Promia headerboxes
Home -- News & Videos -- What's New

In the News

#U.S. October 21, 2016 / 6:20 AM / 10 months ago

Cyber attacks disrupt PayPal, Twitter, other sites

Joseph Menn, Jim Finkle and Dustin Volz 5 Min Read (Reuters) -


;Hackers unleashed a complex attack on the internet through common devices like webcams and digital recorders and cut access to some of the world’s best known websites on Friday, a stunning breach of global internet stability. The attacks struck Twitter, Paypal, Spotify and other customers of an infrastructure company in New Hampshire called Dyn, which acts as a switchboard for internet traffic. The attackers used hundreds of thousands of internet-connected devices that had previously been infected with a malicious code that allowed them to cause outages that began in the Eastern United States and then spread to other parts of the country and Europe. “The complexity of the attacks is what’s making it very challenging for us,” said Dyn’s chief strategy officer, Kyle York. The U.S. Department of Homeland Security and the Federal Bureau of Investigation said they were investigating. The disruptions come at a time of unprecedented fears about the cyber threat in the United States, where hackers have breached political organizations and election agencies. Friday’s outages were intermittent and varied by geography. Users complained they could not reach dozens of internet destinations including Mashable, CNN, the New York Times, the Wall Street Journal, Yelp and some businesses hosted by Amazon.com Inc. Dyn said attacks were coming from millions of internet addresses, making it one of the largest attacks ever seen. Security experts said it was an especially potent type of distributed denial-of-service attack, or DDoS, in which attackers flood the targets with so much junk traffic that they freeze up. Related Coverage FBI investigating cause of cyber attacks: law enforcement official · PayPal says some customers unable to make payments due to cyber attack on Dyn U.S. agencies probing 'all potential causes' of attack on internet provider Dyn

VULNERABILITIES EXPLOITED

Dyn said that at least some of the malicious traffic was coming from connected devices, including webcams and digital video recorders, that had been infected with control software named Mirai. Security researchers have previously raised concerns that such connected devices, sometimes referred to as the Internet of Things, lack proper security. The Mirai code was dumped on the internet about a month ago, and criminal groups are now charging to employ it in cyber attacks, said Allison Nixon, director of security research at Flashpoint, which was helping Dyn analyze the attack. Dale Drew, chief security officer at communications provider Level 3, said that other networks of compromised machines were also used in Friday’s attack, suggesting that the perpetrator had rented access to several so-called botnets. An attendee looks at a monitor at the Parsons booth during the 2016 Black Hat cyber-security conference in Las Vegas, Nevada, U.S. August 3, 2016.David Becker The attackers took advantage of traffic-routing services such as those offered by Alphabet Inc’s Google and Cisco Systems Inc’s OpenDNS to make it difficult for Dyn to root out bad traffic without also interfering with legitimate inquiries, Drew said. “Dyn can’t simply block the (Internet Protocol) addresses they are seeing, because that would be blocking Google or OpenDNS,” said Matthew Prince, CEO of security and content delivery firm CloudFlare. “These are nasty attacks, some of the hardest to protect against.” GOVERNMENT WARNED OF ATTACKS Drew and Nixon both said that the makers of connected devices needed to do far more to make sure that the gadgets can be updated after security flaws are discovered. Big businesses should also have multiple vendors for core services like routing internet traffic, and security experts said those Dyn customers with backup domain name service providers would have stayed reachable. The Department of Homeland Security last week issued a warning about attacks from the Internet of Things, following the release of the code for Mirai. Attacking a large domain name service provider like Dyn can create massive disruptions because such firms are responsible for forwarding large volumes of internet traffic. Dyn said it had resolved one morning attack, which disrupted operations for about two hours, but disclosed a second a few hours later that was causing further disruptions. By Friday evening it was fighting a third. Amazon’s web services division, one of the world’s biggest cloud computing companies, reported that the issue temporarily affected users in Western Europe. Twitter and some news sites could not be accessed by some users in London late on Friday evening. PayPal Holdings Inc said that the outage prevented some customers in “certain regions” from making payments. It apologized for the inconvenience and said that its networks had not been hacked. A month ago, security guru Bruce Schneier wrote that someone, probably a country, had been testing increasing levels of denial-of-service attacks against unnamed core internet infrastructure providers in what seemed like a test of capability. Nixon said there was no reason to think a national government was behind Friday’s assaults, but attacks carried out on a for-hire basis are famously difficult to attribute. Reporting by Joseph Menn in San Francisco, Jim Finkle in Boston and Dustin Volz in Washington. Additional reporting by Eric Auchard in Frankurt, Malathi Nayak in New York, Jeff Mason and Mark Hosenball in Washington, Adrian Croft and Frances Kerry in London; Editing by Bill Trott, Lisa Shumaker and Jonathan Weber

 

 


Navy collisions point to the risks of automation on sea, air, land.

