Les anglonautes

About | Search | Grammar | Vocapedia | Learning | News podcasts | Videos | History | Arts | Science | Translate and listen

 Previous Home Up Next


Vocapedia > Technology > Internet > Cyberpower, Cybersecurity


Hackers, Hacks, Cyberattacks






Comment cartoon

The Denver Post


29 May 2009


























secure computer network






































computer security        UK / USA












online banking > security loophole        UK










data and computer security        UK

























cybersecurity        USA
































cybersecurity threats        USA










cybersecurity bill        USA










Pentagon > Cybersecurity force        USA










U.S. Cyber Agency        USA










use exploits (security holes)








clog traffic        USA






































































attack        USA












computer attack        USA










hacking attack        USA










cyber attack / cyberattack on N        UK / USA





















































cyber agression        USA










cyberweapons        USA










cyberpower        USA







arms control for a cyberage        USA






be struck by hackers

in a series of coordinated attacks            USA






infiltrate the networks of N        USA






siphon off gigabytes of data,

including checking and savings account information        USA






attacker        USA






internet attack        USA







carry out attacks        USA






DNS attack on N        UK
















Obama On Russian Hacking: 'We Need To Take Action. And We Will'    16 December 2016





Obama On Russian Hacking: 'We Need To Take Action. And We Will'        Video        Morning Edition        NPR        16 December 2016







































































hack        USA














hack into N / break into N        USA










hack        USA

















hacking        UK













hacking        USA





























hacking attack        USA










bank / online banking sites hacking        USA










LulzSec hacking group        UK










hack / hack into N                UK / USA














be / get hacked        USA










retail hacks








accidental hack










(be) hacked        UK












(be) hacked        USA










hacker        UK / USA











































































cyber hackers










hacker group > OurMine        USA






LulzSec hackers        UK






LulzSec - Hacking collective        UK







— a hacker who breaks into computer systems

to promote a cause.        USA






malware        USA






A hacking glossary

Know your malware from your DDoS        UK






PlayStation Network hackers        UK









break into N












steal        USA

















intrusion        USA










































ransom        USA










ransomware        USA
















'WannaCry' ransomware        May 2017        USA




































breach        USA












be breached        USA










breach        USA










security breach        UK / USA







data breach        UK






credit card data breach        USA






computer breach        USA








cyber stealth        USA
















pirate        USA






Internet piracy





















cybersecurity        USA






cybersecurity flaw        USA






security hole














Corpus of news articles


Technology > Internet > Hackers






Carmakers Strive to Stay Ahead of Hackers

The effects of a breach of a car, or fleet, could be devastating.
Auto manufacturers and suppliers have aggressive plans, and a lot of firewalls.


March 18, 2021

The New York Times


In your garage or driveway sits a machine with more lines of code than a modern passenger jet. Today’s cars and trucks, with an internet link, can report the weather, pay for gas, find a parking spot, route around traffic jams and tune in to radio stations from around the world. Soon they’ll speak to one another, alert you to sales as you pass your favorite stores, and one day they’ll even drive themselves.

While consumers may love the features, hackers may love them even more. And that’s keeping many in the auto industry awake at night, worried about how they can stay one step (or two or three) ahead of those who could eventually play havoc with the world’s private transport systems.

Hackers seemingly can’t wait for the opportunity to commandeer vehicles. In 2019, the automotive cybersecurity company Karamba Security posted a fake vehicle electronic control unit online. In under three days, 25,000 breach attempts were made, and one succeeded.

The best-known vehicle takeover occurred in 2015 when security researchers on a laptop 10 miles away caused a Jeep Cherokee to lose power, change its radio station, turn on the windshield wipers and blast cold air. Jeep’s parent company, FCA, recalled 1.4 million vehicles to fix the vulnerability.

Today, the effects of a breach could range from mildly annoying to catastrophic. A hacker could steal a driver’s personal data or eavesdrop on phone conversations. Nefarious code inserted into one of a vehicle’s electronic control units could cause it to suddenly speed up, shut down or lose braking power.

A fleet of cars could be commandeered and made to steer erratically, potentially causing a major accident. A hacked electric vehicle could shut down the power grid once the car was charging. Even altering a street sign in ways imperceptible to the eye can trick a car into misperceiving a stop sign as a speed limit sign.

And last year, Consumer Watchdog, a nonprofit group in Santa Monica, Calif., sent a “!Hacked!” message to the screen of a Tesla.

The problem goes beyond demonstration intrusions. Karamba has been working with a South American trucking company whose fleet was hacked to hide it from its tracking system, allowing thieves to steal its cargo unnoticed. And a quick internet search will reveal scores of successful but so far benign hacks against many of the world’s major automotive brands.

“To take control of a vehicle’s direction and speed: This is what everyone in the industry is worried about,” said Ami Dotan, Karamba’s chief executive. “And everyone is aware this could happen.”

The challenge may be even greater than securing the world’s airlines. According to a McKinsey & Company report on automotive cybersecurity, modern vehicles employ around 150 electronic control units and about 100 million lines of code; by 2030, with the advent of autonomous driving features and so-called vehicle-to-vehicle communication, the number of lines of code may triple.

Compare that with a modern passenger jet with just 15 million lines of code, or a mass-market PC operating system with around 40 million lines of code, and the complexities become clear.

Vehicle manufacturers understand that a successful hack that caused death or destruction could be a major blow. “The incentive to prevent a giant malicious attack is huge,” said Gundbert Scherf, a McKinsey partner and an author of the report.

And with drivers believing that their vehicles are the ultimate private cocoon, even a benign attack, such as an unexpected message on a car’s infotainment screen, could easily cause a major public relations problem.

Cybersecurity companies must protect a vehicle in multiple ways. Threats include SIM cards carrying malicious code, faked over-the-air software updates, code sent from a smartphone to the vehicle, and vehicle sensors and cameras being tricked with wrong information.

In addition, malicious code can be introduced through dongles connected to a vehicle’s computer port, commonly called the OBD-II port, typically under the steering wheel and used for vehicle diagnostics and tracking.

Trucking fleets are even more at risk, said Moshe Shlisel, chief executive of GuardKnox Cyber Technologies. An entire fleet could be shut down or otherwise compromised for a ransom, he said.

“Our biggest worry is the hacking of a fleet,” said Ronen Smoly, chief of Argus Cyber Security, a division of the auto supplier Continental. “Most serious hackers come from well-funded groups working for long periods of time.”

Mr. Shlisel said: “It’s just a matter of time before a major hack happens. The most secure vehicle is a Model T Ford, because it’s not connected to anything.”

Over-the-air updates can patch software vulnerabilities in modern cars, but the industry aims to protect electronic systems before that happens — including systems most exposed to the outside world, such as audio, navigation and phone systems. To protect them and more sensitive systems, safety measures are being taken along every step of the manufacturing chain, from software to hardware design.

Major software and hardware suppliers to the world’s manufacturers build in firewalls to ensure that such elements as infotainment systems are prevented from passing code to systems that regulate speed, steering and other critical functions.

Vehicle electronic control units are being designed to send an alert if one system that normally never communicates with another suddenly tries to do so. And they’re also locked down, so that an attempt to inject new code will be thwarted.

“Human life is involved, so cybersecurity is our top priority,” said Kevin Tierney, General Motors’ vice president for global cybersecurity. The company, which has 90 engineers working full time on cybersecurity, practices what it calls “defense in depth,” removing unneeded software and creating rules that allow vehicle systems to communicate with one another only when necessary.

It’s a practice also followed by Volkswagen, said Maj-Britt Peters, a spokeswoman for the company’s software and technology group. She noted that Volkswagen’s sensitive vehicle control systems are kept in separate domains.

Continental, a major supplier of electronic parts to automakers, employs an intrusion detection and prevention system to thwart attacks. “If the throttle position sensor is talking to the airbag, that is not planned,” Mr. Smoly said. “We can stop this, but we wouldn’t do so while the vehicle was moving.”

Still, determined hackers will eventually find a way in. To date, vehicle cybersecurity has been a patchwork effort, with no international standards or regulations. But that is about to change.

This year, a United Nations regulation on vehicle cybersecurity came into force, obligating manufacturers to perform various risk assessments and report on intrusion attempts to certify cybersecurity readiness. The regulation will take effect for all vehicles sold in Europe from July 2024 and in Japan and South Korea in 2022.

While the United States is not among the 54 signatories, vehicles sold in America aren’t likely to be built to meet different cybersecurity standards from those in cars sold elsewhere, and vice versa.

“The U.N. regulation is a global standard, and we have to meet global standards,” Mr. Tierney of G.M. said.

And last month, the National Highway Traffic Safety Administration issued a request for comment on a proposed new draft of a cybersecurity best-practices recommendation, an update of a 2016 report.

It’s even possible that future window stickers on new cars may point out that a vehicle meets cybersecurity standards. “We should rate vehicles for cybersecurity, the same way we rate them for crash protection,” said Jason K. Levine, executive director of the Center for Auto Safety.

All of which raises a question: If the U.S. government could not prevent Russia from hacking into its computers, can vehicle manufacturers do a better job?

“I’m very used to the doom-and-gloom narrative, and I would caution against it,” Mr. Scherf of McKinsey said. “We still have enough time to shape the narrative.”

Carmakers Strive to Stay Ahead of Hackers,
March 18, 2021





Rise Is Seen in Cyberattacks

Targeting U.S. Infrastructure


July 26, 2012

The New York Times




ASPEN, Colo. — The top American military official responsible for defending the United States against cyberattacks said Thursday that there had been a 17-fold increase in computer attacks on American infrastructure between 2009 and 2011, initiated by criminal gangs, hackers and other nations.

The assessment by Gen. Keith B. Alexander, who heads the National Security Agency and also the newly created United States Cyber Command, appears to be the government’s first official acknowledgment of the pace at which America’s electricity grids, water supplies, computer and cellphone networks and other infrastructure are coming under attack. Those attacks are considered potentially far more serious than computer espionage or financial crimes.

General Alexander, who rarely speaks publicly, did not say how many attacks had occurred in that period. But he said that he thought the increase was unrelated to the release two years ago of a computer worm known as Stuxnet, which was aimed at taking down Iran’s uranium enrichment plant at Natanz.

When the worm inadvertently became public, many United States officials and outside experts expressed concern that it could be reverse-engineered and used against American targets. General Alexander said he saw no evidence of that.

General Alexander, as head of the N.S.A., was a crucial player in a covert American program called Olympic Games that targeted the Iranian program. But under questioning from Pete Williams of NBC News at a security conference here, he declined to say whether Stuxnet was American in origin; the Obama administration has never acknowledged using cyberweapons.

