Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, April 02, 2013


Two weeks ago, some 30,000 systems at South Korean banks and broadcasters were wiped out in a coordinated attack – it might have come from North Korea, but investigators are still chasing basic details. “We judge that there is a remote chance of a major cyber attack against U.S. critical infrastructure systems during the next two years that would result in long-term, wide-scale disruption of services,” wrote U.S. Director of National Intelligence James Clapper. .“Our critical infrastructures are all identifiable: they’ve been probed, and they’ve been mapped,” said Frank Cilluffo, Director of the Homeland Security Policy Institute at George Washington University last week in testimony before the House Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies. Last month security firm Mandiant fingered the Chinese People’s Liberation Army as brazenly running cyber operations out of a 12-story building in Shanghai – alleging this “APT1″ unit is one of dozens of hacking outfits run by the Chinese military. Iran is believed to be behind persistent denial-of-service attacks against Bank of America, JPMorgan Chase, Citi, and U.S. government sites during 2011 and 2012, as well as a destructive attack against Saudi Aramco and Qatar’s RasGas last year where malware wiped out more than 30,000 workstations. Where denial-of-service and outright destructive attacks might be a digital form of sabre-rattling for some regimes– or make for great movie plots– cyber espionage is the bread and butter of much state-sponsored online action.

“In the last few years we have shown enough data that proves that the number and complexity of these attacks have been increasing steeply,” said Jamie Blasco, manager of the Vulnerability Research Team at open source security firm AlienVault.

“Legal firms may be the biggest target of nation states because they have so much proprietary information in their systems,” noted Tim Keanini, chief research officer at enterprise security firm nCircle.

However, last month President Obama signed an executive order giving the Secretary of Homeland Security until mid-July to extend the definition of critical infrastructure to include organizations “where a cybersecurity incident could reasonably result in catastrophic regional or national effects.” “That’s not the same as destruction, but it can have a huge impact on companies that live and breath on just-in-time inventories and the ability to connect with their customers immediately.”

Sophisticated, highly-modular malware like Flame isn’t produced by a lone hacker pulling in a few all-nighters, but almost certainly represents skills and sustained efforts of well-compensated professional programmers – or at least a big bankroll and a willingness to ply the black market for exploits. Exploits and techniques developed by state-sponsored efforts can be leaked or reverse-engineered just like any other malware, making their way into the hands of traditional cybercriminals and widely-available exploit collections like Blackhole, Phoenix, and RedKit.

Engaging hacker groups or online criminals to assist with cyber attacks could give nations a way to deny responsibility; however, it could also mean hackers and cybercriminals may have access to the state’s technical and fiscal resources.


Posted on 04/02