Thoughts on the Best Western Compromise

The Sunday Herald reported on Sunday that Best Western was struck by a trojan attack that lead to the possible compromise of about 8 million victims. There is some debate as to the extent of the breach and not a small amount of rumor going around. I'm not entirely disposed to trust corporate press releases for the facts, nor am I going to blindly accept claims of security researchers whose first call is to the PR team when discovering a problem. That said, here is what seems to be the agreed upon facts... more»

U.S. Not Vulnerable to Type of Cyberattacks Launched at Georgia

Experts agree that the U.S. is probably more Internet-dependent than any place in the world and hence more vulnerable than any other country. However in a CNN report today, Scott Borg, director of the United States Cyber Consequences Unit, a nonprofit research institute, says that U.S. "can command so much bandwidth that it's hard to overwhelm our servers," in light of last week's, and still ongoing, cyberattacks against Georgia. "We are vulnerable to more sophisticated attacks, but right now most of the people who want to do us harm don't have those capabilities," says Borg. more»

Did Russian Cyber Attacks Precede Military Action?

The RBNexploit blog states that the website 'president.gov.ge' was under DDoS attack since Thursday. That site is now hosted out of Atlanta, Georgia (don't you love coincidence?) by Tulip Systems who is prominently displaying an AP story... "Speaking via cell phone from Georgia, Doijashvili said the attacks, traced to Moscow and St. Petersburg, are continuing on the U.S. servers." Rusisan military surrogates in the form of the criminal Russian Business Network are engaged in attacks against servers on US soil. This point should be brought up as the Group of 8-1 discusses appropriate responses to Russia's attack on Georgia. more»

Evidence that Georgia Cyberattacks Were "Populist" in Nature

The attacks against websites in Georgia are most likely populist in nature rather than state sponsored says Gary Warner, director of computer forensics research at UAB. In a blog post today, Warner has provided some evidence regarding his speculations including scripts from Russian language websites. He writes: "This script was copied from one of more than forty Russian language sites where I found copies of an 'attack script' that people were being encouraged to run on their own computers..." more»

Georgians Use Spam to Explain Their Situation

Call it outreach, call it propaganda or call it brilliance or even desperate measures, spammers (people) who favour the Georgian side in the recent conflict have been spamming using email, to get their point across. Depending on where in the world you are from, your ideological standpoint on Russia and your beliefs, when it comes to what email should be like, can be different and you may judge the action as you will. I call it spam. An Estonian colleague Viktor Larionov was quoted saying that whether there is a cyber war in Georgia or not, we know there is in fact a media war in play... more»

Mobilizing Russian Population Attacking Georgia: Similar to the Estonian Incident?

It seems like the online Russian population is getting mobilized. Like a meme spreading on the blogosphere, the mob is forming and starting to "riot", attacking Georgia. This seems very similar to the Estonian incident, only my current guess is natural evolution rather than grass-roots implanted -- but I am getting more and more convinced of the similarities as more information becomes available. Determining exactly when the use of scripts by regular users started, is key to this determination. more»

DNS Attack Creator Becomes a Victim of His Own Creation

Moore, the creator of the popular Metasploit hacking toolkit has become the victim of a computer attack. It happened on Tuesday morning, when Moore's company, BreakingPoint had some of its Internet traffic redirected to a fake Google page that was being run by a scammer. According to Moore, the hacker was able to do this by launching what's known as a cache poisoning attack on a DNS server on AT&T's network that was serving the Austin, Texas area. One of BreakingPoint's servers was forwarding DNS traffic to the AT&T server, so when it was compromised, so was HD Moore's company. more»

Possible First Attacks on DNS Flaw Have Been Reported

The existence of the DNS flaw was revealed earlier this month by security researcher Dan Kaminsky and the code that could act as a blueprint for an attack via the flaw was published last week by Metasploit. On Friday, a user named James Kosin posted an excerpt from a server log to a Fedora Linux mailing list, claiming it proved attacks based on the DNS flaw had begun. Kosin post reads... more»

Lithuania Attacked by Russian Hacktivists, 300 Sites Defaced

Last week's mass defacement of over 300 Lithuanian sites hosted on the same ISP, an upcoming attack that was largely anticipated due to the on purposely escalated online tensions out of Lithuan's accepted legislation banning communist symbols across the country, once again demonstrates information warfare building capabilities in action. Moreover, the attack is again relying on common prerequisites for a successful information warfare campaign, used in the Russia vs. Estonia cyberattack last year. These very same Internet PSYOPS tactics ensure the success of the information warfare as a whole... more»

Are Botnets Run by Spy Agencies?

A recent story today about discussions for an official defense Botnet in the USA prompted me to post a question I've been asking for the last year. Are some of the world's botnets secretly run by intelligence agencies, and if not, why not? Some estimates suggest that up to 1/3 of PCs are secretly part of a botnet. The main use of botnets is sending spam, but they are also used for DDOS extortion attacks and presumably other nasty things like identity theft. But consider this... more»

Domain Registrars Releasing Suspended Domains to Attackers

Mary Landesman of ScanSafe reports: "A new outbreak of SQL attacks began on the 8th. Not that they ever really go away, but new waves replace the old ones. The attackers are using a much larger number of domains than seen in previous months. Just 11 days into June, and already 54 of these domains have been observed. Many of these are previously suspended domains that registrars have released back to the attackers. more»

.hk the "Most Unsafe" Domains?

Hong Kong domains are the most dangerous in the world; this little factoid from a recent McAfee report generated quite a bit of media coverage, and even made TIME magazine's top stories list. But all is not as it seems, and aspects of the report may have been out of date before the report was even published. McAfee's study seems to be based on a year's worth of data, and last year was a particularly bad year for the Hong Kong domain, thanks to a gang of botnet spammers registering thousands of domains under the .hk ccTLD. These domains were most likely registered using stolen credit cards... more»

Revision3 and Media Defender

Lots of coverage in the last two days about a Memorial Day weekend attack that took down the servers of Revision3, an Internet video network. This story has a lot of ingredients -- P2P maneuvering, DDoS attack, copyright vs. piracy, talk of laws broken and the FBI investigating. What's the CircleID take? Revision3's description. more»

Do We Need Two Internets?

Jonathan Zittrain's recent book, The Future of the Internet -- And How to Stop It, has spurred a lot of discussion both online and offline, with blog posts lauding his insights or criticising his over-apocalyptic imagination. The book itself makes fascinating reading for those who have watched the network grow from its roots in the research community into today's global channel for communications, commerce and cultural expression... One of the reasons that Zittrain puts forward for the growing popularity of closed or, as he prefers 'tethered', devices, is that they are less vulnerable to hacking, security flaws, malware and all the other perils that face any internet-enabled system. more»

Comcast Domain Name Hacked, Website Breached for Several Hours

Shortly before 11 p.m. EDT yesterday, Comcast users began noticing that Comcast.net had been hacked. More technically, early indications are that someone hacked Comcast's registrar account at Network Solutions, changing the authoritative DNS servers for Comcast.net -- rerouting portal visitors to IP addresses in Germany or elsewhere. The front page of Comcast.net was replaced with a note saying the hackers had "RoXed" Comcast, according to postings at BroadbandReports.com. more»