General Alexander said that what concerned him about the increase in foreign cyberattacks on the United States was that a growing number were aimed at “critical infrastructure,” and that the United States remained unprepared to ward off a major attack. On a scale of 1 to 10, he said, American preparedness for a large-scale cyberattack is “around a 3.” He urged passage of legislation, which may come to a vote in the next week, that would give the government new powers to defend private computer networks in the United States. The legislation has prompted a struggle as American companies try to avoid costly regulation on their networks, and some civil liberties groups express concern about the effect on privacy.

General Alexander said that the administration was still working out rules of engagement for responding to cyberattacks. Because an attack can take place in milliseconds, he said that some automatic defenses were necessary, as was the president’s involvement in any decisions about broader retaliation.

He confirmed that under existing authorities, only the president had the power to authorize an American-directed cyberattack. The first such attacks occurred under President George W. Bush.

The Pentagon has said previously that if the United States retaliated for an attack on its soil, the response could come in the form of a countercyberattack, or a traditional military response.

General Alexander spoke in a 75-minute interview at the Aspen Security Forum at the Aspen Institute here. The New York Times is a media sponsor of the four-day conference. Another conference speaker, Matthew Olsen, the director of the National Counterterrorism Center, addressed the escalating “hot war” between Israel and Iran and Iranian-backed groups like Hezbollah.

Iran has blamed Israel for assassinations of several of its nuclear scientists. Israel has accused Hezbollah operatives backed by Iran of carrying out the suicide bombing last week that killed five Israeli tourists and a local bus driver in Bulgaria.

The United States has said Iran was behind a thwarted plot last fall to kill Saudi Arabia’s ambassador to the United States.

“Both with respect to Iran and Hezbollah, we’re seeing a general uptick in the level of activity around the world in a number of places,” Mr. Olsen said.

Mr. Olsen did not address the Bulgaria attack, but he said the plot to kill the Saudi envoy in Washington “demonstrated that Iran absolutely had the intent to carry out a terrorist attack inside the United States.”

Rise Is Seen in Cyberattacks Targeting U.S. Infrastructure,






New Interest in Hacking

as Threat to Security


March 13, 2012

The New York Times



WASHINGTON — During the five-month period between October and February, there were 86 reported attacks on computer systems in the United States that control critical infrastructure, factories and databases, according to the Department of Homeland Security, compared with 11 over the same period a year ago.

None of the attacks caused significant damage, but they were part of a spike in hacking attacks on networks and computers of all kinds over the same period. The department recorded more than 50,000 incidents since October, about 10,000 more than in the same period a year earlier, with an incident defined as any intrusion or attempted intrusion on a computer network.

The increase has prompted a new interest in cybersecurity on Capitol Hill, where lawmakers are being prodded by the Obama administration to advance legislation that could require new standards at facilities where a breach could cause significant casualties or economic damage.

It is not clear whether the higher numbers were due to increased reporting amid a wave of high-profile hacking, including the arrest last week of several members of the group Anonymous, or an actual increase in attacks.

James A. Lewis, a senior fellow and a specialist in computer security issues at the Center for Strategic and International Studies, a policy group in Washington, said that as hacking awareness had increased, attacks had become more common. He said that the attacks on the nation’s infrastructure were particularly jarring.

“Some of this is heightened awareness because everyone is babbling about it,” he said of the reported rise in computer attacks. “But much of it is because the technology has improved and the hackers have gotten better and people and countries are probing around more like the Russians and Chinese have.”

He added: “We hit rock bottom on this in 2010. Then we hit rock bottom in 2011. And we are still at rock bottom. We were vulnerable before and now we’re just more vulnerable. You can destroy physical infrastructure with a cyberattack just like you could with a bomb.”

The legislation the administration is pressing Congress to pass would give the federal government greater authority to regulate the security used by companies that run the nation’s infrastructure. It would give the Homeland Security Department the authority to enforce minimum standards on companies whose service or product would lead to mass casualties, evacuations or major economic damage if crippled by hackers.

The bill the administration backs is sponsored by Senators Joseph I. Lieberman, independent of Connecticut, and Susan Collins, Republican of Maine. It has bipartisan support, and its prospects appear good. Senator John McCain, Republican of Arizona, is sponsoring a more business-friendly bill that emphasizes the sharing of information and has fewer requirements for companies.

Last week on Capitol Hill, Janet Napolitano, the secretary of Homeland Security; Robert S. Mueller III, the director of the Federal Bureau of Investigation; and Gen. Martin E. Dempsey, the chairman of the Joint Chiefs of Staff, made their pitch to roughly four dozen senators about why they should pass the Lieberman-Collins bill.

At a closed-door briefing, the senators were shown how a power company employee could derail the New York City electrical grid by clicking on an e-mail attachment sent by a hacker, and how an attack during a heat wave could have a cascading impact that would lead to deaths and cost the nation billions of dollars.

“I think General Dempsey said it best when he said that prior to 9/11, there were all kinds of information out there that a catastrophic attack was looming,” Ms. Napolitano said in an interview. “The information on a cyberattack is at that same frequency and intensity and is bubbling at the same level, and we should not wait for an attack in order to do something.”

General Dempsey told the senators that he had skipped a meeting of the National Security Council on Iran to attend the briefing because he was so concerned about a cyberattack, according to a person who had been told details of the meeting. A spokesman for General Dempsey said the chairman had “sent his vice chairman to the meeting on Iran so that he could attend the Senate meeting and emphasize his concern about cybersecurity.”

“His point was about his presence at the cyber exercise rather than a value judgment on the ‘threat,’ ” the spokesman, Col. David Lapan, said.

Experts say one of the biggest problems is that no part of the government has complete authority over the issue. The Central Intelligence Agency and the National Security Agency give the government intelligence on potential attacks, and the F.B.I. prosecutes hackers who break the law. The Department of Homeland Security receives reports about security breaches but has no authority to compel business to improve their security.

“Nobody does critical infrastructure of the dot-com space where America now relies on faith healing and snake oil for protection,” Mr. Lewis said. “The administration wants it to be the Department of Homeland Security, but the department needs additional authorities to be effective.”

New Interest in Hacking as Threat to Security,






For Hackers,

the Next Lock to Pick


September 27, 2011
The New York Times


SAN FRANCISCO — Hackers have broken into the cellphones of celebrities like Scarlett Johansson and Prince William. But what about the rest of us, who might not have particularly salacious photos or voice messages stored in our phones, but nonetheless have e-mails, credit card numbers and records of our locations?

A growing number of companies, including start-ups and big names in computer security like McAfee, Symantec, Sophos and AVG, see a business opportunity in mobile security — protecting cellphones from hacks and malware that could read text messages, store location information or add charges directly to mobile phone bills.

On Tuesday, McAfee introduced a service for consumers to protect their smartphones, tablets and computers at once, and last week the company introduced a mobile security system for businesses. Last month, AT&T partnered with Juniper Networks to build mobile security apps for consumers and businesses. The Defense Department has called for companies and universities to come up with ways to protect Android devices from malware.

In an indication of investor interest, one start-up, Lookout, last week raised $40 million from venture capital firms, including Andreessen Horowitz, bringing its total to $76.5 million. The company makes an app that scans other apps that people download to their phones, looking for malware and viruses. It automatically tracks 700,000 mobile apps and updates Lookout whenever it finds a threat.

Still, in some ways, it’s an industry ahead of its time. Experts in mobile security agree that mobile hackers are not yet much of a threat. But that is poised to change quickly, they say, especially as people increasingly use their phones to exchange money, by mobile shopping or using digital wallets like Google Wallet.

“Unlike PCs, the chance of running into something in the wild for your phone is quite low,” said Charlie Miller, a researcher at Accuvant, a security consulting company, and a hacker who has revealed weaknesses in iPhones. “That’s partly because it’s more secure but mostly because the bad guys haven’t gotten around to it yet. But the bad guys are going to slowly follow the money over to your phones.”

Most consumers, though they protect their computers, are unaware that they need to secure their phones, he said, “but the smartphones people have are computers, and the same thing that can happen on your computer can happen on your phone.”

Cellphone users are more likely than computer users to click on dangerous links or download sketchy apps because they are often distracted, experts say. Phones can be more vulnerable because they connect to wireless networks at the gym or the coffee shop, and hackers can surreptitiously charge consumers for a purchase.

There have already been harmful attacks, most of which have originated in China, said John Hering, co-founder and chief executive of Lookout.

For example, this year, the Android market was hit by malware called DroidDream. Hackers pirated 80 applications, added malicious code and tricked users into downloading them from the Android Market. Google said 260,000 devices were attacked.

Also this year, people unwittingly downloaded other malware, called GGTracker, by clicking on links in ads, and on the Web site to which the links led. The malware signed them up, without their consent, for text message subscription services that charged $10 to $50.

Lookout says that up to a million people were afflicted by mobile malware in the first half of the year, and that the threat for Android users is two and a half times higher than it was just six months ago.

Still, other experts caution that fear is profitable for the security industry, and that consumers should be realistic about the small size of the threat at this point. AdaptiveMobile, which sells mobile security tools, found that 6 percent of smartphone users said they had received a virus, but that the actual number of confirmed viruses had not topped 2 percent.

Lookout’s founders are hackers themselves, though they say they are the good kind, who break into phones and computers to expose the risks but not to steal information or behave maliciously. “It’s very James Bond-type stuff,” Mr. Hering said.

A few years ago, he stood with a backpack filled with hacking gear near the Academy Awards red carpet and discovered that up to 100 of the stars carried, in their bejeweled clutches and tuxedo pockets, cellphones that he could break into. He did not break into the phones, but publicized his ability to do so.

He started Lookout in 2007, along with Kevin Mahaffey and James Burgess, to prevent such intrusions. It has free apps for Android, BlackBerry and Windows phones, but not for iPhones. They are less vulnerable to attacks, security experts say, because Apple’s app store, unlike Android’s, screens every app before accepting it. Also, Android is the fastest-growing mobile platform, so it is more attractive to hackers.

Google says it regularly scans apps in the Android Market for malware and can rapidly remove malicious apps from the market and from people’s phones. It prevents Android apps from accessing other apps and alerts users if an app accesses its contact list or location, for instance.

Lookout also sells a paid version for $3 a month, which scans apps for privacy intrusions like accessing a user’s contact list, alerts users if they visit unsafe mobile Web sites or click on unsafe links in text messages, backs up a phone’s call history and photos, and lets people lock or delete information from lost devices.

