losing their USB sticks on the field. Breaching the SIPRnet from the ouside would be a good example of a big military hack, but then again, insiders are always there to "take care".

If Gary McKinnon did the biggest military hack of all time, why do I still hear Bozo singing - ta ta tararata ta ta rara tata.

UPDATE:
Related posts you might also find informative - North Korea's Cyber Warfare Unit 121, Techno imperialism and the effect of Cyber terrorism, Cyber War Strategies and Tactics, the rest you can Google. Surprised to come across the post at Meneame.net too. Continue reading →

The Walls and Lamps are Listening

And so are the hardware implanted "covert operatives". Continue reading →

Cyber War Strategies and Tactics

Starting from the basic premise that "All warfare is based on deception", the Cyberspace offers an unprecedented amount of asymmetric power to those capable of using it. Cyber wars are often perceived as innocent exchange of "virtual shots" between teenage defacement groups, whereas if one's willing the embrace the rough reality, Hacktivism remains a sub-activity of Cyberterrorism, where Information Warfare unites all these tactics.

Quality techno-thrillers often imply the notion of future warfare battles done in the virtual realm compared to actual spill of blood and body parts -- death is just an upgrade. Coming back to today's Hacktivism dominated mainstream news space, you may find this paper on Cyberwar Strategy and Tactics - An Analysis of Cyber Goals, Strategies, Tactics, and Techniques, and the development of a Cyber war Playbook, informative reading :

"To create a cyberwar playbook, we must first understand the stratagem building blocks or possible moves that are available. It is important to note however that these stratagem building blocks in and of themselves are not strategic. Instead, it is the reasoned application of one or more stratagems in accomplishing higher-level goals that is strategic in nature. We thus need to understand the situations in which the stratagems should be applied and how. We can begin to predict and choose the most effective stratagem for a given situation as we become more experienced. Example stratagems include:

Fortify Dodge
Deceive Block
Stimulate Skirt
Condition Monitor

Stratagems may also have sub-stratagems. Examples are:

Deceive.Chaff --- Block.Barricade
Deceive.Fakeout --- Block.Cutoff
Deceive.Conceal --- Monitor.Eavesdrop
Deceive.Feint --- Monitor.Watch
Deceive.Misinform --- Monitor.Follow

These stratagems are very high level and can be supported through many tactical means. Each building block defines a stratagem and contains one or more possible tactical implementations for that stratagem, including requirements, goals that may be satisfied using the stratagem, caveats, example uses, and possible countermeasures."

No matter the NCW doctrine, UAVs intercepting or hijacking signals, "shock and awe" still dazzles the majority of prone to be abused by cheap PSYOPS masses of "individuals".

Related resources and posts:
Network Centric Warfare basics back in 1995
Information Warfare
Cyber Warfare
Who's Who in Cyber Warfare?
North Korea's Cyber Warfare Unit 121
Hacktivism Tensions - Israel vs Palestine Cyberwars
Achieving Information Warfare Dominance Back in 1962 Continue reading →

Bed Time Reading - Spying on the Bomb

Continuing the Bed Time Reading series, and a previous post related to India's Espionage Leaks, this book is a great retrospective on the U.S Nuclear Intelligence from Nazi Germany to Iran and North Korea.

In-depth review with an emphasis on India's counterintelligence tactics:

"India's success in preventing U.S. spy satellites from seeing signs of the planned tests days to weeks in advance was matched by its success in preventing acquisition of other types of intelligence. India's Intelligence Bureau ran an aggressive counterintelligence program, and the CIA, despite a large station in New Delhi, was unable to recruit a single Indian with information about the Vajpayee government's nuclear plans. Instead, the deputy chief of the CIA station in New Delhi was expelled after a botched try at recruiting the chief of Indian counterintelligence operations. Former ambassador Frank Wisner recalled that `we didn't have... the humans who would have given us an insight into their intentions'." Ambassadors do not keep aloof from the CIA's work, evidently. Their denials are false.

NSA's eavesdropping activities did not detect test preparations. "It's a tough problem," one nuclear intelligence expert told investigative journalist Seymour Hersh. India's nuclear weapons establishment would communicate via encrypted digital messages relayed via small dishes through satellites, using a system known as VSAT (very small aperture terminal), "a two-way version of the system used by satellite television companies". Good show. At the end of the day, Americans admitted that even if they had been better informed, they could not have prevented Pokhran II just as they could not deter Pakistan from staging its tests at Chagai."

Was the USSR's tactic of helping the enemies of their enemies, thus ruining the Nuclear-club monopoly by making the A-bomb a public secret, the smartest or dumbest thing they ever did? Monopolies are bad by default, but balance is precious as the "rush must always be tempered with wisdom". How about a nice game of chess instead?

Related resources and posts:
Nuclear
Who needs nuclear weapons anymore?
North Korea's Strategic Developments and Financial Operations
Japan's Reliance on U.S Spy Satellites and Early Warning Missile Systems Continue reading →

Steganography and Cyber Terrorism Communications

Following my previous post on Cyber Terrorism Communications and Propaganda, I'm continuing to summarize interesting findings on the topic. The use of encryption to ensure the confidentiality of a communication, be it criminals or terrorists taking advantage of the speed and cheap nature of Internet communications, is often taken as the de-facto type of communication. I feel that it's steganographic communication in all of its variety that's playing a crucial role in terrorist communications. It's never been about the lack of publicly or even commercially obtainable steganographic tools, but the ability to know where and what to look for. Here's a brief comment on a rather hard to intercept communication tool - SSSS - Shamir's Secret Sharing Scheme :

"No other medium can provide better speed, connectivity, and most importantly anonymity, given it’s achieved and understood, and it often is. Plain encryption might seem the obvious answer, but to me it’s steganography, having the potential to fully hide within legitimate (at least looking) data flow. Another possibility is the use secret sharing schemes. A bit of a relevant tool that can be fully utilized by any group of people wanting to ensure their authenticity and perhaps everyone’s pulse, is SSSS - Shamir's Secret Sharing Scheme. And no, I’m not giving tips, just shredding light on the potential in here! The way botnets of malware can use public forums to get commands, in this very same fashion, terrorists could easily hide sensitive communications by mixing it with huge amounts of public data, while still keeping it secret."

