Archive for March 2009
Ghost Net: Aka Subseven or any other trojan backdoor program
LONDON, England (CNN) — Nearly 1,300 computers in more than 100 countries have been attacked and have become part of an computer espionage network apparently based in China, security experts alleged in two reports Sunday.
Computers — including machines at NATO, governments and embassies — are infected with software that lets attackers gain complete control of them, according to the reports. One was issued by the University of Toronto’s Munk Centre for International Studies in conjunction with the Ottawa, Canada-based think tank The SecDev Group; the second came from the University of Cambridge Computer Laboratory.
Researchers have dubbed the network GhostNet. The network can not only search a computer but see and hear the people using it, according to the Canadian report.
“GhostNet is capable of taking full control of infected computers, including searching and downloading specific files, and covertly operating attached devices, including microphones and web cameras,” the report says.
The discovery of GhostNet grew out of suspicions that the office of the Dalai Lama had been hacked.
The network was discovered after computers at the Dalai Lama’s office were hacked, researchers say.
Ok, well, there is nothing really new here except that this is a nation state (Our Chinese Overlords) using a back door to perform a massive and orchestrated intel harvesting operation… And perhaps got caught. Of course, this in tandem with the efforts of the likes that wrote “Conficker” then we have something interesting to talk about.
I would like to get a copy of this “Ghost Net” to pick apart…
Until then Tracking Ghost Net is the paper the article mentions
Schneier: It’s Time to Drop the ‘Expectation of Privacy’ Test
In the United States, the concept of “expectation of privacy” matters because it’s the constitutional test, based on the Fourth Amendment, that governs when and how the government can invade your privacy.
Based on the 1967 Katz v. United States Supreme Court decision, this test actually has two parts. First, the government’s action can’t contravene an individual’s subjective expectation of privacy; and second, that expectation of privacy must be one that society in general recognizes as reasonable. That second part isn’t based on anything like polling data; it is more of a normative idea of what level of privacy people should be allowed to expect, given the competing importance of personal privacy on one hand and the government’s interest in public safety on the other.
Full article HERE
The problem is, in today’s information society, that definition test will rapidly leave us with no privacy at all.
Never mind the “definition” of privacy, it is, as Schneier points out, an illusion at this point in time. The technologies that we all love to use also have made that privacy that one might have had eariler a moot point. Face it, Facebook, Twitter, all the social networking that we willingly put out into the internet pretty much nullifies privacy.
I also hasten to add that even if one were trying to keep things private, the internet is not necessarily the place to “keep” them as all systems can be compromised and or turned over to the government after a federal warrant. Of course much of this article also deals with the warrantless wiretapping of not only calls, but also all internet traffic post the Bush administration and the NSA’s back dooring of the Mae’s out there. All your data that you pass through the internet is subject to capture through the NARUS STA 6400 kids. So, there is no privacy there especially if you don’t use any kind of encryption or obfuscation.
I have said it before in other places and I will say it again here:
“There is no privacy whether expected or implied other than that which you make yourself”
In other words,
- Use encryption that is not easily broken like one time pads.
- Use obfuscation techniques in language and communications
- Generally assume that all your comms are being monitored
- Expect that at any time the government could claim “Exigent Cirucmstances” and seize your equipment
- Also expect with a recent court decision, that the 5th amendment will no longer protect you
The recent case of a US citizen coming over the border from Canada being forced to provide his hard drive encryption password (which I believe he still has not even with the court order) also shows the erosion of any idea that we have any kind of privacy any more in the world.
So, I say that no matter what the legal eagles say, the power exists for those with the technology, to erase your privacy at any time they wish it. They can do so, as we found out in the Bush administration, at their will and against the laws of the land without any real repurcussions. The electronic genie is out of the bottle.
In the end, you want privacy? Make it yourself.
Metropolis
It’s as though a cabal of future geneticists have taken the best parts of James Brown, Kate Bush, David Byrne, and Michael Jackson (with the hair of Grace Jones) to create Janelle Monae. I have not been so fascinated or jazzed about a musical artist in a LONG LONG time!
FINALLY! SOME CREATIVITY!!!
I happened upon this article on Studio 360 about her performance at SXSW and man, I just had to go look at her site. The angst of her particular idiom really speaks to the times. On the cusp of future technologies with such epic problems philosophically as well as on the human condition as a whole.
Nice.
I predict you will be seeing much more of this woman and her tight band.
Check it out.
BSG Finale
Well, the end has come and I, who kinda got tired after season 2, decided to watch the finale last night. Ultmately, I was somewhat unimpressed with the end. Really, we as SCIFI watchers are going to get all teary eyed and choked about how “we” as species are put through a giant repetitive rats maze by some “God” ?? Really? THAT is the end? THAT is the penultimate meaning to our existance?
