There are a lot of theories flying around about why Twitter and other social media services got knocked offline yesterday. I've heard rumors about it being linked to political tension between Georgia and Russia. Others blame Iran for the outages. I'm not a political commentator, therefore I cannot comment on anyone's political views -- but I have some logic and common sense, and I can draw some objective conclusions. more
Nguyen Minh Duc, senior security director at Bach Khoa Internetwork Security (Bkis), says that the source of recent cyberattack against US and South Korean government websites was not North Korea -- as widely reported -- but UK. Based on Bkis analysis, a report today by Nguyen Minh Duc says that a master server located in UK was found to control the 8 Command and Control servers responsible for the series of cyberattacks last week.
more
This post isn't about -- or isn't only about -- the use of computer technology to commit crimes. It's more about the use of computer technology to commit war. A few weeks ago, I was part of a conversation about the legal issues cyberwarfare raises. We were talking about various scenarios -- e.g., a hostile nation-state uses cyberspace to attack the U.S. infrastructure by crippling or shutting down a power grid, air traffic control systems, financial system, etc. Mostly, we were focusing on issues that went to the laws of war, such as how and when a nation-state that is the target of a cyberattack can determine the attack is war, rather than cybercrime or cyberterrorism. more
This is a follow-up to my previous post on Cybersecurity and the White House. It illustrates an actual cyberwarfare attack against Estonia in 2007 and how it can be a legitimate national security issue. Estonia is one of the most wired countries in eastern Europe. In spite of its status of being a former Soviet republic, it relies on the internet for a substantial portion of everyday life -- communications, financial transactions, news, shopping and restaurant reservations all use the Internet. Indeed, in 2000, the Estonian government declared Internet access a basic human right... more
According to Shanghai Daily, there has been an "organized Internet attack on Tuesday night which caused serious congestion in several provinces [in China] and left millions of users unable to gain access to the Internet." This is the first time the regulator has published news about an investigation into an online attack in China within 24 hours, says Shanghai Daily. ..."It was an attack on DNS (Domain Name System) and the carriers and related firms should do more back-up to avoid similar incidents," the ministry said in a statement. more
News broke this week about an attack in Puerto Rico that caused the local websites of Google, Microsoft, Yahoo, Coca-Cola, PayPal, Nike, Dell and Nokia to be redirected for a few hours to a phony website. The website was all black except for a taunting message from the computer hacker responsible for the attack... more
With the recent attacks against high-profile New Zealand domain names including Coca-Cola.co.nz and F-Secure.co.nz, fingers are naturally pointing to Domainz, the registrar of record for these domains, as the party responsible for this lapse in security. While domain name registrars certainly need to ensure the security and stability of their systems, domain name registries must also step up and take responsibility for mitigating risks posed by hackers... more
A cybersecurity bill introduced in the U.S. Senate on April 1st, 2009 would give the United States federal government extraordinary power over private sector Internet services, applications and software. This proposed legislation is a direct result of a review ordered by the Obama administration into government policies and processes for defending against Internet-born attack. The focus of the bill, according to a summary released by the sponsoring senators, is on establishing a new partnership between the public and private sectors in a joint effort to bolster Internet security... more
NeuStar's UltraDNS faced attack on two fronts on Tuesday, March 31. One of the attacks was technical -- a massive denial-of-service attack. The second was a rather surprising opening strike from competitor Dynamic Network Services (DynDNS), which launched a full-scale (and in T1R's opinion, misguided) public relations broadside. First, to the actual denial of service attack. Contrary to many early reports, UltraDNS was not 'down' on Tuesday... more
The market has failed to secure cyberspace. A ten-year experiment in faith-based cybersecurity has proven this beyond question. The market has failed and the failure of U.S. policies to recognize this explains why we are in crisis. The former chairman of the Security and Exchange Commission, Christopher Cox, a longtime proponent of deregulation, provided a useful summary of the issue when he said, "The last six months have made it abundantly clear that voluntary regulation does not work."... more
The IANA -- Internet Assigned Numbers Authority -- is, functionally, the boiler room of the Internet. Every protocol in use to shovel data from Tallahassee to Timbuktu? Listed there. IP addresses? They are the root from which all addresses flow. Domain names? They are the Source. The entire operation is chock-full of magic numbers, numbers that form and fuel the digital world we use daily. But there are other, lesser-known numbers... It is of PENs that I write today... more
I've been privately talking about the theoretical dangers of HTTPS hacking with the developers of a major web browser since 2006 and earlier last month, I published my warnings about HTTPS web hacking along with a proposed solution. A week later, Google partially implemented some of my recommendations in an early Alpha version of their Chrome 2.0 browser... This week at the Black Hat security conference in Washington DC, Moxie Marlinspike released a tool called SSL Strip... more
Willis Alan Ramsey, who wrote "Muskrat Love," recorded one and only one studio album. The cognoscenti of country think it's a gem, an all time top ten. There's an apocryphal story that when Ramsey was pushed to make another record he allegedly retorted, "What's wrong with the first one?" We who use the Internet every day risk losing sight of what a miracle it is, and the openness that keeps it so miraculous... We also lose sight of the fact that even as the Internet's miracles occur, it's almost always broken or malfunctioning or threatening or worse in many places along the line. more
In the U.S., it is a federal crime to use malware to intentionally cause "damage without authorization" to a computer that is used in a manner that affects interstate or foreign commerce. Most, if not all, U.S. states outlaw the use of malware to cause damage, as do many countries. The Council of Europe's Convention on Cybercrime, which the United States ratified a few years ago, has a provision concerning the possession of malware. Article 6(1)(b) of the Convention requires parties to the treaty to criminalize the possession of malware "with intent that it be used for the purpose of committing" a crime involving damage to a computer or data... more
This very interesting document was released by ICANN's Generic Names Supporting Organization (GNSO) for public comment yesterday. And it asks some fundamental questions while at the same time pointing to sources such as the Honeynet Alliance's reports on fast flux. more