Think Information. Think Security.
 
Picture
The magic of the digital medium is rendering us more powerful, but also more dependent on a secure and stable cyberspace.

Human beings have fought over land for millennia, beginning with the first agrarian communities. More recently, in the era of mass conscription and rapid industrialization, nation-states also have fought for people's collective thinking or for access to oil. In the 21st century, groups and institutions will increasingly struggle for control of cyberspace, the digital domain where most human activity is already managed - from music distribution to industrial manufacturing, the electricity grid and individual banking accounts. All this is at risk today.


 
Picture
Just over three years ago, Russia fired the first shot in its war upon Georgia, the first ever combined kinetic and cyber war.  The shot was not fired from the 125 millimeter gun of a T-72 tank, but from the keyboard of a computer.  The impact was a lurid defacement of www.president.gov.ge, Georgian President Mikheil Saakashvili’s website.  Various kinds of cyber attacks continued throughout and beyond the kinetic assault.  Careful analysis by several independent experts revealed the key role played by Russian organized crime—the Kremlin’s cyber war reserve force. These cyber thugs are formidable opponents, but they can be taken down.


 
Picture
It is just a matter of time before other nations involve in Spratly claim to be part of this Cyber Warfare. Or probably China may have attacked them already (or vice-versa), but are clueless, and probably defenseless?

Chinese and the Vietnamese hackers have started a cyber war over the territorial dispute on the ownership of the Spratly Islands in the South China Sea. According to Global Times, a website under the operation of the Vietnamese Foreign Ministry was hacked in June. The cyber attack has disabled all the links on that website and placed the China's flag at the center of the page. The article said the hackers left their cyber names "3King" and "Xiao Lan" on the website and claimed to be from Yancheng (northeastern Jiangsu Province).


 
Picture
The story behind Stuxnet, the malware targeted at an Iranian nuclear processing station, has been known in general since last fall when a team of researchers at Symantec released this document, which we covered at the time in our article here. But seeing is believing. I had a chance to attend a special briefing at Symantec's headquarters in Mountain View, Calif. where Patrick Gardner, a director in their security group, actually showed us what was involved. It was a real thrill.


Stuxnet was a very sophisticated piece of software, some 10,000 lines of code that took man-years to develop. Symantec started seeing versions of the malware up to a year before the actual attack last June, they just had no idea what they were looking at until things started to happen at the nuclear facility. They eventually reverse engineered the entire code with a team of three working full time for several months.


 
Picture
Chinese Vice Foreign Minister Cui Tiankai issued statements to the press in an effort to dispel the notion that China and the United States are engaged in cyber warfare activities aimed at undermining the other's security posture.

"I want to clear something up: there are no contradictions between China and the United States. Though hackers attack the US Internet and China's Internet, I believe they do not represent any country," said Cui.

Cui called for more international cooperation to combat threats that the Minister believes are equally geared at both nations.


 
Picture
Many information security industry observers believe the recent spate of major cyberattacks, including those against RSA and several defense contractors including Lockheed Martin, were likely the work of China or other foreign governments, but a former secretary of the Department of Homeland Security suggested those sorts of assumptions may be off-base.

During keynote remarks at the 2011 Gartner Security & Risk Management Summit, Michael Chertoff, former DHS secretary, told attendees that in recent years, including his time as DHS head, he’s seen technology evolve to the point where government resources aren’t needed to launch large-scale information security attacks, like the 2007 denial-of-service attacks that knocked Estonia off the Internet for several weeks.


 
Picture
Rick Dakin, president of the Denver chapter of the FBI affiliate InfraGard, believes that foreign state-sponsored actors will continue to escalate cyber intrusion activity against American networks in an effort to determine the maximum allowable tolerance level before the US declares such events an act of war.

"What does our government or other governments think is an effective deterrent or response to an all out cyber attack? Since we have no good definitions or protocols, I do think that the attack on Lockheed Martin is a sign of the future," Dakin said in an interview with TechWorld.



 
Picture
It seems that 2011 is turning into the year of the cracker. Between Anonymous, Lulzsec, and the ongoing wave of espionage being carried out by nation states, we have begun to see just how serious a threat cacking really is. Of course both of these groups of attacks  have greatly differing motives as well as means. Lulzsec, well, is doing it for the Lulz and the others such as nation states or criminal gangs, are doing it for political, financial, or personal gains. In this post I will cover all three groups and their motives as well as means.


 
Picture
The world is entering an era of a cyber arms race where ever-more sophisticated versions of malware are the weapons of choice of actors often impossible to trace, a top IT expert told NATO Friday.

"We are entering the era of a cyber arms race, but the problem in this arms race is we don't know what kind of new arms the others have, so we don't have a quick, effective means to counter them," Mikko Hypponen said at a meeting on global cyber conflict organised by the Tallinn-based NATO Cyber Centre.