The need for cybersecurity

waltky · Apr 20, 2012

The need for cyber security...

The West "will lose" the cyber war
April 20th, 2012 - On April 27, 2007, the tiny Baltic nation of Estonia - one of the most wired countries in the world - was hit with a massive cyberattack. Websites for banks, government ministries, newspapers, Parliament and media outlets were paralyzed, swamped by a distributed denial of service attack.

"We were frankly shocked when this happened," said Estonian President Toomas Hendrik Ilves. "Botnets attacked all aspects of society." He contends it was "political act" in which Russia, angered over Estonia's decision to move a Soviet-era statue dedicated to a World War II Russian soldier in Tallinn, tried to shut down the country. Russia has always denied the charge. But as bad as the attack on Estonia was, the next generation of cyberattacks could be much worse, Ilves said in a speech this month on "E-Governance and Cyber-Security" at Washington's Center for Strategic and International Studies. Distributed denial of service attacks are so "yesterday," he said. "... We can get around them." Today, he warns, a new and more dangerous world of virus attacks threatens developed Western countries. "It's beginning to look ugly, and very ugly," he said.

These new viruses target the very DNA of modern life: SCADA (supervisory control and data acquisition) computer systems that monitor and control industrial processes, infrastructure like water purification, oil and gas pipelines, electrical power transmission, even supermarkets and cars. "Our focus is too much on the military side of this," Ilves warns, "but, as someone once said, 'It's the economy, stupid.'" Cyberattacks like these can be launched by countries as a form of warfare, with hired criminal gangs playing the role of armies carrying out the attack. "It's not just students in dormitories in Beijing," Ilves said. "You can rent them and target someone." The Estonian president says it's the intellectual property of Western countries that is being targeted, "the stuff that makes advanced Western societies function."

But the "bad guys" have an advantage over governments. In some countries there is no distinction between public and private. In others, the government utilizes what Ilves refers to as "public/private partnerships:" enlisting criminal cyber gangs in the service of the state. In most Western countries there is a bright line separating public and private. "That Western model doesn't work anymore," Ilves stated, "and if it continues we're going to lose." He believes it crucial for Western countries to "rethink" how they defend against that threat while, at the same time, maintaining that firewall. But most countries can't afford to hire all the people needed to do that. "All the geniuses in Silicon Valley" he said, "earn millions." So, in addition to its own military and government information technology defenses, Estonia has created a "cyber National Guard" - approximately 100 volunteer "white-hatted hackers" he said - from start-ups and established IT businesses in the country who spend a certain amount of time, for free, protecting the country from cyberattacks. "Making a lot of money becomes boring after a while," he laughed.

Cyberattacks are no laughing matter for NATO, which Estonia joined in 2004. NATO has a cyberdefense research center in Tallinn. Ilves said NATO needs to get moving on the threat. "It's flagging," he said. "Too many in NATO are in the 'so-what?' phase." Cuts in defense spending are hurting, too, he says, and so is the "intelligence" model of dealing with threats. "Cyberattacks will come from outside your borders and you need to cooperate with your allies," he said. Too often, however, NATO's members, as well as member nations of the European Union, he said, "don't talk with each other." There's no time to lose, Ilves warned. "Cyberattacks will change dramatically our thinking about war and warfare."

http://security.blogs.cnn.com/2012/04/20/the-west-will-lose-the-cyber-war/
Click to expand...

See also:

Cadets and Midshipmen square off on the virtual battlefield
April 20th, 2012 - The intense rivalry among the nation's military service academies extends well beyond the playing fields. It's deep down in the internet.

This week, the U.S. Military Academy at West Point, the Naval Academy in Maryland, the Air Force Academy in Colorado and the Coast Guard Academy in Connecticut squared off in the annual competition to determine who wins the coveted trophy as chief geeks. The arena was the super secret National Security Agency's Cyber Defense Exercise. For four days, around the clock, the cadets and midshipmen tried to match wits with the nation's top cyber experts.

