Mad Magazine, the NSA and Chinese Army Hackers

A quick follow up to yesterday’s post, continuing the “Jeez, you just can’t keep a good secret anymore” meme for the week.  If you follow politics or business news you may have seen lots (and lots and lots) of headlines lately regarding US economic losses, political wrangling and business executives’ hand-wringing over enormous, far-reaching and, by all accounts, incredibly effective Chinese hacking and cyber penetration of American companies, research labs and government agencies.  (Reading like a list of B-grade spy movies, feel free to read about “Operation Shady Rat” or “Byzantine Foothold” for some eye-opening facts and figures if this stuff isn’t your normal beat.)

 

Recently, there was great sturm und drang after the folks over at Mandiant produced a very detailed and revealing public report about just how big, bad, widespread and effective these efforts have been (which wasn’t entirely news to those in the know), and much more interestingly, great specifics on how it was done, and by whom, (which was).

 

A division of the Chinese People’s Liberation Army known by the not-entirely-inspirational moniker of “PLA Unit 61398” has since been the topic of much discussion in the press, the government and the security community.  (Not that a sexy moniker is all that important I suppose.  I hear it’s a great place to work with great benefits.  You can read one of their recruiting notices here if you’d like – see aforementioned “Jeez, can’t anybody keep a secret anymore?” discussion.)

 

Not to be outdone, (and in a piece that made me feel a bit like I was seeing a media version of the old Spy vs. Spy cartoons) FP just published a story headlined “Inside the NSA’s Ultra-Secret China Hacking Group”.  When the article includes a description of the inside of the building and the door into the room housing said “Ultra-Secret” unit, I’m pretty sure the folks who work there had a pretty significant hand in un-secreting it.

 

Still, given that the Chinese have long said they have their own mountains of data that we’ve been doing the same to them, perhaps this was just a timely PR use of information that, like Unit 61398, was about to enter the public conversation anyway.  The more I think about it, the more resonant that old cartoon strip seems.  They do it to us.  We do it to them.  Both sides know it, and the game goes on.  My guess is that what is a little bit different now is that both sides have to learn to play a game of shadows on a field that’s far more brightly lit than ever before.

A real “Low Orbit Ion Cannon” gives new meaning to “Denial of Service”

So, is it just me or is this life imitating art imitating life imitating art…. or… something?  Hopefully some gamer, geek or Star Wars fan can help me untangle the levels of overlapping nerd irony and the triple (maybe more?) entendre here.  Whatever.  It’s some kind of clever, linguistic, something-funny-in-there-someplace,  with a side order of potentially-worrisome-but-in-the-meantime-sci-fi-channel-awesomeness.

If “LOIC” already makes sense to you, skip to the bottom of the graphic.  If not, read on.  This won’t take long.

Ready ?

  • So there’s a video game series called  Command & Conquer.  In it is a weapon called the Low Orbit Ion Cannon, or LOIC.  It is a space-based platform that sends targeted beams of energy down through the sky and makes very specific things go boom.
  • The name was in turn co-opted by the authors of a tool, also called Low Orbit Ion Cannon, for stress testing a target system by subjecting it to a (simulated?) Denial of Service, or DOS,  attack.  For you ungeeks out there, a DOS atttack is essentially sending highly focused streams of packets against a specific machine or network to see if you can make it go boom.  Hence, the name.
  • They later open-sourced the Low Orbit Ion Cannon software into the public domain, whereupon it was used for both legitimate network testing and by people making all kinds of mischief, to wit, making various computers or networks go boom.
  • In other words, a tool originally developed to make networks safer from Denial of Service attacks was then used to commit Denial of Service attacks.  So far so good?

low_orbit_ion_cannon

Courtesy of Digital-digest.com

  • Recently, Boeing and the US Air Force revealed in a video animation and public statements that they had successfully tested a weapon that could completely disable computer systems in specific locations with extreme precision, e.g. kill the electronics in one building, but not the building next to it.
  • How did they do this?  An aerial platform that sends targeted beams of energy down from the sky and makes very specific things go boom.

Boeing calls the platform CHAMP. (What, no gamers on the project?) It appears to use  incredibly powerful electromagnetic pulse – EMP – to knock out the target’s computers and electronic equipment.  No mystery there, EMP has been kicked around as a weapon for decades.  Except… it does so on such a targeted basis that the aircraft carrying the weapon, itself full of wires and chips and electronics, is unaffected.  Whoa….

Anyway, I think the implications of this are kind of scary in the longer run, proliferation being what it is and all.  On the other hand, this EMP thing is the same stuff that saved Neo, Morpheus and the Nebuchadnezzar from the Sentinels in  The Matrix.  Maybe the human side of the conflict will stand a chance against Skynet after all.

