Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for December 5th, 2008

TITAN RAIN II

leave a comment »

Pentagon Pounding Persists

December 4, 2008: U.S. military commanders are alarmed at the growing number of targeted hacking attacks on their networks. The hackers are trying to get at specific items of military information, and are even going after individual military computer users.

This all began about eight years ago, with an increasing number of very well executed Internet attacks hitting U.S. government (especially Department of Defense) computers. Analysis of these attacks indicated that the hackers appeared to be coming from China and Russia. At first, it was thought to be adventurous computer science students, or criminals out to steal something they could sell.

Then, in 2003, came the “Titan Rain” incident. This was a massive and well organized attack on American military networks. The people carrying out the attack really knew what they were doing, and thousands of military and industrial documents were sent back to China. The attackers were not able to cover their trail completely, and some of the attackers were traced back to a Chinese government facility in southern China. The Chinese government denied all, and the vast amounts of technical data American researchers had as proof was not considered compelling enough for the event to be turned into a major media or diplomatic episode.

In the wake of Titan Rain, governments around the world began to improve their Internet security. But not enough. The attacks kept coming, primarily out of China. And the attackers were getting better. In 2005, a well organized attack was made on the networks of the British parliament. This time, the defense won the battle. Mostly. The carefully prepared emails (with virus attached), would have fooled many recipients, because they were personalized, and this helped prevent network defenses from detecting the true nature of these messages. These targeted emails from hackers were very successful. If the recipient tried to open the attached file, their computer who have hacking software secretly installed. This software would basically give the hacker control of that PC, making it possible to monitor what the user does on the computer, and have access to whatever is on that machine.

While many recipients sense that the “spear fishing” (or “phishing”) attack is just that, some don’t, and it only takes a few compromised PCs to give someone access to a lot of secret information. This would be the case even if it is home PCs that are being infected. American legislators have discovered office and personal PCs of themselves and their staffers infected.

But many other attacks are only discovered when they are over, or nearly so. The attackers are very well prepared, and usually first make probes and trial run attacks on target systems. When the attackers come in force, they don’t want to be interrupted. And usually they aren’t. The Chinese attackers use techniques similar to those employed by criminal gangs trying to get into banks, brokerages and big businesses in general. Thus it is believed that the Chinese hackers try, as much as possible, to appear like just another gang of cyber criminals. But the Chinese have certain traits that appear more military than gangster.

The Chinese cyber army keeps getting better, and that includes covering their tracks. It may take a defector or three to make it definite that China is waging a stealthy war over the Internet. Meanwhile, the Chinese and Russians reap enormous economic and political benefits from their raids on economic and technical secrets in the West.

U.S. commanders are hoping president-elect Obama, the most computer literate presidents ever, will provide more support for Cyber War efforts, both defensive and offensive.

Ya know what? These guys are their own worst enemies in this game. The whole episode last week stemmed from autorun being available on machines and the fact that they had used USB thumbdrives on SIPRNET and NIPRNET systems when they shouldn’t have. Add to this that the malware was originally loosed on the net back in June and yet their virus detection failed to catch it, and you have a real winning combo.

Now they are under assault..

Gee, wonder why….

Written by Krypt3ia

2008/12/05 at 21:06

Posted in Uncategorized

TITAN RAIN II

leave a comment »

Pentagon Pounding Persists

December 4, 2008: U.S. military commanders are alarmed at the growing number of targeted hacking attacks on their networks. The hackers are trying to get at specific items of military information, and are even going after individual military computer users.

This all began about eight years ago, with an increasing number of very well executed Internet attacks hitting U.S. government (especially Department of Defense) computers. Analysis of these attacks indicated that the hackers appeared to be coming from China and Russia. At first, it was thought to be adventurous computer science students, or criminals out to steal something they could sell.

Then, in 2003, came the “Titan Rain” incident. This was a massive and well organized attack on American military networks. The people carrying out the attack really knew what they were doing, and thousands of military and industrial documents were sent back to China. The attackers were not able to cover their trail completely, and some of the attackers were traced back to a Chinese government facility in southern China. The Chinese government denied all, and the vast amounts of technical data American researchers had as proof was not considered compelling enough for the event to be turned into a major media or diplomatic episode.

In the wake of Titan Rain, governments around the world began to improve their Internet security. But not enough. The attacks kept coming, primarily out of China. And the attackers were getting better. In 2005, a well organized attack was made on the networks of the British parliament. This time, the defense won the battle. Mostly. The carefully prepared emails (with virus attached), would have fooled many recipients, because they were personalized, and this helped prevent network defenses from detecting the true nature of these messages. These targeted emails from hackers were very successful. If the recipient tried to open the attached file, their computer who have hacking software secretly installed. This software would basically give the hacker control of that PC, making it possible to monitor what the user does on the computer, and have access to whatever is on that machine.

While many recipients sense that the “spear fishing” (or “phishing”) attack is just that, some don’t, and it only takes a few compromised PCs to give someone access to a lot of secret information. This would be the case even if it is home PCs that are being infected. American legislators have discovered office and personal PCs of themselves and their staffers infected.

But many other attacks are only discovered when they are over, or nearly so. The attackers are very well prepared, and usually first make probes and trial run attacks on target systems. When the attackers come in force, they don’t want to be interrupted. And usually they aren’t. The Chinese attackers use techniques similar to those employed by criminal gangs trying to get into banks, brokerages and big businesses in general. Thus it is believed that the Chinese hackers try, as much as possible, to appear like just another gang of cyber criminals. But the Chinese have certain traits that appear more military than gangster.

The Chinese cyber army keeps getting better, and that includes covering their tracks. It may take a defector or three to make it definite that China is waging a stealthy war over the Internet. Meanwhile, the Chinese and Russians reap enormous economic and political benefits from their raids on economic and technical secrets in the West.

U.S. commanders are hoping president-elect Obama, the most computer literate presidents ever, will provide more support for Cyber War efforts, both defensive and offensive.

Ya know what? These guys are their own worst enemies in this game. The whole episode last week stemmed from autorun being available on machines and the fact that they had used USB thumbdrives on SIPRNET and NIPRNET systems when they shouldn’t have. Add to this that the malware was originally loosed on the net back in June and yet their virus detection failed to catch it, and you have a real winning combo.

Now they are under assault..

Gee, wonder why….

Written by Krypt3ia

2008/12/05 at 21:06

Posted in Uncategorized

Undercover Mother

leave a comment »

NEW YORK (AP) — Doreen Giuliano was obsessed with saving her son from a life behind bars after he was convicted of murder.
Doreen Giuliano, who used the name Dee Quinn, and juror Jason Allo bond at a Brooklyn, New York bar.

She gave herself an extreme makeover — blonde dye job, fake tan, sexy wardrobe, phony name — and began spying on jurors. She befriended one juror to root out any possible misdeeds at the trial, and for nearly eight months, they drank at bars, smoked marijuana and shared meals in her tiny Brooklyn hideaway.

The juror eventually opened up to her about his time as a juror, completely unaware that this seductive older woman was the same dutiful mother who sat through the entire trial just a few feet away from him.

The bizarre saga has become the basis for a defense motion filed this week demanding that the verdict be set aside, while exposing the desperate attempt that Giuliano made to win her son’s freedom.

“What she did was extraordinarily commendable,” said one of Giuliano’s lawyers, Ezra Glaser. “It shows the love of a mother and the great lengths she’ll go to to help her child.”

The juror, naturally, doesn’t quite see it that way. Jason Allo faces the possibility of being hauled into court to explain conversations recorded by a seductive undercover mother wearing a wire.

“He didn’t do anything wrong,” said his attorney, Salvatore Strazzullo. “We’re going to defend Mr. Allo’s actions to the full extent of the law.”

Among other things, the motion accuses the 33-year-old Allo of concealing that he had personal knowledge that Giuliano’s son, John Giuca, ran with a rough crowd, and of defying orders to avoid news coverage once the highly publicized proceedings started. It argues that Allo “admitted the outside information he obtained about the case prejudiced him against Mr. Giuca.”

