Monthly Archives: April 2012

Bernard, N., & Leprévost, F. (2012). Beyond TOR: The TrueNyms Protocol. Security and Intelligent Information Systems, 7053, 68-84. Retrieved from

How to hide who is communicating with whom? How to hide when a person is communicating? How to even hide the existence of ongoing communications? Partial answers to these questions have already been proposed, usually as byproducts of anonymity providing systems. The most advanced one available today is Onion-Routing and is implemented in Tor and I2P. Still, Onion-Routing is exposed to a series of serious attacks. The current paper classifies these series of attacks, and announces the TrueNyms unobservability protocol. We describe here how TrueNyms handles one of the families of attacks applying to the current Onion-Routing system, namely traffic analysis on the “shape”, and give some evidence on its performance. Developed since 2003, TrueNyms is not anymore an academic answer to a privacy problem, but is a heavily tested and efficient product providing unobservability and anonymity. Although it cannot be used (for the time-being) for very low-latency applications like telephony over IP, TrueNyms can be efficiently used for most low-latency applications like Web browsing and HTTP-based protocols (RSS for instance), Instant Messaging, File transfers, audio and video streaming, remote shell, etc. TrueNyms allows parties to communicate without revealing anything about the communication — including its very existence — to any observer, despite how powerful such an observer might be.

Bradbury, D. (2012, April). SCADA: A critical vulnerability. Computer Fraud and Security, 2012(4), 11-14. [Full text available to UMUC students / faculty in ScienceDirect database.]

Are we at risk of a system meltdown of Hollywood proportions? A recent presentation highlighting critical vulnerabilities in some of our most popular industrial control systems suggests so. Project Basecamp, a vulnerability assessment exercise carried out by security firm Digital Bond, assessed levels of security in Supervisory Control And Data Acquisition (SCADA) products. It found them badly wanting.

Many control systems assume that they will be used within carefully controlled environments and react unpredictably – or disastrously – when sent unexpected input and yet we depend on them to run much of the critical infrastructure on which our daily lives depend. Danny Bradbury examines the dangers and asks what can be done.

Burt, J. (2012, April 24). Mac Flashback trojan started with compromised WordPress blogs. eWeek. Retrieved from

The Flashback malware that eventually infected more than 600,000 Macs worldwide probably started from tens of thousands of WordPress blog sites that had been hacked into and compromised, according to researchers at Kaspersky Lab.

Caldwell, T. (2012, April). Locking down the e-wallet. Computer Fraud and Security, 2012(4), 5-8. [Full text available to UMUC students / faculty in ScienceDirect database.]

The Google Wallet mobile app made the e-wallet concept mass market, but security breaches were not far behind. A focal point of malware writers seems to be banking trojans that attack the highly secured connection between the bank and the user.

Tracey Caldwell examines the security threats facing e-wallets and sets out a number of approaches to securing e-wallets, from using the Secure Element, to optical tokens and cloud-based authentication. She also discusses the role that retailers, merchants and telco companies may play in e-wallet security in the future.

Cobb,  M. (2012, April). How did they get in? A guide to tracking down the source of APTs [InformationWeek]. Retrieved from

If you think that your organization hasn’t been affected by an advanced persistent threat, you probably haven’t looked hard enough. Identifying that your organization is under attack is difficult enough; determining the scope of infiltration and damage presents a whole new level of challenge. To effectively protect against APTs, security pros will need to employ an arsenal of tools in a coordinated fashion, as well as develop new understandings of and approaches to system and data exploits.

Cook, T. (2012, April 24). A regular expression search primer for forensic analysts [SANS]. Retrieved from

Often forensic texts and articles assume a level of experience and comfort with Linux command line string searching and text manipulation that a reader does not possess. This assumption tends to leave the reader to their own devices to puzzle out how to locate and extract specific string content from files. The focus of this paper is to introduce the reader to Linux string search and text manipulation commands and provide specific use cases and search patterns that will be of use to Forensic Analysts. 

Electronic Frontier Foundation. (2012). Map of domestic aerial drone authorizations. Retrieved from

From a related article: This week the Federal Aviation Administration (FAA) finally released its first round of records in response to EFF’s Freedom of Information Act (FOIA) lawsuit for information on the agency’s drone authorization program. The agency says the two lists it released include the names of all public and private entities that have applied for authorizations to fly drones domestically. These lists—which include the Certificates of Authorizations (COAs), issued to public entities like police departments, and the Special Airworthiness Certificates (SACs), issued to private drone manufacturers—show for the first time who is authorized to fly drones in the United States.

Erdbrink, T. (2012, April 24). Facing cyberattack, Iranian officials disconnect some oil terminals from internet. New York Times. [Full text available to UMUC students / faculty in ProQuest Newspapers database.]

Iran disconnected several of its main Persian Gulf oil terminals from the Internet on Monday, local news media reported, as technicians were struggling to contain what they said were intensifying cyberattacks on the Oil Ministry and its affiliates.

Iranian officials said the virus attack, which began in earnest on Sunday afternoon, had not affected oil production or exports, because the industry is still primarily mechanical and does not rely on the Internet. Officials said they were disconnecting the oil terminals and possibly some other installations in an effort to combat the virus.

Farivar, C. (2012, April 23). Cellphone industry opposes California location privacy bill. Ars Technica. Retrieved from

On Tuesday, the California Senate Public Safety Committee is hearing arguments on the California Location Privacy Bill (SB 1434). It’s a new bill that would provide more consumer protection for law enforcement access to mobile phones. As currently written, it would require a warrant before police gain access to location information, and would also require that mobile phone companies disclose how often and why they are giving up this information as a way to monitor proper use of this law.

Not surprisingly, the Electronic Frontier Foundation and the ACLU of Northern California have been arguing in favor of the new bill. Who’s against? Why, it’s CTIA, the industry trade group of the cellphone industry.

Fisher, D. (2012, April 24). Security experts, internet engineers urge lawmakers to drop CISPA. threatpost. Retrieved from

A long list of security, networking and computer science experts have signed a letter sent to lawmakers on Monday, asking them to drop support for CISPA and other proposed cybersecurity bills because they consider the measures overly broad and say they would infringe on users’ privacy and civil liberties. The group, which includes Bruce Schneier, Peter Neumann and others, said the bills’ focus on allowing the sharing of users’ traffic with government agencies would “unnecessarily trade our civil liberties for the promise of improved network security.”

The Cyber Intelligence Sharing and Protection Act (CISPA) has become a focus of criticism and ire from a number of groups who oppose the bill’s provision that could allow ISPs to turn over traffic from their networks to government agencies as part of a program to share information on security threats and attacks. Critics have said that this could amount to wiretapping without the knowledge of the users whose data is captured and shared.

Goodin, D. (2012, April 23). TV based botnets? DoS attacks on your fridge? More plausible than you think. Ars Technica. Retrieved from

It’s still premature to say you need firewall or antivirus protection for your television set, but a duo of recently diagnosed firmware vulnerabilities in widely used TV models made by two leading manufacturers suggests the notion isn’t as far-fetched as many may think.

