Archive for the ‘Security’ Category

Anonymous, SOPA and the Megaupload Retaliation

Monday, January 23rd, 2012

As you are probably aware, last week found a number of prominent web sites blocking their own content to protest SOPA, the proposed legislation that would give the government far reaching powers to take down web sites they deem to be hosting illegal content.

These protests were largely effective, SOPA having now been shelved – at least for the time being.

What you may not be aware of is that the government – also last week, closed and issued indictments against several members of a site called megaupload, a site that they felt cost the music and record industries hundreds of millions of dollars in lost revenue by hosting illegal music and video content.

In retaliation for closing Megaupload, the hacker group Anonymous launched a coordinated attack to close the Department of Justice and FBI web sites along with a number of others – companies such as the RIAA – those who play a major role in lobbying to protect the copyrights of the movie industry, for example.  They are calling the attack, “the largest in Internet history”.

I was curious as to learn more about the group, what an Anonymous attack looked like in progress as well as how they performed it.   I found a link to a Twitter account associated with the group which had a link to an IRC channel where the attack was supposedly being coordinated from.  Some minutes later I was able to watch the attack in progress:


The Duqu Virus – A New Stuxnet Variant

Friday, October 21st, 2011

by Christopher Tippins of the Software Synergy Group

Over the past year I’ve written several articles about a new type of computer virus – Stuxnet – one designed to infiltrate and destroy the control systems of Iran’s centrifuge systems that manufacture enriched uranium.

What has made Stuxnet (and now Duqu) so completely different than any other type of computer virus or malware is that it seems to have been state sponsored.  It is widely believed that it was either developed by Israel or the United States or perhaps by teams working for both countries.  Additionally, it was targeted to infect Siemens control systems and those specifically in Iran.

It’s unknown at this point where Duqu came from, but the first evidence of its existence seems to have occurred in Hungary sometime over the past four to six weeks.  Stuxnet wreaked havoc in Iran by targeting the systems that controlled the speed of the motors running the centrifuges and causing them to run wildly out of control and burning them out, all the while sending data indicating that the motors were operating within normal limits.  It is estimated that it set Iran’s nuclear program back a year or more.

The Duqu virus, which is believed to be based on code that came directly from Stuxnet, seems to have a completely different purpose.  First accounts indicate it is designed to do two things:

  • Gain remote access to systems for its designers and
  • Act as a keylogger to record keystrokes and other data and send that data package back to developers

Infection so far has been rare and this new virus may be nothing more than a test deployment to see how well it functions in the field as well as how easily it can be distributed without detection.  Interestingly, the payload or “dropper” program – the delivery application – has not been found, only the remnants of the infection and the resulting payload.

Aside from the amazing complexities of this malware and its design goal, these viruses represent a new era in warfare.  Ponder for a minute what the ramifications of these types of threats represent if code like this is developed to bring down portions of the power grid or the control systems of online nuclear reactors or communications systems.  In theory at least, these threats could do more damage to an infrastructure then an out and out barrage by conventional weapons.

Here are some links if you’d like to read more about this fascinating story:,7340,L-4137286,00.html

10/23/2011:  Update:  The Boston Globe published an interesting article (click here) about a researcher who was able to duplicate at least some of the capabilities (remote access and control) of Stuxnet type applications – and do it with less then 20,000 dollars and in less then 2 months.

25 Years of Computer Hacking

Wednesday, August 31st, 2011

by Christopher Tippins of the Software Synergy Group

Over the past several weeks I read two very interesting articles about computer hacking and watched the equally fascinating videos that went along with them.

One was an article about the programmers who wrote the “Brain” virus some 25 years ago.  You can read that article by clicking here and watch the video interview with the programmers here.

The other was an article about the alleged threat by the group “Anonymous” to “kill” Facebook on November 5th of this year.  Read that article here and see the video here.  (Note:  Over the past week or two there has been much speculation as to how much involvement the group “Anonymous” has in this video and the threat itself, but since Anonymous has no central core or controlling body, it’s difficult to say.  Best evidence indicates that it’s a small splinter group of perhaps a few or more individuals who may be involved in Anonymous.  Also note that the original video account was closed on youtube and the link here is a copy of the original video posted a couple of weeks ago.)

These articles describe events that are separated by 25 years, give or take.

I remember the “Brain” virus and of course, many of its successors and variants.

I had just begun my career in network systems integration back then and this was a watershed moment.  The computer world was astonished that someone could actually write code that could attach itself to other programs and spread, well, just like an organism.

If you didn’t watch the video I reference above about the Brain virus, it’s a fascinating interview with the two men responsible for creating it:  Amjad Farooq Alvi and Basit Farooq Alvi, both of Lahore, Pakistan.

In the interview, they talk about how their goal was to simply see if something like this could work (other articles suggest they were trying to stop the proliferation of medical software – the truth may lie somewhere in between).

Of particular importance was their inclusion into the code their names, address and phone number along with a warning message that stated:

“Beware of this VIRUS.... Contact us for vaccination...”


Gmail Hacking Attacks

Friday, June 3rd, 2011

In the past few days reports are coming in indicating that specific high profile Gmail accounts were targeted for attack.  These attacks seemed to focus on top officials in US government.

How were these attacks carried out?

According to reports they were “phishing” attacks.  A phishing attack is perpetrated by someone who sets up a phony web site (in this case Gmail’s) that looks very much like the official site.  The attack victims are sent emails directing them to this site in hopes that they will enter their user ID and associated passwords.

What makes these attacks unique is that they weren’t random attacks designed to compromise the accounts of every day users of Gmail, but specifically targeted government officials in the US (and South Korea).   This is called “spear phishing”.

Who is behind these attacks?

Preliminary reports seem to indicate China.

What also makes these attacks unique is that they appear to be originating from nation states instead of lone individuals or groups.

I’ve written several articles about the Stuxnet virus and how it may have been the first cyber weapon designed by a nation(s) state to actually destroy machinery (the Iranian nuclear centrifuge program).

While these types of attacks above constitute very specific threats to governments and targeted individuals, phishing has been around for quite a while and is, in fact, a common means used to compromise accounts for identity theft and / or credit card fraud, etc.

How can you protect yourself against this type of threat?

Many types of anti-virus programs have anti-phishing features built into them.  It would behoove you, however, to be cognizant of what sites you are actually going to before you click on a link.

How do you do that?

Hover over the link and (depending on your browser) the URL  of the site should appear in an address bar.  Then it’s up to you use your head and a little common sense.  If you’re being directed to go a site like Google and yet the link reads as something different don’t click on it.

Also be aware that bona fide web sites rarely if ever request you to go to a site to confirm your account info.  That’s a sure sign that something is amiss.

Relying on technology and anti-virus programs to catch every one of these threats is probably not something that is going to work all the time.

Be smart and use your head.  Get in the habit of looking at the link you are about to go to before clicking on it.   It only takes a second.  While there are ways for hackers and bad guys to get around this and present what looks like a valid URL, this will go a long way towards helping prevent these types of attacks and getting you in what should be a good habit regardless.

Christopher Tippins for the Software Synergy Group

99% of Android Phones Leak Secret Account Credentials

Friday, May 20th, 2011

A few articles (here and here) have appeared in recent days about a possible security breach that allows users running Google’s Android operating system to have passwords and other data compromised.

Basically, the problem stems from “ClientLogin“, an authentication protocol for exchanging what should be secure data with Google’s servers.

This operating system has become prolific over the past couple of years as it runs on many different types of cell phones.  In the past 6 months it has surpassed Apple’s iOS (the operating system for the iPhone) as the deployed operating system of choice for smart phones (with RIM’s Blackberry a close third, but losing market share as the days and months go by).

One of the primary reasons for this is Android’s open development platform which allows anyone to create applications (or “apps” as they are frequently called) without going through an approval process (which Apple requires).

While an open platform might lead one to believe that it would present more opportunities for security problems, this may not be the case and the iOS versus Android operating system security issue is an often hotly debated topic on the ‘net.

The bottom line is that there is no operating system that is 100 percent secure.  If you’re using a smart phone to connect to the ‘net, there is always a chance that an unknown bug will surface leaving your data vulnerable.

Regardless of which device you choose, you can best protect yourself from these types of problems by making sure you run your respective gadgets update procedures to make sure you have latest revision of the operating system.  And if you’re running Android be wary of the applications you install.  If you’re using an iPhone, jailbreaking your phone opens you up to yet more vulnerabilities.

Google released a patch to fix this problem in version 2.3.4 but users don’t have to worry about a patch if they don’t have that version of the OS – it will be deployed as a server side fix (meaning Google will fix it on their servers).

Christopher Tippins for the Software Synergy Group.

bin Laden’s Hard Drives – How Will They Be Searched?

Thursday, May 5th, 2011

by Christopher Tippins, “The Software Synergy Group”, Miami, Florida

In the wake of the killing of Osama bin Laden, we’ve learned through news reports (and seen in the one video so far released) that the Navy Seal team also confiscated about 10 hard drives, 5 computers and over a 100 storage devices (DVDS, thumb / flash drives, etc.) from the terrorist’s hide out.

