Month: August 2011

What the Hack is going on lately?

On By Joseph RaczynskiIn Legal Technology, SecurityLeave a comment

By Joseph Raczynski

The concussion from the bombardment of computer code is silent, though the havoc wreaked is deafening.  Cyber-attacks have escalated in scope and frequency in the last five months affecting finance, creditability, and confidence in the private and public sector.

What is going on and why?

There are several fronts in this battle.  From the left flank, there is Lulz Security (Twitter: @lulzsec).  This brash band of rapscallions unleashed a fifty-day torrent of hacking terror upon government agencies, gaming and broadcasting companies.  It began in March with a successful attack of RSA (the security group within EMC) who owns SecurID’s two-factor authentication products used by large organizations to provide security for corporate networks.  Once they had these keys, the group breached dozens of corporations.  Suspected of breaking into the Sony PlayStation network, LulzSec potentially stole millions of customer’s accounts.  They also rendered the peer-to-peer network, which allows worldwide gamers to play each other interactively, in shambles for weeks.  Before they reigned in their troops, they performed several distributed denial of service (DDoS) attacks on various agencies including the CIA, FBI, and Senate.  Simultaneously tweeting while attacking, the rationale for their acts were twofold; amusement and their disdain for organizations that leave known security vulnerabilities unpatched.

From the right flank are purported foreign countries that pursue U.S. national intelligence.  It is difficult to determine if these attacks are coming from the foreign states or individual groups within those countries.  The highest threat is derived from China and Russia.  According to The New York Times, a foreign intelligence service hacked into a corporate contractor and obtained 24,000 Pentagon files in March.  Disclosed just days ago, this is one of the worst attacks in US history.

Lastly, from the rear are News Corp. and the Rupert Murdock scandal.  Journalists “hacked” into nearly 4,000 phones and listened to voicemails.  Phone hacking (Phreaking) has a long history going back to the 1950’s.  Early “phreakers” made free pay phone calls by tapping the phone circuit fast enough to mimic the rotary sound, allowing dialing for free.  Currently the News Corp. scandal exploits some telecoms rather weak security.  One security flaw is that fully one third of users still have their cell phone issued password to access voicemail.  A simple Internet search will yield the three primary default passwords.  By trial and error, the journalist at News Corp. used these default passwords to gain access.  The other dominant weakness is the host of tools available to anyone in the wicked ways of accessing networks illegally for data or financial gain.  Those utilizing preexisting tools to exploit networks are script kiddies.

Combatting these fronts the U.S. Federal Government has unveiled a new cyber security strategy.  In the plan, the Pentagon declared that cyber-attacks on its networks could be considered an act of war.  They also outlined potential threats and some tools available to counter cyber-attacks.  It is clear that the Government is taking the previous and the recent uptick in attacks very seriously.  With the increased reliance of the Internet, there is little doubt that our leadership considers future battles to be fought via servers and the interconnected pipes of the web and they are preparing vigilantly.

Eyes, Now Telling More Secrets

On By Joseph RaczynskiIn SecurityLeave a comment

By Joseph Raczynski

-Iris scan identity verification now being dispatched

Ethan Hunt clad in black slips through the skylight’s slight gap and drops forty feet down on a line in the shadow of night.  Pouncing upon his suspect as he sleeps, Hunt pulls out the iris scanner and captures the eye image of the criminal as he awakes.  From that single image, every known felonious detail of the perpetrator is immediately available.  Ethan has confirmed his man instantaneously.  This was a scene from the futuristic movie Mission Impossible where Tom Cruise plays an operative seeking crooks in the underworld.

Outside of Hollywood, this form of rapid identification in the field was a stretch, until recently.  Yes, the iPhone has brought this recognition technology to the masses.  Law enforcement agencies are set to begin using this technology in the near future.  One version of the smartphone scanner, named MORIS (Mobile Offender Recognition and Information System), is produced by a Massachusetts based company BI2 Technologies.  Professionals in the field or at the booking station can operate it easily, and they claim it is more accurate than fingerprinting or facial recognition.

As fraud and identity theft gain sophistication, iris scans will help verify individuals better than using license ID’s or social security numbers.  Utilized in prison, accessing secure rooms, and soon to start cars and access your own computer or network, scanning may become universal.  For the time being, it takes hold in the law enforcement arena with some 40 police departments adopting MORIS next month.  With this tool, an officer will be able to jump out of their squad car, approach an individual, and hypothetically use their modified iPhone to run an iris scan, send the data back and see if the questionable character has a history with the law.

While some voice concerns over iris scans, the technology is recognized as one reliable means of determining an individual’s identity, provided the original scan was mapped with the right person.