 |
UMP Orchestra Group
OG Forum
|
Important Notice:
We regret to inform you that our free phpBB forum hosting service will be discontinued by the end of June 30, 2024.
If you wish to migrate to our paid hosting service, please contact [email protected].
| View previous topic :: View next topic |
| Author |
Message |
kai
Hobbyist
Joined: 02 Mar 2008
Posts: 23
Location: Ipoh
|
 Posted: Fri Apr 25, 2008 5:14 pm Post subject: Hackers warn high street chains |
 |
|
| Quote: | High street chains will be the next victims of cyber terrorism, some of the world's elite hackers have warned.
They claim it is only a "matter of time" before the likes of Tesco and Marks & Spencer are targeted.
Criminals could use the kind of tactics which crippled Estonia's government and some firms last year, they warned.
The experts were members of the infamous "Hackers Panel" which convened in London this week at the InfoSecurity Europe conference.
The panel includes penetration testers and so-called "white hat" hackers, who help companies tighten up their digital security by searching for flaws in their defences.
Previous panellists include Gary McKinnon, known as Solo, alleged by the US government to have hacked into dozens of US Army, Navy, Air Force, and Department of Defense computers.
The "hackers" usually remain anonymous, "for security reasons", but this year's panellists agreed to break cover.
Common cause
First up was Roberto Preatoni, the founder of the cyber crime monitoring site, Zone-H, and WabSabiLabi, a trading site for security researchers.
His appearance came just a few months after he was arrested by Italian authorities on charges of hacking and wiretapping, as part of the ongoing investigation into the Telecom Italia scandal.
Mr Preatoni told the audience that the attacks in Estonia were a harbinger for a new era of cyber warfare.
"I'm afraid we will have to get used to this," said Mr Preatoni, also known as SyS64738. "We had all been waiting for this kind of attack to happen.
"Estonia was just unfortunate to be the first country to experience it. But very soon, our own [western] companies and countries will be getting attacked for political and religious reasons.
"This kind of attack can happen at any time. And it will happen."
During the two week "cyber war" against Estonia, hackers shut down the websites of banks, governments and political parties using "denial-of-service" (DoS) attacks, which knock websites offline by swamping servers with page requests.
As many of the attacks originated from Russia, the Estonian government pointed the finger at the Kremlin. But Mr Preatoni said that, having spoken to contacts in the hacking community, he was clear that "Putin was not involved".
"In my opinion, this was a collection of private individuals who spontaneously gathered under the same flag.
"Even though Estonia is one of the world's most advanced countries in IT technology, the whole economy was brought to its knees.
"That's the beauty of asymmetric warfare. You don't need a lot of money, or an army of people. You can do it from the comfort of your living room, with a beer in your hand.
Gate control
His warning was echoed by Steve Armstrong, who teaches seminars in hacking techniques, at the SANS Institute for information security training.
"If someone wants to have a pop at the UK, they are unlikely to go for the government web servers. They will go for the lower hanging fruit - companies which are seen as good representatives of the country.
"The likes of Tesco, Marks & Spencer and B&Q can be seen as legitimate targets.
"We have to get the message across to companies [to invest in information security].
"At the moment Chief Executives are only interested in the bottom line. But remember - if tesco.com goes down, that's a lot of shopping."
Mr Preatoni said that the Estonian government's repeated failure to thwart the attacks was proof that we still have "no good solutions" for denial of service attacks.
The panellists then argued over whether Internet Service Providers should do more to tighten security, by helping customers' protect their computers from being "zombified" by hackers for use in distributed DoS attacks.
"Actually, I don't think the ISPs should have any role in security," said Preatoni.
"In my opinion, that's like asking the Royal Mail to be responsible for the quality of your post."
But his view was immediately challenged by the third panellist, Jason Creasey, head of research at the independent Information Security Forum.
"I believe ISPs can play a phenomenal role in security, with a little bit of legal pressure," he claimed.
Net weakness
He was backed by an audience member, Angus Pinkerton, of Lynks Security Consulting. "The only way to defend against a distributed attack is with a distributed defence," he argued.
"I think it's unacceptable that ISPs are content to let their customers be part of bot-nets."
He challenged Steve Armstrong's view that asking ISPs to perform security duties was "fundamentally, censorship."
"This is not about free speech," said Mr Pinkerton. "Free speech does not entitle you to shout fire in a crowded theatre."
In the meantime, Mr Preatoni warned the audience it is "only going to get easier" to carry out a DoS attack, because he claimed the latest net address system, known as Internet Protocol Version 6 (IPv6), is actually more amenable to DoS.
Later, he told the BBC that the rise in cyber attacks originating in China was a convenient cloak for western countries to disguise their own cyber espionage activities.
"It's too easy to blame China," he said. "In fact, legitimate countries are bouncing their attacks through China. It's very easy to do, so why not?
"My evil opinion is that some western governments are already doing this." |
http://news.bbc.co.uk/2/hi/technology/7366995.stm
After watching "The Matrix" movie, I once consider to be a hacker....but it seems like that dream is too difficult to achieve......... |
|
| Back to top |
|
 |
rowanlim
Administrator
Joined: 02 Mar 2008
Posts: 2680
Location: Malaysia
|
| Posted: Fri Apr 25, 2008 5:17 pm Post subject: |
|
|
MOD EDIT: Moved to General Chat
Mental...Hackers? China? Western government? What are they thinking? 
_________________
~music pours on mortals her magnificent disdain~ |
|
| Back to top |
|
|
calebdanvers
Musician
Joined: 06 Mar 2008
Posts: 1206
Location: Planet Earth
|
| Posted: Fri May 23, 2008 7:00 am Post subject: |
|
|
Where did u get this article from??? This sounds really scary...hahahahahaha. I'm TOTALLY illiterate when it comes to ISPs and bla bla bla(all those computer terms)...
_________________
Dinosaurs Against Fossil Fuels.  |
|
| Back to top |
|
|
calebdanvers
Musician
Joined: 06 Mar 2008
Posts: 1206
Location: Planet Earth
|
| Posted: Fri May 30, 2008 8:52 am Post subject: |
|
|
Below is an article i retrieved today at http://news.yahoo.com/s/ap/20080530/ap_on_go_ca_st_pe/china_hacking;_ylt=Aky2_4lxDZD7m9urffdyh9UazJV4.
| Quote: | AP: US probes whether laptop copied on China trip By TED BRIDIS, Associated Press Writer
Fri May 30, 1:17 AM ET
WASHINGTON - U.S. authorities are investigating whether Chinese officials secretly copied the contents of a government laptop computer during a visit to China by Commerce Secretary Carlos M. Gutierrez and used the information to try to hack into Commerce computers, officials and industry experts told The Associated Press.
Surreptitious copying is believed to have occurred when a laptop was left unattended during Gutierrez's trip to Beijing for trade talks in December, people familiar with the incident told the AP. These people spoke on condition of anonymity because the incident was under investigation.
Gutierrez told the AP on Thursday he could not discuss whether or how the laptop's contents might have been copied.
"Because there is an investigation going on, I would rather not comment on that," he said. "To the extent that there is an investigation going on, those are the things being looked at, those are the questions being asked. I don't think I should provide any speculative answers."
A Commerce Department spokesman, Rich Mills, said he could not confirm or deny such an incident in China. Asked whether the department has issued new rules for carrying computers overseas, Mills said: "The department is continuing to improve our security posture, and that includes providing updates, guidances and best practices to staff to maintain security."
It was not immediately clear what information on the laptop might have been compromised, but it would be highly unorthodox for any U.S. government official to carry classified data on a laptop overseas to China, especially one left unattended even briefly. Modern copying equipment can duplicate a laptop's storage drive in just minutes.
The report of the incident is the latest in a series of worrisome cyber security problems blamed on China and comes at a sensitive time, with looming trade issues between the countries and special attention on China over the upcoming summer Olympics. Gutierrez returned just weeks ago from another trip to Beijing, where he noted he had "traveled here more than to any other foreign city during my tenure as commerce secretary."
In the period after Gutierrez returned from China in December, the U.S. Computer Emergency Readiness Team � known as US-CERT, some of the government's leading computer forensic experts � rushed to the Commerce Department on at least three occasions to respond to serious attempts at data break-ins, officials told the AP.
"There's nothing to substantiate an actual compromise at this time," said Russ Knocke, spokesman for the Department of Homeland Security. Knocke said he was unable to find records of a DHS investigation. He said US-CERT workers have visited the Commerce Department eight times since December, but none of those visits related to laptops or the secretary's trip to China. He said the US-CERT organization works routinely with all U.S. agencies.
The FBI declined to comment.
It wasn't clear whether leaving the laptop unattended violated U.S. government rules. Some agencies, such as Homeland Security, routinely provide officials with sanitized laptops to carry on trips overseas and require them to leave in the U.S. their everyday laptops, which might contain sensitive information. Some former Commerce officials told the AP they were careful to keep electronic devices with them at all times during trips to China.
"We have rules in place," Gutierrez said. "We have procedures that people go through before they travel. So, there is a very significant process in place. Technology is obviously moving very quickly, and we have to move very quickly with it. But all of that is something that we are going through."
A senior U.S. intelligence official, Joel F. Brenner, recounted a separate story of an American financial executive who traveled to Beijing on business and said he had detected attempts to remotely implant monitoring software on his handheld "personal digital assistant" device � software that could have infected the executive's corporate network when he returned home. The executive "counted five beacons popped into his PDA between the time he got off his plane in Beijing and the time he got to his hotel room," Brenner, chief of the office of the National Counterintelligence Executive under the CIA, said during a speech in December.
Brenner recommended throwaway cellular phones for any business people traveling to China.
"The more serious danger is that your device will be corrupted with malicious software that takes only a second or two to download � and you will not know it � and that can be transferred to your home server when you collect your e-mail," he said.
The Pentagon, State Department and Commerce Department all have been victimized by widespread computer intrusions blamed on China since July 2006. Defense Secretary Robert Gates confirmed in September that parts of the Pentagon's unclassified e-mail system � used by Gates and hundreds of others � were disrupted in June 2007 due to a break-in.
The Commerce Department break-ins have been so serious that its Bureau of Industry and Security, which regulates exports of sensitive technology that might be used in weapons, effectively unplugged itself from the Internet.
Workers were instructed to use a few laptops placed around the office that are isolated from the department's network, even to search for public information using Google's Web search engine.
"We have discovered a number of very serious threats to the integrity of our systems and data," wrote then-Deputy Undersecretary of Commerce Mark Foulon to employees in an e-mail obtained by AP under the Freedom of Information Act. He said the department was not the government's only hacking victim, "but we have an obligation, which we must take seriously, to take all necessary measures to protect our systems and our data."
At the time, Foulon acknowledged that some of the protective measures "may create difficulties and even reduce productivity."
Fully one year after being unplugged from the Internet, some Commerce Department employees complained about the inconvenience. One worker offered to provide his own laptop so he could work at his desk, rather than use one of the office terminals 30 feet away. "How that endanger the network?" the employee wrote last summer. His request was denied by a security supervisor who complained that he, too, was struggling with the same Internet restrictions.
___
Associated Press writers Jeannine Aversa and Eileen Sullivan contributed to this story from Washington. |
If what the article alleged is true, i guess cyber terrorism or many of the hackings ever reported must have spawned from laptop copying actvities. Coincidence huh???
_________________
Dinosaurs Against Fossil Fuels. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