SCAM ALERT: Facebook messages just came to a mailbox I don’t use for Facebook

QUICK HIT:  I just got an email from “facebook” with the usual annoying “You have notifications pending” but it came to an account that I don’t use for Facebook.

The link is to indonesianfilmfestival.com.au/trace/a/b/c/d/ and the actual sender address, you can see in the picture is q7frrf4s6rc9 (AT) async.norma.no.  Norma.No is the legitimate site of a Scandinavian industrial firm, so clearly something’s gone a wee bit amiss in their IT somewhere.

Anyway, for all you happy/active Facebookers out there, take some care and check sender fields, mouseover/hover over the links in those supposed FB emails, or of course, better yet, don’t click ANY links in emails and go log into FB yourself if you have notifications to see.  Screenshot below so you can see what not to trust.

 

SCAM ALERT: Justin Beiber emails part of malware spreading over Facebook

Kaspersky Labs researcher Sergey Golovanov has a detailed post this morning about the the LilyJade worm, a technologically fascinating  bit of naughtiness that is spreading via messages about teen pop star Justin Beiber (though of course the content of the emails will change constantly.)  For users, all you need to know is, as always:

1.  Don’t trust messages, click on links or open attachments from anyone you don’t know.

2. Even if it’s from someone you do know, if the message seems generic, is totally off any topic you care about or seems out of character for the sender, same rules apply.  Their account may have been compromised.

3. If the message seems like it actually might be important, reach out to that person via alternate channel, e.g. phone call text or email to another account.  You may just make them aware of the fact their account is compromised and they didn’t know it.

4. Hover your mouse over all links in emails and see if the visible link and the underlying actual destination agree.  If they don’t, don’t click the deceptively labeled link.

5.  Never respond to online requests for personal information, passwords, login credentials or financial data except on a reputable web site you trust (e.g. Amazon, Zappos, eBay) where you TYPED IN THE ADDRESS YOURSELF.

For the really nerdy among you, who care about “cross-platform browser vulnerabilities or like reading code on a command line (dorks), the Kaspersky post is pretty interesting and detailed.

The Insider Threat: Medicaid employee emails self PII on 220,000 people

Returning for a moment to another core focus of this blog (i.e. the “Data Like Digital Water” meme), I came across this – as yet anyway – little publicized data breach.

I know there are severe limits on firewall and gateway rulesets, and Data Loss Prevention systems aren’t perfect, and there are lots of subtle and technically advanced ways to exfiltrate data (ICMP tunnel anyone?) and all, but can we not agree that anyone with access to a quarter million people’s PII should have to work a little harder than “mailto:MyOwnAccount@yahoo.com”?

http://www.myrtlebeachonline.com/2012/04/19/2782968/sc-agency-says-information-leaked.html

It’s OK though, because the data that was lost apparently included their names and their Medicaid ID numbers.

I mean it’s not like it was their Social Security Numbers or anything. Oh… wait… what’s that? Oh, wait… I was wrong, their Medicaid ID numbers ARE their social security numbers.  Oh, ok.  Well that’s helpful.

I’m thinking Phishing reports in SC are maybe gonna take a jump soon?

 

 

How to Hack Like Homer Simpson…

A few weeks ago, I gave a talk to a room full of police chiefs. I was talking about the goods, bads and unknowns of Social Media use by and for Law Enforcement (#LESM or #SM4LE).

One of the slides looked like this:

Image

It shows how, unless you explicitly change the default settings, in many cases everything from Tweets to photos are tagged with a variety of metadata.  In some cases this can include geotags for the location of the device that produced the photo, tweet or update, the model number and make of the camera or phone, etc.

I suppose if you flip the “goods” and the “bads” I could have given the same speech to hackers, but of course they are way to tech savvy to need any such guidance.

Well, most of them. There’s always the exception

http://www.informationweek.com/news/security/government/232900329

I couldn’t help but smile.  A hacker implicated in the recent Texas DPS breach, in painfully cliche fashion, decided that a bit of geek chest thumping was in order.  In a bugs-bunny-esque “you’ll never catch me coppers! Mwah hah hah!” moment, he decided to post pics on Social Media of his girlfriend holding signs taunting law enforcement.

The only problem?  Hacker-genius-computer-expert guy neglected to remove the geotagging from the photos, which were taken in her back yard. Police took the arcane and Star-Treky step of reading the lat/long coordinates on the files and looking them up on a map.

What I wouldn’t have given to be a fly on the wall when he was told how they got him.

Image

%d bloggers like this: