Monday, May 28, 2012

Like a Mission Impossible script... Cheaper than nukes. Harder to determine the source?
Meet “Flame”, The Massive Spy Malware Infiltrating Iranian Computers
A massive, highly sophisticated piece of malware has been newly found infecting systems in Iran and elsewhere and is believed to be part of a well-coordinated, ongoing, state-run cyberespionage operation.
The malware, discovered by Russia-based anti-virus firm Kaspersky Lab, is an espionage toolkit that has been infecting targeted systems in Iran, Lebanon, Syria, Sudan, the Israeli Occupied Territories and other countries in the Middle East and North Africa for at least two years.
Dubbed “Flame” by Kaspersky, the malicious code dwarfs Stuxnet in size – the groundbreaking infrastructure-sabotaging malware that is believed to have wreaked havoc on Iran’s nuclear program in 2009 and 2010.
… The researchers say that Flame may be part of a parallel project created by contractors who were hired by the same nation-state team that was behind Stuxnet and its sister malware, DuQu.
… Early analysis of Flame by the Lab indicates that it’s designed primarily to spy on the users of infected computers and steal data from them, including documents, recorded conversations and keystrokes. It also opens a backdoor to infected systems to allow the attackers to tweak the toolkit and add new functionality.
… Flame appears to have been operating in the wild as early as March 2010, though it remained undetected by antivirus companies.
… He noted that there are clues that the malware may actually date back to as early as 2007, around the same time-period when Stuxnet and DuQu are believed to have been created.
… Among Flame’s many modules is one that turns on the internal microphone of an infected machine to secretly record conversations that occur either over Skype or in the computer’s near vicinity; a module that turns Bluetooth-enabled computers into a Bluetooth beacon, which scans for other Bluetooth-enabled devices in the vicinity to siphon names and phone numbers from their contacts folder; and a module that grabs and stores frequent screenshots of activity on the machine, such as instant-messaging and email communications, and sends them via a covert SSL channel to the attackers’ command-and-control servers.
The malware also has a sniffer component that can scan all of the traffic on an infected machine’s local network and collect usernames and password hashes that are transmitted across the network. The attackers appear to use this component to hijack administrative accounts and gain high-level privileges to other machines and parts of the network.
… “It was obvious DuQu was from the same source as Stuxnet. But no matter how much we looked for similarities [in Flame], there are zero similarities,” Gostev said. “Everything is completely different, with the exception of two specific things.”
One of these is an interesting export function in both Stuxnet and Flame, which may turn out to link the two pieces of malware upon further analysis, Gostev said. The export function allows the malware to be executed on the system.
Also, like Stuxnet, Flame has the ability to spread by infecting USB sticks using the autorun and .lnk vulnerabilities that Stuxnet used. It also uses the same print spooler vulnerability that Stuxnet used to spread to computers on a local network. This suggests that the authors of Flame may have had access to the same menu of exploits that the creators of Stuxnet used.
Unlike Stuxnet, however, Flame does not replicate automatically by itself. The spreading mechanisms are turned off by default and must be switched on by the attackers before the malware will spread.
… The researchers say they don’t know yet how an initial infection of Flame occurs on a machine before it starts spreading. The malware has the ability to infect a fully patched Windows 7 computer, which suggests that there may be a zero-day exploit in the code that the researchers have not yet found.
… At least one component of Flame appears to have popped up on machines in Europe on Dec. 5, 2007 and in Dubai on Apr. 28, 2008.
… The malware has no kill date, though the operators have the ability to send a kill module to it if needed. The kill module, named browse32, searches for every trace of the malware on the system, including stored files full of screenshots and data stolen by the malware, and eliminates them, picking up any breadcrumbs that might be left behind.
“When the kill module is activated, there’s nothing left whatsoever,” Gostev said.

Brief, but interesting.
May 27, 2012
Open Forum Academy Report - The Cloud Computing Workshop
OFA Report - The Cloud Computing Workshop - "The cloud will happen; the question is whether it will happen to us, with us, or by us": "This report is prepared by the rapporteur, Dr. E. Altsitsiadis, for Open Forum Academy (OFA) in support of the Cloud Computing Workshop. The summaries of the speaker presentations and panel discussions in this report are based on the rapporteur’s notes. The workshop brought together high-level experts to discuss three broad aspects of cloud computing; the economic impact, the legal aspects and the way to move forward. The economic opportunity is irrefutable - If you live in a multi-device world, you simply need the cloud. The cloud will have a significant impact on our entire economy; from the micro level and the numerous benefits it brings to supply and demand alike, to the positive macro-effects in new job creation and GDP contribution. There are serious obstacles though in claiming these benefits, from practical operational limitations to misconceptions, distrust and a legal framework that is largely fragmented and complicated. The speakers broadened our understanding of these weak points, downplaying some issues that are overly considered important, while pointing out others that are crucial, yet evade our attention. The workshop illustrated that there are a lot of misconceptions but also a lot of common ground and it is becoming apparent that the way forward passes through better communication and collaboration, whether at the level of EU-US governments, Industry-Policymakers or Providers-Users."

Cloudy, with a chance of surveillance?
May 27, 2012
Governmental Access to Data in the Cloud - A comparative analysis of ten international jurisdictions
  • "This White Paper examines the extent to which access to data in the Cloud by governments in various jurisdictions is possible, regardless of where a Cloud provider is located. “Governmental access,” as that term is used here, includes access by all types of law enforcement authorities and other governmental agencies, recognizing that the rules may be different for law enforcement and national security access. Governments need some degree of access to data for criminal (including cybercrime) investigations and for purposes of national security. But privacy and confidentiality also are important issues. This paper does not enter into the ongoing debate about the potential for excessive government access to data and insufficient procedural protections. Rather, this White Paper undertakes to compare the nature and extent of governmental access to data in the Cloud in many jurisdictions around the world."

Interesting that the London School of Economics finds that organizations can save money using “free” software. That's not as simple an answer as you may think.
May 27, 2012
Total cost of ownership of open source software: a report for the UK Cabinet Office
"The Cabinet Office and London School of Economics (LSE) have published research into the Total Cost of Ownership of Open Source Software, by Maha Shaikh and Tony Cornford, Version 8.5 Final, November 2011, Unclassified. The report has beejointly financed by the Cabinet Office and OpenForum Academy, together with some of its supporters, including Alfresco, Deloitte, IBM and Red Hat."

For my Business Continuity students...
Five years after Estonia's cyber attacks: lessons learned for NATO?
By Peggy Garvin Source: NATO Defense College
From the report:
In April 2007 a series of cyber attacks targeted Estonian information systems and telecommunication networks ... Lasting twenty-two days, the attacks were directed at a range of servers (web, email, DNS) and routers.
The 2007 attacks did not damage much of the Estonian IT infrastructure ... However, the attacks were a true wake-up call for NATO, offering a practical demonstration that cyber attacks could now cripple an entire nation dependent on IT networks.

Incentive for my CS majors to also grab an MBA?
"The IT industry is hurting for women. Currently only 11% of IT companies are owned by women. The Women-Owned Small Business (WOSB) Federal Contract program requires 5% of all IT jobs to go to female-owned integration companies, but there must be at least 2 female bidders. There are so few female bidders that women-owned IT firms are ineligible for the contracts. From the article: 'Wendy Frank, founder of Accell Security Inc. in Birdsboro, Pa., wishes she had more competitors. It's not often you hear any integrator say that, but in Frank's case, she has good reason. The current Women-Owned Small Business (WOSB) Federal Contract program authorizes five percent of Federal prime and subcontracts to be set aside for WOSBs. While that might sound fair on the surface, in order to invoke the money set aside for this program, the contracting officer at an agency has to have a reasonable expectation that two or more WOSBs will submit offers for the job. “We could not participate in the government’s Women-Owned Small Business program unless there was another female competitor,” says Frank. “Procurement officers required that at least two women-owned small businesses compete for the contracts, even in the IT field, where women-owned businesses are underrepresented.”'"

Trend spotting? It also shows that “correlation” is not the same as “connected”
To make use of this tool, it is best that we define correlation first. A correlation is a mutual relationship or interdependence of two or more things. In this case, Google answers the question – which keywords have the most comparable pattern of search activity?

Sort of an illustrated explanation of “Why the Privacy Foundation exists”

No comments: