Tuesday, September 20, 2011

Week 4 Post: DigiNotar, No More

      DigiNotar, a company based out of the Netherlands (a subsidiary of VASCO Data Security), will officially be going out of business (claiming bankruptcy), largely in part due to the efforts of a lone 21-year old hacker who identifies himself as "Comodohacker."

Earlier this year (July 19th, 2011), DigiNotar was a victim of a cyber attack that resulted in an intrusion of the company's Certificate Authority (CA) infrastructure.  This successful attack allowed for the issuance of fraudulent SSL certificates for hundreds of domains, to include CIA.gov and Google.com.  The fraudulent SSL certificates could be maliciously used by hackers to spoof themselves as a sub-domain of Google.com, CIA.gov, etc.  This could allow hackers to perform phishing attacks, spoof content, and perform main-in-the-middle attacks against internet browsers.  This event caused Microsoft to remove the DigiNotar root certificate from the Microsoft Certificate Trust List (list used in Vista, Windows 7, Server 2008, etc).

DigiNotar was acquired by VASCO Data Security in January, 2011 for $12.9 Million, but in the first 6 months of the 2011 year, DigiNotar has generated less than 100,000 euro in  SSL and EVSSL revenue.  The company has halted sales of its certificates since the incident.

The Court has appointed both a bankruptcy judge and a bankruptcy trustee to manage the bankruptcy process. The trustee is going to work under supervision of the judge and will be responsible for administration actions and the liquidation process of DigiNotar. The Trustee will be submitting his reports to the Judge and reports are expected to be delivered to the public and should serve as the primary source of information to both creditors and stakeholders.

T. Kendall Hunt (VASCO's Chairman and CEO) gave the following statement: "Although we are saddened by this action and the circumstances that necessitated it, we would like to remind our customers and investors that the incident at DigiNotar has no impact on VASCO's core authentication technology. The technological infrastructures of VASCO and DigiNotar remain completely separated, meaning that there is no risk for infection of VASCO's strong authentication business.”  The only thing missing from his statement to the shareholders is: "p.s. sorry about the $12.9 million dollars we just lost."

This is not the first CA that Comodohacker has hacked into, but it is the first one that has been officially forced out of business as a result of his efforts.    

Comodohacker is reportedly an Iranian loyalist.  He has said that he has developed an unbreakable system for replacing SSL certificates.  He has said the following: “If my country get equal right as USA in controlling emails, I may share my brilliant unbreakable encryption system for replacement of SSL and CA system,”  He's also pumped himself up with the following: “P.S.S. never forget, I'm just 21, you have to see much more from me!”

It simply amazes me that a company whose market IS internet security could be destroyed by the efforts of a lone individual.  If this isn't a form of situational irony, I don't know what is (but since the word irony is so often misused, and seems to have lost its original meaning in our society - thanks Alanis Morissette, chances are this isn't a good example of situational irony whatsoever, but short of tragic, I don't know how to label this event).

Hopefully the next time we hear about Comodohacker it won't follow the headlines of something as horrible as this, an act of digital terrorism, but rather, let's hope he does have an unbreakable system for SSL certificates that he is willing to share with the world.  Unfortunately I highly doubt that will be the case.  
    

Reference:

Lennon, M. (2011).  Hacker Forces DigiNotar Into Bankruptcy.  Retrieved September 21, 2011, from Security Week Web site: http://www.securityweek.com/hacker-forces-diginotar-bankruptcy

Wednesday, September 14, 2011

Week 3 Post: 9/11, From Hijackers to Hackers

For most people in our nation, September 11th will live on to be a day that commemorates a dark hour in our nation's past.  Yet this year the 10th anniversary was mocked by online hackers.  While the rest of the nation was involved in respectful and solemn ceremonies, remembering the lives taken in the attacks on New York and Washington, a group of hackers took the event as their cue to perform online shenanigans.

On Friday, a hacker group notorious for hacking media outlets hijacked the NBC News Twitter account and posted fabricated accounts of attacks on "Ground Zero" in New York.  The group posted messages saying that there was a plane crash at the site following a suspected hijacking.

The group responsible for the postings later unmasked themselves with the following message: “NBCNEWS hacked by the Script Kiddies.”

