Jihadi PSYOPS - CIA Attacks on Terrorist Websites

Last week, the Internet Haganah reported on rumors around jihadist forums, namely, that the CIA has been attacking jihadi web sites.

Now while this is totally untrue -- the CIA would rather be monitoring instead of shuting them down, or shut them down only after they've gathered enough info -- it's a good example of twisting the facts to improve the productivity and self-esteem of the jihadists supposed to strike back. Continue reading →

Bill Gates on Traffic Acquisition and Internet Bubbles

Confused Bill Gates, but a regularly attacked one too. A rather predictable comment given he's not the only one selling the chewing gums and the soaps this time, so keep on bubbling folks. Think mature Web 2.0, think Semantic web, or at least dare to envision -- Microsoft wishes the Internet was never invented, unless of course they could sell you the license to use it.

"There are a hundred YouTube sites out there," Gates said during an interview with a group of journalists in Brussels before a speech to European lawmakers. "You never know. It's very complicated in terms of what are the business models for these sites." Some of them, including sites that offer Web-based word processing and search engines, are being promoted by their creators and analysts as possible competitors to makers of retail packaged software like Microsoft. "We're back kind of in Internet-bubble era in terms of people thinking: 'O.K., traffic. We want traffic. We want traffic,'" Gates said. "There are still some areas where it is unclear what's going to come out of that."

The very basics of Internet marketing which transform branding into communication, segments into communities for instance doesn't necessarily mean that traffic is the cornerstone of E-business. Eyeballs, thus participants marely visitors converted into revenue sources speak for themselves. Win-win-win business models need no comment. Once you get the traffic, boy, what wonders are there for you to discover, sense and profitably respond to. But then again, keep in mind that search and online video represent a tiny portion of the overal Internet user's activities. Don't look for the next Google, or the next YouTube, look beyond.

Having R&D centers on enemy territories creates more job opportunities, and improves Microsoft's comfortability with its stakeholders :

"Microsoft said that it would invest $7.8 billion globally in research and development this year, about 15 percent of sales, and it plans to spend $500 million in Europe next year. Microsoft operates its main European research center on the campus of Cambridge University in England, with other research offices in Denmark and Ireland."

While it's also cheaper to operate them in Europe than in the U.S, money cannot buy innovation and many other things, so don't get too excited but learn how to surf tidal waves, the ones Bill Gates himself predicted back in 1995.

Related posts:
5 things Microsoft can do to secure the Internet, and why it wouldn't?
Microsoft in the Information Security Market
Microsoft's OneCare Penetration Pricing Strategy Continue reading →

The Nuclear Grabber Toolkit

In case you're unaware of Nuclear Grabber's existence -- Babelfish it --WebSense commented on it in their latest "Security Trends - first half of 2006 report" :

"Another toolkit example is Nuclear Grabber, which allows an attacker to sit on a real banking site and grab data from electronic forms. Like WebAttacker, this tool is available on Russian websites. The cost of Nuclear Grabber is a hefty $3,000."

It's actually "3250 USD for a server size of 50-53kb" as the site says -- perceived pricing and profit margins greed thankfully ruin its popularity from my point of view. Advanced form grabbers like this one are always very ugly -- tavarish chto vui being so knowledgeable, yet so malicious messing up with the entry barriers in this space?!

Full scale automation in action, quite some infected folks geolocated already. Going to wash my hands now..

Continue reading →

All Your Electromagnetic Transmissions Are Belong To Us

This is worth mentioning, as while you try not to talk about these locations for as long as someone doesn't start blowing the whistle too loud, all you really need is someone to pass by and feel the hyper-sensitive harassment due to Trimingham's ELINT capabilities -- and news articles keep coming about this particular case.

"The Ministry of Defence has admitted that a fault at a radar dome was responsible for causing electrical problems with dozens of cars. Engines and lights cut out and speedometer dials swung up to 150mph as motorists drove past the dome. At the time the MoD said there was no guarantee that the Trimingham radar on the north Norfolk coast was the cause."