T-Mobile builds Lookout into its Android phones, Verizon uses its technology to screen apps in its app store and Sprint markets the app to customers. The cellphone carriers and Lookout share the revenue when a user upgrades to the paid version.

“In mobile security circles, you never wait on it to become a problem and it’s too late,” said Fared Adib, vice president of product development at Sprint.

Meanwhile, because mobile phone attacks are still relatively rare, Lookout’s free app includes tools, including a way to back up a user’s contacts and a feature that enables users to turn on an alarm on their phone when it is lost.

“You’re way more likely to just leave it in a cab than you are going to be attacked by a hacker,” said Mr. Miller, the security researcher.

And in addition to collecting money from paying subscribers, Lookout plans to sell the service to businesses. It has a chance because consumers are increasingly bringing their own technologies into the workplace, and Lookout’s app is consumer-friendly, said Chenxi Wang, a security analyst at Forrester Research.

“It’s something a lot of I.T. guys are worried about because they have no control over what consumers are doing and what these apps are doing,” Ms. Wang said.

Giovanni Vigna, a professor at the University of California, Santa Barbara who studies security and malware, said it was only a matter of time before mobile security was as second nature to consumers as computer security.

“The moment malware starts using text messages and expensive minutes people have to pay for, things will move a lot faster,” he said.

    For Hackers, the Next Lock to Pick, NYT, 27.9.2011,







Hacking blitz

drives cyberinsurance demand


NEW YORK | Tue Jun 14, 2011
6:24pm EDT
By Ben Berkowitz


NEW YORK (Reuters) - The recent string of sensational hacker attacks is driving companies to seek "cyberinsurance" worth hundreds of millions of dollars, even though many policies can still leave them exposed to claims.

Companies are having to enhance not just their information technology practices but also their human resources and employee training functions just to get adequate coverage against intrusion -- and in some cases, they are also accepting deductibles in the tens of millions of dollars.

Insurers and insurance brokers say demand is soaring, as companies try to protect themselves against civil suits and the potential for fines by governments and regulators, but also as they seek help paying for mundane costs like "sorry letters" to customers.

"When you have a catastrophic type of data breach then yes ... the phones ring off the hook," said Kevin Kalinich, co-national managing director of the professional risk group at insurance broker Aon Corp (AON.N: Quote, Profile, Research, Stock Buzz).

In the past few weeks, the U.S. Senate, the International Monetary Fund, defense contractor Lockheed Martin Corp. (LMT.N: Quote, Profile, Research, Stock Buzz), banking concern Citigroup Inc (C.N: Quote, Profile, Research, Stock Buzz), technology giant Google (GOOG.O: Quote, Profile, Research, Stock Buzz) and consumer electronics group Sony Corp (6758.T: Quote, Profile, Research, Stock Buzz) are among those who have disclosed hacker attacks of various kinds.

In the days after Sony disclosed it had more than 100 million customer accounts compromised, the company said its insurance would help cover the costs of fixing its systems and providing identity theft services to account holders.

That helped drum up business for the still-growing segment of the industry, and the demand has only intensified since a more recent breach at Citigroup, which security experts said was the largest direct attack on a U.S. bank to date.

Some insurers say this is the moment the industry has been waiting for as the tide of bad news becomes so overwhelming that customers have no choice but to seek coverage. On Tuesday, Travelers (TRV.N: Quote, Profile, Research, Stock Buzz) became the latest insurer to launch a package of policies covering various fraud and expense liabilities.

Aon's Kalinich said fewer than five percent of data breaches lead to costs of more than $20 million, and yet more and more companies are seeking to be insured for that and more to protect themselves against the shifting risk.

Large customers are going to extremes, taking out coverage for data breach liabilities of as much as $200 million, while also taking $25 million deductibles to keep their premiums down.



As with any kind of insurance, data breach policies carry all sorts of exclusions that put the onus on the company. Some, for example, exclude coverage for any incident that involves an unencrypted laptop. In other cases, insurers say, coverage can be voided if regular software updates are not downloaded or if employees do not change their passwords periodically.

"Insurers are all looking for good risks, whether it is a fire insurance company that wants a building that is sprinklered and doesn't have oily rags laying around - this is the equivalent in the IT area. They want good systems, they want good protection, they want good risk," said Don Glazier, a principal at Integro Insurance Brokers in Chicago.

Given that the average data breach cost $7.2 million last year, according to a March study from the Ponemon Institute, hundreds of millions of dollars of cover may seem extreme. But with the scale and scope of hacking attacks growing daily, some companies can not be cautious enough.

Of course, the risk they face is a moving target, both for them and for the insurance companies. After 10 years of writing policies, industry experts say a consensus is building on what "cyberinsurance" covers.

Generally, such policies now cover third-party liability, like suits filed by customers whose accounts have been hacked; direct costs like notification letters sent to affected customers; and, increasingly, fines and penalties associated with data breaches.

What is missing from the equation, however, is standards. Insurers can try to standardize the risk from hacking attacks, but cyberinsurance is still not auto insurance, where carriers can make their customers wear seat belts as a condition of a policy.

"One day the industry will actually be so robust that ... we'll have the leverage to actually create standards," said Tracey Vispoli, a senior vice president at insurer Chubb (CB.N: Quote, Profile, Research, Stock Buzz). "We're not there yet but that to me is a win to the industry."



Consumers are increasingly finding themselves less protected and more liable as well. Courts are siding with vendors and not their customers in some cases when it comes to the misuse of data.

In late May, a U.S. magistrate judge in Maine recommended the district court throw out a lawsuit filed against a bank by one of its customers, a construction company.

The customer had suffered a series of unauthorized withdrawals from its account after some employees' computers were infected with a virus that captured their banking information. The company sued the bank on the grounds that the bank's systems should have caught the clearly unusual pattern.

Lawyers who litigate cyberrisk say in the current environment, many companies are only looking out for themselves, not for their customers or suppliers.

"Most companies are looking more for first party (coverage), they're worried more about their own systems," said Richard Bortnick, an attorney with Cozen O'Connor and the publisher of the digital law blog CyberInquirer.

"Not all companies deem it necessary to provide notification of a cyberbreach or incident for reasons of reputation and other marketing-related bases," he said.


(Reporting by Ben Berkowitz,

Editing by Martin Howell)

Exclusive: Hacking blitz drives cyberinsurance demand,






Hackers break into Senate computers


WASHINGTON | Tue Jun 14, 2011
2:47am EDT
By Diane Bartz and Thomas Ferraro


WASHINGTON (Reuters) - The Senate's website was hacked over the weekend, leading to a review of all of its websites, in the latest embarrassing breach of security to hit a major U.S.-based institution.

The loosely organized hacker group Lulz Security broke into a public portion of the Senate website but did not reach behind a firewall into a more sensitive portion of the network, Martina Bradford, the deputy Senate sergeant at arms, said on Monday.

Despite the breach, the Sergeant at Arms Office, which provides security for the Senate, said that the breach had not compromised any individual senator's information.

Lulz announced the hack on Monday.

"We were responding to their allegations. Basically what we're saying that the server they got into is for public access and is in the public side," said Bradford.

Lulz Security, who have hacked into Sony's website and the Public Broadcasting System, posted online a list of files that appear not to be sensitive but indicate the hackers had been into the Senate's computer network.

"We don't like the U.S. government very much," Lulz Security said at the top of their release. "This is a small, just-for-kicks release of some internal data from Senate.gov - is this an act of war, gentlemen? Problem?"

The comment refers to reports that the military had decided that it could respond to cyber attacks from foreign countries with traditional military force.

Senate staffers were alerted about the breach late Monday.

"Although this intrusion is inconvenient, it does not compromise the security of the Senate's network, its members or staff," Bradford said in a statement. "Specifically, there is no individual user account information on the server supporting senate.gov that could have been compromised."

"The hackers may have done the equivalent of burglarizing the Senate and bragging because they managed to steal a bunch of souvenirs from the gift shop," said Stewart Baker, a former cyber official at the Department of Homeland Security. He is now with the law firm Steptoe and Johnson.



The Senate has been the frequent target of hacking attacks, with tens of thousands thwarted each month, Senate Sergeant at Arms Terrance Gainer told Reuters in early June.

Still, the break-in is just the latest in a series of embarrassing hacks against companies and organizations.

The International Monetary Fund has been hit, as have Lockheed Martin Corp, Citigroup Inc, Google and Michaels Stores.

The break-in would cause embarrassment at the Senate, said John Bumgarner of the Cyber Consequences Unit, a think tank.

"They're all valid directories," he said after looking at data that Lulz posted online. "This is an especially embarrassing incident for the Senate, because they are often asking others to explain why their cybersecurity programs have failed."

"The information disclosed online ... shows that the intruders had administrator-level access to the Senate server. This access could have potentially been used as a jump-off point to compromise other systems in the network," he said.

Lulz, which is Internet slang for 'laugh out loud,' has claimed hacks into websites owned by Sony Corp. It has also claimed responsibility for defacing the Public Broadcasting Service network websites, and for posting on Monday data from PBS servers to protest a "Front Line" documentary about WikiLeaks.

Lulz claimed credit for breaking into a Fox.com website and publishing data about contestants for the upcoming Fox TV talent show, "X Factor." Fox is a unit of News Corp.

Another loosely affiliated hacking group, Anonymous, gained prominence when it temporarily crippled the websites of MasterCard, Visa and PayPal after they cut off financial services to WikiLeaks.

It has also attacked websites in Syria, Tunisia, Egypt and India for political reasons.


(Additional reporting by Donna Smith;

Editing by Eric Beech)

    Hackers break into Senate computers, 14.6.2011,






IMF cyber attack

aimed to steal insider information:



Sun, Jun 12 2011
WASHINGTON/LONDON | Sun Jun 12, 2011
11:16am EDT
By Jim Wolf and William Maclean


WASHINGTON/LONDON (Reuters) - A major cyber attack on the IMF aimed to steal sensitive insider information, a cyber security expert said on Sunday, as the race to lead the body which oversees global financial system heated up.

The U.S. Federal Bureau of Investigation is helping to investigate the attack on the International Monetary Fund, the latest in a rash of cyber break-ins that have targeted high-profile companies and institutions.

"The IMF attack was clearly designed to infiltrate the IMF with the intention of gaining sensitive 'insider privileged information'," cyber security specialist Mohan Koo, who is also Managing Director, Dtex Systems (UK), told Reuters in London.