The NSA 'red teams' bombarded the students with malware of all types as each academy tried to defend its own network and score the most points. The overall goal: to give them a nearly real life experience of using the tools they have learned as computer science and information technology majors to identify and defend against cyber attacks. As the nation's future military leaders, the ability to master information technology and protect critical information systems is key to fighting and preventing modern day wars.

It was quite a challenge for both the students and the NSA cyber masters. Security Clearance paid a visit to the Naval Academy in Annapolis to see first hand how the midshipmen were coping and then stopped by to witness the NSA sleuths as they launched their attacks during the virtual competition.

Final Results: Sorry Navy... Air Force won the trophy followed by West Point, Navy and sitting in last place, the Coast Guard

Source
Click to expand...

waltky · May 17, 2012

Granny says dey better not be hackin' into her webcam when she takin' a shower...

Web sites fall victim to cyberspies
Thu, May 17, 2012 - DRIVE-BY ATTACKS: Visitors to legitimate Web sites of human rights organizations or government agencies might find that they have been targeted by malware

Internet security researchers warned on Tuesday that foreign policy and human rights Web sites are being booby-trapped by hackers in what appears to be cyberespionage. As of Monday Web sites for Amnesty International Hong Kong, the Cambodian Ministry of Foreign Affairs and the US Center for Defense Information (CDI) remained rigged to slip hostile code onto visitors computers, according to the Shadowserver Foundation, which is devoted to tracking and reporting Internet threats. These attackers are not spreading malware through strategically compromised Web sites to make friends, Shadowserver researchers Steven Adair and Ned Moran warned in a blog post. They are aiming to expand their access and steal data.

Data typically sought included messages, intellectual property, research, and business intelligence such as contracts and negotiations, according to security specialists. The CDI Web site is currently serving up a malicious Flash exploit that ties back to attackers known to engage in cyberespionage, the researchers said. This threat group appears to be interested in targets with a tie to foreign policy and defense activities. In recent weeks, Shadowserver has seen an array of strategic Web compromises taking advantage of flaws in Oracle Java and Adobe Flash programs. The tactic is referred to as a drive-by attack by computer security specialists because peoples computers are secretly infected simply by visiting a reputable Web site unaware that it has been booby-trapped by hackers.

A Web site for the International Institute of Counter-Terrorism at the Interdisciplinary Center in Herzliya, Israel, was listed among those compromised by hackers. Shadowserver said that it began looking into the hacks after researchers at Websense reported last week that the main page of Amnesty International United Kingdom had been rigged with drive-by malware. There are indications that a Web site for the American Research Center in Egypt was briefly compromised last week in a manner similar to the CDI page hack, according to Shadowserver.

Earlier this month the Center for European Policy Studies Web site at ceps.eu was similarly compromised, according to the volunteer-based Internet security group. Shadowserver referred to the hacks as advance persistent threats, a term used in the industry to refer to cyberespionage by groups such as governments. Many of these attackers are quite skilled at moving laterally within an organization and will take advantage of any entry point they have into a network, the researchers said. Cyberespionage attacks are not a fabricated issue and are not going away any time soon.

http://www.taipeitimes.com/News/world/archives/2012/05/17/2003533064
Click to expand...

waltky · Jul 6, 2012

Granny says get yer computer scanned fer dat July 9th bug...

Homeland security cites sharp rise in cyber attacks
July 4th, 2012 - The companies that control critical infrastructure in the United States are reporting higher numbers of attacks on their systems over the past three years, according to a report issued by the Department of Homeland Security.

