America Continues to be Target of Cyber Attacks

America Continues to be Target of Cyber Attacks

By Kellep A. Charles, CISA, CISSP
2008-11-10

America continues to be a target of cyber attacks from both major well-funded nations as well as 3rd world countries. Recent events in the past year have illustrated this to be an ongoing problem that needs to be addressed.

For example, The Federal Bureau of Investigation warned both the Obama and McCain campaigns that their computer networks had been hacked into by a foreign organization during the presidential contest. It seemed these hackers were trying to obtain information about both candidates view on various foreign issues to use in future negotiations.

There is also a recent report that hackers had penetrated the computer networks of the White House on more than one occasion. An undetermined amount of confidential e-mails between government officials had been stolen before computer experts were able to fix the problem.

And of course last year network penetration of the Department of Defense's computer network.

Due to the nature of the attacks and information gathered, many computer experts believe theses attacks are originating from China.

The National Cyber Investigative Joint Task Force confirmed that the attacks originated from computers hosted on servers located in China IP space but cannot pinpoint exactly where.

It is not exactly clear what information the Chinese are now privy too, but there is a pattern developing.

Russian and Georgian Cyber Attack

Cyberattacks have been occurring when ever one country has an issue with another country. I have discussed it on pervious block postings.

CNN.com has a really good article on this matter as it relates to the Russian and Georgian conflict…


The next large-scale military or terrorist attack on the United States, if and when it happens, may not involve airplanes or bombs or even intruders breaching American borders.
Cyberattackers shut down one Georgian government site and defaced another with images of Adolf Hitler.

Cyberattackers shut down one Georgian government site and defaced another with images of Adolf Hitler.

Instead, such an assault may be carried out in cyberspace by shadowy hackers half a world a way.

http://www.cnn.com/2008/TECH/08/18/cyber.warfare/index.html#cnnSTCText


Interesting video to follow up on the write up

China Gateway for Most Cyber-Attacks

By Michael Ha Staff Reporter of The Korea Times Most cyber-attacks against computer infrastructures and web sites for South Korea's government agencies originate from China, a new study revealed. The study warned that the breach of cyber security often results in the loss of critical national and financial information and urged the Korean government to step up its security efforts. Lee Hong-sup, chairman of the Korea Institute of Information Security and Cryptology, presented his group's findings today. He reported the results at the ``2008 National Defense and Intelligence Protection Conference," held in Seoul this week. In presenting a report titled ``How to Counter Hacking From China," Lee said 54 percent of cyber-attacks on South Korea's government websites and computer systems originate from Internet sources in China, making it the biggest cyber security threat for the Korean government.  The United States is also a major source of hackers. The study said 14 percent of all cyber-attacks on South Korean government's computer systems originate from America.  Additionally, more than 5 percent of cyber-attacks originate from Japan, with Brazil trailing closely behind with 4.9 percent. Taiwan was responsible for 3 percent of hackers. These findings were based on the analysis of more than 2,100 cases of hacking and hacking attempts against Korean government agencies during the month of March. The study pointed out the example from South Korea's ``Auction," a popular online auction company, to illustrate the danger of cyber-attacks. Hacks against the web site occurred in February and had originated from a Chinese Internet source.  The attack resulted in the dissemination of a vast amount of personal data including credit card information and social security numbers from more than 10 million customers. Lee also said reported cases of ``voice phishing" ― committing financial fraud via phone lines using stolen phone numbers and other personal data ― that originate from China number more than 5,700 a year. He urged further cooperation between the public and private sectors to develop protective measures. Other presenters at the conference urged the South Korean government to step up its cyber-defense capability. Korea University's Graduate School of Information Management and Security Chairman Lim Jong-in said North Korea has been developing its cyber-attack system since 1989.  Lim said, ``Japan is also independently developing computer viruses and hacking technologies for the purpose of cyber-attacks. Japan's cyber-defense capability rivals that of the United States." ``There is a paradigm shift in modern warfare and it now includes cyber wars and cyber defense strategies," Lim said. michaelthewriter@gmail.com

Chinese Cyber Army Attacks

This is a very interesting article I read on The Student Operated Press

Chinese Cyber Army Attacks

BEIJING, China. The key to world dominance lies in the Internet. While Russia and the United States spend billions of dollars on new submarines and air fighters, the Chinese army heavily invests in computer experts.

The Chinese army hopes to achieve "electronic dominance" over other world powers by 2050. Should this happen, hackers hidden somewhere in one of Beijing's bunkers will be able to severely disrupt any military action of the United States, Russia, Japan, or South Korea. The Pentagon alone uses over five million computers connected by some 100,000 networks around the world. Military officials admit that hardly any order can be issued without the use of computers. What they don't dare saying is that if someone managed to hack the chain of command, consequences would be fatal.

A conflict between the United States and the Republic of China is not as inconceivable as most of us think. "[I]n many Chinese military manuals they identify the US as the country they are most likely to go to war with. They are moving very rapidly to master this new form of warfare," Larry M. Wortzel, the author of the US Army College report told the Times of London. The reason why very few people realize how tense the situation between both countries is, is that modern warfare takes place in the sterile environment of computer laboratories.

What nuclear warheads were to the Cold War, computers to the twenty-first century military competition. The Pentagon confirmed that in 2005 there were almost 80,000 attempts to hack its system; fewer than 1,300 ended successfully. In the following years, these numbers increased, giving the U.S. central command a serious headache. At one time the US Army College's network was hacked and the computers had to be shut down for over a month. In most cases there was no doubt who stood behind the attacks: the Chinese.

In February 2007, the small Baltic state of Estonia fell prey to a massive Internet attack that left its government and military in a shambles for several days. In the country where over 70 percent of the population has access to the Internet and most of paper work is done online, almost every single computer refused to work. What is more, on the websites of the ministries of defense and foreign affairs appeared pieces of information that were obviously faked. Police experts from all over Europe and Israel worked hard to find the perpetrator. The investigation was stopped when all the evidence led to the Kremlin.

China has gone one step further and organizes special contests for hackers from around the world. The winner usually finds lucrative employment in the Chinese army. "These guys are very good," admitted one former computer analyst from the Department of Defense. Being of various nationalities and working as individuals without official ties to the communist regime, hackers offer Beijing an invaluable opportunity to attack foreign systems with no strings attached.

Washington says it is ready to counter any cyber attack, be in from China or Russia or any other state or organization. But although the American military is years behind any other army in the world, the example of Estonia proved that you do not need billions of dollars to destabilize a country. One Pentagon official told the Fox News shortly after Estonia was attacked: "It's a constant game of cat and mouse. This was a wake-up call for us."

If you have any comments or suggestions, please write to: krzys.wasilewski@yahoo.com

Port Scanning: The Forgotten Danger before the Attack

This excerpt has been taken from an upcoming article that I just completed on Portscanning. For anyone in information security and security monitoring, portscans are common and often ignored due to its frequency and volume.

I have worked at organizations were we observed over a million scanning events a day. Often I hear other security professionals state, they block these scanning events from their monitoring stations since it is external to their network and a recourse strain on operations.

The problem with that approach is the lost of visibility to malicious event knocking on the door of the network.

Port Scanning: The Forgotten Danger before the Attack

A port scanner is a tool designed to search for open ports on systems connected on the network. This tool can be used by network and security professionals to perform legitimate functions to secure their systems and can be used by malicious users to begin staging an attack. There are two of scanning functions, the first is called a port scan. In a port scan, the scanner listens to all ports on a single host to determine which ports are available. The second type is called a portsweep. A portsweep is conducted on multiple hosts on a network looking for all available ports on all accessible systems.

Cyberattack on Estonian: A Year Later

Cyberattack on Estonian: A Year Later

In April of 2007, a widespread Distributed Denial of Service (DDoS) attack on Estonia’s government and banking Web sites took place. The attack seemed to have been motivated by the relocation of the "Bronze Soldier," a Soviet-era war memorial commemorating an unknown Russian who died fighting the Nazis. The move caused rioting by ethnic Russians and the blockading of the Estonian Embassy in Moscow.

A DDoS attack is one in which a massive amount of compromised systems attack a single target, thereby causing denial of service and access for authorized users of the targeted system.

Shortly after the attack the US government sent security professionals experience in cyberattack, incident response and forensics analysis from the U.S. Department of Homeland Security's US-CERT and the U.S. Secret Service to assist in analyzing the large volume of data that was generated by the attacks and with training on incident response and computer crime investigations.

In April of 2008, there is a strong chance on the anniversary month of last year’s attack, that we may see another attempt to bring down Estonia’s government and banking network again. The Estonian government should be on high alert by increasing monitoring and logging capabilities. In fact, all security centers world wide should be on alert as well to help prevent this event from taking place if an attack were to occur again.

Past case of a cyberattack:

The 2002 Olympics a few years ago with the Apolo Ohno controversy. (In 2002 at the Salt Lake City Games, Ohno won the gold medal in the 1,500-meter speed-skating race after South Korean Kim Dong-Sung was disqualified; soon after, several United States-based servers were hit with a DDoS attack from machines that appeared to be based in South Korea.)