Hack Hack Hack Hack It Apart

U.S. Intelligence Suspects Iran of Using ‘bRobots’ to DDoS American Banks

(flickr.com/consumerist)

U.S. officials are still convinced that continuing denial of service (DDoS) attacks against American banks by the Izz ad-Din al-Qassam Cyber Fighters are cover for state-sponsored cyber sabotage by Iran, according to a report in today’s New York Times.

The Times reports that the U.S. doesn’t believe the hacking group’s repeated claim they are targeting banks because the anti-Islam video Innocence of Muslims hasn’t been taken off the Internet: Read More

Things About Which We Are Unsure

We’ve Got One Year Before The Internet Kills Us All

(flickr/mjtmail)

Firms specializing in technology security make it their business to scare potential customers, but that doesn’t make an Internet Identity (IID) report predicting cyber doom in 2014, highlighted today by Ray Kurzweil’s Accelerating Intelligence, any less spooky.

According to IID, looming cybersecurity threats in 2013–more mobile malware, increasingly aggressive hacktivism, attacks on the cloud–are “well-anticipated and mundane.”

Those “mundane” threats are nothing next to the bleak wasteland of death and destruction IID expects in 2014: Read More

Hack Hack Hack Hack It Apart

Hackers in The Vents: Cyber Intruders Could Access HVAC Systems Via Big Security Holes

This guy is everywhere now. (Image Devdsp on Flickr

Sometime last summer, hackers invaded a New Jersey company’s web-accessible heating and air-conditioning systems using a gaping security hole in the system’s supervisory control and data acquisition (SCADA) software.

Ars Technica reports that an IT contractor who works with the business informed F.B.I. agents investigating the breach that controls for the HVAC system were “directly connected to the Internet” and there was no “interposing firewall.”

The backdoor into the controls is found in some versions of the Niagara AX Framework, software that controls similar systems at the Pentagon and the Federal Bureau of Investigation. An F.B.I. memo issued in July said any hacker who found their way into the nameless New Jersey company’s Niagara controls would have been able to learn the same information available to a systems administrator, such as “a floor plan layout of the office, with control fields and feedback for each office and shop area.” The web interface wasn’t even password-protected. Read More

Must-See TV

Cyber Security Expert Inadvertently Pitches Amazing TV Show

Are you not entertained? (Photo:  flickr.com/dullhunk

Today the Guardian features an interview with John Arquilla, who is a a professor of defence analysis at the US Naval Postgraduate School. In it, he argues that the government’s time and energy would be better spent recruiting black hats, rather than arresting them: “The brilliance of hacking experts could be put to use on behalf of the US in the same way as German rocket scientists were enlisted after the second world war.”

We can’t imagine the Anons would like to compared to Nazis, in any analogy. Nor is his argument that ne’erdowells can be flipped terribly novel. But in making his case, it started to sound like perhaps Mr. Arquilla has a different agenda. Read More

This Message Will Self-Destruct In 3...

In Fitting Mission Impossible-Style Conclusion, Flame Malware Self-Destructs

Sorry, we can't help ourselves. (http://commons.wikimedia.org/)

Could the Flame malware infection be any more straight out of a spy movie? Answer: nope. Ars Technica reports that attackers have now issued a “suicide” command to the infected computers, thereby essentially scrubbing its tracks.

Discovered by Kaspersky Lab, the malware has made headlines because of the eye-catching little detail that, at 20 megabytes, it’s much bigger than the dreaded Stuxnet and designed to collect dirt on the user of the infected machine. That said, it’s not a particularly far-reaching infection, targeting largely computers in the Middle East, including Iran. Unsurprisingly, it’s thought to be nation-state designed, rather than the work of cyber criminals. Cyber criminals can probably jack your password without designing something that big.  Read More

When Hackers Attack

Report: Hacktivists Continue to Worry the Hell Out of IT

anonymous pirates

Anonymous and its ilk continue to scare the bejesus out of the Internet. Judging from this research report from cyber security firm Bit9, IT pros are braced for all kinds of hacktivist havoc.

The firm surveyed 1,861 IT and security pros, the majority from organizations bigger than 500 employees. 64 percent expect to face cyber attacks in the next six months, and 61 percent point to Anonymous and its hacktivist fellow travelers as the most likely attackers. More generally, a solid two-thirds of respondents believe we’re really seeing an uptick in the rate of attacks, thanks to more hackers, stronger state-sponsored efforts, and so forth. They’re not exactly pulling that out of thin air, either. For one thing, attacks on financial companies tripled year-over-year in the first quarter of 2012. Read More