Monday, June 20, 2011

Hackpocalypse now

Is it only me, or is the world becoming eerily (and scarily) reminiscent of Neuromancer, Snow Crash, and True Names?

That is: is conflict moving from the physical to the virtual domain? Are freelance hackers and ad hoc groupings of same obtaining more and more influence over our daily lives? Is hacking the new, preferred choice in asymmetric warfare? Are we neck deep in a new, scary era?

It sure looks that way. Consider these recent events:

Starting small ... ever-behind-the-curve Sony was nailed again, as Daily Tech reported on May 25: Sony Loses Yet More Customer Records, 3 More Sites Hacked. Nor did Sony learn anything. From Ars Technica, on June 2nd: Sony hacked yet again, plaintext passwords, e-mails, DOB posted.

Lockheed Martin is one of the biggest aerospace firms. Yahoo News reports on May 29 that: Lockheed Martin hit by cyber attack. LockMart builds F-16, F-22 and F-35 fighter jets, the Aegis naval combat system, and THAAD missile defense, among other rather sensitive items.

It's not only LockMart, of course. Yahoo News also reports on May 31 that: U.S. arms makers said to be bleeding secrets to cyber foes. As in, "The Defense Department, which runs its own worldwide eavesdropping, spying and code-cracking systems, says more than 100 foreign intelligence organizations have been trying to break into U.S. networks."

On June 3rd, from PC Mag, we have Report: Gmail Attacks Replicated on Hotmail, Yahoo. These are spear phishing attacks that Google says are aimed at "reporters, activists, and government officials."

Also on June 3rd, this time from Livescience, the depressing report that Most Major Websites Leak Private Data, Study Finds. Some snippets:
While each website might be leaking only a small portion of your information, the powerful tracking tools that receive it are able to patch all those small tidbits together into a pretty clear picture of who you are and what you are interested in.

That's the finding of a study of more than 100 popular websites used by tens of millions of people that found three-quarters directly leak either private information or users' unique identifiers to third-party tracking sites ...

From the New York Times, on June 11: I.M.F. Reports Cyberattack Led to ‘Very Major Breach.' Yup, the International Monetary Fund. Do you, your pension, or your 401k own any financial securities? Then be very afraid.
"Because the fund has been at the center of economic bailout programs for Portugal, Greece and Ireland — and possesses sensitive data on other countries that may be on the brink of crisis — its database contains potentially market-moving information. It also includes communications with national leaders as they negotiate, often behind the scenes, on the terms of international bailouts. Those agreements are, in the words of one fund official, “political dynamite in many countries.” It was unclear what information the attackers were able to access."

From the Washington Post on June 15: CIA Web site hacked; group LulzSec takes credit. The article also notes that, "In recent weeks, LulzSec has claimed credit for hacking or bringing down Web sites belonging to PBS, Sony, the U.S. Senate and the Atlanta chapter of InfraGard, a public-private partnership between the FBI and the private sector dedicated to sharing information and intelligence to prevent hostile acts against the United States."

How is all this happening? It doesn't help that the "SecurID" tokens on which many large organizations rely for authentication are less secure than once thought. From IEEE (that's the Institute of Electrical and Electronics Engineers), on June 8th, see RSA Tries to Quell Customer Anger by Offering New Security Tokens.

On June 15th, Richard Clarke, security and counter-terrorism adviser for presidents Bush 41, Clinton, and Bush 43, had an op-ed piece in The Wall Street Journal on China's Cyberassault on America. A snippet:
"Senior U.S. officials know well that the government of China is systematically attacking the computer networks of the U.S. government and American corporations. Beijing is successfully stealing research and development, software source code, manufacturing know-how and government plans. In a global competition among knowledge-based economies, Chinese cyberoperations are eroding America's advantage."
Just yesterday (June 20), Nextgov reports that LulzSec Hacktivists Declare War on .Gov Websites; Feds Stand Ready.  I retained the second clause in that headline out of a sense of completeness, not from any great confidence that the Feds are ready.

Sadly, my list of recent hacking-related problems is much longer. Nor am I the only one noticing. Livescience (this time on June 10th) reports that 2011 Set to Be Worst Year Ever for Security Breaches.

Welcome to the Hackpocalypse. 

=====
On a personal -- and far less cosmic -- note, this is my 200th post. Something of a milestone ...

4 comments:

Jaycee Adams said...

Congrats on the milestone!

For the past 10 years or so that I've been on the internet, I've been wishing that when I was younger, I'd had the opportunity to learn how to do all this cool hacking stuff. I know enough about it to describe it believably, but I can't actually do it. I chose to have a life instead.

Why, you wonder?

Initially it was to arrange beatdowns for spammers (http://www.mopjockey.com/2009/11/beatdowns-inc.html), but now, with how much cyber crime has taken off, I'd like to give the black hats a taste of their own medicine. I'd like to set up a bot network which finds other bot networks, finds their owners, and shuts them down with extreme prejudice.

This form of terrorism could've been nipped in the bud 10 years ago when it became apparent that anti-spam laws weren't working, but too many idiot bleeding hearts didn't want to do what had to be done, and now we're all suffering for it. And you can bet the bleeding hearts can't for the life of them figure out why all this is happening to them.

Edward M. Lerner said...

Hi Jaycee. Malware (and those who write it) frustrates the %$%^$!@ out of me, too.

When I buy a new computer, it's generally because the old PC -- still able to run the word processor, spreadsheet, and browser on which I rely -- can't cope with ever-more-powerful anti-malware software required for ever-more powerful and prevalent malware. Multiply my experience by a few other users, and that's a lot of hidden cost to malware.

- Ed

Jaycee Adams said...

Actually, Ed, what it most likely needs is to be cleaned up. As you use Windows, a lot of temporary files get created. They're supposed to delete themselves when they're done, but they often don't, so you're left with a lot of detrius, which, for some reason, the OS thinks it still needs to access them.

Surprisingly, a lot of computer techs don't know how to properly clean a computer, and even if they do, there are still things which accumulate in the registry which can't be cleaned.

I highly recommend making sure all your data (documents, pictures, taxes, etc) are backed up and then have someone knowledgeable wipe the hard drive and reinstall a fresh copy of Windows.

Yes, it's a bit of a hassle to reinstall your software again, and get your settings just right again, and get your data files back on it again, but it's no different than if you'd bought a newer computer, except you didn't spend as much money! The computer should run as fast as it did when you first got it - you will be amazed at how fast that is.

Computers have a reasonable working lifetime of about 5 years. I have used many for far longer by keeping them clean and reinstalling the OS from time to time. The rush to upgrade daily that characterized the '80's and '90's is gone. A computer built in 2000 is perfectly adequate to run anything which isn't graphically or computationally intensive. Few people need anything like that.

Even if you have to pay a shop to do a reinstall of your OS, it's worth it. Every couple of years will save you thousands. I've seen old computers which required most of an HOUR to boot up to a "useable" state, after deleting the junk files, go back to booting up in a minute or two.

Good luck!

Edward M. Lerner said...

Hi Jaycee,

Re your PC advice: I agree. (I worked in IT and aerospace for 30 years before becoming a full-time writer.)

I'm dealing with a 2005 laptop, on which I reinstalled Windows scarcely two years ago. I moved most data off the C: drive to a (Linux) RAID NAS. I run a registry cleaner regularly. I do off-site backups regularly.

From watching the task manager, it's clear that the two primary CPU users are the virus checker and the browser -- and the browser is mainly a problem when I allow Flash Player to run.

I can't do without a virus checker and I don't want to suppress videos, so I think an upgrade is in the cards.

- Ed