Intelligence officials/analysts are often confronted with the difficult task of, should they actively work on scanning the entire public Internet, or single partitions of the known chaos, namely the majority of Islamic/Jihadi related web sites. Trouble is, it's heck of a short sighted approach, and way too logical one to actually provide results. Moreover, in all the fuss of terrorists using steganography, even encryption to communicate, the majority of experts -- shooting into the dark -- have totally neglected the very concept of disinformation. To be honest, I'm a little bit surprised on the lack of such, picture the media buzz of a recently found map of key region and encoded messages embedded in public image, continue with the public institutions raising threat levels, vendors taking advantages of this "marketing window" when in between, someone gained access to a third-party's E-identity and used to creatively communicate the real message.

It's a public secret that the majority of already obtained Terrorist Training Manuals on the Web give instructions on primitive, but IT-centered approaches for anonymity such as encryption, use of proxies, and yes, steganography as well. Yet another public secret, these very same training manuals are actual copies of unclassified and publicly obtained Intelligence, Military and Security research documents. Here's a chapter on Secret Writing and Cipher and Codes. Primitive, but still acting as an indicator of the trend.

The most comprehensive Scan of the USENET for steganography was conducted back in 2001, primarily because of the post 9/11 debate on the use of steganography by terrorists. Surprisingly, the experiment didn't find a single hidden image -- out of a dictionary based attack on the JSteg and JPHide positive images of course :

"After scanning two million images from eBay without finding any hidden messages, we extended the scope of our analysis. A detailed description of the detection framework can be found in Detecting Steganographic Content on the Internet. This page provides details about the analysis of one million images from the Internet Archive's USENET archive. Processing the one million images with stegdetect results in about 20,000 suspicious images. We launched a dictionary attack on the JSteg and JPHide positive images. The dictionary has a size of 1,800,000 words and phrases. The disconcert cluster used to distribute the dictionary attack has a peak performance of roughly 87 GFLOPS."

Concerns about the invaluable sample :
- Used primarily USENET as a possible source for images
- Excluded music and multimedia files, and the hard to detect while in transmission TCP/IP covert communication channels -- information can indeed move with the speed of an error message
- Cannot scan the Dark Web, the one closed behind common crawlers blocking techniques or simple authentication
- Cannot scan what's not public, namely malware-infected hosts, or entire communication platforms hosted on a defaced web server somewhere, temporary communication dead boxes -- and while taking about such, free web space providers can provide interesting information given you know where and what to look for as always

The bottom line is that if someone really wants to embed something into a commodity data such as video, picture or an MP3 file, they would. Generating more noise when there's enough of it is on the other hand a smart approach I feel is getting abused all the time. How to deal with the problem? Ensure your ECHELON approaches are capable of detecting the patterns of the majority of public/commercial steganography tools. And according to public sources, that seems to be the case already :

"R2051 Steganography Decryption by Distributive Network Attack Develop a distributive network analysis application that can detect, identify, and decrypt steganography in multiple types of files, including commonly used audio, video and graphic file formats.The application must quickly and accurately detect and identify files containing steganography and extract the hidden messages and data from the file. Decryption of any messages or data encoded before the use of a steganography program is not required. The system must allow for easy, low-cost, frequent updating to counter new emerging programs. It must detect, extract, and decrypt messages in any file that has used any currently commercially available steganography programs as well as commonly encountered non-commercial programs. These would include, but are not limited to, the following: Covert.tcp; dc-Steganograph; EzStego; FFEncode; Gzsteg; Hide 4 PGP; Hide and Seek 4.1; Hide and Seek 5.0; Hide and Seek for Windows 95; jpeg-jsteg; Paranoid, Paranoid1.1.hqx.gz; PGE - Pretty Good Envelope; PGPn123; S-Tools : S-Tools 1.0 (Italy, Finland); S-Tools 2.0 (Italy, Finland); S-Tools 3.0 (Italy), Finland); S-Tools 4.0 (Italy, Finland); Scytale; Snow; Stealth, Stealth 2.01 ; Steganos 1.4; Steganos for Windows 95 and upgrade 1.0a; Stego by John Walker; Stego by Romana Machado; Stegodos; Texto; wbStego; WitnesSoft; and WINSTORM"

The rest is making sense out of the noise and OSINT approaches for locating the "bad neighborhoods".

