Category Archives: Cybercrime

Cyber War

Posted by

The Greatest Story Never Told
Good news and bad news on the Cyber War front.
h/t: Strategy Page

The number of exploitable defects in software declined five percent last year. But the number of serious exploits went up 28 percent.

There is a growing market for exploitable defects, with some security firms offering cash rewards.

In the past, hackers had their own underground market for these exploits. But so much commerce is moving to the web, and Internet security is becoming such a large business, that finding those exploits first (and disabling or exploiting them) is attracting more money.

The gangsters still want to have their hackers get to these exploits first, but now they have to compete.

But the biggest news on the Cyber War front is that it rarely makes the headlines.

It’s not that Cyber War isn’t important; it’s just that all this geek stuff is hard to explain and just does not sound that scary.

In the competitive news business, Cyber War is not good news. But to the intel and security people, the U.S. has been under heavy assault for several years now.

The losses of information have been huge, and it’s not certain just how much has been stolen.

All this will be big news in a decade or so when more details emerge about the extent of the losses. But for now, it’s just one of those stories no one could wrap their heads around.

In addition to the usual software flaws (that serve as exploits), there is also a growing number “malware” type software. This stuff is best known as “adware” programs that users, often unknowingly, download onto their PCs.

That results in more ads, or ads based on a careful examination of what the user does, say, when using their browser. There are hundreds of thousands of these little nasties out there, and Cyber War operators have found this stuff to have military and espionage use.

In the middle of all this you have military users of exploits. These are the shadowy organizations, particularly in China and the United States, where exploits are stockpiled (and soon replaced as the exploit is rendered ineffective via a software patch) for use in wartime.

China, and probably the United States, are already using their exploits arsenals for espionage, and counter-espionage.

Many criminal gangs also do contract work, usually for espionage operations. Some corporations have been caught doing this as well. Only small players have been caught so far. Any large corporation going this way would put a premium on not getting caught.

Chinese firms are particularly energetic in stealing technology, and producing their own versions. They are often quite blatant about it, especially if it’s military technology (which means government protection from retribution.)

The Russians are trying to force the Chinese government to crack down on this, without much success so far.

The United States, and many other Western nations, are also going after China for the use of Internet based espionage. Again, so far, the Chinese are refusing to admit to it, much less slack off.

Western Cyber War experts are urging some retaliation in kind.

That could get interesting.

Cyber Blackout

Posted by


CIA: Cyber Attacks Turn Out the Lights
By Michael Tanji
h/t: ThreatsWatch

The importance of securing national resources that access cyberspace just got a shot in the arm.

On Wednesday, in New Orleans, US Central Intelligence Agency senior analyst Tom Donohue told a gathering of 300 US [and foreign] government officials, engineers and security managers from [critical infrastructure sectors] asset owners that

“We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyber attacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet.”

Such an event would be problematic at any time, but timed to occur during high-stress periods like during heat waves or inclement weather, the impact could be devastating.

Most “cyber terrorism” noted to date is little more than miscreant mischief, but a concerted effort to conduct a serious attack in this sector could actually cost lives.

The volume may be minor, but the idea that services we take for granted are not under our control is one way to shake people’s confidence in the government’s ability to protect them.

Computer Virus Turns 25

Posted by


From the AP story by Anick Jesdanun:

What began as a ninth-grade prank, a way to trick already-suspicious friends who had fallen for his earlier practical jokes, has earned Rich Skrenta notoriety as the first person ever to let loose a personal computer virus.

Although over the next 25 years, Skrenta started the online news business Topix, helped launch a collaborative Web directory now owned by Time Warner Inc.’s Netscape and wrote countless other computer programs, he is still remembered most for unleashing the “Elk Cloner” virus on the world.

“It was some dumb little practical joke,” Skrenta, now 40, said in an interview. “I guess if you had to pick between being known for this and not being known for anything, I’d rather be known for this. But it’s an odd placeholder for (all that) I’ve done.

Read the whole AP story by Anick Jesdanun -> here.
More from Rich Skrenta’s blog -> here.
Backstory from Anick Jesdanun’s blog -> here.

Will we ever blow the candles out on that cake?

No Free Lunch in Michigan

Posted by


Michigan Man Fined for Using Coffee Shop’s Wi-Fi Network


A Michigan man has been fined $400 and given 40 hours of community service for accessing an open wireless Internet connection outside a coffee shop.

Under a little known state law against computer hackers, Sam Peterson II, of Cedar Springs, Mich., faced a felony charge after cops found him on March 27 sitting in front of the Re-Union Street Café in Sparta, Mich., surfing the Web from his brand-new laptop.

Last week, Peterson chose to pay the fine instead as part of a jail-diversion program.

“I think a lot of people should be shocked, because quite honestly, I still don’t understand it myself,” Peterson told FOXNews.com “I do not understand how this is illegal.” More ->

Meanwhile: Wireless Internet Gains Momentum in the U.S.

Some 34% of Internet users have logged onto the Internet using a wireless connection either around the house, at their workplace, or some place else. In other words, one-third of Internet users, either with a laptop computer, a handheld personal digital assistant (PDA), or cell phone, have surfed the Internet or checked email using means such as Wi-Fi broadband or cell phone networks, Pew Internet & American Life Project has published based on survey conducted in December 2006.
 More ->