Read some of the memories of a serviceman that was stationed there during the 60s :

"Another story that might be of interest relates to the time that a Russian trawler went aground at Skaw. The indications were that it was an Elint (Electronic intelligence gathering) vessel as the crew hid what they were doing from an RAF Shackleton which flew overhead as part of the search and rescue mission. Whether there was any spying equipment on board is debatable. In any event, the Unst folk did well in "liberating" fishing nets and sundry bits and pieces including the steering wheel, which was subsequently returned to the Russians. However, two RAF lads ­ a steward and a cook ­ found signals, maps and other papers in the skipper's cabin, some of this hidden under his mattress. They brought these back to me and our station intelligence officer had a look at them. By chance he was a Russian linguist and was able to provide a summary of what was in the documents before they were forwarded to the RAF intelligence staff at the Ministry of Defence. One of the documents proved extremely valuable to the Navy but what amazed them was that the translated summary had been done by an RAF flying officer on Unst."

You may also be interested in going through a table that "includes all military sites which have significant intelligence-gathering or analysis capability with official US presence; these are the sites which have figures for numbers of US and UK personnel".

Trimingham's radar dome courtesy of munkt0n, and Flickr's Radars group.

Related posts:
Why's that radar screen not blinking over there?
Achieving Information Warfare Dominance Back in 1962 Continue reading →

The Blogosphere and Splogs

Just read Technorati's latest "State of the Blogosphere, October, 2006" presented with in-depth visual stats on the 57 million blogs they're currently tracking, and yes, all the splogs they're fighting to filter. Worth taking your time to go through the post, and you may also be interested in finding how come my ROI out of blogging is so positive these days.

"As we’ve said in the past, some of the new blogs in our index are Spam blogs or 'splogs'. The good news is Technorati has gotten much better at preventing these kinds of blogs from getting into our indexes in the first place, which may be a factor in the slight slowing in the average of new blogs created each day.

The spikes in red on the chart above shows the increased activity that occurs when spammers create massive numbers of fake blogs and try to get them into our indexes. As the chart shows, we’ve done a much better job over the last quarter at nearly eliminating those red spikes. While last quarter I reported about 8% of new blogs that get past our filters and make it into the index are splogs, I’m happy to report that that number is now more like 4%. As always, we’ll continue to be hyper-focused on making sure that new attacks are spotted and eliminated as quickly as possible.

My gut feeling is that since we're better at dealing with Spam now, even some of the blue areas in last quarter's graph were probably accountable to spam, which would mean that rather than the bumpy ride shown above, we're actually seeing a steady increased (but slower) growth of the blogosphere. Hopefully we'll be able to have a more detailed analysis of these issues next quarter."

Meanwhile, the splogfigher is doing an amazing job of analyzing and coming up with exact splog URLs -- I'm reposting so that third-parties of particular interest reading here take a notice -- and week ago came up with 150,000 splogs, notice the dominating blogging platform? Blogspot all the way!

"I see that Google has been deleting quite a large number of splogs but even then they are on average about 20% effective. What that means is if a single spammer creates 1000 splogs, Google will eventually delete at most about 200 of them leaving 800 alone. Obvously this is rather poor percentage and hopefully my efforts will bump up that figure close to 90% and above.

20061030_1.txt - 19401 splogs
20061030_2.txt - 4332 splogs
20061030_3.txt - 8936 splogs
20061030_4.txt - 8794 splogs
20061030_5.txt - 18912 splogs
20061030_6.txt - 5158 splogs
20061030_7.txt - 70755 splogs
20061030_8.txt - 1182 splogs
20061030_9.txt - 11410 splogs
20061030_10.txt - 968 splogs
20061030_11.txt - 1584 splogs
Here is a tarball of all splog list files listed above: 20061030.tar.gz"

Obviously, spammers are exploiting Blogspot's signup process, and I really feel it's about time Google starts tolerating more errors with users having trouble reading a sophisticated CAPTCHA, compared to its current too user-friendly and easily defeated one. They can balance for sure. Something else to consider, take for example the splogs collected for May, and whole the splogfighter is pointing out on the engineered 404s and Google's efforts in removing them, I was able to verify content response from over 200 splogs reported back then, take cigar-accessories-2008.blogspot.com for instance -- anyone up for crawling the lists and clustering the results? Once the signup process is flawed, not even the wisdom of crowds flagging splogs can help you.

