Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Crime Security IT Your Rights Online

Targeted Attacks Focus On Economic Cyberterrorism 73

Posted by samzenpus
from the serious-gold-farmers dept.
Orome1 writes "When it comes to dangerous Web threats, the only constant is change and gone are the days of predictable attack vectors. Instead, modern blended threats such as Aurora, Stuxnet, and Zeus infiltrate organizations through a variety of coordinated tactics, usually a combination of two or more. Phishing, compromised websites, and social networking are carefully coordinated to steal confidential data, because in the world of cybercrime, content equals cash. And, as a new Websense report illustrates, the latest tactics have now moved to a political and nationalistic stage. Cybercriminals and their blended attacks are having a field day taking advantage of security gaps left open by legacy technologies like firewalls, anti-virus, and simple URL blockers."
This discussion has been archived. No new comments can be posted.

Targeted Attacks Focus On Economic Cyberterrorism

Comments Filter:
  • "Legacy"? (Score:5, Insightful)

    by girlintraining (1395911) on Wednesday November 10, 2010 @01:34PM (#34188572)

    Cybercriminals and their blended attacks are having a field day taking advantage of security gaps left open by legacy technologies like firewalls, anti-virus, and simple URL blockers."

    Calling something legacy implies that there's something better to replace those technologies with. Those technologies have not been replaced by some revolutionary new technology that does all that and holds your d--- while you piss too. And they were never intended to be a pancea -- they are intended to augment information security, not act as a substitute for it.

    • but you missed the point!
      IT'S SCARY!
      AND WE SHOULD GIVE SOMEONE MONEY TO FIX THE PROBLEM!

      I'm sure if we get scared enough and give enough money to companies which promise to make the problem go away then we'll be fine.
      if not then we just have to get scared enough and give enough money to government agencies which promise to make the problem go away.

      I'd say that if security is a big issue on a given system then white-listing is vastly more secure than the blacklisting that is anti-viruses, it's a massive pain

      • by girlintraining (1395911) on Wednesday November 10, 2010 @01:48PM (#34188722)

        but you missed the point!
        IT'S SCARY!
        AND WE SHOULD GIVE SOMEONE MONEY TO FIX THE PROBLEM!

        I'm surprised you can get internet out at your ranch, George.

      • Re:"Legacy"? (Score:5, Insightful)

        by Defenestrar (1773808) on Wednesday November 10, 2010 @01:56PM (#34188806)

        If it's about giving someone the money to fix the problem, then all you have to do is follow the slurs to find the money.

        ...security gaps left open by legacy technologies like firewalls, anti-virus, and simple URL blockers.

        So the terror monger here is likely to be someone who makes money through (producing or advertising) two factor authenticator, an alternate active-DNS, or an ISP selling the "we filter the internet for you" service.

        And checking net-security.org's "about us:"

        Help Net Security is recognized as a media sponsor of leading information security conferences around the globe including: RSA Conference US, RSA Conference Europe, Infosecurity Europe, CSI, InfoSec World Conference & Expo, SC World Congress and more.

        I think we have a winner. Why does the cynical approach have to be right so often?

      • Re: (Score:3, Funny)

        by poetmatt (793785)

        remember, they added the word cyber, so we need new legislation!

        as opposed to, you know, economic terrorism.

        • Re: (Score:3, Funny)

          by jd (1658)

          Actually, legislation might not be a bad idea. I propose that it be illegal to store passwords in plaintext (or equiv), allow passwords that John the Ripper can break, not QA code correctly, not encrypt traffic, provide identity verification that is bogus, or provide APIs that allow the protection in place to be bypassed. First-time offenders should be forced to read my posts - not because they're necessarily useful on issues of security, but because they're usually long and occasionally tedious. Repeat off

          • Repeat offenders should pay for the carpal tunnel syndrome surgery I'll eventually need because of all the writing of long and occasionally tedious posts.

            Every opinion eventually reduces to a way to make the author rich. Case in point: asking for unnecessary surgeries and then pocketing it and buying an ergonomic keyboard or hiring someone in Somalia to write your posts for you.

          • Re: (Score:3, Insightful)

            by poetmatt (793785)

            what you're talking about is more about setting standards, not legislation. There are already best practices in place for stuff like this, it's more that people don't follow them.

            • You can have both at the same time. The FDA has specified monographs and if you perform a process outside of that monograph you're violating the law (unless you've gotten your innovative new drug license, etc...)
              • by poetmatt (793785)

                sure you can have both at the same time, but that doesn't mean they're in harmony or any more effective by having both go on at the same time.

                How many drugs are released to the market and then later retracted by the FDA? How well is that system gamed by companies like GSK?

                yeah. Laws by themselves, standards by themselves, it's all about the execution - standards and legislation together don't mean it's going to be magically more successful.