By Amy Fraher, University of
Birmingham, Aug. 30 (UPI)

Four collisions involving U.S. Navy ships this year have
resulted in the deaths of 17 sailors and the injury of several more, along with
millions of dollars in equipment damage. Several senior officers have lost
their jobs as a result.

the worst of these accidents occurred in high-traffic areas in Asia: the USS
Fitzgerald <a href="http://www.bbc.co.uk/news/world-asia-40317341">collided</a>
with a Philippine-flagged container ship close to Tokyo, and the USS <a
href="https://www.upi.com/topic/John_S._McCain/" title="John S. McCain">John S.
McCain</a> <a href="http://www.dailymail.co.uk/news/article-4823510/Navy-declares-two-dead-eight-missing-USS-McCain-crash.html">collided</a>
outside Singapore with a Liberian-registered tanker.

Both accidents involved modern, technologically sophisticated military ships
colliding with much larger, heavier commercial vessels, which were most likely
being steered via autopilot at the time of the crash. After hitting Fitzgerald,
the Philippine container ship curiously continued steady on course for another
30 minutes, raising the distinct possibility that no human was steering the
ship - or possibly even awake - <a href="https://www.nytimes.com/2017/06/23/world/asia/destroyer-fitzgerald-collision.html">when
the collision occurred at about 1:30 a.m.</a>. One expert <a
href="https://www.nytimes.com/2017/08/21/world/asia/navy-ship-mccain-search-sailors.html">described</a>
the absurdity of these collisions like a crash between a state-of-the-art race
car and a fully loaded garbage truck.

We will not know the full details of what went on for quite some time as
both the U.S. Navy and the U.S. National Transportation Safety Board continue
their <a href="https://assets.documentcloud.org/documents/3934451/Navy-Report-on-USS-Fitzgerald.pdf">in-depth
investigations</a>. But there are certain commonalities in these accidents that
I believe can tell us something about troubling automation trends in our
rapidly evolving transportation system. There's a fundamental problem with the
industry's reliance on technology to save the day when collisions become
imminent, often in complex environments.

For example, consider the use of automation within these maritime
collisions. A navy destroyer such as the Fitzgerald has a crew of about 300
officers and sailors on duty round-the-clock, equipped with some of the most
sophisticated equipment available to support them. In contrast, commercial
cargo vessels tend to have just 20 to 30 people on board, dictated by <a
href="http://solasv.mcga.gov.uk/annexes/Annex06.htm">minimum legal requirements As a result, many duties are automated and the use of an autopilot for
navigation is common. But autopilot has limitations - and it is not safe or
recommended to use automation when navigating in dense, high-traffic areas
which may require swift responses and maneuvers to avoid a collision.

There are lessons here not just for the sea lanes, but also for other key
developments in transportation: driverless cars, trucks and drones. In these
industries, developments frequently outpace regulators' ability to supervise
their fast-paced innovations. In this void, unsafe operational practices
emerge.

 


By James Andrew Lewis

Updated 1:39 PM ET, Tue August 29, 2017

  Is N.Korea's hidden army behind global cyberattack? 03:07

Story highlights

  • James Andrew Lewis: If someone refers to a Cyber Pearl Harbor, it is a sign they don't know what they are talking about
  • Terrorists don't have the capacity to commit a truly damaging cyber attack, Lewis says

James Andrew Lewis is a senior vice president with the Technology Policy Program at the Center for Strategic and International Studies. The views expressed are his own.

(CNN)Earlier this month, the Pew Research Center released the results of a survey asking the citizens of 38 countries to name a major threat to their nation. This is the second of a special series of op-eds that also appear in Fareed's Global Briefing looking at the top perceived threats among Americans. You can sign up for the Global Briefing newsletter here.

The airplane brought a new technology to warfare, and in the 1930s, aerial bombardment was portrayed as unstoppable and catastrophic. Drop a few bombs, and citizens would panic and riot, governments would fall, and economies would collapse.

Sound familiar? Replace airplanes with cyberattacks and you get the same over-the-top predictions for hacking. It turns out, however, that catastrophe is hard to produce. Societies are resilient, and anything but a weak government will be resourceful in responding to an attack. In the case of aircraft, years of bombing typically only made people angry and stiffened resistance. People look for ways to retaliate. The same will be true for cyberattacks.

Nuclear weapons are the one exception to this, and Americans became used to thinking in terms of catastrophe and massive attacks during the Cold War. The Cold War reshaped our thinking in ways that distort our views of current threats. However, no cyberattack can match a nuclear weapon in effect. The concept of catastrophe has now been diluted to the point of absurdity. In 1990, say, catastrophe meant the deaths of tens of millions of people and the complete destruction of cities in less than an hour. Now, it means going without lights for a few days.

In fact, there have been very few truly damaging cyberattacks. Cybercrime and espionage occur on a daily basis, and a few countries use cyberattacks to coerce other states (like trying to interfere in an election). But there have been no deaths, and almost no destruction from a cyberattack.

