HNS MAIN FEED
Thursday, 19:12 EDT
- Android wallpaper app stealing user data and sending it to China
- Black Hat USA 2010: A recession proof conference?
- Apple improves App Store security
- ATMs hacked and spitting up money at Black Hat
- Trojan masquerades as iPhone jailbreaking software
- Authentication management platform for any and every authentication factor
- Google has two times more malware than Bing, Yahoo! and Twitter combined
- New assurance mark of software application security
- Sourcefire's open source framework for deep threat inspection
- 100 million Facebook pages published on torrent site
- Cell-phone call interception demonstration at Defcon might not be a sure thing
- Critical ToolTalk Database Server Parser vulnerability discovered
Corporations should follow the goverment's lead on attribution of cyberattacks
Many would argue, and understandably so, that government does not often provide models for corporations to follow to improve their bottom line. However, federal agencies have long taken the leadership position in cyber security on this one key point; recognizing that it’s not enough to know how networks were hacked, but also to know by whom.
Technical versus social attribution
It’s not at all uncommon that the origins of a virus, worm or other computer attack may reside in one continent, but at the behest of an organization or individual located in a far different region of the world. Case in point – a recent report by researchers in Canada noted that a Chinese Network called GhostNet, purported to be sanctioned by the Chinese government to conduct intelligence gathering over the Internet, controls some 1,200 infected computers in more than 100 countries, including North America, Kuwait and India. While the government denies the allegations, the point here is well made; just because a malicious infiltration against an organization comes from one part of the globe doesn’t mean the people behind it are from that area.
Being able to identify the mechanical tactics that were used is important, but may not tell the complete story. That’s why the U.S. State, Justice and Defense Departments spend precious time, money and resources to uncover the true culprits, a process known as "attribution". Understanding who was behind such attacks is very meaningful when determining a course of action, be it through diplomatic, military or law enforcement channels. Attributing both the technical and social origins also provides valuable intelligence against terrorist, insurgent and criminal activities that can be countered in multiple ways. This can only be done by understanding who was behind the attacks and not just from recognizing when networks are being hacked.
While the Feds embrace this idea, many businesses in Corporate America fail to see the benefits in taking this extra step in their cyber forensic investigations. Most are concerned only with ensuring that such an attack never occurs on their systems again, and pay little – if any – attention to whomever is playing havoc with their network. Anecdotal evidence suggests the reasons are numerous, with the most popular being that it’s not worth the time and effort since there’s most likely no real legal recourse against such organizations anyway. Additionally, some organizations believe that making the suspects known will only encourage future attempts to infiltrate their networks.
A notable exception to this tendency is Google's recent corporate blog posting regarding suspected hacking of Gmail servers by the Chinese government. Google made the effort to determine the source of the attack on their servers, and more notably, disclose the information that they discovered forensically to the public with the methods and suspected perpetrators of the attack.
1 | 2 | Next page >>
- A closer look at Panda Cloud Antivirus Free Edition
- Q&A: Strong authentication
- Secure by design
- Q&A: Sandbox for Adobe Reader
- Can you trust a product that doesn't have the right certification?