Figure courtesy of Bauer 2002 at the FBI's Overview of Steganography for the Computer Forensics Examiner. Continue reading →

Microsoft's OneCare Penetration Pricing Strategy

In a previous post, Microsoft in the Information Security Market, I commented on Microsoft's most recent move into the information security market, and the anti-virus market segment. Moreover, several months earlier I pointed out 5 things Microsoft can do to secure the Internet and why it wouldn't, namely,

- Think twice before reinventing the security industry
- Become accountable, first, in front of itself, than, in front of the its stakeholders
- Reach the proactive level, and avoid the reactive, in respect to software vulnerabilities
- Introduce an internal security oriented culture, or better utilize its workforce in respect to security
- Rethink its position in the security vulnerabilities market

Recently, the much hyped debate on whether Microsoft's Anti Virus would take a piece of the anti virus market seem to have finally materialized with the help of basic pricing strategies :

"Helped by low pricing, Microsoft's Windows Live OneCare landed the number two spot in sales at US stores in its debut month, according to The NPD Group. The antivirus and PC care package nabbed 15.4 per cent of security suite sales at retailers such as Best Buy and Amazon.com, according to NPD's data. The average price was $29.67, well below Microsoft's list price of $49.95. Online at Amazon.com, OneCare is available for only $19.99."

Ya-hoo? Not so fast since stats like these exclude the hundreds of licensing deals, co-branding, ISPs affiliation and resellership positions, as well as shipped-ready PCs with software from the rest of the vendors :

"Symantec noted that NPD covers retail sales only, and does not include consumer sales through internet service providers and PC makers, for example. "We just had a record June quarter in consumer sales, said Mike Plante, a marketing director at the company. You can't really draw market share conclusions from the NPD data alone, particularly with just a month of data."

I wonder what would Microsoft's strategy consist of by the time their offering reaches the growth stage, and starts maturing, perhaps bargaining by offering software discounts and one-stop-shop services. I've once pointed out on another anti virus market statistics concern, namely Panda Software's -- private company, no SEC or stockholders to bother about -- stated earnings right next to the rest of publicly traded companies. My point is that, if Gartner were to offer a better grasp of this vibrant market segment, they'd better have used F-Secure which is a publicly traded anti virus vendor, as it would greatly improve an analysts confidence in the provided data, wouldn't it?

Penetration pricing is all about gaining market share, and Microsoft's case reminds of how RealNetworks were ready to lose cents on each and every song sold through their digital music service, but to offer, at least temporary, a competitive alternative to iTunes.

Security cannot be bought, a false sense of security can though. Whereas risk exposure and risk mitigation define a scientific approach going beyond a visionary security management, it's arguable which one dominates, as marketing and branding often do the job -- if (true) advertising does its job, millions of people keep theirs. Case in point, Symantec which currently has the largest market share -- greatly depends on the geographical area and number of anti virus products included -- is indeed the market leader, but it doesn't necessarily mean it offers the "leading" product. Exactly the opposite, the most popular, available, one that usually comes with Norton's powerful and well known brand offering.

Why wouldn't Microsoft want to license Kaspersky's, F-Secure's or Symantec's technology for instance? Because that would have been like a Chinese growth syndrome so to speak. The Chinese economy is shifting from a source of raw materials, to an actual manufacturer, a little bit of vertical integration given you have something to offer to the market at a particular moment in time and start counting the new millionaires. The higher proportion of the business machine you own, the greater the profits at the end of quarter, and with the key regions across the world still getting online, malware is only going to get more attention from both sides of the front.

From a business point of view, you can twist a user's actual wants so successfully you can make it almost impossible to remember what was needed at the first place -- long live the sales forces! It is often arguable whether anti virus software has turned into a commodity the way media players did, but for the end user -- the one with the powerful bandwidth available -- price and availability speak for themselves. Controversial to some recent comments on why the most popular anti virus products don't work, mostly because malware authors are testing their "releases" on these products, they actually do it on all anti virus products the way pretty much everyone aware is testing suspicious files, or evaluating vendors' response times.

Don't get surprised if next time you buy a cheeseburger, the dude starts explaining the basics of zero day protection, and offer you a ZIP-based discount if any on an anti virus solution -- with up to three licenses for your wired family. Co-branding, licensing and industry outsiders are on the look for fresh revenues, and with malware representing the most popular threat as well as security "solution" bought, stay tuned a McDonald's Anti Virus "on-the-go". Hopefully one using a licensed technology from a vendor with experience and vision.

Related posts:
Look who's gonna cash for evaluating the maliciousness of the Web
Spotting valuable investments in the information security market
Valuing Security and Prioritizing Your Expenditures
Budget Allocation Myopia and Prioritizing Your Expenditures Continue reading →

Futuristic Warfare Technologies

The future of warfare will definitely have to do with technologies and convergence, at least the near one. Some logical developments such as, remote sensing intercontinental UAVs, autonomous warfare, remotely controlled forces, network centric warfare, higher reliance on AI probability and decision-making scenarios, are just warming up the major innovations we're about to witness -- whether defensive or offensive is an entirely different topic. In the very long term though, Nano warfare, Robot wars and Cyber wars reaching the levels of VR warfare, are among the fully realistic scenarios. Very informative slides on the Future Strategic Issues/Future Warfare [Circa 2025], and here are some important key points that made me an impression :

Technological Ages of Humankind
- Hunter/Killer groups [ Million BC 10K BC]
- Agriculture [ 10K BC 1800 AD]
- Industrial [1800-1950]
- IT [1950-2020]
- Bio/NANO [2020?]
- Virtual

The developments
- Chem/bio Antifunctionals/Anti fauna
- Binary agents distributed via imported products (Vitamins, Clothing, Food)
- Blast Wave Accelerator - global precision strike "On the Cheap"
- Bio/Chem/Molec./Nano Computing
- Ubiquitous Optical Comms
- Micro/Nano/Ubiquitous Sensors
- BioWeaponry
- Volumetric weaponry
- Cyber/Artificial Life (Beyond AI) -?
- Transoceanic UUV's, UAV's -- Boing's X45 series
- Spherical Submarines to deal with the accoustics issue

To sum up, the best warriors win their battles without waging war -- or at least not against themselves. Continue reading →

Face Recognition At Home

In a previous post, Biased Privacy Violation I mentioned two web sites, DontDateHimGirl.com, DontDateHerMan.com and the associated privacy implications out of these. Just came across to MyHeritage.com whose face recognition feature works remarkably well -- for relatives and everyone in between varying on the sample.