The most recent bug, found in a wide range of high-definition TVs from Samsung, was disclosed on Thursdayby Luigi Auriemma, an Italy-based researcher who regularly finds security flaws in Microsoft Windowsvideo games, and even the industrial-strength systems used to control dams, gas refineries, and other critical infrastructure. While poking around a Samsung D6000 model belonging to his brother, he inadvertently discovered a way to remotely send the TV into an endless restart mode that persists even after unplugging the device and turning it back on.

Holleman, J. (2012, April 20). Personal data for 228,000 in SC compromised. The State. Retrieved from

A state employee inappropriately gained access to personal information for more than 228,000 Medicaid beneficiaries, a security breach that prompted the Department of Health and Human Services to take measures to offer credit protection services to the individuals involved.

Christopher Lykes Jr., 36, of Swansea, was arrested Thursday and charged with five counts of violating medical confidentiality laws and one count of disclosure of confidential information, according to SLED. Lykes also is a former member of the executive committee of the Lexington County Democratic Party.

Mansfield-Devine, S. (2012, April). Interview: BYOD and the enterprise network.  Computer Fraud and Security, 2012(4), 14-17. [Full text available to UMUC students / faculty in ScienceDirect database.]

Bring Your Own Device (BYOD) is a trend that many organisations are confused or concerned about. In this interview, Frank Andrus, CTO at Bradford Networks, explains that data leaks, malware and hacking aren’t the only issues. There are more fundamental concerns with how your networks are managed. And the solution might be to work with your users, rather than simply trying to control them.

Moyle, E., & Kelly, D. (2012, April 20). Federal government cybersecurity survey [InformationWeek]. Retrieved from 

InformationWeek surveyed 106 federal IT professionals in March on the cybersecurity threats faced by their agencies and their strategies for dealing with them. The detailed survey results, and our analysis of how they correlate to the White House’s cybersecurity policy initiatives, are contained in this report.

InformationWeek asked survey respondents about their progress in meeting national cybersecurity objectives, barriers to progress, areas of investment and the threat landscape. While the threats are varied and significant, our data suggests that progress is being made. A majority of those surveyed rated their agency’s cybersecurity readiness as good or excellent, and only a minority reported an information security breach in the past three months.

Pear, R. (2012, April 27). House votes to approve disputed hacking bill. New York Times. [Full text available to UMUC students / faculty in ProQuest Newspapers database.]

Defying a veto threat from President Obama, the House on Thursday passed a bill that encourages intelligence agencies and businesses to share information about threats to computer systems, including attacks on American Web sites by hackers in China and other countries.

The vote was 248 to 168, as 42 Democrats joined 206 Republicans in backing the bill. The “no” votes were cast by 140 Democrats and 28 Republicans, including a number who described the measure as a potential threat to privacy and civil liberties.

Prince, B. (2012, April 23). FBI: Kill DNSChanger trojan or prepare to lose internet access. SecurityWeek.  Retrieved from

The FBI is advising people to check their computers for DNSChanger malware before infected computers are essentially shut off from the Internet.

Come July 9, the DNS servers set up by the government to take the place of malicious servers controlled by a gang behind a spate of DNSChanger infections will be taken offline. This means that computers using those servers that have not been cleaned of the malware will not be able to connect to the Internet via any connection requiring DNS resolution. Hoping to avoid a catastrophe for potentially hundreds of thousands of users, the FBI is encouraging people to visit the website for the DNSChanger Working Group (DCWG), which can alert them as to whether or not they are infected and offer information about how to fix the problem.

Roberts, P. (2012, April 23). Google ups bounty for bugs for $20,000. threatpost. Retrieved from 

Search giant Google said it is quintupling the top bounty it will pay for information on security holes in its products to $20,000.  In a post on the company’s Online Security Blog, Google said it was updating its rewards and rules for the bounty program, which is celebrating its first anniversary. In addition to a top prize of $20,000 for vulnerabilities that allow code to be executed on product systems, Google said it would pay $10,000 for SQL injection and equivalent vulnerabilities in its services and for certain vulnerabilities that leak information or allow attackers to bypass authentication or authorization features.

Terry, K. (2012, April 24). Should FDA assess medical device defenses against hackers? InformationWeek. Retrieved from

The vulnerability of wireless medical devices to hacking has attracted attention in Washington. Although there has not yet been a high-profile case of such a cyber-attack, the Information Security and Privacy Advisory Board, which advises the Office of Management and Budget (OMB) and the National Institute of Standards and Technology (NIST), recently proposed that the Food and Drug Administration (FDA) or another federal agency assess the security of medical devices before they’re sold.

United States. Department of Energy. (2012, April 25). Version 4 critical infrastructure reliability standards. Retrieved from

Under section 215 of the Federal Power Act, the Federal Energy  Regulatory Commission (Commission) approves eight modified Critical Infrastructure  Protection (CIP) Reliability Standards, CIP-002-4 through CIP-009-4, developed and  submitted to the Commission for approval by the North American Electric Reliability  Corporation (NERC), the Electric Reliability Organization certified by the Commission.   The CIP Reliability Standards provide a cybersecurity framework for the identification  and protection of “Critical Cyber Assets” to support the reliable operation of the BulkPower System. Reliability Standard CIP-002-4 requires the identification and  documentation of Critical Cyber Assets associated with “Critical Assets” that support the  reliable operation of the Bulk-Power System and introduces “bright line” criteria for the  identification of Critical Assets.

Whistleblower: The NSA is lying – U.S. government has copies of most of your emails. (2012, April 20). Democracy Now. Retrieved from

National Security Agency whistleblower William Binney reveals he believes domestic surveillance has become more expansive under President Obama than President George W. Bush. He estimates the NSA has assembled 20 trillion “transactions” — phone calls, emails and other forms of data — from Americans. This likely includes copies of almost all of the emails sent and received from most people living in the United States. Binney talks about Section 215 of the USA PATRIOT Act and challenges NSA Director Keith Alexander’s assertion that the NSA is not intercepting information about U.S. citizens [audio, with transcript.]

More from: Wired: The NSA is building the country’s biggest spy center (watch what you say); Wired: James Bamford on how the NSA’s new spy center may know everything; IXmaps: NSA listening posts.

