HAKIN9 04/2012: CYBER WARFARE

What is Cyber War?
by Keith DeBus

In just a brief fifteen years, our communication, commercial and social lives have been dramatically altered by the development and growth of the Internet. With the convenience and bounty of this medium, has also come a dark side. Just as the famous bank robber, Willy Sutton, once said when asked why he robbed banks, “That’s where the money is”, crime has migrated to the Internet following the money. As e-commerce has growth, so has e-crime. In a few short years, cyber crime has become a leading crime category in the wired world, costing the global economy $338 billion in 2011. This is approximately equivalent to the entire GDP of Austria, the world’s 27th largest economy. Now, a new, darker frontier in the history of the Internet is being breached and its impact is likely to even larger than cyber crime on the global economy and global geo-politics, cyber warfare. This short article will attempt to define and elaborate on what cyber war is and the key issues all nations state must address before responding and retaliating to a cyber war attack.

Reverse Engineering C++, a case study with the Win32/Kelihos malware family
by Benjamin Vanheuverzwijn, Pierre-Marc Bureau

The C++ programming language is a popular one. It is also gaining in popularity among malware writers. The object-oriented programming paradigm can make binary disassembly more difficult to understand when performing analysis through reverse engineering. In this paper, we go over the basic principles needed by a reverse engineer to analyze C++ binary files. Furthermore, we show how we applied this knowledge when analyzing the Win32/Kelihos malware family, a peer-to-peer botnet believed to be the successor of the Storm Worm (…) When analyzing a binary file and trying to understand C++ disassembly, one is faced with some interesting characteristics that are very different from standard C compiled code. In this section, we go over some of these features that need to be understood to properly analyze a C++ compiled program.

Cyber Warfare – Computer Network Defense
by Christopher Pedersen

Imagine this scenario: A company’s best kept secret, a new technology that will redefine the IT business worldwide, has been in secret development with some of the best security measures in place. The secret computer system is cut off from the outside world, with firewalls and other authentication methods built-in, all located in its own section of a building. To enter the room would require multiple smart cards, pass-codes, and Biometrics, such as hand scanners, retinal scanners, weight scales, and height measurement. Within these walls the most advanced technology is being created to overtake world markets. Just as the company thinks they have it all figured out, a press release comes out stating their competition is releasing the very same product that they have had in secret development for months. Sounds like a good plot from a book or movie doesn’t it? In fact, it could be a real situation. These situations happen all the time around the world with companies in every aspect of business: Agriculture, IT, Retail, the list goes on. This scenario describes a case of cyber warfare; they thought that they had their security locked down, but they get hacked. How could this have happened?

Social Network Privacy Guide
by Yury Chemerkin

Social networking services are kind of online service that focuses on building social relations among people shared their information about themselves. This information filled their profiles makes users possible to search and extract necessary information. It means the search will analyze only the actual contents you want (images, video, text, calendar events). Such representation is often based on each user profile as set of social links, interests, public data, and other linked services. Current trend has fast been growing to control mechanism unification for a long time. Each of these social services meets with users desires to less inputting about them. That’s why you are allowed to be sign up/in by Facebook button or Twitter button following which you can start to organization your own networks groups by involving others friends via email, social address book or switching your profile into public zone indexed by search engines like Google, Yahoo or Bing. This is so-called individual-centered service whereas online community services are group-centered based on user abilities to share ideas, activities, events, and interests within their individual networks.

What is PAM and why do I care?
by Daniel Lohin

Pluggable Authentication Modules (PAM) is the main mechanism for Linux (as well as other Unix systems) that performs the authentication of the user every time they log in. PAM can be configured in a number of ways in order to authenticate the user in a variety of means such as using passwords, SSH keys, smart cards, etc. PAM can be used to authenticate users not only when logging on to the system from the traditional logon screen, but also through services such as FTP, HTTP, SAMBA and other services can use the PAM. If an attacker is able to modify the integrity of the PAM system, then they are given the ability to modify the method for PAM to authenticate users which is a perfect situation for creating a back door that will be used to establish a path with which they can access systems again. This article will detail how a simple PAM module can be created that could be placed on a system to allow an attacker to access a system in the future. This would be useful if an attacker has already gained root access to a system and wants to ensure that they are able to access again if their original path in is corrected. This article will also be useful for anyone in charge of defending systems as it will give the reader an understanding of what to monitor on their systems to detect compromise as well as help in investigations.

Cyber Warfare Network Attacks
by Daniel Dieterle

Internet connected devices like SCADA systems are also vulnerable to cyber-attack. Public utilities use SCADA systems to control power generation devices, pumps, gates and motors. This is where a lot of media attention has focused on when you hear about cyber-war in the news. When utilities and communication systems go down during a large natural disaster, chaos ensues. The US is one of the most technologically advanced nations in the world, yet look how long it took to get aid to New Orleans during Hurricane Katrina. But when communication systems go down during military conflict, the effect is even more detrimental. In this article we will look at how cyber-attacks have been used in the past, are being used now, and what cyber-attacks of the future may look like.

Pirates and Cyber Marines – Parallels in Asymmetric Warfare
By Drake

Some people would argue that there is a distinction between cybercrime and cyberwarfare. I would be among them; but only in so far as it is a question of context. Let me explain, with a brief history of pirates. Piracy is and was an activity driven by economic concerns; Long John Silver and the Somali with a Kalashnikov, a speedboat, and big ambitions are the same in this. Both are in the piracy game because the rewards for taking someone’s stuff, when it’s conveniently concentrated on a merchant ship, or kidnapping people on a yacht, are a lot higher than most other available professions.

My RSA Conference 2012 Trip Report
By Gary S. Miliefsky

The RSA Conference was originally launched in 1991 as a forum for cryptographers to gather and share their knowledge and come up with new ideas and improved algorithms. It’s morphed dramatically over the years into something that covers the entire spectrum of computer and network security from physical security issues to encryption, tokens, even finding the best INFOSEC talent and new hires as well as the gambit of anti-virus, firewall, vpn, content filtering and other traditional network security countermeasures.