October 2013 – MIIS Cyber Initiative

Troubles with TOR

Daniel Gifford Blog October 31, 2013February 5, 2015 0 Comment

The Onion Router has long been thought to be one of the best methods for maintaining anonymity of internet traffic, and has even been assailed by the NSA as a hard problem, leading them to use workarounds to circumvent the network and attack specific users However, new research presented by a team from the US Naval Research Lab and Georgetown University has found that with specific methods they designed:

“Tor faces even greater risks from trafﬁc correlation than previous studies suggested. An adversary that provides no more bandwidth than some volunteers do today can deanonymize any given user within three months of regular Tor use with over 50% probability and within six months with over 80% probability.”

Traffic correlation and nodes controlled by malicious actors have both been considered as a major risk to TOR for a significant amount of time. This new research quantifies the problem and the danger to users of the service, and with any luck may lead to changes in the system to mitigate said risks.

Round-table on “Defending an Open, Global, Secure and Resilient Internet” in San Francisco

Daniel Gifford Events, Key-Leader Engagement October 31, 2013April 21, 2015 0 Comment

31 October 2013: MIIS Provost Dr. Amy Sands and MIIS CySec Director Dr. Itamara Lochard participated at a small Council on Foreign Relations round-table on “Defending an Open, Global, Secure and Resilient Internet” in San Francisco, CA. The event included key leaders in Silicon Valley and was closed to the public.

The Malware of Things

Daniel Gifford Blog, Botnets October 31, 2013February 5, 2015 0 Comment

A pair of dueling intelligence exploitation revelations have given the ongoing Snowden releases a run for their money. The first is the allegation that Russia provided poisoned gifts to delegates at the G20 summit. The complementary USB sticks and telephone chargers which they distributed to attendees came with trojan software installed (in the case of the USB sticks) while the cell phone chargers had the ability to slurp data from phones connected to them and send it onward to quarters unknown. Apparently the malware accessories were first recognized as hacking devices by Herman Von Rompuy’s staff. There have been official statements that the devices were not used by any heads of states, but there are indications they may have been picked up by various members of their staffs. Russia has made an official denial of any involvement with the hacking attack, instead stating that this revelation is merely an attempt to distract the world from the NSA spying scandal. There has also been a report published (first in Russian media) that Russian customs officials had seized a number of electric coffeepots, imported from China, which when plugged in search for unlocked wireless networks and then start distributing malware and sending spam emails.

Undoubtedly this sort of situation is not what futurists predicting an “Internet of Things” anticipated. However, we must come to the conclusion that with ubiquitous computing will come ubiquitous malware and exploitative software. It may not yet be time to lie awake at night worrying if your toaster is hacking into your email and changing the controls on your fridge and your TiVo, but the hour certainly draws near.

Google Rolls Out New “Digital Attack Map” Tool

Daniel Gifford Blog, Botnets October 29, 2013February 5, 2015 0 Comment

Google has unveiled a new tool that allows real-time and historical display of digital attack traffic. Foreign Policy has done an excellent write-up on the new tool here. The tool gives you the ability to see ongoing DDOS and scanning attacks, and their source and destination countries (if known).

Admiral Stavridis Advocates for a Leadership Separation of the NSA and Cyber Command

Daniel Gifford Blog October 29, 2013February 5, 2015 0 Comment

Admiral (USN ret.) Stavridis has written an article in Foreign Affairs assailing the current leadership structure for US Cyber Command. Under the current regime, General Keith Alexander is the head of both the NSA and the DoD’s Cyber Command. Stavridis argues that in the coming months after General Alexander’s planned retirement it would be good for both organizations if there were separate leadership. Given the substantial operational overlap between the two groups, and their shared location at Ft. Meade the decision was made to have both of them headed by the same individual. However, given the rise of importance of cyber issues in government national security policy-making, it may well be a good idea to head off bureaucratic problems by bringing in separate leadership.

Dan Gifford MCySec Media Manager

Speaker Series: Jonathan Reiber – 24 October 2013

Daniel Gifford Events, Speaker Series October 24, 2013April 21, 2015 0 Comment

24 October 2013: Jonathan Reiber, Chief Strategy Officer in the Cyber Policy Office of the U.S Under Secretary of Defense, spoke to MIIS and NPS students, faculty and staff about the U.S. Department of Defense’s Cyber Security policy strategy.