A June 8 internal memo from Chief Information Officer Jonathan Palmer told staff the Fund had detected suspicious file transfers and that an investigation had shown a desktop computer "had been compromised and used to access some Fund systems."

"At this point, we have no reason to believe that any personal information was sought for fraud purposes," it said.

The New York Times cited computer experts as saying the IMF's board of directors was told of the attack on Wednesday, though the assault had lasted several months.

The IMF says its remains "fully functional" but has declined to comment on the extent of the attack or the nature of the intruders' goal.

News of the hack came at a sensitive time for the world lender of last resort, which is seeking to replace former managing director Dominique Strauss-Kahn, who quit last month after being charged with the attempted rape of a hotel maid.

French Finance Minister Christine Lagarde remains the frontrunner to replace him, although Stanley Fischer, the Bank of Israel Governor and a former IMF deputy chief, has emerged as a late candidate, and Mexico's central bank chief, Agustin Carstens, is another contender.



Jeff Moss, a self-described computer hacker and member of the Department of Homeland Security Advisory Committee, said he believed the attack was conducted on behalf of a nation-state looking to either steal sensitive information about key IMF strategies or embarrass the organization to undermine its clout.

He said it could inspire attacks on other large institutions. "If they can't catch them, I'm afraid it might embolden others to try," said Moss, who is chief security officer for ICANN.

Tom Kellerman, a cybersecurity expert who has worked for both the IMF and the World Bank, said the intruders had aimed to install software that would give a nation state a "digital insider presence" on the IMF network.

That could yield a trove of non-public economic data used by the Fund to promote exchange rate stability, support balanced international trade and provide resources to remedy members' balance-of-payments crises.

"It was a targeted attack," said Kellerman, who serves on the board of a group known as the International Cyber Security Protection Alliance.

The code used in the IMF incident was developed specifically for the attack on the institution, said Kellerman, formerly responsible for cyber-intelligence within the World Bank's treasury team and now chief technology officer at AirPatrol, a cyber consultancy.



Koo of Dtex Systems (UK) said the recent spate of attacks on large global organizations was worrying because they were targeted, well-organized and well-executed, not opportunistic.

"Perhaps most frightening of all is the fact that these type of attacks could quite easily be directed toward Critical National Infrastructure (CNI) organizations, for example Energy and Water, where the impact of such a breach would have severe, immediate and potentially life-threatening consequences for everyday citizens."

Cyber security experts said it might be difficult for investigators to prove which nation was behind the attack.

"Even developing nations are able to leverage the Internet in order to change their standing and ability to influence," said Jeffrey Carr, author of the book, "Inside Cyber Warfare."

"It's something they never could have done before without gold or without military might," Carr said.

CIA Director Leon Panetta told the U.S. Congress on June 9 that the United States faced the "real possibility" of a crippling cyber attack on power systems, the electricity grid, security, financial and governmental systems.

Lockheed Martin Corp, the Pentagon's No. 1 supplier by sales and the biggest information technology provider to the U.S. government, disclosed two weeks ago that it had thwarted a "significant" cyber attack. It said it had become a "frequent target of adversaries around the world."

Also hit recently have been Citigroup Inc, Sony Corp and Google Inc.


(Reporting by Lesley Wroughton,

Jim Finkle, Jim Wolf,

Jim Vicini and William Maclean in London;

Editing by Jon Boyle)

IMF cyber attack aimed to steal insider information: expert,







U.S. says worried by cyber-attacks;

committed to Asia


SINGAPORE | Sat Jun 4, 2011
4:17am EDT
By Raju Gopalakrishnan
and David Alexander


SINGAPORE (Reuters) - The United States is seriously concerned about cyber-attacks and is prepared to use force against those it considers acts of war, Defense Secretary Robert Gates said at a security meeting in Asia on Saturday.

He also assured Asian allies that the United States would protect sea lanes and maintain a robust military presence in the region despite a severe budget crunch and the protracted wars in Iraq and Afghanistan.

"We take the cyber threat very seriously and we see it from a variety of sources, not just one or another country," Gates said at the annual Shangri-La Dialogue, an apparent reference to reports that several of the attacks may have originated in China.

"What would constitute an act of war by cyber that would require some kind of response, either in kind or kinetically?" he said.

"We could avoid some serious international tensions in the future if we could establish some rules of the road as early as possible to let people know what kinds of acts are acceptable, what kinds of acts are not and what kinds of acts may in fact be acts of war."

Earlier this week, Google said it had disrupted a campaign aimed at stealing passwords of hundreds of Google email account holders, including senior U.S. government officials, Chinese activists and journalists.

It was the latest in a series of cyber attacks that have also targeted defense contractor Lockheed Martin and Sony Corp. Google said the latest breach appeared to originate in China but neither the company nor the U.S. government has said the Chinese government was responsible.

But the U.S. State Department has asked Beijing to investigate.

British Defense Secretary Liam Fox said cyber attacks were now regular and in large numbers. "It's....the war of the invisible enemy," he said, adding that it had become a matter of urgency and was firmly on top of the security agenda.



Gates said it was difficult to identify where the perpetrators of such attacks were based and added that military ties with China were improving.

But he also said the U.S. was preparing weapons systems and capabilities that would allow U.S. forces "to deploy, move and strike over great distances in defense of our allies and vital interests." Although he gave few other details, the plans could worry China, U.S. officials privately said.

Asked whether China wouldn't see the remarks as a concern, a senior U.S. defense official said it was an example of the need for greater military transparency between the two sides.

"Without transparency, we obviously have to do certain things and make certain preparations because it's not quite clear what everybody's intentions are," the official said. "So the more ... clear it is about what China's military investment is aimed at, the more clear it us for us what's going on in the region and what intentions are."

Gates said the United States was committed to its Asian allies although a decade of combat in Iraq and Afghanistan had strained U.S. ground forces and exhausted public patience, while the recession had left Washington with huge budget deficits and looking to cut military spending.

"Irrespective of the tough times the U.S. faces today, or the tough budget choices we confront in the coming years, ... America's interests as a Pacific nation -- as a country that conducts much of its trade in the region -- will endure," he said.

"The United States and Asia will only become more inextricably linked over the course of this century. These realities ... argue strongly for sustaining our commitments to allies while maintaining a robust military engagement and deterrent posture across the Pacific Rim," he said.


(Additional reporting by Kevin Lim

and Sanjeev Miglani;

Editing by Jonathan Thatcher)

U.S. says worried by cyber-attacks; committed to Asia,







Sony breach latest

in string of cyber attacks


BOSTON | Tue Apr 26, 2011
6:34pm EDT


BOSTON (Reuters) - An unauthorized person stole names, addresses and possibly credit card data belonging to 77 million account holders on Sony's PlayStation Network in what could be one of the largest-ever Internet security breaches.

Internet security experts believe that these systems were breached by hackers who persuaded unsuspecting system administrators to load malicious software onto their machines. Here are some other large Internet security breaches:

April 2011 -- Online marketer Epsilon, which sends billions of emails a year for clients that represent a "Who's Who" of major banks and retailers, reports a breach of its system. It says that some clients' customer names and email addresses were stolen.

2010 -- Security researchers identify a computer worm dubbed Stuxnet that they speculate was designed to breach a system used to refine uranium in Iran at that nation's Natanz enrichment plant.

2010 -- Google Inc says that it was the victim of a cyber attack on its operations in China that resulted in the theft of its intellectual property. Google said that the networks of more than 20 other companies had been infiltrated.

2009 -- Hacker Albert Gonzalez pleads guilty to stealing tens of millions of payment card numbers by breaking into corporate computer systems from businesses including payment card processor Heartland Payment Systems, TJX Company Inc, 7-Eleven Inc and Target Co


(Reporting by Jim Finkle, editing by Bernard Orr)

Factbox: Sony breach latest in string of cyber attacks,






Targeted cyber attacks

to rise further: Symantec


HELSINKI | Tue Apr 5, 2011
12:21am EDT
By Tarmo Virki,
European Technology Correspondent


HELSINKI (Reuters) - Targeted cyber attacks will pose a growing threat to companies around the world this year after the Stuxnet worm hit Iran's nuclear program in 2010, security software maker Symantec Corp said on Tuesday.

"Last year was the year of high-profile targeted attacks. We will see so many more," said Sian John, security strategist at Symantec.

So-called targeted attacks succeed as most consumers avoid clicking on suspicious links in spam emails, but open files that seem to arrive from legitimate senders.

"They are more challenging, but the return is higher," John said.

In total, the number of measured Web-based attacks rose 93 percent in 2010 from a year ago, boosted by proliferation of shortened Internet addresses, Symantec said in its annual threat review.

"Last year, attackers posted millions of these shortened links on social networking sites to trick victims into both phishing and malware attacks, dramatically increasing the rate of successful infection," Symantec said.

Social networking sites are increasingly important platform for attackers as their popularity among consumers is rising fast.

The software company said attacks on leading mobile platforms were also set to increase after a 42 percent rise in mobile vulnerabilities last year.

"The major mobile platforms are finally becoming ubiquitous enough to garner the attention of attackers," Symantec said. "Attackers are really following the consumers here."


(Editing by Andre Grenon)

Targeted cyber attacks to rise further: Symantec, R, 6.4.2011,






Israel Tests on Worm

Called Crucial in Iran Nuclear Delay


January 15, 2011
The New York Times


This article is by William J. Broad, John Markoff
and David E. Sanger.

The Dimona complex in the Negev desert is famous as the heavily guarded heart of Israel’s never-acknowledged nuclear arms program, where neat rows of factories make atomic fuel for the arsenal.

Over the past two years, according to intelligence and military experts familiar with its operations, Dimona has taken on a new, equally secret role — as a critical testing ground in a joint American and Israeli effort to undermine Iran’s efforts to make a bomb of its own.

Behind Dimona’s barbed wire, the experts say, Israel has spun nuclear centrifuges virtually identical to Iran’s at Natanz, where Iranian scientists are struggling to enrich uranium. They say Dimona tested the effectiveness of the Stuxnet computer worm, a destructive program that appears to have wiped out roughly a fifth of Iran’s nuclear centrifuges and helped delay, though not destroy, Tehran’s ability to make its first nuclear arms.

“To check out the worm, you have to know the machines,” said an American expert on nuclear intelligence. “The reason the worm has been effective is that the Israelis tried it out.”

Though American and Israeli officials refuse to talk publicly about what goes on at Dimona, the operations there, as well as related efforts in the United States, are among the newest and strongest clues suggesting that the virus was designed as an American-Israeli project to sabotage the Iranian program.