"Recognizing faces is done by algorithms that compare the faces in your photo, with all faces previously known to MyHeritage Face Recognition, through photos and meta-data contributed by yourself and other users. So the more photos added to the system, the more powerful it becomes. If people in your photos are not recognized well, it is likely that MyHeritage.com has never encountered them before. By adding these photos to MyHeritage.com and annotating the people in the photo manually, MyHeritage.com will "learn" these faces and will be able to recognize them in future photos, even in different ages of the same person's life. Note: the algorithms used by MyHeritage Face Recognition are likely to find relatives of people in your photo, due to the genetic-based facial similarities that exist between relatives. You can use this to form connections between people whom you never even knew were related."

Face recognition @home just got a boost and so did the obvious privacy implications out of the ever-growing families database, and its natural abuse by interested (third) parties. Continue reading →

Cyber Terrorism Communications and Propaganda

Further expanding the previous discussion on Tracking Down Internet Terrorist Propaganda, and patterns of Arabic Extremist Group Forum Messages' Characteristics, there've also been some recent developments on Hezbollah's never-ending use of U.S hosting companies as a media/communication/fund raising/recruitment/propaganda platform:

"Hezbollah used the Broadwing Communications fiber-optic network to deliver its Al-Manar web site to the world last week after finding a weakness in a Broadwing customer's connection. When that happened, Hezbollah television's web site was suddenly hosted, of all places, in Texas. When Broadwing discovered what had happened, they cut the T1 connection to their customer until the customer resolved the problems on its end, and the Al-Manar site disappeared back into the ether—only to pop up a few hours later on a server in India. Hezbollah's tactics are laid out in a brief Time article that also discusses the people trying to shut Hezbollah down. And it's not the people you might think. Those in the war and security business are no doubt involved, but some of the work is done by amateurs, as well. Volunteers from the Society for Internet Research track jihadi websites and tactics across the Internet, then alert domain registrars and web hosting companies to the presence of potentially illegal material on their servers."

Al Manar TV has long been known for delivering Hezbollah's PSYOPS through constantly relocating its stream, but information warfare capable enemies seem to be able to hijack the signal as it recently happened. Moreover, according to Haganah's most recent Table of American Internet Service Providers of Hezbollah -- detailed analyses -- Register.com remains a popular choice.

Cyber terrorism is a complex and often misunderstood term that originally emerged as the direct effect of Techno Imperialism sentiments, and, of course, the balancing power of the Internet when it comes to cyber warfare capabilities. In another great research Cyber Terrorism: A Study of the Extent of Coverage in Computer Security Textbooks, the author summarized the most commonly encountered Cyber Terrorism categories and keywords, and discussed the different explanations of the term. As for Cyber terrorism, the first issue that comes to the mind of the average expert are the SCADA systems whose IP based connectivity remains a growing concern for governments utilizing these. Which is exactly the least issue to worry about, today's Cyber terrorism is still maturing, tomorrow's Cyber terrorism will be taking advantage of cyber warfare capabilities on demand or through direct recruitment/blackmailing practices of individuals capable of delivering them. Here's a neat table representing the maturity/evolution of Cyber terrorism.

For the time being, propaganda and recruitment are so far the most indirect and popular practices, whereas the concept itself is truly maturing thus becoming even more evident. Thankfully, various researchers are already actively combining AI and various web crawling approaches while analyzing the presence of terrorists on the web -- and here's a good starting point.

Related resources and posts:
Cyber Terrorism
Hacktivism
Information Warfare
Cyberterrorism - don't stereotype and it's there!
Cyberterrorism - recent developments
The Current, Emerging, and Future State of Hacktivism
Terrorist Social Network Analysis
Hacktivism Tensions - Israel vs Palestine Cyberwars Continue reading →

Virus Outbreak Response Time

In a previous posts I discussed various trends related to malware families, and mentioned CipherTrust's Real Time PC Zombie Statistics. You might also be interested in IronPort's Virus Outbreak Response Times for the last 24 hours which currently tracks, IronPort themselves, Sophos, Trend Micro, Symantec, and McAfee. Although vendor's bias often exist, let's just say that self-serving statements can easily be verified by doing a little research on your own -- it doesn't cost a fortune to run a geographically diverse honeyfarm. However, what bothers me is the vendors' constant claims on exchanging malware samples for the sake of keeping the E in front of E-Commerce, whereas response time "achievements" often get converted into marketing benchmarks to be achieved. Protecting against known malware is far more complex than it seems, and it is often arguable whether zero day malware, or known malware has the highest impact when infecting both, corporate, and home PCs. Basically you have powerful end users getting themselves infected with months old malware and later on collectively becoming capable of causing damage on a network that's already aiming at achieving the proactive protection level. Ironic isn't it? If detailed statistics truly matter, VirusTotal has the potential to dominate the analysts community without bias.

Response times used to matter once, now it's all up to proactive protection approaches, and, of course, revenue generation from both sides. Moreover, sometimes even a signature based approach doesn't work, especially when it comes to packet based or web application based malware. Avoid the signatures hype and start rethinking the concept of malware on demand, open source malware, and the growing trend of malicious software to disable an anti virus scanner, or its ability to actually obtain the latest signatures available.

