Zone-H recently reported yet another major hacktivism case in what's stated to be the biggest hacking incident in the web-hosting history-- single hack, multiple targets exposed and their audiences' attention "acquired". The very same type of tension happened several weeks ago due to the Muhammad cartoons. It may seem questionable whether Hacktivism would survive in today's for-profit online crime world, but discussion and execution opens up new boundaries the way the author of this research did.
I feel I went through what's perhaps the most recent and extensive research done on Hacktivism, "Hacktivism and the Future of Political Participation" by Alexandra Samuel -- a perfect moment to mention the daily updated security resources, that I go through instantly, hudreds more will soon be shared as well!
The disertation "looks at the phenomenon of hacktivism: the marriage of political activism and computer hacking. It defines hacktivism as the nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. Those tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development. The dissertation uses data from fifty-one interviews in conjunction with additional primary and secondary source material. This data is used to construct a taxonomy of hacktivism, and apply the taxonomy to three core issues in political participation."
The big picture, the details, and everything in between, how fast can you print, bind and read this masterpiece?
Tuesday, May 23, 2006
The Current, Emerging, and Future State of Hacktivism
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Arabic Extremist Group Forum Messages' Characteristics
Ever wondered what's the font size of a terrorist forum posting? These guys are really deep into using AI for gathering intelligence on various Cyberterrorism threats, and as you can see they neatly visualize their findings. "Applying Authorship Analysis to Extremist-Group Web Forum Messages" by Ahmed Abbasi and Hsinchun Chen, University of Arizona seem to have found a way, or at least patters of ongoing terrorist communication, and of course propaganda online. What they did was :
"To explore these problems, we modified an existing framework for analyzing online authorship and applied it to Arabic and English Web forum messagesassociated with known extremist groups. We developed a special multilingual model—the set of algorithms and related features—to identify Arabic messages, gearing this model toward the language’s unique characteristics. Furthermore, we incorporated a complex message extraction component to allow the use of a more comprehensive set of features tailored specifically toward online messages. A series of experiments evaluating the models indicated a high level of success in identifying communication patterns."
Social network analysis has a lot of potential, and with data mining it seems to be the perfect match for the recent trouble with NSA's domestic spying program. DearNSA.com and the Patriot Search are aiming to solve the problem for both parties -- efficiently.
There's a lot of propaganda chat going on online all the time, and among the very few limitations that bother me about such web aggregation of open source information are the use of steganography, or plain-simple Dark Web (closed for crawlers with basic/sophisticated authentication in place) communication -- remember there's a lot of noise to sort out through as well.
"To explore these problems, we modified an existing framework for analyzing online authorship and applied it to Arabic and English Web forum messagesassociated with known extremist groups. We developed a special multilingual model—the set of algorithms and related features—to identify Arabic messages, gearing this model toward the language’s unique characteristics. Furthermore, we incorporated a complex message extraction component to allow the use of a more comprehensive set of features tailored specifically toward online messages. A series of experiments evaluating the models indicated a high level of success in identifying communication patterns."
Social network analysis has a lot of potential, and with data mining it seems to be the perfect match for the recent trouble with NSA's domestic spying program. DearNSA.com and the Patriot Search are aiming to solve the problem for both parties -- efficiently.
There's a lot of propaganda chat going on online all the time, and among the very few limitations that bother me about such web aggregation of open source information are the use of steganography, or plain-simple Dark Web (closed for crawlers with basic/sophisticated authentication in place) communication -- remember there's a lot of noise to sort out through as well.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Espionage Ghosts Busters
In previous posts, "Insider Competition in the Defense Industry", and "The anti virus industry's panacea - a virus recovery button" , I gave examples of insider trading, of malware infecting border-screening computers, or the plain truth on how U.S "manufactured" PCs are actually assembled in China these days.
Obviously, plain old paranoia without solid background still dominates as "Representative Frank Wolf (R-VA) has announced that the State Department has agreed not to use 900 computers purchased from Chinese-owned Lenovo on classified computer networks. The US-China Commission, a bipartisan congressional commission, raised concerns when State announced the purchase of 16,000 desktop computers from Lenovo, with 900 to be used on secret networks connected to the Defense Department's classified SIPRnet (Secret Internet Protocol Router Network). State is changing its procurement process to better track changes in vendor ownership that could impact national security."
There's a common myth that a nation's military uses a specially dedicated networks, ones greatly differing from the standart OSI model the way we know it -- which is wrong as it would limit the usability, and increase the costs of operating. My point is that, even a PC sold by Dell would eventually run a Microsoft OS, thus exposing it to the monocultural insecurity by itself, and the human weaknesses of the person operating the PC itself, not guarding the SIPRnet
perimeter.
