October 18th, 2010
By: Sharon Weinberger
Worried about e-mails that appear to be from your bank but could well be part of a phishing scam? That may soon be the least of your problems. With concerns about cyberattacks on the rise, computer security experts are looking ahead to what they think might be the next wave of attacks.
What they find is that everything from your car to your computer webcam is vulnerable to attack. Here are five new types of attacks:
1) Social Network Attacks: Malware that steals your e-mail contacts, passwords and other personal information is old news. But a new technical paper by a group of Israeli researchers says the cybersecurity community is ignoring a new, more insidious type of attack: one that preys on your entire social network, working to slowly pilfer information about your behavior and life.
Dubbed “stealing reality,” these types of attacks, the researchers argue, are more insidious because the “victim of a ‘behavioral pattern’ theft cannot easily change her behavior and life patterns.”
“Most likely those attacks are currently happening,” lead author Yaniv Altshuler, a research scientist at Ben Gurion University, told AOL News.
Altshuler says the market for this sort of information already exists. “And If there is a buyer, there is a seller,” he added.
2) Attacks on Cars: Today’s automobiles often come equipped with the equivalent of advanced computer systems, which means that like your home computer, they could be vulnerable to attack. In a new paper, researchers at the University of Washington and the University of California, San Diego, say they have demonstrated “the ability to adversarially control a wide range of automotive functions and completely ignore driver input — including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on.”
Everything from your car’s wireless tire-pressure sensors to its stolen-vehicle tracking and recovery system provides opportunities for hackers to gain control of your vehicle without you even knowing.
3) Medical Devices: Today, wireless pacemakers can send your doctor or hospital real-time data on your heart, showing just how far medical devices have come with the help of modern electronics. But with that new technology comes a new threat: the possibility of someone hacking into your medical device or injecting malicious code that disrupts the lifesaving device. Prosthetic limbs, wireless pacemakers and other implantable medical devices might all be at risk.
“This is very real — the bad guys would buy the pieces and just work on them a little bit,” Greg Hoglund, who heads HBGary, a computer security company, told an audience earlier this year at a Northern California Hospital Cyberterrorism Seminar. “It’s amazing someone hasn’t pulled this off yet.”
4) Hacking Your Webcam: Watch out for the light on your computer that shows the webcam is on, even after you think you’ve turned it off. It could be a Trojan computer program operating the camera, taking pictures or even video, and sending it over the Internet without your knowledge. For those who leave their laptops on and open, that’s the equivalent of having Big Brother in your bedroom or office without you knowing.
There are already cases of this happening, for example, in Germany. “A man has been arrested for spying on more than 150 girls in their bedrooms by hacking into their computers and using their webcams to watch them, provoking warnings that others will be doing the same thing,” DPA, the German press agency, reported earlier this year.
5) Smart Phone Attacks: Most consumers worried about cyberattacks associate the threat with their home PCs or laptops. So they often think nothing of downloading applications to their smart phones, which often contain just as much personal information as their home computers.
“Nobody’s making money at the moment with mobile security,” said Mikko Hypponen, the chief research officer of Finland’s F-Secure, according to the San Francisco Chronicle. “But all the players assume that sooner or later we will see a major outbreak or some other major event that will change the situation forever.”
October 1st, 2010
By: Iain Thomson
Delegates at the Virus Bulletin 2010 conference in Vancouver have heard that the Stuxnet worm could have been an inside job.
Graham Cluley, senior technology consultant at Sophos, told V3.co.uk that the worm may have been written by someone with detailed knowledge of Siemens’ computer systems, possibly a current or former employee.
“The message I got was that it appears to have been written by someone with inside knowledge of how Siemens’ systems work,” he said.
“But none of the presenters gave any evidence about who wrote it and against who it was targeted. Unless we get access to the computer it was written on, or someone admits writing it, we’ll probably never know.”
The malware contains the date 9 May 1979, which coincides with the execution of an Israeli businessman in Iran. But Cluley explained that this date is also, for example, the birth date of actress Rosario Dawson, and could be a red herring.