Launch of First NATO Cyber Defense Training in the Balkans: 21-26 October 2013

Daniel Gifford Events, Executive Education, Key-Leader Engagement October 22, 2013June 17, 2015 0 Comment

21-26 October 2013: MIIS Cyber Director Dr. Lochard helped launch the first NATO cyber defense training in the Balkans, in Ohrid, Macedonia sponsored by the NATO Science for Peace and Security Programme of the Emerging Security Challenges Division. She assisted in establishing this effort over the past year with hosts from Macedonia and Slovenia. Participants included an interdisciplinary mix of representatives in academia, industry, international organizations, NGOs and mid- to senior-level political-military leaders from Albania, Bosnia-Herzegovina, Bulgaria, Croatia, Italy, Macedonia, Montenegro, Serbia, Slovenia and the U.S. from the private sector, academia and government ministries. This inaugural step is the first in a series of planned efforts aims to increase awareness on cyber security, mitigate cyber threats and create stability in the region by fostering cooperation on cyber matters.

Novel Fingerprinting Technique Identifies Phones Using Accelerometer Data.

Daniel Gifford Blog October 15, 2013February 5, 2015 0 Comment

Hristo Bojinov and other researchers at Stanford have discovered a new way of digitally fingerprinting mobile devices. The method works off the fact that the accelerometers used in smart phones all have unique measurement errors after rolling off the assembly line. These errors can be found by setting the phone on a flat surface, tapping it, then flipping it over. The researchers have stood up a proof of concept site where users can find the accelerometer fingerprint of their own device.

The technique could be used by advertisers and by surveillance agencies as a method of tracking and identifying mobile devices. The current favored method for this operation, putting tracking cookies on the piece of hardware, is subject to a number of constraints. Not the least of these being that the users can delete the cookies to give themselves a fresh start in the tracking system.

Dan Gifford – MCySec Media Manager

Greek Foreign Ministry’s Email Server Hacked by Anonymous

Daniel Gifford Blog October 15, 2013February 5, 2015 0 Comment

More than 3700 documents, ranging from press releases to restricted intelligence assessments have been leaked online by hackers operating under the banner of Anonymous. The documents were obtained through hacking the email servers of the Greek Foreign Ministry and the Organisation for Security and Cooperation in Europe (OSCE). In light of the Greek government’s imminent assumption of the rotating EU presidency come January, security lapses on this scale are certainly troubling.

The attack occurs within the context of a recent Anonymous campaign against the Golden Dawn political party and rising dissatisfaction with austerity policies. The hackers may be attempting to find links within the Greek Government and the OSCE to the Golden Dawn and to other political initiatives in Europe that they find troubling, such as the Internet Crime Units of the European Union Agency for Network and Information Security (ENISA). Their communique regarding the hacking attack can be found here.

Dan Gifford – MCySec Media Manager

“Paunch” Punches Out, Blackhole Kit Hits the Rocks

Daniel Gifford Blog, Botnets October 15, 2013February 5, 2015 0 Comment

The Blackhole Exploit Kit, one of the more popular methods of delivering criminal malware to unsuspecting users, has run into a number of difficulties in the last few days. The leading crimeware kit, which has usually been updated as often as twice a day to stay ahead of antivirus detection rules, has not been updated in over a week. This comes amid rumors of the arrest of “Paunch”, the kit’s creator, in Russia. Russian authorities have confirmed the arrest to Europol and news agencies.

The Blackhole kit is by far the most popular exploit injection architecture in recent use, and typically operates through using infected sites to foist java vulnerabilities and criminal malware on unsuspecting surfers, though it has also been used to attack users through phishing emails with links to malicious sites. While other services are used to manage the development of the specific exploit payloads (Zeus is a standout in this category), the objective of the Blackhole kit and similar programs is serving these payloads up to users using java and other platform vulnerabilities. The arrest of “Paunch” will no doubt lead to the market migrating to other service providers. It must be remembered that this niche is incredibly lucrative- user licenses for Blackhole cost up to $50 per day, or $500 per month.

Dan Gifford – MCySec Media Manager

← Previous