Chu, H., Park, S., & Park, J. (2012). A partially reconstructed previous Gmail session by live digital evidences investigation through volatile data acquisition. Security and Communications Networks [in press]. doi:10.1002/sec.511 [Full text can be requested by UMUC students / faculty from DocumentExpress.]
The essence of this paper is to illustrate live data acquisition within the random access memory of a notebook trying to utilize the collected digital evidences in order to partially reconstruct previous Gmail session, which could be probative digital evidence in a court of law. The proposed framework is essentially crucial for the investigation of certain related cybercrimes on the basis of the digital breadcrumb trails being professionally disclosed and appropriately handled. Without loss of generality, the volatile data would vanish forever when the power of the computing devices is no longer sustainable. This research pinpoints the imminent threat of IT savvy cyber criminals and the corresponding counter procedures used to crack criminal cases if web-based e-mail utilities are essentially involved. This paper is focused on the prevalent e-mail utility, Gmail, as the research subject. At last, live digital evidence acquisition must be accurately fulfilled before the seizure of the computing devices in the crime scene to avoid irreversible investigation procedures which mean the digital evidences could be deleted, resulting in the loss of probative evidence.
Hadžiosmanović, D., Bolzoni, D., & Hartel, P.H. (2012). A log mining approach for process monitoring in SCADA. International Journal of Information Security [in press]. Retrieved from http://eprints.eemcs.utwente.nl/21714/01/ALogMiningApproachforSCADA.pdf
SCADA (Supervisory Control and Data Acquisition) systems are used for controlling and monitoring industrial processes. We propose a methodology to systematically identify potential process-related threats in SCADA. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which are intended to disrupt the SCADA process. To detect such threats, we propose a semi-automated approach of log processing. We conduct experiments on a real-life water treatment facility. A preliminary case study suggests that our approach is effective in detecting anomalous events that might alter the regular process workflow.
Everett, B. (2012, April 27). The encryption conundrum. Network Security, 2012(4), 15-18. [Full text available to UMUC students / faculty in ScienceDirect database.]
With the rise of network-centric trends such as cloud computing and an increase in mobile device usage, the planet’s data networks are increasingly prime targets for cyber-criminals. The number one threat is still cyber-criminals hacking or using malware to steal data from servers. Hacking alone appears in 89% of all incidents, according to the influential Data Breach Investigation Report 2011 (DBIR), a study conducted by the Verizon RISK Team with co-operation from the US Secret Service and the Dutch High Tech Crime Unit. Over the past seven years, the DBIR series has compiled detailed data on over 1,700 IT security breaches spanning over 900 million compromised records.
Gallagher, R. (2012, April 30). Your Eurovision Song Contest vote may be monitored: Mass surveillance in former Soviet states. Slate. Retrieved from http://goo.gl/xiyJl
Western firms that sold dictatorships in the Middle East mass-surveillance technology have been subject to intense scrutiny over the past year. But now a new exposé by journalists in Sweden has shed light on how the same tools are being used closer to home—in ex-Soviet republics across Europe and Central Asia, whose leaders were seemingly shaken by the revolutions of the Arab Spring.
Last week an investigative documentary shown on Swedish public service broadcaster SVT revealed in fascinating depth the extent to which Stockholm-based telecommunications firm Teliasonera is linked to spy agencies in Azerbaijan, Kazakhstan, Uzbekistan, Tajikistan, and Georgia, facilitating crackdowns on dissident politicians and independent journalists.
Citing a multitude of sources—including official government documents and whistle-blower testimony—SVT’s reporters documented how companies owned by Teliasonera had allowed “black box” probes to be fitted within their telecommunications networks. The black boxes allow security services and police to monitor, in real-time and without any judicial oversight, all communications passing through, including texts, Internet traffic and phone calls. (Similar so-called “monitoring centers” were set up in Muammar Gaddafi’s Libya and Bashar al-Assad’s Syria with the help of European companies.)
