Beware of Botnets

Interesting video demonstration of how botnets work and can literally take over your computer.

In essence, your computer becomes a zombie under the command and control of the botnet sender.

Computers get infected through a trojan or worm, and then the sender has you–they control your computer and information.

Generally, they do this to send spam, steal information, or send out other malware, all under anonymity.

Once infected, the sender has complete control over your computer and can exfiltrate, delete, or change your data, turn on the keyboard lights, add a tail to your mouse, and even format your hard drive.

The malware often can even disable your firewall.

The sender can turn on a keylogger and log your keystrokes, and capture your user ids and passwords to banking and financial institutions, and draw out your money.

The video demos an example of botnets with a variant of the Zeus trojan.

Worth a watch.

Makes me wonder whether our adversaries are infecting more and more computers, until they have almost everyone–eventually a virtual army.

Then at the time of their choosing, they can conduct one big massive attack, or incremental ones, logging into peoples accounts, stealing their identities and savings, sending out misinformation, destroying data and computers en masse.

We need to be aware of what’s possible, maybe even probable.

Is your computer infected and you don’t even know it yet?

Remodulate The Shields For Cyber Security

I really like the concept for Cyber Security by Shape Security.

They have an appliance called a ShapeShifter that uses polymorphism to constantly change a website’s code in order to prevent scripted botnet attacks–even as the web pages themselves maintain their look and feel.

In essence they make the site a moving target, rather than a sitting duck.

This is like Star Trek’s modulating shield frequencies that would prevent enemies from obtaining the frequency of the shield emitters so they could then modify their weapons to bypass the shield and get in a deadly attack.

In real life, as hackers readily change their malware, attack vectors, and social engineering tactics, we need to be agile and adapt faster than the enemy to thwart them.

Changing defense tactics has also been used by agencies like Homeland Security to alter screening methods and throw potential terrorists off from a routine that could be more easily overcome.

I think the future of IT Security really lies in the shapeshifter strategy, where the enemy can’t easily penetrate our defenses, because we’re moving so fast that they can’t even find our vulnerabilities and design an effective attack before we change it and up our game again.

And hence, the evil Borg will be vanquished… ūüėČ

One-Two-Three Punch For Cyber Security

Punch

Here are three crafty ideas for improving our cyber security that can be used to protect, prevent, and recover from attacks:

1)¬†Intrusion Deception (not detection)–Mykonos¬†Software¬†aims to protect websites by putting up a virtual minefield–“setting traps to confound hackers.” When the software detects hackers trying to infiltrate, it can flood hackers with false information on vulnerabilities that goes nowhere, mess with the hackers computers such as by pop-up flashing maps of their locations and local defense attorneys, and disrupt their connections and slow down their hacking attempts (Bloomberg BusinessWeek).

2)¬†Scamming The Scammers–Notorious email spams such as from Nigeria that look to ensnare victims into wiring money overseas in order to secure some lost fortune costs $9.3 billion in losses in 2009. Psychology professors Chris Chabris and Daniel Simons suggest that we can prevent many scammers from succeeding by raising the cost of their doing business by scamming them with ” baiters” that send responses to scammers and occupy them but never actually send any money. They suggest that artificial intelligence could actually be used to create “automated scam-baiters bots” simulating potential gullible victims. These bots could even be programmed to provide phony account numbers and data to scammers to really get them spun up. (Wall Street Journal)

3) Insuring Again Losses–Insurance is a common way to manage risk by purchasing coverage for potential liabilities–this is used to indemnify against losses for everything from auto accidents to home fires, personal theft, and business interruptions.¬†However, according to Bernard Horovitz, CEO of XL Insurance’s Global Professional Operations, businesses (and of course, individuals) are rarely are covered by insurance for hacker attacks. Insurance companies are now offering specialty products to recover from the insuring liabilities. Additionally, the insurers will “help with preventing and mitigating cyber crime” through security audits. (Wall Street Journal)

These three cyber security strategies are great examples of how we can make it technically and financially more difficult for cyber attackers to succeed in geting in a knockout punch on their victims. ūüėČ

(Source Photo: Minna Blumenthal)

Taking Down The Internet–Not A Pipe Dream Anymore

Internet

We have been taught that the Internet, developed by the Department of Defense Advanced Research Projects Agency (DARPA), was designed to survive as a communications mechanism even in nuclear war–that was its purpose.

 

Last year, I learned about studies at the University of Minnesota that demonstrated how an attack with just 250,000 botnets could shut down the Internet in only20 minutes.

 

Again last month, New Scientist (11 February 2012) reported: “a new cyberweapon could take down the entireInternet–and there is not much that current defences can do to stop it.”

 

Imagine what your life would be like without Internet connectivity for a day, a week, or how about months to reconstitute!

 

This attack is called ZMW (after its three creators Zhang, Mao, and Wang) and involves disrupting routers by breaking and reforming links, which would cause them to send out border gateway protocol (BGP) updates to reroute Internet traffic.¬† After 20 minutes, the extreme load brings the routing capabilities of the Internet down–” the Internet would be so full of holes that communication would become impossible.”

 

Moreover, an attacking nation could preserve their internal network, by proverbially pulling up their “digital drawbridge” and disconnecting from the Internet, so while everyone else is taken down, they as a nation continue unharmed.

 

While The Cybersecurity Act of 2012, which encourages companies and government to share information (i.e. cybersecurity exchanges) and requires that critical infrastructure meet standards set by The Department of Homeland Security and industry are steps in the right direction, I would like to see the new bills go even further with a significant infusion of new resources to securing the Internet.

 

An article in Bloomberg Businessweek (12-18 March 2012) states that organizations “would need to increase their cybersecurity almost ninetimes over…to achieve security that could repel [even] 95% of attacks.”

 

Aside from pure money to invest in new cybersecurity tools and infrastructure, we need to invest in a new cyberwarrior with competitions, scholarships, and schools dedicated to advancing our people capabilities to be the best in the world to fight the cyber fight. We have special schools with highly selective and competitive requirements to become special forces like the Navy SEALS or to work on Wall Street trading securities and doing IPOs–we need the equivalent or better–for the cyberwarrior.

 

Time is of the essence to get these cyber capabilities to where they should be, must be–and we need to act now.

 

(Source Photo of partial Internet in 2005: here, with attribution to Dodek)

 

Crashing The Internet–Are We Prepared?

Almost week after week, I read and hear about the dangers of cyber attacks and whether “the big one” is coming.
The big one is what some experts have called a pending “digital Pearl Harbor.
Just last week, the Federal Times (13 June 2011) wrote that the “U.S. government computer networks are attacked about 1.8 billion times per month.
The Center for New American Security (CNAS) states that¬†deterring and preventing cyber attacks will require “stronger and more proactive leadership.”
Charles Dodd, a cyber security consultant in D.C. warns that “You’ve bought a stick to a gunfight, and you’re arrogant about your capabilities.”¬†
So the question is–are we really paying attention to and being realistic about the probability and magnitude of the impact of the cyber threat out there?
Certainly, with so much critical infrastructure–from government, military, and private industry–dependent on the Internet, the effects of a concerted or prolonged cyber attack on our country would be devastating as documented most recently in The Lipman Report (October 2010) on “Threats to the Information Highway: Cyber Warfare, Cyber Terrorism, and Cyber Crime” as follows: ¬†¬†
–“There is a great concern regarding the types of destructive attacks that are already occurring, but an even greater concern for the unknown that is yet to happen but is almost certainly even now in development. Cyberspace touches nearly every part of our daily lives.
It is in this regard that I read with serious concern today in ID Magazine (August 2011) that the University of Minnesota has “demonstrated in a simulation how an attack with a large botnet (a network of remotely-controlled PCs) could shut down the Internet.
And it took only 20 minutes to trigger the chain reaction in which¬†“manipulated routers overloaded all other Internet routers worldwide…mak[ing] it impossible for Internet address to be found.”
Granted it would take around 250,000 computers to carry out such an attack, but with the billions of people online with computer devices of all sorts…that does not seem like an inordinate amount to press forward with for a coordinated attack.¬†
So the Internet in theory can be crashed!  
Just think for a moment about how that would impact you and what you do every day…would anything be the same? ¬†Could we even function normally anymore?¬†
As we move more and more of our applications, data, and infrastructure online to the cloud, we need to consider what additional risks does this bring to the individual, the organization, and the nation and how we can respond and recover should something happen to the Internet.
In the Federal government there are many agencies, commands, task forces, and groups working to secure the Internet, and at the same time, there are separate efforts to modernize and reform IT and reduce unnecessary expenditures, so what we need to do is better integrate the drive to the cloud with the urgency of securing our data, so that these efforts are strong and unified. 
This is one of the things that I was trying to achieve when I created the CIO Support Services Framework in synthesizing the functions of IT Security with the other strategic CIO functions for Enterprise Architecture, IT Investment Management, Project Management, Customer Relationship Management, and Performance Management.  
If the Internet can indeed be crashed, we had all better be prepared and make the right IT investment decisions now, so that we won’t be sorry later.¬†
(All opinions are my own)
(Source Photo: Heritage and History.com)