At the bottom line, achieving ROSI when it comes to false malware positives is yet another growing concern for the majority of enterprises wisely spending their security dollars. Continue reading →

U.S Air Force on MySpace

Seems like the U.S Air Force is joining MySpace:

"The Air Force profile will show users five video clips that the Recruiting Service says gives them “a behind-the-scenes look at the extraordinary things airmen accomplish every day,” according to a press release. Users will be able to view longer videos of airmen as they fly jets, call in air strikes, navigate satellites and jump out of airplanes, the service said. They also can vote on which commercial will kick off the Air Force’s new “Do Something Amazing” advertising campaign, scheduled for Sept. 18 during the FOX network’s “Prison Break” television show."

It's like using a Yahoo Group mailing list to break the ice and keep it teen-friendly. Now, teens all over the U.S know which buddy to avoid. I'm sure Privacy advocates will pick this up shortly, given "someone" isn't already data mining MySpace profiles for targeted propositions -- of course they are. Continue reading →

North Korea's Strategic Developments and Financial Operations

Catching up with the latest developments at the hottest -- at least from a national security point of view -- zone in Asia. North Korea seems to be taking external provocations rather seriously, and feeling endangered for the colapse of its regime is actively working on its nuclear test sites development, disinformation in between for sure. According to a recent article at Reuters, North Korea may be preparing nuclear bomb test :

"ABC reported the activity at the suspected test site included the unloading of large reels of cable outside an underground facility called Pungyee-yok in northeast North Korea. It said cables can be used in nuclear testing to connect an underground test site to outside observation equipment. The intelligence was brought to the attention of the White House last week, the report said. Fears about North Korea's nuclear ambitions were exacerbated when Pyongyang defied international warnings and fired seven missiles into waters east of the Korean peninsula on July 5."

Excluding an opinionated Weapons of Mass Deception expert's interest in developments like these, speculations remain a powerful driving force for everyone involved. Consider a basic principle in life, it is often assumed that gathering together a bunch of handicapped people is the best solution for their "fragile" situation, compared to actually trying to integrate instead of isolate them. I find the same issue as the cornerstone when dealing with countries on purposely isolating themsleves, thus limiting the international accountability and ensuring the continuity of the twisted reality.

Meanwhile, the U.S is actively working on closing down North Korean bank accounts, and worsening its relations with major financial institutions worldwide, in reseponse to which North Korea is diversifying and openning accounts at 23 banks in 10 countries :

"North Korea has opened accounts at 23 banks in 10 countries following the U.S. imposition of financial sanctions on a bank in Macau last year, a Japanese newspaper reported Saturday. The Sankei Shimbun said on its Web site the 10 countries include Vietnam, Mongolia and Russia, quoting sources familiar with North Korean affairs. In September, the United States banned all American financial institutions from transacting with a Macau-based bank, Banco Delta Asia, accusing it of aiding North Korea in circulation of counterfeit U.S. dollars allegedly printed in the communist state. The U.S. also confirmed last month that the Bank of China, a major Chinese lender, had frozen all of its North Korean accounts suspected of being connected with the North's alleged counterfeiting activities."

And while China is realizing its growing economic potential, thus complying with such efforts as well, helping the enemies of your enemies still remain a fashionable concept in the silent war.

Related resources and posts:
Satellite Imagery of Pre-Launch and Post-Launch at the Taepodong Launch Facility and Affected Vegetation
A-Bomb North Korean Propaganda
North Korea - Turn On the Lights, Please
Japan's Reliance on U.S Spy Satellites and Early Warning Missile Systems
Open Source North Korean IMINT Reloaded
North Korea's Cyber Warfare Unit 121 Continue reading →

On the Insecurities of Sun Tanning

You definitely don't need a CISSP certificate to blog on this one, just make sure you don't forget that there should be a limit on everything, even the hugs on the beach. Continue reading →

AOL's Search Queries Data Mined

While one of AOL's searchers was publicly identified, enthusiasts are tweaking, and randomly scrolling the then leaked, now publicly available search queries data. Here's someone that's neatly data mining and providing relevant summary of the top result sites, and the top keywords. SEO Sleuth :

"was created out of the recently released AOL search data. Welcome to the AOL Keyword Analyser. This tool provides insights that have never before been publically available on the web. I claim: First tool on the web as far as I know that allows you to view what keywords people searched for it in search engines. First time you can see how much organic traffic each site gets from a search engine. First opportunity the public can see how many clicks individual SERPs get."

Surprising results speaking for the quality of the audience by themselves. Meanwhile, the EFF is naturally taking actions.

Related posts:
Data mining, terrorism and security
Shots From the Wild - Terrorism Information Awareness Program Demo Portal Continue reading →

Bed Time Reading - Symbian OS Platform Security: Software Development Using the Symbian OS Security Architecture

Prr, did I hear someone start counting mobile malware samples, prr?