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) says the number of reported attacks is up and attackers have been targeting companies with access to the country's power grid, water filtration facilities and a nuclear facility. According to the report, which was released last week, there were 198 incidents reported to DHS in 2011, up from nine incidents in 2009. Cyber emergency response teams went to the physical locations to investigate and further analyze the threats in 17 of the 198 cases in 2011. The most common threat was a technique known as spear-phishing, which can corrupt a company's computer system by uploading malicious attachments and gaining access to sensitive information. Eleven of the 17 incidents to which the emergency response teams physically responded were attacks that had been launched by "sophisticated actors," the report said.

The reported incident against a nuclear facility, which the department did not specifically name, was found to be the result of a USB drive that an employee had used to download presentation materials onto a laptop. Those materials included malware that was then able to spread to 100 hosts on the network, according to Homeland Security. The government has made a point of not identifying companies by name due to fear that such public exposure would deter other companies who are the victims of similar attacks from coming forward and sharing information about the threats. The report also identified common trends that allowed attackers to penetrate systems. They included employees who were not properly aware of potential dangers and technical and process flaws that left their systems exposed to attack.

The Department of Homeland Security sees the rise in the number of reported events as a sign that businesses are trusting the government more when it comes to allowing federal investigators to access their systems. "Incident response is an essential part of cybersecurity," DHS spokesman Peter Boogaard said Wednesday. "DHS has made a consistent effort to work with public and private sector partners to develop trusted relationships and help asset owners and operators establish policies and controls that prevent incidents. The number of incidents reported to DHS's ICS-CERT has increased partly due to this increased communication."

The sensitivity over the public-private partnership remains a hotly debated issue in Washington, as lawmakers try to come up with legislation that would require acceptable minimum security standards for companies that operate critical infrastructure systems. Republican-backed proposals have included making the exchange of information between private companies and the government voluntary. Other initiatives, including a bipartisan bill backed by Sens. Joe Lieberman, I-Connecticut, and Susan Collins, R-Maine, would require companies to prove to the government that minimum security standards are in place, and would make that information subject to a government audit.

Source
Click to expand...

waltky · Sep 22, 2012

Obama gonna protect us from the baddies onna web...

Napolitano: Executive order on cybersecurity is 'close to completion'
9/19/12 - Homeland Security Secretary Janet Napolitano on Wednesday said the cybersecurity executive order that the White House is drafting is "close to completion."

At a Senate Homeland Security and Governmental Affairs Committee hearing, Napolitano said the executive order is "still being drafted in the inter-agency process" and "is close to completion depending on a few issues that need to be resolved at the highest levels." She said the draft order still needs to be reviewed by President Obama. The White House is crafting a draft executive order aimed at protecting the nation from cyberattacks targeting critical infrastructure, such as the electric grid, water systems and transportation networks. The order would create a voluntary program in which companies operating key infrastructure would elect to meet a set of security standards developed, in part, by the government.

The White House began to explore an executive order last month after Senate Republicans blocked a sweeping cybersecurity bill from Sen. Joe Lieberman (I-Conn.). The executive order aims to encourage critical infrastructure operators to beef up the security measures they use to protect their computer systems and networks from hackers. The draft has been circulated to relevant agency officials over the past month for feedback, as The Hill first reported.

The voluntary program in the draft order is based on a measure in Lieberman's bill that drew opposition from GOP senators and business lobbying groups, chiefly the U.S. Chamber of Commerce. Critics argued that the program would serve as a backdoor for regulatory agencies to force companies to meet new security standards. Napolitano again urged Congress to enact comprehensive cybersecurity legislation, arguing the White House cannot completely address the threat on its own. She noted that DHS is limited in the number of trained cyber personnel it can hire, which cannot be addressed by an executive order.

An order from the president also can't offer liability protections to companies, which protect them from legal action if they are hit by a cyberattack. Napolitano said liability protections are "often viewed as mechanisms to foster timely and effective information sharing" about cyber threats between government and industry. Lieberman, the chairman of the Senate Homeland Security Committee, said he was encouraged to hear that the administration was close to wrapping up work on the draft order. He said the White House should move forward on implementing the executive order and not wait to see if Congress passes cybersecurity legislation during the lame-duck session after the election.

