South Korea, unbelievably will be stepping up partnership with the US, as North Korea becomes a more emerging threat (after declaring war late last week). Seems like North Korea, recently, has made its intentions known to attack the United States and South Korea. Although it may not seem like a large attack, we must still keep guard.
A news agency in South Korea identified that its defense ministry is planning to increase their forces and attempt to deter any further attacks. A customized deterrence strategy is in the works between the US and South Korea. Therefore, it plans to begin military drills sometime late this Summer (some are thinking August).
It’s hoped that South Korea could also aid as an ally, especially if it means the US has to battle North Korea in the future. Although this is like a small dog yapper trying to intimidate a big dog, a pre-meditated terror plot, like Al-Qaeda, is nothing to sneeze at.
The cyberwar continues to step it up little-by-little, but it seems like things have slowed a bit. Which is never a good sign, usually, because slowing down activity means that they are just meditating on a much bigger or more planned attack, and to take the US by surprise.
Stuxnet, the government malware believed to have been created by a dual-venture of the US and Israel, and the one used to attack the Iran nuclear enrichment facility, is now believed to have an earlier attack link. It is believed now that sometime in 2008 was when the facility may have been in progress of attacks from Stuxnet.
Iran leaders met in Kazakhstan this week to discuss with members of the UN Security Council the nuclear program. The researchers there announced a new variant of the sophisticated Stuxnet cyberweapon.
Some have noted that the US and Israel may have partnered way before doing similar activities to try to take down the nuclear enrichment program in Iran.
The new variant was designed as a different attack vector against the centrifuges for the uranium enrichment program, versus later versions released. This “new variant” was apparently released in 2007. Here we are six years later, knowing the discovery of such variant. This shows that the current versions of Stuxnet were made in 2009, which means this variant now recognized predated the original code that researchers found. Therefore, its first version may have been in 2007. That tells security experts this: Stuxnet was attacking much earlier than previously thought.
Still to make a rebuttal, Iran is awaiting and planning new cyberwarriors, which can construct cyberattacks and cyberterrorism on the US.
Looking in the code of the 2007 version, it was used for Siemens PLCs, which are used in the Iran nuclear enrichment program in Natanz. It was aimed at sabotaging the valves’ operations, by controlling the flow of uranium.
The list of new information goes on. According to Wired Magazine, the new finding, described in a paper released by Symantec on Tuesday (.pdf), resolves a number of longstanding mysteries around a part of the attack code that appeared in the 2009 and 2010 variants of Stuxnet but was incomplete in those variants and had been disabled by the attackers.
The Syrian civil war continues now, and at its peak so far now, with cyberwar becoming involved. However, this is more of an internal cyberwar, security experts assume. It is believed the regime behind the Syrian government is removing IP blocks (basically shutting down access to the Internet), to either; A. Punish the people (unlikely); or, B. Protect the government servers and other host servers from a potential (threatened) cyberattack. It is believed to be B.
As of 5:26 am ET this morning, Renesys (organization who monitors the Internet around the world) reported the downtime for Syrian’s IP blocks, which they note only five or so IP blocks just outside of Syria are still on. The few open IP blocks are believed to be home to cybercriminals, who in May of this year targeted Syria in a Skype encyption hoax.
All of the telecommunications in Syria appear to be suspended for Internet usage, as the Renesys organization has done traceroutes with no results turning up. Some have believed the loss of Deutsche Telekom, a telecommunications network for area countries, has a little to do with some of the outages incurred recently.
Other experts have believed that the Syrian Regime is planning something a bit harsh, and may be preventing the information from the country from leaking across the Internet. This may have implications that they are protecting themselves from cyberwar, or they are planning to engage a cyberwar against opposing countries.
It is unknown for many details at this time, but many activists have been tortured, arrested, etc. It would be no surprise if Syrian Regime has cut off Internet access for this reason.
The New York Times reported about the damages of the attacks on Saudi Aramco, a Saudi Arabian oil firm. The article stated the following, blaming Iran for the attacks on Saudi Aramco along with supporting evidence:
That morning, at 11:08, a person with privileged access to the Saudi state-owned oil company’s computers, unleashed a computer virus to initiate what is regarded as among the most destructive acts of computer sabotage on a company to date. The virus erased data on three-quarters of Aramco’s corporate PCs — documents, spreadsheets, e-mails, files — replacing all of it with an image of a burning American flag.
United States intelligence officials say the attack’s real perpetrator was Iran, although they offered no specific evidence to support that claim. But the secretary of defense, Leon E. Panetta, in a recent speech warning of the dangers of computer attacks, cited the Aramco sabotage as “a significant escalation of the cyber threat.” In the Aramco case, hackers who called themselves the “Cutting Sword of Justice” and claimed to be activists upset about Saudi policies in the Middle East took responsibility.
Intelligence officials are still investigating the nature of the RasGas hack also, because it is related to this attack, which involved a malware called Shamoon.
The investigations of Saudi Aramco and RasGas, Qatar’s top natural gas firm, are coming together. Most of the cyberattacks this year have been aimed at erasing data on energy companies’ computers. More updates to come.
- How hackers attacked Saudi oil company’s computers (seattletimes.com)
- US Increasingly Convinced Iran Behind Attack On Saudi Aramco (techweekeurope.co.uk)
- Shamoon Virus that Attacked Saudi Aramco is the Most Dangerous to Date (oilprice.com)
The town of Burlington, Washington fell victim to a recent attack by a band of unknown hackers, stealing $400,000 in the operation. Odds are that taxpayer data was stolen, also.
Burlington officials have warned residents in the city that their private data could have been stolen, and becoming targets for identity theft. A number of billing systems in the town were attacked, notably the online automatic utility billing system, which holds a large amount of resident data. Once these systems were attacked, the band of hackers were able to leak $400,000 out of the city’s funds.
According to Computer World, an alert [that was] issued this morning, city administrator Bryan Harrison said all autopay customers should assume that their name, bank account number and routing number was compromised following an intrusion into a city utility billing system.
Authorities are still investigating this issue, and will provide updates soon.
- Police: Hackers Take $400,000 From Washington City Account (seattle.cbslocal.com)
- Hackers steal $487K from Washington town (kgw.com)
Various parts of the Islamic Republic were disrupted yesterday (their Internet access) after hackers attacked Iran’s infrastructure and communications companies. “Yesterday we had a heavy attack against the country’s infrastructure and communications companies which has forced us to limit the Internet,” the secretary of the High Council of Cyberspace, Mehdi Akhavan Behabadi, is said by Reuters as having told the Iranian Labour News Agency about the issues.
Some officials claim that their Internet access in Iran is constantly disrupted by cyberattacks, however, the ones yesterday were the most noticeable. This attack would be one of the largest cyberattacks so far, after several gigabytes of traffic overwhelmed the Iranian infrastructure. This is still widely accusative that the US and Israel could be involved, as a response to the nuclear program developed by Iran.
It is noticed also that the cyberwar is heating up for Iran, and that Iran could be constructing counterattacks, such as the recent one against US banks. All of these concentrated attacks are all part of military plans, which are developing “cyber warriors” or a “cyber army”. As always, news about cyberwar will continue to be on this blog.
US Senator Joe Lieberman blamed Iran for the attacks against US banks last Friday, with thoughts that Iran did so out of revenge for the Stuxnet case. The victims of last week’s attacks included Bank of America and JPMorgan Chase. Although not attacked, speculation is that CitiGroup has been a target over the past year. All of these denial of service campaigns seemed to have begun in late 2011.
In C-SPAN’s taping of “Newsmakers,” Lieberman labeled the recent DDoS attacks against the banks a “powerful example of our vulnerability”.
Now, from the perspective of Lieberman, it makes sense to make such claims. When we reported in June about a potential US and Israeli connection for malwares like Flame and Stuxnet, labeled “Operation Olympic Games”, we saw the counterattack that continued cyberwarfare between Iran and the US (as well as other countries). This could be just one of possibly many counterattacks from Iran, and it’s going to be quite dangerous to companies that are vulnerable to cyberattack.
Cyberattacks will continue with DDoS and other hacks, and it could target almost any major organization around the world. The main idea is to craft the correct cybersecurity strategies, and be aware of any attack vectors (like if there are too many people trying to hack in to the networks). It’s important to learn from issues like this, and be able to adapt the latest strategies for businesses. Which means: If you don’t have a director for information security at your major company, it’s about time to get one and soon!
Keep all of your devices FULLY safe from hackers:
The Anonymous group AntiSec has claimed to have mined around 12 million Unique Device Identifiers (UDIDs) from a FBI laptop, after the hack was claimed to have been part of a Java vulnerability. News has been booming with Java vulnerabilities lately, so this is a very believable story. AntiSec published their list to prove the group had the data. The data is used as identifiers for iPhone and iPad devices.
AntiSec’s reason stated includes that it wanted to expose the FBI’s tracking of Apple device users.
However, the FBI has came back with a press release statement:
The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.
Therefore, all this was just a tactic to draw attention to themselves.
- FBI: We Weren’t Hacked, Never Had Apple Device IDs (mashable.com)
- AntiSec Claims to Steal Apple UDIDs from Gov. Laptop, FBI Says No (dailytech.com)
- FBI denies AntiSec’s Apple UDID database claims (h-online.com)
- FBI calls out AntiSec, claim they had nothing to do with stolen Apple IDs (slashgear.com)