October 18th, 2010
By: Sharon Weinberger
Worried about e-mails that appear to be from your bank but could well be part of a phishing scam? That may soon be the least of your problems. With concerns about cyberattacks on the rise, computer security experts are looking ahead to what they think might be the next wave of attacks.
What they find is that everything from your car to your computer webcam is vulnerable to attack. Here are five new types of attacks:
1) Social Network Attacks: Malware that steals your e-mail contacts, passwords and other personal information is old news. But a new technical paper by a group of Israeli researchers says the cybersecurity community is ignoring a new, more insidious type of attack: one that preys on your entire social network, working to slowly pilfer information about your behavior and life.
Dubbed “stealing reality,” these types of attacks, the researchers argue, are more insidious because the “victim of a ‘behavioral pattern’ theft cannot easily change her behavior and life patterns.”
“Most likely those attacks are currently happening,” lead author Yaniv Altshuler, a research scientist at Ben Gurion University, told AOL News.
Altshuler says the market for this sort of information already exists. “And If there is a buyer, there is a seller,” he added.
2) Attacks on Cars: Today’s automobiles often come equipped with the equivalent of advanced computer systems, which means that like your home computer, they could be vulnerable to attack. In a new paper, researchers at the University of Washington and the University of California, San Diego, say they have demonstrated “the ability to adversarially control a wide range of automotive functions and completely ignore driver input — including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on.”
Everything from your car’s wireless tire-pressure sensors to its stolen-vehicle tracking and recovery system provides opportunities for hackers to gain control of your vehicle without you even knowing.
3) Medical Devices: Today, wireless pacemakers can send your doctor or hospital real-time data on your heart, showing just how far medical devices have come with the help of modern electronics. But with that new technology comes a new threat: the possibility of someone hacking into your medical device or injecting malicious code that disrupts the lifesaving device. Prosthetic limbs, wireless pacemakers and other implantable medical devices might all be at risk.
“This is very real — the bad guys would buy the pieces and just work on them a little bit,” Greg Hoglund, who heads HBGary, a computer security company, told an audience earlier this year at a Northern California Hospital Cyberterrorism Seminar. “It’s amazing someone hasn’t pulled this off yet.”
4) Hacking Your Webcam: Watch out for the light on your computer that shows the webcam is on, even after you think you’ve turned it off. It could be a Trojan computer program operating the camera, taking pictures or even video, and sending it over the Internet without your knowledge. For those who leave their laptops on and open, that’s the equivalent of having Big Brother in your bedroom or office without you knowing.
There are already cases of this happening, for example, in Germany. “A man has been arrested for spying on more than 150 girls in their bedrooms by hacking into their computers and using their webcams to watch them, provoking warnings that others will be doing the same thing,” DPA, the German press agency, reported earlier this year.
5) Smart Phone Attacks: Most consumers worried about cyberattacks associate the threat with their home PCs or laptops. So they often think nothing of downloading applications to their smart phones, which often contain just as much personal information as their home computers.
“Nobody’s making money at the moment with mobile security,” said Mikko Hypponen, the chief research officer of Finland’s F-Secure, according to the San Francisco Chronicle. “But all the players assume that sooner or later we will see a major outbreak or some other major event that will change the situation forever.”
October 1st, 2010
By: Iain Thomson
Delegates at the Virus Bulletin 2010 conference in Vancouver have heard that the Stuxnet worm could have been an inside job.
Graham Cluley, senior technology consultant at Sophos, told V3.co.uk that the worm may have been written by someone with detailed knowledge of Siemens’ computer systems, possibly a current or former employee.
“The message I got was that it appears to have been written by someone with inside knowledge of how Siemens’ systems work,” he said.
“But none of the presenters gave any evidence about who wrote it and against who it was targeted. Unless we get access to the computer it was written on, or someone admits writing it, we’ll probably never know.”
The malware contains the date 9 May 1979, which coincides with the execution of an Israeli businessman in Iran. But Cluley explained that this date is also, for example, the birth date of actress Rosario Dawson, and could be a red herring.
Cluley also said that the evidence for this being a targeted attack on Iran is patchy, since Symantec reported that more attacks had been reported in India and Indonesia than in Iran.
Mikko Hyppönen, chief research officer at F-Secure, told V3.co.uk that, based on the evidence he’d seen, the Stuxnet worm looks like a government attack, although conference presentations focused on the technical details of the attack rather than the motive.
“The obvious conclusion from Stuxnet is that there isn’t any clear motive other than sabotage,” he said.
“Crucially no-one has found a way that anyone could make money from this, which makes criminal involvement unlikely. If you look at the level of difficulty and complexity behind Stuxnet, it has to be a government effort.”
Hyppönen was awarded Best Educator at the conference, while Kaspersky Lab founder Eugene Kaspersky received a Lifetime Achievement award.