Source
Click to expand...

waltky · Oct 12, 2012

Iran lashes out after Stuxnet...

Hackers in Iran responsible for cyberattacks
October 12, 2012 WASHINGTON (AP) U.S. authorities believe that Iranian-based hackers were responsible for cyberattacks that devastated Persian Gulf oil and gas companies, a former U.S. government official said. Just hours later, Defense Secretary Leon Panetta said the cyberthreat from Iran has grown, and he declared that the Pentagon is prepared to take action if American is threatened by a computer-based assault.

The former official, who is familiar with the investigation, said U.S. authorities believe the cyberattacks were likely supported by the Tehran government and came in retaliation for the latest round of American sanctions against Iran. Before Panetta's remarks on Thursday, U.S. officials had said nothing publicly about the Gulf attacks or the investigation. But Panetta described them in a speech to business leaders in New York City, saying they were probably the most destructive cyber assault the private sector has seen to date.

Panetta did not directly link Iran to the Gulf attacks, but he said Tehran has "undertaken a concerted effort to use cyberspace to its advantage." And, he said the Pentagon has poured billions into beefing up its ability to identify the origin of a cyberattacks, block them and respond when needed. "Potential aggressors should be aware that the United States has the capacity to locate them and hold them accountable for actions that harm America or its interests," said Panetta in a speech to the Business Executives for National Security. A current U.S. official acknowledged Thursday that the Obama administration knows who launched the cyberattacks against the Gulf companies and that it was a state actor.

U.S. agencies have been assisting in the Gulf investigation and concluded that the level of resources needed to conduct the attack showed there was some degree of involvement by a nation state, said the former official. The officials spoke on condition of anonymity because the investigation is classified as secret. While Panetta chose his words carefully, one cybersecurity expert said the Pentagon chief's message to Iran in the speech was evident. "It's not something where people are throwing down the gauntlet, but I think Panetta comes pretty close to sending a clear warning (to Iran): We know who it was, maybe you want to think twice before you do it again," said cybersecurity expert James Lewis, who is with the Center for Strategic and International Studies. "I think the Iranians will put two and two together and realize he's sending them a message."

More cnsnews.com/news/article/us-hackers-iran-responsible-cyberattacks
Click to expand...

waltky · Oct 19, 2012

Obama gonna ferret out dem terrorists an' grab `em by the back o' the neck an' shake `em like a rag doll...

Draft order would give companies cyberthreat info
19 Oct.`12 WASHINGTON (AP) A new White House executive order would direct U.S. spy agencies to share the latest intelligence about cyberthreats with companies operating electric grids, water plants, railroads and other vital industries to help protect them from electronic attacks, according to a copy obtained by The Associated Press.

The seven-page draft order, which is being finalized, takes shape as the Obama administration expresses growing concern that Iran could be the first country to use cyberterrorism against the United States. The military is ready to retaliate if the U.S. is hit by cyberweapons, Defense Secretary Leon Panetta said. But the U.S. also is poorly prepared to prevent such an attack, which could damage or knock out critical services that are part of everyday life. The White House declined to say when the president will sign the order.

The draft order would put the Department of Homeland Security in charge of organizing an information-sharing network that rapidly distributes sanitized summaries of top-secret intelligence reports about known cyberthreats that identify a specific target. With these warnings, known as tear lines, the owners and operators of essential U.S. businesses would be better able to block potential attackers from gaining access to their computer systems.

An organized, broad-based approach for sharing cyberthreat information gathered by the government is widely viewed as essential for any plan to protect U.S. computer networks from foreign nations, terrorist groups and hackers. Existing efforts to exchange information are narrowly focused on specific industries, such as the finance sector, and have had varying degrees of success. Yet the order has generated stiff opposition from Republicans on Capitol Hill who view it as a unilateral move that bypasses the legislative authority held by Congress.