Try getting to know the OS itself, the main proof of concept faciliator representing today's constantly growing mobile malware family. A review of this recommended bed time reading book :

"Symbian OS is an advanced, customizable operating system, which is licensed by the world's leading mobile phone manufacturers. The latest versions incorporate an enhanced security architecture designed to protect the interests of consumers, network operators and software developers. The new security architecture of Symbian OS v9 is relevant to all security practitioners and will influence the decisions made by every developer that uses Symbian OS in the creation of devices or add-on applications. Symbian OS Platform Security covers the essential concepts and presents the security features with accompanying code examples. This introductory book highlights and explains:

* the benefits of platform security on mobile devices
* key concepts that underlie the architecture, such as the core principles of 'trust', 'capability' and data 'caging'
* how to develop on a secure platform using real-world examples
* an effective approach to writing secure applications, servers and plug-ins, using real-world examples
* how to receive the full benefit of sharing data safely between applications
* the importance of application certification and signing from the industry 'gatekeepers' of platform security
* a market-oriented discussion of possible future developments in the field of mobile device security"

Malware authors indeed have financial incentives to futher continue recompling publicly available PoC mobile malware source code, and it's the purchasing/identification features phones, opening a car with an SMS, opening a door with an SMS, purchasing over an SMS or direct barcode scanning, mobile impersonation scams, harvesting phone numbers of infected victims, as well as unknowingly interacting with premium numbers are the things about to get directly abused -- efficiently and automatically. And whereas there are more people on Earth with mobile phones compared to those with PCs, it doesn't necessarily mean everyone's having a smart phone -- perhaps Bill Gates "remarkable" cash on the poor proposition could soon undermine the $100 laptop one.

People are getting more aware on the social engineering basics of today's mobile malware, and running a mobile phone anti-virus would be nothing more than a marketer's dream come true -- end users positioning themselves as security savvy buyers. Mobile operators tend to have God's eye view on their networks, therefore epidemics are far from reality, targeted attacks (events and places where the masses gather or pass by), and directly exploiting the lack of awareness in certain regions could make an impact. South Korea's advances in mobile communications let its citizens have more phone bandwidth than an average ADSL user, but I would still have to see this getting abused at a level going beyond the sophisticated impersonation scams going on all the time.

Worth taking your time to read this book, go through Chapter 1 discussing "Why a Secure Platform?" is the basics of mobile devices security, as well.

Related posts:
Privacy issues related to mobile and wireless Internet access
Digital forensics - efficient data acquisition devices
The Cell-phone Industry and Privacy Advocates VS Cell Phone Tracking
Mobile Devices Hacking Through a Suitcase

Bed Time Reading - The Baby Business
Bed Time Reading - Rome Inc. Continue reading →

Anti Satellite Weapons

Continuing the discussion on the ongoing weaponization of space, and the consequently emerging space warfare arms race. Micro satellites directly matching other satellites trajectories, and taking advantage of high energy concentration in the form of lasers? For sure, but why bother damaging an entire reconnaissance satellite when you can basically spray its lenses to prevent it from using its core function:

"But the ability to operate autonomously near another satellite could also be used for offensive purposes, says Theresa Hitchens of the Center for Defense Information in Washington DC, US. If an ANGELS-like satellite were sent towards another country's satellite, it could be used as a weapon, she says. "It’s not far fetched to think that you could equip such little satellites with radio frequency jammers or technologies to block image capability," she told New Scientist. For example, a mini satellite could spray paint on the lens of a satellite's camera in order to blind it, she says. "There's a huge potential for this to be used as an anti-satellite weapon of some sort."

Quite a creative space provocation, isn't it?

Related resources and posts:
Anti Satellite Weapons
Anti Satellite Weapons @ FAS
Is a Space Warfare arms race really coming?
Weaponizing Space and the Emerging Space Warfare Arms Race Continue reading →

China's Internet Censorship Report 2006

Censorship is as bad, as looking directly into the sun which causes blindness, and still remains the among the few key prerequisites for successfully running a modern communism type of government, namely the leader's appearance. And while it's obvious that wearing eyeglasses is supposedly making you look smarter, I'm certain that it's not reading on candles, but censorship that's causing the overal blindness of party members on average.

Human Rights Watch recently reseased a very comprehensive report on China's Internet censorship philosophy, technologies, social implications and the business parties involved.

Meanwhile, the blocked since 2002 Blogger.com seems to be again accessible in China. A battle victory for free speech? Don't be naive, the reason it's still accessible is that they figured out how to censor what needs to be censored -- reverse model consisting of allowing everything, and blocking as well as monitoring access to potentially dangerous blogs. Less negative public opinion for sure, a good indication on why the Great Firewall has the potential to get breached into from within. Here are key summaries of what made me an impression:

01. URL de-listing on Google.cn, Yahoo! China, MSN Chinese and Baidu

02. Comparative keyword searches on Google.cn, Yahoo! China, MSN China, Baidu, Yahoo.com, MSN search and Google.com

03. The words you never see in Chinese cyberspace - courtesy of Chinese hackers located a document within the installation package of QQ instant messaging software :

falun, sex, tianwang, cdjp, av, bignews, boxun, chinaliberal, chinamz, chinesenewsnet, cnd, creaders, dafa, dajiyuan, dfdz, dpp, falu, falun, falundafa, flg, freechina, freedom, freenet, GCD, gcd , hongzhi , hrichina , huanet , hypermart , incest , jiangdongriji , lihongzhi ,making , minghui , minghuinews , nacb , naive , nmis , paper , peacehall , playboy , renminbao , renmingbao , rfa , safeweb, sex , simple , svdc , taip , tibetalk , triangle , triangleboy , UltraSurf , unixbox , ustibet , voa, voachinese, wangce, wstaiji, xinsheng, yuming, zhengjian, zhengjianwang, zhenshanren, zhuanfalun

