Hack Reports Fly Ahead of China, US Presidents' Meeting
Jun 3, 2013 12:23 PM PT
Numerous new accusations have kept cyberespionage firmly in the media spotlight in the run-up to President Barack Obama's meeting this week with Chinese President Xi Jinping.
Within 24 hours, two separate stories broke about Chinese hackers pinching the designs for some of Uncle Sam's critical weapons systems and nicking the architectural plans for an about-to-be-finished US$630 million headquarters for Australia's top spy agency.
Although there's still plenty of skepticism about many of the attacks attributed to the Chinese government -- attacks that government denies any role in -- the likelihood is high that the Net forays were state-sponsored.
"The Chinese actors are probably the most active and persistent," Booz Allen Hamilton Senior Vice President Christopher Ling told TechNewsWorld.
'Angst and Outcry'
Military and intelligence espionage may have made recent headlines, but the primary focus of the hackers is economic espionage. That's especially distasteful in the United States, where the line drawn between economic and state-sponsored espionage is as sharp as the one between church and state.
"Our intelligence community has been set up for national security purposes," Ling said. "In many other countries, the intelligence community not only provides national security, it's also involved in economic espionage.
"The activity of the Chinese isn't confined to military trade secrets, but they're prolifically active in other industries as well," he added.
That economic espionage component is what's escalating concern about the current rash of cyberintrusions.
"This whole thing about cyberespionage isn't new," Ling said. "It's been going on for decades. It was just traditionally held at the nation-state level."
What's changed, he continued, "is that as companies become more and more reliant on IT systems, their proprietary property is being targeted by nation-states as well as hackers.
"That's what's causing the huge angst and outcry," he added.
Twitter 2FA Attacks
For weeks following the hack of The Associated Press's Twitter account in April, the microblogging service was flogged on the Net for failing to implement two-factor authentication -- that is, the use of both a password and a code sent to a cellphone to authenticate a user's login on suspicious occasions.
No sooner did Twitter relent and adopt 2FA than the practice came under criticism because it could be used to lock out an authentic user.
For example, it's possible to tell Twitter to stop sending messages to a cellphone, noted F-Secure researcher Sean Sullivan, by spoofing a target's mobile number and sending a text message with the word "stop" in it, along with an appropriate country Twitter short code. That will effectively disable 2FA.
The potential hacks don't end there, though. If an account doesn't have 2FA enabled and a hacker gets control of the account through social engineering, then the hacker can activate 2FA and effectively lock an authentic user out of the account, Sullivan also pointed out.
Security vs. Convenience
Now that Twitter has 2FA, the question remains how many people will actually use it.
"Adding factors to the login process is going to improve security, but it also decreases convenience for users," said Bill Carey, vice president of Siber Systems, which makes the password management program RoboForm. "It will be interesting to see how many users actually elect to use the two-factor authentication."
Users generally prefer convenience over security, Carey noted, citing his firm's research.
Convenient or not, it appears RoboForm won't be bucking the 2FA tide in a future version of the program.
"It's something that we are considering," Carey told TechNewsWorld. "My guess is we will likely have 2FA options available by the end of the year."
Spam Capital: Belarus
Spammers can send their junk from the darnedest places. A case in point: Belarus.
Digital detritus has been pouring out of that nation, which is surrounded by Russia, Ukraine, Poland, Lithuania and Latvia, at an alarming rate.
Spam traffic from Belarus spiked in April and hasn't relented since, AppRiver reported last week. It went from spewing an average of 3.1 million junk emails a day to 12.3 million and climbing; most of it was pharmaceutical spam.
It's unclear why Belarus has become so popular with spammers.
"The U.S. often leads in the spam-sending category, but for some reason, last month Belarus jumped in front," AppRiver security analyst Fred Touchette told TechNewsWorld.
Out of a sample of 25,000 spam messages, 18,000 unique IP addresses were used. "I would definitely say botnet-driven," Touchette said.
Data Breach Diary
- May 28. LulzSec hacker Jeremy Hammond, accused of breaking into security company Stratfor's servers and distributing internal files to WikiLeaks, pleads guilty to one violation of the Computer Fraud and Abuse Act. Penalty for violation carries maximum sentence of 10 years in prison.
- May 30. Online notebook app Evernote adds two-factor authentication and other security measures to protect members' security. A data breach of Evernote in March forced it to reset the passwords of some 50 million users.
- May 30. Drupal.org resets the passwords of all its users after discovering that its servers were accessed by unauthorized parties. The breach occurred through a third-party app at the website, it said. Drupal is a content management system whose clients include The Economist, Examiner.com and the White House.
- May 31. Your Anon News' Tumblr and Twitter accounts were hacked by a group calling itself the "Rustle League," which issued a number of tweets containing offensive language.
Upcoming Security Events
- June 4: Get Actionable Insight with Security Intelligence for Mainframe Environments. Noon EDT. Dark Reading Webcast sponsored by IBM. Free.
- June 4: 2013 Government Cybersecurity Forum. Under Cybersiege: What Should America Do? 8:30 a.m.-2:15 p.m. EDT. Ronald Reagan Building, Washington, D.C. Sponsored by Kaspersky Lab. Free.
- June 10-13: Gartner Security and Risk Management Summit. National Harbor, Md. Registration: $2,375.
- June 11: Cyber Security Brainstorm. 8 a.m.-2:30 p.m. EDT. Newseum, Washington, D.C. Registration for nongovernment attendees: Through June 10, $495; onsite, $595.
- June 14-22: SANSfire 2013. Washington Hilton, 1919 Connecticut Ave. NW, Washington, D.C. Course tracks range from $1,800 to $4,845.
- June 15-16: Suits and Spooks conference. La Jolla, Calif. Registration: $595; Securing Our eCity Foundation members, $545; government/military/academia $395.
- June 25-26. ICF International CyberSci Summit 2013. Arlington Hilton Hotel, Arlington, Va. Registration: $650.
- July 24: Cyber Security Brainstorm. 8 a.m.-2:30 p.m. EDT. Newseum, Washington, D.C. Registration: government, free; nongovernment, $495 through July 23; onsite, $595 on July 24.
- July 27-Aug. 1. Black Hat USA 2013. Caesars Palace, Las Vegas. Registration: Through July 24, $2,195; July 25 through Aug. 1, $2,595.