BreachExchange mailing list archives
Syrian cyber attacks could threaten Asian nations
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 25 Sep 2013 22:35:21 -0600
http://apdforum.com/en_GB/article/rmiap/articles/online/features/2013/09/25/asia-cyber-attack Attacks by a shadowy group called the Syrian Electronic Army [SEA] disrupted major Australian and U.S. online sites and web platforms in late August and generated concern across Asia about the possibility of more serious electronic assaults against targets in Japan, India, the Philippines and Vietnam. The SEA “managed to gain control of The New York Times web address by penetrating Melbourne IT, an Australian internet service provider that sells and manages domain,” Australia’s Financial Review reported. “Media companies including The New York Times, Twitter and the Huffington Post lost control of some of their websites on [Aug. 27] after hackers supporting the Syrian government breached the Australian Internet company that manages many major site addresses,” the India-based Asian Age reported on Aug. 28. “The Syrian Electronic Army, a hacker group that has previously attacked media organizations that it considers hostile to the regime of Syrian President Bashar al-Assad, claimed credit for the Twitter and Huffington Post hacks in a series of Twitter messages,” Asian Age reported. News of growing concerns over potential cyber attacks arises as Syria agrees to get rid of its stockpile of chemical weapons through a deal involving Russia and the U.S. The deal calls for the stockpile to be eliminated by the middle of next year. United Nations inspectors, who reported that sarin gas was used against citizens, are returning to Syria to investigate more allegations of chemical weapons use. Cyber attack danger greater than Pearl Harbor The attacks “confirmed the real potential for an electronic Pearl Harbor – a surprise attack with the potential and goal of wrecking major economic activities and disrupting military common and control cybernetic systems in major nations,” Arnaud de Borchgrave, co-director of Transnational Threats at the Center for Strategic and International Studies, told Asia Pacific Defense Forum [APDF]. “The danger, in fact, is potentially far greater and more lasting than Pearl Harbor ever was,” said de Borchgrave, who authored a pioneering study into the vulnerability of military and civilian online systems to cybernetic attack in 1995. “The Dec. 7, 1941, air attack on Pearl Harbor caused no damage at all to the domestic U.S. economy and its industrial might. Consequently, the naval losses incurred in the attack were rapidly replaced and made good. However, a full-scale electronic attack on an unprepared and undefended cybernetic infrastructure could take years to recover from. “The risk is heightened by Syria’s alliance with Iran, which has built up its cyber capability in the past three years, and already gives the country technical and other support,” Financial Review reported. “Organized cyber attacks have already been carried out by the [SEA], a hacking group loyal to the government of President Bashar al-Assad,” Financial Review reported. “The [SEA’s] servers are based in Russia, and that alliance could strengthen if matters in Syria became more dramatic,” Paul Ferguson of the U.S.-based Internet security company IID, told Financial Review. “We already have a bad geopolitical situation. This could play into the entire narrative I don’t want to see happen.” “It’s likely that the [SEA] does something in response, perhaps with some assistance from Iranian-related groups,” former White House cyber security and counter terror advisor Richard Clarke told the Australian journal. SEA sent fictional tweets In April, the SEA successfully broke into the Associated Press’s Twitter account and sent fictional tweets falsely claiming there had been explosions in the White House. The false statements were quickly corrected, but not before they had briefly set off panic selling that temporarily slashed more than $100 billion in value from stocks on the New York Stock Exchange. So far, U.S. financial, media and business institutions have been the main target for such attacks. “In three waves of attacks since last September, consumers have reported inability to conduct online transactions at more than a dozen banks, including Wells Fargo & Co., Citigroup Inc., JPMorgan Chase & Co. and Bank of America. Banks have spent millions of dollars to fend off the hackers and restore service,” Financial Review said. The Asian Age noted that the SEA’s attacks that month “simultaneously targeted websites belonging to CNN, Time and the Washington Post by breaching a third party service used by those sites.” “Because Melbourne IT serves as the registrar for some of the best known domain names on the Internet, including Microsoft.com and Yahoo.com, the breach could have had potentially catastrophic consequences,” it said. Cyber attacks highlight system deficiencies “The SEA’s motivations may be abstract but it has at least highlighted the significant deficiencies still present, which frankly make the job of hackers much easier than it needs to be,” IT analyst Supratim Adhikari wrote in the Australian-based Business Spectator. Adhikari spelled out basic security principles for Asian-based companies and government agencies to take to defend their websites and cybernetic operations from attacks by the SEA and similar transnational cyber-threats. “When outfits like the SEA make a splash they highlight the porosity of the current security strategies in place within organizations,” he wrote. “This isn’t just about services procurement and network visibility. It’s about building a robust security culture within an organization that mitigates the weakest link – human error,” Adhikari wrote. “The biggest challenge today isn’t the technology, it’s education and we are making it just too easy for the hackers. Poorly configured firewalls and the use of single factor authentication are just some of the simple mistakes that leave the door open for attackers.” Mike Sentonas, chief technology officer for McAfee Inc. in the Asia Pacific region, told Adhikari that Asian government agencies and business corporations facing disruptive cyber attacks should start by studying the security guidelines, or directives, issued by the Australian Signals Directorate [ASD], which outline four basic steps – “application whitelisting, patching applications and operating systems and using the latest versions, and minimizing administrative privileges.” “This practical primer is absolutely essential reading and is the platform on which any education strategy should be based,” Adhikari wrote. Meanwhile, “the SEA’s increasingly big – and sophisticated – takedowns have led some security experts to ask if the group isn’t getting outside help,” noted Information Age, the London-based IT magazine. “I don’t think it would be unreasonable to suspect someone more skilled is helping them out,” Adam Myers, vice president of intelligence for security firm CrowdStrike, told The Sydney Morning Herald in Australia. De Borchgrave advised companies and governments across Asia to take the possibilities of electronic disruption of their cyber-operations seriously, to upgrade their security systems and to prepare back-up contingences for emergency scenarios. “Expertice in this kind of warfare is growing exponentially and is not limited to the superpowers,” he told APDF. “The capabilities of potential players are almost always underestimated.”
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: # OWASP http://www.appsecusa.org # Builders, Breakers and Defenders # Time Square, NYC 20-21 Nov o()xxxx[{::::::::::::::::::::::::::::::::::::::::> Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- Syrian cyber attacks could threaten Asian nations Audrey McNeil (Oct 02)