A researcher who has studied the malicious software used in the attacks on media outlets and banks in South Korea this week said the attacks were coordinated, but messy and loud, without many of the hallmarks of a state sponsored hacking operation. Richard Henderson, a Security Strategist at Fortilabs at Fortinet Inc. said that the malware used in the attack was programmed to begin operating at 2:00pm local time, suggesting that those behind it had planned their operation for weeks or months before launching it. Still, Henderson said many details of the attack make it dissimilar from so-called “advanced persistent threat” or APT-style hacks that are carried out by foreign governments or groups working on their behalf. Henderson said that Fortinet analysts first obtained a copy of the malware on March 19, a day before the attacks. Researchers there had already identified the “time bomb” hidden in the code, which was […]
Tag: reports
Update: Destructive Hacks Hit South Korean Media, Banks
Editor’s Note: Updated to include information from AlienVault on the attacks. – PFR 3/20/2013 Destructive cyber attacks against media outlets and banks in South Korea have ratcheted up tensions on the Korean Peninsula, with charges that the government of reclusive North Korea was behind the hacks. According to a report in South Korea’s Yonhap News Agency, the attacks began at 2:00PM local time in South Korea and affected the computer networks of three broadcasters and two banks. Broadcasters KBS, MBC and YTN all reported that their computer networks were “halted” at that time. Shinhan Bank and Nonghyup made similar reports to the National Police Agency (NPA), according to Yonhap. Unlike past distributed denial of service (DDoS) attacks that are believed to have been launched by the DPRK against the South, the latest incursions come at a time of extreme military tension on the peninsula, and caused damages to South Korean […]
Botnet Of Embedded Devices Used To Map Internet
Botnets are mostly linked with spam e-mail campaigns, denial of service attacks and data theft. But global networks of compromised hosts can be used for a variety of ends – not all of them malicious. That was the idea behind “Internet Census 2012,” a stealth project by an unnamed and unknown researcher/hacker to map the entire IPV4 Internet address space using a massive network of compromised devices. The results, published in the form of a research paper, underscore the problem of unsecured embedded devices, including set top boxes, home routers and critical infrastructure, with the hacker able to locate and compromise these systems, creating a botnet of more than 420,000 nodes. According to a copy of the report, the project grew out of an experiment to locate unprotected devices online using nmap, the open source scanning tool. By compromising each vulnerable host and then enlisting it to scan for other […]
Twenty ISPs Responsible For Half Of All Spam
One of the lessons we’ve learned in recent years is that online attacks can come from anywhere. Viruses and spyware were more common to pornography and pirate download web sites five years ago. Today, even the most reputable web sites might be the source of online mayhem. In fact, so-called “watering hole” attacks that exploit legitimate web sites and use them as honey pots to lure the intended victims are all the rage among sophisticated attackers. (For evidence of this, see our recent story on the compromise at the web site of The National Journal, a publication for Beltway policy wonks.) But the Internet still has its dark alleys and bad neighborhoods. And they’re still the source of a lot of malicious activity – especially in connection to run of the mill crimes like spam and phishing attacks. That’s the conclusion of research done by students at the University of Twente’s […]
The End Of Privacy: Facebook ‘Likes’ Reveal Sensitive Personal Data
We all know that, to online marketers, we’re just the sum of our Facebook Wall posts and “Likes” – the ubiquitous, virtual “thumbs up” that we attach to all manner of online ephemera. But all those ironic comments and votes of approval may be revealing a lot more about us than we’re willing to share, according to a new report from researchers at the University of Cambridge and Microsoft Research in the UK. In a paper published in the Proceedings of the National Academy of Science (PNAS), the researchers demonstrated that it is possible to use knowledge of an individual user’s “Likes” on Facebook to “automatically and accurately predict a range of highly sensitive personal attributes including: your age, and gender, you sexual orientation, ethnicity, religious and political views. The list of guessabl`e information goes on to include other less quantifiable characteristics like your personality traits, intelligence, happiness, your preference (or not) […]
