This Week in Cybercrime: Three Denial of Service Attacks, Kaspersky Calls for Help

Denial of service attacks rain down on Russia Today, Wikileaks, AT&T

3 min read
This Week in Cybercrime: Three Denial of Service Attacks, Kaspersky Calls for Help

-Today, there are reports that the web site of Russia Today is being hit by a denial of service attack. Exactly who is behind the attack and what their motive might be is unclear at this time, but speculation is that it may be connected to the Pussy Riot punk band conviction.

-On Wednesday, Reuters admitted that its blogging platform had been hacked again, and that another false story had been posted, this time claiming Saudi Arabia's Foreign Minister Prince Saud al-Faisal had died.

-In addition on Wednesday, word started to filter out that AT&T was being hit by a denial of service attack. AT&T admitted yesterday that the attack attempted “to flood our Domain Name System servers in two locations”, and that corporate customers had been affected, apparently some for at least eight hours.

-On Tuesday, the Financial Times reported that Wikileaks’ web site was back up after being down for 9 days because of a sustained denial of service attack. A Wikileaks spokesperson suspected it “was the work of a large organization,” although the person would not single out who it might be, such as the U.S. government with which it has been at odds with (wink, wink).

-Also on Tuesday, security researchers at Kaspersky Lab put out a call for help in deciphering how a new computer Trojan works. Kaspersky discovered the Trojan last week and dubbed it "Gauss", and tied its parentage to both Stuxnet and Flame. The purpose of Gauss seems to be to spy on financial transactions that take place mainly in Lebanese financial institutions.

A blog post at Kaspersky states:

“Despite our best efforts, we were unable to break the encryption. So today we are presenting all the available information about the payload in the hope that someone can find a solution and unlock its secrets. We are asking anyone interested in cryptology and mathematics to join us in solving the mystery and extracting the hidden payload.”

-A couple of interesting cyber security stories hit the news this week. On Monday, the Boston Globe reported on a survey recently conducted by computer security company CounterTack of 100 information security executives at companies with revenues greater than $100 million. The survey found that half of the executives admitted to computer network attacks in the past year, and that over a third did not believe that their organizations could stop future attacks. Being able to beat off advanced persistent attacks was a major worry of over 80% of those surveyed, with nearly half saying that they did not have the resources to keep such attacks at bay.

Making the CounterTack results a bit more worrisome was a survey report of nearly 10,000 executives in 138 countries released on Wednesday by consulting firm PricewaterhouseCoopers which indicated that despite the increase in IT security incidents and costs over the past few years, that only 39 percent of the executives said they reviewed their privacy policies annually, compared to 52 percent in 2009. As Jason Pett, head of PwC's U.S. internal audit services, remarked in a bit of understatement in a press release announcing the report, “No matter how strong a company’s data security policies and controls are, a company won’t really know the adequacy of its defense if it doesn’t continually verify that those defenses are sound, uncompromised and applied in a consistent manner.”

-There were also two off-beat cyber security stories this week as well. The first involved a 73-year-old Wisconsin woman who discovered that someone had been illegally taking out loans in her name for nearly a decade. She discovered this after she applied for a free credit report which was turned down because the credit monitoring service said that she had the incorrect address on her application. The woman only had applied for the credit report because she was one of the 100,000 plus individuals who had their Social Security and tax id numbers inadvertently posted on the Wisconsin Department of Revenue web site for three months this year; the state offered a year of free credit monitoring to those affected. So without the data breach, she may not have ever known her identity had been stolen.

The other story appeared in the Washington Post and claimed that motorists involved in traffic accidents should be wary of providing “too much” information to the other driver because it may lead to your identity being stolen. The story claims that the National Association of Insurance Commissioners (NAIC) is recommending that drivers in accidents “don’t share personal information, such as your driver’s license number, home address or even your telephone number.”  A NAIC official quoted in the story implies that ID theft is occurring as a result of staged vehicle accidents.

However, at least here in Virginia, the state Department of Motor Vehicles says that in case of an accident you need to get the driver’s name, address and contact details, including the driver’s license number, the license plate number of the vehicles involved, along with auto insurance information for the motorists involved.

The Post article is the first I have read about this being a potential source of ID theft. Anyone else read about ID theft being traced to a car accident, staged or not? And how real do you think the threat is?

The Conversation (0)

How the FCC Settles Radio-Spectrum Turf Wars

Remember the 5G-airport controversy? Here’s how such disputes play out

11 min read
This photo shows a man in the basket of a cherry picker working on an antenna as an airliner passes overhead.

The airline and cellular-phone industries have been at loggerheads over the possibility that 5G transmissions from antennas such as this one, located at Los Angeles International Airport, could interfere with the radar altimeters used in aircraft.

Patrick T. Fallon/AFP/Getty Images
Blue

You’ve no doubt seen the scary headlines: Will 5G Cause Planes to Crash? They appeared late last year, after the U.S. Federal Aviation Administration warned that new 5G services from AT&T and Verizon might interfere with the radar altimeters that airplane pilots rely on to land safely. Not true, said AT&T and Verizon, with the backing of the U.S. Federal Communications Commission, which had authorized 5G. The altimeters are safe, they maintained. Air travelers didn’t know what to believe.

Another recent FCC decision had also created a controversy about public safety: okaying Wi-Fi devices in a 6-gigahertz frequency band long used by point-to-point microwave systems to carry safety-critical data. The microwave operators predicted that the Wi-Fi devices would disrupt their systems; the Wi-Fi interests insisted they would not. (As an attorney, I represented a microwave-industry group in the ensuing legal dispute.)

Keep Reading ↓Show less
{"imageShortcodeIds":["29845282"]}