Xu, Z., Bai, K., & Zhu, S. (2012, April). TapLogger: Inferring user inputs on smartphone touch-screens using onboard motion sensors. Paper presented at the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Tucson, AZ. Retrieved from

Today’s smartphones are shipped with various embedded motion sensors, such as the accelerometer, gyroscope, and
orientation sensors. These motion sensors are useful in supporting the mobile UI innovation and motion-based commands. However, they also bring potential risks of leaking user’s private information as they allow third party applications to monitor the motion changes of smartphones.  In this paper, we study the feasibility of inferring a user’s tap inputs to a smartphone with its integrated motion sensors. Specifically, we utilize an installed trojan application to stealthily monitor the movement and gesture changes of a smartphone using its on-board motion sensors. When the user is interacting with the trojan application, it learns the motion change patterns of tap events. Later, when the user is performing sensitive inputs, such as entering passwords on the touchscreen, the trojan application applies the learnt pattern to infer the occurrence of tap events on the touchscreen as well as the tapped positions on the touchscreen. For demonstration, we present the design and implementation of TapLogger, a trojan application for the Android platform, which stealthily logs the password of screen lock and the numbers entered during a phone call (e.g., credit card and PIN numbers). Statistical results are presented to show the feasibility of such inferences and attacks.

Zetter, K. (2012, April 25). Equipment maker caught installing backdoor account in control system code. Wired. Retrieved from

A Canadian company that makes equipment and software for critical industrial control systems planted a backdoor login account in its flagship operating system, according to a security researcher, potentially allowing attackers to access the devices online.

The backdoor, which cannot be disabled, is found in all versions of the Rugged Operating System made by RuggedCom, according to independent researcher Justin W. Clarke, who works in the energy sector. The login credentials for the backdoor include a static username, “factory,” that was assigned by the vendor and can’t be changed by customers, and a dynamically generated password that is based on the individual MAC address, or media access control address, for any specific device.

More from ArsTechnica: Backdoor in mission-critical hardware threatens power, air-traffic control systems.

Zetter, K. (2012, April 25). VMWare source code leak follows alleged hack of Chinese defense contractor. Wired. Retrieved from

Source code belonging to VMWare has leaked to the internet after apparently being stolen by a hacker who claims to have obtained it from a Chinese firm’s network.


Abeyratne, R. (2012). Cyber terrorism and aviation – national and international responses. Journal of Transportation Security, 4(4), 337-349. doi:10.1007/s12198-011-0074-3  [Full text can be requested by UMUC students / faculty from DocumentExpress.]

This article contains an analysis of what cyber crimes are as against cyber terrorism, measures taken to counter the threat along with a legal analysis of the threat as it affects aviation and addresses several issues, including a discussion on some national efforts at curbing the problem in some prominent jurisdictions.

Baumgartner, K. (2012, April 19). OS X mass exploitation – why now? SecureList. Retrieved from

Market share! It’s an easy answer, but not the only one.

In 2011, Apple was estimated to account for over 5% of worldwide desktop/laptop market share. This barrier was a significant one to break – Linux maintains under 2% market share and Google ChromeOS even less. This 15 year peak coincided with the first exploration by the aggressive FakeAv/Rogueware market targeting Apple computers, which we discovered and posted in April 2011 and later in May 2011, which no longer seem to be such an odd coincidence. Also, the delay in Apple malware until now most likely was not because Apple exploits were unavailable, or because the Mac OS X system is especially hardened. The 2007 “Month of Apple Bugs” demonstrated that the Mac OS X and supporting code is full of exploitable flaws. Safari, Quicktime, and other software on Apple devices is regularly exploited during pwnage contests, but widespread cybercrime attention hadn’t caught on until this past year. [Also on SecureList this week: Spam campaign on Twitter leads to rogue AV.]

Dwyer, J. (2012, April 18). Using his software skills with freedom, not a big payout, in mind. New York Times. [Full text available to UMUC students / faculty in ProQuest Newspapers database.]

Nadim Kobeissi, master hacker, summoned for interrogation multiple times as a teenager by cyber-intelligence authorities in Beirut, Lebanon, sat in the backyard of a restaurant in Brooklyn, astounded that he was being treated to lunch.  “Please,” he protested, “you shouldn’t pay for my omelet.”

Mr. Kobeissi, 21, now a college student in Montreal, spent the weekend in New York City with elders of his tribe, software code writers who have ambitions that do not involve making suitcases of money off clever applications for sharing photographs online.

This group was building a project called Cryptocat, which has a simple, countercultural goal: people should be able to talk on the Internet without being subjected to commercial or government surveillance.

Ghani, H., Khelil, A., Suri, N., Csertán, G., Gönczy, L., & Urbanics, G. (2012). Assessing the security of internet-connected critical infrastructures. Security and Communications Networks [in press]. doi:10.1002/sec.399  [Full text can be requested by UMUC students / faculty from DocumentExpress.]

Because the Internet of Things (IoT) pervasively extends to all facets of life, the “things” are increasingly extending to include the interconnection of the Internet to critical infrastructures (CIs) such as telecommunication, power grid, transportation, e-commerce systems, and others. The objective of this paper is twofold: (i) addressing IoT from a CI protection (CIP) and connectivity viewpoint, and (ii) highlighting the need for security quantification to improve the quality of protection (QoP) of CIs. Using a financial infrastructure as an example, a CIP and trust quantification perspective is built up. To this end, we are developing a novel security metrics-based approach to assess and thereon enhance the CIP. We focus on the communication level of the CI where IoT is playing an increasingly important role with respect to sensing and communication across CI elements. Determining the security and dependability level of the communication over the CI constitutes a basic precondition for assessing the QoP of the whole CI, which is needed for any efforts to improve this QoP. Because metrics play a central role for such quantification, this paper develops their QoP use from an IoT perspective, and a reference implementation along with experimental results is presented.

Guess, M. (2012, April 19). Accused Estonian fraudster extradited to the US appears in federal court. Ars Technica. Retrieved from

An Estonian man has been extradited to New York to face charges he was part of a hacking gang that infected more than 4 million computers with malware as part of a massive click-fraud scheme.

Haimes, Y. V., & Chittister, C. C. (2012). Risk to cyberinfrastructure systems served by cloud computing technology as systems of systems. Systems Engineering [in press]. doi:10.1002/sys.20204 [Full text can be requested by UMUC students / faculty from DocumentExpress].

Building on systems-based philosophy, theory, methodology, and practice, the challenges associated with modeling, assessing, managing, and communicating the multidimensional risk to cyberinfrastructure systems (CIS) serviced by cloud computing technology (CCT) as systems of systems (SoS) are explored. The article raises concerns about the euphoria in the literature about CCT and stresses the importance of understanding the complex process of modeling, assessing, managing, and communicating the risks associated with CIS-CCT. Several themes are highlighted: the theory of scenario structuring; the epistemology of the states of the CIS-CCT systems; the role of systems integration in CIS-CCT; the risk to CIS-CCT from malicious insiders’ intrusion; the complex definition and quantification of the risk function associated with CIS-CCT systems; and modeling the multiple perspectives of CIS-CCT, focusing on hierarchical holographic modeling (HHM) and phantom system models (PSM). The paper concludes with an epilogue and list of references.

Johnson, N. B. (2012, April 18). House committees approve 2 cybersecurity bills. Federal Times.  Retrieved from

Two cybersecurity bills were approved by House committees on Wednesday. Those bills — as well as a third cybersecurity bill — are expected to be considered on the House floor as soon as next week.  The House Oversight and Government Reform Committee passed HR 4257, the 2012 Federal Information Security Amendments Act, which would require agencies to continuously monitor the security of federal information systems. The bill would also require agencies to appoint a chief information security officer or senior official to oversee information security programs and enforce compliance.

