Tag Archive for Hacktivism

| May 7, 2015
Comments Off on World’s First Hacker?

World’s First Hacker?

World's First Hacker ?The story of the first hacker could be a 21st-century tale. It includes a zero-day exploit, patent trolling, a live demo, egos, and industrial espionageNew Scientist has identified its candidate for the world’s first hacker. The hacker found a security hole in Marconi’s wireless telegraph technology and used it to publicly show the inventor up.

The first hacker

Nevil Maskelyne haclerNew Scientist’s first hacker was, Nevil Maskelyne. Nevil Maskelyne was a stage magician who disrupted a public demo of Marconi’s wireless telegraph in 1903. He disrupted the demo by wirelessly sending insults in Morse code through Marconi confidential channels. Visitors to the Bach Seat should be sophisticated enough to know the risks of running a live demo, but 110+ years ago, they didn’t.

According to the author, the first hack occurred at the Royal Institution in London. As Marconi associate, John A. Fleming (inventor of the vacuum tube) was preparing the Marconi equipment for a public demo of the long-range wireless communication system developed by his boss, the Italian radio pioneer Guglielmo Marconi when something unplanned happened.

Scientific hooliganism

Marconi's wirelessBefore the demonstration was scheduled to begin, the demo gear began to receive a message. The unplanned message included a poem that accused Marconi of “diddling the public.” Then it started in with some Shakespeare.

Arthur Blok, Fleming’s assistant, figured that someone else was beaming powerful wireless pulses into the theater. The new signal was strong enough to interfere with Marconi’s equipment. Unfortunately for Marconi and Fleming, Nevil Maskelyne figured out the hack first. Mr. Maskelyne’s hack proved that Marconi’s gear was insecure. It also proved it was likely that they could eavesdrop on supposedly private messages too.

Wood towers supporting Marconi aerial at Cornwall England

In response, Fleming fired posted a complaint in The Times. In the paper he dubbed the hack “scientific hooliganism.”  He asked the newspaper’s readers to help him find the hacker.

However, Maskelyne, whose family had made a fortune making “spend-a-penny” locks in pay toilets outed himself four days later. He justified his actions on the grounds that he revealed the security holes for the public good. (Sound familiar?)

Maskelyne who taught himself wireless technology had a great deal of experience with wireless. According to the article, he would use Morse code in “mind-reading” magic tricks to secretly communicate with a partner. And in 1900, Maskelyn sent wireless messages between a ground station and a balloon 10 miles away. But, his ambitions were frustrated by Marconi’s broad patents. The overly broad patent left him embittered towards the Italian. Maskelyne would soon find a way to get back at Marconi. It turned out that the Eastern Telegraph Companyworried that Marconi’s wireless would kill their global wired communications business hired Maskelyne as a spy.

Revealed security holes for the public good

eavesdrop on the "confidential channelMaskelyne built a 50-meter radio mast near the Marconi Wireless offices. From these offices Marconi was beaming wireless messages to vessels as part of its highly successful “secure” ship-to-shore messaging business. From there, Maskelyne could easily eavesdrop on the “confidential channel” Marconi wireless messages.

Maskelyne gleefully revealed the lack of security by writing in the journal The Electrician in November 1902,

I received Marconi messages with a 25-foot collecting circuit [aerial] raised on a scaffold pole. When eventually the mast was erected the problem was not interception but how to deal with the enormous excess of energy.

To further publicize his results and perhaps extract some revenge on Marconi, Maskelyne staged his Royal Institution poetry broadcast.

The New Scientist concludes that Maskelyne’s name had been forgotten but now he is in the history books as the world’s patron saint of hackers.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| February 23, 2012
One comment

McAfee Labs 2012 Threat Predictions

McAfee Labs 2012 Threat PredictionsComputer security company McAfee unveiled its Threat Predictions report (PDF), outlining the top cybersecurity threats organizations and individuals are likely to face in 2012. McAfee, a wholly-owned subsidiary of Intel (INTC), says that for the most part, 2012 looks like it will look like 2011 only worse, with many of the recent threats gaining momentum. Here are the predictions:

Industrial Attacks:Industrial Attacks: Cyber-criminals will target Water, electricity, oil, and gas utilities. These are essential services to everyday lives, yet many industrial systems are not ready for cyber-attacks according to McAfee. Many of the environments where SCADA (supervisory control and data acquisition) systems are deployed don’t have stringent security practices. McAfee predicts attackers will leverage this lack of preparedness with greater frequency, if only for blackmail or extortion in 2012.

