It has been a real cruel infosec summer! At least the first fifteen days of August that have shown a…
You know, social media have become the last fronteer of spam and and scam. Yesterday I received a strange message…
Update 07/05/2012: June 2012 Cyber Attacks Timeline (Part II)
A (first half of the) month living dangerously…
June has come and strongly confirms that Summer is the preferred month for Cybercrookers: just look back at June 2011 and you will probably remember the days of Lulz of the infamous LulzSec Collective (which curiously seems to be reborn!).
June 2012 has shown a remarkable number of incidents and is proving to be a mensis horribilis (horrible month) for Social Networks and Online Services in general, due to the high profile breaches of LinkedIn, Last.Fm, eHarmony and the online game League of Legends.
On a geographic scale, looks like China is becoming another important source of Cyber incidents, having been targeted from #TeamGhostShell, who claim, inside their #ProjectDragonFly, to have obtained up to 800,000 accounts from different sources.
Hacktivism-led actions seem (apparently) to decline, whilst, on the Cyber Crime front, a new collective, UGNazi, is taking the scene, having confirmed, in the first part of June, the wake of cyber attacks, we have become familiar with for some time.
Another Infosec Summer promising to be very hot!
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timeline.
The Information Security Community is still commenting the Cyber Attacks against U.S. media companies and here it is another clamorous…
It’s time for the second part of the June 2013 Cyber Attacks Timeline (first part here).
The last two weeks of June have been characterized by an unusual cyber activity in the Korean Peninsula. In a dramatic escalation of events (coinciding with the 63rd anniversary of the start of the Korean War), both countries have attracted the unwelcome attentions of hacktivists and (alleged) state-sponsored groups, being targeted by a massive wave of Cyber attacks, with the South suffering the worst consequences (a huge amount of records subtracted by the attackers).
On the hacktivism front, the most remarkable events involved some actions in Brazil and Africa, and the trail of attacks in Turkey that even characterized the first half of the month. The chronicles of the month also report an unsuccessful operation: the results of the so-called OpPetrol have been negligible (most of all in comparison to the huge expectations) with few nuisance-level attacks.
On the cyber crime front, the most remarkable events involved the attacks against Blizzard, that forced the company to temporarily close mobile access to its auction service, a serious breach against a Samsung service in Kazakhstan, a targeted attack against the internal network of Opera Software (aimed to steal code signing certificates) and several attacks to some DNS registrars. In particular the most serious has been perpetrated against Network Solutions, affecting nearly 5000 domains, among which LinkedIn.
As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
Would you buy an used car from a Girl Like That? Mmh… probably she is not the best person for…
Updated on 5/6/2011: Primoris Era is Back!
Few days ago the Twitter Community was shaken by the affair of @PrimorisEra AKA “The tweeter who loved me”, a Twitter user with more than 23.000 tweets and 1300 followers, depicting herself as a young, attractive woman with a keen interest in missile technology and national security strategy. Her sudden departure has subsequently created many questions and concerns about the security of information on the Internet and Social Network. As a matter of fact, more than a few Twitter users who work in national security panicked upon hearing the accusation lodged against @PrimorisEra, since it looks like she (or he) allegedly requested sensitive information using Twitter’s Direct Messaging, or DM, service, persuading several young men on Twitter (and Facebook as well) to divulge sensitive information for more than two years.
Albeit this interesting article explains the (alleged) real story behind, and in a certain manner belittles the spy story, social pitfalls (socialeaks) remain more relevant than ever.
This does not sound surprising to me: as soon as my colleague David told me the story (of course by mean of a tweet), the notorious affair of Robin Sage came immediately to my mind: a fake Facebook (and LinkedIn) Profile of a Cyber Threat Analyst, who was capable to gain access to email addresses, bank accounts and location of secret military units from her 300 contacts, persuading them to be a 25-year-old “cyber threat analyst” at the Naval Network Warfare Command in Norfolk, Virginia, graduated from MIT, with 10 years of work experience, despite her young age (she was also given private documents for review and was offered to speak at several conferences).
Lesson learned? Not at all, (nearly) every security professional should know very well, at least in theory, the story of Robin Sage and the consequent risks connected with a fickle Social behavior, most of all in those blurred cases when professional and personal information overlaps. Never ignore the first rule: young attractive girls have nothing to do with geeks, even if they often have persuading arguments, sometimes so persuading to tear down the personal natural defenses (the first form of “physical” security), especially in those cases (as in the example of Robin Sage) when other trusted peers have already fallen in the (honey)trap, and consequently appear between the contacts of the fake profile.
Even if @PrimorisEra or @LadyCaesar (another pseudonym of her Digital Identity) is not a spy in the pay of any foreign country, the possibility to use the Social Network for espionage, SecOps, or PsyOps is far from being remote. Indeed is a consolidated practice and may already rely on an (in)famous example: the one of Anna Chapman, the 28 years old Russian Spy, living in new york, arrested on 27 June 2010, together with other 9 people, on suspicion of working for Illegals Program spy under the Russian Federation’s external intelligence agency. One of the noticeable aspects of the whole story was just her Facebook profile full of hot pictures (and equally hot comments) used to attract friends, and probably as one of the ways to grab information (curiously it looks like she did not show how many friends she had, as to say, unlike everyone else, that spies apparently know how to deal with Facebook privacy settings.