Johnson, S. (2012, April 16). Bay area companies team up with feds to fight cyber crime. San Jose Mercury News. Retrieved from

Warning that this country is threatened by potentially devastating cyberattacks, America’s national security community is rushing to recruit the Bay Area’s private sector to counter the assaults.  On Monday, in a sign these concerns are shared at the highest levels of the Obama administration, Homeland Security Secretary Janet Napolitano will make a personal pitch for help to tech companies in San Jose. And Congress is mulling several bills to encourage government and business to share intelligence about the computerized threats.

Kravets, D. (2012, April 16). Contradicting a federal judge, FCC clears Google in wifi sniffing debacle. Wired. Retrieved from

The Federal Communications Commission is clearing Google of wrongdoing in connection to it secretly intercepting Americans’ data on unencrypted Wi-Fi routers.

Krebs, B. (2012, April 16). Microsoft responds to critics over botnet bruhaha. Krebs on Security. Retrieved from

Given the strong feelings that Microsoft’s actions have engendered in the Fox IT folks and among the larger security community, I reached out to Richard Boscovich, a former U.S. Justice Department lawyer who was one of the key architects of Microsoft’s legal initiative against ZeuS. One complaint I heard from several researchers who believed that Microsoft used and published data they uncovered was that the company kept the operation from nearly everyone. I asked Boscovich how this operation was different from previous actions against botnets such as Rustock and Waledac. [Also this week, Krebs on smart meter hacking.]

Lee, S., Lee, K., Park, J. H., & Lee, S. (2012). An on-site digital investigation methodology for data leak case. Security and Communications Networks [in press]. doi:10.1002/sec.405  [Full text can be requested by UMUC students / faculty from DocumentExpress].

The ever growing storage device capacity poses a severe limit to the standard digital forensics collection procedures based on duplicating the original storage device by creating a bit-by-bit copy. Such a traditional procedure is followed, even if the goal of the investigation is to find a limited quantity of digital objects to support or refute an investigative hypothesis related to a precise case category. Therefore, in this paper, we propose a new methodology to deal with data leak cases, by applying an intelligent collection paradigm, a fast analysis approach that reduces investigation time.

Lennon, M. (2012, April 18). Researchers discover new malware targeting hotel POS systems. SecurityWeek. Retrieved from

Security researchers from Trusteer have shared details on a recently discovered Remote Access Trojan (RAT) attack designed to steal credit card details from hotel point of sale computer systems.

Targeting the hospitality industry has its benefits, as a successful infection could yield information on many individuals, making it much more lucrative for the attackers over a typical infection of a personal system, which Trusteer says typically exposes 1-2 accounts. [Also from SecurityWeek this week: Antisec targets Michigan law enforcementSabPub malware linked to LuckyCat attacks.]

Mills, E. (2012, April 2o). Crime and punishment: Harsh fate for accused LulzSec hackers? CNET. Retrieved from

The Anonymous defendants arrested last month for allegedly breaking into corporate networks, stealing data, and defacing Web sites as part of LulzSec are likely to have an extended vacation at Club Fed, experts say.  With well-known victims like Sony, Fox Broadcasting, and the FBI, prosecutors will want to make examples of those arrested in the Anonymous-related hacking cases in the hopes that it will send a message to others.

“I believe they will (get harsh treatment),” Michael Bachmann, assistant professor of criminal justice at Texas Christian University, told CNET in a recent interview. [Also from CNET this week: CISPA bill ‘not being rushed through’Can the U.S. prevent a digital sneak attack?]

Raza, S., Duquennoy, S., Höglund, J., Roedig, U., & Voigt, T. (2012). Secure communication for the internet of things – a comparison of link-layer security and IPsec for 6LoWPAN. Security and Communications Networks [in press]. doi:10.1002/sec.406  [Full text can be requested by UMUC students / faculty from DocumentExpress.]

The future Internet is an IPv6 network interconnecting traditional computers and a large number of smart objects. This Internet of Things (IoT) will be the foundation of many services and our daily life will depend on its availability and reliable operation. Therefore, among many other issues, the challenge of implementing secure communication in the IoT must be addressed. In the traditional Internet, IPsec is the established and tested way of securing networks. It is therefore reasonable to explore the option of using IPsec as a security mechanism for the IoT. 

Rockwell, M. (2012, April 13). Cyber attacks against financial services firms skyrocket, study says. Government Security News. Retrieved from

Cyber attacks against banks and financial services firms have gone into hyperdrive, according to a report by a security services firm that specializes in defending against Distributed Denial of Services (DDOS) attacks.

The security company, Prolexic, said its security engineering and response team logged three times the number of attacks against its financial services clients during the first quarter of 2012 compared to the fourth quarter of 2011, as well as a 3,000 percent increase in malicious packet traffic. The company said on April 11 that it had also mitigated more attack traffic in the current quarter than it did during all of 2011. [Also from GSN this week: Man linked to Anonymous charged with hacking Utah police websites.]

Smartgrid cybersecurity not keeping pace with deployment, survey finds. (2012, April 18). InfoSecurity. Retrieved from

Three-quarters of energy security professionals believe cybersecurity has not been adequately addressed in smart grid deployment, according to a survey by EnergySec and nCircle.

Also, 72% of energy security professionals believe smart grid cybersecurity standards are not adequate, and 61% believe that smart meters do not have sufficient security controls to protect against false data injection, according to a survey of 104 security professionals conducted in March. [Also in InfoSecurity this week: Google warns 20K webmasters about malicious redirectsNitol DDoS botnet traced to ChinaFake LinkedIn invitations deliver malware.]

[UPCOMING WEBCAST] Sophos. (2012, April 26). 3 steps to securing private data in the public cloud. Free registration at

It’s estimated that more than 50 million people have used public cloud storage services such as Dropbox to share and exchange files. These services make it easy to share and store data but they also create a new security challenge that often clash with existing IT data policies. We’ll discuss:

  • The security challenges of storing data in the cloud
  • Limitations of a digital “do-it-yourself” approach
  • Three simple steps to protecting data in the cloud

Takahashi, D., Xiao, Y., & Meng, K. (2012). Virtual flow-net for accountability and forensics of computer and network systems. Security and Communications Networks [in press]. doi:10.1002/sec.407  [Full text can be requested by UMUC students / faculty from DocumentExpress].

Information/secret leaking cannot always be recorded in digital log files. In other words, in log files, not all information/events are recorded, and it is thus impossible to trace the paths of secret leaking on the basis of log files alone. In this paper, to resolve the difficulty of the lack of information, we utilize user–relationship graphs, or social networks, to compensate for the required information. We also utilize a probabilistic analysis to build virtual links to follow information flows. User–relationship graphs are constructed from several flow-net data structures over a longer period so that we can avoid missing embedded threats such as hostile codes. We call this approach virtual flow-net.