Cluley also said that the evidence for this being a targeted attack on Iran is patchy, since Symantec reported that more attacks had been reported in India and Indonesia than in Iran.
Mikko Hyppönen, chief research officer at F-Secure, told V3.co.uk that, based on the evidence he’d seen, the Stuxnet worm looks like a government attack, although conference presentations focused on the technical details of the attack rather than the motive.
“The obvious conclusion from Stuxnet is that there isn’t any clear motive other than sabotage,” he said.
“Crucially no-one has found a way that anyone could make money from this, which makes criminal involvement unlikely. If you look at the level of difficulty and complexity behind Stuxnet, it has to be a government effort.”
Hyppönen was awarded Best Educator at the conference, while Kaspersky Lab founder Eugene Kaspersky received a Lifetime Achievement award.
September 27, 2010
By: Justin Fishel
The Pentagon is refusing to comment on widespread accusations that it is responsible for coordinating a cyber-attack against Iran’s nuclear facilities. Earlier this month the Iranians acknowledged the “Stuxnet Worm” had invaded software it uses at multiple nuclear production plants.
Pentagon Spokesman Col. David Lapan said Monday the Department of Defense can “neither confirm nor deny” reports that it launched this attack.
The Stuxnet worms enters networks through USB portals and is designed specifically to attack software made by Siemens, the German owned industrial corporation. German intelligence agencies have been known to cooperate closely with the United States. Combine this fact with that the United States and Israel both have a vested interest in stopping the Iranians from acquiring a nuclear weapon, and you have the three main suspects behind the worm: the U.S., Israel, and Germany.
It’s also important to note that researchers have determined the worm originated sometime in early 2010. Therefore if it was initiated by the United States it would have been done under the Obama administration.
Last year the Pentagon was attacked by a virus that temporarily shut down email services in the Pentagon. That worm also entered the system through commonly used flash drives, or portable hard drives, that plug into USB ports. Since that attack the Pentagon has banned the use of flash drives throughout the Department of Defense, and that ban remains in place today.
The Department of Homeland Security said last week it is taking precautions to defend the U.S. against the Stuxnet worm.
September 26, 2010
By: Nasser Karimi
A complex computer worm capable of seizing control of industrial plants has affected the personal computers of staff working at Iran’s first nuclear power station weeks before the facility is to go online, the official news agency reported Sunday.
The project manager at the Bushehr nuclear plant, Mahmoud Jafari, said a team is trying to remove the malware from several affected computers, though it “has not caused any damage to major systems of the plant,” the IRNA news agency reported.
It was the first sign that the malicious computer code, dubbed Stuxnet, which has spread to many industries in Iran, has also affected equipment linked to the country’s nuclear program, which is at the core of the dispute between Tehran and Western powers like the United States.
Experts in Germany discovered the worm in July, and it has since shown up in a number of attacks — primarily in Iran, Indonesia, India and the U.S.
The malware is capable of taking over systems that control the inner workings of industrial plants.
In a sign of the high-level concern in Iran, experts from the country’s nuclear agency met last week to discuss ways of fighting the worm.
The infection of several computers belonging to workers at Bushehr will not affect plans to bring the plant online in October, Jafari was quoted as saying.
The Russian-built plant will be internationally supervised, but world powers are concerned that Iran wants to use other aspects of its civil nuclear power program as a cover for making weapons. Of highest concern to world powers is Iran’s main uranium enrichment facility in the city of Natanz.
Iran, which denies having any nuclear weapons ambitions, says it only wants to enrich uranium to the lower levels needed for producing fuel for power plants. At higher levels of processing, the material can also be used in nuclear warheads.
The destructive Stuxnet worm has surprised experts because it is the first one specifically created to take over industrial control systems, rather than just steal or manipulate data.
The United States is also tracking the worm, and the Department of Homeland Security is building specialized teams that can respond quickly to cyber emergencies at industrial facilities across the country.
On Saturday, Iran’s semi-official ISNA news agency reported that the malware had spread throughout Iran, but did not name specific sites affected.