Administration officials said the order became necessary after Congress failed this summer to pass cybersecurity legislation, leaving critical infrastructure companies vulnerable to a serious and growing threat. Conflicting bills passed separately by the House and Senate included information-sharing provisions. But efforts to get a final measure through both chambers collapsed over the GOP's concerns that the Senate bill would expand the federal government's regulatory power and increase costs for businesses.

More http://news.yahoo.com/draft-order-companies-cyberthreat-190906683--finance.html
Click to expand...

waltky · Jan 16, 2013

Granny says dey tryin' to attack our power grid...

US plants hit by USB stick malware attack
16 January 2013 - US authorities did not specify which plants had been hit - and to what extent

Two power plants in the US were affected by malware attacks in 2012, a security authority has said. In its latest quarterly newsletter, the US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) said "common and sophisticated" attacks had taken place. Malware had infected each plant's system after being inadvertently brought in on a USB stick, it said. The ICS-CERT said it expected a rise in the number of similar attacks. Malware can typically used by cyber-attackers to gain remote access to systems, or to steal data.

In the newsletter, authorities said: "The malware was discovered when an employee asked company IT staff to inspect his USB drive after experiencing intermittent issues with the drive's operation. "The employee routinely used this USB drive for backing up control systems configurations within the control environment." And at a separate facility, more malware was found. "A third-party technician used a USB-drive to upload software updates during a scheduled outage for equipment upgrades," the report said. "Unknown to the technician, the USB-drive was infected with crimeware. "The infection resulted in downtime for the impacted systems and delayed the plant restart by approximately three weeks."

Physical effects

The authority did not go into explicit details regarding the malware itself, but did stress that the use of removable media had to be reviewed and tightened. "Such practices will mitigate many issues that could lead to extended system downtime," it said. "Defence-in-depth strategies are also essential in planning control system networks and in providing protections to reduce the risk of impacts from cyber-events." In recent years, power plants have been the target of increasingly destructive malware and viruses - a bridge between damage in a digital sense, such as data loss of theft, and actual physical infrastructure. In 2010, the Stuxnet virus was said to have damaged critical parts of Iran's nuclear infrastructure.

Security firm Symantec research said it believed Stuxnet had been designed to hit motors controlling centrifuges and thus disrupt the creation of uranium fuel pellets. A UN weapons inspector later said he believed the attack had set back Iran's nuclear programme. No country has claimed responsibility for the attack, but a New York Times report last year, written by the author of a book on the attacks, pointed the finger at the US. Journalist David E Sanger wrote that the US had acted with the co-operation of Israel.

http://www.bbc.co.uk/news/technology-21042378
Click to expand...

pimptight · Jan 16, 2013

waltky said: ↑

The need for cyber security...

The West "will lose" the cyber war
April 20th, 2012 - On April 27, 2007, the tiny Baltic nation of Estonia - one of the most wired countries in the world - was hit with a massive cyberattack. Websites for banks, government ministries, newspapers, Parliament and media outlets were paralyzed, swamped by a distributed denial of service attack.

See also:

Cadets and Midshipmen square off on the virtual battlefield
April 20th, 2012 - The intense rivalry among the nation's military service academies extends well beyond the playing fields. It's deep down in the internet.
Click to expand...

Please see our quantum computer located in Utah.

Not only are we winning the cyber war, but we basically are the only nuclear power in the cyber world right now.

Now if we could just get a bill of internet rights, then I wouldn't have to demand it be shut down for spying on Americans.

waltky · Mar 21, 2013

Around 32,000 computers at six organisations were affected by Wednesday's attack...

Malware Blamed for Crashing S. Korean Computer Networks
March 20, 2013 South Korean police and government agencies are attempting to determine who is responsible for a malicious act that caused widespread computer outages affecting television channels and banking services.

