A recent quarterly report titled "State of the Internet" has been released by Akamai providing Internet statistics on the origin of Internet attack traffic, network outages and broadband connectivity levels around the world. According to the report, during the first quarter of 2008, attack traffic originated from 125 unique countries around the world. China and the United States were the two largest traffic sources, accounting for some 30% of traffic in total. The top 10 countries were the source of approximately three quarters (75%) of the attacks measured. Other observations include... more
While Russia and Ukraine are generally regarded as today's main cybercrime hubs, "a lot of their infrastructure is housed in the west, in the United States to be precise," writes Vincent Hanna of Spamhaus Project. "Without exception, all of the major security organizations on the Internet we know of agree that the 'Home' of cybercrime in the western world is a place known as Atrivo/Intercage. We ourselves have not come to this conclusion lightly but from many years of dealing with criminal operations hosted by Atrivo/Intercage, gangs of cybercriminals -- mostly Russian and East European but with several US online crime gangs as well -- whose activities always lead back to servers run by Atrivo/Intercage..." more
A couple of years ago I started a mailing list where folks not necessarily involved with the vetted, trusted, closed and snobbish circles of cyber crime fighting (some founded by me) could share information and be informed of threats. In this post I explore some of the history behind information sharing online, and explain the concept behind the botnets mailing list... we may not be able to always share our resources, but it is time to change the tide of the cyber crime war, and strategize. One of the strategies we need to use, or at least try, is public information sharing of "lesser evils" already in the public domain. more
This is an update of my previous post on the subject. To be honest here, no one truly knows what's going on in Georgia's Internet except for what can be glimpsed from outside, and what has been written by the Georgians on their blog (outside their country). They are probably a bit busy avoiding kinetic bombing... more
In the last days, news and government web sites in Georgia suffered DDoS attacks. While these attacks seem to affect the Georgian Internet, it is still there... Up to the Estonian war, such attacks would be called "hacker enthusiast attacks" or "cyber terrorism" (of the weak sort). Nowadays any attack with a political nature seems to get the "information warfare" tag. When 300 Lithuanian web sites were defaced last month, "cyber war" was the buzzword. Running security for the Israeli government Internet operation and later the Israeli government CERT such attacks were routine... more
Today X-Force, IBM's security research and development arm, released its 2008 Midyear Trend Statistics report that indicates cyber-criminals are adopting new automation techniques and strategies that allow them to exploit vulnerabilities much faster than ever before. The new tools are being implemented on the Internet by organized criminal elements, and at the same time public exploit code published by researchers are putting more systems, databases and ultimately, people at risk of compromise. more
The United States Computer Emergency Readiness Team (US-CERT) has acknowledged that they are aware of the publicly available exploit code for a cache poisoning vulnerability in common DNS implementations. US-CERT is re-emphasizing the urgency of patching vulnerable DNS systems. more
As warned by Dan Kaminsky, Paul Vixie, and numerous other experts experts, it was just a matter of time before an exploit code for the now public DNS flaw would surface. An exploit code for the flaw allowing insertion of malicious DNS records into the cache of target nameservers has been posted to Metasploit, a free provider of information and tools on exploit techniques. According to reports Metasploit creator, H D Moore in collaboration with a researcher named "|)ruid" from Computer Academic Underground, created the exploit, dubbed "DNS BaliWicked Attack", along with a DNS service created to assist with the exploit. more
I was pointed to an article in the Armed Forces Journal where Col Charles W. Williamson III argues that the US Air Force needs to develop a BOTnet army as part of the US military capability for retaliatory strikes. The article brings up some interesting issues, the one that I believe carries the most weight is the argument that we (well, people living on the Internet) are seeing an arms race. It is true that more and more nations are looking into or developing various forms of offensive weapons systems for the use on the Internet... more
About a year ago after coming back from Estonia, I promised I'd send in an account of the Estonian "war". A few months ago I wrote an article for the Georgetown Journal of International Affairs, covering the story of what happened there. This is the "war" that made politicians aware of cyber security and entire countries scared, NATO to "respond" and the US to send in "help". It deserved a better understanding for that alone, whatever actually happened there. more
Every now and then I get emails from readers of my blog. I mostly reply to them in private, but I recently got one question where I thought my reply might be of general interest. I took the liberty of editing the question somewhat, but in essence it was: "If you have any insight you can share with my class on cyber warfare and security, I would be delighted on hearing it." In general, I think that it's an obvious conclusion that both offensive and defensive actions with regard to national telecommunications infrastructure is becoming an integral part of a nations security assessments.... more
With my post earlier this month about the possibility of SIP botnets [also featured here on CircleID], I've had a number of people asking about more information and wondering about the possible impacts. And while I will write more on botnets in general, as far as the potential impact of "botnets" in general, one need only look over at the current situation in Estonia... Now, perhaps Russia is behind the attack... perhaps not. There are obviously much larger political issues going on between the two states. more
A story... ZZZ Telemarketing (not a real name) is locked in a heated fight with their bitter rival, YYY Telemarketing (also not a real name), to win a very large lead generation contract with Customer X. Customer X has decided to run a test pitting the two companies against each other for a week to see who can generate the most leads. The ZZZ CEO has said to his staff that it is "do or die" for the company. If they fail to win the contract, they will have to shut down -- they need to do "whatever it takes" to win over YYY. A ZZZ staffer discovers that part of why YYY has consistently underbid them is because they are using SIP trunks to reduce their PSTN connection costs. But the staffer also discovers that YYY is using very cheap voice service providers who run over the public Internet with no security... more
The UK today is one of the main attack targets by phishing organized crime groups, globally. Phishing damages will amount to about two billions USD in 2006 worldwide -- not counting risk management measures such as preventative measures, counter-measures, incident response and PR damages. In most cases, phishing is caused by the fault of the users, either by entering the wrong web page, not keeping their computers secure or falling for cheap scams. Often this is due to lack of awareness or ability in the realm of Internet use rather than incompetence by the users... more
Timothy D. Morgan's recent paper titled, "IPv6 Address Cookies", seeks to apply the fundamental shift in resource availability brought about by the vastly increased Internet address space in IPv6 to develop a novel, lower cost solution to mitigating spoofed attacks. "Spoofed denial of service attacks have plagued the Internet for a number of years, and show no signs of abating. Research into mitigation techniques has apparently not led to a financially viable solution, and new attacks have been discovered in the wild without being widely anticipated". The following provides an introduction to this paper. more
A World-Renowned Source for Internet Developments. Serving Since 2002.