Gallagher, S. (2012, April 30). Flashback bots search Twitter for controllers, hit Snow Leopard hardest. Ars Technica. Retrieved from http://arstechnica.com/apple/news/2012/04/flashback-bots-search-twitter-for-controllers-hit-snow-leopard-hardest.ars
Malware investigators for the Russian antivirus company Dr. Web report that the latest version of Flashback, the backdoor malware targeting Macs through a Java exploit, is using Twitter as a backup command and control network.
Dr. Web was the first to report on the rapidly growing Flashback botnet—the largest recorded malware attack ever focused on Macs. In an analysis of current variants of the malware, Dr. Web’s team found that the Trojan software installed through the Java exploit is initially configured with a list of servers through which it can receive additional commands and configuration updates. If the malware doesn’t get a correct response from one of the control servers in its own internal generated list, it will search Twitter for posts containing a string of text generated from the current date, and look for a control server address embedded in the posts.
Gong, T., & Bhargava, B. (2012). Immunizing mobile ad hoc networks against collaborative attacks using cooperative immune model. Security and Communications Networks [in press]. doi:10.1002/sec.530 [Full text can be requested by UMUC students / faculty from DocumentExpress.]
In this paper, a security problem of cooperative immunization against collaborative attacks such as blackhole attacks and wormhole attacks, in the mobile ad hoc networks such as the Worldwide Interoperability for Microwave Access (WiMAX) networks, was discussed. Because of the vulnerabilities of the protocol suites, collaborative attacks in the mobile ad hoc networks can cause more damages than individual attacks. In human immune system, nonselfs (i.e., viruses, bacteria and cancers etc.) can attack human body in a collaborative way and cause diseases in the human body. With the inspiration from the human immune system, a tri-tier cooperative immune model was built to detect and eliminate the collaborative attacks (i.e., nonselfs) in the mobile ad hoc networks. ARM-based Network Simulator (NS2) tests and probability analysis were utilized in the prototype for immune model to analyze and detect the attacks. Experimental results demonstrate the validation and effectiveness of the model proposed by minimizing the collaborative attacks and immunizing the mobile ad hoc networks.
Goodin, D. (2012, April 28). Backdoor that threatens power stations to be purged from control system. Ars Technica. Retrieved from http://arstechnica.com/business/news/2012/04/backdoor-that-threated-power-stations-to-be-purged-from-control-system.ars
Mission-critical routers used to control electric substations and other critical infrastructure are being updated to remove a previously undocumented backdoor that could allow vandals to hijack the devices, manufacturer RuggedCom said late Friday.
The announcement by the Ontario, Canada-based company comes two days after Ars reported that the company’s entire line of devices running its Rugged Operating System contained a backdoor with an easily determined password. The backdoor, which can’t be disabled, had not been publicly acknowledged by the company until now, leaving the power utilities, military facilities, and municipal traffic departments using the industrial-strength gear vulnerable to sabotage that could affect the safety of huge populations of people.
Also from Dan Goodin this week in Ars Technica: Release of exploit code puts Oracle database users at risk of attack, Malicious apps hosted in Google store turn Android phones into zombies.
Hopkins, N. (2012, May 3). Hackers have breached top secret MoD systems, cyber-security chief admits. Guardian. Retrieved from http://www.guardian.co.uk/technology/2012/may/03/hackers-breached-secret-mod-systems
Computer hackers have managed to breach some of the top secret systems within the [British] Ministry of Defence, the military’s head of cyber-security has revealed. Major General Jonathan Shaw told the Guardian the number of successful attacks was hard to quantify but they had added urgency to efforts to beef up protection around the MoD’s networks.
“The number of serious incidents is quite small, but it is there,” he said. “And those are the ones we know about. The likelihood is there are problems in there we don’t know about.”
Kerr, D. (2012, May 1). Mozilla is first major tech company to denounce CISPA. CNet. Retrieved from http://news.cnet.com/8301-1009_3-57425719-83/mozilla-is-first-major-tech-company-to-denounce-cispa/
Despite big name tech companies — such as Facebook, Microsoft, and Oracle — supporting the controversial Internet surveillance bill that passed in the House last week, Mozilla has come out against the legislation.
