There’s easy money in phishing – they just take it out of the victim’s bank account.”
SPIES AMONGST US
According to researchers at the University of Toronto’s Citizen Lab at the Munk School of Global Affairs, cyberspace has become the home of not only garden-va- riety crime, but of espionage.
In an April 2010 report entitled “Shadows in the Cloud: Investigating Cyber Espionage 2.0”the UofT team de- scribed the compromise of systems in- government, business, academic and other computer networks in India, the offices of the Dalai Lama, the United Nations and other areas. It documented an extensive cyber espionage network and enumerated some of the documents stolen. It even found evidence of collateral compromise such as that of visa applica- tions submitted to Indian diplomatic mis- sions in Afghanistan.
A command and control infrastructure (i.e., the mechanism the hackers use to manage the compromised machines) was linked to social networks including Twitter, Google Groups, Blogspot, Baidu Blogs,
blog.com and Yahoo!, as well as to the Chi- nese hacker community.
“At this point,” says Nart Villeneuve, chief research officer,
SecDev.cyber and a Research Fellow at the Citizen Lab, Munk Centre, “the attacker has full control of the user’s system. The attacker can steal doc- uments, e-mail and send other data, or force the compromised computer to download additional malware and possibly use the infected computer as a mecha- nism to exploit the victim’s contacts or other computers on the target network.” This investigation followed on the Cit- izen Lab’s discovery of what it dubbed the GhostNet, a network of more than 1,295 compromised computers in 103 countries discovered during an investigation of alle- gations of Chinese cyber espionage against the Tibetan community. These attacks may have been on the opposite side of the world, but others have occurred much closer to home. “There have been successful attacks by similar groups that appear to have compromised Canadian government com- puters,” Villeneuve says. “However, the nature of those computers (whether they
WWW.SECURITYMATTERSMAG.COM
NEW FRONTIER IN BATTLING SPAM
In an effort to control spam and the at- tacks it often conveys, the Canadian government has introduced Bill C-28, the Fighting Internet and Wireless Spam Act (FISA). “The legislation has taken a good look at other international legislation and has taken the best parts and added a Cana- dian slant to make sure consumers are protected and business has a solid framework,” says Symantec’s Matt Ser- geant. “We had a huge gap — spammers were free to abuse the system.” FISA, which passed first reading in the House of Commons in May 2010, will establish a regulatory framework to protect electronic commerce in
Canada. If it becomes law, it will: • Address unsolicited commercial electronic mail (spam) by prohibiting the sending of commercial elec- tronic messages without consent;
• Prohibit detrimental practices to electronic commerce, protect the integrity of transmission data and prohibit the installation of com- puter programs without consent in the course of commercial activity;
• Prohibit the collection of personal information via unlawful access to computer systems and the unau- thorized compiling or supplying of lists of electronic addresses;
• Provide for a private right of action for businesses and consumers;
• Allow the CRTC and Competition Tribunal Canada to impose admin- istrative monetary penalties on those who violate the respective acts; and
• Allow for the international sharing of information and evidence to pursue spammers outside of Canada.
were important or not) is unknown as is the nature of any data the attackers may have obtained.”
That’s a big part of the problem with these attacks – victims sometimes have no idea that their systems have been com-
promised, and are unaware that data has been stolen.
“Often organizations find out they’ve been attacked because they discover, or are alerted to, evidence of compromise,” notes Villeneuve. “Attacks that leverage social engineering are difficult to defend because the attackers are not just ex- ploiting a technical vulnerability, they are exploiting the human element. This means that in addition to technical defences, users must learn to identify suspect com- munications. Often spelling, grammar or slight inconsistencies exist and should in- dicate to the users that this communica- tion should be treated as potentially malicious.
“There are configurations,” he adds, “that can reduce the attack surface — even just turning off JavaScript in your PDF reader can be helpful, or using Firefox with the NoScript plugin. These measures limit functionality, which may be irritating to some users. So it’s best to find a balance.”
That balance, he explains, may include changes to network structure to reduce the attacker’s capacity to move laterally through the network after a compromise. Data handling and storage practices, such as password protection, encryption and non Internet-connected archiving, can also reduce the damage an attacker can inflict after a compromise.
Keeping up with current attack methods and trends also helps, adds Michael Callahan, senior director, network security for HP Tipping Point. “Network security is only as good as its intelligence.” Sergeant agrees. “ When we’re fighting spam, we’re battling an unknown enemy who can change its activities. They change, we catch up; we see a wave [of spam] getting through, then filters catch up. The thing people have to realize is that it’s an ongoing war.”
Lynn Greiner is a freelance writer in New- market, Ont.
SOURCES Fortinet •
www.fortinet.com HP Tipping Point •
www.tippingpoint.com Kaspersky •
www.kaspersky.com Symantec •
www.symantec.com
JULY/AUGUST 2010 • SECURITY MATTERS 17
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32