April 20, 2012

Abeyratne, R. (2012). Cyber terrorism and aviation – national and international responses. Journal of Transportation Security, 4(4), 337-349. doi:10.1007/s12198-011-0074-3  [Full text can be requested by UMUC students / faculty from DocumentExpress.]

This article contains an analysis of what cyber crimes are as against cyber terrorism, measures taken to counter the threat along with a legal analysis of the threat as it affects aviation and addresses several issues, including a discussion on some national efforts at curbing the problem in some prominent jurisdictions.

Baumgartner, K. (2012, April 19). OS X mass exploitation – why now? SecureList. Retrieved from https://www.securelist.com/en/blog/208193490/OS_X_Mass_Exploitation_Why_Now

Market share! It’s an easy answer, but not the only one.

In 2011, Apple was estimated to account for over 5% of worldwide desktop/laptop market share. This barrier was a significant one to break – Linux maintains under 2% market share and Google ChromeOS even less. This 15 year peak coincided with the first exploration by the aggressive FakeAv/Rogueware market targeting Apple computers, which we discovered and posted in April 2011 and later in May 2011, which no longer seem to be such an odd coincidence. Also, the delay in Apple malware until now most likely was not because Apple exploits were unavailable, or because the Mac OS X system is especially hardened. The 2007 “Month of Apple Bugs” demonstrated that the Mac OS X and supporting code is full of exploitable flaws. Safari, Quicktime, and other software on Apple devices is regularly exploited during pwnage contests, but widespread cybercrime attention hadn’t caught on until this past year. [Also on SecureList this week: Spam campaign on Twitter leads to rogue AV.]

Dwyer, J. (2012, April 18). Using his software skills with freedom, not a big payout, in mind. New York Times. [Full text available to UMUC students / faculty in ProQuest Newspapers database.]

Nadim Kobeissi, master hacker, summoned for interrogation multiple times as a teenager by cyber-intelligence authorities in Beirut, Lebanon, sat in the backyard of a restaurant in Brooklyn, astounded that he was being treated to lunch.  “Please,” he protested, “you shouldn’t pay for my omelet.”

Mr. Kobeissi, 21, now a college student in Montreal, spent the weekend in New York City with elders of his tribe, software code writers who have ambitions that do not involve making suitcases of money off clever applications for sharing photographs online.

This group was building a project called Cryptocat, which has a simple, countercultural goal: people should be able to talk on the Internet without being subjected to commercial or government surveillance.

Ghani, H., Khelil, A., Suri, N., Csertán, G., Gönczy, L., & Urbanics, G. (2012). Assessing the security of internet-connected critical infrastructures. Security and Communications Networks [in press]. doi:10.1002/sec.399  [Full text can be requested by UMUC students / faculty from DocumentExpress.]

Because the Internet of Things (IoT) pervasively extends to all facets of life, the “things” are increasingly extending to include the interconnection of the Internet to critical infrastructures (CIs) such as telecommunication, power grid, transportation, e-commerce systems, and others. The objective of this paper is twofold: (i) addressing IoT from a CI protection (CIP) and connectivity viewpoint, and (ii) highlighting the need for security quantification to improve the quality of protection (QoP) of CIs. Using a financial infrastructure as an example, a CIP and trust quantification perspective is built up. To this end, we are developing a novel security metrics-based approach to assess and thereon enhance the CIP. We focus on the communication level of the CI where IoT is playing an increasingly important role with respect to sensing and communication across CI elements. Determining the security and dependability level of the communication over the CI constitutes a basic precondition for assessing the QoP of the whole CI, which is needed for any efforts to improve this QoP. Because metrics play a central role for such quantification, this paper develops their QoP use from an IoT perspective, and a reference implementation along with experimental results is presented.

Guess, M. (2012, April 19). Accused Estonian fraudster extradited to the US appears in federal court. Ars Technica. Retrieved from http://arstechnica.com/business/news/2012/04/estonian-fraudster-extradited-to-the-us-appeared-in-manhattan-court.ars

An Estonian man has been extradited to New York to face charges he was part of a hacking gang that infected more than 4 million computers with malware as part of a massive click-fraud scheme.

Haimes, Y. V., & Chittister, C. C. (2012). Risk to cyberinfrastructure systems served by cloud computing technology as systems of systems. Systems Engineering [in press]. doi:10.1002/sys.20204 [Full text can be requested by UMUC students / faculty from DocumentExpress].

Building on systems-based philosophy, theory, methodology, and practice, the challenges associated with modeling, assessing, managing, and communicating the multidimensional risk to cyberinfrastructure systems (CIS) serviced by cloud computing technology (CCT) as systems of systems (SoS) are explored. The article raises concerns about the euphoria in the literature about CCT and stresses the importance of understanding the complex process of modeling, assessing, managing, and communicating the risks associated with CIS-CCT. Several themes are highlighted: the theory of scenario structuring; the epistemology of the states of the CIS-CCT systems; the role of systems integration in CIS-CCT; the risk to CIS-CCT from malicious insiders’ intrusion; the complex definition and quantification of the risk function associated with CIS-CCT systems; and modeling the multiple perspectives of CIS-CCT, focusing on hierarchical holographic modeling (HHM) and phantom system models (PSM). The paper concludes with an epilogue and list of references.

Johnson, N. B. (2012, April 18). House committees approve 2 cybersecurity bills. Federal Times.  Retrieved from http://www.federaltimes.com/article/20120418/CONGRESS01/204180305/1035/IT01

Two cybersecurity bills were approved by House committees on Wednesday. Those bills — as well as a third cybersecurity bill — are expected to be considered on the House floor as soon as next week.  The House Oversight and Government Reform Committee passed HR 4257, the 2012 Federal Information Security Amendments Act, which would require agencies to continuously monitor the security of federal information systems. The bill would also require agencies to appoint a chief information security officer or senior official to oversee information security programs and enforce compliance.

Johnson, S. (2012, April 16). Bay area companies team up with feds to fight cyber crime. San Jose Mercury News. Retrieved from http://www.mercurynews.com/breaking-news/ci_20402483/bay-area-companies-team-up-feds-fight-cyber

Warning that this country is threatened by potentially devastating cyberattacks, America’s national security community is rushing to recruit the Bay Area’s private sector to counter the assaults.  On Monday, in a sign these concerns are shared at the highest levels of the Obama administration, Homeland Security Secretary Janet Napolitano will make a personal pitch for help to tech companies in San Jose. And Congress is mulling several bills to encourage government and business to share intelligence about the computerized threats.

Kravets, D. (2012, April 16). Contradicting a federal judge, FCC clears Google in wifi sniffing debacle. Wired. Retrieved from http://www.wired.com/threatlevel/2012/04/fcc-clears-google/

The Federal Communications Commission is clearing Google of wrongdoing in connection to it secretly intercepting Americans’ data on unencrypted Wi-Fi routers.

Krebs, B. (2012, April 16). Microsoft responds to critics over botnet bruhaha. Krebs on Security. Retrieved from https://krebsonsecurity.com/2012/04/microsoft-responds-to-critics-over-botnet-bruhaha/#more-14661

Given the strong feelings that Microsoft’s actions have engendered in the Fox IT folks and among the larger security community, I reached out to Richard Boscovich, a former U.S. Justice Department lawyer who was one of the key architects of Microsoft’s legal initiative against ZeuS. One complaint I heard from several researchers who believed that Microsoft used and published data they uncovered was that the company kept the operation from nearly everyone. I asked Boscovich how this operation was different from previous actions against botnets such as Rustock and Waledac. [Also this week, Krebs on smart meter hacking.]

Lee, S., Lee, K., Park, J. H., & Lee, S. (2012). An on-site digital investigation methodology for data leak case. Security and Communications Networks [in press]. doi:10.1002/sec.405  [Full text can be requested by UMUC students / faculty from DocumentExpress].

The ever growing storage device capacity poses a severe limit to the standard digital forensics collection procedures based on duplicating the original storage device by creating a bit-by-bit copy. Such a traditional procedure is followed, even if the goal of the investigation is to find a limited quantity of digital objects to support or refute an investigative hypothesis related to a precise case category. Therefore, in this paper, we propose a new methodology to deal with data leak cases, by applying an intelligent collection paradigm, a fast analysis approach that reduces investigation time.

Lennon, M. (2012, April 18). Researchers discover new malware targeting hotel POS systems. SecurityWeek. Retrieved from https://www.securityweek.com/researchers-discover-new-malware-targeting-hotel-pos-systems

Security researchers from Trusteer have shared details on a recently discovered Remote Access Trojan (RAT) attack designed to steal credit card details from hotel point of sale computer systems.

Targeting the hospitality industry has its benefits, as a successful infection could yield information on many individuals, making it much more lucrative for the attackers over a typical infection of a personal system, which Trusteer says typically exposes 1-2 accounts. [Also from SecurityWeek this week: Antisec targets Michigan law enforcementSabPub malware linked to LuckyCat attacks.]

Mills, E. (2012, April 2o). Crime and punishment: Harsh fate for accused LulzSec hackers? CNET. Retrieved from http://news.cnet.com/8301-1009_3-57417442-83/crime-and-punishment-harsh-fate-for-accused-lulzsec-hackers

The Anonymous defendants arrested last month for allegedly breaking into corporate networks, stealing data, and defacing Web sites as part of LulzSec are likely to have an extended vacation at Club Fed, experts say.  With well-known victims like Sony, Fox Broadcasting, and the FBI, prosecutors will want to make examples of those arrested in the Anonymous-related hacking cases in the hopes that it will send a message to others.

“I believe they will (get harsh treatment),” Michael Bachmann, assistant professor of criminal justice at Texas Christian University, told CNET in a recent interview. [Also from CNET this week: CISPA bill ‘not being rushed through’Can the U.S. prevent a digital sneak attack?]

Raza, S., Duquennoy, S., Höglund, J., Roedig, U., & Voigt, T. (2012). Secure communication for the internet of things – a comparison of link-layer security and IPsec for 6LoWPAN. Security and Communications Networks [in press]. doi:10.1002/sec.406  [Full text can be requested by UMUC students / faculty from DocumentExpress.]

The future Internet is an IPv6 network interconnecting traditional computers and a large number of smart objects. This Internet of Things (IoT) will be the foundation of many services and our daily life will depend on its availability and reliable operation. Therefore, among many other issues, the challenge of implementing secure communication in the IoT must be addressed. In the traditional Internet, IPsec is the established and tested way of securing networks. It is therefore reasonable to explore the option of using IPsec as a security mechanism for the IoT. 

Rockwell, M. (2012, April 13). Cyber attacks against financial services firms skyrocket, study says. Government Security News. Retrieved from http://www.gsnmagazine.com/node/26106

Cyber attacks against banks and financial services firms have gone into hyperdrive, according to a report by a security services firm that specializes in defending against Distributed Denial of Services (DDOS) attacks.

The security company, Prolexic, said its security engineering and response team logged three times the number of attacks against its financial services clients during the first quarter of 2012 compared to the fourth quarter of 2011, as well as a 3,000 percent increase in malicious packet traffic. The company said on April 11 that it had also mitigated more attack traffic in the current quarter than it did during all of 2011. [Also from GSN this week: Man linked to Anonymous charged with hacking Utah police websites.]

Smartgrid cybersecurity not keeping pace with deployment, survey finds. (2012, April 18). InfoSecurity. Retrieved from http://www.infosecurity-magazine.com/view/25245/smart-grid-cybersecurity-not-keeping-pace-with-deployment-survey-finds/

Three-quarters of energy security professionals believe cybersecurity has not been adequately addressed in smart grid deployment, according to a survey by EnergySec and nCircle.

Also, 72% of energy security professionals believe smart grid cybersecurity standards are not adequate, and 61% believe that smart meters do not have sufficient security controls to protect against false data injection, according to a survey of 104 security professionals conducted in March. [Also in InfoSecurity this week: Google warns 20K webmasters about malicious redirectsNitol DDoS botnet traced to ChinaFake LinkedIn invitations deliver malware.]

[UPCOMING WEBCAST] Sophos. (2012, April 26). 3 steps to securing private data in the public cloud. Free registration at http://goo.gl/KKEOA

It’s estimated that more than 50 million people have used public cloud storage services such as Dropbox to share and exchange files. These services make it easy to share and store data but they also create a new security challenge that often clash with existing IT data policies. We’ll discuss:

  • The security challenges of storing data in the cloud
  • Limitations of a digital “do-it-yourself” approach
  • Three simple steps to protecting data in the cloud

Takahashi, D., Xiao, Y., & Meng, K. (2012). Virtual flow-net for accountability and forensics of computer and network systems. Security and Communications Networks [in press]. doi:10.1002/sec.407  [Full text can be requested by UMUC students / faculty from DocumentExpress].

Information/secret leaking cannot always be recorded in digital log files. In other words, in log files, not all information/events are recorded, and it is thus impossible to trace the paths of secret leaking on the basis of log files alone. In this paper, to resolve the difficulty of the lack of information, we utilize user–relationship graphs, or social networks, to compensate for the required information. We also utilize a probabilistic analysis to build virtual links to follow information flows. User–relationship graphs are constructed from several flow-net data structures over a longer period so that we can avoid missing embedded threats such as hostile codes. We call this approach virtual flow-net.

United States. Department of Education. (2012, April 19). U.S. Department of Education releases blueprint to transform career and technical education [press release]. Retrieved from https://www.ed.gov/news/press-releases/us-department-education-releases-blueprint-transform-career-and-technical-educat

Today U.S. Secretary of Education Arne Duncan will visit the Des Moines Area Community College in Ankeny, Iowa, to release the Obama Administration’s blueprint for transforming Career and Technical Education (CTE), by reauthorizing the Carl D. Perkins Career and Technical Education Act of 2006. Secretary Duncan will hold a town hall to discuss how the Administration’s plan will ensure the education system provides high-quality job-training opportunities that reduce skill shortages, spur business growth, encourage new investment and hires, and spark innovation and economic growth.

Villenueve, N. (2012, April 20). Fake Skype encryption software cloaks DarkComet trojan. TrendMicro Malware Blog. Retrieved from http://blog.trendmicro.com/fake-skype-encryption-software-cloaks-darkcomet-trojan/

As the conflict in Syria persists, the Internet continues to play an interesting role. As we reported in a previous post, there have been targeted attacks against Syrian opposition supporters. With activists’ continued use of social media, it is not surprising to read reports of targeted phishing attempts to steal Facebook and YouTube credentials. A CNN report also revealed that a malware was being propagated through Skype, which brings us to another Skype-themed attack that we have uncovered. [Also from TrendMicro this week: Rogue Instagram site spreading malwareQ1 threats go mobileMore Tibetan-themed targeted attack ads.]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: