Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

In the overwhelming sea of information, access to timely, insightful and independent open-source intelligence (OSINT) analyses is crucial for maintaining the necessary situational awareness to stay on the top of emerging security threats. This blog covers trends and fads, tactics and strategies, intersecting with third-party research, speculations and real-time CYBERINT assessments, all packed with sarcastic attitude

Wednesday, February 21, 2007

The Phishing Ecosystem

Phishing is the efficient case of online social engineering. With the ease of sending phishing emails thanks to malware infected PCs -- spamonomics 101 -- as well as many other techniques for creating the pages and forwarders phishers use to trick users -- it's indisputable how much more profitable phishing is next to spam.

This is perhaps the most detailed summary of the emerging ecosystem I've read in a while. It walks the reader through the process of acquiring the resources for the attack and tracking down the results and provides overview of how malware authors, phishers and spammers work hand to hand due to the pressure put on their actions by the industry and, of course, the countless third-party researchers. Here's a summary :

"- Get an email list
- Develop the attack
- Locate sites to send phishing emails from
- Locate sites to host the phishing site
- Launch the attack
- Collect results"

Around the industry, security researchers are again signalling the ongoing use of popular sites such as MySpace for hosting phishing pages, phishers are going Web 2.0 and starting to use Google Maps, and seems like Castle Cops the anti-phishing community witnessed a demonstration of DDoS bandwidth power which is definitely the result of the consolidated anti-phishing initiative that they manage to keep on expanding. Moreover, yet another evidence of the developing ecosystem is the fact that spam and defaced sites aren't what they used to be, namely are turning into malicious attack vectors. Despite that everyone's claiming the commercialization of this entire ecosystem, hacktivism is not dead!

The "best" is yet to come, and let's hope a more suspicious common sense on the users' part too.

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com

Monday, February 19, 2007

Cuba's Internet Dictatorship

And you thought people in China suffer from the lack of free speech expression. Here's the cheap version of the great firewall of China, this time in Cuba :

"Cuba built an Internet search engine that allows users to trawl through speeches by Cuban leader Fidel Castro and other government sites, but does not browse Web pages outside the island. Cubans cannot buy computers and Internet access is limited to state employees, academics and foreigners. Cubans line up for hours to send e-mails on post office terminals that cannot surf the World Wide Web. Passwords are sold on the black market allowing shared Internet use for limited hours, usually at night."

With Fidel Castro now seriously ill, the speeches will sooner or later turn into historical ones, the question is, which think-tank across the world would come closer in its predictions of the situation in a post-Castro Cuba next to reality? On the other hand the U.S is starving Cuba's bandwidth hunger to death, and considering their inability to invest in alternative sources for connectivity, the extend of degrading the quality of their Internet connectivity is almost unbeliavable as :

"Cuba is forced to use a costly satellite channel with only 65 megabytes per second (mbps) for upload and 124 mbps for download, he said."

Even a France Telecom customer that has upgraded service to Fiber@Home will be able to ping-to-death Cuba's entire academic community. And while Cuba recently blamed the CIA for digital espionage, it would take them unnecessary amount of time to download sensitive material remotely given Cuba's bandwidth capacity. Several other interesting events in case you remember were when Kyrgyzstan got cut off from Internet by hacker attack, and when Zimbabwe's Internet was shut down because they forgot the pay their bill. Bandwidth matters, depending on the perspective of course.

The most recent report on Censorship in Cuba is also worth going through :

"To visit websites or check their e-mail, Cubans have to use public access points such as Internet cafes, universities and “Youth computing centers” where it is easier to monitor their activity. Then, the Cuban police has installed software on all computers in Internet cafes and big hotels that triggers an alert message when “subversive” key-words are noticed."

The only way to undermine censorship is to talk about it -- and mock it.

Dancho Danchev

Sunday, February 18, 2007

Profiling Sergey Brin

Great weekend reading :

"Stepping through the sliding glass door into their office is like walking into a playroom for tech-savvy adults. A row of sleek flat-screen monitors lining one wall displays critical information: email, calendars, documents and, naturally, the Google search engine. Assorted green plants and an air purifier keep the oxygen flowing, while medicine balls provide appropriately kinetic seating. Upstairs, a private mezzanine with Astroturf carpeting and an electric massage chair afford Sergey and Larry a comfortable perch from which to entertain visitors and survey the carnival of innovation going on below. And there is ample space for walking around, which is absolutely essential for Sergey, who just can’t seem to sit still."

A story that proves for yet another time that nothing's impossible, the impossible just takes a little while. Here are some photos from Google's NYC headquarters, guess who likes to spoil its employees -- sorry Googlers -- most from all the tech companies these days? Say Google again!

Dancho Danchev

Beyond Traditional Advertising Packages

Differentiate your value proposition or cease to exist. And hey, that's on Madison Avenue :

"As a startup carrier that hadn't yet hired a pilot, Virgin needed more than just slogans and 30-second commercials. That's about when Anomaly, a two-year-old startup, brought a pitch that sounded more like a takeover bid: Carl Johnson, Anomaly's 48-year-old co-founder, hauled out plans to design the interiors of Virgin's new A320s, fashion the flight attendants' uniforms, and create the content for a pay-per-view seat-back entertainment system."

You may also find the best and worst Super Bowl -- the U.S ad industry's favorite playground -- ads entertaining. Meanwhile, Pepsi is anticipating the DIY marketing culture and is asking everyone to help them build their next billboard on Times Square. When advertising does its job millions of people keep theirs, isn't it?

Dancho Danchev

My Feed is on Fire, My Feed is on Fire!

I've never had so many people connected to me, perhaps it's the consequence of Feedburner detecting Google Readers as of this week, and yes the quality of the posts themselves. Here's an interesting opinion on the frequency of blog posting, I especially like the author's understanding of the readers' loyalty towards a blog. My ROI is still positive whatsoever -- part two of Forrester's series is also worth the read.

Dancho Danchev

Friday, February 16, 2007

Delicious Information Warfare - Friday 16th

Here are some articles and blog posts worth reading plus the related comments. Previous summaries as well.

Islamic Terrorism from Clearguidance.com to Islamicnetwork.com -- very interesting reading regarding Daniel Joseph Maldonado, and a visionary quote "It takes a community to make a terrorist and it only take a handful of people to build and maintain such communities."

Former DuPont senior scientist pleads to corporate espionage -- fresh case of corporate espionage. As always I find it a totally biased opinion with companies falling in love with their trade secrets, even coming up with numbers as high as $400M

Information warfare, psyops, and the power of myth -- decent article on the topics in today's world of war on ideologies

Glitches plague NSA's effort to track terrorists online -- Tracking terrorists online courtesy of the NSA's Turbulence program is a another $500M failure to understand the dynamics of cyberterrorism. Thankfully, there're third-party organization the NSA is definitely listening to and obtaining its intelligence giving the lack of ethnical diversity in the U.S intelligence community, one that is crucial nowadays. The cuttest quote of the day "Inside the agency, Turbulence's sensitive activities are sequestered behind passwords known to few."

Panda Software Releases Malware Radar, the First Automated Malware Audit Service -- not necessarily the first as pretty much all vendors offer online malware scan, but it's a product line extension based on recent licensing deals of Panda with other vendors

Another Malware protection engine becomes Malware enabler engine -- when the security solution ends up the security problem itself

Hackers target the home front -- great example of targeted email attacks, makes you wonder two things - what's the chance the attacks aren't really systematic but basically rather regular malware infection attempts, or the emails of top management or anyone @bank.com have been available to attackers wanting to take advantage of the insecurities of their home PCs

Turkish hacker strikes Down Under -- Why shared hosting is unserious from a security point of view

'Storm' Worm Touches Down on IM -- Storm Worm piece of malware switching vectors, interesting, but a fact demonstrating the novice experience of the malware author, as if it were an experienced one, the feature would have been build in the very first releases compared to mass mailings only

Top 10 Disrupters of 2006 -- catchy slide show and here's the full story

Microsoft's Patches -- Zero day Wednesday took place as well

Russia's Ivanov slams U.S. missile shield plans in Europe -- the proposed U.S missile shield in Eastern Europe would give Russia the excuse to do something naughty like this

Cyber officials: Chinese hackers attack 'anything and everything' -- Chinese script kiddies generating noise so that the advanced and government backed espionage attempts remain to be sorted through the noise - predictable pattern

Cuban Information Minister Blasts US Digital Espionage -- Cuba to the U.S - Stop using OSINT and data aggregation techniques against us, as you see, we don't know how to Google

The Next Big Ad Medium: Podcasts -- unless measurability improves it's all shooting into the dark for advertisers, and ad budget allocation dream come true for publishers

How to Stalk Your Family -- start by self-regulation, everyone?

Text of Email to all Yahoos -- Yahoo's CFO to all Yahoos, now if an average Yahoo is able to understand the corporate talk I'll bring the beer

China's Submarine Fleet Continues Low Patrol Rate -- outstanding analysis

Google Agrees to Buy Adscape -- Google's getting into the emerging in-game advertising market. Would a gaming company find that the lack of ads in its game can turn into a competitive advantage in the long-term?

Yahoo co-founder Jerry Yang to donate $75 million to Stanford -- never forget who you are and where you came from. Jerry Yang is donating $75M to Stanford University which as a matter of fact is largely financed by ex-disruptors, and yes tuition fees. They even hold quite some Google shares

CIA's secret prisons -- full coverage

Dancho Danchev