Cyber Insecurity

Cyber Insecurity

No Comments

Our society’s infrastructure can no longer function without computers and networks. The sum of the world’s networked computers is a rapidly increasing force multiplier. Today’s businesses are becoming heavily dependent on technology for integration, productivity and organizational scalability.

Data is an increasing fraction of total corporate wealth and needs to remain secure while ensuring confidentiality, availability and integrity.

Increasingly, organizations require communications to provide rapid and agile collaboration, information sharing, and connectivity to data sources. Technology enables employees and partners to work and access systems anywhere, anytime – also placing systems at an increased risk by the same token of availability. The protection of digital assets during transport, and at rest on storage devices is essential to the life cycle of information, as it transcends the border of physical and logical controls.

The world of security is becoming more complex and threatening every day. This increasing complexity embeds dependencies in a manner that may diminish the frequency of surprises; however, the surprises will be all the more unexpected when they inevitably occur.

Security is becoming a means and not an end; modern protection strategies are quickly shifting toward risk absorption rather than risk avoidance. Service orientated architectures and Web 2.0 technologies are fueling the internet revolution while at the same time rapidly deteriorating the security situation. That deterioration compounds when nearly all individuals and businesses are establishing dependencies on computer and communications systems. It is thus obvious that increasing dependence means ever more difficulty in crafting protections against known and unknown threats to systems.

The traditional network barriers that separated trusted from untrusted and “inside” from “outside” are now disappearing. As more applications become directly accessible to remote users and systems, the concept of the network perimeter becomes increasingly vague and more difficult to protect. Attacks are no longer confined to lower areas of the network stack and target widely adopted systems and software programs, having major implications globally, in all sectors.

Threats and risk are chiefly growing amongst the poorly coded applications, and unsophisticated end-users. Modern day security has become architecture of devices, people and software that work towards providing the best possible layered defense against attacks.

We now know that protections need to work together in a concerted effort to reduce risk, and mitigate known these unknown threats to our infrastructure.

Those with either an engineering or management background are aware that one cannot optimize everything at once, and that requirements are balanced by constraints. In engineering, this is said as “Fast, Cheap, Reliable: Choose Two.”. In the public policy arena, we must first remember that the definition of a free country: a place where that which is not forbidden is permitted.

No society needs rules against impossibilities and I believe that we are now faced with “Freedom, Security, Convenience: Choose Two.”

For me, I will take freedom over security and I will take security over convenience, and I will do so because I know that a world without failure is a world without freedom. A world without the possibility of sin is a world without the possibility of righteousness. A world without the possibility of crime is a world where you cannot prove you are not a criminal. A technology that can give you everything you want is a technology that can take away everything that you have.

After 15 years of analyzing the playing field, I am convinced that at some point, in the near future, one of us security geeks will have to say that there comes a point at which safety is not safe.

-Dan Geer / In-Q-Tel / Infragard

Key drivers of Hacking/Security:

Emergence of internet based criminal black market

Sophistication of attack tools and methods used by hackers

Markets for Cybercrime Tools and Stolen Data Software

Monocultures facilitating mass hacking and botnet control


A proud member of: The InfraGard program is a public/private cooperative effort dedicated to improving our national security. InfraGard consists of Chapters throughout the United States. The FBI leads the U.S. Government side of InfraGard. Infragard provides a trusted forum for the exchange and channeling of information and subject matter expertise related to the protection of our nation’s critical infrastrcuture from physical and cyber threats.

U.S DISA overhaul plans to eliminate Firewalls

U.S DISA overhaul plans to eliminate Firewalls

No Comments


                                     U.S DISA overhaul plans to eliminate Firewalls


In a comment to the armed forced media, the U.S Defense Information Systems Ageny (DISA) is planning an overhaul that could mean the end for conventional firewalls.

US Airforce Lt General Ronnie Hawkins Jr. was quoted as saying that that the US military’s IT service wanted to move from a mesh of firewalls towards a design based on protecting data instead of packets.

In the past, we’ve all been about protecting our networks—firewall here, firewall there, firewall within a service, firewall within an organization, firewalls within DISA. We’ve got to remove those and go to protecting the data. You can move that data in a way that it doesn’t matter if you’re on a classified or unclassified network, depending on someone’s credentials and their need to know,” he declared.

“We want to be able to normalize our networks to where you can have the collaboration and information moving over our networks and you don’t have to have the different firewalls, the separate networks, to get those things done,” he added. Additionally, the department can realize significant savings in instrumentation—for example, by moving from “hard phones” to “soft phones,” he said.

“Yes, firewalls are important. They help solve network security problems by creating barriers that prevent unwanted network access. But they do not control data access,” he said.

