Cybersecurity Touchy Subject for US & China

Story first appeared on Politico.com.

Asserting that cyberattacks against the U.S. don't come only from China, the U.S. and Chinese defense ministers said they agreed Monday to work together on cyber issues to avoid miscalculations that could lead to future crises.

The Defense Secretary said that since China and the United States have advanced cyber capabilities, it is important to develop better cooperation.

There are other countries, actors, others involved in some of the attacks that both of the countries receive. But because the United States and China have developed technological capabilities in this arena it's extremely important that they work together to develop ways to avoid any miscalculation or misconception that could lead to crisis in this area.

China's minister of national defense offered a vigorous defense of his country, saying through an interpreter that, all of the cyber attacks targeting the United States do not come from China.

Just six months ago, however, senior U.S. intelligence officials for the first time publicly accused China of systematically stealing American high-tech data for its own national economic gain.

It was the most forceful and detailed airing of U.S. allegations against Beijing after years of private complaints, and it signaled the opening salvo of a broad diplomatic push to combat cyberattacks that originate in China.

Cybersecurity was just one of the many issues discussed by the two leaders during their meeting, but it is also one of a number of contentious topics that rattle the often rocky relationship between the two nations.

The U.S. needs to start laying the ground work for better understanding by the Chinese of what is expected from them in cyberspace. As well as putting better Security Solutions in place among their own technology.

As an example American officials want to know who to talk to when Chinese hackers breach U.S. computer networks. And if there is a cyber incident in China, the US needs the Chinese to feel confident that they can call up and ask, 'was it you?', and get a straight answer.

Chinese officials have routinely denied the cyberspying, insisting that their own country also is a victim of such attacks. And they note that the hacking is anonymous and often difficult to track.

U.S. cybersecurity experts acknowledge that attribution can be difficult, and that while they can trace an attack to China, it is often difficult to track directly to the Chinese government. Last December's report by U.S. intelligence agencies said America must openly confront China and Russia in a broad diplomatic push to combat cyberattacks that are on the rise and represent a persistent threat to U.S. economic security.

And, separately, several cybersecurity analysts have concluded that as few as 12 different Chinese groups, largely backed or directed by the government there, commit the bulk of the cyberattacks that aim to steal critical data from U.S. companies and government agencies. Officials estimate that the stealthy attacks have stolen billions of dollars in intellectual property and data.

Because people and businesses in both China and American have been victims of cyberattacks, officials have been talking more about building a better relationship so that they can work together.

Law enforcement is one area of cybersecurity where the two nations have begun to build partnerships, but so far it has been extremely limited. Lewis said that in 2011, U.S. authorities requested assistance from the Chinese 11 times, and in seven of the cases received no information. But, he said the Chinese cooperated with U.S. law enforcement in a high profile financial fraud case late last year.


For more technology and electronics related news, visit the Electronics America blog.
For national and worldwide related business news, visit the Peak News Room blog.
For local and Michigan business related news, visit the Michigan Business News blog.
For healthcare and medical related news, visit the Healthcare and Medical blog.
For law related news, visit the Nation of Law blog.
For real estate and home related news, visit the  Commercial and Residential Real Estate blog.
For organic SEO and web optimization related news, visit the SEO Done Right blog.

Microsoft Knocks Out Another Botnet

Story first appeared in The New York Times.

Last Friday, Microsoft employees and federal marshals raided command centers in Pennsylvania and Illinois used by criminals to run a botnet, a cluster of infected computers used to steal personal and financial information from millions of victims.

But two days earlier, a separate group of cybersecurity researchers based in San Francisco quietly took down another botnet using more technical means. The five researchers, from four security firms — Crowdstrike, Dell SecureWorks, the Honeynet Project and Kaspersky Labs – worked together to decrypt and successfully commandeer the so-called Kelihos.b botnet that was using over 100,000 infected computers to blast pharmaceutical spam and, in some cases, steal Bitcoins, a virtual currency that is impossible to recover once stolen.

The two takedowns were not timed to coincide with one another, nor were the two groups even aware they were operating in tandem. But they point to a renewed effort by technologists to take the lead in combating digital crime rather than waiting for law enforcement authorities to take action.

Microsoft has preferred to take botnets down through court actions.  Including Friday’s raid, Microsoft has disrupted four botnets in the last few years through civil suits. In each case, Microsoft sought secret court orders that allowed it to seize Web addresses and servers that run the botnets, without first alerting their owners.

In the case of Kelihos.b, researchers took a more technical approach. They successfully reverse-engineered the botnet’s structure and analyzed its cryptography, then injected their own file into its communication network. That file instructed infected computers to send any information to a “sinkhole” controlled by Crowdstrike, rather than to the command-and-control server run by criminals.

Within a few minutes of infiltrating Kelihos.b, over 85,000 infected computers started communicating with Crowdstrike’s sinkhole. As more infected users went online, Crowdstrike said that figure quickly jumped to 110,000. By Friday, researchers said the criminals behind Kelihos.b had already abandoned the botnet and moved on.

By dismantling their tools this way, the researchers said they gleaned valuable information about the criminals’ techniques. Experts advise that it is best for companies to employ a professional Managed IT Service to police their online security.

Of the infected machines, 84 percent were exploited using a loophole in Microsoft Windows XP. Researchers also noted that the vast majority of infections — a quarter of all identified machines — were in Poland and that the botnet’s creators spread Kelihos.b through a “pay-per-install” model typically favored by hackers in Eastern Europe. A senior lawyer in Microsoft’s digital crimes unit, said he had a high degree of confidence that the  culprits behind the botnet Microsoft took down last Friday were also based in Eastern Europe.

That information could potentially be valuable in combating future threats. Unless a botnet’s owners and clients are put behind bars, takedowns tend to be temporary. Microsoft’s earlier disruption of a Waledac botnet, for example, lasted only as long as the time it took its creators to modify its architecture slightly to create a new botnet. Kelihos.b is a second-generation version of Kelihos, another botnet that was shut down last September.


For more technology and electronics related news, visit the Electronics America blog.
For national and worldwide related business news, visit the Peak News Room blog.
For local and Michigan business related news, visit the Michigan Business News blog.
For healthcare and medical related news, visit the Healthcare and Medical blog.
For law related news, visit the Nation of Law blog.
For real estate and home related news, visit the  Commercial and Residential Real Estate blog.
For organic SEO and web optimization related news, visit the SEO Done Right blog.

Flashback Creators Made Bank on Mac Virus

Story first appeared in The New York Times.

Last month, cybercriminals embarked on what quickly became one of the largest-scale malware attacks on Apple computers to date. Their motive was financial: security researchers now estimate that the infected computers made the malware’s creators $10,000 a day.

The malware, called Flashback, targeted Mac users and infected their machines through a security hole in Java software that Oracle patched last February, but that Apple did not patch until early April. In those six weeks, Flashback spread to over half a million computers.

It spread through particularly nefarious means. Unlike most malware, which typically requires users to click on a malicious link or open a compromised attachment to get infected, Flashback downloaded itself onto its victims’ machines when they visited hijacked Web sites, often compromised WordPress blogs.

Security researchers determined that Flashback used infected computers for click fraud, in which clicks on a Web advertisement are manipulated in exchange for kickbacks. Researchers at Symantec, who studied Flashback’s code, determined that a Google search for “toys”– which would ordinarily send a user to Toys “R” Us — instead redirected the user to a site where the attackers, not Google, would get 8 cents for the click.

With 600,000 computers infected at its peak, Symantec estimates that Flashback generated $10,000 for the attackers each day. Two weeks after Apple issued a security patch, the number of infected users dropped to 140,000 from 600,000. But last week, researchers at Intego, another computer security firm, discovered that a new variant of Flashback, Flashback.S, continues to spread through the same Java vulnerability. Companies using Macs should invest in professional Security Solutions to avoid further breaches.

Intego researchers did not say what the new variant of Flashback was being used for, but researchers at Symantec that analyzed a portion of the variant’s code said that it communicated with the same command-and-control servers as Flashback and that it would be safe to assume the intention with this variant was the same.

To remove Flashback, Apple encouraged users to run their software updates. They can also download a Flashback removal tool on Apple’s support site, which lets users know if their computer was infected.

Security experts predicted in 2008 that when Apple’s share of the PC market reached 16 percent and Windows antivirus software became 80 percent effective, Mac users would become a more frequent target for cybercriminals.

That day is not far off. Apple currently holds 12 percent of the PC market and antivirus software has reached 95 percent effectiveness, according to AV Comparatives, a nonprofit that audits antivirus software.


For more technology and electronics related news, visit the Electronics America blog.
For national and worldwide related business news, visit the Peak News Room blog.
For local and Michigan business related news, visit the Michigan Business News blog.
For healthcare and medical related news, visit the Healthcare and Medical blog.
For law related news, visit the Nation of Law blog.
For real estate and home related news, visit the  Commercial and Residential Real Estate blog.
For organic SEO and web optimization related news, visit the SEO Done Right blog.

Government Calls for Help from Local Tech Companies

Story first appeared in The Detroit News.

Warning that the U.S. is threatened by potentially devastating cyberattacks, the nation's national security community is recruiting the San Francisco Bay Area's private sector to counter the assaults.

On Monday, in a sign these concerns are shared at the highest levels of the Presidential administration, the Homeland Security Secretary will make a personal pitch for help to tech companies in San Jose. And Congress is considering several bills to encourage government and business to share intelligence about the computerized threats.

Also sounding alarms is the director of the National Security Agency and commander of U.S. Cyber Command, which guards military networks. At an October conference he appealed for the private and public sectors to work together because this is something that we cannot do by ourselves.

Such partnerships are widely considered essential, given how dangerously vulnerable the country is to computer incursions. Some experts say the U.S. could be crippled by adversaries in future cyberwars. Others say the technology that's already been pilfered amounts to a lost national treasure, and extreme security solutions should be put in place to help avoid such losses.

Experts say cyberthieves cost U.S. corporations billions of dollars annually _ with some of the worst attacks linked to China _ and federal agencies are being looted, too. In July, the Deputy Defense Secretary revealed that foreign intruders have taken terabytes of data from defense companies, ranging from specifications for parts of tanks, airplanes and submarines to our most sensitive systems.

Companies often aren't paid for the help they provide to government sleuths and much of their work, understandably, is classified, some experts said. But it's clear that a wide range of Silicon Valley companies are participating with the national security community on this effort.

Several Bay Area corporations including Adobe Systems, eBay, Intel, Cisco Systems, McAfee and PayPal have joined with Lawrence Livermore Laboratory to counter cybervillains through the lab's Network Security Innovation Center, which opened in July. They exchange threat information as well as best practices to counterattackers, and their insights are relayed to other federal agencies.

Some of the same companies along with Hewlett-Packard, NetApp, Symantec, VMware and Juniper Networks are providing similar help to military and intelligence agencies through a Lockheed Martin center in Maryland.

In addition, the Department of Homeland Security has set up a Cyber Security Research and Development Center at the nonprofit Menlo Park think tank SRI International; dozens of local companies share information through the FBI's InfraGard program; and other Bay Area companies work individually with federal agencies to combat cyberthreats.

At FireEye of Milpitas, whose equipment helps block cyberattacks, systems have been deployed in over 60 federal customers and agencies, including the Department of Defense and the intelligence community. FireEye has worked with the FBI to help bring down botnets, groups of computers controlled by cybercrooks.

Mocana of San Francisco helps federal agencies prevent unauthorized devices from using their networks and encrypts the government's data in case its devices are stolen. And McAfee, which sells security software and monitors cyberintrusions globally, alerts the government about attacks. In August, it told authorities about a scheme that had compromised numerous agencies, prompting an investigation by Homeland Security.

Several congressional bills would further information sharing between the public and private sectors, in part by clarifying procedures for how the information is exchanged. But an analysis by the nonprofit public Electronic Frontier Foundation said the bills could endanger civil liberties by allowing a whole host of monitoring activities by government and non-government officials.

Some businesses may not be keen about the partnerships, either, the Congressional Research Service noted in a March report. It said firms might balk at sharing their proprietary information, fearing that it could be leaked to competitors, and that they might be sued if they failed to adequately address threats they learned about from the government.

Businesses also find it time consuming to partner with the government on these projects. At least 55 public-private alliances that already have been formed against cybercrimes and believes tax breaks may be needed to coax more company cooperation.

Nonetheless, unless federal bureaucrats and businesses redouble their efforts, the country could be in trouble, according to a former U.S. Secret Service agent who chairs the Security Innovation Network, a public-private group that sponsored a conference last month at Stanford that included participants from the National Security Agency to the Defense Department to the Central Intelligence Agency. He said it's especially crucial for that help to come from the Bay Area.


For technology and electronics related news, visit the Electronics America blog.
For national and worldwide related business news, visit the Peak News Room blog.
For local and Michigan business related news, visit the Michigan Business News blog.
For healthcare and medical related news, visit the Healthcare and Medical blog.
For law related news, visit the Nation of Law blog.
For real estate and home related news, visit the  Commercial and Residential Real Estate blog.
For organic SEO and web optimization related news, visit the SEO Done Right blog.

SONY REELS FROM ANOTHER SECURITY BREACH

Another massive data breach at Sony has left hackers exulting, customers steaming and security experts questioning why basic fixes haven't been made to the company's stricken cybersecurity program.
Hackers say they managed to steal a massive trove of personal information from Sony Pictures' website using a basic technique which they claim shows how poorly the company guards its users' secrets. Security experts agreed Friday, saying that the company's security was bypassed by a well-known attack method by which rogue commands are used to extract sensitive data from poorly-constructed websites.
Coming on the heels of a massive security breach that compromised more than 100 million user accounts associated with Sony's PlayStation and online entertainment networks, the latest attack suggested that hackers were lining up to give the company a kicking.
Culver City, California-based Sony Pictures has so far declined to comment beyond saying that it is looking into the reported attack — which saw many users' names, home addresses, phone numbers, emails, and passwords posted on the Web.
It wasn't clear how many people were affected. The hackers, who call themselves Lulz Security — a reference to the Internet jargon for "laugh out loud"— boasted of compromising more than 1 million users' personal information — although it said that a lack of resources meant it could only leak a selection on the Web. Their claim could not be independently verified, but several people whose details were posted online confirmed their identities.
Lulz Security ridiculed Sony for the ease with which it stole the data, saying that the company stored peoples' passwords in a simple text file, something it called disgraceful and insecure.
Several emails sent to accounts associated with the hackers as well as messages posted to the microblogging site Twitter were not returned, but in one of its tweets Lulz Security expressed no remorse.
Claiming that innocent people whose data they leaked should blame Sony.
Sony's customers — many of whom had given the company their information for sweepstakes draws — appeared to agree.
A 39-year-old computer instructor in Ohio, said he was extremely upset to find email address and password posted online for the whole world to see. He has since been changing his passwords on every site that uses a login. Sony stored his passwords in plain text instead of encrypting the information. It shows little respect to their customers.He and others complained that they had yet to hear from the company about the breach, news of which is nearly a day old.
The chief technology officer for the U.S. Cyber Consequences Unit — a research group devoted to monitoring Internet threats — was emphatic when asked whether users' passwords could be left unencrypted. He commented that passwords should always be hashed. Some kind of encryption should be used. He has been critical of Sony's security in the past, and said the company needed to take a hard look at how it safeguards its data.

Repeat of S Korea, US Cyberattacks Cause no Damage

Associated Press

Hundreds of computers that helped cause a wave of outages on U.S. and South Korean government websites last July launched new attacks on the same sites, but no major interference was reported, police said Thursday.

The computers were programmed to attack every July 7, according to police, so this year's assault appeared to be a continuation of last year's, which began over the July 4 holiday weekend in the U.S. but reached South Korea on July 7.

More than 460 computers infected with malicious computer codes assaulted 25 websites, including those of the White House and South Korea's presidential Blue House, on Wednesday, said Jeong Seok-hwa, a police officer handling investigations of the cyberattacks.

Although last year's attacks were initially blamed on North Korea, experts have more recently said they have no conclusive evidence that it was behind the assaults.

The malicious computer codes, called malware, triggered denial of service attacks, in which large numbers of computers try to connect to a site at the same time in an attempt to overwhelm the server.

"But the attacks were so weak that there were no problems in accessing the sites," Jeong said.

An analysis of an infected computer in Seoul showed that it was programmed to attack every July 7 and the malware used was identical to that used last year, said Hyun Jae-sub, another police official. In other words, the computers apparently attacked again this year because last year's malware hadn't been removed, not because another assault was launched.

Hyun said the attacks were traced to computers that participated in last year's attacks and still were infected. He said about 270,000 infected computers were involved in the original assaults.

AhnLab, a top South Korean cybersecurity company, said it provided free vaccine programs - which can repair infected computers and prevent denial of service attacks - to computer users following last year's attacks as part of efforts to prevent their recurrence. Police had no tally of how many were vaccinated.

Jeong said about 430 infected computers are in South Korea and others are traced to the U.S., Britain, China and Japan. Hyun said the Internet Protocol addresses - the Web equivalent of a street address or phone number - showed the attacks came from computers in South Korea but authorities have not yet located all the infected computers in the country.

AhnLab official Song Chang-min said owners of infected computers would not suspect they were compromised because the infection would not cause any problems or malfunctions in everyday use.

Later Thursday, new attacks were launched on 16 websites - including those of the Blue House and the Korea-U.S. joint military command. But no serious problems were reported, Jeong said.

The attacks came a month after two South Korean government websites were struck with denial of service attacks that officials said were traced to China.

Last year, government websites in South Korea and the U.S. were paralyzed by cyberattacks.

South Korean officials believed those attacks were conducted by North Korea, but U.S. officials have largely ruled out North Korea as the origin, according to cybersecurity experts.

Experts say there is no conclusive evidence that North Korea, or any other nation, orchestrated it.

South Korean media have reported that North Korea runs an Internet warfare unit aimed at hacking into U.S. and South Korean military networks to gather information and disrupt service.