A spokesman for the Brooklyn District attorney’s office said only that the motion was being reviewed. But the defense is a longshot: Courts rarely overturn guilty jury verdicts.

Giuca was convicted of the 2003 murder of Mark Fisher, a 19-year-old college student from Andover, New Jersey, who had gone to an after-hours party Giuca hosted in Brooklyn while his parents were out of town.

Prosecutors say Giuca, then a skinny 20-year-old, was a leader of a self-styled gang called the Ghetto Mafia. At trial, prosecutors said Fisher was targeted for showing “disrespect” by sitting on a table in Giuca’s house.

Giuca ordered another gang member “to go show that guy what’s up,” then gave the shooter a .22-caliber handgun, prosecutors said. At dawn, police responding to a report of gunshots found Fisher’s body shot five times and dumped on a sidewalk.

It took more than a year for police to arrest the shooter. Giuca was taken into custody one month later after authorities secured witnesses who linked him to the crime.

A jury deliberated only two hours before convicting Giuca of second-degree murder in 2005. He and the gunman were sentenced to 25 years to life in prison by a judge who told them that because the killing was callous, “my sentence will be callous.”

Lawyers for Giuliano and Allo refused requests to speak to their clients. But court papers — along with a piece in Vanity Fair magazine and an article in The New York Times based on interviews with Giuliano and Allo — detail a story of despair and deception.

Giuliano, 47, says she was driven by the belief her son was set up by authorities and vilified in the press.

“My main concern was that John got a fair trial,” she said.

Said Allo: “I understand her motivation, but that’s not right.”

Allo’s lawyer declined to discuss Giuliano’s tactics. But her lawyer said under state law, she “had a right to record those conversations.”

“Ultimately, the only person who acted inappropriately was Mr. Allo,” Glaser said.

By Giuliano’s own account, her son’s conviction nearly gave her a nervous breakdown. In 2006, she hatched a plan to begin spying on jurors to see if she could uncover any misconduct.

She eventually zeroed in on Allo, a construction worker with a shaved head living in the Bensonhurst section of Brooklyn. She tailed him for months, once even wearing a head scarf as a disguise.

While casing his apartment, “His cat sat in the window,” she said. “So I knew I’d say I was a cat-lover when I met him.”

In the fall of 2007, Giuliano reinvented herself. She slimmed down at the gym, rented an apartment in Allo’s neighborhood and printed business cards with her assumed name: Dee Quinn, a a recent West Coast transplant.

Her husband initially told her she was crazy, but backed down. Soon she orchestrated a chance meeting with Allo on the street, pretending to be a lonely single woman from California and giving him her phone number.

Giuliano began inviting Allo over to her place and to soften him up. He never recognized her from her days sitting through the trial.

“She was offering me wine, offering to smoke weed,” he said.

There also was flirting. But both said it never went any further. Mainly, they talked. And her digital tape recorder rolled.

She says she struck gold in late 2007, while grilling her new friend about his jury duty.

“I’ll tell you this but I would never tell anybody else,” he said, according to transcripts prepared by the defense. “I actually had some type of information.”

Allo went on to explain that he didn’t know Giuca directly, but used to hang out in his clique and heard rumors about the Fisher slaying — something he failed to mention when questioned under oath during jury selection. Asked if he had been curious about newspaper accounts of the trial, he responded that he’d read them. He also bragged that he had been the first one during deliberations to vote for a conviction.

“I shouldn’t have been in that jury,” he said.

Now that’s an impressive story. This woman went undercover in her own operation and without “sex” *really?* got this guy to fess up that he knew something. I dunno if this will really do anything for her son, but, quite the interesting story….

Written by Krypt3ia

2008/12/05 at 20:58

Posted in Uncategorized

My 15 minutes of WIRED fame…

with 5 comments

Written by Krypt3ia

2008/12/05 at 20:38

Posted in Uncategorized

How to improve cybersecurity: Ask hackers

leave a comment »

By GREGG CARLSTROM
December 04, 2008

A team of experts is working on a sweeping new set of cybersecurity standards and hopes eventually to submit its recommendations to the Office of Management and Budget.

The plan, proposed earlier this month, would shift the government into a more offensive approach to cybersecurity. The White House would be encouraged to work more closely with hackers and computer forensics experts to learn about the vulnerabilities in federal systems. Recommendations would filter down to agencies, and in many cases, would override the thousands of pages of current guidelines from the National Institute of Standards and Technology.

The strategy would fix the current model’s focus on compliance, rather than security, according to Alan Paller, director of the Maryland-based SANS Institute, a computer research center.

“We’re trying to secure systems, rather than secure compliance,” Paller said. “If you know how [hackers] are getting in, you’d have to be crazy not to use your resources to stop that. But people are too focused on compliance.”

The new approach is based on an earlier effort by the Air Force, according to John Gilligan, former Air Force chief information officer. The Air Force worked with a team of hackers from the National Security Agency, who broke into the service’s systems and documented their findings. Eighty percent of the vulnerabilities documented by the NSA team were based on improper software configuration.

That discovery led to a service-wide standard configuration for desktop computers — the forerunner to OMB’s Federal Desktop Core Configuration (FDCC).

“The point of this is … let’s look at where we’re being exploited,” Gilligan said. “We need to realize … we can’t fix everything. [So] where are the vulnerabilities that are being successfully attacked?”

FDCC is one lesson learned from hacking exercises. Another is maintaining secure audit logs: When the Commerce Department was attacked by Chinese hackers in 2006, the department’s auditing systems couldn’t keep track of which machines were accessed. That makes it harder to trace the path of an attack, and to isolate and clean the affected machines.

Paller said hacking exercises have also highlighted the importance of managing dormant user accounts, and properly securing wireless devices.

But Gilligan said existing guidance from NIST didn’t emphasize these vulnerabilities.

“A lot of the stuff from NIST is good, but there’s so much of it, the question is, can I really implement it all?” Gilligan asked. “And if I implement it all, I still won’t be 100 percent secure.”

The team hopes to draw on experts at NSA, as well as the Air Force, U.S. Computer Emergency Readiness Team (US-CERT), and the Defense Department Cyber Crime Center. US-CERT is a partnership between the Homeland Security Department and the public and private sectors that aims to protect the nation’s Internet infrastructure.

The team also plans to draw on forensics experts from the private sector, since hackers often use different patterns of attack to penetrate commercial systems.

“The bumper sticker would read, ‘Let offense inform defense,’ ” Gilligan said. “We need to leverage experts from across the hacker and defender communities to help us determine … where we should be focusing our investments.”

Paller and Gilligan said the new approach is driven by two factors. First, they say, the current compliance-based approach to cybersecurity just isn’t working: CIOs have to comply with more than 1,200 pages of NIST guidance, and much of it doesn’t actually improve security. But there’s also a recognition that the pattern of cyber attacks has changed as operating systems have become more secure.

“If you look in NIST documents, application security doesn’t seem to be a problem,” Paller said. “And it wasn’t, two or three years ago. But operating systems are more secure now, so hackers try to get in through your applications.”

Gilligan said the proposal will be open to public comment within the next few months. After that, he hopes to bring a final proposal to agency CIOs.

“Hopefully they’ll like it and they’ll take it to OMB,” Paller said.

Finally.. Someone making sense! But, will they listen?

Written by Krypt3ia

2008/12/05 at 20:13

Posted in Uncategorized

How to improve cybersecurity: Ask hackers

leave a comment »

By GREGG CARLSTROM
December 04, 2008

A team of experts is working on a sweeping new set of cybersecurity standards and hopes eventually to submit its recommendations to the Office of Management and Budget.

The plan, proposed earlier this month, would shift the government into a more offensive approach to cybersecurity. The White House would be encouraged to work more closely with hackers and computer forensics experts to learn about the vulnerabilities in federal systems. Recommendations would filter down to agencies, and in many cases, would override the thousands of pages of current guidelines from the National Institute of Standards and Technology.

The strategy would fix the current model’s focus on compliance, rather than security, according to Alan Paller, director of the Maryland-based SANS Institute, a computer research center.

“We’re trying to secure systems, rather than secure compliance,” Paller said. “If you know how [hackers] are getting in, you’d have to be crazy not to use your resources to stop that. But people are too focused on compliance.”

The new approach is based on an earlier effort by the Air Force, according to John Gilligan, former Air Force chief information officer. The Air Force worked with a team of hackers from the National Security Agency, who broke into the service’s systems and documented their findings. Eighty percent of the vulnerabilities documented by the NSA team were based on improper software configuration.

That discovery led to a service-wide standard configuration for desktop computers — the forerunner to OMB’s Federal Desktop Core Configuration (FDCC).

“The point of this is … let’s look at where we’re being exploited,” Gilligan said. “We need to realize … we can’t fix everything. [So] where are the vulnerabilities that are being successfully attacked?”

FDCC is one lesson learned from hacking exercises. Another is maintaining secure audit logs: When the Commerce Department was attacked by Chinese hackers in 2006, the department’s auditing systems couldn’t keep track of which machines were accessed. That makes it harder to trace the path of an attack, and to isolate and clean the affected machines.

Paller said hacking exercises have also highlighted the importance of managing dormant user accounts, and properly securing wireless devices.

But Gilligan said existing guidance from NIST didn’t emphasize these vulnerabilities.

“A lot of the stuff from NIST is good, but there’s so much of it, the question is, can I really implement it all?” Gilligan asked. “And if I implement it all, I still won’t be 100 percent secure.”

The team hopes to draw on experts at NSA, as well as the Air Force, U.S. Computer Emergency Readiness Team (US-CERT), and the Defense Department Cyber Crime Center. US-CERT is a partnership between the Homeland Security Department and the public and private sectors that aims to protect the nation’s Internet infrastructure.

The team also plans to draw on forensics experts from the private sector, since hackers often use different patterns of attack to penetrate commercial systems.

“The bumper sticker would read, ‘Let offense inform defense,’ ” Gilligan said. “We need to leverage experts from across the hacker and defender communities to help us determine … where we should be focusing our investments.”

Paller and Gilligan said the new approach is driven by two factors. First, they say, the current compliance-based approach to cybersecurity just isn’t working: CIOs have to comply with more than 1,200 pages of NIST guidance, and much of it doesn’t actually improve security. But there’s also a recognition that the pattern of cyber attacks has changed as operating systems have become more secure.

“If you look in NIST documents, application security doesn’t seem to be a problem,” Paller said. “And it wasn’t, two or three years ago. But operating systems are more secure now, so hackers try to get in through your applications.”

Gilligan said the proposal will be open to public comment within the next few months. After that, he hopes to bring a final proposal to agency CIOs.

“Hopefully they’ll like it and they’ll take it to OMB,” Paller said.

Finally.. Someone making sense! But, will they listen?

Written by Krypt3ia

2008/12/05 at 20:13

Posted in Uncategorized

Tweets for Today

leave a comment »

  • 10:13 Hollywood has decided to re-make “they live” Why Hollywood why? The original still stands! No creativity left in Tinseltown? #

Automatically shipped by LoudTwitter

Written by Krypt3ia

2008/12/05 at 13:41

Posted in Uncategorized

Tweets for Today

leave a comment »

  • 10:13 Hollywood has decided to re-make “they live” Why Hollywood why? The original still stands! No creativity left in Tinseltown? #

Automatically shipped by LoudTwitter

Written by Krypt3ia

2008/12/05 at 13:41

Posted in Uncategorized

Tweets for Today

with one comment

  • 10:13 Hollywood has decided to re-make “they live” Why Hollywood why? The original still stands! No creativity left in Tinseltown? #

Automatically shipped by LoudTwitter

Written by Krypt3ia

2008/12/05 at 13:41

Posted in Uncategorized

Tweets for Today

with one comment

  • 10:13 Hollywood has decided to re-make “they live” Why Hollywood why? The original still stands! No creativity left in Tinseltown? #

Automatically shipped by LoudTwitter

Written by Krypt3ia

2008/12/05 at 13:41

Posted in Uncategorized