It would be easier for Chinese hackers or government entities to take advantage of client side attacks on any of these systems, then to ship them backdoor-ready risking too much in case of possible espionage fiasco. There have been known cases of malware leaking nuclear plant information, or employees P2Peering sensitive/classified information. Be it, hardware keyloggers, logic bombs, BIOS rootkits, given the scrutiny, even a slight ambition might have vanished in the air. Modern spy gadgets are evolving, espionage cases are still happenning and some get even public, but in case you're interested in the true ghost covert operative - stay tuned for the Stand Alone Complex Novel!
Obviously, plain old paranoia without solid background still dominates as "Representative Frank Wolf (R-VA) has announced that the State Department has agreed not to use 900 computers purchased from Chinese-owned Lenovo on classified computer networks. The US-China Commission, a bipartisan congressional commission, raised concerns when State announced the purchase of 16,000 desktop computers from Lenovo, with 900 to be used on secret networks connected to the Defense Department's classified SIPRnet (Secret Internet Protocol Router Network). State is changing its procurement process to better track changes in vendor ownership that could impact national security."
There's a common myth that a nation's military uses a specially dedicated networks, ones greatly differing from the standart OSI model the way we know it -- which is wrong as it would limit the usability, and increase the costs of operating. My point is that, even a PC sold by Dell would eventually run a Microsoft OS, thus exposing it to the monocultural insecurity by itself, and the human weaknesses of the person operating the PC itself, not guarding the SIPRnet
perimeter.
It would be easier for Chinese hackers or government entities to take advantage of client side attacks on any of these systems, then to ship them backdoor-ready risking too much in case of possible espionage fiasco. There have been known cases of malware leaking nuclear plant information, or employees P2Peering sensitive/classified information. Be it, hardware keyloggers, logic bombs, BIOS rootkits, given the scrutiny, even a slight ambition might have vanished in the air. Modern spy gadgets are evolving, espionage cases are still happenning and some get even public, but in case you're interested in the true ghost covert operative - stay tuned for the Stand Alone Complex Novel!
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Nation Wide Google Hacking Initiative
The idea of doing reconnaissance for the purpose of pen testing or malicious activity through google hacking, has already reached levels of automation -- the problem is how the threat gets often neglected by those that actually suffer from a breach later on. I came across to an article pointing out that :
"Anyone who wants to hack into sensitive information on New Zealand internet sites might be pleased to know it can be as easy as typing keywords into a Google search. Researchers at Massey University’s Albany campus say the country’s websites are more vulnerable to "Google hacking" than anywhere else in the world. University Information and Mathematical Sciences Institute senior lecturer Dr Ellen Rose and graduate student Natalia Nehring recently completed a study into the topic."
Not exactly a type of cyberterrorism exercise such as the most recent DigitalStorm, but it's logical to conclude that if someone takes the time and effort to data mine the web, localize the attack like in this case, a lot will be revealed. In a recent article, CSOonline goes in-depth into the security implications posed by Google. I once had a chat with Johnny Long on many topics, among the "few", of course, was google hacking. He made a good point on saying that it's whatever you actually do with the results that matters most, and how diverse is the threat -- by googling your lights off for instance.
What you should keep in mind is that it isn't Google to blame, the way "Improving the Security of Your Site by Breaking Into it" provoked awareness, and not damage. Think the problem isn't big of a shot -- gather some intelligence by yourself through the Google Hack Honeypot project.
"Anyone who wants to hack into sensitive information on New Zealand internet sites might be pleased to know it can be as easy as typing keywords into a Google search. Researchers at Massey University’s Albany campus say the country’s websites are more vulnerable to "Google hacking" than anywhere else in the world. University Information and Mathematical Sciences Institute senior lecturer Dr Ellen Rose and graduate student Natalia Nehring recently completed a study into the topic."
Not exactly a type of cyberterrorism exercise such as the most recent DigitalStorm, but it's logical to conclude that if someone takes the time and effort to data mine the web, localize the attack like in this case, a lot will be revealed. In a recent article, CSOonline goes in-depth into the security implications posed by Google. I once had a chat with Johnny Long on many topics, among the "few", of course, was google hacking. He made a good point on saying that it's whatever you actually do with the results that matters most, and how diverse is the threat -- by googling your lights off for instance.
What you should keep in mind is that it isn't Google to blame, the way "Improving the Security of Your Site by Breaking Into it" provoked awareness, and not damage. Think the problem isn't big of a shot -- gather some intelligence by yourself through the Google Hack Honeypot project.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Comments (Atom)