Perhaps its that I am a rationalist at heart when it comes to most things. Perhaps its because I feel that they started this crazy journey with some novel ideas, but they were only 1/4 baked and they had to come up with “an end” but geez, really, could we please get off the whole “God moves in mysterious ways” claptrap? Sure, there is some self destiny here, but, in the last quotes from Six and Baltar, it gives a faint hint that we have no real destiny of our own and that “God” is just a slightly better scientist than Jerry Lewis.
Maybe this is why I really just walked away in season 2 of this thing. It’s the whole “God” and theology angle that I despise. How about instead we deal with our own shit because we made it instead of us having a divine hand involved huh? Might that actually be more “Science” than a channel called “SCIFI” can handle?
I also kind of feel that this series ripped off the original idea that was later to be so poorly played out by “The Matrix” The ideas of philosophy and reality all became more theology and giant explosions in that trilogy of films. In the end, it was the same damn thing with the oracle looking on a bright new day in the Matrix wondering if; “This time the experiment would play out differently”
Tired… Just tired.
CoB
The CISSP Kobayashi Maru
.jpg)
So, today I finally became an “official” CISSP much to my surprise. You see, I took the test a year ago and had thought I was a CISSP, but, I guess I was in name only until today. Oddly enough, I had to pass the final “Kobayashi Maru” of CISSP-ness that this entry will tell.
It seems that when I passed the test back a while ago, I was randomly selected to be “audited”, perhaps like a Scientologist might? Who knows, in any event, I found out recently that I had to provide my resume and other data so they could look it up and say “ok you’re a CISSP”
I diligently provided ISC with the data and made sure my endorser had all his documents in and I thought it was all over. Little did I know I would get an email/call that would stun me.
ISC: “Sir, we need your SSN to get your employment history with IBM”
Me: “Uhh what? You want my SSN? No, I am afraid not. If IBM needs this then they should contact me directly, here’s my number. If my employee ID would suffice, here it is”
Say what? ISC wants me to provide my SSN to them to give to IBM (maybe) to get my records that should not require an SSN? It gets worse though, it was not even IBM, but a third party company that holds the records now that IBM outsourced!! So yeah, they wanted my SSN to be passed through two parties to prove I worked at IBM.. So much for phone call to HR huh?
Insult to injury, this is ISC, the group CERTIFYING security professionals asking for my SSN like this!
This only leads me to further believe that ISC/CISSP is just a ponzi scheme.
Wankers.
Ni HAO!
From “Military Power of the People’s Republic of China (PRC)”
In April 2008, the computer networks at India’s Ministry of External Affairs was attacked by Chinese hackers, and in May 2008 Belgium’s government was attacked by Chinese hackers.
Also in May 2008, suspected Chinese agents secretly copied contents of a U.S. Government laptop during a visit to China by the U.S. commerce secretary and used the information to try to penetrate into Commerce computers.
Computer attacks are one element of what Chinese military theorists call integrated network electronic warfare, to include electronic disrupters and kinetic strikes on enemy infrastructures.
China’s military is aggressively seeking U.S. weapons technology both legally and illegally. U.S. intelligence officials say China’s technology acquisition is a growing threat to national security.
“This year’s DoD China military power report should be required reading for those proposing major U.S. military reductions like ending production of the F-22A fifth generation fighter, reducing U.S. carrier battle groups and unilaterally disarming future U.S. space warfare and robust missile defense capabilities”
Just a heads up.. Our Chinese Overlords are REALLY putting some effort into these things. Time we paid attention. Now add to this the fact they they are being encouraged to buy more of our debt.. I see a perfect storm here.. Anyone else?
The Great Schlep
It’s… Oh, what day five of the “Great Schlep” and we are finally getting the living space in the new house feeling like a “living space” Who would have thought that a two bedroom apartment could contain SO MUCH CRAP! Ok, not really crap, but “stuff” as George Carlin would put it. Of course he was right, you need a bigger place for all your stuff!
Tonight we got the cable back online so its all good.
Final move day is Sunday.. I hope… We have til Tuesday to be out though.
In other news…
I keep waking up at 2:45-3:00am on the dot. I don’t know why I keep waking up at this time. Once was the CO detector as I already posted, but what is it that is waking me? The cat maybe? I am feeling better though about the “spectral visitor” thing. So far nothing has happened to lead me to believe that something is up. Still though, I decided last night to NOT watch “Ghost Hunters” because inevitably I would have had nightmares again about the “visit” with the previous owner.