Another recommended and very recent analysis "Characterizing the Splogosphere" is also full of juicy details, and statistical info on the emerging problem. Spammers are anything but old-fashioned. Continue reading →

Delicious Information Warfare - Friday

Wish I could blog everything I read and makes me an impression but that's not the point. The point is to emphasize on the big picture, and find the balance between information overload and information underload.

01. North Korea, Turkmenistan, Eritrea the worst violators of press freedom - Journalists in North Korea, Eritrea, Turkmenistan, Cuba, Burma and China are still risking their life or imprisonment for trying to keep us informed. to FreeSpeech Censorship

02. When North Korea Falls - The furor over Kim Jong Il’s missile tests and nuclear brinksmanship obscures the real threat: the prospect of North Korea’s catastrophic collapse. How the regime ends could determine the balance of power in Asia for decades. The likely winner? China to Geopolitics

03. U.S. revives terror data mining - In response to concerns about the program's privacy and civil liberties implications, Congress in 2003 cut all funding for it, but research continued in different agencies, funded by classified appropriations for Pentagon intelligence agencies. to Intelligence Terrorism

04. Singapore Slings Censorship - StarHub Cable Vision of Singapore is being fined $6,350 for showing footage of lesbian sex and bondage during episodes of the reality program "Cheaters." to Censorship Singapore

05. Googlers Worldwide - Number of Google employees 2004-2006. to Google

06. Can IPS Alleviate The Botnet Problem? - Next-Generation IPS devices bring a number of extra benefits, and solve many of the botnet problems. When deployed at the network edge, IPS devices can see all traffic entering and exciting the network. to Security Malware Botnet IPS

07. Abu Ghraib Photos, Videos To Come - The ACLU has sought the release of 87 photos and four videotapes taken at the prison as part of an October 2003 lawsuit demanding information on the treatment of detainees in U.S. custody and the transfer of prisoners to countries known to use torture. to Military PSYOPS

08. 'Censorship' controversy? Sometimes it's just part of the ad campaign - NBC and the CW network had refused to run ads in which the singer Natalie Maines refers to President George W. Bush with an expletive and as "dumb." to Censorship Advertising

09. Rutkowska: Anti-Virus Software Is Ineffective - Stealth malware researcher Joanna Rutkowska discusses her interest in computer security, the threat from rootkits and why the world is not ready for virtual machine technology. to Malware Interview

10. Under Fire, Soldiers Kill Blogs - Some of the web's more popular "milblogs" -- blogs maintained by present or former active duty military personnel -- are going quiet following a renewed push by U.S. military officials to scan sites for security risks. to Blog Military OPSEC

11. Is Google Evil? - Internet privacy? Google already knows more about you than the National Security Agency ever will. to Google Privacy

12. Google Earth Update of Eyeballs 1 - ECHELON's Global Stations - Sebana Seca Echelon Station, Pine Gap Echelon Station, Geraldton Echelon Station, Misawa Echelon Station, Kunia Echelon Station, Waihopai Echelon Station. to OSINT ECHELON Intelligence SIGINT

13. U.N. blasts Cisco, others on China cooperation - "It's the same equipment that we sell in every country around the world in which we sell equipment," said Art Reilly, Cisco's senior director for strategic technology policy. "There is no differentiation." to Censorship China Microsoft Google Yahoo Cisco

14. GAO: Better coordination of cybersecurity R&D needed - DOD officials told GAO that the department provided about $150 million to its cybersecurity research programs in fiscal 2005. to Security

15. The Reinvention Of Martha Stewart - Stewart no longer has total control over the brand she built. She still owns the bulk of the company's stock and holds 92% of the voting power--prompting speculation that she may one day take it private--but she can't dictate the agenda. to Branding

16. Raytheon Announces Revolutionary New 'Cockpit' For Unmanned Aircraft - "We took the best-of-breed technologies from the gaming industry and coupled them with 35-years Raytheon UAS command and control expertise and developed a state-of-the-art universal cockpit built around the operator". to Military UAV

17. The Tangram Intelligence Program - The Tangram program makes no distinction between intentional and deliberate acts to avoid detection versus the consequences of spotty collection and reporting of intelligence. to Intelligence TIA Tangram

