Hack The Planet

It has been a long time since 1984 and it seems Apple has forgotten that they once proclaimed to be about fighting Big Brother and conformity. Apple has released a product this week (iPad) that is more locked down, more restrictive and wants you to conform more than any other on the market. Apparently innovation is too much work so they just made their iPhone bigger and gave it a new, sillier name. The iPad, for when you absolutely, positively want to run just one thing at time….as long as that thing is not flash based, uses USB and it complies with the draconian rules of the Apple App Store.

This week, tomorrow actually, DARPA is having a workshop for the Cyber Genome Program to try and find a way to collect digital DNA. Taking this straight from their page:

“The objective of the Cyber Genome Program is to produce revolutionary cyber defense and investigatory technologies for the collection, identification, characterization, and presentation of properties and relationships from collected digital artifacts of software, data, and/or users to support DoD law enforcement, counter intelligence, and cyber defense teams. Digital artifacts may be collected from live systems (traditional computers, personal digital assistants, and/or distributed information systems such as ‘cloud computers’), from wired or wireless networks, or collected storage media. The format may include electronic documents or software (to include malicious software – malware). The Cyber Genome Program will encompass several program phases and technical areas of interest. Each of the technical areas will develop the cyber equivalent of fingerprints or DNA to facilitate developing the digital equivalent of genotype, as well as observed and inferred phenotype in order to determine the identity, lineage, and provenance of digital artifacts and users.”

It is very interesting how not too long after we are discussing cyber warfare with China that DARPA is tasked with finding a way to prove “Whodunit”. But how effective can they really be at determining the true culprit of a malicious attack? I find that many folks already assume China or some East European faction is hacking the US at any given time and that if some government official came out and said they were no one would question them. Is there a political need to confirm who the attacker is? I am sure we would like there to be one but really, when it comes down to it who besides the team at DARPA would have the ability to call them on it? I find it alarming that they claim to be looking for a way to track someone through digital DNA when not even real DNA can be trusted anymore.

The PS3 has been one of the most secure gaming devices, lasting well over 3 years before it finally got hacked. Geohot, of iPhone hacking fame, first cracked the PS3 and has now released the hack into the wild to see what others could do with it. It will be interested to see how quickly homebrew software becomes available now that it is possible.

TechCrunch got hit again. Not 24 hours since they were previously hacked and their site defaced they got hit again. Maybe this is why everyone is so up on discussing APT (Advanced Persistent Threat).

This attack on TechCrunch is not truly what folks are discussing around APT because so far it doesn’t look like the hackers were trying to acquire any trade secrets, and the hack probably wasn’t that advanced though I haven’t read any specific details of the actual hack. What I find interesting is the persistent piece. This goes back to an idea from a previous post about Threat Modeling. What do you do when you are the target of a group of malicious hackers?

The first thing you would need to do is find out that you are under attack. For TechCrunch it was a bit late as they found out when they saw that their web page had been defaced. For Google vs China they were able to track back to the source but the attack had been going on for weeks. So how do you find out before you are compromised? Sometimes there is no way. But sometimes there is.

Using a layered approach to your network security you are not just trying to stop attackers but you are trying to find out how they are attacking you and maybe even what they want. By correlating logs and activity from your Routers, Firewalls, IDS’, Web Servers, and other devices on your network you should be able to build a pretty clear picture of what is happening on your network. By monitoring these you can build a map of how you are being attacked (and you are even if you aren’t the specific target) and then you can formulate a plan to make sure you are not vulnerable to the attacks.

The first step doesn’t have to be denial.

This is old news now (anything more than a few hours is old now) but I think it is really pretty cool. A group of security researchers working with an ISP were able to take out another botnet. This time it was the Lethic botnet that mostly focused on distributing unlicensed pharmaceutical, diploma and replica goods spam. M86 Security reported a steep drop in spam after take down. I appreciate them taking this botnet offline because seriously, the less email I get calling out my manhood the better.

The last few days have had a lot of press about the FBI breaking the law to obtain Americans phone records. They did this thousands of times (2200 of the 4400 requests) by using fake emergency letters. The FBI was even able to obtain the phone records by using a Post-it note. You can read the full DOJ report here. (pdf) I would be more outraged by this if I hadn’t assumed it was happening already. Big brother knows more than you would like to think He does about your communications, even if he gets that information illegally.

Stolen from Schneier:

“One of the important things to consider in threat modeling is whether the attacker is looking for any victim, or is specifically targeting you. If the attacker is looking for any victim, then countermeasures that make you a less attractive target than other people are generally good enough. If the attacker is specifically targeting you, then you need to consider a greater level of security.”

More often than not you will not be the specific target of an elite group of hackers determined to infiltrate your network. You will be the victim of a user going to the wrong website and then bringing their infected machine back on to your network without knowing any better. Poor policies around user rights and access control are more likely to bring your network down than ZeroCool.

While a lot of the news around the hacking of Google by China one of the more interesting pieces of this story is that Google hacked back.

Google’s secret counteroffensive managed to gain access to a computer in Taiwan that it suspected of being the source of the attacks. Peering inside that machine, Google engineers actually saw evidence of the aftermath of the attacks, not only at Google, but also at at least 33 other companies, including Adobe Systems, Northrop Grumman and Juniper Networks, according to a government consultant who has spoken with the investigators.

This is what happens when one super power attacks another.

When you are pulling out cash from an ATM it is best to keep your eyes open. Whether it is an ATM Skimmer or an entirely fake ATM, it is probably best to double check before you insert your card. Of course, this is only important if your money hasn’t already been stolen by one of the money mule crews.

What ever happened to ski masks and fake guns?

UPDATE: Even Bruce Schneier admits he would not have noticed this.

Darpa, the research arm of the pentagon, is reporting that there is has been a decline in the number of kids growing up to be geeks and that poses a threat to our ability to compete on the international stage.

My advice, get parents to stop telling their kids to go outside. Nothing says geek like pasty skin.