      • I'm a little fuzzy on WhiteListing - is that browser specific?
        I could really see a hybrid system with "favorite sites" on a "WhiteList Browser", then when extended surfing, put a proposed link into a "BlackList Browser" to see if it's any good. Then there would be some easy way to add it to the WhiteList browser.

        Most of my web usage is covered by a top-100 list, and TFA's from Slashdot or Fark, which I haven't seen come through too often with real malware.

    • by mcgrew (92797) *

      Those technologies have not been replaced by some revolutionary new technology that does all that and holds your d--- while you piss too.

      Why would I want anybody to hold the door while I piss? I want the fucking door CLOSED!

    • Re: (Score:2, Insightful)

      by mrheckman (939480)

      Firewalls, anti-virus, and URL blockers are not legacy systems at all. They are the state of the art in security precisely because they have to protect legacy operating systems and applications, or new systems built to be backward compatible with legacy systems, which are the real "legacy" problem.

      People use all sorts of old software because they have such a huge investment in systems and applications that are built on them. But that old software keeps needing to be patched. For example, there's Windows, of

    • We've got something to replace those technologies. Linux.
  • Legacy technologies?!
    I don't think that word [wikimedia.org] means what you think it means.

  • by mlts (1038732) * on Wednesday November 10, 2010 @01:39PM (#34188642)

    Maybe its time to work on better out of band authentication and confirmation devices.

    Take the IBM ZTIC that plugs into a USB port, and communicates encrypted from the device itself to the bank, just using the computer as a passthrough. This is what needs to be worked on, and maybe banks should start handing these out to customers. This way, even if an end user's computer is infected, their bank account couldn't be logged into without the device, and even if someone was to gain access upon logging on, all bank transfers would have to be confirmed on the ZTIC, so a quick transfer of funds would be caught and denied.

    Applying this to MMOs, maybe the ZTIC device to confirm character transfers or deletion, as well as be needed to confirm logging on.

    The advantage of using the ZTIC device over a cellphone for this is that the ZTIC device is simple -- it isn't a full fledged computer like a cell phone, and only does one task. Of course, exploits might be found, but the attack surface for this device is a lot smaller than a general purpose machine.

    • It still astonishes me how utterly awful the whole credit card system is in terms of security, public key crypto should have made stealing someone's credit card into a physical problem of actually stealing some kind of physical object by now rather than a simple number.
      but since it's the merchants who pay the CC companies have no incentive to fix it.

      • by mlts (1038732) *

        It is because the consumer pays for it in the end anyway. For businesses, security has no ROI, so beyond the basic PCI-DSS 2.0 standard, businesses gain nothing by offering better security. Banks don't really care. The credit card makers have it factored into the fees charged merchants, so the fees go up.

        Lets say some organization (so people can't say "OMG, it's backdoored by 'x' government or organization") made a generic ZTIC like key. It would have a serial number on it, and a few buttons to help aid

    • Re: (Score:3, Interesting)

      by httptech (5553)

      Have a look at Cronto - it's an out-of-band authentication system, similar to ZTIC but doesn't use an electrical connection to the computer that could be impacted by a malware infection on the PC. Instead it transfers encrypted/signed transaction details via visual code to the Cronto device (or Cronto app running on a camera-enabled smartphone). There are a few other similar systems from other vendors, but Cronto is the only one I've seen with a mobile app so far.

      • by mlts (1038732) *

        The difference between Cronto and other apps that run on a phone versus a ZTIC is that the ZTIC is a very simple device and only does one function in life.

        Because of this, it is a lot harder to compromise, than a targeted attack that compromised cellphones, and PCs, which makes multiple factor authentication moot.

        We can look at smart cards. Yes, they have been hacked sometimes, but I have yet to hear about someone being able to pluck a key out of any recent cryptographic token without access to a chip fab.

  • by Anonymous Coward

    this book salesman [npr.org]? Because it has NO content.

    Yours In Electrogorsk,
    Kilgore Trout.

  • by flaming error (1041742) on Wednesday November 10, 2010 @02:11PM (#34188966) Journal

    Were cyberbombs detonated on a cybertrain?

    • Re: (Score:1, Funny)

      by Anonymous Coward

      Were cyberbombs detonated on a cybertrain?

      I'm sure you're objecting to the cliche of putting "cyber" in front of everyday words. However, these cyberterrorists are no different than the terrorists who shop lift from Walmart. Shockingly, I saw a terrorist steal a six pack of beer from Walmart last week. He slipped it past the cashier while she rang up his other groceries. The cyber prefix in cyberterrorism just means they're using computers to help steal stuff.

      Fortunately, we have laws that allow us to send these terrorist (cyber or not) to Gitm

      • > I saw a terrorist steal a six pack of beer

        I'll bet if the feds investigated they'd find at least one educator with links to that terrorist. That's what really shocks me - how they've infiltrated our schools.

    • by jd (1658)

      I don't know. I'm waiting for the Cybermen to get back from their meeting with their Cyberleader on the issue of Cyberbombs.