In recent days, the retiring chief of Israel’s Mossad intelligence agency, Meir Dagan, and Secretary of State Hillary Rodham Clinton separately announced that they believed Iran’s efforts had been set back by several years. Mrs. Clinton cited American-led sanctions, which have hurt Iran’s ability to buy components and do business around the world.

The gruff Mr. Dagan, whose organization has been accused by Iran of being behind the deaths of several Iranian scientists, told the Israeli Knesset in recent days that Iran had run into technological difficulties that could delay a bomb until 2015. That represented a sharp reversal from Israel’s long-held argument that Iran was on the cusp of success.

The biggest single factor in putting time on the nuclear clock appears to be Stuxnet, the most sophisticated cyberweapon ever deployed.

In interviews over the past three months in the United States and Europe, experts who have picked apart the computer worm describe it as far more complex — and ingenious — than anything they had imagined when it began circulating around the world, unexplained, in mid-2009.

Many mysteries remain, chief among them, exactly who constructed a computer worm that appears to have several authors on several continents. But the digital trail is littered with intriguing bits of evidence.

In early 2008 the German company Siemens cooperated with one of the United States’ premier national laboratories, in Idaho, to identify the vulnerabilities of computer controllers that the company sells to operate industrial machinery around the world — and that American intelligence agencies have identified as key equipment in Iran’s enrichment facilities.

Seimens says that program was part of routine efforts to secure its products against cyberattacks. Nonetheless, it gave the Idaho National Laboratory — which is part of the Energy Department, responsible for America’s nuclear arms — the chance to identify well-hidden holes in the Siemens systems that were exploited the next year by Stuxnet.

The worm itself now appears to have included two major components. One was designed to send Iran’s nuclear centrifuges spinning wildly out of control. Another seems right out of the movies: The computer program also secretly recorded what normal operations at the nuclear plant looked like, then played those readings back to plant operators, like a pre-recorded security tape in a bank heist, so that it would appear that everything was operating normally while the centrifuges were actually tearing themselves apart.

The attacks were not fully successful: Some parts of Iran’s operations ground to a halt, while others survived, according to the reports of international nuclear inspectors. Nor is it clear the attacks are over: Some experts who have examined the code believe it contains the seeds for yet more versions and assaults.

“It’s like a playbook,” said Ralph Langner, an independent computer security expert in Hamburg, Germany, who was among the first to decode Stuxnet. “Anyone who looks at it carefully can build something like it.” Mr. Langner is among the experts who expressed fear that the attack had legitimized a new form of industrial warfare, one to which the United States is also highly vulnerable.

Officially, neither American nor Israeli officials will even utter the name of the malicious computer program, much less describe any role in designing it.

But Israeli officials grin widely when asked about its effects. Mr. Obama’s chief strategist for combating weapons of mass destruction, Gary Samore, sidestepped a Stuxnet question at a recent conference about Iran, but added with a smile: “I’m glad to hear they are having troubles with their centrifuge machines, and the U.S. and its allies are doing everything we can to make it more complicated.”

In recent days, American officials who spoke on the condition of anonymity have said in interviews that they believe Iran’s setbacks have been underreported. That may explain why Mrs. Clinton provided her public assessment while traveling in the Middle East last week.

By the accounts of a number of computer scientists, nuclear enrichment experts and former officials, the covert race to create Stuxnet was a joint project between the Americans and the Israelis, with some help, knowing or unknowing, from the Germans and the British.

The project’s political origins can be found in the last months of the Bush administration. In January 2009, The New York Times reported that Mr. Bush authorized a covert program to undermine the electrical and computer systems around Natanz, Iran’s major enrichment center. President Obama, first briefed on the program even before taking office, sped it up, according to officials familiar with the administration’s Iran strategy. So did the Israelis, other officials said. Israel has long been seeking a way to cripple Iran’s capability without triggering the opprobrium, or the war, that might follow an overt military strike of the kind they conducted against nuclear facilities in Iraq in 1981 and Syria in 2007.

Two years ago, when Israel still thought its only solution was a military one and approached Mr. Bush for the bunker-busting bombs and other equipment it believed it would need for an air attack, its officials told the White House that such a strike would set back Iran’s programs by roughly three years. Its request was turned down.

Now, Mr. Dagan’s statement suggests that Israel believes it has gained at least that much time, without mounting an attack. So does the Obama administration.

For years, Washington’s approach to Tehran’s program has been one of attempting “to put time on the clock,” a senior administration official said, even while refusing to discuss Stuxnet. “And now, we have a bit more.”


Finding Weaknesses

Paranoia helped, as it turns out.

Years before the worm hit Iran, Washington had become deeply worried about the vulnerability of the millions of computers that run everything in the United States from bank transactions to the power grid.

Computers known as controllers run all kinds of industrial machinery. By early 2008, the Department of Homeland Security had teamed up with the Idaho National Laboratory to study a widely used Siemens controller known as P.C.S.-7, for Process Control System 7. Its complex software, called Step 7, can run whole symphonies of industrial instruments, sensors and machines.

The vulnerability of the controller to cyberattack was an open secret. In July 2008, the Idaho lab and Siemens teamed up on a PowerPoint presentation on the controller’s vulnerabilities that was made to a conference in Chicago at Navy Pier, a top tourist attraction.

“Goal is for attacker to gain control,” the July paper said in describing the many kinds of maneuvers that could exploit system holes. The paper was 62 pages long, including pictures of the controllers as they were examined and tested in Idaho.

In a statement on Friday, the Idaho National Laboratory confirmed that it formed a partnership with Siemens but said it was one of many with manufacturers to identify cybervulnerabilities. It argued that the report did not detail specific flaws that attackers could exploit. But it also said it could not comment on the laboratory’s classified missions, leaving unanswered the question of whether it passed what it learned about the Siemens systems to other parts of the nation’s intelligence apparatus.

The presentation at the Chicago conference, which recently disappeared from a Siemens Web site, never discussed specific places where the machines were used.

But Washington knew. The controllers were critical to operations at Natanz, a sprawling enrichment site in the desert. “If you look for the weak links in the system,” said one former American official, “this one jumps out.”

Controllers, and the electrical regulators they run, became a focus of sanctions efforts. The trove of State Department cables made public by WikiLeaks describes urgent efforts in April 2009 to stop a shipment of Siemens controllers, contained in 111 boxes at the port of Dubai, in the United Arab Emirates. They were headed for Iran, one cable said, and were meant to control “uranium enrichment cascades” — the term for groups of spinning centrifuges.

Subsequent cables showed that the United Arab Emirates blocked the transfer of the Siemens computers across the Strait of Hormuz to Bandar Abbas, a major Iranian port.

Only months later, in June, Stuxnet began to pop up around the globe. The Symantec Corporation, a maker of computer security software and services based in Silicon Valley, snared it in a global malware collection system. The worm hit primarily inside Iran, Symantec reported, but also in time appeared in India, Indonesia and other countries.

But unlike most malware, it seemed to be doing little harm. It did not slow computer networks or wreak general havoc.

That deepened the mystery.


A ‘Dual Warhead’

No one was more intrigued than Mr. Langner, a former psychologist who runs a small computer security company in a suburb of Hamburg. Eager to design protective software for his clients, he had his five employees focus on picking apart the code and running it on the series of Siemens controllers neatly stacked in racks, their lights blinking.

He quickly discovered that the worm only kicked into gear when it detected the presence of a specific configuration of controllers, running a set of processes that appear to exist only in a centrifuge plant. “The attackers took great care to make sure that only their designated targets were hit,” he said. “It was a marksman’s job.”

For example, one small section of the code appears designed to send commands to 984 machines linked together.

Curiously, when international inspectors visited Natanz in late 2009, they found that the Iranians had taken out of service a total of exactly 984 machines that had been running the previous summer.

But as Mr. Langner kept peeling back the layers, he found more — what he calls the “dual warhead.” One part of the program is designed to lie dormant for long periods, then speed up the machines so that the spinning rotors in the centrifuges wobble and then destroy themselves. Another part, called a “man in the middle” in the computer world, sends out those false sensor signals to make the system believe everything is running smoothly. That prevents a safety system from kicking in, which would shut down the plant before it could self-destruct.

“Code analysis makes it clear that Stuxnet is not about sending a message or proving a concept,” Mr. Langner later wrote. “It is about destroying its targets with utmost determination in military style.”

This was not the work of hackers, he quickly concluded. It had to be the work of someone who knew his way around the specific quirks of the Siemens controllers and had an intimate understanding of exactly how the Iranians had designed their enrichment operations.

In fact, the Americans and the Israelis had a pretty good idea.


Testing the Worm

Perhaps the most secretive part of the Stuxnet story centers on how the theory of cyberdestruction was tested on enrichment machines to make sure the malicious software did its intended job.

The account starts in the Netherlands. In the 1970s, the Dutch designed a tall, thin machine for enriching uranium. As is well known, A. Q. Khan, a Pakistani metallurgist working for the Dutch, stole the design and in 1976 fled to Pakistan.

The resulting machine, known as the P-1, for Pakistan’s first-generation centrifuge, helped the country get the bomb. And when Dr. Khan later founded an atomic black market, he illegally sold P-1’s to Iran, Libya, and North Korea.

The P-1 is more than six feet tall. Inside, a rotor of aluminum spins uranium gas to blinding speeds, slowly concentrating the rare part of the uranium that can fuel reactors and bombs.

How and when Israel obtained this kind of first-generation centrifuge remains unclear, whether from Europe, or the Khan network, or by other means. But nuclear experts agree that Dimona came to hold row upon row of spinning centrifuges.

“They’ve long been an important part of the complex,” said Avner Cohen, author of “The Worst-Kept Secret” (2010), a book about the Israeli bomb program, and a senior fellow at the Monterey Institute of International Studies. He added that Israeli intelligence had asked retired senior Dimona personnel to help on the Iranian issue, and that some apparently came from the enrichment program.

“I have no specific knowledge,” Dr. Cohen said of Israel and the Stuxnet worm. “But I see a strong Israeli signature and think that the centrifuge knowledge was critical.”

Another clue involves the United States. It obtained a cache of P-1’s after Libya gave up its nuclear program in late 2003, and the machines were sent to the Oak Ridge National Laboratory in Tennessee, another arm of the Energy Department.

By early 2004, a variety of federal and private nuclear experts assembled by the Central Intelligence Agency were calling for the United States to build a secret plant where scientists could set up the P-1’s and study their vulnerabilities. “The notion of a test bed was really pushed,” a participant at the C.I.A. meeting recalled.