United States. Department of Education. (2012, April 19). U.S. Department of Education releases blueprint to transform career and technical education [press release]. Retrieved from

Today U.S. Secretary of Education Arne Duncan will visit the Des Moines Area Community College in Ankeny, Iowa, to release the Obama Administration’s blueprint for transforming Career and Technical Education (CTE), by reauthorizing the Carl D. Perkins Career and Technical Education Act of 2006. Secretary Duncan will hold a town hall to discuss how the Administration’s plan will ensure the education system provides high-quality job-training opportunities that reduce skill shortages, spur business growth, encourage new investment and hires, and spark innovation and economic growth.

Villenueve, N. (2012, April 20). Fake Skype encryption software cloaks DarkComet trojan. TrendMicro Malware Blog. Retrieved from

As the conflict in Syria persists, the Internet continues to play an interesting role. As we reported in a previous post, there have been targeted attacks against Syrian opposition supporters. With activists’ continued use of social media, it is not surprising to read reports of targeted phishing attempts to steal Facebook and YouTube credentials. A CNN report also revealed that a malware was being propagated through Skype, which brings us to another Skype-themed attack that we have uncovered. [Also from TrendMicro this week: Rogue Instagram site spreading malwareQ1 threats go mobileMore Tibetan-themed targeted attack ads.]

Henetz, P. (2012, April 6). Medicaid data breach far worse than reported. Salt Lake City Tribune. Retrieved from

A huge proportion of [Utah’s] Medicaid clients — two-thirds of them children — are victims of hackers who broke into an inadequately protected computer server at the Utah Department of Health, officials said Friday.

The cyber invasion started a week ago, with most of the data stolen from 181,604 Medicaid and Children’s Health Insurance Program recipients between Sunday night and Monday morning.  Of those clients, 25,096 appear to have had their Social Security numbers compromised. More from the New York Times.

Gallagher, S. (2012, April 11). Bad bots: DDos attacks spike in first quarter, outdoing all of 2011. Ars Technica. Retrieved from

The number of denial-of-service attacks in the first quarter of 2012 grew 25 percent compared with the same period of 2011, and was nearly equal to the number in the last three months of last year. Not only has the number of DDoS attacks not dropped from its seasonal high, but the volume of junk traffic being created by them has spiked dramatically—the company reports that it has fended off more malicious traffic in the first three months of 2012 than it did in all of 2011—9.5 petabytes of raw data, and 408 trillion network packets.

[NEW WEBCAST] Georgetown Institute for Law, Science, and Global Security. Second Annual International Engagement on Cyber. (2011, March 29). Retrieved from

Transcripts and video of all presentations, including panels chaired by Michael Hayden and Melissa Hathaway.

Lowensohn, J. (2012, April 11). Symantic cuts Flashback infection estimates in half. CNET. Retrieved from;title

The high-profile piece of malware that’s been estimated to have infected more than 600,000 users of Apple’s Mac OSX worldwide, is in considerably fewer machines now, according to a major security firm.

In a blog post today, software maker and security firm Symantec said that there are now fewer than half that number of machines with the infection, and that the number of active infections is on a downward trend.

More, and a removal tool from Kaspersky Labs.

Musil, S. (2012, April 10). Court narrows prosecutors’ use of anti-hacking law. CNET. Retrieved from

Warning that checking sports scores or updating Facebook could be considered a crime, a U.S. appeals court rejected the government’s broad interpretation of a nearly 30-year-old anti-hacking law in trying to prosecute a man for misappropriation of trade secrets.

In a 9-2 decision (PDF), the 9th U.S. Circuit Court of Appeals in San Francisco rejected the broad reading of the 1984 federal Computer Fraud and Abuse Act, warning that millions of Americans could be subjected to prosecution for harmless Web surfing at work.

Peck, M. (2012, April 2). Spy games. Foreign Policy. Retrieved from

Recent years have brought reports of the U.S. government eavesdropping on phone conversations, e-mails, even tweets — all in the name of fighting terrorism. But surely your Xbox must be safe from the prying eyes of Big Brother?

Not for long. You might not immediately think that slaying dragons or driving like a maniac through virtual streets is all that interesting to intelligence agents, but the U.S. government believes there might be law enforcement gold on your Xbox. Government researchers say that hacking into consoles will allow police to catch pedophiles and terrorists. Meanwhile, privacy advocates worry that gamers may leave sensitive data — and not just credit card information — on their Nintendos without knowing it.

Pellerin, S. (2012, April 11). DOD expands international cyber cooperation, official says. Armed Forces News Service. Retrieved

The Defense Department is moving beyond its traditional treaty allies to expand partnerships in cyberspace, a senior defense office said today.  Steven Schleien, DOD’s principal director for cyber policy, said DOD officials are working toward long-term goals of collective cyber self-defense and deterrence.

Schleien spoke at Georgetown University’s second annual International Engagement on Cyber here where experts from Washington, the Netherlands and Russia spoke about national security and diplomatic efforts in cyberspace before several hundred students and experts in the field.

Ragan, S. (2012, April 11). Anonymous launches attacks against trade associations and Boeing. SecurityWeek. Retrieved from

Two technology trade associations, TechAmerica and USTelecom, and one of the world’s largest defense contractors, Boeing, had their web sites knocked offline by Anonymous for their support and connections to the controversial CISPA bill. They are the latest in a string of targets selected by those supporting Anonymous’ Operation Defense (OpDefense).  Anonymous strongly opposes the Cyber Intelligence Sharing and Protection Act (CISPA). Their outrage over CISPA mirrors the sentiment put on display when they rallied behind those who stood against SOPA, ACTA, and PIPA.

Wheatman, V. (2012, April 11). Secure B2B and electronic data interchange [Gartner]. Retrieved from

EDI is a document format for official B2B correspondence used for business transactions such as purchase orders, invoices, shipping notices, financial transactions and health information. Security is often an afterthought in B2B processes. Organizations must determine how much security is enough.

Zetter, K. (2012, April 10). Board urges feds to prevent medical device hacking. Wired. Retrieved from

In the wake of increasing concern about the security of wireless medical devices, a privacy and security advisory board is calling on the government to grant the FDA or other federal entity the authority to assess the security of devices before they’re released for sale to the market.  The group also wants the government to establish a clear channel through the United States Computer Emergency Readiness Team for reporting security problems with medical devices — including pacemakers, defibrillators, and insulin pumps – so vulnerabilities can be easily tracked and addressed.