    • As I cyberunplugged my cyberelectric cybercar from my cybersolar cyberpanels, I cyberwatched a cybertrain cyberrun down the cyberrailroad cybertracks. I cybersaw a cybercriminal with a cyberski cybermask cyberwalk onto the cybertrain at the cyberstation and cyberpunch a cybermale cyberpassenger who cyberlooked in his cyber20's. Then he cyberstole some cybercash from the cyberpassenger and cyberran cyberaway, and I no longer cybersaw the cybercriminal.

      -Cybersample cyberwitness cybertestimony ~2020.

      Seri
  • From TFA: "Searching for breaking news represented a higher risk (22.4 percent) than searching for objectionable content (21.8 percent)"
  • by Sheik Yerbouti (96423) on Wednesday November 10, 2010 @02:22PM (#34189100) Homepage

    Hey I bet Websense will sell you the solution to the problems cited in the report who wants to take a bet.

  • by SirGarlon (845873) on Wednesday November 10, 2010 @02:30PM (#34189154)

    I think any sensible definition of "terrorism" has to involve violence -- people in meatspace getting killed or at least hurt. I read TFA and the only connection it had to terrorism was in the headline. Skimming credit card numbers is not terrorism (though it could be used to finance terrorist activities). Spreading malware through Facebook is not terrorism (though a botnet could be used in conjunction with a terrorist attack, maybe).

    I am not aware of terrorists ever having made a "cyber terror attack." Most extremist groups are looking for a bigger shock value than they can get by knocking out Google's Web server or even bringing down the electric grid in half the United States (either of which could be accomplished by a misplaced backhoe or a freak thunderstorm). Actually they would much rather blow up a school bus or something. A lone gunman can create more of a scare and get more PR for the cause than could a group of crack cyber-terrorists who managed to reproduce the U.S. blackout of 2005.

    To label any and all malicious activity is disingenuous. It grabs some attention and helps you sell something in the short run, but in the long run, crying wolf is a disservice to the public and it doesn't pay off.

    • Re: (Score:3, Interesting)

      by Nidi62 (1525137)
      I would focus more on the political aspect of terrorism rather than the violence aspect. The DDOSing of the Georgian national bank by Russian hackers during the crisis over North Ossetia certainly didn't kill anyone, but it left a large portion of that state's population without access to cash for a few days. Attacks such as these have the potential to cause severe economic and psychological damage to a targeted society. Reducing confidence in something that a society takes for granted has great politica
      • Re: (Score:1, Insightful)

        by Anonymous Coward

        No.

        Terrorism is a method. You achieve effects by creating terror among your targets.

        Damage is not the same. That's an attack, but it isn't terrorism.

    • by n0prob (55586)

      They need to relate cybercrime to terrorism so they can throw out the constitution and go after petty cybercriminals with the full power and authority granted by the PATRIOT act.. In other words, declare them a terrorist because some member of a bureaucracy determines it to be so.. No trial, judge, jury or any other petty rights a human deserves..

  • While you can't shut down botnets in-country, you can shut down entire countries if they start launching attacks, severing their undersea cable and communications satellite connections, reducing the activation of more attacks.

    Which is why we maintain the ability to pull the plug on China, who persist in using their military to launch attacks on US sites.

  • Countries and organizations are going to have to realize that connecting their in-house network to "the internet" securely is HARD and sometimes the best thing to do is to have an "ip gap" or better yet an "air gap" between their in-house data and the outside world. Oh, and turn off of those USB ports or at least treat them as untrustworthy. This isn't easy either, so there is a trade-off.

    Many governments already do this for their sensitive networks.

    This won't stop inside jobs and it won't stop the most d

  • by couchslug (175151) on Wednesday November 10, 2010 @02:50PM (#34189326)

    I'd like to see a much more hostile internet to coerce better security practices. People in general won't care about such things unless and until it is forced upon them by events.

    If they won't change unless someone "breaks their shit", then that needs to happen.

  • What the hell Sweden?!? You guys are hosting 37% of the phishing sites out there. Get your act together, or I might starting thinking about issuing a verbal warning which is only 3 steps away from a written warning.

  • A great movie came out with Robert Redford, about this type of cyber crime that could virtually cause a full collapse of a nation, or country. This is not far off, get a few more stock exchange collapses in a row, and we are off to mad max land!

  • The Chinese and Japanese can both do a lot of shenigans with their US treasury reserves.

    1) Blanket the market and buy as many call options as you can.
    2) Announce that your treasury is dumping 100% of it's US treasuries, and you will only take hard assets or Euro as payment.
    3)Stock prices now soar on inflation.
    4)Exercise all your call options.
    5)Blanket the market and buy as many put options as you can.
    6)Announce that you have decided not to sell your US treasuries after all as the bids "weren't as high as yo

The sooner all the animals are extinct, the sooner we'll find their money. - Ed Bluestone

Working...