It seems that the group breached the account via a spear phishing attack.  There are only 3 people who have the password to the account.  Following this attack, Ryan Osborn (NBC Social Media Director) admitted to MSNBC that he had recently opened an attachment in an e-mail sent to him from an unknown sender.

Prior to this attack, the Script Kiddies gained notoriety with their 4th of July attacks on the Fox News Twitter account.  In that debacle, they posted a series of false messages claiming that President Barack Obama had been assassinated.

The Script Kiddies were not the only group engaging in criminal activity surrounding 9/11; another group which identifies itself with the moniker Team Poison ran a campaign in which they were petitioning for support from the masses to call the federal government and protest U.S. foreign policy.  The group posted a listing phone numbers on the internet.  The numbers were for the White House, U.S. embassies in Libya and Afghanistan, the FBI and the CIA.  They were asking its followers to call these numbers and leave the following message: “Dear USA, your 9/11 is our 24/7.  Sincerely, [a country that has been bombed/attacked by the USA].”

The group was hoping that the result of mass phone calls would have a huge effect on business. But it would seem that their efforts were largely in vain because much of the Federal government is closed on Sundays so there wasn’t much business to disrupt.

Team Poison had gained some infamy when they defaced a website operated by Research In Motion (RIM), the Canadian company that makes the Blackberry Smartphone.  The attack on RIM was spawned because of RIM’s cooperation with the London police during the London riots.

Team Poison has also attacked other hacker groups.  They took down the LulzSec website because they felt that its members were inferior hackers.


Reference:
http://www.pcworld.com/article/239824/911_anniversary_spurs_hacker_mischief.html

Monday, September 5, 2011

Week 2 Post: Hack the Planet Hollywood!!

Today is a great day NOT to be famous and living in Hollywood.  A splinter cell of the group 'Anonymous' known as 'Hollywood Leaks' has apparently turned their sites away from big government and corporations and has instead set its sights on the stars of Hollywood.  They are targeting movie stars, TV personalities and musicians. 

There are reports that Tom Cruise, Miley Cyrus, and Kreayshawn have already fallen victim to the group.  The hackers are apparently scrounging for any dirt they can get, nude photos, e-mails, memos, phone numbers, pretty much anything they can get their hands on and expose to the world.

Thus far their efforts have resulted in publishing the phone numbers of: Cyrus and Ashley Green, Helio Castronoves and Corky Ballas.  They've also published the pre-release script of the movie "Rock of Ages" which Tom Cruise will star in.  So far the list of exploits seems pretty minor, but it's just the beginning I'm sure.

The reason I picked up on this article is because I am really torn on the situation.  A part of me could really care less about Hollywood, but a larger part of me churns at the concept of these faceless hacker groups.  I went to the tweet page for this particular group (http://twitter.com/#!/hwleaks) and its followers seem to be a strange group filled with immaturity.  The posts range from threats, counter threats, people asking for dirt on individual celebrities, bragging and a whole lot of "LULZ."

I detest the idea of people using a computer to hurt others, and according to this article, part of this groups goal is to 'end the Jew-controlled media.'  To me this is a clear example of why groups like Anonymous are so hard to take seriously.  There is no 'head' of the group, it's recruitment mechanism is an open invitation to whoever wants to be part of it, so how could the 'group' say that it wants to 'end the Jew-controlled media?'  What is to stop me from creating a YouTube video, claiming to be part of this outfit and saying that the point of these attacks are because I detest the last season of Smallville?  With their lack of oversight it is too easy for someone to deliver this hate-speech agenda, and who can come forward as a voice for the group and say that they're not a hate group?  It makes the job of anyone wishing to smear the group or put that type of spin on them all that much easier.

The idea of a group hiding behind a question mark doesn't really strike fear into the heart, but for some reason it reminds me of other terrorist organizations, it doesn't take a lot of courage to hit-and-run and remain faceless.  I am perhaps most struck by the irony of the situation - faceless people attacking the 'beautiful people' of Hollywood.  It will be interesting to see when some of these individuals get caught for their crimes and faces are attached to them. 

I'm sure we haven't heard the end of this, but I have to wonder how many A-listers will be consulting their IT Security specialists in the near future.

To read the full article, follow:
http://news.cnet.com/8301-1009_3-20100210-83/offshoot-of-anonymous-takes-aim-at-hollywood/?tag=mncol;title