Anonymous ‘FFF’ Attack Schedule

Oh, for crying out loud.  Why don’t these guys just go away?   According to Wired, Anonymous is giving itself a weekly deadline now, a new attack every Friday.  How entertaining.  Following the Tuesday compromise of tear gas maker Combined Systems’ website, Antisec attacked a Federal Trade Commission webserver which hosts 3 FTC websites.  They claim this hack was in opposition of the controversial international ACTA copyright treaty, widely protested around the world for its potential impact on freedom of expression.

Those responsible for this week’s attacks spoke with Wired, and claimed that the attacks renewed a promise, previously noted in the defacement of CSI, and reiterated on the FTC websites, “every Friday will bring a new attack against government and corporate sites under the theme of #FFF” (‘F’ the Feds Friday).

They’ve decided try to balance between protest defacements like these two most recent ones, and posting material that can damage firms and agencies.   Jerry Irvine of the National Cyber Security Task Force told the New York Times last week that attacks would become more frequent, describing the collective as “unstoppable,” because of the poor state of online security.

Advertisements

Data Breaches, Vulnerabilities Down In 2010

2010 has been a tough year for businesses all ’round, but according to the DataLoss Database, events involving the loss, theft, or exposure of personally identifiable information are down this year.  I’m quite surprised, and will have to look into why the numbers are down, but the amount of noise is certainly way, way up.  A link heavy post, but you always get what you pay for here…

So far, DL-DB states that we have had 363 breaches recorded in 2010, compared to 604 last year, and 787 in 2008.  Of course the high profile Wikileaks issues, and the follow-on repercussions of that unfortunate event, do not appear to be represented in this data-set.  OSF-DataLoss-DB

On the vulnerability side of the security equation, NIST’s Common Vulnerability Enumeration database reports that to date there are are 4,430 CVE records on the books for 2010, with roughly 3 weeks left to go.  1,995 of those CVE records were rated high risk by base score.  Microsoft plans to add about 40 more, and Adobe is expected to add a few more as well.  For comparison, 5,753 in 2009 with 2720 rated high.  NIST-CVE

Recent Incidents:

Continue reading

‘Chinese Whispers’ Documentary Illuminates Espionage

ABC.Net.AU’s Four Corners program aired an investigation on April 19th in which it claims that the IT systems of 3 major mining operations; Rio Tinto, BHP Billiton and Fortescue Metals were all attacked and compromised from locations inside corporate China in the lead up to the sentencing of former Rio Tinto mining executive, Stern Hu for spying and accepting bribes.

In a documentary entitled ‘Chinese Whispers‘, sources from within all 3 mining companies claim their IT systems were targeted and hacked with the intent of espionage.  All 3 companies claimed to have upgraded IT security in response to these attacks.  Rio Tinto discovered that an intruder had launched an attack impacting Rio’s Perth office, forcing it to bring its Singapore office offline for 3 days “to upgrade security”.  Fortescue had reportedly uncovered “sophisticated, targeted” attacks on key employees, resulting in a “serious IT security upgrade” and a new set of  travel policies for employees.  Executives travelling to China are told to remove their Blackberry batteries to prevent interception, encrypt all communications, and not take laptops with sensitive data into the country.

The program was unable to pinpoint where in China the alleged attacks came from, and had no hard evidence directly implicating the Chinese State.

ChineseWhispers

SC Magazine has a detailed write-up  SC

Kids Hack The Darndest Things…

SC Magazine is reporting that a survey has found that one in four schoolchildren have attempted some level of hacking.  Despite 78% agreeing that it is wrong, a quarter have tried to surreptitiously use a victims’ password, with almost half saying that they were doing it ‘for fun’.  Whatever happened to just catching squirrels in a cardboard box, building a tree fort, or pulling the legs off spiders?   21% had aimed to cause disruption and 20% thought they could generate an income from the activity.  5% said that they would consider it as a career move.  One thing that the article seems to neglect is the actual ages of the kids surveyed.  “Schoolchildren” could mean K-12, spanning 4 – 17 years (older if they were so clever that they did a couple years over ’cause working sux).  Wonder how they look in orange…

SC