04. The Great Firewall of China: Keywords used to filter web content :

Names of People
Bao Tong, Chen Yonglin, Cui Yingjie, Ding Jiaban, Du Zhaoyong, Gao Jingyun, Gao Zhisheng, He Jiadong, He Weifang, Hu Xingdou, Hu Yuehua, Hua Guofeng, Huang Jingao, Jiang Mianheng, Jiang Yanyong, Jiang Zemin, Jiao Guobiao, Jin Zhong, Li Zhiying, Liang Yuncai, Liu Jianfeng, Liu Junning, Liu Xiabobo, Nie Shubin, Nie Shubin (repeated),Sun Dawu, Wang Binyu, Wang Lixiong, Xu Zhiyong, Yang Bin, Yang Dongping, Yu Jie, Zhang Weiying, Zhang Xingshui, Zhang Zuhua,Zhao Yan, Zhou Qing, Zhu Chenghu, Zhu Wenhu, Zi Yang (in English), Ziyang (in Chinese), Ziyang (in English), zzy (in English, abbreviation for Zhao Ziyang)

Chinese Politics
17th party congress, Babaoshan,Beat [overthrow] the Central Propaganda Department, Blast the Central Propaganda Department, Block the road and demand back pay, Chief of the Finance Bureau, Children of high officials, China liberal (in English), Chinese Communist high officials, Denounce the Central Propaganda Department, Down with the Central Propaganda Department, Impeach, Lin Zhao Memorial Award, Patriots Alliance, Patriots Alliance (abbreviated), Patriots Alliance Web, Police chase after and kill police, Pollution lawsuit, Procedures for dismissing an official, Red Terror, Set fires to force people to relocate, Sons of high officials, The Central Propaganda Department is the AIDS of Chinese society, Villagers fight with weapons, Wang Anshi’s reform and the fall of the Northern Song dynasty, Specific Issues and Events, Buy corpses, Cadres transferred from the military, Cashfiesta (English), Cat abuse, Changxin Coal Mountain, China Youth Daily staff evaluation system, Chinese orphanage, Chinese Yangshen Yizhi Gong, Demobilized soldiers transferred to other industries, Dongyang, Dongzhou, Fetus soup, Foot and mouth disease, Fuzhou pig case, Gaoxin Hospital, High-speed train petition, Hire a killer to murder one’s wife, Honghai Bay, Horseracing, Jinxin Pharmaceutical, Kelemayi, Linyi family planning, Market access system, Mascot, Military wages, No Friendlies, Prosecutor committed suicide, Pubu Ravine, Shanwei government, Suicide of deputy mayor, Suicide of Kuerle mayor, Swiss University of Finance, Taishi village, Top ten worst cities, Wanzhou, Weitan [Village], Zhang Chunxian welcomes supervision against corruption, Falun Gong

Terms related to the banned Falun Gong spiritual movement, including phrases from its “NineCommentaries” manifesto against the Communist Party
Chinese Communist Party brutally kills people, dajiyuan (in English), Defy the heavens, earth and nature. Mao Zedong, Epoch Times, Epoch Times (written with a different character), Epoch Times news Web site, Evaluate the Chinese Communist Party, Evaluate the Chinese Communist Party (abbreviated), falundafa (in English), flg (in English), Fozhan Qianshou Fa, Guantong Liangji Fa, In the Chinese Communist Party, common standards of humanity don’t exist, Li Hongzhi, lihongzhi (in English), Master Li, minghui (in English), Mother and daughter accused each other, and students and teachers became enemies, New Tang dynasty TV Station, Nine Commentaries, No. 1 evil cult in the world, Obedient citizens under its brutal rule, People become brutal in violence, Chinese Communist Party, People developed a concept of the Chinese Communist Party, but, People who could escape have escaped, and had people to seek refuge with, Quit the party, Run the opposite direction of the so-called ideals of Communism, Shenzhou Jiachifa, Spring Festival Gala of the World’s Chinese, Steal people’s painstaking work, Truth, Compassion, Tolerance [Falungong slogan], Zhenshanren (in English) [same slogan in English]

Overseas Web Sites, Publications and Dissident Groups
Century China Foundation, China Issues Forum, China Renaissance Forum, China Society Forum, China Spring, Chinese Current Affairs, Chinese World Forum, EastSouthWestNorth Forum, EastWestSouthNorth Forum, Forum of Wind, Rain and the Divine Land, Freedom and Democracy Forum, Freedom to Write Award, Great China Forum, Han Style, Huatong Current Affairs Forum, Huaxia Digest, Huayue Current Affairs Forum, Independent Chinese PEN Center, Jimaoxin Collection, Justice Party Forum, New Birth Web, New Observer Forum, North American Freedom Forum, reminbao (in English), remingbao (in English), Small Reference, Spring and Summer Forum, Voice of the People Forum, Worldwide Reader Forum, You Say I Say Forum, Zhengming Forum, Zhidian Jiangshan Forum, Zhongshan Wind and Rain Forum

Taiwan
Establish Taiwan Country Movement Organization, Great President Chen Shui-bian, Independent League of Taiwan Youth, Independent Taiwan Association, New Party, Taiwan Freedom League, Taiwan Political Discussion Zone

Ethnic Minorities
East Turkestan, East Turkestan (abbreviated), Han-Hui conflicts [ethnic conflicts], Henan Zhongmu, Hui [muslim ethnic minority] rebellion, Hui village, Langcheng Gang, Nancheng Gang, Nanren Village, Tibet independence, Xinjiang independence, Zhongmu County

Tiananmen Square
Memoirs of June 4 participants, Redress June 4, Tiananmen videotape, Tiananmen incident, Tiananmen massacre, Tiananmen generation, World Economic Herald

Censorship
Cleaning and rectifying Web sites, China’s true content, Internet commentator, News blockade

International
Indonesia, North Korea falls out with China, Paris riots, Tsunami

Other
Armageddon, Bomb, Bug, Handmade pistol, Nuclear bomb, Wiretap, Chinese People Tell the Truth, Chinese People Justice and Evil, China Social Progressive Party, Chinese Truth Report, Dazhong Zhenren Zhenshi, Jingdongriji (English), Night talk of the Forbidden City, People’s Inside Information and Truth

Take your time to understand the Twisted Reality courtesy of China's Internet Censorship efforts, and learn more on how to undermine censorship.