South Korea's communications commission (KCC) says a distributed denial of services (DDos) attack, a common way to overload computer servers making websites unreachable, was not the reason computers at broadcasters and banks became paralyzed. The manager of the commission's network information protection team, Lee Seung-won, says there are some initial clues as to what actually happened, based on a quick analysis of data collected from the computer systems at the affected institutions.

Lee says suspected malware was circulated through a software update application known as the patch management system, destroying the primary sector on hard drives containing the code needed for starting the operating system (the master boot record). At the YTN cable news channel, anchorman Ho Jun-seok told viewers the problem affected the work station from which he was trying to read his scripts. The newscaster says the computer in front of him, which had been working properly when the newscast started, now is paralyzed.

South Korea's Internet and Security Agency says there is no trace of an attack on the computer systems coming from outside the country. Workers at broadcasters YTN, KBS and MBC say their computers malfunctioned after midday Wednesday. South Korea's Financial Services Commission issued a statement saying Shinhan's Internet banking servers went down and that computers at Nonghyup and Jeju banks were hit by a virus that deleted files. The Commission adds that Woori Bank successfully fended off a suspected denial-of-service attack.

There are no reports of South Korean government or military computer networks experiencing any trouble. But South Korea's defense minister raised the alert level for the military's information operations condition after receiving word of the problems affecting civilian networks. North Korea is blamed for previous cyber attacks on South Korean web sites and computer networks, the largest taking place in 2009 and 2011. Last week, North Korea blamed the United States and its allies for launching a cyber attack against it. All of the web sites hosted in the country were inaccessible for two days.

Source
Click to expand...

See also:

China IP address link to South Korea cyber-attack
20 March 2013 > A cyber-attack on South Korean banks and broadcasters came from an internet address in China, South Korean officials say, but the identity of those behind it cannot be confirmed.

The telecoms regulator said hackers used a Chinese address to plant a malicious code that hit networks at six organisations on Wednesday. Officials said they were continuing to investigate the origins of the attack. North Korea has been blamed for previous attacks in 2009 and 2011. "Unidentified hackers used a Chinese IP address to contact servers of the six affected organisations and plant the malware which attacked their computers," said Park Jae-moon of South Korea's communications regulator. "At this stage, we're still making our best efforts to trace the origin of attacks, keeping all kinds of possibilities open," he said.

Computer vaccines

Officials stressed that the IP address did not reveal who was behind the attack, as hackers can route their attacks through addresses in other countries to obscure their identities. But the discovery has strengthened speculation that North Korea was behind the attack, the BBC's Lucy Williamson reports from Seoul. Intelligence experts believe that North Korea routinely uses Chinese computer addresses to hide its cyber-attacks.

A taskforce is being formed to analyse the virus and stop further attacks, and free computer vaccines have been handed out to South Korean companies, our correspondent adds. Korea's Communications Commission (KCC) said that the attacks on all six organisations appeared to come from a single entity. The networks had been attacked by malicious codes, rather than distributed denial-of-service (DDoS) attacks as initially suspected.

'Persistent hacking'

Following Wednesday's attack, the KCC raised its cyber-attack alert levels to "caution," the third highest out of five levels, news agency Yonhap reported. Around 32,000 computers were affected by the incident, and some services at Shinhan bank, including internet banking and ATM machines, were disrupted. However, so far no damage had been detected in public institutions and infrastructure, the KCC was quoted as saying by Yonhap.

The incident comes with tensions between the two Koreas high. North Korea has stepped up rhetoric in recent days in response to fresh UN sanctions over its nuclear test in February and joint annual military drills between the US and South Korea, which it bitterly opposes. On 15 March, North Korea's KCNA news agency also accused the US and its allies of "intensive and persistent" hacking attacks on its internet servers.

http://www.bbc.co.uk/news/world-asia-21873017
Click to expand...

Anders Hoveland · Mar 21, 2013

I never could understand why computers are designed to be so vulnerable.
Perhaps computers should not be designed to be programmed so easily (or keep the software programming containened within separate specific programs).

Perhaps it is just that computers are so complex, it is difficult to design systems which are not vulnerable?

waltky · Mar 22, 2013

What is needed is a computer program that will mirror attacks back to the source...

What makes SKorea cyberattacks so hard to trace?
21 Mar.`13 The attacks that knocked South Korean banks and media outlets offline this week appear to be the latest examples of international "cyberwar." But among the many ways that digital warfare differs from conventional combat: There's often no good way of knowing who's behind an attack.

South Korean authorities said Thursday that the attack, which shut down scores of cash machines and hampered business, had been traced to an "Internet Protocol" address in China. But that doesn't mean the attack was launched from there. The general assumption in South Korea is that the attack originated in North Korea. "IP" addresses are, roughly speaking, the phone numbers of the Internet. Each connected computer has a number that identifies it uniquely on the network, so the Chinese IP address implies that a computer in China was involved in the attack.

However, that computer could have been controlled from elsewhere, either because someone bought access to it, or because it's been infected with malicious software. To determine the location from which it's being controlled, investigators would need access to that computer, or to the records of the company hosting the computer. That's unlikely to be forthcoming from a Chinese company. "China is obviously a popular place to hide things," said Dan Holden, director of security research at Arbor Networks' Security Engineering & Response Team. Chinese authorities are difficult to work with and there's a language barrier, he said.

South Korean computer researchers check the shutdown hardwares of Korean Broadcasting System (KBS) at Evidence Acquisition Lab of Cyber Terror Response Center at National Police Agency in Seoul, South Korea, Thursday, March 21, 2013. A Chinese Internet address was the source of a cyberattack on one company hit in a massive network shutdown that affected 32,000 computers at six banks and media companies in South Korea, initial findings indicated Thursday.

In addition, China is believed to be conducting its own campaign of cyber-espionage, which means that attacks launched from there are often simply attributed to the Chinese government, even if it isn't responsible for the aggression, Holden said. "If you are any nation state or even any attacker right now, why wouldn't you hide in China right now?" Holden asked rhetorically.

Apart from tracing the path an attack takes through the Internet, there's another way to figure out who's behind it: analysis of the software involved. Malicious software, or "malware," can provide clues to its creator. Some of those are obvious, like comments inserted into the written code. However, such comments can be easily faked to lead investigators astray. More subtle analysis can be fruitful, according to Christopher Novak, managing principal of the global investigative response team at Verizon Communications Inc. "In many cases, the malware that you see on the computer is very similar to a cold or an illness that a person gets ... The strain of the cold that I have and the strain of the cold that you have may be slightly different, but when we look at the DNA and makeup and see they're 99.9 percent the same, there's a pretty good chance one of us transmitted it to the other," Novak said. "When we analyze malware codes, we see the elements that are copied and reused, certain programming styles."

Such analysis can yield important clues, but rarely rock-solid attribution. The U.S. Department of Defense has said that a cyberattack can merit a violent response, but first you have to know who to target. "Digital attribution is extremely difficult and if you want to do it, it takes some serious effort," Holden said.

Source
Click to expand...

Log in or Sign up

The need for cybersecurity

waltky Well-Known Member

waltky Well-Known Member

waltky Well-Known Member

waltky Well-Known Member

waltky Well-Known Member

waltky Well-Known Member

waltky Well-Known Member

pimptight Banned

waltky Well-Known Member

Anders Hoveland Banned

waltky Well-Known Member

Share This Page

Log in or Sign up

The need for cybersecurity

waltky Well-Known Member

waltky Well-Known Member

waltky Well-Known Member

waltky Well-Known Member

waltky Well-Known Member

waltky Well-Known Member

waltky Well-Known Member

pimptight Banned

waltky Well-Known Member

Anders Hoveland Banned

waltky Well-Known Member

Share This Page

Useful Searches