8th Conference on Security and Cryptography for Networks [Amalfi, Italy, Sept. 5-7, 2012]

17th European Symposium on Research in Computer Security [Pisa, Italy, Sept. 10-12, 2012]

15th Information Security Conference [Passau, Germany, Sept. 19-20, 2012]

17th Nordic Conference in Secure IT Systems [Karlskrona, Sweden, Oct 31 – Nov. 2, 2012]

3rd Conference on Decision and Game Theory for Security [Budapest, Hungary, Nov. 5-6, 2012]

28th Annual Computer Security Applications Conference [Orlando, FL, Dec. 3-7, 2012]

8th International Conference on Information Systems Security [Guwahati, India, Dec.15-19, 2012]

Alsaleh, M., & van Oorschot, P. C. (2012). Revisiting network scanning detection using sequential hypothesis testing. Security and Communications Networks [in press]. doi:10.1002/sec.416 [Full text can be requested by UMUC students / faculty from DocumentExpress.]

Network scanning is a common, effective technique to search for vulnerable Internet hosts and to explore the topology and trust relationships between hosts in a target network. Given that the purpose of scanning is to search for responsive hosts and network services, behavior-based scanning detection techniques based on the state of inbound connection attempts remain effective against evasion. Many of today’s network environments, however, feature a dynamic and transient nature with several network hosts and services added or stopped (either permanently or temporarily) over time. In this paper, working with recent network traces from two different environments, we re-examine the Threshold Random Walk (TRW) scan detection algorithm, and we show that the number of false positives is proportional to the transiency of the offered services. To address the limitations found, we present a modified algorithm (Stateful Threshold Random Walk (STRW) algorithm) that utilizes active mapping of network services to take into account benign causes of failed connection attempts. The STRW algorithm eliminates a significant portion of TRW false positives (e.g., 29% and 77% in two datasets studied).

Bronk, C. (2012, March). A government switchboard: Scalability issues in international cyber policymaking [Baker Institute]. Retrieved from

Twenty years ago, only a million computers were connected to the Internet, while today, perhaps as many as 2 billion people on the planet enjoy its use. What was once primarily a tool for scholarly communications has quickly become the key infrastructure for communicating at a distance. At the core of this growth is the remarkable scalability of Internet Protocol (IP). Whether YouTube videos and Twitter microblog posts or telephone calls and sensitive military communications, IP is the technological backbone of digital connectivity on planet Earth.

IP grants a standard for data communication that scales to almost every computing device on the planet. Because of this technology, and some exceptions notwithstanding, the last twenty years have been a period in which a message can be transmitted from one computer to another anywhere, in large part because the set of instructions for delivery have been open, understandable, and relatively easy to implement. The economic transformation ushered in by this connectivity is well underway, but its salient issues regarding politics, and more for the purposes of this paper, international politics, are sitll emerging. This is a newly constructed techno-informational space, often called “cyber” because there is something that clearly goes beyond just the delivery and receipt of data by IP.

Cheng, J. (2012, April 4). Flashback trojan reportedly controls half a million Macs and counting. Ars Technica. Retrieved from

Variations of the Flashback trojan have reportedly infected more than half a million Macs around the globe, according to Russian antivirus company Dr. Web. The company made an announcement on Wednesday—first in Russian and later in English—about the growing Mac botnet, first claiming 550,000 infected Macs. Later in the day, however, Dr. Web malware analyst Sorokin Ivan posted to Twitter that the count had gone up to 600,000, with 274 bots even checking in from Cupertino, CA, where Apple’s headquarters are located.

Chien, H., Yang, C., & Hou, H. (2012). Non-linearity cannot help RFID resist full-disclosure attacks and terrorist fraud attacks. Security and Communications Networks [in press]. doi:10.1002/sec.410 [Full text can be requested by UMUC students / faculty from DocumentExpress.]

As the concept of radio-frequency identification (RFID) relay attack has been successfully implemented and demonstrated, the research of RFID distance-bounding protocols to deter RFID relay attacks has drawn much attention from both the industry and academia. Conventionally, researchers adopted linear composition of secrets to resist terrorist fraud attacks. Recently, Peris-Lopez et al. studied the weaknesses of previous RFID distance-bounding protocols and proposed that non-linear composition of secrets and inclusion of more random nonce could help RFID resist key disclosure attack and terrorist fraud attack. In this paper, we will show that non-linear composition of secrets cannot help enhance the security actually.

Dewri, R., Ray, I., Poolsappasit, N., & Whitley, D. (2012). Optimal security hardening on attack tree models of networks: A cost-benefit analysis. International Journal of Information Security [in press]. doi:10.1007/s10207-012-0160-y [Full text can be requested by UMUC students / faculty from DocumentExpress.]

Researchers have previously looked into the problem of determining whether a given set of security hardening measures can effectively make a networked system secure. However, system administrators are often faced with a more challenging problem since they have to work within a fixed budget which may be less than the minimum cost of system hardening. An attacker, on the other hand, explores alternative attack scenarios to inflict the maximum damage possible when the security controls are in place, very often rendering the optimality of the controls invalid. In this work, we develop a systematic approach to perform a cost-benefit analysis on the problem of optimal security hardening under such conditions. Using evolutionary paradigms such as multi-objective optimization and competitive co-evolution, we model the attacker-defender interaction as an “arms race”, and explore how security controls can be placed in a network to induce a maximum return on investment.

Furman, S. M., Theofanos, M. F., Choong, Y., & Stanton, B. (2012, March-April). Basing cybersecurity training on user perceptions. IEEE Security and Privacy, 10(2), 40-49. [Full text available to UMUC students / faculty in IEEE Computer Society Digital Library database]. 

The National Initiative for Cybersecurity Education (NICE) will be conducting a nationwide awareness and outreach program to effect behavioral change. To be effective, an educational campaign must first understand users’ perceptions of computer and online security. The authors’ research objective was to understand users’ current knowledge base, awareness, and skills. They investigated users’ understanding of online security by conducting in-depth interviews with the goal of identifying existing correct perceptions, myths, and potential misperceptions. Their findings indicate that the participants were primarily aware of and concerned with online and computer security. However, they lacked a complete skill set to protect their computer systems, identities, and information online. Providing a skill set that lets them develop complete mental models will help them to correctly anticipate and adapt the appropriate behaviors when approaching online security.

[UPCOMING LARGO-AREA EVENT]: Surveillance, Security and the Net,  Goethe-Institut, Wed. 5/2/12, 12–2 pm. 

Each time we use the internet we leave traces. What are these traces, how long do they remain traceable, and who is interested in tracing them? The vast amount of information that circulates on the web is often less chaotic than might initially be expected, with thousands of companies and hundreds of governments collecting, selecting, and ordering data relevant to their particular interests. Does the data we supply regularly actually remain private and if so, what kind of “privacy” are we talking about here? How can personal data be protected? Should it also be secured when national security is at stake? Is our right to privacy enactable online? This edition of Lunch Bytes will examine the topic of surveillance and data security from the perspective of artists and experts who have addressed these themes in their work.  RSVP for this (free) event to

Goodin, D. (2012, April 1). Coolest jobs in tech: Hackers for hire. Ars Technica. Retrieved from

One spring day in 2010, a hacker named Kevin Finisterre knew he had hit the jackpot. A network he had been casing finally broadcast the live video and audio feed of a police cruiser belonging to a US-based municipal government. His jaw dropped as a computer in his home office in Columbus, Ohio showed the vehicle—with flashing blue lights on and siren blaring—charging down a road of the unnamed city.