Related resources and recent posts:
Censorship
China's Interest of Censoring Mobile Communications
South Korea's View on China's Media Control and Censorship Continue reading →

Malware Statistics on Social Networking Sites

Huge traffic aggregators such as the majority of social networking sites,attract not only huge percentage of the Internet's population on a regular basis, but also malware authors taking advantage of the medium as an infection vector -- and why not as a propagation one as well?

ScanSafe just came up with some nice stats on the average number of social networking pages hosting malware - based on five billion web requests, there's one piece of malware hosted in 600 social networking pages :

"According to an analysis of more than five billion Web requests in July, ScanSafe found that on average, up to one in 600 profile pages on social-networking sites hosted some form of malware. The company also reported that the use of social-networking sites, often assumed to be popular only with teens, accounted for approximately 1 percent of all Web use in the workplace. “Social-networking sites have been newsworthy because of the concern over our children’s safety, but beyond unsafe contact with harmful adults, these sites are an emerging and potentially ripe threat vector that can expose children to harmful software,” said Eldar Tuvey, CEO and co-founder, ScanSafe. “Users are frequently subject to unwanted spyware and adware that can compromise their PCs, track online behavior and degrade PC performance.”

SpiDynamics recent research into Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript , Hacking RSS and Atom Feed Implementations, and the countless web application vulnerabilities in popular portals turn this into a malware author's wet dream come true. You can also go through my key points on web application malware I made at the beginning of 2006, the "best" is yet to come.

Related resources and posts:
Malware
Malware Targets Social Networks - podcast
The Current State of Web Application Worms
Web Application Email Harvesting Worm Continue reading →

Analyzing the Intelligence Analysts' Factors of Productivity

Outstanding perspective, given the author is an ex-CIA analyst himself. Controversial to the common wisdom of a Project Manhattan type of departamental seperation -- everyone's working to achieve the same goal, whereas no one knows what the others are doing -- there's a growing trend of better analyzing and responding to an intelligence analyst's productivity needs. Watchin' the Analysts greatly descibes the Intelligence Community's efforts to sense and respond to these growing trends of collaboration, in between figuring out how to balance the possible security implications. Great reading, especially the infamous news headline on how the CIA got "hacked" through an internal unofficial communication chat room, one that they were unaware of by the time. The paper discusses LinkedIn, Del.icio.us, Blogs, and highlights the basic truth that "Anything You Can Do, I Can Do Meta..", an excerpt :

"Analysts interact among themselves, as a complex community web of knowledge. Analysis of those sorts of networks would be worthwhile, and is being done in the commercial sector, through a variety of tools. In the fall of 2000, the CIA shut down a so-called “chat room” operating unofficially over Agency networks; four employees lost their jobs, with other employees and contractors given reprimands. I had left the Agency in 1994, but numerous of those involved were friends and former colleagues. My impression was that what occurred was more embarrassing than threatening, and that agency management ought to understand how and why such virtual communities form—whether they’re facilitated or frustrated by the “official” infrastructure—and appreciate their value. Various network visualization tools would have readily revealed anomalous (at least as far as official business was concerned) traffic, but analysts will want and need an environment that fosters creativity and community, and ought to be given one."

However, there's a certain degree of internal censorship going on, the way employers often have strict guidelines on employees blogging activities, the CIA recently fired an analyst over an internal blog posting related to the Geneva Convention and torture. Risk management solutions, besides visualization are, of course, taking place as well.

Related resources and posts:
Intelligence
Visualization, Intelligence and the Starlight Project
"IM me" a strike order
Covert Competitive Intelligence
India's Espionage Leaks
Japan's Reliance on U.S Spy Satellites and Early Warning Missile Systems Continue reading →

AOL's Search Leak User 4417749 Identified

A Chief Privacy Officer and basic common sense anyone?

As you all know, during the weekend 20M search queries of 650,000 AOL users leaked, and are all over the Internet available for download. It's simple unbeliavable that the only measure to ensure the privacy of the data was the "unique ID", and how often does the excuse of improving search results pop out. No need for subpoenas this time, but basic use of filtering techniques.

Seems like AOL searcher 4417749 has been identified by a NYtimes reporter :

"Buried in a list of 20 million Web search queries collected by AOL and recently released on the Internet is user No. 4417749. The number was assigned by the company to protect the searcher’s anonymity, but it was not much of a shield. No. 4417749 conducted hundreds of searches over a three-month period on topics ranging from “numb fingers” to “60 single men” to “dog that urinates on everything.” And search by search, click by click, the identity of AOL user No. 4417749 became easier to discern. There are queries for “landscapers in Lilburn, Ga,” several people with the last name Arnold and “homes sold in shadow lake subdivision gwinnett county georgia.” It did not take much investigating to follow that data trail to Thelma Arnold, a 62-year-old widow who lives in Lilburn, Ga., frequently researches her friends’ medical ailments and loves her three dogs. “Those are my searches,” she said, after a reporter read part of the list to her."

Hope AOL gets to win the Big Brother Awards, nominated for sure.

Related resources and posts:
Privacy
Still worry about your search history and BigBrother?
The Feds, Google, MSN's reaction, and how you got "bigbrothered"?
What search engines know, or may find out about us?
Security vs Privacy or what's left from it
Snooping on Historical Click Streams
Brace Yourself - AOL to Enter Security Business Continue reading →