Legalized Spam: McAfee Labs says global spam volumes have declined in the past two years. However, legitimate advertisers are picking up where the spammers left off using the same spamming techniques, such as purchasing third-party email lists or databases from companies going out of business. McAfee Labs expects to see this “legal” spam and the technique known as “snowshoe spamming” continue to grow at a faster rate than illegal phishing and confidence scams.

Mobile ThreatsMobile Threats: 2011 has seen the largest levels in mobile malware history, McAfee Labs expects that continue in 2012. They expect mobile attackers to improve on their skill set and move toward mobile banking attacks. Techniques previously dedicated for online banking, such as stealing from victims while they are still logged on while making it seem that transactions are coming from the legitimate user, will now target mobile banking users. McAfee Labs expects attackers will bypass PCs and go straight after mobile banking apps, as more and more users handle their finances on mobile devices.

Embedded Hardware: Embedded systems are designed for a specific control function within a larger system, and are commonly used in automotive, medical devices, GPS devices, routers, digital cameras, and printers. McAfee Labs expects to see proofs-of-concept codes exploiting embedded systems to become more effective in 2012 and beyond. This will require malware that attacks at the hardware layer and will enable attacks to gain greater control and keep up long-term access to the system and its data. Sophisticated hackers will then have complete control over hardware.

countries prove their cyber war capabilitiesCyberwar: Countries are vulnerable due to massive dependence on computer systems and a cyber-defense that primarily defends only government and military networks. Many countries realize the crippling potential of cyber attacks against critical infrastructures, such as water, gas, and power, and how difficult it is to defend against them. McAfee Labs expects to see countries prove their cyberwar capabilities in 2012, to send a message.

Rogue Certificates: Organizations and individuals tend to trust digitally signed certificates, however, recent threats such as Stuxnet and Duqu used rogue certificates to evade detection. McAfee Labs expects to see the production and circulation of fake rogue certificates increase in 2012. Wide-scale targeting of certificate authorities and the broader use of fraudulent digital certificates will affect key infrastructure, secure browsing and transactions as well as host-based technologies such as whitelisting and application control.

Legislative IssuesLegislative Issues: DNSSEC (Domain Name System Security Extensions) is designed to protect a client computer from inadvertently communicating with a host as a result of a man-in-the-middle attack. Governing bodies around the globe are taking a greater interest in establishing “rules of the road” for Internet traffic, and McAfee Labs expects to see more and more instances where legislative issues hamper future solutions.

Hacktivism: McAfee Labs predicts that in 2012 digital disruptions like Anonymous will join forces with physical demonstrators and will target public figures such as politicians, industry leaders, judges, and law enforcement, more than ever before.

Virtual CurrencyVirtual Currency: McAfee Labs expects cryptocurrency will be an attractive target for cybercriminals.  to see threats evolve to steal money from unsuspecting victims or to spread malware.

Hardware Attacks: McAfee Labs expects to see more effort put into hardware and firmware exploits to create persistent malware in network cards, hard drives, and even system BIOS (Basic Input Output System). and their related real-world attacks through 2012.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
| October 6, 2011
Comments Off on 40 Years of Malware – Part 3

40 Years of Malware – Part 3

40 Years of Malware - Part 32011 marks the 40th anniversary of the computer virus. Help Net Security notes that over the last four decades, malware instances have grown from 1,300 in 1990, to 50,000 in 2000, to over 200 million in 2010. Fortinet (FTNT) marks this dubious milestone with an article that counts down some of the malware evolution low-lights.

The Sunnyvale, CA network security firm says that viruses evolved from academic proof of concepts to geek pranks which have evolved into cybercriminal tools. By 2005, the virus scene had been monetized, and almost all viruses developed for the sole purpose of making money via more or less complex business models. According to FortiGuard Labs, the most significant computer viruses over the last 40 years are:

See Part 1 HereSee Part 2 Here – See Part 3 Here  – See Part 4 Here

Code Red Worm2001 – E-mail and the Internet become primary transmission vectors for malware by 2001 as scripts automatically load viruses from infected Websites. The Code Red worm targeted Web servers and not users. By exploiting a vulnerability in Microsoft IIS servers Code Red automatically spread to nearly 400,000 servers in less than one week. The Code red worm replaced the homepage of the compromised websites with a “Hacked By Chinese!” page.  Code Red had a distinguishing feature designed to flood the White House Website with traffic (from the infected servers), probably making it the first case of documented ‘hacktivism’ on a large scale.

