There has surely never been a week such as this in the history of information security. It seems everything that could go wrong last week did, and as a consequence this column will do little more than try and catalogue the litany of transgressions, vulnerabilities, new viruses and embarrassments that made up this week to end all weeks. (For now, anyway!)
A mass-mailing worm released by pro-Palestinian supporters could swamp business networks.
Ian Melamed, chief technology officer, SatelliteSafe.
First up, there was the report of one Abraham Abdallah, who ingeniously gathered details of the US`s richest people, using a copy of Forbes` and Fortune`s "Richest People in America". His scam was extraordinary, as he collected their Social Security numbers, bank and brokerage account numbers, credit card numbers and mothers` maiden names. He aimed to fool financial services providers into granting him access to his victims` millions. He stole his victims` identities, rented mailboxes in their names and ordered merchandise charged to their credit cards. But that was the tip of the iceberg: he was well on his way to swindling millions using electronic means - Web-enabled cellphone, virtual voice mail, and Web mail - when he was arrested.
More Web sites were defaced last week than even before. In the UK govtalk.gov.uk, the site for intergovernmental communication; nas.gov.uk, an archive service for Scotland; and local government sites havant.gov.uk, walsall.gov.uk, and wiltshire.gov.uk were defaced. The hackers responsible were government specialists PoizonBOx. Then Compaq`s Web site was taken out. Brazilian group Prime Suspectz hacked news service Associated Press and defaced its opening page; but perhaps the most despicable of all - Prime Suspectz again - was the hacking and defacing of the Web site of the US Parkinson`s Disease Foundation. Security body Information Risk Management warns many more defacements are coming: "It`s such a simple thing to do, there are so many remote vulnerabilities, a hacker can just waltz up and go straight into a system." Web defacement statistician Attrition.org reports that 60% of defaced Web servers run on Windows NT, and all of the servers mentioned above run Microsoft`s Internet Information Server.
The above is hardly surprising: the UK government takes more than 100 000 hits from hackers every day, say intelligence services. Of these, 30% are classified as "serious". Is it war, or what?
German popular magazine Der Spiegel reported that Germany`s Defence Ministry had banned the use of Microsoft products because they posed a security risk. Then the ministry itself denied the report. The initial report said German officials were concerned about a possible "backdoor" built into Microsoft`s products by America`s National Security Agency. However, the ministry confirms that it continues to have serious security concerns.
And a reported flaw in OpenPGP, which undermines Pretty Good Privacy, one of the most commonly used forms of encryption. Czech cryptologists say they found a bug while working on a government security project. This, if true, would allow an attacker to gain access to your private keys, again undermining e-commerce, this time through digital signatures.
Microsoft has confirmed reports that someone posing as a Microsoft employee has persuaded VeriSign to issue two Level 3 code signing certificates in its name in late January. Level 3 certificates are used to validate code used in software downloads, updates, and more. Microsoft says the vulnerability could affect "all customers using Microsoft products. The certificates could be used to sign programs, ActiveX controls, Office macros, and other executable content". There is no evidence yet that the certificates have been used.
The US National Agricultural Statistics Service is reported to have left itself open to infiltration. This endangered crop forecasts, which if known could lead to massive insider trading. The General Accounting Office has involved itself, and among the security concerns it is investigating is the old bugbear: the agency`s reliance on passwords as its major security measure.
A new virus was identified as being in the wild: the Magistr worm would not normally qualify for prime time, but it is complex and malicious. It contains its own e-mail handler, replicates encrypted code and generates random e-mail subject headings by mixing bits of text files with built-in English and Spanish phrases. It`s harder to identify than previous viruses, and once it`s done its work, it begins overwriting data and system files repeatedly. It finally attacks the CMOS and flash BIOS of Windows machines. At this point, the PCs are effectively useless. Updates are available: may I suggest you go and get yours?
And staying with viruses, a mass-mailing worm released by pro-Palestinian supporters could swamp business networks. It`s contained in an e-mail with the subject line "Re: Injustice", and while it does little damage on its own, it could bring down systems with a mass-mailing payload enclosed in its attachment. Injustice sends itself to the first 50 people in a user`s Outlook address book, and to a number of others, including 18 Israeli government addresses. Not surprisingly, the mail urges users to help stop further bloodshed between the warring nations.
Believe it or not, there was a lot more, but that will do for now as a litany of just what occurred in the last week. What lies ahead?
(Sources: Reuters, Associated Press, Silicon.com, ComputerGram, Hacker News Network and Chicago Tribune.)
Share