Monthly Archives: September 2013

Tiny Botnet Makes Big Impact on Background Check Companies, ID Thieves Profit.

Security Researcher Brian Krebs has conducted an investigation of a number of identity theft portals active on the internet, where various ne’er-do-wells were able to purchase the personal information (social security numbers and full background check information) of anyone they pleased, including such luminaries as Beyonce, Kanye West and Jay Z and even First Lady Michelle Obama, CIA Director John Brennan, and former FBI Director Robert Mueller.

The service which Krebs honed in on,, was apparently slurping their data from the primary companies on the “legitimate” side of background checks; Lexis-Nexus, Dun and Broadstreet, and Kroll Security. The ID thieves had penetrated the networks of those companies and added a number of their servers to a botnet.  The admins of ssndob then used these computers to grab data from the databases of the companies. They also had control of a number of compromised accounts with conventional access to these databases.

The main impact of the hack is that it proves that so-called “Knowledge-Based Authentication” (KBA), a process where someone’s identity is determined by asking them questions from their history, such as places lived, cars owned, and recent bills paid, is not an effective security measure.  Identity thieves have gotten the databases, and will no doubt continue to find access to them, which means that passing a KBA challenge is a trivial task for determined and well connected attackers. However, many of the alternatives such as biometric identifiers, come with their own problems. Establishing Identity is the hard problem of the information age.


Dan Gifford – MCySec Media Manager

Working Paper: Regional Cyber Security: Moving Towards a Resilient ASEAN Cyber Security Regime

Caitríona H. Heinl has written a working paper on the cyber threats facing the ASEAN nations and the international frameworks necessary to combat them. Developing resilience is a focus of the paper, and against a backdrop of rapidly increasing numbers of internet users in the ASEAN countries this is going to become only more important as time goes on. The paper provides a good review of the existing frameworks and agreements that have been made in this field and lays out recommendations for the future.

Dan Gifford- MCySec Media Manager


IT Hubs Launched for Kenyan Primary Schools.

Microsoft, the British Council, and telecoms giant Bharti Airtel have worked together to construct 18 digital hubs for Kenyan primary school students. The computers should help students learn about technology and the internet, and each hub will be shared by multiple schools. The program has constructed a total of 121 digital hubs in eight other Sub-Saharan countries.

Dan Gifford- MCySec Media Manager

RSA warns against use of DUAL_EC_DRBG

RSA, an internet security firm, has warned customers against using the DUAL_EC_DRBG random number generation algorithm which they distributed with some of their products. The warning comes after the algorithm has been singled out as compromised by the NSA in the course of Project Bullrun. The problem is that the random numbers generated by the piece of code are actually not random in specific ways that make them vulnerable to exploitation by specific actors, which could lead to those actors obtaining the cryptographic keys of users.

Matthew Green,  a cryptography researcher at Johns Hopkins University, has published an excellent series of posts on the vulnerabilities of the algorithm and the issues around it on his blog.

Dan Gifford- MCySec Media Manager

Comment Crew Going After Drone Tech

An article in the New York Times by Edward Wong details the efforts of the State-supported Chinese hacking group known as the “Comment Crew” (and widely suspected to be PLA unit 61398) to surreptitiously acquire military drone technology by hacking into US Defense Contractors. These cyberespionage operations are occurring against the backdrop of a massive expansion in drone capabilities and manufacturing on the part of the Chinese military.


Dan Gifford- MCySec Media Manager

Tomorrow’s cities: How big data is changing the world

The BBC’s technology writer Jane Wakefield has posted an excellent pair of articles on the changing data environment and the rapidly expanding flows of data created by cities. The ways cities respond to this new depth of data will be increasingly important and shape urban development for many years to come.

Her second article is on the attempt by Rio de Janeiro to become a “Smart City” through the use of data, often sourced from the citizens themselves.


Dan Gifford- MCySec Media Manager

New Approaches to Cyber-Deterrence: Initial Thoughts on a New Framework

Cooper_2009_Thoughts on Cyber Deterrence_Final copy

This paper argues we are now in a non-polar world wherein states and other entities may be in states of collaboration, competition and/or conflict (3 Cs) simultaneously with each other.  As a result of this shift in paradigm as well as the impact of the information revolution, Cooper explores how lessons from nuclear deterrence may apply to the cyber realm.  In particular, he uses and builds upon the often forgotten principles of containment to address cyber threats in this “3 Cs-world”.  This research stems from 2009 Highlands Forum sessions sponsored by the U.S. Office of the Secretary of Defense. The final version was presented to U.S. General Keith Alexander at Highlands Forum, “Cyber Commons, Engagement and Deterrence” moderated by Dr. Itamara Lochard, 10 February 2010 in a closed session at the Center for Strategic and International Studies.  Building upon Cooper’s study, Dr. Lochard presented a paper on “Strategies for International Space Stability” at CyCon 2012 in Tallinn, Estonia hosted by the NATO Cooperative Cyber Defense Center of Excellence.

Brazil Exploring Ways to Reduce Dependence on US Internet Services

In response to the revelations about the breadth and scope of NSA surveillance and data collection, Brazilian President Dilma Roussef is taking measures to reduce the influence of US Internet services in the country, and examining ways to transport data so that it does not pass through the US and become subject to collection there. This development may herald a fear of many internet watchers as of late, that the great “open internet” of the past years may give way to increasingly segregated national intranets, with access controls, censorship, and protectionism stifling the development and innovation that a global net has enabled. That the impetus for movement towards a fractured internet has been the NSA’s behavior should give policy-makers of all stripes pause. It should also raise concerns for the predominantly US-based providers of Internet Services about their international business prospects now that their close cooperation with the surveillance regime has been documented in the PRISM revelations. Indeed, Mark Zuckerberg, Facebook’s CEO, who conducts polling of user trust for his company and other US based giants such as Google and Twitter reported that “the trust metrics for all of <us> went down” in response to the NSA leaks.


Dan Gifford – MCySec Media Manager

Stealth Hardware Trojans Able to Defeat Encryption Systems

Four researchers from the United States, the Netherlands, Switzerland and Germany have published a paper establishing the feasibility of creating difficult to detect hardware trojans. The trojan is made during the manufacturing process by failing to properly dope a portion of the semiconductor chip used to generate random numbers for cryptography. Unlike previously understood hardware trojans, a practice known colloquially as “Chipping”, no extra hardware must be added to the computer chip in order for the exploit to work. This means that visual inspection of the chip will not be an effective countermeasure in these cases. Additionally, the chips that the researchers altered in this way still passed operational standards, meaning that detection of an affected system will be very difficult.

The result of the exploit is that the encryption codes generated by the hardware are trivially easy for an adversary to crack, potentially exposing sensitive data. This development poses major problems for organizations and nations that rely on distributed and international supply chains to construct their sensitive electronic devices. Much like Project BULLRUN this research demonstrates that the creation of sufficiently random numbers remains a central problem of encryption, and a major area of exposure to outside attack.

Dan Gifford- MCySec Media Manager