Posts Tagged 'attacks'

Air Force looking into botnet defense system?

Back in the Cold War era, the military’s plans for developing the next generation of war-fighting capabilities were always a closely guarded secret; programs for developing cutting-edge bombs and missiles were highly classified, and you certainly didn’t need the public’s permission to invent new ways to roast the enemy. But in the Internet era, the technical realities associated with carrying out cyber warfare on a largely civilian network infrastructure dictate that if you build a massive military botnet aimed at shutting down enemy networks with distributed denial-of-service (DDoS) attacks, then you can expect that the public will find out what you’re up to sooner or later. And they may not be all that happy about it.

Hence articles like the one that Col. Charles W. Williamson III recently published in the Armed Services Journal (via Slashdot), wherein he tries to make the public case for a military botnet as a prelude to actually building such a beast and placing it under the Air Force’s control. Williamson’s article fleshes out a number of things that have been hinted at so far in the ongoing public relations offensive that has followed the official unveiling of the new Air Force Cyber Command (AFCYBER). (link)

Epilepsy site hacked to cause seizures

Computer attacks typically do not inflict physical pain on their victims.

But in a rare example of an attack apparently motivated by malice rather than money, hackers recently bombarded the Epilepsy Foundation’s website with hundreds of pictures and links to pages with rapidly flashing images.

The breach triggered severe migraines and near-seizure reactions in some site visitors who viewed the images. People with photosensitive epilepsy can get seizures when they’re exposed to flickering images, a response also caused by some video games and cartoons.

The attack happened when hackers exploited a security hole in the foundation’s publishing software that allowed them to quickly make numerous posts and overwhelm the site’s support forums. (link)

Security vendor discovers database of stolen FTP usernames and passwords

A fresh discovery by security vendor Finjan Inc. provides yet another example of how easy it is becoming for almost anyone to find the tools needed to break into, infect or steal data from corporate Web sites.

The San Jose-based vendor announced today that it has uncovered an illegal database containing more than 8,700 stolen File Transfer Protocol server credentials including usernames, passwords and server addresses. Anyone can purchase those credentials and use them to launch malicious attacks against the compromised systems.

The stolen credentials belong to companies from around the world and include more than 2,500 North American companies, some of whose Web sites are among the world’s top 100 domains, according to Yuval Ben-Itzhak, Finjan’s chief technology officer.

The FTP credentials would allow malicious hackers to break into and upload malware of their choice to compromised servers literally with a click or two, he said. “You could pick any server you wanted in the list, pay for it” and launch an attack with very little effort, Ben-Itzhak said. (ComputerWorld)

Security threats not gender specific, nor is knowledge

When it comes to online security, everyone thinks they’re an expert. Especially men, it seems, as a new “report” funded by security software maker AVG suggests. The company says that, like most things, men tend to think that they know more about online security than women. That’s apparently not true, however, as AVG states that everyone suffers online attacks equally, despite what they may think.

The findings come from a survey of 1,400 adults in the UK about their own knowledge of security while using the ‘Net. Men were exceptionally confident in their own security prowess, and only 4 percent of them said they didn’t know what kind on online protection they had in place.

But confidence doesn’t always translate into reality, it seems. AVG’s survey found that a third of all users—both men and women—had suffered some form of identity theft. And when asked whether they would change their habits as a result, only 20 percent said that they would. I guess when it comes to being complacent, men and women are on equal ground. link

Student behind Estonian DoS attacks

Last May, the web sites of a number of high-ranking Estonian politicians and businesses were attacked over a period of several weeks. At the time, relations between Russia and Estonia were chillier than usual, due in part to the Estonian government’s plans to move a World War II-era memorial known as the Bronze Soldier (pictured below at its original location) away from the center of the city and into a cemetery. The country’s plan was controversial, and led to protests that were often led by the country’s ethnic Russian minority. When the cyberattacks occurred, Estonia claimed that Russia was either directly or indirectly involved—an allegation that the Russian government denied.

Almost a year later, the Russian government appears to have been telling the truth about its involvement (or lack thereof) in the attacks against Estonia. As InfoWorld reports, an Estonian youth has been arrested for the attacks, and current evidence suggests he was acting independently—prosecutors in Estonia have stated they have no other suspects. Because the attacks were botnet-driven and launched from servers all over the globe, however, it’s impossible to state definitively that only a single individual was involved. (link)


Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 29 other followers

Technorati – Blog Search

Add to Technorati Favorites

submit express