A good way to think about this is the dreaded Cyber Pearl Harbor, sometimes modernized to Cyber 9/11. But if someone refers to a Cyber Pearl Harbor, it is a sign they don't know what they are talking about. A Cyber Pearl Harbor, in which terrorists would use cyberattacks to cripple critical infrastructure, was first predicted 25 years ago -- and it has never happened.

Why not?

First, terrorists want something dramatic -- they want bloodshed, and a cyberattack does not fulfill their sick fantasies. Second, terrorist groups do not have the capabilities required for launching a truly damaging cyberattack. Advanced cyberattacks require engineering skills and a blend of intelligence techniques. Terrorists typically use the internet for recruitment propaganda, not attack.

The fear of non-state actors launching crippling cyberattacks against critical infrastructures is a fantasy. Our most dangerous opponents are other nation states. They have the capabilities, the resources, and the intent to use cyber capabilities to attack the United States and its allies.

In this, the United States has four opponents -- Russia, China, Iran and North Korea, all of which have used some kind of cyberattacks against us. These opponents do not seek "cyber catastrophe." They have used cyberespionage, coercion, and crime to advance their aims (the most important of which is changing the international order in ways that favor them and undercut democracy).

Unsurprisingly, the way they use cyberattacks is not the way we expected. There have not been attacks on critical infrastructure. There are probes and reconnaissance of power plants and oil pipelines, of course, but so far, no damage. Indeed, Russia has an explicit doctrine, called "New Generation Warfare," that calls for achieving psychological effects to confuse opponents and undercut them politically. By focusing our defense on critical infrastructure as the target for cyberattack, we have created a cyber Maginot Line that our opponents easily move around.

Cyber operations provide unparalleled access to targets, and the only constraint on attackers is the risk of retaliation, a risk they manage by staying below an implicit threshold -- avoiding actions that would provoke a damaging American response. Almost all cyberattacks fall below this threshold, including crime, espionage, and (to date) politically coercive acts. Simply put, these four countries -- even North Korea -- are cautious about doing something that could start a shooting war with America.

Does this mean you can relax about cyberattack? Unfortunately, no.

To understand the risk from cyberattack, you have to look at it through the prism of a bigger conflict. For the first time since 1990, the United States faces powerful opponents who want to damage US interests and leadership. They want to displace the United States and its allies and recreate a more traditional world, where countries have spheres of influence, dominate their smaller neighbors, and where there is no interfering US presence. They want untrammeled sovereign rights so they can do as they please with their citizens.

We are therefore in a new kind of conflict, and cyber provides a new technology that our opponents are already exploiting in this fight. Unfortunately, the United States has not been particularly good at defense. And that does indeed leave us vulnerable to the determined foes we now face -- just not in the way that many Americans believe it does.

 


IRS/FBI ransomware email scam

Ransomeware in the email are bogus, and the link doesn't click through to a questionnaire. Instead, the link downloads ransomware. Ransomware is a kind of malware, short for "malicious software", that prevents users from accessing data stored on their device unless they pay money to the scammers. Unlike spyware which attempts to gain access to your computer's files to get information about your financial accounts, ransomware is typically a much more straightforward play for cash - the ransom. If you receive this email or any similar emails, don't click. Remember that you should never open an attachment or link from an unknown or suspicious source: it may infect your computer with malware or attempt to steal your information. Recommended by Forbes And if the email purports to come from the IRS or other federal agency? Remember that the IRS does not use email, text messages or social media to discuss personal tax issues such as those involving bills or refunds. If you get an email asking you to visit a website or answer personal questions, do not reply and do not click on any links in the email. If in doubt, assume it's a scam. People should stay vigilant against email scams that try to impersonate the IRS and other agencies that try
to lure you into clicking a link or opening an attachment,&quot; Koskinen
warns people with a tax issue won’t get their first contact from the
IRS with a threatening email or phone call. As an additional reminder, the IRS will never: Call to demand immediate payment over the phone, nor will the agency call about taxes owed without first having mailed you several bills. Call or email you to verify your identity by asking for personal and financial information. Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe. Require you to use a specific payment method for your taxes, such as a prepaid debit card. Ask for credit or debit card numbers over the phone or email.Threaten to immediately bring in local police or other
law-enforcement groups to have you arrested for not paying.<o:p></o:p></span></li>
pay the ransom.According to the authorities, paying ransom further
encourages the criminals, and there's no guarantee that the scammers will
provide you with the decryption key even if you do pay. Instead, immediately
report any ransomware attempt or attack to the FBI at the Internet Crime Complaint
Center, <a href="http://www.IC3.gov" target="_blank">www.IC3.gov</a>. You
should also forward any IRS-themed scams to <a href="mailto:phishing@irs.gov"
target="_blank">phishing@irs.gov</a>.<o:p></o:p></span></p>