Security roundup: The fury of Anonymous, the humiliation of Stratfor
- 14 January, 2012 08:22
The hactivist group Anonymous, or at least someone with the handle "FuryOfAnon" who claims to be part of the collective, last week published a list of Internet-facing Israeli SCADA (supervisory control and data acquisition) systems and purported log-in details. "Who wanna have some fun with Israeli scada systems?" the message said.
As a politically motivated group, Anonymous is believed to be currently engaged in an effort to hack Israeli websites as part of an operation called Operation Free Palestine -- but this invitation to subvert industrial-control systems ups the ante to the point of physical danger.
One recent victim of Anonymous, Austin, Texas-based Stratfor Global Intelligence, knows about hactivist violence. Stratfor brought its website back online last week after shutting it down following intrusions in December, for which Anonymous claimed responsibility, and the posting of the names and credit card numbers of 75,000 people who had paid for Stratfor's research (as well as posting hundreds of thousands of names and email addresses of those registered with Stratfor). There were also reports of several fraudulent transactions made with this stolen credit-card information, such as charities, which probably didn't appreciate having to waste time sorting out credit-card fraud.
Why was Stratfor hit? Anonymous probably thinks Stratfor, which publishes geopolitical analysis, is somehow the "hub of a global conspiracy" with tentacles into governments or those in power, noted George Friedman, Stratfor CEO, in a video he made and posted on YouTube last week.
This is a remarkable video -- I can't recall any other beleaguered exec do anything like this after a major cyberattack -- and in this video Friedman says his firm simply publishes analysis and makes it available to subscribers. After apologizing for mistakes such as lack of security in encrypting credit cards, Friedman says the firm has regrouped with help from consultants and is working with the FBI. Friedman accuses Anonymous of "abuse and censorship," pointing out that the attackers destroyed four servers in their quest to bring down Stratfor. "We were shocked at the destruction," Friedman says, adding, "the attempt to silence us has failed." In the video, Friedman concludes, "we certainly expect to be attacked again."
And that's the heart of the matter. Though it's usually about exposing information to embarrass targets and try to destroy them that way, hactivism, at least under the Anonymous label, is growing more violent.
More in cyberattack trends
A variant of the Sykipot Trojan Horse has been identified that hijacks U.S. Department of Defense smart cards in order to access restricted resources, according to security researcher Jaime Blasco at Alien Vault. The firm claims one of the Sykipot variants is designed to work with ActivIdentity ActivClient, an authentication software product compliant with DOD's Common Access card specification.
In the world of virtualization
Virtualization changes everything, as they like to say over at Gartner, and with enterprises shifting to virtualized platforms, it's impacting security, too. Phil Hochmuth, IDC program manager in the area of security products, shared insights about what IDC has learned tracking the $3.2 billion messaging security market and changes coming related to virtualization. Specifically, IDC forecasts that sales of traditional security-messaging software will plummet by 27% by 2015, while the up-and-coming software alternative designed for virtualized networks, the "virtual security appliance," will surge in its place. The same trend is thought to be beginning for other security segments as well, such as intrusion-prevention systems and firewalls.
Can you trust data-recovery service providers?
Data-recovery service providers are supposed to be saving important data for you when something goes wrong -- a drive crashes or storage device is dropped, and no backup is available. But do you trust them with the important data you let them recover or could they actually be a source for a data breach?
A survey of 769 IT professionals published last week says those surveyed need to find out more about the third-party data-recovery services their organizations use. For example, according to the survey, 67% felt that encryption they had in place protected their organizations from data loss or theft during the data recovery process. But encryption keys are often handed over to the third-party data recovery service provider as part of the process, according to the study done by Ponemon Institute.
Ponemon's "Trends in Security of Data Recovery Operations" report says that of the 87% of survey respondents who said their organization had at least one data breach in the past two years, "21% say the breach occurred when a drive was in the possession of a third-party data service provider."
How a Baptist pastor became the go-to IT guy
Given how hard it is to set up networks and security, it was fascinating to hear about Terrill Gilley, a Baptist pastor in a rural part of Florida, who took on the extra duty of managing the network and applications used by his church and its church school, NorthRidge Church and Christian Academy, in Haines City outside of Orlando. The church didn't have the budget for full-time IT staff, so Gilley is also the network administrator, and he's worked to establish the best infrastructure, along with cloud-based services, for the church that he can find.
From the vendor side last week
- IBM has come out with a new software tool called Security Role and Policy Modeler for use with the IBM Security Identity Manager suite. The software module is intended to help define roles for employees in order to establish policy-based access to a network and application resources.
There are a lot of surveys out there, we know, but we're asking you to consider two now being done that need online feedback. One is for security organization SANS, and it relates to issues around mobility that SANS would like to hear about your experience through the survey here. The second is being commissioned by the National Institute of Standards and Technology, and conducted by RTI here. Sources at NIST tell me the survey is part of a study that will assist them in strategic planning analysis to help determine future investment in cybersecurity technology and trends, and specifically where there may be gaps identified in cybersecurity technology.
Read more about wide area network in Network World's Wide Area Network section.
Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.
- What does 2012 have in store for Anonymous?
- Stratfor relaunches site; CEO accuses attackers of censorship
- Hackers Breach the Web Site of Stratfor Global Intelligence - NYTimes.com
- video he made and posted on YouTube
- Security Research Center - Network World
- Buzzblog: Stratfor CEO’s ‘censorship’ rhetoric all wrong
- Sykipot Trojan hijacks Department of Defense authentication smart cards
- Virtual-security appliances winning users over traditional messaging-security software
- How a Baptist pastor in Florida became the go-to IT guy
- Applications Research Center - Network World
- IBM software eases role-based security operations
- Microsoft Subnet: An independent Microsoft community
- Microsoft to launch real-time threat intelligence feed
- SANS 2012 Mobility Survey
- LAN & WAN Research Center - Network World
Galaxy S5 deep-dive review: Long on hype, short on delivery
NBN Co hits 105Mbps in limited FTTN trial
Satellite communication systems rife with security flaws, vulnerable to remote hacks
TPG should pay rural levy for each FTTB service: NBN Co
TPG should pay rural levy for each FTTB service: NBN Co