Overall, I don’t wish to move again for a long time to come! Next comes the unpacking after Sunday’s final big move of furniture.
Yay… God I am old.
Digital DNA
“Today the majority of malware cannot be detected by signature-based security solutions and other traditional security methods. While these solutions play a role in a company’s defense-in-depth security strategy, malware now is more sophisticated and can easily go around these solutions,” said Greg Hoglund, CEO and founder of HBGary. “Our Digital DNA technology detects malware that is polymorphic, using advanced techniques or currently unknown that these solutions can’t find.” HBGary Digital DNA: How it Works Digital DNA is a patent-pending technology to detect advanced computer security threats within computer memory without relying on information provided by the computer’s operating system. All software modules residing in memory are identified and ranked by level of severity. The Digital DNA sequence appears as a series of trait codes when concatenated together describe the behaviors of each software module. For an example of a Digital DNA sequence, pleases use this link http://www.hbgary.com. Observed behavioral traits are then matched against HBGary’s new Global Threat Genome database to classify digital objects as good, bad or neutral. The database currently contains more than 2500 codified behavior traits.
Full Article HERE
I recently had a discussion about the DNA traits that could be programmed digitally into malware/virus’ I am interested to see a RNA version too that would mutate with connection to other malware/virus’ so they could trade and create new variants on their own.
With the advent of Conficker, I think this is getting closer to a reality. It is conceiveable to create code that could mesh in a random mutation and thus generate new and intersting modus operandi.
On the other end of this I am sure that the presented methodology by HB Gary will be all the rage in future attempts to detect and thwart all those pesky nasties.
Conficker C Variant: SRI Analysis
Conclusion
We present an analysis of Conficker Variant C, which emerged on the Internet at roughly 6 p.m. (PST) on 4 March 2009. This variant incorporates significant new functionality, including a new domain generation algorithm and a new peer-to-peer file sharing service. Absent from our discussion has been any reference to the well-known attack propagation vectors (RCP buffer overflow, USB, and NetBios Scans) that have allowed C’s predecessors to saturate so much of the Internet. Although not present in C, these attack propagation services are but one peer upload away from any C infected host, and may appear at any time. C is, in fact, a robust and secure distribution utility for distributing malicious content and binaries to millions of computers across the Internet. This utility incorporates a potent arsenal of methods to defend itself from security products, updates, and diagnosis tools. It further demonstrates the rapid development pace at which Conficker’s authors are maintaining their current foothold on a large number of Internet-connected hosts. Further, if organized into a coordinated offensive weapon, this multimillion-node botnet poses a serious and dire threat to the Internet.
Full report HERE
So, what does it all mean? What is the master plan for Conficker? The Cabal has not yet been able to find out who wrote it (but my guess is that they are Ukrainian) to track them down. Everything just looms over us as April 1 approaches and its activation day comes.
What’s missing here is the actual commands that the code is supposed to enact on April 1 though. I am sure they have decoded the bug and know, so why not let us all know? Perhaps the game is afoot and they plan on stopping a mass attack. Who knows…
What I find really interesting about the Conficker updates is that they seem to have thought this out very well. With the random DNS calls, the random sleep times, and other methods to obfuscate its presence, this bug would seem to have the ability to propagate itself, attack the internet, and possibly pass data to the herders at an incredible rate. All the while it would be unable to be stopped by common IDS/Friewalls etc.
April 1 will be interesting to say the least…
It’s 3am.. Who You Gonna Call?
Ok, not that I am overly freaked out by things, but, this is the second night that something has awakened me at 3AM…
Dead asleep and BEEP BEEP BEEP BEEP the CO alarm in the bedroom here goes at EXACTLY at 3am! This is the second night that this has happened since moving in. The first time I don’t know what awoke me, but I was asleep then BING! awake and looking for the cause. Of course this is all coincidence right? I mean, I had those dreams about the house and walking out to find the previous owners husband in my living room sitting on the couch… But, that’s just my imagination running away with my logical brain right?
So, here I sit in bed with the laptop, wide awake after searching the house for more CO alarms and finding nothing. Now, the CO detector seems to have an old sensor (do not install after Dec 2008) is printed on it, so I guess it is out of date. So, it stands to reason that it’s likely to malfunction and scream right? I even went to the First Alert site and they said it may go off if the sensor was old.
I checked the web for false alarms and CO and man, First Alert even claims that pets can set the damn thing off! Huh? WTF man! I will get another one tomorrow and see I guess. Meanwhile we have the windows open in the bedroom just in case, but we present no signs of CO poisoning.
Oh well.. Anyone have a used proton pack they want to sell?
Krypt3ia 