That’s why I find DISA’s new approach so fascinating. It’s based on the realisation that the threats have changed. Hackers want data like IPs, PINs, credentials, proprietary information, and more. And it’s very easy for them to steal data due to poor security controls or outright mismanagement.

Shteiman said he believed that DISA would most likely move to role-based data access, and content control, auditing and monitoring.

Anti-Sec is not a cause, it’s an excuse.

Anti-Sec is not a cause, it’s an excuse.

No Comments

The Antisec Movement

In a move clearly inspired by LulzSec, an Italian hacker recently uploaded a torrent containing personal information of thousands of Italian university students. This information was stolen from a slew of Italian university websites. According to the press release posted by Lulzstorm this was done “to tell every Italian student how little secure their personal data are”. I can think of better ways…

The spate of recent data thefts and subsequent publication, in the name of Anonymous, Lulz Sec, LulzStorm or the umbrella movement Anti-Sec has had a tangible impact on the safety and security of thousands of innocent internet users.

While there may be sympathy in some quarters for attacks on security contractors such as HB Gary and Infraguard or government websites in oppressive states; that sympathy rapidly evaporates when the result of publishing stolen material endangers the lives of serving police officers. Or when it compromises the privacy and safety of hundreds of thousands of innocent customers of online portals or gaming services.

The call to arms to the disparate hacker community that is represented by Operation AntiSec might read like something from a cyberpunk novel but in reality it is being used by far too many to lay a thin veneer of altruism over something entirely selfish. At least LulzSec had the decency to be honest in their manifesto, they were simply courting chaos.

The truth is that the majority of people now assembling under the Anti-Sec banner are doing this simply because they can. The convenience of having a “cause” somehow making it laudable. It is true that there are far too many poorly secured and configured web-sites out there. It is also true that the customers of those websites deserve a higher degree of care than they currently receive. It is manifestly not true to say that the interests of those people are best served by pasting their personal data all over the internet.

In the ultimate irony, the original AntiSec manifesto from back in 2001 was all about the irresponsibility of full disclosure. That same manifesto was reposted when Imageshack was compromised 8 years later. The manifesto criticised the “security industry” for using full-disclosure to develop “scare tactics” to convince people into by security. Are you listening Operation AntiSec?

This is a call for responsible disclosure in the Anti-Sec community, find the flaws, publish your successes if you must, but have the decency to spare the innocent victims of your crimes.

Obscure personal data before you publish; otherwise you are considerably worse than those you are attempting to shame.

The New Reality of Stealth Crimeware

The New Reality of Stealth Crimeware

No Comments

Anyone who has been in information security recently knows that it has gotten easier for cybercriminals to build stealth crimeware. The malware we deal with on a regular basis grows ever more difficult to find, while high-end targeted attacks such as Stuxnet and other advanced persistent threats (APTs, the abbreviation I hate) are using ever more advanced rootkit techniques to avoid detection.

Cybercriminals use clever stealth techniques to evade detection because it allows their malware to be more effective, live on a machine or network longer, and thus maximize the compromise. McAfee Labs is now at the point where we detect more than 110,000 new unique rootkits per quarter.

To make matters worse, there is another issue that many fail to recognize:

Today’s current OS-based security model is not adequate; cybercriminals know how to get past these defenses every time.

The security industry has to find a new vantage point on cybercriminal behavior to stop and uncover their stealth techniques. It is time for our industry to start looking at security beyond the operating system to gain a more effective view of how cybercriminals operate.

We delve into these and many other issues in our latest report: “The New Reality of Stealth Crimeware,” written by myself and Thom Sawicki of Intel. Download it here.

[wp-pdf-view swf=”” width=”500″ height=”400″ /]


Stealth is the art of travelling undetected, of being invisible. Stealth technology allows military aircraft,
Ninjas, and malware to sneak up on the enemy to launch an attack, gain intelligence, or take over
systems and data.

Although stealth techniques are used in sophisticated attacks like Conficker and Operation Aurora, the
Stuxnet attack offers a new blueprint—and benchmark—for how committed criminals can use stealth
techniques to steal data or target computing systems. Stuxnet innovations included a combination of
five zero-day vulnerabilities, three rootkits, and two stolen digital certificates. Powerful toolkits, like what is available in the Zeus Crimeware Toolkit, make stealth malware development a “point- and-click” endeavor, no longer restricted to the most knowledgeable programmers. While there are no definitive industry figures, McAfee Labs estimates that about 15 percent of malware uses sophisticated stealth technique to hide and spread malicious threats that can cause significant damage.1 These attacks form the cornerstone—the “persistent” part—of advanced persistent threats (APTs).