Even wondered what countries are under cyberattack right now?
Google may have the answer for you. By teaming up with Arbor Networks, Google Ideas team has created a visualisation of all the distributed denial of service (DDoS) attacks around the world.
DDoS are among the most common, effective and hard to face attacks websites can suffer. They are launched using so-called botnets of hijacked computers that are simultaneously instructed to connect to a particular website thus consuming all the available bandwidth or the web server’s resources, slowing the site down significantly or taking it offline.
DDoS have become the tools used by hacktivists and attackers driven by political reasons to hit websites of organizations they dislike: a way to digitally silence those organizations.
Even though it can’t bring down the enemy’s military forces, or a whole society’s infrastructure, considered the effect it can have on a specific company, agency or service, a DDoS attack is one of the tools in the hands of cyber army teams around the world to wage, if not a full scale cyberwar (that would rely on APTs and multiple kinds of attacks), at least cyberguerrilla operations.
For instance, the Syrian Electronic Army, a collection of pro-government computer hackers aligned with Syrian President Bashar al-Assad, has used DDoS attacks to target media organization websites in their attempt to support the Syrian regime.
Anyway, the new tool, Digital Attack Map, gives a clear idea of what is happening in the cyberspace, and lets you look back through at historic attacks, source and destination ports used in the attacks, and select specific countries.
Considered the current status of the Syrian military, whose capabilities have been consumed by a couple of years of war against the rebels of the Free Syrian Army, a series of cyber attacks by the Syrian Electronic Army is the most serious answer the U.S. can expect from Damascus following an attack on Assad’s Chemical Warfare arsenal.
According to Wikipedia:
“The Syrian Electronic Army, also known as the Syrian Electronic Soldiers, is a collection of pro-government computer hackers aligned with Syrian President Bashar al-Assad. Using denial of service attacks, defacement, and other methods, it mainly targets political opposition groups and western websites, including news organizations and human rights groups. The Syrian Electronic Army (SEA) is the first public, virtual army in the Arab world to openly launch cyber attacks on its opponents, though the precise nature of its relationship with the Syrian government is debated.”
They usually conduct social engineering attacks against media with the aim to spread their propaganda messages using compromised Twitter accounts or defaced websites. They send spear phishing emails to their targets in order to get the user credentials needed to get into the accounts and post their messages.
Most of times, once compromised, the targeted media disclosed the (successful) attack describing the hack with specific blog posts, like done by The Onion and Outbrain.”
In the last hours SEA attacked NYTimes.com (the media outlet had its DNS redirected to a page displaying the “Hacked by SEA” message) whereas Twitter’s domain registrar was changed.
Since they are a loose-knit hacker group loyal to Assad, SEA are likely to react to the air strikes that are about to pound Syria. Even if their assault will be not-persistent, not-advanced it could still cause some pain. If not to Obama or the Pentagon, to one of the media outlets that will be reporting about the U.S. air campaign in Syria.
Aeroflot 150 is a scheduled flight from Moscow, Russia, to Havana, Cuba.
It is flown by an Airbus A330 and, as any scheduled commercial liner, unless something very special happens, it always takes the same route to Cuba.
However, on Jul. 11 it flew a different route, a southern route that completely avoids the U.S. airspace (for the history of such flight in the last weeks take a look here). Furthermore, AFL150 is the same flight believed to be carrying the NSA leaker Edward Snowden a couple of weeks ago, when some journalist boarded the plane to find the accused spy’s seat empty.
Image credit: FlightAware
Even if such a significant change of route is at least unusual, it might be explained by the bad weather affecting U.S. East Coast.
At the time of writing, the aircraft is about to land at Int’l José Martí airport in Havana. If Snowden is on board, we’ll know very soon.
We’ve been taking about Militarisation of cyberspace for some time now. This interesting article by Hackmageddon.com provides a model to classify cyber weapons in accordance with four parameters: Precision, Intrusion, Visibility, and Easiness to Implement. Based on these parameters, cyber threats can be compared to smart bombs, handguns, traditional bombs and paintball pistols. Read below to discover why.
What is a Cyber Weapon? At first glance this seems an immediate question to answer, but should anyone try to analyze the meaning of this term more deeply, he would probably be quite surprised and disappointed in discovering that the answer is not so immediate since an exact definition has not been given (at least so far).
