16-30 April 2013 Cyber Attacks Timeline

Here’s the second part of the April cyber attacks Timeline (Part I at this link)

The most remarkable event of this period has certainly been the breach suffered by Living Social potentially exposing 50 million customers of the e-commerce website. Other illustrious victims of the month include the mobile operator DoCoMo and the online reputation firm Reputation.com.

The wake of DDoS attacks has continued even in the second part of the month: once again several U.S. banks have fallen under the blows of the Izz ad-din al-Qassam Cyber Fighters.

Like in the first  half of the month, following a consolidating trend in this 2013, the Syrian Electronic Army has continued his wave of attacks against Twitter accounts (even the FIFA has been targeted). In one case, the hijacking of the Twitter account of Associated Press, the bogus tweets related to an alleged attack against the White House, the effect has crossed the boundaries of the cyber space (the Dow Jones Industrial Average fell 150 points, or about 1 percent, immediately following the tweet).

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

April 2013 Cyber Attacks Timeline Part II

(more…)

Continue Reading16-30 April 2013 Cyber Attacks Timeline

1-15 June 2013 Cyber Attacks Timeline

Here it is the first part of the June 2013 Cyber Attacks timeline covering the first half of the month.

This period has been characterized by the protests in Turkey, that, easy predictable, have also influenced the cyber landscape. Many attacks (in several cases even with noticeable impact) have been carried on in name of OpTurkey.

Other noticeable facts include the attacks against the European Police College (14,000 records affected), the Bangladeshi Air Force recruitment website (110,000 credentials affected), and, most of all, against the Danish Police which affected the country’s driver’s license database, social security database, the shared IT system across the Schengen zone, and the e-mail accounts and passwords of 10,000 police officers and tax officials.

Last but not least, the first two weeks of June has brought us yet another high profile cyber-espionage operation, dubbed NetTraveler.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 June 2013 Cyber Atacks Timeline (more…)

Continue Reading1-15 June 2013 Cyber Attacks Timeline

1-15 February 2014 Cyber Attacks Timeline

And here we are with the timelines of the main Cyber Attacks happened during the first half of February.

It is very hard to summarize these days from an Infosec perspective, considering the noticeable number of massive breaches: Kickstarter (potentially 5.6 million of records affected), Forbes (1 million records leaked), Orange (800,000 users impacted) and St. Joseph Health System (400,000 users affected) are the main examples, but they must not overshadow other ‘minor’ events such as the the attack against Bell.ca (‘only’ 40,000 users affected).

15 days in which Cybercrime and Hacktivism dangerously overlapped, ‘thanks’ mainly to the infamous Syrian Electronic Army, author of the hack against Forbes but also of several account hijacking attacks that have become their unique fingerprint, but also ‘thanks’ to the RedHack collective who, once again, targeted (directly or indirectly) the Turkish Government with three noticeable attacks.

Last but not least, the Cyber Espionage: the first half of February has brought us the discovery of “The Mask” (AKA Careto), a massive Operation targeting 31 countries around the world, but also the revelation of an alleged attack carried on by Huawei against the Indian provider BSNL and a further purported Chinese attack against some bio-medic industries in the U.S.

Finally, the Cyber War between India and Pakistan deserves a special mention, despite only defacements have been reported, the end of the fight is far from being reached.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 Feb 2014 Cyber Attacks Timelines (more…)

Continue Reading1-15 February 2014 Cyber Attacks Timeline

16-31 March 2014 Cyber Attacks Timeline

And here we are with the second part of the Cyber Attacks Timeline (first part here).

The prize for the most noticeable breach of the month goes in Korea, where a 31-year-old man has been arrested for infiltrating the account of 25 million users of Never, a local Internet Portal (actually it happened several months ago but was unveiled in this month). Other noticeable events include the trail of attacks against several Universities (Maryland, Auburn, Purdue, Wisconsin-Parkside), the compromising of personal information of 550,000 employees and users of Spec’s, the leak of 158,000 forum users of Boxee.tv and 95,000 users of Cerberus and, finally, a breach targeting the California Department of Motor Vehicles. Last but not least, even the infamous Operation Windigo has deserved a mention in the timeline.