The resulting plant, nuclear experts said last week, may also have played a role in Stuxnet testing.

But the United States and its allies ran into the same problem the Iranians have grappled with: the P-1 is a balky, badly designed machine. When the Tennessee laboratory shipped some of its P-1’s to England, in hopes of working with the British on a program of general P-1 testing, they stumbled, according to nuclear experts.

“They failed hopelessly,” one recalled, saying that the machines proved too crude and temperamental to spin properly.

Dr. Cohen said his sources told him that Israel succeeded — with great difficulty — in mastering the centrifuge technology. And the American expert in nuclear intelligence, who spoke on the condition of anonymity, said the Israelis used machines of the P-1 style to test the effectiveness of Stuxnet.

The expert added that Israel worked in collaboration with the United States in targeting Iran, but that Washington was eager for “plausible deniability.”

In November, the Iranian president, Mahmoud Ahmadinejad, broke the country’s silence about the worm’s impact on its enrichment program, saying a cyberattack had caused “minor problems with some of our centrifuges.” Fortunately, he added, “our experts discovered it.”

The most detailed portrait of the damage comes from the Institute for Science and International Security, a private group in Washington. Last month, it issued a lengthy Stuxnet report that said Iran’s P-1 machines at Natanz suffered a series of failures in mid- to late 2009 that culminated in technicians taking 984 machines out of action.

The report called the failures “a major problem” and identified Stuxnet as the likely culprit.

Stuxnet is not the only blow to Iran. Sanctions have hurt its effort to build more advanced (and less temperamental) centrifuges. And last January, and again in November, two scientists who were believed to be central to the nuclear program were killed in Tehran.

The man widely believed to be responsible for much of Iran’s program, Mohsen Fakrizadeh, a college professor, has been hidden away by the Iranians, who know he is high on the target list.

Publicly, Israeli officials make no explicit ties between Stuxnet and Iran’s problems. But in recent weeks, they have given revised and surprisingly upbeat assessments of Tehran’s nuclear status.

“A number of technological challenges and difficulties” have beset Iran’s program, Moshe Yaalon, Israel’s minister of strategic affairs, told Israeli public radio late last month.

The troubles, he added, “have postponed the timetable.”

Israel Tests on Worm Called Crucial in Iran Nuclear Delay,





Web Attackers

Find a Cause in WikiLeaks


December 9, 2010
The New York Times


They got their start years ago as cyberpranksters, an online community of tech-savvy kids more interested in making mischief than political statements.

But the coordinated attacks on major corporate and government Web sites in defense of WikiLeaks, which began on Wednesday and continued on Thursday, suggested that the loosely organized group called Anonymous might have come of age, evolving into one focused on more serious matters: in this case, the definition of Internet freedom.

While the attacks on such behemoths as MasterCard, Visa and PayPal were not nearly as sophisticated as some less publicized assaults, they were a step forward in the group’s larger battle against what it sees as increasing control of the Internet by corporations and governments. This week they found a cause and an icon: Julian Assange, the former hacker who founded WikiLeaks and is now in a London jail at the request of the Swedish authorities investigating him on accusations of rape.

“This is kind of the shot heard round the world — this is Lexington,” said John Perry Barlow, a co-founder of the Electronic Frontier Foundation, a civil liberties organization that advocates for a freer Internet.

On Thursday, the police in the Netherlands took the first official action against the campaign, detaining a 16-year-old student in his parents’ home in The Hague who they said admitted to participating in attacks on MasterCard and Visa. The precise nature of his involvement was unclear, but in past investigations, the authorities have sometimes arrested those unsophisticated enough not to cover their tracks on the Web.

Meanwhile, a lawyer for Mr. Assange, 39, said he strongly denied that he had encouraged any attacks on behalf of WikiLeaks.

“It is absolutely false,” the lawyer, Jennifer Robinson, told the Australian Broadcasting Corporation in London on Thursday. “He did not make any such instruction, and indeed he sees that as a deliberate attempt to conflate hacking organizations” with “WikiLeaks, which is not a hacking organization. It is a news organization and a publisher.”

Although Anonymous remains shadowy and without public leaders, it developed a loose hierarchy in recent years as it took on groups as diverse as the Church of Scientology and the Motion Picture Association of America.

The coordination and the tactics developed in those campaigns appeared to make this week’s attacks more powerful, allowing what analysts believe is a small group to enlist thousands of activists to bombard Web sites with traffic, making them at least temporarily inaccessible. Experts say the group appears to have used more sophisticated software this time that allowed supporters to repeatedly visit the sites at a specific time when the command was given.

The Twitter account identified with the Anonymous movement contained messages with little more than the words “Fire now.”

The attacks thus far have been of limited effect, shutting down the MasterCard Web site, not its online transactions.

But to security experts and people who have tracked or participated in the Anonymous movement, they indicated a step forward for cyberanarchists railing against the “elites” — corporations and governments with power over both the machinery and, critics increasingly argue, the content on the Web.

“In the past, Anonymous made quite a lot of noise but did little damage,” said Amichai Shulman, chief technology officer at Imperva, a California-based security technology company. “It’s different this time around. They are starting to use the same tools that industrial hackers are using.”

Despite the name, Anonymous can be found in many locations and formats. Members converse in online forums and chat rooms where friendships and alliances often build.

“It’s the first place I go when I turn on my computer,” said one Anonymous activist, reached on an online chat service, who did not want to be named discussing the structure of the organization.

Groups of these friends, who form new conversations, or threads, sometimes decide on a topic or an issue that they feel is deserving of more attention, the activist said.

“You post things, discuss ideas and that leads to putting out a video or a document” for a campaign. In the case of WikiLeaks, the activist said, it appears that two groups decided almost simultaneously to mount a concerted effort against the site’s enemies.

“I got e-mailed these two links on Sunday or Monday,” he said. Denouncing “what’s being done to Julian and WikiLeaks,” he said, he decided to join in.

These ideas bubble up, but ultimately a small group decides exactly what affiliated site should be attacked and when, according to a Dutch writer on the Anonymous movement, who writes a blog under the name Ernesto Van der Sar. There is a chat room “that is invite only, with a dozen or so people,” he said, that pick the targets and the time of attack.

He described the typical Anonymous member as young; he guessed 18 to 24 years old.

While Anonymous has recently had success with attacks on sites related to copyright infringement cases, the WikiLeaks cause has brought a much greater intensity to its efforts.

The campaigns are part of Operation Payback, created in the summer to defend a file-sharing site in Sweden that counts itself part of the mission of keeping the Internet unfettered and unfiltered and that was singled out by the authorities.

“We could move against enemies of WikiLeaks so easily because there was already a network up and running, there was already a chat room for people to meet in,” said Gregg Housh, an activist who has been involved in Anonymous campaigns but disavows a personal role in any illegal online activity.

The software used to coordinate the attacks is being downloaded about 1,000 times per hour, with about one-third of those downloads coming from the United States. Recently the software was improved so that a command could be sent to a supporter’s computers and the attack would begin — no human needed.

But even Mr. Barlow of the Electronic Frontier Foundation appeared to have second thoughts about where such escalation could lead: On Thursday, he said that the Anonymous group members represented “a stunning force in the world.

“But still,” he said, it is “better used to open, not to close.” He added that he opposed denial-of-service attacks on principle: “It’s like the poison gas of cyberspace. The fundamental principle should be to open things up and not close them.”

Things were hardly so serious when Anonymous first made a name for itself. The group grew out of online message boards like 4chan, an unfiltered meeting place with more than its share of misanthropic behavior and schemes.

Mr. Housh said of Anonymous: “It was deliberately not for any good. We kind of took pride in it.”

That changed when Mr. Housh and a few dozen others were incensed by the Church of Scientology’s attempt to use copyright law to remove a long video in which the actor Tom Cruise had spoken about church beliefs.

With its work on behalf of WikiLeaks, Anonymous has found a much more high-profile cause. As the campaign expands, many fear a more contentious Internet as governments and businesses respond to more serious attacks by activists who benefit from improvements in bandwidth and readily available hacking tools.

“Home field advantage goes to the attacker,” said Gunter Ollmann, vice president of research at Damballa, an Atlanta-based firm that specializes in Internet protection. “With a little bit of coordination and growing numbers of participants, these things will continue to happen regularly.”


Reporting was contributed by John Markoff

and Ashlee Vance from San Francisco,

Ravi Somaiya from London and Marlise Simons

from Paris.

Web Attackers Find a Cause in WikiLeaks, NYT, 9.12.2010,






Hacker Threatens More Attacks

on WikiLeaks Foes


December 9, 2010

The New York Times




LONDON — In a campaign that had some declaring the start of a “cyberwar,” hundreds of Internet activists mounted retaliatory attacks on the Web sites of multinational companies and other organizations they deemed hostile to the WikiLeaks antisecrecy organization and its jailed founder, Julian Assange.

Within 12 hours of a British judge’s decision to deny Mr. Assange bail in a Swedish extradition case, attacks on the Web sites of WikiLeaks’s “enemies,” as defined by the organization’s impassioned supporters around the world, caused several corporate Web sites to become inaccessible or slow down markedly on Wednesday.

Targets of the attacks, in which activists overwhelmed the sites with traffic, included the Web site of MasterCard, which had stopped processing donations for WikiLeaks; Amazon.com, which revoked the use of its computer servers; and PayPal, which stopped accepting donations for Mr. Assange’s group. Visa.com was also affected by the attacks, as were the Web sites of the Swedish prosecutor’s office and the lawyer representing the two women whose allegations of sexual misconduct are the basis of Sweden’s extradition bid.

On Thursday, Gregg Housh, an activist with the loosely affiliated group of so-called hacktivists, said the group was redoubling its efforts to bring down PayPal, which is better protected than some other sites. PayPal, an online payment service company, said the attacks had slowed its Web site “but have not significantly impacted payments.”

No other major Web sites appeared to be suffering disruptions in service early Thursday, however, suggesting that the economic impact of the attacks was limited.

The Internet assaults underlined the growing reach of self-described “cyberanarchists,” antigovernment and anticorporate activists who have made an icon of Mr. Assange, a 39-year-old Australian.

The speed and range of the attacks Wednesday appeared to show the resilience of the backing among computer activists for Mr. Assange, who has appeared increasingly isolated in recent months amid the furor stoked by WikiLeaks’s posting of hundreds of thousands of secret Pentagon documents on the wars in Afghanistan and Iraq.

