After Jeremy Clarkson (of Top Gear fame) published his bank details, to prove that identity theft based on the now famous lost British CDs was overblown, he became a victim of identity theft and had 500 pounds fraudulently stolen from his account and deposited to the British Diabetic Association.
While I don't condone the action, it is a bit of a modern day Robin Hood story. Who wants the screen play to "Hackers in Tights"?
Do it, do it now:
pdp pointed out Joe Walker's slides on the matter. They are clear and beautiful and I've embedded them below. I think this complements the "Web Hacking 2.0" post quite nicely.
Continue reading "Web Hacking 2.0 - A Movie"
The Towelie Encryption Principle states:
Encryption should be implemented as high up the application stack as possible.
The Underground Fortress Effect
The underground fortress effect is a description of encryption's ability to enforce access controls/authorisation at the layers of the application stack below the layer at which they are defined.
Continue reading "The Towelie Encryption Principle"
Continue reading "IDS vs IPS"
Continue reading "Last Word on China's Hack Attack"
Continue reading "Paterva re-releases Evolution as Maltego"
Thanks to Richard for pointing out China's response:
China vehemently denied that its army was involved in international computer espionage on Thursday after newspaper reports that the British government had sustained cyber attacks from the Chinese.
"Saying that the Chinese military has made cyber attacks on the networks of foreign governments is groundless and irresponsible and are a result of ulterior motives," foreign ministry spokeswoman Jiang Yu said.
(emphasis my own)
At this point, there isn't sufficient evidence (in the press) that this isn't true.
France is reporting they were next in the Chinese, hack attack saga. What struck me about this report was the following line (from translation at Demon.be)
Chinese origin, not necessarily indicating involvement of the Chinese military. - Francis Delon, Secrétariat général de la défense nationale (SGDN)
Finally, some common sense, however, this common sense hasn't been picked up, and the general claim stills seems to be that China "as a country" is hacking the world.
What I find particularly bizarre, is that most of the stories seem to indicate the use of a trojan e-mailed to the victims. Currently, a rather popular attack. For example, a run of the Storm worm last week, had us running for cover at some clients as McAfee's signatures couldn't keep up with the 30 minute repacking strategy in use. However, if we were to analyse the source IPs of both the original e-mails and the websites hosting the binary, I am fairly certain the conclusion would not be that the countries hosting these IPs were engaged in a cyber war against, for example South Africa. However, this seems to be what the current assumptions are when it comes to these Chinese trojans. The only difference is that this appears to be a more targeted attack, but less data points shouldn't allow for greater assumptions.
For example, the machine/s mailing out this naughty trojaned Word document, could very easily be compromised machines. Even if a counter hack was performed and the source of the compromise was followed to China, once again, you're left with a big country and a lot of potential criminals beyond the government.
Finally, there seems to be a definite shift between this current round of reports, and the stuff Shawn Carpenter talked about in his Time interview. He seemed to talk about active hacking, people sitting behind keyboards slowly penetrating Lockheed Martin networks and the like. This round, is generally reported as 'simple' trojan activity. Either there's been a shift in tactics, or I making assumptions on too little information.
Reports of Chinese hacker activity are surfacing again. First against Germany, then unclassified Pentagon networks, the EU parliment (in 2005) and now the UK. These reports seem to constantly rear their heads. But, as I pointed out in 2005, the limited descriptions of the attacks that filter into the press, have the same MO as the Chinese Triads (that info is from 1997). Given the big move of criminal organisations onto the Internet, why is the first assumption the Chinese Government?
Continue reading "The Titans still Reign"
Interesting report and an increasingly mentioned trend:
The convergence of physical and information security might be likened to the early days of flight. While there have been some ambitious attempts at convergence by daredevil visionaries, as described in the case studies, progress, for the most part, has been slow and difficult. The truth remains that convergence, which is typically based on the vision of specific individuals rather than on a structured, well thought-out, repeatable model guided by a clear vision and road map, is still in its early stages.
For the visionaries of our case studies, there are some easy convergence wins in terms of efficiencies of scale gained by integrating information and physical security monitoring and video surveillance systems on a common organization network. But these advantages cater to technical people and are promoted by the security technology and communications companies of the world. The hard convergence wins ”the ones that will provide the largest benefit” require buy-in from senior executives. As it stands today, senior management typically sees security more as a tactical function than a necessary component of business processes or decision making.
When the authors talk about converged security in this publication, particularly as it relates to enterprise risk, they are talking about not only physical and information security, but also the wider areas of protection, including security responsibility found within human resources and crisis management as well as within businesses or operational lines of responsibility.
Continue reading "Test the right Controls"