One of China's Largest ISPs Under DNS Cache Poisoning Attack

One of China's largest ISPs has recently fallen victim to the DNS vulnerability. The security company Websense has reported that the DNS cache on the default DNS server used by the China's Netcom customers has been poisoned. The incident was first discovered on Tuesday, Aug 19th, by Websense's Beijing lab. Webssense researchers say they have seen other DNS vulnerability attacks however decided to publicize this particular case because of its uniqueness. According to reports, hackers have only exploited one of Netcom's DNS servers in China. When China's Netcom customers mistype and enter an invalid domain name, the poisoned DNS server directs the visitor's browser to a page that contains malicious code. more»

Evidence that Georgia Cyberattacks Were "Populist" in Nature

The attacks against websites in Georgia are most likely populist in nature rather than state sponsored says Gary Warner, director of computer forensics research at UAB. In a blog post today, Warner has provided some evidence regarding his speculations including scripts from Russian language websites. He writes: "This script was copied from one of more than forty Russian language sites where I found copies of an 'attack script' that people were being encouraged to run on their own computers..." more»

U.S. Not Vulnerable to Type of Cyberattacks Launched at Georgia

Experts agree that the U.S. is probably more Internet-dependent than any place in the world and hence more vulnerable than any other country. However in a CNN report today, Scott Borg, director of the United States Cyber Consequences Unit, a nonprofit research institute, says that U.S. "can command so much bandwidth that it's hard to overwhelm our servers," in light of last week's, and still ongoing, cyberattacks against Georgia. "We are vulnerable to more sophisticated attacks, but right now most of the people who want to do us harm don't have those capabilities," says Borg. more»

Washington Debates: When is a Cyberattack an Act of War?

Cyberattacks against Georgia have started debates in Washington on whether the laws of war apply in cyberspace, Siobhan Gorman reports in the Wall Street Journal today. "Cyberweapons are becoming a staple of war. The Georgian conflict is perhaps the first time they have been used alongside conventional military action. Governments and private cyberwarriors can exploit Internet security gaps to not only take down government Web sites but also take control of power grids and nuclear reactors." One key deciding factor, according to one expert in the report, is whether the tools of cyberattacks are weapons? more»

U.S. Military to Spend $4.4M on Network Monitoring Upgrades in Wake of Sophisticated Cyber Attacks

BBN Technologies, an advanced technology solutions firm, has been awarded $4.4 million in funding from the Defense Advanced Research Projects Agency (DARPA) for a Scalable Network Monitoring program. "Scalable networking monitoring has become necessary as cyber attacks have grown more subtle and sophisticated," says BBN's announcement. "New technologies and applications provide new attack routes and have made traditional signature-based and anomaly detection-based defensive measures inadequate in both speed and sensitivity. To be effective in today's networks, detection algorithms must operate quickly, efficiently, and effectively in large, content-rich environments. To meet this challenge, the BBN team will develop a complete solution that is intrinsically scalable, designed for ultra high-speed deployment, and produces events that can be correlated with other network events to provide true positive alerts." more»

Russian Cyber Attack on Georgia, Government Websites Down or Replaced With Fakes

Russia has been accused of attacking Georgian government websites in a cyber war to accompany their military bombardment. In a statement released using a replacement website built on Google's blog service, the Georgian Ministry of Foreign Affairs has said: "A cyber warfare campaign by Russia is seriously disrupting many Georgian websites, including that of the Ministry of Foreign Affairs." more»

Cyber Security Commission Compiling Recommendations for the Next U.S. Presidency

During a panel discussion at the Black Hat conference, four members from a U.S. private organization called "Commission on Cyber Security for the 44th Presidency," established by Center for Strategic and International Studies (CSIS), sought input from the security community as part of their mandate to "develop recommendations for a comprehensive strategy to improve cyber security in federal systems and in critical infrastructure". more»

U.S. Senate Modernizes Cyber-Crime Laws

The U.S. Senate has passed legislation to modernize the nation's computer crime laws and give prosecutors more leeway in pursuing cyber crooks, reports Brian Krebs of The Washington Post. "Under current federal cyber-crime laws prosecutors must show that the illegal activity caused at least $5,000 in damages before they can bring charges for unauthorized access to a computer. Under the bill approved today, that threshold would be eliminated." more»

DNS Attack Creator Becomes a Victim of His Own Creation

Moore, the creator of the popular Metasploit hacking toolkit has become the victim of a computer attack. It happened on Tuesday morning, when Moore's company, BreakingPoint had some of its Internet traffic redirected to a fake Google page that was being run by a scammer. According to Moore, the hacker was able to do this by launching what's known as a cache poisoning attack on a DNS server on AT&T's network that was serving the Austin, Texas area. One of BreakingPoint's servers was forwarding DNS traffic to the AT&T server, so when it was compromised, so was HD Moore's company. more»

Cyber Threats Accelerate: 94% of Web Browser Exploits Occur Within 24 Hours of Disclosure

Today X-Force, IBM's security research and development arm, released its 2008 Midyear Trend Statistics report that indicates cyber-criminals are adopting new automation techniques and strategies that allow them to exploit vulnerabilities much faster than ever before. The new tools are being implemented on the Internet by organized criminal elements, and at the same time public exploit code published by researchers are putting more systems, databases and ultimately, people at risk of compromise. more»

Possible First Attacks on DNS Flaw Have Been Reported

The existence of the DNS flaw was revealed earlier this month by security researcher Dan Kaminsky and the code that could act as a blueprint for an attack via the flaw was published last week by Metasploit. On Friday, a user named James Kosin posted an excerpt from a server log to a Fedora Linux mailing list, claiming it proved attacks based on the DNS flaw had begun. Kosin post reads... more»

Chinese Government Accused of Being Behind 'Titan Rain' Cyber Attacks

China has been accused of sponsoring cyber attacks at the International Crime Science Conference held in London, UK recently. Security expert, John Walker, CTO of forensics consultancy Secure-Bastion, said that the Chinese government was behind the 'Titan Rain' attacks on the US and the UK. Titan Rain is codename given by the U.S. government to a series of coordinated attacks on American computer systems where hackers gained access to many U.S. computer networks, including NASA. The attacks were identified as being Chinese in origin, however the Chinese government has not been officially accused of being behind the assault. more»

Small Businesses in Denial about Threat Posed by Cyberattacks

Small- and medium-sized businesses are in denial about the threat posed by cyberattacks, security software firm McAfee concluded in a study published this week. While most small- and medium-sized companies believe that they operate under cybercriminals' radar, the study found that one-in-five firms have been attacked. The survey -- which polled 500 companies with 1,000 employees or less -- found that for every eight firms, only ten employees were dedicated to managing the businesses' information-technology systems. more»

US-CERT Says They Are Aware of DNS Exploit Code, Emphasizes Urgent Patching

The United States Computer Emergency Readiness Team (US-CERT) has acknowledged that they are aware of the publicly available exploit code for a cache poisoning vulnerability in common DNS implementations. US-CERT is re-emphasizing the urgency of patching vulnerable DNS systems. more»

DNS Attack Code Has Been Published

As warned by Dan Kaminsky, Paul Vixie, and numerous other experts experts, it was just a matter of time before an exploit code for the now public DNS flaw would surface. An exploit code for the flaw allowing insertion of malicious DNS records into the cache of target nameservers has been posted to Metasploit, a free provider of information and tools on exploit techniques. According to reports Metasploit creator, H D Moore in collaboration with a researcher named "|)ruid" from Computer Academic Underground, created the exploit, dubbed "DNS BaliWicked Attack", along with a DNS service created to assist with the exploit. more»