Shortly after the September 11 attacks, the Nimda worm (admin spelled backward) infected hundreds of thousands of computers worldwide. Nimda is one of the most complicated viruses, having many different methods of infecting computers systems and duplicating itself.

Microsoft SQL Server2003 – Widespread Internet attacks emerge as SQL Slammer (or Sapphire) infects the memory in servers worldwide, clogging networks and causing shutdowns. on January 25, 2003, Slammer first appeared as a single-packet, 376-byte worm that generated random IP addresses and sent itself to those IP addresses. If the IP address was a computer running an unpatched copy of Microsoft’s (MSFT) SQL Server Desktop Engine, that computer would immediately begin firing the virus off to random IP addresses. Slammer was remarkably effective at spreading, it infected 75,000 computers in 10 minutes. The explosion of traffic overloaded routers across the globe, which created higher demands on other routers, which shut them down, and so on.

The summer of 2003 saw the release of both the Blaster and Sobig worms. Blaster (aka Lovsan or MSBlast) was the first to hit. The worm was detected on August 11 and spread rapidly, peaking in just two days. Transmitted via network and Internet traffic, this worm exploited a vulnerability in Windows 2000 and Windows XP, and when activated, presented the PC user with a menacing dialog box indicating that a system shutdown was imminent.

The Sobig worm hit right on the heels of Blaster. The most destructive variant was Sobig.F, which generated over 1 million copies of itself in its first 24 hours. The worm infected host computers via e-mail attachments such as application.pif and thank_you.pif. When activated, the worm transmitted itself to e-mail addresses discovered on a host of local file types. The result was massive amounts of Internet traffic. Microsoft has announced a $250,000 bounty for anyone who identifies Sobig.F’s author, but to date, the perpetrator has not been caught.

Sasser shutdown2004 – The Sasser worm built on the autonomous nature of Code Red. It spread without anyone’s help by exploiting a vulnerability in Microsoft Windows XP and Windows 2000 operating systems called the Local Security Authority Subsystem Service or LSASS. Microsoft Security Bulletin MS04-011 here. This is the first widespread Windows malware, made even more annoying by a bug in the worm’s code, that turned infected systems off every couple of minutes.

This is the first time that systems whose function isn’t normally related to the Internet (and that mostly existed before the Internet) were severely affected. Sasser infected more than one million systems. The damage amount is thought to be more than $18 billion.

Bagle was first detected in 2004, it infected users through an email attachment, and used email to spread itself. Unlike earlier mass-mailing viruses, Bagle did not rely on the MS Outlook contact list rather it harvested email addresses from various document files stored in the infected computer to attack. Bagle opened a backdoor where a hacker could gain access and control of the infected computer. Through the backdoor, the attacker could download more components to either spy and steal information from the user or launch DDoS attacks.

MyDoom is another mass-mailing worm discovered in 2004. It spread primarily through email but it also attacked computers by infecting programs stored in the shared folder of the Peer-to-Peer software KaZaA. MyDoom slowed down global Internet access by ten percent and caused some website access to be reduced by 50 percent. It is estimated that during the first few days, one out of ten email messages sent contained the virus.

2005 – In 2005 Sony BMG introduced secret DRM software to report music copying; Other rootkits appear, providing hidden access to systems.

MyTob appeared in 2005 and was one of the first worms to combine a botnet and a mass-mailer. MyTob marks the emergence of cybercrime. The cybercriminals developed business models to “monetize” botnets that installed spyware, sent spam, hosted illegal content, and intercepted banking credentials, etc. The revenue generated from these new botnets quickly reached billions of dollars per year today.

rb-

By 2005 cybercriminals are starting to put all the parts together, Slammer proves that Microsoft systems can be used to spread attacks, Blaster and SoBig improved the infection rate, Bagel began to mine the targets for data and install backdoors so the attackers could continue to re-use the victims’ systems. MyDoom stated to use the first social network, the P2P networks for attacks. Sony proved that rootkits could be widely distributed and MyTob was the first of the modern botnet, leading the world into today’s monetized cybercrime age, described in part 4.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , ,