Site Network: | | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Little Compositions

This week has seen quite a number of smaller news articles come to surface, many being follow ups to stories that gained prominence earlier in the year, including spear phishing, Chinese state sponsored hackers and more.

In one of the most recent cases where spear phishing has been the claimed, at least one minor US financial institution had their internal systems specifically targeted by remote attackers. Separating this case from the normal range of phishing attacks was the fact that it appeared targeted to employees of the institution, and attempted to compromise their work systems for purposes unknown (although a good guess would be for compromise of account holder account details). The case is now under investigation by the authorities, but it is interesting from the point of view that it has been reported by the media as a case of spear phishing.

A story which evolved along similar lines, saw a charity in the United Kingdom find themselves the victim of a compromise which resulted in the theft of the personal details and financial contribution data from a large number of their donors. This information was rapidly turned around for active exploitation, with a number of the donors being contacted by the hackers, who were claiming to represent the charity, and seeking further donations from them. Others had accounts with various financial institutions accessed and modified.

Since the public notification of the breach, the website for the affected charity has been shut down. A comment from the head of the UK Charity Commission suggests that there is a lack of understanding of the threats to online financial transactions, at the highest levels of the Commission. Essentially, he claimed that the use of SSL to protect information in transfer between the donor and the charity should be sufficient security for protection of information, which conveniently ignores the risk posed by insecure storage of sensitive information on the server. The Executive did follow up this claim with a later statement that charities and other companies with an online presence should ensure they have some form of security on their sites.

The bad news didn't end there for the UK, with reporting that the suspected fraud perpetrated through an HM Revenues & Customs tax credit portal was far more extensive than originally thought. Initially disclosed at the start of December, when the portal was taken off-line, it was thought at that time that up to 1,500 call centre workers had their identities and financial details stolen, with a number being used for fraudulent claims through the tax portal. Continuing investigation work has discovered that the number of compromised people may be up to 13,000, with the total fraud perpetrated in the millions of pounds. Most fraudulent claims appear to have been limited to less than a thousand pounds, possibly in an effort to avoid automated and manual scanning systems.

Following the recent fuel storage explosion and fires in England, a number of large electronics retailers and Information Technology firms were directly affected, and had the chance to implement their disaster plans (if they had them). One of the major electronics retailers in England had their headquarters essentially destroyed, but the quick implementation of their disaster recovery plan meant that they were able to resume operations from a secondary location, with minimal disruption to their services. It is feared that a number of smaller (and even some larger) companies will not be able to cope with the stress and system disruption caused by the damage to their information infrastructure, and will go out of business as a result.

Elsewhere in the World, and hacking for National Interests has grabbed minor headlines for a number of incidents. The 'Titan Rain' set of incidents, where it is claimed that State-sponsored hackers from China were actively exploiting semi-sensitive networks and systems in the USA, have grabbed more exposure from Western news sources. To counter the negative press being generated, the Chinese Foreign Ministry released a statement that the Chinese Government is not involved in any hacking of the USA, and they have called for evidence to be released which shows the links between the attacks and the Chinese Government.

Minor hacking and web-defacement conflicts have also been taking place between Chile and Peru, and India and Pakistan. While it is unlikely that these cases involve any state sponsored efforts, the hacking can be considered a proxy front for the national interests being tussled over in the real world. Internal hacking efforts have also resulted in the complete shutdown of a government-sponsored television station in Russia. The new station, Russia Today, has admitted that they were forced to cease transmission of their programs due to a particularly nasty attack from a hacker, or hackers unknown. Broadcast of content has been ceased until the attack can be defeated.

There were also a small number of significant malware events which affect a wide range of systems. Not wanting to be outdone by Sober, the creators behind the Bagle / Beagle family of email worms have released the next variant, which appears to be a much more active attacking worm than previous versions. Most Anti-virus companies should have updated definitions files by now to deal with this latest worm. While this particular worm is spreading, it appears that Sober is beginning to have some fairly serious effects. Users of Microsoft's Hotmail and MSN email services may be unable to receive emails (or have them excessively delayed) from an unspecified number of external ISPs. A spokesperson for Microsoft claims that the issues are related to the increase in traffic caused by the Sober email worm.

A new exploit was released which targets the MSDTC vulnerabilities fixed in the MS05-051 security patch released in October this year. Dubbed Dasher, the current versions in the wild link back to key loggers and other nasty software in an effort to extract useful information from the infected end users. An initial, crippled, version was sent to the major Anti-virus companies earlier in the week, for reasons that are currently unknown. While the patch from Microsoft will completely block the exploitation route the worm is using, there have been reports that the patch has caused problems for some users, and so not all vulnerable systems may have been patched.

Finally, the possession of Plasticine may soon be regarded as suspicious (there goes the Kindergarten and ChildCare industry) following revelations that it may be used to bypass biometric authentication systems such as fingerprint readers. Laboratory testing has discovered that, 90% of the time, biometric systems could be confused and bypassed by such simple means as the use of plasticine. The high failure rate should be a cause for concern, and the fact it isn't mentioned by the vendors could be leading clients to have a misplaced sense of trust in their authentication systems, and can make well-designed multiple factor authentication systems become single factor authentication. At the least, it appears to be driving a number of the vendors to improve their products to be better protected against such simple attacks.

19 December 2005

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.