Moving to Hacktivism, chronicles report of a couple of hijackings performed, as usual, by the Syrian Electronic Army, a couple of operations carried on by the Russian Cyber Command and a (probably fake) attack by someone in disguise of Anonymous Ukraine, claiming to to have leaked 7 million Russian Credit Cards. Probably a recycle of old leaks.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 Mar 2014 Cyber Attacks Timelines (more…)

Continue Reading16-31 March 2014 Cyber Attacks Timeline

Another Certification Authority Breached (the 12th!)

  • Post author:
  • Post last modified:December 10, 2011
  • Post category:CyberwarSecurity
  • Post comments:1 Comment
  • Reading time:8 mins read

2011 CA Attacks Timeline (Click To Enlarge)This year is nearly at the end but it looks like it is really endless, at least from an Information Security Perspective. As a matter of fact this 2011 will leave an heavy and embarassing heritage to Information Security: the Certification Authority authentication model, which has been continuously under siege in this troubled year; a siege that seems endless and which has shown its ultimate expression on the alleged compromise of yet another Dutch Certification Authority: Gemnet.

Gemnet, an affiliate of KPN, has suspended certificate signing operation after an intrusion on its publicly accessible instance of phpMyAdmin (a web interface for managing SQL Database) which was, against any acceptable best practice, exposed on the Internet and not protected by password. As in case of Diginotar, another Dutch Certification Authority which declared Bankrupt few days after being compromised by the infamous Comodo Hacker, Gamnet has  the Dutch government among its customers including the Ministry of Security and Justice, Bank of Dutch Municipalities and the police.

After the intrusion, the attacker claimed to have manipulated the databases, and to allegedly have been able to gain control over the system and all of the documents contained on it, although KPN, claims the documents contained on the server were all publicly available. Moreover the attacker claimed the attack was successful since he could obtain the password (braTica4) used for administrative tasks on the server. As a precaution, while further information is collected about the incident, Gemnet CSP, KPN’s certificate authority division, has also suspended access to their website.

The breach is very different, in purpose and motivations, from the one occurred to Diginotar, at the end of July, which led to the issuance of more than 500 bogus Certificates (on behalf of Google, Microsoft, and other companies). In case of Diginotar the certificates were used to intercept about 300,000 Iranians, as part of what was called “Operation Black Tulip“, a campaign aimed to eavesdrop and hijack dissidents’ emails. For the chronicles, the same author of the Diginotar hack, the Infamous Comodo Hacker, had already compromised another Certification Authority earlier this year, Comodo (which was at the origin of his nickname). In both cases, the hacks were performed for political reasons, respectively as a retaliation for the Massacre of Srebrenica (in which the Comodo Hacker claimed the Dutch UN Blue Helmets did not do enough to prevent it), and as a retaliation for Stuxnet, allegedly developed in a joint effort by Israel and US to delay Iranian Nuclear Program.

But although resounding, these are not the only examples of attacks or security incidents targeting Certification Authorities: after all, the attacks against CAs started virtually in 2010 with the infamous 21th century weapon Stuxnet, that could count among its records, the fact to be the first malware using a driver signed with a valid certificate belonging to Realtek Semiconductor Corps. A technique also used by Duqu, the so called Duqu’s son.

Since then, I counted 11 other breaches, perpetrated for different purposes: eavesdropping (as is the case of the Infamous Comodo Hacker), malware driver signatures, or “simple” compromised servers (with DDoS tools as in case of KPN).

At this point I wonder what else we could deploy to protect our identity, given that two factor authentication has been breached, CAs are under siege, and also SSL needs a substantial revision. Identity protection is getting more and more important, since our privacy is constantly under attack, but we are dangerously running out of ammunitions.

(Click below for references)

(more…)

Continue ReadingAnother Certification Authority Breached (the 12th!)