“While we wholeheartedly support a more secure Internet, CISPA has a broad and alarming reach that goes far beyond Internet security,” the tech company wrote to Forbes reporter Andy Greenberg. “The bill infringes on our privacy, includes vague definitions of cybersecurity, and grants immunities to companies and government that are too broad around information misuse.”
Kushner, D. (2012, May 7). Machine politics: The man who started the hacker wars. New Yorker. Retrieved from http://www.newyorker.com/reporting/2012/05/07/120507fa_fact_kushner?currentPage=all
In the summer of 2007, Apple released the iPhone, in an exclusive partnership with A.T. & T. George Hotz, a seventeen-year-old from Glen Rock, New Jersey, was a T-Mobile subscriber. He wanted an iPhone, but he also wanted to make calls using his existing network, so he decided to hack the phone.
Every hack poses the same basic challenge: how to make something function in a way for which it wasn’t designed. In one respect, hacking is an act of hypnosis. As Hotz describes it, the secret is to figure out how to speak to the device, then persuade it to obey your wishes. After weeks of research with other hackers online, Hotz realized that, if he could make a chip inside the phone think it had been erased, it was “like talking to a baby, and it’s really easy to persuade a baby.”
McCullagh, D. (2012, April 27). Microsoft backs away from CISPA, citing privacy. CNET. Retrieved from http://news.cnet.com/8301-33062_3-57423580/microsoft-backs-away-from-cispa-support-citing-privacy/
Microsoft is no longer as enthusiastic about a controversial cybersecurity bill that would allow Internet and telecommunications companies to divulge confidential customer information to the National Security Agency.
The U.S. House of Representatives approved CISPA by a 248 to 168 margin yesterday in spite of a presidential veto threat andwarnings from some House members that the measure represented “Big Brother writ large.” (See CNET’s CISPA FAQ.)
In response to queries from CNET, Microsoft, which has long been viewed as a supporter of the Cyber Intelligence Sharing and Protection Act, said this evening that any law must allow “us to honor the privacy and security promises we make to our customers.”
Reaves, B., & Morris, T. (2012). An open virtual testbed for industrial control system security research. International Journal of Information Security [in press]. doi:10.1007/s10207-012-0164-7 [Full text can be requested by UMUC students / faculty from DocumentExpress.]
Industrial control system security has been a topic of scrutiny and research for several years, and many security issues are well known. However, research efforts are impeded by a lack of an open virtual industrial control system testbed for security research. This paper describes a virtual testbed framework using Python to create discrete testbed components including virtual devices and process simulators. The virtual testbed is designed such that the testbeds are inter-operable with real industrial control system devices and such that the virtual testbeds can provide comparable industrial control system network behavior to a laboratory testbed. Two virtual testbeds modeled upon actual laboratory testbeds have been developed and have been shown to be inter-operable with real industrial control system equipment and vulnerable to attacks in the same manner as a real system. Additionally, these testbeds have been quantitatively shown to produce traffic close to laboratory systems.
Reese, S. (2012, April 3). Defining homeland security: Analysis and congressional considerations [Congressional Research Service]. Retrieved from https://www.fas.org/sgp/crs/homesec/R42462.pdf
Ten years after the September 11, 2001, terrorist attacks, the U.S. government does not have a single definition for “homeland security.” Currently, different strategic documents and mission statements offer varying missions that are derived from different homeland security definitions. Historically, the strategic documents framing national homeland security policy have included
national strategies produced by the White House and documents developed by the Department of Homeland Security (DHS). Prior to the 2010 National Security Strategy, the 2002 and 2007 National Strategies for Homeland Security were the guiding documents produced by the White House. In 2011, the White House issued the National Strategy for Counterterrorism.
This report discusses the evolution of national and DHS-specific homeland security strategic documents and their homeland security definitions and missions, and analyzes the policy question of how varied homeland security definitions and missions may affect the development of national homeland security strategy. This report, however, does not examine DHS implementation of strategy.
Robertson, B. (2012, April 17). Virtualization: Security’s last frontier. Network Security, 2012(4), 12-15. [Full text available to UMUC students / faculty in ScienceDirect database.]
