Author: Brian

The next large-scale military or terrorist attack on the United States, if and when it happens, may not involve airplanes or bombs or even intruders breaching American borders.

Instead, such an assault may be carried out in cyberspace by shadowy hackers half a world away. And Internet security experts believe that it could be just as devastating to the U.S.’s economy and infrastructure as a deadly bombing.

Experts say last week’s attack on the former Soviet republic of Georgia, in which a Russian military offensive was preceded by an Internet assault that overwhelmed Georgian government Web sites, signals a new kind of cyberwar, one for which the United States is not fully prepared.

“Nobody’s come up with a way to prevent this from happening, even here in the U.S.,” said Tom Burling, acting chief executive of Tulip Systems, an Atlanta, Georgia, Web-hosting firm that volunteered its Internet servers to protect the nation of Georgia’s Web sites from malicious traffic.

“The U.S. is probably more Internet-dependent than any place in the world. So to that extent, we’re more vulnerable than any place in the world to this kind of attack,” Burling added. “So much of what we’re doing [in the United States] is out there on the Internet, and all of that can be taken down at once.”

“This is such a crucial issue. At every level, our security now is dependent on computers,” said Scott Borg, director of the United States Cyber Consequences Unit, a nonprofit research institute. “It’s a whole new era. Political and military conflicts now will almost always have a cyber component. The chief targets will be critical infrastructure, and the attacks will emerge from within our own computer systems.”

Back in the good old days of the Internet, the hacker was a teenager motivated by high-tech pranks and bragging rights. Today, the online thief could be anyone with ‘Net access after a quick buck.

“Hacking has escalated from a destructive nature to financial gain through phishing, targeting people for bank account details, and siphoning accounts from there,” says Derek Manky, security researcher at Fortinet.

“It’s a very sophisticated ecosystem, with organizations and services for hire,” he continues.

“There’s a lot of money floating around, a lot of people involved. Once the infrastructure and networks are in place, you start building that foundation, which can be further leveraged and taken to next level: denial of services, cyber warfare, espionage.”

In the Web 2.0 world of ubiquitous, seamless, horizontal communication, information wants to be free. But just as easily as it can be uploaded, downloaded and shared, it can be accessed and exploited by individuals with a different agenda.

While online communities in particular continue to grow through friendly social networking sites, underground cybercrime syndicates continue to thrive on these on-screen relationships based on sharing and trust.

And with social engineering the hottest commodity on the phishing market, it’s a question of knowing what literally what makes people click.

Believe the conspiracy theories: Out of sight and without your knowledge, governments truly are filtering what you see on the Internet.

The recent conflict between Georgia and Russia has highlighted many of the issues at play with Internet filtering, as its increasing use by governments raises serious doubts about the freedom of the Web.

Georgian authorities blocked most access to Russian news broadcasters and Web sites after the outbreak of the conflict, and both sides reported Web sites being blocked, removed or attacked as the situation unfolded.

The heat in Max Butler’s safe house was nearly unbearable. It was the equipment’s fault. Butler had crammed several servers and laptops into the studio apartment high above San Francisco’s Tenderloin neighborhood, and the mass of processors and displays produced a swelter that pulsed through the room. Butler brought in some fans, but they didn’t provide much relief. The electric bill was so high that the apartment manager suspected Butler of operating a hydroponic dope farm.

But if Butler was going to control the online underworld, he was going to have to take the heat. For nearly two decades, he had honed his skills as a hacker. He had swiped free calls from local telephone companies and sneaked onto the machines of the US Air Force. Now, in August 2006, he was about to pull off his most audacious gambit yet, taking over the online black markets where cybercriminals bought and sold everything from stolen identities to counterfeiting equipment. Together, these sites accounted for millions of dollars in commerce every year, and Butler had a plan to take control of it all.

February 05, 2009|From John Sutter and Jason Carroll CNN

Fears of impostors are increasing as Facebook’s membership grows.

Without his input, Bryan Rutberg’s Facebook status update — the way friends track each other — suddenly changed on January 21 to this frightening alert:

“Bryan NEEDS HELP URGENTLY!!!”

His online friends saw the message and came to his aid. Some posted concerned messages on his public profile — “What’s happening????? What do you need?” one wrote. Another friend, Beny Rubinstein, got a direct message saying Rutberg had been robbed at gunpoint in London and needed money to get back to the United States.

Keep your friends close and your enemies closer. Why the Pentagon’s toughest Internet crime fighter likes hanging out with blackhat hackers.

By Robin Mejia

LOCATED ON THE LESS FASHIONABLE north end of the Las Vegas strip, the Riviera Hotel and Casino has seen better days. Even the girls in posters for the hotel’s topless revue could use a makeover. But hey, it’s cheap. Which is why 6,000 hackers have descended upon it for DefCon, billed as the “largest underground hacking event in the world.” So while the hotel is no doubt happy for the business, it’s also – in classic Vegas fashion – hedging its bet. Employees received a memo warning them to be on the lookout for people skimming guests’ card numbers. Credit card processing has been suspended in the food court. The Riviera doesn’t need the grief.

Yet the Riviera’s conference facilities are strangely tranquil. In the “chill-out room,” a bored-looking cashier is selling burgers, chicken sandwiches, and salads to people too focused or too lazy to walk across the hotel to the Quizno’s. On the wall next to the bar, someone is projecting usernames and the first few letters of the associated passwords – noobs sent that info unencrypted over the conference’s wireless network. At the front of the room, a middle-aged man in khaki shorts sits with a small group having a beer. He’s graying, a little thick around the middle. Across the back of his polo shirt are the words dod cyber crime response team – as in US Department of Defense.

A big guy with a shaved head walks up. “You’re Jim Christy,” he says, smiling. He has a hint of an accent.

Christy smiles back: “What’s your handle?”

“Oh, I don’t really have a handle.”

All hackers have handles. Christy pushes it. “But really,” he says, “what’s your handle?”

“Most guys go through that phase for a while, but for me, it was really just a couple of days. Not enough time for a handle.” They’re both smiling. Neither has broken eye contact.

By SIOBHAN GORMAN

WASHINGTON — President Barack Obama will tap a top aide to President George W. Bush’s intelligence director to head his cybersecurity effort, according to government officials familiar with the decision. An announcement is expected as early as Monday.

The appointment of Melissa Hathaway, a former consultant at Booz Allen Hamilton, is the president’s first major decision on cybersecurity. She will lead a review of the government’s efforts to secure computer networks against spies, terrorists and economic criminals and is expected to then head a new White House office of cybersecurity.

Ms. Hathaway helped develop a Bush administration cybersecurity initiative, which was expected to cost around $30 billion over five years, with spending this year of about $6 billion. Ms. Hathaway’s new job is to carry out a 60-day review of the initiative and recommend a path forward.

On the campaign trail, Mr. Obama criticized the Bush administration for being too slow to address cyber threats and said he would create a “national cyber adviser” who would report directly to the president. “As president, I’ll make cyber security the top priority that it should be in the 21st century,” he said in a speech in July. He equated cyber threats with those of nuclear and biological weapons in a campaign ad he ran at the time.?

March 20, 2009|By Jeanne Meserve CNN Homeland Security Correspondent

If someone hacked into the Smart Grid, experts say it could cause a blackout that stretches across the country.

Is it really so smart to forge ahead with the high technology, digitally based electricity distribution and transmission system known as the “Smart Grid”? Tests have shown that a hacker can break into the system, and cybersecurity experts said a massive blackout could result.

Until the United States eliminates the Smart Grid’s vulnerabilities, some experts said, deployment should proceed slowly.

“I think we are putting the cart before the horse here to get this stuff rolled out very fast,” said Ed Skoudis, a co-founder of InGuardians, a network security research and consulting firm.