Inside Cyber Warfare - Jeffrey Carr [90]
As a result, other legitimate members will be happy to nominate or provide recommendations for him, and that could include membership in LinkedIn discussion groups dedicated to discussing issues related to cyber warfare or intelligence or IT security. The list is endless.
A solution to this dilemma is not easy to come by, since social networks rely on members sharing information about themselves, and indeed people love to share information. The beauty of this hack is that it plays on perfectly natural and accepted modes of behavior.
It may be that some individuals employed in critical jobs should be prohibited from joining such networks. At the very least, it wouldn’t hurt for everyone to become a bit more skeptical about their online relationships. At best, a more secure authentication system should be put into place.
BIOS-Based Rootkit Attack
This is a newly discovered exploit created by two researchers who work for Core Security Technologies. Although BIOS-based attacks are not new, this one evades anti-virus software and cannot be destroyed by rebooting an infected computer.
According to its developers, Anibal Sacco and Alfredo Ortega, the infected machine can go on to attack other machines without using its host machine’s memory or hard drive. Furthermore, since it runs before any other code on the system, it can allow an attacker to deactivate the anti-virus software.
Defense against this exploit is difficult at best. Its creators say that the best options are “to prevent the flashing of the BIOS by enabling ‘write’ protection on the motherboard, or deploying digitally signed BIOSes.”
Malware for Hire
In March 2009, a ifew employees of Applicure, an Israeli network security company, launched a SQL injection attack against the Hezbollah website, temporarily taking it offline.
What made this event unique was how they did it: they used a piece of Chinese-created malware that allows subscribers to hire botnets on a monthly basis, with fees ranging from a little over $20 a month for a very small network of 10 bots to $100 a month to control 1,000 bots.
According to an article on Hareetz.com, this application—a kind of malware-as-a-service—offers a user-friendly interface that allows the operator to choose the type of attack, attack speed, and number of computers (bots).
Anti-Virus Software Cannot Protect You
All anti-virus software is signature-based, meaning that it relies on software security companies such as McAfee, Symantec, and Kaspersky to create a unique algorithmic hash (or signature) for each anti-virus that’s discovered. In 2008, there were so many viruses being created that Symantec needed to write a new signature every 20 seconds. In 2009, it changed to every 8 seconds.
As of this writing, Triumfant’s Worldwide Malware Signature Counter is displaying 3,704,642 malware signatures needed by AV software to be up to date. As I typed the period of that last sentence, that number increased by 5.
The counter can be found at http://www.triumfant.com/Signature_Counter.asp. As I write this second edition, the count has increased by almost 400% to 13,930,460.
Simply put, security software vendors cannot keep up this pace. More importantly, updates to customer computers cannot occur fast enough to ensure protection. Finally, it’s important to remember that no anti-virus software can protect you from a zero-day exploit, i.e., a virus that is so new that no AV signature has been created for it.
This makes it necessary for Computer Network Defense operations to become a priority in any cyber warfare strategy. It also requires the acceptance of a harsh reality, namely that the NSA and DHS (the two agencies responsible for military and civilian cyber network security, respectively) cannot possibly protect