Server virtualisation offers the promise of delivering irresistible benefits, including the consolidation of several autonomous servers into a single virtualised environment, the ability to scale the performance of servers as the business grows, the flexibility to quickly adapt to changing business needs and the capability to deliver automation that will keep applications running at peak performance. However, virtualising the server infrastructure is only a small component of deploying an efficient and cost effective datacentre.
Many organisations have adopted server virtualisation because of the business benefits it offers. However, key areas of the next-generation datacentre have been overlooked, specifically in the area of network security infrastructure.
In order to realise the full potential of the virtualised server architecture, the supporting infrastructure must deliver the same consolidation, scale, adaptability and automation benefits. Transitioning to a virtualised security infrastructure in co-ordination with virtualised servers can properly align the supporting security, explains Brian Robertson of Crossbeam Systems.
Streitfield, D. (2012, April 30). Google engineer told others of data collection, full version of FCC report finds. New York Times. [Full text available to UMUC students / faculty in ProQuest Newspapers database.]
Google’s harvesting of e-mails, passwords and other sensitive personal information from unsuspecting households in the United States and around the world was neither a mistake nor the work of a rogue engineer, as the company long maintained, but a program that supervisors knew about, according to new details from the full text of a regulatory report.
Symantec. (2012, April). Internet security threat report: 2011 trends. Retrieved from http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_2011_21239364.en-us.pdf
Symantec has established some of the most comprehensive sources of Internet threat data in the world through the Symantec Global Intelligence Network, which is made up of more than 64.6 million attack sensors and records thousands of events per second. This network monitors attack activity in more than 200 countries and territories through a combination of Symantec products and services such as Symantec DeepSight Threat Management System, Symantec Managed Security Services and Norton consumer products, and other third-party data sources.
These resources give Symantec’s analysts unparalleled sources of data with which to identify, analyze, and provide informed commentary on emerging trends in attacks, malicious code activity, phishing, and spam. The result is the annual Symantec Internet Security Threat Report, which gives enterprises and consumers the essential information to secure their systems effectively now and into the future. [Related article from threatpost: Five shocking statistics from the latest internet threat report].
Trustworthy Internet Movement. SSL pulse. Retrieved from https://www.trustworthyinternet.org/ssl-pulse/
Today we introduce SSL Pulse, a continuously updated dashboard that is designed to show the state of the SSL ecosystem at a glance. While it is possible today to deploy SSL and to deploy it well, the process is difficult: the default settings are wrong, the documentation is lacking, and the diagnostic tools are inadequate. For these reasons, we cannot say that the Web is yet secure, but we hope that someday it will be. The purpose of SSL Pulse is to bring visibility to SSL implementation issues on the Web, and while businesses are starting to fix these issues we can keep track of progress made towards making SSL more robust and widely adopted on the Internet.
Related article from threatpost: Survey finds secure sites not so secure.
United States. Congress. House. Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies. (2012, April 26). Joint subcommittee hearing: Iranian cyber threat to the U.S. homeland. Retrieved from http://homeland.house.gov/hearing/joint-subcommittee-hearing-iranian-cyber-threat-us-homeland .
On Thursday, April 26, 2012 the Committee on Homeland Security’s Subcommittee on Counterterrorism and Intelligence and the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies held a joint hearing entitled “Iranian Cyber Threat to the U.S. Homeland.”
Related article from Government Security News: Iranian cyber threat looms, but is diffuse, says expert panel.
United States. Navy. (2012, April 4). OPNAV instruction 5450. 345. Retrieved from http://cryptome.org/dodi/opnav-5450-345.pdf
[Publishes] the authorities delegated to Commander, U.S. Fleet Cyber Command and Commander, U.S. Tenth Fleet and the functions and tasks of U.S. Fleet Cyber Command and U.S. Tenth Fleet.
CALLS FOR PAPERS
ACM Cloud Computing Security Workshop [Raleigh, NC, Oct. 19, 2012 – submissions due July 16]
7th ACM Workshop on Scalable Trusted Computing [Raleigh, NC, Oct. 19, 2012 – submissions due July 16]
IEEE Internet Computing, Track articles on computer crime [Open, deadline July 15, 2012]