A real paradox in the same days in which The Pentagon, following the Japanese Example, has unveiled its new strategy aimed to dramatically accelerate the development of new Cyber Weapons. And do not think these are isolated, fashion-driven examples (other nations are approaching the same strategy), but rather consider them real needs in the post-Stuxnet age, an age in which more and more government are moving their armies to the fifth domain of war [you will probably remember the (in)famous episode, when F-Secure was able to discover Chinese Government launching online attacks against unidentified U.S. Targets].
Recently Stefano Mele, a friend and a colleague of the Italian Security Professional Group, tried to give an answer to this question in his paper (so far only in Italian but it will be soon translated in English) where he analyzes Cyber Weapons from a legal and strategical perspective.
As he points out “Correctly defining the concept of Cyber Weapon, thus giving a definition also in law, is an urgent and unavoidable task, for being able to assess both the level of threat deriving from a cyber attack, and the consequent political and legal responsibilities attributable to those who performed it”. Maybe this phrase encloses the reason why a coherent definition has not been given so far: a cyber weapon is not only a technological concept, but rather hides behind its complex juridical implications.
According to Stefano’s definition: a cyber weapon is:
A device or any set of computer instructions intended to unlawfully damage a system acting as a critical infrastructure, its information, the data or programs therein contained or thereto relevant, or even intended to facilitate the interruption, total or partial, or alteration of its operation.
One could probably argue whether a cyber weapon must necessarily generate physical damages or not, in which case, probably, Stuxnet, would be the one, so far, to encompass all the requirements. In any case, from my point of view, I believe the effects of a cyber weapon should be evaluated from its domain of relevance, the cyberspace, with the possibility to cross the virtual boundaries and extend to the real world (Stuxnet is a clear example of this, since it inflicted serious damages to Iranian Nuclear Plants, including large-scale accidents and loss of lifes).
With this idea in mind, I tried to build a model to classify the cyber weapons according to four parameters: Precision (that is the capability to target only the specific objective and reduce collateral damages), Intrusion (that is the level of penetration inside the target), Visibility (that is the capability to be undetected), and Easiness to Implement (a measure of the resource needed to develop the specific cyber weapon). The results, ranging from paintball pistols to smart bombs, are summarized in the below chart.
The following picture was uploaded few days ago on the official USAF Flickr photostream.
Here’s the caption (highlight mine):
An Alaska Air National Guard HH-60G Pave Hawk helicopter practices high-altitude landing operations March 14, 2012. The primary mission of the Pave Hawk is to conduct day or night personnel recovery operations into hostile environments to recover isolated personnel during war. (U.S. Air Force photo by Master Sgt. Sean Mitchell)
By accident while was watching the image, my attention was caught by the date shown on the right hand column of the Flickr page, showing that the image was actually taken on May 5, 2009.
Since Flickr uses the EXIF data of the file to determine the date, I assumed that the image was taken in 2009, unless the camera date was set wrong.
USAF caption says this photo was taken on Mar. 14, 2012. Flickr via Exif says May 2009. Who lied? http://bit.ly/GL1sZE
while many followers replied that Exifs are quite unreliable since date and time cand be mis-set on the camera, others affirmed that, although possible, it is quite uncommon that the date can be set wrong by professional photographers.
However the solution of this little mystery was given by Mark Brueschke, a follower of the FB page who lives in Alaska. Indeed, Mark noticed that the moon was in the wrong quarter for the period: on Mar. 14, 2012 the moon was in the last quarter, while the one depicted in the photo is between the first quarter and full moon, exactly how it should have been on May 5, 2009.
Furthermore the amount of show at elevation is not coherent with the one he saw in March on this year when there was snow on all elevations above 100 m.
So the image was really taken in 2009.
Ok, we’ve proved the USAF lied, but it’s no big deal. Maybe they just needed an image to be uploaded on Flickr and, since the one taken in May 2009 was not previously used, they uploaded it.
However this episode should remind everybody the risk of using digital technologies which embed so many information that can be exploited in various ways.
In few words, in Iraq, insurgents were able to determine the exact location of AH-64 Apache helicopters and successfully attack them because some soldiers had taken pictures on the flightline and uploaded them (including geotagging data) to the Internet.