A burly 31-year-old with glasses and pork-chop sideburns, Finisterre has spent more than a decade applying his combination of street smarts and technical skills to pierce digital fortresses. For instance, he once accessed the work account of an engineer for a large utility company. Finisterre used a pilfered profile from to trick the engineer into thinking he was interacting with a flirtatious 26-year-old woman, until the engineer finally coughed up enough personal information to make an attack on his corporate account successful. It’s not a bad way to earn a living.

Griffiths, M., & Brooks, D. J. (2012). Informing security through cultural cognition: The influence of cultural bias on operational security. Journal of Applied Security Research, 7(2), 218-238. doi:10.1080/19361610.2012.656256 [Full text can be requested by UMUC students / faculty from DocumentExpress.]

Cultural bias will influence risk perceptions and may breed “security complacency,” resulting in the decay of risk mitigation efficacy. Cultural Cognition theory provides a methodology to define how people perceive risks in a grid/group typology. In this study, the cultural perceptions of Healthcare professionals to access control measures were investigated. Collected data were analyzed for significant differences and presented on spatial maps. The results demonstrated correlation between cultural worldviews and perceptions of security risks, indicating that respondents had selected their risk perceptions according to their cultural adherence. Such understanding leads to improved risk management and reduced decay of mitigation strategies.

Hoffman, L. J., Burley, D., & Toregas, C. (2012, March-April). Holistically building the cybersecurity workforce. IEEE Security and Privacy, 10(2), 33-39. [Full text available to UMUC students /  faculty in IEEE Computer Society Digital Library database].

This article proposes a holistic approach to developing the cybersecurity workforce based on careful integration of workforce development strategies into a plan that involves educators, career professionals, employers, and policymakers. Observations of the healthcare model, along with the findings of a recent workshop on cybersecurity education, suggest some practical steps for such an approach. Computer science educators, human resources professionals, and cybersecurity practitioners should seek to attract computer science graduates to think beyond their stovepiped fields and collaborate to develop, accept, and implement holistic, integrated solutions.

Hogben, G., & Dekker, M. (2012, April 2). Procure secure: A guide to monitoring of security service levels in cloud contracts [European Network and Information Security Agency]. Retrieved from

A practical guide aimed at the procurement and governance of cloud services. This guide provides advice on questions to ask about the monitoring of security. The goal is to improve public sector customer understanding of the security of cloud services and the potential indicators and methods which can be used to provide appropriate transparency during service delivery. One-off or periodic provider assessments are a vital component of effective security management. However, they are insufficient without additional feedback in the intervals between assessments: they do not provide real-time information, regular checkpoints or threshold based alerting, as covered in this report.

Kavanagh, K. M. (2012, March 30). Research roundup for infrastructure protection, 4Q11 [Gartner].  [Full text available to UMUC students / faculty in Gartner database].

This roundup of Gartner research from 4Q11 provides security practitioners with advice on selecting, implementing and managing security technology for infrastructure protection.

Kim. D., Lee, T., Kang, J., Jeong, H., In, H. P. (2012). Adaptive pattern mining model for early detection of botnet-propagation scale. Security and Communications Networks [in press]. doi:10.1002/sec.366 [Full text can be requested by UMUC students / faculty from DocumentExpress.]

Botnets are a disastrous threat because they execute malicious activities such as distributed denial-of-service, spam email, malware downloads (such as eggdownloads), and spying by exploiting zombie PCs under their control. Botnets infect PCs on a huge scale by initially scanning the service ports of vulnerable applications for the purpose of propagation, which is leveraged as the size of the botnet increases. Therefore, it is of crucial importance to detect botnet-propagation activities early and to determine the expectedsize of the attack. To address this issue, this paper proposes to recreate botnets’ port-scanning patterns using a simple text classifier that represents these patterns as a kind of matrix. The patterns obtained are then used to train a hidden Markov model and to perform early detection using the trained model. Early detection is achievable by catching the onset of suspicious propagation immediately, and a size estimate is obtained by monitoring fluctuations in botnet size. With this approach, early-detection rates increased to more than 30.6% on average, with a low false negative rate (less than 6%) and an F-measure greater than 96%. This significant improvement in performance will contribute to preventing botnet propagation in its earliest stages.

Kwon, M., Jacobs, J. J., Cullinane, D., Ipsen, C. G., & Foley, J. (2012, March-April). Educating cyber professionals: A view from academia, the private sector, and government.  IEEE Security and Privacy, 10(2), 50-53. [Full text available to UMUC students / faculty in IEEE Computer Society Digital Library database].

How do we solve the workforce problem? Guest editor Mischel Kwon brought together a group of people from government, private-sector, and academic backgrounds to discuss the challenges in educating cyber professionals.

Lichtblau, E. (2012, March 31). Police are using phone tracking as a routine tool. New York Times. [Full text available to UMUC students / faculty in ProQuest Newspapers database].

Law enforcement tracking of cellphones, once the province mainly of federal agents, has become a powerful and widely used surveillance tool for local police officials, with hundreds of departments, large and small, often using it aggressively with little or no court oversight, documents show.

Liu, E., Stevens, G., Ruane, K. A., Dolan, A. M., Thompson, R. M. (2012, March 14). Cybersecurity: Selected legal issues [Congressional Research Service]. Retrieved from

The federal government’s role in protecting U.S. citizens and critical infrastructure from cyber attacks has been the subject of recent congressional interest. Critical infrastructure commonly refers to those entities that are so vital that their incapacitation or destruction would have a debilitating impact on national security, economic security, or the public health and safety. This report discusses selected legal issues that frequently arise in the context of recent legislation to address vulnerabilities of critical infrastructure to cyber threats, efforts to protect government networks from cyber threats, and proposals to facilitate and encourage sharing of cyber threat information amongst private sector and government entities. This report also discusses the degree to which federal law may preempt state law.

Maimut, D., & Ouafi, K. (2012, March-April). Lightweight cryptography for RFID tags. IEEE Security and Privacy, 10(2), 75-79. [Full text available to UMUC students /  faculty in IEEE Computer Society Digital Library database].

RFID tags pose privacy risks that have only been somewhat addressed. Achieving acceptable levels of security and privacy will require a combination of software and hardware solutions.

Morris, N. (2012, April 3). Backlash over plans to monitor all internet use. Independent. Retrieved from

Theresa May faced criticism from across the political spectrum and from civil liberties groups yesterday over her plans to give police and security services the power to monitor the email traffic and internet use of every person in Britain. [More from: The GuardianBBCNew York Times].

Ogun, M. N. (2012). Terrorist use of the internet: Possible suggestions to prevent the usage for terrorist purposes. Journal of Applied Security Research, 7(2), 203-217. doi:10.1080/19361610.2012.656252 [Full text can be requested by UMUC students / faculty from DocumentExpress.]

As new developments occur everyday in technology, terrorists are easily adjusting themselves to this change. In this new age of terrorism, terrorism is transnational, institutionalized, technologically advanced, and global. In this respect, today’s terrorist organizations are using the Internet for different purposes. The Internet has become the new and main source of communication in terms of disseminating propaganda for terrorist activities. Almost all terrorist organizations are exploiting the Internet for their terrorist purposes and broadcasting propaganda through their Web sites. This study is focused on the exploitation of Internet by terrorist organizations for their activities and as a case study interviews were conducted to find out the solutions to overcome terrorist networks in terms of terrorist use of Internet. Terrorism in general, Internet, and propaganda terms were studied and some solutions were proposed in terms of Internet usage of terrorist organizations.

Pratap, K. (2012, April 4).  Five steps compliance and security pros can take to get a better IT audit experience [Gartner]. [Full text available to UMUC students / faculty in Gartner database].

IT compliance managers, chief information security officers (CISOs) and IT risk managers, along with their teams, invest significant time and effort in the IT audit process. These teams are increasingly audited as a result of tighter compliance and industry-specific obligations that affect IT. More time spent on the audit and its preparation results in less time spent fulfilling primary responsibilities. Gartner inquiries and other client interactions have indicated a growing interest in IT audit preparation.

Rohlf, C., & Ivnitsky, Y. (2012, March-April). The security challenges of client-side just-in-time engines. IEEE Security and Privacy, 10(2), 75-79. [Full text available to UMUC students /  faculty in IEEE Computer Society Digital Library database].

Any added complexity in a software system will increase the possible program states, introducing a larger attack surface and the possibility of more exploitable flaws. JIT engines, however, alter the environment in which they execute in far more interesting ways, not only through implementation flaws but also by their fundamental operation modes.

Rosenbaum, R. (2012, April). Richard Clarke on who was behind the Stuxnet attack. Smithsonian. Retrieved from

The story Richard Clarke spins has all the suspense of a postmodern geopolitical thriller. The tale involves a ghostly cyberworm created to attack the nuclear centrifuges of a rogue nation—which then escapes from the target country, replicating itself in thousands of computers throughout the world. It may be lurking in yours right now. Harmlessly inactive…or awaiting further orders.

A great story, right? In fact, the world-changing “weaponized malware” computer worm called Stuxnet is very real. It seems to have been launched in mid-2009, done terrific damage to Iran’s nuclear program in 2010 and then spread to computers all over the world. Stuxnet may have averted a nuclear conflagration by diminishing Israel’s perception of a need for an imminent attack on Iran. And yet it might end up starting one someday soon, if its replications are manipulated maliciously. And at the heart of the story is a mystery: Who made and launched Stuxnet in the first place?

Richard Clarke tells me he knows the answer.

Shirley, B., Babu, L., & Mano, C. (2012). Bot detection evasion: a case study on local-host alert correlation bot detection methods. Security and Communications Networks [in press]. doi:10.1002/sec.401 [Full text can be requested by UMUC students / faculty from DocumentExpress.]

Botnets have continuously evolved since their inception as a malicious entity. Attackers come up with new botnet designs that exploit the weaknesses in existing defense mechanisms and continue to evade detection. It is necessary to analyze the weaknesses of existing defense mechanisms to find out the lacunae in them. This research exposes a weakness found in an existing bot detection method (BDM) by implementing a specialized P2P botnet model and carrying out experiments on it. Weaknesses that are found and validated can be used to predict the development path of botnets, and as a result, detection and mitigation measures can be implemented in a proactive fashion. The main contribution of this work is to demonstrate the exploitation pattern of an inherent weakness in local-host alert correlation (LHAC) based methods and to assert that current LHAC implementations could allow pockets of cooperative bots to hide in an enterprise size network. This work suggests that additional monitoring capabilities must be added to current LHAC-based methods in order for them to remain a viable bot detection mechanism.

Silver-Greenberg, J. (2012, April 1). After data breach, Visa removes a service provider. New York Times. [Full text available to UMUC students / faculty in ProQuest Newspapers database].

Visa removed Global Payments, an Atlanta company that helps the payment giant process transactions for merchants, from its list of “compliant service providers.”  A security breach at Global Payments reported on Friday was thought to have compromised up to three million credit card accounts. It is among a group of companies that act as the plumbing in the electronic transaction chain, authorizing millions of transactions a day. That makes the companies prime targets for data thieves looking to steal richly detailed financial information.

Sommestad, T., Holm, H., & Ekstedt, M. (2012). Estimates of success rates of remote arbitrary code execution attacks.  Information Management and Computer Security20(2). [Full text available to UMUC students / faculty in Emerald database].

Purpose: To identify the importance of the factors that influence the success rate of remote arbitrary code execution attacks. In other words, attacks which use software vulnerabilities to execute the attacker’s own code on targeted machines. Both attacks against servers and attacks against clients are studied.

Design/methodology/approach: The success rates of attacks are assessed for 24 scenarios: 16 scenarios for server-side attacks and 8 for client-side attacks. The assessment is made through domain experts and is synthesized using Cooke’s classical method, an established method for weighting experts’ judgments. The variables included in the study were selected based on the literature, a pilot study, and interviews with domain experts.

Findings: Depending on the scenario in question, the expected success rate varies between 15 and 67 percent for server-side attacks and between 43 and 67 percent for client-side attacks. Based on these scenarios, the influence of different protective measures is identified.

United States. Department of Homeland Security. Risk Self Assessment Tool (RSAT). Retrieved from,DanaInfo=.artcwvjm9–JxprNxqtuSx3CWyA.a8FN,SSO=U+

The Risk Self Assessment Tool (RSAT) is a secure, Web-based application designed to assist managers of commercial facilities with the identification and management of security vulnerabilities to reduce risk to their facilities. The RSAT application was developed in partnership with the Department of Homeland Security (DHS) Office of Infrastructure Protection’s Sector Specific Agency Executive Management Office and the Infrastructure Information Collection Division.   The RSAT application uses facility input in combination with threat and consequence estimates to conduct a comprehensive risk assessment and provides users with options for consideration on improving the security posture of their facility.

Workman, M. (2012). Validation of biases model in strategic security decision-making. Information Management and Computer Security20(2). [Full text available to UMUC students / faculty in Emerald database].

Funding agencies such as the Office of Naval Research, Department of Homeland Security, and others, have
reduced funding for non-tactical operations. Simultaneously, organizations are squeezing their overhead budgets (where security initiatives fall) and are focusing more on revenue generation given current economic climates. Thus in both governmental sectors and in commercial settings, there are reasons to believe that strategic security initiatives are being sacrificed, and those that survive must be compelling. To assist organizational leaders with these difficult choices, it is critical to understand biases that affect decisions about strategic security initiatives. Our research validates and empirically tests the predictability of a theoretical model, from which implications can be made for research and practice.