18. Intellipedia - a Classified Wiki - Intellipedia is a classified wiki that runs on JWICS, the top-secret network Intelink that links the 16 agencies that comprise the U.S. intelligence community. It is not accessible to the public. to Intelligence Wikipedia

19. China: We don't censor the Internet. Really - We have hundreds of journalists in China, and some of them have legal problems. It has nothing to do with freedom of expression. to Censorship China FreeSpeech

20. Ratings Table of EU and Leading Surveillance Societies - This year Privacy International took the decision to use the report as the basis for a ranking assessment of the state of privacy in all EU countries together with eleven benchmark countries. to Privacy Surveillance 1984

21. Watch a live spam bot in action - Take a peek with me into one trojan’s junkmail activities. The following account is happening as I type, and shows that some image spam is not unique even though it appears to be random. to Malware Bots Spam

22. OS X proof of concept virus -Macarena - OSX.Macarena is a proof of concept virus that infects files in the current folder on the compromised computer. to Malware MAC

23. American Leadership and War - Which presidents and political parties were responsible for America's deadliest wars? Republicans, Democrats, or the Founding Fathers? This map answers our question by illustrating the history of American conflict from the Revolutionary War to Iraq. to Military War Leadership

24. Diebold slams HBO Hacking Democracy documentary - According to Diebold, 40 per cent of votes this November will be recorded electronically with its own machines accounting for 40 per cent of that market. to Security Diebold Voting Continue reading →

FAS's Immune Attack Game

Professor Falken would have loved this one. The Federation of American Scientists recently released their report from the Summit on Educational Games, and an upcoming educational game :

"Immune Attack is a first person strategy PC video game that teaches immunological principles through entertaining game play. The protagonist, a teenaged prodigy with a unique condition in which the immune system is “present, yet non-functional”, must pilot a microscopic nanobot to save his own life. He must teach his semi-functional immune system to fight off diseases and bacterial/viral infections by programming individual cell types. This programming is accomplished through the successful completion of various educational minigames, each of which teach a central immunology principle and, once completed, confer added ability to the selected cell type."

Here're two more reports you may find informative on the future of learning through games -- the game addicts still got a chance.

Continue reading →

Proof of Concept Symbian Malware Courtesy of the Academic World

Know your enemy to better predict his moves and future strategies as Symbian malware optimization is getting the necessary attention from the academic community :

"The University of Santa Barbara's software group released the source code for their proof of concept 'Feakk' worm that was developed by Paul Haas in March 2005. The worm uses SMS to send a hyperlink to its target. The targeted user then has to visit the hyperlink and download and acknowledge three sets of prompts in order for the worm to install, at which point it will immediately start to run in the background. It will scan the user's contact list and send a message to each contact (including the recipients' names) and will also scan for new contacts at certain intervals.

Upon installation, the worm checks for a contact with the first name "HACKME." If this isn't found the worm will exit. If it is found, then the worm sends itself to every mobile number it finds in the user's contact list. The author did not write a payload because this was for demonstration purposes only and it should be noted that it can be removed via the "Uninstall List."

While malware authors will turn the concept into a commodity, it doesn't exploit a speficic OS vulnerability, thus the possibility of large scale outbreaks doesn't really exist at all. In a previous post I commented on some future developments related to the penetration of mobile devices in our daily lifes and the trust factor assuming whoever holds the handset is actually the one using it :

"Malware authors indeed have financial incentives to futher continue recompling publicly available PoC mobile malware source code, and it's the purchasing/identification features phones, opening a car with an SMS, opening a door with an SMS, purchasing over an SMS or direct barcode scanning, mobile impersonation scams, harvesting phone numbers of infected victims, as well as unknowingly interacting with premium numbers are the things about to get directly abused -- efficiently and automatically."

Digitally fingerprinting mobile malware may be marketable, but it's rather useless as we've seen in the past compared to basic user awareness.

