Internet's Biggest Security Hole

Kim Zetter reporting on Wired: Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency. The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination. more»

Criminals Breach Online Booking System of Best Western Hotel Chain, 8 Million Customer Data Stolen

An exclusive report from Scotland's Sunday Herald newspaper says that an international criminal gang has managed to steal the identities of an estimated eight million guests of the Best Western hotel chain in a hacking raid that could ultimately net billions of dollars in illegal funds. According to the report, late on Thursday night, a previously unknown Indian hacker successfully breached the IT defenses of the Best Western Hotel group's online booking system and sold details of how to access it through an underground network operated by the Russian mafia. It is a move that has been dubbed the greatest cyber-heist in world history. The attack scooped up the personal details of every single customer that has booked into one of Best Western's 1312 continental hotels since 2007. more»

Cyberwar Against Britain Waged by Criminals and Terrorists

Britain's Government has warned that computer networks controlling electricity supplies, telecommunications and banking are under constant attack at a rate of thousands of times a day. According to reports, the cyberwar against Britain is waged by criminals and terrorists some of whom are backed by foreign stats. "If you take the whole gamut of threats, from state-sponsored organizations to industrial espionage, private individuals and malcontents, you're talking about a remarkable number of attempted attacks on our system -- I'd say in the thousands," Lord West of Spithead, the Security Minister said. "Some are spotted instantly. Others are much, much cleverer." more»

One of China's Largest ISPs Under DNS Cache Poisoning Attack

One of China's largest ISPs has recently fallen victim to the DNS vulnerability. The security company Websense has reported that the DNS cache on the default DNS server used by the China's Netcom customers has been poisoned. The incident was first discovered on Tuesday, Aug 19th, by Websense's Beijing lab. Webssense researchers say they have seen other DNS vulnerability attacks however decided to publicize this particular case because of its uniqueness. According to reports, hackers have only exploited one of Netcom's DNS servers in China. When China's Netcom customers mistype and enter an invalid domain name, the poisoned DNS server directs the visitor's browser to a page that contains malicious code. more»

Evidence that Georgia Cyberattacks Were "Populist" in Nature

The attacks against websites in Georgia are most likely populist in nature rather than state sponsored says Gary Warner, director of computer forensics research at UAB. In a blog post today, Warner has provided some evidence regarding his speculations including scripts from Russian language websites. He writes: "This script was copied from one of more than forty Russian language sites where I found copies of an 'attack script' that people were being encouraged to run on their own computers..." more»

U.S. Not Vulnerable to Type of Cyberattacks Launched at Georgia

Experts agree that the U.S. is probably more Internet-dependent than any place in the world and hence more vulnerable than any other country. However in a CNN report today, Scott Borg, director of the United States Cyber Consequences Unit, a nonprofit research institute, says that U.S. "can command so much bandwidth that it's hard to overwhelm our servers," in light of last week's, and still ongoing, cyberattacks against Georgia. "We are vulnerable to more sophisticated attacks, but right now most of the people who want to do us harm don't have those capabilities," says Borg. more»

Washington Debates: When is a Cyberattack an Act of War?

Cyberattacks against Georgia have started debates in Washington on whether the laws of war apply in cyberspace, Siobhan Gorman reports in the Wall Street Journal today. "Cyberweapons are becoming a staple of war. The Georgian conflict is perhaps the first time they have been used alongside conventional military action. Governments and private cyberwarriors can exploit Internet security gaps to not only take down government Web sites but also take control of power grids and nuclear reactors." One key deciding factor, according to one expert in the report, is whether the tools of cyberattacks are weapons? more»

U.S. Military to Spend $4.4M on Network Monitoring Upgrades in Wake of Sophisticated Cyber Attacks

BBN Technologies, an advanced technology solutions firm, has been awarded $4.4 million in funding from the Defense Advanced Research Projects Agency (DARPA) for a Scalable Network Monitoring program. "Scalable networking monitoring has become necessary as cyber attacks have grown more subtle and sophisticated," says BBN's announcement. "New technologies and applications provide new attack routes and have made traditional signature-based and anomaly detection-based defensive measures inadequate in both speed and sensitivity. To be effective in today's networks, detection algorithms must operate quickly, efficiently, and effectively in large, content-rich environments. To meet this challenge, the BBN team will develop a complete solution that is intrinsically scalable, designed for ultra high-speed deployment, and produces events that can be correlated with other network events to provide true positive alerts." more»

Russian Cyber Attack on Georgia, Government Websites Down or Replaced With Fakes

Russia has been accused of attacking Georgian government websites in a cyber war to accompany their military bombardment. In a statement released using a replacement website built on Google's blog service, the Georgian Ministry of Foreign Affairs has said: "A cyber warfare campaign by Russia is seriously disrupting many Georgian websites, including that of the Ministry of Foreign Affairs." more»

Cyber Security Commission Compiling Recommendations for the Next U.S. Presidency

During a panel discussion at the Black Hat conference, four members from a U.S. private organization called "Commission on Cyber Security for the 44th Presidency," established by Center for Strategic and International Studies (CSIS), sought input from the security community as part of their mandate to "develop recommendations for a comprehensive strategy to improve cyber security in federal systems and in critical infrastructure". more»

U.S. Senate Modernizes Cyber-Crime Laws

The U.S. Senate has passed legislation to modernize the nation's computer crime laws and give prosecutors more leeway in pursuing cyber crooks, reports Brian Krebs of The Washington Post. "Under current federal cyber-crime laws prosecutors must show that the illegal activity caused at least $5,000 in damages before they can bring charges for unauthorized access to a computer. Under the bill approved today, that threshold would be eliminated." more»

DNS Attack Creator Becomes a Victim of His Own Creation

Moore, the creator of the popular Metasploit hacking toolkit has become the victim of a computer attack. It happened on Tuesday morning, when Moore's company, BreakingPoint had some of its Internet traffic redirected to a fake Google page that was being run by a scammer. According to Moore, the hacker was able to do this by launching what's known as a cache poisoning attack on a DNS server on AT&T's network that was serving the Austin, Texas area. One of BreakingPoint's servers was forwarding DNS traffic to the AT&T server, so when it was compromised, so was HD Moore's company. more»

Cyber Threats Accelerate: 94% of Web Browser Exploits Occur Within 24 Hours of Disclosure

Today X-Force, IBM's security research and development arm, released its 2008 Midyear Trend Statistics report that indicates cyber-criminals are adopting new automation techniques and strategies that allow them to exploit vulnerabilities much faster than ever before. The new tools are being implemented on the Internet by organized criminal elements, and at the same time public exploit code published by researchers are putting more systems, databases and ultimately, people at risk of compromise. more»

Possible First Attacks on DNS Flaw Have Been Reported

The existence of the DNS flaw was revealed earlier this month by security researcher Dan Kaminsky and the code that could act as a blueprint for an attack via the flaw was published last week by Metasploit. On Friday, a user named James Kosin posted an excerpt from a server log to a Fedora Linux mailing list, claiming it proved attacks based on the DNS flaw had begun. Kosin post reads... more»

Chinese Government Accused of Being Behind 'Titan Rain' Cyber Attacks

China has been accused of sponsoring cyber attacks at the International Crime Science Conference held in London, UK recently. Security expert, John Walker, CTO of forensics consultancy Secure-Bastion, said that the Chinese government was behind the 'Titan Rain' attacks on the US and the UK. Titan Rain is codename given by the U.S. government to a series of coordinated attacks on American computer systems where hackers gained access to many U.S. computer networks, including NASA. The attacks were identified as being Chinese in origin, however the Chinese government has not been officially accused of being behind the assault. more»