Mr. Assange has come under renewed attack in the past two weeks for posting the first tranche of a trove of 250,000 secret State Department cables that have exposed American diplomats’ frank assessments of relations with many countries, forcing Secretary of State Hillary Rodham Clinton to express regret to world leaders and raising fears that they and other sources would become more reticent.

The New York Times and four other news organizations last week began publishing articles based on the archive of cables made available to them.

In recent months, some of Mr. Assange’s closest associates in WikiLeaks abandoned him, calling him autocratic and capricious and accusing him of reneging on WikiLeaks’s original pledge of impartiality to launch a concerted attack on the United States. He has been simultaneously fighting a remote battle with the Swedish prosecutors, who have sought his extradition for questioning on accusations of “rape, sexual molestation and forceful coercion” made by the Swedish women. Mr. Assange has denied any wrongdoing in the cases.

American officials have repeatedly said that they are reviewing possible criminal charges against Mr. Assange, a step that could lead to a bid to extradite him to the United States and confront him with having to fight for his freedom on two fronts.

The cyberattacks in Mr. Assange’s defense appear to have been coordinated by Anonymous, a loosely affiliated group of activist computer hackers who have singled out other groups before, including the Church of Scientology. Last weekend, members of Anonymous vowed in two online manifestos to take revenge on any organization that lined up against WikiLeaks.

Anonymous claimed responsibility for the MasterCard attack in Web messages and, according to Mr. Housh, the activist associated with the group, conducted waves of attacks on other companies during the day. The group said the actions were part of an effort called Operation Payback, which began as a way of punishing companies that tried to stop Internet file-sharing and movie downloads.

Mr. Housh, who disavows a personal role in any illegal online activity, said that 1,500 supporters had been in online forums and chat rooms organizing the mass “denial of service” attacks. His account was confirmed by Jose Nazario, a senior security researcher at Arbor Networks, a Chelmsford, Mass., firm that tracks malicious activity on computer networks.

Most of the corporations whose sites were targeted did not explain why they severed ties with WikiLeaks. But PayPal issued statements saying its decision was based on “a violation” of its policy on promoting illegal activities.

The sense of an Internet war was reinforced Wednesday when netcraft, a British Internet monitoring firm, reported that the Web site being used by the hackers to distribute denial-of-service software had been suspended by a Dutch hosting firm, Leaseweb.

A sense of the belligerent mood among activists was given when one contributor to a forum the group uses, WhyWeProtest.net, wrote of the attacks: “The war is on. And everyone ought to spend some time thinking about it, discussing it with others, preparing yourselves so you know how to act if something compels you to make a decision. Be very careful not to err on the side of inaction.”

Mr. Housh acknowledged that there had been online talk among the hackers of a possible Internet campaign against the two women who have been Mr. Assange’s accusers in the Swedish case, but he said that “a lot of people don’t want to be involved.”

A Web search showed new blog posts in recent days in which the two women, identified by the Swedish prosecutors only as Ms. A. and Ms. W., were named, but it was not clear whether there was any link to Anonymous. The women have said that consensual sexual encounters with Mr. Assange became nonconsensual when he stopped using condoms.

The cyberattacks on corporations Wednesday were seen by many supporters as a counterstrike against the United States. Mr. Assange’s online supporters have widely condemned the Obama administration as the unseen hand coordinating efforts to choke off WikiLeaks by denying it financing and suppressing its network of computer servers.

Mr. Housh described Mr. Assange in an interview as “a political prisoner,” a common view among WikiLeaks supporters who have joined Mr. Assange in condemning the sexual abuse accusations as part of an American-inspired “smear campaign.”

Another activist used the analogy of the civil rights struggle for the cyberattacks.

“Are they disrupting business?” a contributor using the name Moryath wrote in a comment on the slashdot.org technology Web site. “Perhaps, but no worse than the lunch counter sit-ins did.”


John Markoff and Ashlee Vance

contributed reporting from San Francisco,

and Alan Cowell from Paris.

Hacker Threatens More Attacks on WikiLeaks Foes,






WikiLeaks Struggles

to Stay Online After Cyberattacks


December 3, 2010
The New York Times


LONDON — An American provider of Internet domain names withdrew its service to the WikiLeaks Web site late Thursday after a barrage of attacks by hackers threatened to destabilize its entire system. But within hours, WikiLeaks had registered its domain name in Switzerland, and it was back online by early Friday morning.

Shortly after the action by EveryDNS.net, which provides domain names for about 500,000 Web sites, the French government began seeking measures to keep the whistle blowing organization from being hosted in France. The moves follow a decision on Wednesday by Amazon.com Inc. to expel WikiLeaks from its servers. The organization remains on the servers of a Swedish host, Bahnhof.

WikiLeaks appears increasingly engaged in a game of digital Whac-A-Mole as it struggles to stay online after publicizing a huge array of some 250,000 leaked State Department documents relating to American foreign policy around the globe.

The Web infrastructure that supports WikiLeaks is deliberately diffuse and difficult to track, with servers spread through many countries in order to insulate the site from hostile states or companies. But cyberattacks and problems with service providers have kept the site and its founder, Julian Assange, moving.

“Since April of this year, our timetable has not been our own; rather it has been one that has centered on the moves of abusive elements of the United States government against us,” Mr. Assange wrote in a discussion on Friday on the Web site of the British newspaper The Guardian. “The threats against our lives are a matter of public record,” he added later, saying he and others who work on WikiLeaks were taking “appropriate precautions.” Mr. Assange is being sought for questioning in connection to alleged sex crimes in Sweden, which he has denied the allegations, and his location was not disclosed.

In a statement on its Web site, EveryDNS.net said it terminated WikiLeaks’ domain name at around 10 p.m., Eastern time for violating its terms of service.

The old domain, WikiLeaks.org, “has become the target of multiple distributed denial of service (DDOS) attacks,” the company said. Such attacks usually involve bombarding a Web site with requests for access, effectively blocking legitimate users, and are designed to make a targeted Web site unavailable. When questioned about similar cyberattacks on Sunday against WikiLeaks, American officials vigorously denied any involvement.

According to WhoIs.com, the new domain, WikiLeaks.ch, is registered to the Swiss branch of the Swedish Pirate Party, a political organization that has previously worked with Mr. Assange.

In an interview with The New York Times earlier this year, the Pirate Party’s leader, Rickard Falkvinge, expressed an open offer to host the WikiLeaks site because “our organizations generally share the same values — we value privacy, transparency, democracy and knowledge.” Mr. Falkvinge added that any sharing of Web services between the two organizations would offer “heightened political protection.”

“Any prosecutors will have to target a political party in us, and the price for doing that is much higher,” he said.

WikiLeaks reacted to the domain name switch on its Twitter feed, writing just after midnight on Friday morning: “WikiLeaks.org domain killed by U.S. EveryDNS.net after claimed mass attacks.”

It implored supporters to “keep us strong” and provided a link for financial donations. Hours later, a message on the WikiLeaks Twitter feed said: “WikiLeaks moved to Switzerland” and provided the new Web address.

In France, Industry Minister Eric Besson asked the French government on Friday to explore measures to “ensure that it is no longer hosted in France” after reports surfaced that WikiLeaks has servers there, according to a letter seen by Reuters. “France cannot host an internet site that violates the secrecy of diplomatic relations and endangers people,” Mr. Besson said.

Earlier this week, Amazon — which rents server space to companies in addition to its online retail business — canceled its relationship with WikiLeaks after inquiries from an aide to Senator Joseph I. Lieberman, independent of Connecticut. The company said the organization was violating the terms of service for the program.

“When companies or people go about securing and storing large quantities of data that isn’t rightfully theirs, and publishing this data without ensuring it won’t injure others, it’s a violation of our terms of service, and folks need to go operate elsewhere,” the company said.

Anna Mossberg, Bahnhof’s chief executive, said her company held “two physical WikiLeaks servers in our data hall in Stockholm.” Those servers, she said, have been attacked in recent weeks, though Bahnhof has come under no overt government pressure to abandon them. “But I know we are not the only provider of WikiLeaks’ servers — they are everywhere.”


Ravi Somaiya reported from London,

J. David Goodman from New York.

Eric Schmitt contributed reporting from Washington,

and Alan Cowell from Paris.

WikiLeaks Struggles to Stay Online After Cyberattacks,
NYT, 3.12.2010,






Clinton Urges a Global Response

to Internet Attacks


January 22, 2010
The New York Times


WASHINGTON — Coupling a salute to Internet freedom with a carefully worded caution to countries like China and Iran, Secretary of State Hillary Rodham Clinton said Thursday that countries that engaged in cyberattacks should face consequences and international condemnation.

“In an interconnected world, an attack on one nation’s networks can be an attack on all,” she said in a speech in Washington. “By reinforcing that message, we can create norms of behavior among states and encourage respect for the global networked commons.”

Mrs. Clinton’s comments came in a speech in which she announced a new $15 million effort to help more young people, women and citizens groups in other countries communicate on the Web.

“Given the magnitude of the challenges we’re facing, we need people around the world to pool their knowledge and creativity to help rebuild the global economy, protect our environment, defeat violent extremism and build a future in which every human being can realize their God-given potential,” she said, according to the advance text of a speech at the Newseum in Washington.

Her remarks came at a time when Internet controls have drawn increasing public attention. Limits on Internet searches led to a dispute made public this month between Google and China, and sites such as Facebook and Twitter, which played a critical role in helping protesters in Iran spread news and images of violent crackdowns on antigovernment demonstrations, have been blocked by the authorities in Tehran.

Foreign companies and millions of Chinese Google users have been watching the matter with keen interest.

Google announced on Jan. 12 that it was “no longer willing to continue censoring” search results for its Chinese users, pointing to breaches of Gmail accounts held by human rights activists in China. Tens of other companies had also been targets of hacking, the company found. Google has taken a cautious approach to the dispute, avoiding placing direct blame on the government in Beijing, and the Chinese government has sought to describe the situation as strictly business.

None of the proposals Mrs. Clinton mentioned focused specifically on China or Iran, and the financing is relatively modest.

Still, Mrs. Clinton made an unmistakable allusion to Google and China when she said, “Countries or individuals that engage in cyberattacks should face consequences and international condemnation.

She did not suggest what the consequences should be, though.

Five United States senators, led by Sam Brownback, Republican of Kansas, have urged Mrs. Clinton to move quickly to support organizations that have tried to make it easier for people in countries like China and Iran to sidestep government restrictions on Internet use.

The senators, in a letter written before the recent Google dispute, urged Mrs. Clinton to quickly spend $45 million earmarked over the last two years for Internet freedom.

Her announcement, while calling for spending just a third that amount, appeared to be otherwise in line with their urgings.

Mrs. Clinton said the new programs would help expand Internet access to women and other groups, put in place programs to train and support civil society groups and nongovernmental organizations in new media technologies; and support pilot projects to increase access, particularly among young people, in the Middle East and North Africa.

Mrs. Clinton paid tribute to the power of the Internet both for opening new forums for the exchange of ideas and for fostering social and economic development. “In this context,” she said, “the Internet can serve as a great equalizer. By providing people with access to knowledge and potential markets, networks can create opportunity where none exists.”

Brett Solomon, executive director of the group AccessNow.org, which promotes digital openness, praised Mrs. Clinton’s speech.

“This is a big couple of weeks for Internet freedom,” he said, mentioning both Google’s stand and Mrs. Clinton’s proposal. “Digital activists across the world may now increasingly see their demands for democracy and justice pierce the firewall.”

Clinton Urges a Global Response to Internet Attacks,







Defying Experts,

Rogue Computer Code Still Lurks


August 27, 2009
The New York Times


It is still out there.

Like a ghost ship, a rogue software program that glided onto the Internet last November has confounded the efforts of top security experts to eradicate the program and trace its origins and purpose, exposing serious weaknesses in the world’s digital infrastructure.

The program, known as Conficker, uses flaws in Windows software to co-opt machines and link them into a virtual computer that can be commanded remotely by its authors. With more than five million of these zombies now under its control — government, business and home computers in more than 200 countries — this shadowy computer has power that dwarfs that of the world’s largest data centers.

Alarmed by the program’s quick spread after its debut in November, computer security experts from industry, academia and government joined forces in a highly unusual collaboration. They decoded the program and developed antivirus software that erased it from millions of the computers. But Conficker’s persistence and sophistication has squelched the belief of many experts that such global computer infections are a thing of the past.

“It’s using the best current practices and state of the art to communicate and to protect itself,” Rodney Joffe, director of the Conficker Working Group, said of the malicious program. “We have not found the trick to take control back from the malware in any way.”

Researchers speculate that the computer could be employed to generate vast amounts of spam; it could steal information like passwords and logins by capturing keystrokes on infected computers; it could deliver fake antivirus warnings to trick naïve users into believing their computers are infected and persuading them to pay by credit card to have the infection removed.

There is also a different possibility that concerns the researchers: That the program was not designed by a criminal gang, but instead by an intelligence agency or the military of some country to monitor or disable an enemy’s computers. Networks of infected computers, or botnets, were used widely as weapons in conflicts in Estonia in 2007 and in Georgia last year, and in more recent attacks against South Korean and United States government agencies. Recent attacks that temporarily crippled Twitter and Facebook were believed to have had political overtones.

Yet for the most part Conficker has done little more than to extend its reach to more and more computers. Though there had been speculation that the computer might be activated to do something malicious on April 1, the date passed without incident, and some security experts wonder if the program has been abandoned.

The experts have only tiny clues about the location of the program’s authors. The first version included software that stopped the program if it infected a machine with a Ukrainian language keyboard. There may have been two initial infections — in Buenos Aires and in Kiev.

Wherever the authors are, the experts say, they are clearly professionals using the most advanced technology available. The program is protected by internal defense mechanisms that make it hard to erase, and even kills or hides from programs designed to look for botnets.

A member of the security team said that the Federal Bureau of Investigation had suspects, but was moving slowly because it needed to build a relationship with “noncorrupt” law enforcement agencies in the countries where the suspects are located.

An F.B.I. spokesman in Washington declined to comment, saying that the Conficker investigation was an open case.

The first infections, last Nov. 20, set off an intense battle between the hidden authors and the volunteer group that formed to counter them. The group, which first called itself the “Conficker Cabal,” changed its name when Microsoft, Symantec and several other companies objected to the unprofessional connotation.

Eventually, university researchers and law enforcement officials joined forces with computer experts at more than two dozen Internet, software and computer security firms.

The group won some battles, but lost others. The Conficker authors kept distributing new, more intricate versions of the program, at one point using code that had been devised in academia only months before. At another point, a single technical slip by the working group allowed the program’s authors to convert a huge number of the infected machines to an advanced peer-to-peer communications scheme that the industry group has not been able to defeat. Where before all the infected computers would have to phone home to a single source for instructions, the authors could now use any infected computer to instruct all the others.

In early April, Patrick Peterson, a research fellow at Cisco Systems in San Jose, Calif., gained some intelligence about the authors’ interests. He studies nasty computer programs by keeping a set of quarantined computers that capture and observe them — his “digital zoo.”

He discovered that the Conficker authors had begun distributing software that tricks Internet users into buying fake antivirus software with their credit cards. “We turned off the lights in the zoo one day and came back the next day,” Mr. Peterson said, noting that in the “cage” reserved for Conficker, the infection had been joined by a program distributing an antivirus software scam.

It was the most recent sign of life from the program, and its silence has set off a debate among computer security experts. Some researchers think Conficker is an empty shell, or that the authors of the program were scared away in the spring. Others argue that they are simply biding their time.

If the misbegotten computer were reactivated, it would not have the problem-solving ability of supercomputers used to design nuclear weapons or simulate climate change. But because it has commandeered so many machines, it could draw on an amount of computing power greater than that from any single computing facility run by governments or Google. It is a dark reflection of the “cloud computing” sweeping the commercial Internet, in which data is stored on the Internet rather than on a personal computer.

The industry group continues to try to find ways to kill Conficker, meeting as recently as Tuesday. Mr. Joffe said he, for one, was not prepared to declare victory. But he said that the group’s work proved that government and private industry could cooperate to counter cyberthreats.

“Even if we lose against Conficker,” he said, “there are things we’ve learned that will benefit us in the future.”

Defying Experts, Rogue Computer Code Still Lurks,
NYT, 27.8.2009,






Cyberattacks Hit U.S.

and South Korean Web Sites


July 9, 2009
The New York Times


SEOUL, South Korea — Cyberattacks that have crippled the Web sites of several major American and South Korean government agencies since the July 4th holiday weekend appear to have been launched by a hostile group or government, South Korea’s main government spy agency said on Wednesday.

Although the National Intelligence Service did not identify whom they believed responsible, the South Korean news agency Yonhap reported that the spy agency had implicated North Korea or pro-North Korea groups.

A spokesman at the intelligence agency said it could not confirm the Yonhap report, which said that the spy agency briefed lawmakers about their suspicions on Wednesday. The opposition Democratic Party accused the spy agency of spreading unsubstantiated rumors to whip up support for a new anti-terrorism bill that would give it more power.

Access to at least 11 major Web sites in South Korea — including those of the presidential Blue House, the Defense Ministry, the National Assembly, Shinhan Bank, the mass-circulation daily newspaper Chosun Ilbo and the top Internet portal Naver.com — have crashed or slowed down to a crawl since Tuesday evening, according to the government’s Korea Information Security Agency.

On Wednesday, some of the sites regained service, but others remained unstable or inaccessible.

In an attack linked with the one in South Korea, 14 major Web sites in the United States — including those of the White House, the State Department and the New York Stock Exchange — came under similar attacks, according to anti-cyberterrorism police officers in Seoul.

“This is not a simple attack by an individual hacker, but appears to be thoroughly planned and executed by a specific organization or on a state level,” the National Intelligence Service said in a statement, adding that it is cooperating with the American investigative authorities to investigate the attacks.

The Associated Press reported Tuesday night that a widespread and unusually resilient computer attack that began July 4 knocked out the Web sites of several American government agencies, including some that are responsible for fighting cybercrime.

The Treasury Department, Secret Service, Federal Trade Commission and Transportation Department Web sites were all down at varying points over the holiday weekend and into this week, The A.P. reported, citing officials inside and outside the American government. The fact that the government Web sites were still being affected after three days signaled an unusually lengthy and sophisticated attack, the news agency reported, citing anonymous American officials.

The Washington Post, which also came under attack, reported on its Web site Wednesday that a total of 26 Web sites were targeted. In addition to sites run by government agencies, several commercial Web sites were also attacked, including those operated by Nasdaq, it reported, citing researchers involved in the investigation.

Amy Kudwa, a Department of Homeland Security spokeswoman, said that the agency was aware of the attacks on “federal and private sector public-facing Web sites.” The department, she said, has issued a notice to federal departments and agencies, as well as other partner organizations, on the activity and advised them of steps to take to help mitigate against such attacks.

“We see attacks on federal networks every day, and measures in place have minimized the impact to federal websites,” she said.

In the attack, an army of thousands of “zombie computers” infected by the hackers’ program were ordered to request access to these Web sites simultaneously, causing an overload that caused the sites’ servers to crash, South Korean officials said.

Although most of the North Korean military’s hardware is decrepit, the South Korean authorities have recently voiced their concern over possible cyberattacks from the North. In May, South Korean media reported that North Korea was running a cyberwarfare unit that operates through the Chinese Internet network and tries to hack into American and South Korean military networks.

In South Korea, the Blue House reported no data loss or other damage except disrupted access. The Defense Ministry and banks attacked also reported no immediate loss of security data or financial damage.

“The traffic to our site surged nine times of the normal level,” the Blue House said in a statement. “Computer users in some regions still suffer slow or no access at all to our site.”

Hwang Cheol-jeung, a senior official at the government’s Korea Communications Commission, said the attacks were launched by computers infected by a well-known “distributed denial of service,” or DDoS, hackers’ program.

The spy agency said 12,000 computers in South Korea and 8,000 overseas appeared to have been mobilized in the attacks. The Korea Communications Commission reported 22,000 infected computers.

“The infected computers are still attacking, and their number is not decreasing,” Mr. Hwang told reporters in a briefing. The government was urging users to upgrade their computers’ antivirus software.

Denial of service attacks against Web sites are not uncommon, but they can be made far more serious if hackers infect and use thousands of computers. Hackers frequently take aim at the American government: According to the Homeland Security Department, there were 5,499 known breaches of American government computers in 2008, up from 3,928 the previous year, and just 2,172 in 2006, The A.P. said.

The South Korean news agency Yonhap said the police have traced a possible starting point for the attack back to members of a small cable TV Web site in Seoul. But officials said that does not mean it originated there.

Mr. Hwang said South Korean authorities suspected that the hackers used a new variant of the denial of service program to attack the Web sites.


Sharon Otterman

contributed reporting from New York.

Cyberattacks Hit U.S. and South Korean Web Sites,










Related > Anglonautes > Vocapedia










home Up