At Cyberwar or Not at Cyberwar, That is the Question

Well, it seems that both government experts and even technical magazine authors can’t come to an agreement on this one. Are we at Cyberwar or Not? Recently, Mike McConnell (former Director of National Intelligence) claimed that “the United States is fighting a cyber-war today, and we are losing.” He was countered by the nations new Cyber Security Czar who said flatly, “there is no cyberwar.”

So who are we to believe? Wired magazine chirped in and said, “The biggest threat to the open internet is not Chinese government hackers or greedy anti-net-neutrality ISPs, it’s Michael McConnell, the former director of national intelligence.” Okay, I guess it’s clear which side they are on, but the question still stands.

I think Amit Yoran the Chief Executive Officer of NetWitness Corporation and a commissioner of the CSIS Commission on Cyber Security advising the 44th Presidency sums it up the best. In his article, Cyberwar Or Not Cyberwar? And Why That Is The Question, he states:

Closely aligned with the US Department of Defense and US government’s “traditional” definitions of the term, I suggest that cyberwar is conducting warfare by cyber means, which includes (among other things) both cyber attack and cyber exploitation.  In simple terms cyber attacks focus on the disruption or destruction of information, information systems or information infrastructure and to deny their availability to the system owners or legitimate users.  Cyber exploitation refers to the compromise of these targets without their destruction or disruption, but rather through covert means, for the purposes of accessing information or modifying it or preparing such access for future use in exploitation or attack.

Based on the terminology provided above, there can be no question that governments’ systems and modern economies are under large scale cyber exploitation and therefore at a state of “cyberwar”. 

I have to agree with Amit on this one. With the cyber aggression that we are seeing from foreign nations, we are in fact at cyberwar.

SSL Compromised by Hackers and Feds?

It has been known for a while that SSL security, the same security that you use for online banking and online ordering is very susceptible to man-in-the-middle attacks. Moxie Marlinspike has proven for a couple of years now how vulnerable SSL is and keeps updating his SSLStrip program with new features.

Now, according to Wired magazine, the government has spying boxes that allow them to intercept and eavesdrop on SSL communication. So, just following the bunny trail, if government agencies have access to these boxes, what is to say that hackers do not have access to these boxes or something else that does the same thing?

You really need to be careful when ordering or banking online. The biggest threat is someone getting in between your system and your router/switch. If you are on a wireless network, make sure you are using WPA2 encryption, and are using a strong password. If you are on a wired lan, it is a good idea to have the windows firewall running. Do not do any secure communications from public access areas.

These things will help some, but if SSL truly is compromised, they will not help much.

Hamas Releases Cyber-spy Warning, Against Israel?

Just when you think you have heard it all. The BBC reported last week that Hamas issued a cyber warning that Israel is spying on its recruits through social networking sites. Okay, Hamas, classified as a terrorist group by Canada, the European Union, Israel, Japan, and the United States is placing warnings against Israel. That is a new one. Read it for yourself at the BBC.

What is next? Will Iran issue similar warnings against the US? Wow, things are getting wierd in the cyber sphere….

What do you think?

Windows Security: Hacked in 60 Seconds

This is how long it takes (minus boot times) to get a command prompt in the latest version of Windows with all of the security patches updated and an anti-virus program installed, if you have physical access to the system. And this is not any old command prompt, this is a command prompt as the user “system”. If you know windows security, then you know that the “system” user is the highest level of authority that you can have. The operating system thinks you are the internal “system”.

This hack requires physical access to the system and access to a DVD or USB drive. This hack is obtained by the manipulation of the Windows Hot-Keys. This hack has been around (and known) since Windows XP and still works in the latest release of Windows 7. Because it is a manipulation of a windows service, it has never been patched. And in case you were going to ask, no, I will not show you how to do it. 

This hack also works in Windows Server products. Therefore, it is imperative to keep physical security as a top concern in your business. Make sure that your server is in an area that is not available to public traffic and preferably in a locked room. Take extra care with your laptops. Do not leave them in areas that are unattended.

It is always a good idea to disable services that are not needed. Unfortunately, disabling the Windows hot-keys is not well documented. With Windows 7, unless you want to mess around in the registry, Microsoft recommends a third-party program to tweak these settings. PCtools has a program that allows you to do this. Supposedly you can also do this with a Windows policy edit, but I have not seen this documented either.

Enabling boot passwords helps, but they can also be bypassed. The best policy to defend against this type of attack is to have strong physical security.