International computer security expert, author and speaker Dr. Ali Jahangiri (Sc.D, CITP, LPT, CEH, CHFI, ECSA, CEI, CCIE Security, ISMS Lead Auditor, Security+, CIW Security Analyst, MCSE: Security, MBCS, MCSA, MCDBA, CCNA, A+), has released a new live CD for security experts and penetration testers.
At first glance this Ubuntu based utility appears to be in the same vein as the famous Backtrack Live CD. We will check it out and give it a review in the near future. For now, here is an excerpt from the Live Hacking website:
“Live Hacking CD is a new Linux distribution packed with tools and utilities for ethical hacking, penetration testing and countermeasure verification. Based on Ubuntu this ‘Live CD” runs directly from the CD and doesn’t require installation on your hard-drive. Once booted you can use the included tools to test, check, ethically hack and perform penetration tests on your own network to make sure that it is secure from outside intruders.”
As always, whenever downloading any Live CD or security tool, always check the published MD5 or SHA1 Hash published on the website with the hash on the downloaded file to ensure that the file has not been tampered with.
Hacktivism is not a new concept; it has been around for a long time. In a 2001 Foxnews article, “It’s an All-Out Cyber War as U.S. Hackers Fight Back at China“, organized Chinese hacker’s defaced US websites to protest a collision between a U.S. Navy surveillance plane and a Chinese fighter. US hackers responded in kind by defacing Chinese websites.
This is the normal pattern for Hacktivism. A political event occurs, and then computer savvy individuals make their point of view known by defacing opposition websites. Sometimes they send out mass e-mails or even perform denial of service attacks against the target site. Irritating, yes, cyber war, no. But what we are seeing recently is something much more aggressive. Political Cyber War is taking these attacks to a new level. Hacktivists are no longer just trying to deface websites. Take the recent Google hacking for instance. Google decided to not filter search results for China anymore and hackers responded by penetrating Google’s systems. Intellectual property of Google was stolen and Gmail accounts were hacked.
But it did not stop there. 33 other companies were attacked at the same time. This included Adobe systems and Northrop Grumman. Northrop Grumman is a US defense contractor and is the world’s largest naval ship builder. They are also the company that makes the B-2 stealth bomber. As you can see, this has gone past just defacing websites, and making political statements.
When military contractor sites are attacked, the goal is not to make a political statement, but to infiltrate and steal pertinent military information. It is an act of intelligence gathering and the information gained could aid in a real or cyber war. This is not hacktivism, but Political Cyber War.
An article yesterday on nytimes.com said that the recent google cyber attacks were traced back to two schools in China. Previously, the investigation pointed to servers in Taiwan.
“Tracing the attacks further back, to an elite Chinese university and a vocational school, is a breakthrough in a difficult task. Evidence acquired by a United States military contractor that faced the same attacks as Google has even led investigators to suspect a link to a specific computer science class, taught by a Ukrainian professor at the vocational school.”
According to the article, both schools, Shanghai Jiaotong University and the Lanxiang Vocational School, have a strong computer security background. Recently, students from Jiaotong won the IBM “Battle of the Brains” programming competition and Lanxiang teaches computer classes for the military. Also, the Lanxiang school is in the Jinan region which is listed on Northrop Grumman’s report on cyberwarfare.
When asked about the attack a professor of web security at Jiatong stated, “I’m not surprised. Actually students hacking into foreign Web sites is quite normal.” Just another day in school for them I guess. Read the full article at nytimes.com.
Obama’s meeting with the Dalai Lama adds another wedge in the US-China relationship. China condemned the meeting last week and demanded that it be canceled. Much to the consternation of the Chinese government, Obama met with the Dalai Lama as planned.
It will be interesting to see if the trend of “Political Cyber War” continues. In Iran, government backed hackers have compromised opposition websites who were trying to get out information on protests. In January, Google found information in a counter hacking offensive that pointed towards China as those responsible for hacking their systems and 33 other companies. Last March, the Dalai Lama accused the Chinese government of being behind the hacking of his computer system:
Continue reading “Political Cyber War: Will Chinese Hacker Activity Increase with Dalai Lama Visit?”