I feel the University of Santa Barbara's software group are very much on the right track, conducting research on OS and application specific vulnerabilities, as they've released quite some interesting papers during 2006 :

Advanced Attacks Against PocketPC Phones
PocketPC MMS - Remote Code Injection/Execution Vulnerability and Denial-of-Service
Vulnerability Analysis of MMS User Agents
Security of Smart Phones
Using Labeling to Prevent Cross-Service Attacks Against Smart Phones Continue reading →

Fake Search Warrant Generator

In response to Christopher Soghoian's home raid -- the masked superhero by night -- a fake search warrant generator was just released :

"for district courts all across the United States with the intent of improving national security by reducing the amount of time it takes for our public guardians to create search warrants."

Sarcasm's most effective when having a point. Continue reading →

Greetings Professor Falken

The classic that originally started the war dialing generation seems to never fade, and its core idea of simulating a Global Thermonuclear War has motivated the authors of Defcon - The Game to come up with a fully realistic representation of it. I recently took the time to play around with it -- it's so compact you can even play it on a removable media --, and I must say I never enjoyed seeing my missile projections and the sound effects out of my launches. The trailer speaks for itself!

Rule number one of thermonuclear war, launch your ICBMs as soon as you hear the Defcon 1 alert, or you risk lossing your silos due to the AIs "shooting into the dark" or conducting reconnaissance, however, keep one silo -- each has 10 ICBMs reaching anywhere on the map -- as you wouldn't be able to hit the biggest cities by the time you don't neutralize the surrounding air-defense. Submarines are sneaky and very powerful with each holding 5 missiles, but firing occures if the target is within range so make sure you position yourself where you should be. Sea and air-to-air battles are very common and there aren't any land conflicts at all. Make sure you don't fire from numerous submarines simultaneously, as if there's a figher in the air it will detect and attack the submarrine. On the other hand, use fighters to distract the air-defense firing at them while your ICBMs pass through and reach their target.

If I were to descibe the WarGames simulation in two words, that would be, tense and very addictive. Moreover, you don't need a multi-million game or movie budget to make an impression, as this game, and "The Day After" do. Goodbye Europe -- alliances are a powerful force given you convince some AIs to ally with you, but at the end there could be only one winner. Continue reading →

Face Recognition on 3G Cell Phones

Face recognition isn't just done at home courtesy of MyHeritage.com, but on-the-go with yet another release of face recognition authentication for cell phones by a leading mobile operator in Japan :

"Security features include biometric authentication (user's face) and compatibility with DoCoMo's Omakase Lock™ remote locking service, as well as the Data Security Service™ for backing up phonebooks and other important data on a network server. The model can function as an e-wallet, timecard and personal identification card for accessing restricted areas."

The concept has been around for quite some time, but with Japan representing one of the most mature markets for mobile devices -- right after South Korea -- the feature would briefly gain popularity and acceptance. The interesting part is the security vs usability issue as if the face recognition doesn't provide perfect results in every environment and under external factors such as darkness or even brightness, by the time the technology matures, a secret question to further authenticate or good old PIN code would do the work.

Here's a very well sorted library of various research on the topic, and an interesting service that's sharing a stolen phone's photos.

Continue reading →

Real-Time Spam Outbreak Statistics

Following my previous posts on "Real-Time PC Zombie Statistics", and "Email Spam Harvesting Statistics", you may also find WatchGuard's recently released real-time spam outbreak statistics entertaining :

"Once in a while as I'm getting flooded with some particularly repititious spam bomb, I wonder whether other networks are receiving the same dumb stuff. And occasionally, I wonder where it originated from.

Both questions are readily answered with a nifty Web utility provided by the CommTouch Detection Center. [Full disclosure: WatchGuard's spamBlocker product is powered by a license with CommTouch.] The utility shows a map of the world, with red spots indicating the approximate location of new spam outbreaks. If you hover your cursor over any of the red zones, a popup box shows the subject lines of the most recently detected spam. It's an easy, instant way to verify whether an email you received is part of a spampaign."

Naturally, the stats are only limited to the vendor's sensor network worldwide, whereas you still get the chance to feel the dynamics of spam outbreaks worldwide. I often speculate -- and got the case studies proving it -- that the more pressure is put on spammers, phishers and malware authors, the higher would their consolidation become. For the time being, spammers are mostly utilizing the cost-effective one-to-many communication model, and their ROI -- where the investment is in renting infected zombie PCs -- is positive by default without them even segmenting, targeting and actually reaching the most gullible audience. If spammers change this model, it would mean a much faster email services worldwide, but for the time being, number of messages sent compared to basic marketing practices seems to be the benchmark.

