Cyber Arms Intelligence Report for August 16th
Another interesting week in computer news.
It looks like some FAA computer networks are still vulnerable to Cyber Attack. According to an AP News article. “The Department of Transportation’s inspector general said while the FAA has taken steps to install more sophisticated systems to detect cyber intrusions in some air traffic control facilities, most sites have not been upgraded. And there is no timetable yet to complete the project, the IG said.”
Israel was in the news several times. According to a Cyber Defense Weekly article on Infosec, Israel is dumping plans to purchase high price fighters and planning on using the money on electronic warfare:
Active electronically scanned arrays (AESA) are the latest tool in electronic warfare. Israel is investigating the use of ASEA first as an alternative to advanced stealth technology in expensive to fighter jets. By equipping their current fleet of F-16s and F-15s with AESA and putting the dollars saved into new UAVs they can also start to invest in the cyber attack potential of ASEA.
The cyber attack capability was supposedly demonstrated by the US Suter Program, described as firing “data beams packed with exploitive algorithms into antennae arrays” that would grant the attacker administrator access.
Very cool indeed. Israel also plans on using some of the money saved to update their UAV’s. Speaking of UAV’s, it looks like America isn’t the only country that was using unencrypted communication channels on their UAV’s. According to a Defensetech article, Hezbollah claimed that it had intercepted and recorder Israeli UAV video streams.
lastly, Team Cymru (Cymru is Welsh for “Wales”), a Chicago based internet security research company dedicated to making you safer online, offers a boatload of resources and services to civilians and law enforcement alike. Here you will find everything from internet malicious activity graphs, a malware hash registry, and a malware sensor project to the Botnet Analysis and Tactical Tool for Law Enforcement (BATTLE). Check it out.
Some other top stories from around the web:
How an ancient printer can spill your most intimate secrets
Researchers have devised a novel way to recover confidential messages processed in doctors’ offices and elsewhere by analyzing the sounds made when documents are reproduced on dot-matrix printers.
Dissection of an Active Malware Campaign
If you have used the web for any length of time at all, it is quite likely that you have seen a pop-up box similar to the one above on your computer when visiting a web site. In the security industry this type of malware is frequently referred to as scareware or rogue anti-virus.
Narco-blogger beats Mexico drug war news blackout
An anonymous, twentysomething blogger is giving Mexicans what they can’t get elsewhere — an inside view of their country’s raging drug war.
India may put restrictions on Skype and Google
India may ask Google, Skype and other online service providers to allow the country’s law enforcement agencies to access communications on their networks, the head of an Internet association said on Friday.
Review: Access Data Forensic Toolkit (FTK) Version 3 — Part 1
I don’t expect tool suites to solve all of my forensic problems, but I do appreciate the breadth of capabilities they can provide in one package. FTK v3 excels at facilitating keyword searches, graphics review, email archive parsing, compound file extraction, and has an excellent collection of built-in file viewers.
Record Five Million Sites Were Likely Infected By Hacked Web Widget
Over the weekend, Wayne Huang, a researcher at cybersecurity firm Armorize, detected what may be the largest-ever collection of sites invisibly attempting to download malware to users’ PCs, thanks to just one widget that was compromised by hackers. That widget–an embeddable survey called the “Small Business Success Index”–was injected with malicious code aimed at installing a variant of the Koobface worm.
The 19 most influential cybersecurity organizations in the world
The organizations range from information-sharing forums that are non-decision-making gatherings of experts to private organizations to treaty-based, decision-making bodies founded by countries. The groups address a variety of topics from incident response, the development of technical standards, the facilitation of criminal investigations to the creation of international policies related to information technology and critical infrastructure, the GAO stated.