It’s practically a given that soon after the mission was over, the above listed hardware was already on its way to a US base and undergoing the beginning stages of examination.

How will the US intelligence community figure out what’s on these drives?

What process(es) will they use to search them?

What might they find?

The process of searching through data stored on computers is known as computer forensics.  In a nutshell, this can be defined as the acquisition, analysis and reporting on data found on digital media.

It is no simple task, but there are tools that can make it easier for the intelligence community and law enforcement to figure out what is on these drives.

Let’s look at the process (albeit not using the very expensive tools available to those who make this a sole vocation nor using the probable proprietary tools available only to government agencies).


iPhone Tracks and Stores Your Locations

Wednesday, April 20th, 2011

A few articles have appeared over the past couple of days that now seem to confirm that the iPhone tracks every location you’ve been and stores that information in a way that could be easily obtained by anyone with either access to the device or the location of the iPhone backup files.

This is done through tracking latitude and longitude as a user moves past various cell towers.

Peter Warden has written an app that allows extraction of this data and shows some examples of how it can be mapped:

This raises some pretty serious privacy concerns, as a simple Jailbreak would allow anyone access to the needed files on an iPhone.  Additionally, these same data files can be obtained simply by accessing them on a user’s computer (provided the backup isn’t encrypted).

Apparently, this is a new “feature” Apple implemented with the release of iOS 4.0.

Here are a couple of links with more information about this somewhat disconcerting discovery (along with a video by Peter Warden, developer of the “iPhone Tracker” app) :

Christopher Tippins for the Software Synergy Group

04/21/2011 Update:

While it may not be new information, a letter from Apple to U.S. Rep. Edward Markey (D-Mass.) that Apple indeed does collect user location information is adding more fuel to this fire.  Click here for an article and click here for a link to the letter sent to Rep. Markey.

04/28/2011:  Apple and Jobs are (sort of) responding to this issue.  Click here to read the article.  Excerpt from the article:  “In the interview, Mr. Jobs said Apple in recent days had discovered software “bugs” in how the phones capture and store data. “We were surprised by them and it took us a few days to figure out what was going on,” he said.”

How can you be surprised by a data set that is continuously fed back to your servers and you regularly use and integrate with other systems?   Sounds a bit sketchy, to me…

New Year’s Technical “Things to Do” List

Friday, December 31st, 2010

by Christopher Tippins, “The Software Synergy Group”, Miami, Florida

As the end of year and New Year’s Eve approaches, there are some things I always like to get done as far as my computer systems are concerned.  These tasks are important and in some cases critical to make sure that should the worst happen, I have taken the necessary steps to recover from a possible disaster.  Other tasks on this list can be classified as simple “housekeeping” chores.  Some of these procedures take me the better part of a couple of days or longer to complete and others can be done in minutes.  This, of course, depends on how well I’ve kept up with them through the year.

I present my list for you to add to your own or as a starting place for you to review the types of things you may want to consider doing as the new year approaches.

Note that this list is not what we as system integrators are doing to maintain your servers and critical workstations.  The tasks below represent a partial list of what should be occurring on these types of machines on a regular basis.

This list is for more geared to those who may not have the benefit of a system integrator or IT department to oversee the maintenance of their computers or due to budgetary constraints, may find their particular machine not falling under the auspices of being a critical workstation.

Let’s get started:


Gawker Media Security and Password Breach

Tuesday, December 14th, 2010

by Christopher Tippins, “The Software Synergy Group”, Miami, Florida

The popular gossip site “Gawker” announced a major security breach yesterday.

Over 200,000 user emails and passwords (along with admin accounts from staff from Gawker Media and some of their other sites including Gizmodo) were released on the Internet yesterday:

Over 1.3 million account records were allegedly hacked, but so far only about 200,000 have been decrypted.

Behind this breach was a group identifying itself as “Gnosis”.


Wikileaks Supporters Seek Revenge

Thursday, December 9th, 2010

by Christopher Tippins, “The Software Synergy Group”, Miami, Florida

In an apparent act(s) of revenge, the supporters of Wikileaks are now launching attacks against the companies it deems enemies.  Attacks are underway to take down webs sites from Amazon (who threw Wikileaks off its servers several days ago), VISA, Mastercard and PayPal (who all have stopped doing business with Wikileaks) and others.

The attacks are least, for the moment, partially succeeding in keeping the sites busy or down for short periods of time.

Who is launching these attacks?

It seems to be a splinter or affiliate group of “Anonymous” called “Operation Payback”.

Who is “Operation Payback”?