Spammers got the "contact points", malware authors the platform and the payload, and phishers the social engineering "know-how", I find spammers missing so badly these days -- the trade off for delivering the spam through content obfuscation is the quality of the message itself. Trouble is, they'll soon realize that marriage is better than the divorce and unite forces given the pressure.

UPDATE: "Bot nets likely behind jump in spam" discusses the consolidation, or the possibility for services on demand. Via Sunbelt's blog. Continue reading →

ShotSpotter - Gunshot Sensors Network

ShotSpotter is :

"a network of noise sensors that identifies and pinpoints gunfire. Over the past few weeks, the technology has guided police to three homicides in Southeast Washington, and in one case officers got there rapidly enough to make an arrest.

ShotSpotter complements 48 surveillance cameras installed in many city neighborhoods. But unlike the cameras, which are checked after the fact, ShotSpotter gets word to police as soon as bullets start flying -- in many cases before anyone has a chance to call 911. Over the past two months, the sensors, roughly the size of coffee cans, have been hidden atop buildings in many sections of Southeast Washington."

Innovative, but how well is it performing when it comes to filtering a three cars synchronized gangsta rap music, and the not so fashionable, but adaptive use of silencers? It makes me think on the possibility of disinformation by criminals knowing someone's listening and responding to gunshots. On the other hand, it could have ever wider acceptance in a war zone acting as an early warning system.

UPDATE: Techdirt's comments on the system. Continue reading →

Ms. Dewey on Microsoft and Security

She sure knows "all these little ones and zeroes", and your social security number altogether. I like the idea, reminds of the futuristic holograms of Einstein acting as interactive Wikipedia which when asked about WWII starts projecting battles -- she's thinking way too long, but as she pointed out she's just a chick in front of your computer. Continue reading →

What are you Looking at?

You piece of EyeBall surveillance camera! Continue reading →

The Surveillance System About to Get Overloaded

I wounder would they later on publicly announce "Hall of Fame/Shame" of the most regular drinkers, and actually use to data to fuel growth in local anti-drinking initiatives based on the most "affected" regions? Beer fingerprints to go UK-wide :

"The government is funding the roll out of fingerprint security at the doors of pubs and clubs in major English cities. Funding is being offered to councils that want to have their pubs keep a regional black list of known trouble makers. The fingerprint network installed in February by South Somerset District Council in Yeovil drinking holes is being used as the showcase."

Use a public WC - Big Brother's peeping, have a beer - it's on Big Brother's bill, and if this isn't a total abuse of technology and tax payer's money to spy on them, what is? A system like this would be useless to local bartenders, to be honest their experience for spotting the drunken monkeys or knowing them would prove invaluable in this case. From another perspective, these trouble makers, given they don't trash the place, are actually among the major consumers there.

The article makes a good point through - if pubs and clubs get extra monitoring, domestic violance increases, so would you install CCTVs at home to prevent it through the "psychological effect" as well? Continue reading →

China's Information Security Market

China's information security market is very much into the introduction stage, with perimeter based defenses acting as the main security solutions purchased there :

"Statistics shows that the size of China information security market arrived at RMB 1080 million Yuan in Q2 2006, 21.35% higher than the same period of last year, and 6.93% more than Q1. In Q2 2006, sales revenue of firewall products was RMB 474 million Yuan, and anti-virus software is RMB 305 million Yuan. Figure2 demonstrates different security products market shares. Figure3 and Figure 4 list major vendors of firewall software and anti-virus software, respectively."

It's perhaps the perfect timing for you to find reliable channel partners and position yourself on the local market that's about to attract even more government attention with the ongoing networking of China, thus a more foreign-business-friendly security market than it is today. Among the most recent, and free of course, research on the security market in China I often find myself coming back to is Yan Liu's thesis on the current and future market trends. From an investor's or analyst's point of view, you may also find The Global State of Information Security in 2006 a very informative and rich on visual materials survey. Continue reading →

Detecting Malware Time Bombs with Virtual Machines

Back in June, details on an event that happened during 2002 started emerging, namely UBS bank's employee use of a logic bomb on the internal network that naturally had the type of insider empowerment it needed to spread :

"According to prosecutors, shortly after Duronio created the code in late 2001, he quit his job and banked thousands in "put" options against UBS, in which he would profit if the company's stock price declined by March 15, 2002, as a result of the attack he had allegedly set to launch against computer systems on March 4. Prosecutors said that "within an hour or so" of walking out the door from UBS, Duronio was at a securities office buying "puts" against UBS. The mail fraud charges relate to confirmation of purchases of the puts that were sent through the U.S. Postal Service. The damage caused by the malicious code impaired trading at the firm that day, hampering more than 1,000 servers and 17,000 individual work stations. The attack cost UBS about $3 million to assess and repair, said Assistant U.S. Attorney V. Grady O'Malley. "It took hundreds of people, thousands of man hours and millions of dollars to correct," O'Malley told jurors."

And while this isn't the last time logic bombs are used -- examples during the 80's -- it's important to note how flexible that type of malware could be, going way beyond the most common trigger - a specific date and time.

The authors of "Detecting Malware Timebombs with Virtual Machines" conducted research on automated early warning system to shorten the time necessary to estimate the exact timetable of a malware in question :

"Worms, viruses, and other malware can be ticking bombs counting down to a specific time, when they might, for example, delete files or download new instructions from a public web server. We propose a novel virtual-machine-based analysis technique to automatically discover the timetable of a piece of malware, or when events will be triggered, so that other types of analysis can discern what those events are. This information can be invaluable for responding to rapid malware, and automating its discovery can provide more accurate information with less delay than careful human analysis."

It successfully analyses Code Red, Klez, MyParty, Blaster, CME-24 and speculates on the future of the automated process. Worth reading and rethinking is the Internet's infected population actually the zombies, or aren't they the ones who still haven't been awakened? Continue reading →

A Cost-Benefit Analysis of Cyber Terrorism

What would the ROI be for a terrorist organization wanting to take advantage of cyberterrorism, and how would they measure it?

Provocative perspective trying to emphasize on the minimal resources required to develop a cyberterrorism platform, with very interesting assessments of various financial issues and possible casualties. "A Cost-Benefit Analysis of Cyber Terrorism" tries to answer:

"Would cyberterrorism be a viable option for terrorists? This article addresses these questions assuming that a hypothetical terrorist group, interested in adding cyberterrorism to its arsenal, de-cides to engage in a cost-benefit analysis to assess the payoffs and investment re-quired by such a new endeavor. The conclusions are that cyberterrorism is not a very efficient substitute for more traditional tools like bombs. It is more effective for the terrorists to exploit information infrastructures to fight a “war of ideas,” spreading their beliefs and points of view."

While the publication is released two years ago, it has recently come to the global attention that Hezbollah aren't exactly the type of cave-hiding individuals, ones fully realizing the concept of outsourcing instead of re-inventing the wheel. While attacks on the critical infrastructure, namely frontal cyberterrorism attacks are still priority number one, and the possible scenarios already tested numerous times, this "cyberterrorism myopia" created many other dimensions of the concept.

What went beneath the radar and consequently evolved?
- online radicalization, propaganda, communication, recruitment, education, and fund-raising actually produce the "traditional terrorists"
- PSYOPS twisting the very foundations of the religion for the sake of a cause
- religious extremism started targeting more easily influenced/brainwashed youngsters while CCTVs were installed on the hot spots, and new IDs when homegrown terrorists make the news
- Hezbollah using U.S hosting companies since 1998
- OSINT backed PSYOPS improving the truthfulness of the statements

Keep on reading and data mining. Continue reading →

The Stereotyped Beauty Model

If women/girls didn't hate each other so much, they could rule the world. Nice ad counter-attacking the entire "chickness ad model". Feels like Unilever got so successful promoting it, so that now they have to reposition themselves as a socially oriented company, not masters of Photoshop whose virtual creations directly influence McDonald's business model. Continue reading →