Google vs. China

On January 12, 2010, In google, hacking, By eugenekogan

This is a rather interesting development…

Google believes its systems are being attacked by China, in order to gain information on Chinese human rights activists who happen to use Gmail. Well, duh. What prominent company or government isn’t being targeted by Chinese state-sponsored hackers? (Perhaps the nation of Togo.)

The interesting part is Google’s response: a threat to stop doing business in China. That would mean closing its office there, and shutting down Google.cn (the Chinese version of its search engine, with government-friendly censored results). If Google follows through on this threat, it will send a simple message: play nice or we’ll take our ball and go home. Hopefully they will also release more details about the attacks, so that the rest of us can learn to better defend ourselves.

Of course, China’s economy is huge, and the loss of business with one foreign company probably wont have a measurable impact (unless it’s Walmart). However, it’s still a powerful symbolic gesture. If China wants to be treated as a serious member of our modern global society, they need to stop acting like Mongol invaders from the 13th century.

Maybe if more companies took a similar stance (and followed through), then China would rethink its hostile cyber strategies. Or would they just be sneakier about it?

  • email
  • Digg
  • Facebook
  • LinkedIn
  • Google Bookmarks
  • StumbleUpon
 
0 Comments
Leave A Response

Clever malware

On October 5, 2009, In hacking, malware, By eugenekogan

A clever piece of bank account-targeting malware was recently discovered. It does the usual task of transferring money out of the victim’s account. But it also has a clever trick to help delay the victim from noticing the missing money. When he checks his bank statement online, the malware-initiated fund transfers will be dynamically removed. Of course, this assume that the victim is checking his account from the previously-infected computer, but it’s still an interesting trick to buy the criminal some more time.

The novel technique was employed in August by a gang who targeted customers of leading German banks and stole Euro 300,000 in three weeks, according to Yuval Ben-Itzhak, chief technology officer of computer security firm Finjan.

“The Trojan is hooked into your browser and dynamically modifies the text in the html,” Ben-Itzhak says. “It’s a very sophisticated technique.”

via Threat Level

  • email
  • Digg
  • Facebook
  • LinkedIn
  • Google Bookmarks
  • StumbleUpon
 
0 Comments
Leave A Response

Will honest people turn to cyber crime?

On December 21, 2008, In hacking, legal, By eugenekogan

There has been a lot of hype in the news recently about unemployed IT workers turning to cybercrime to make ends meet. Some forecasts 1 claim that the guys running your mail server might “use their skills to steal credit card data using phishing attacks.” Of course, there are no hard facts to back up this claim. I find it hard to believe that an otherwise honest person would turn to something as extreme as stealing credit card numbers to help pay his bills. The truth is that there has been the opportunity for making large sums of money through cyber crime for years. If someone with the necessary skills and lack of morals was going to go into the phishing business, they would have probably already done so.

cyber_crime_chart

npr.org

Perhaps the economic downturn does help cyber criminals become more successful, simply because there are more desperate people out there to be scammed. Suddenly, a chance to “win $50 from Bank of America” might be just too tempting to resist. After all, “it’s a ripe economy to take advantage of people,” 2 according to a McAfee cybercrime strategist. (Nice job title.)

On the other hand, I’ve also seen claims 3 that corporations are performing more internal investigations into employee fraud and misuse of resources. I believe this type of criminal behavior is much more likely to rise, since people generally feel less guilty about taking advantage of their employers, as opposed to outright stealing from a stranger. It’s a bit like how taking home a box of pens from work might not be a big deal, whereas doing the same from a Staples store is much more obviously theft.

There is also one more reason why laid off or unemployed computer geeks might turn to criminal means: it’s the only job they can get. It’s obviously a tough job market, even considering that IT jobs are better off than most other fields. If you’ve got hacking skills and need to make some money, I suppose it’s possible that you might be tempted to work for a criminal organization. Once again, I don’t believe that usually-honest people will start joining the mob out of desperation; we’re just not that bad off yet. But I did come across at least one example 4 of an unethical corporation hiring hackers to help them exceed the limits on rain forest logging. It’s hard to know if this is an unusual case, or if it’s becoming more rampant.

The bottom line is that companies (and government agencies) need to be even more vigilant against the insider threat. It’s always been there, and it always will. The best we can do is try to mitigate it. Personally, I’m not too worried about IT workers turning to cybercrime – the crooked ones are already there.

  1. Jobless techies turning to crime
  2. Fighting cybercrime in an economic downturn
  3. Insiders Pose New Threats In Down Economy
  4. How do you illegally log a rain forest? With hackers
  • email
  • Digg
  • Facebook
  • LinkedIn
  • Google Bookmarks
  • StumbleUpon
 
0 Comments
Leave A Response

Sarah Palin E-Mail Hacked

On September 18, 2008, In hacking, By eugenekogan

I know this sucks when it happens to you, especially if you’re famous, but it really is kind of funny how easy it was.

As detailed in the postings, the Palin hack didn’t require any real skill. Instead, the hacker simply reset Palin’s password using her birthdate, ZIP code and information about where she met her spouse — the security question on her Yahoo account, which was answered (Wasilla High) by a simple Google search. [Threat Level from Wired.com]

This definitely makes a good case for two-factor authentication. That way just having the password would not be good enough to log in to her account – you would also need the physical token (like a SecurID) that she would own.

  • email
  • Digg
  • Facebook
  • LinkedIn
  • Google Bookmarks
  • StumbleUpon
 
0 Comments
Leave A Response

Web Security

On May 12, 2008, In google, hacking, security, By eugenekogan

Google has some good content about web security available on their Google Code University portal. There’s introdutory course material, and even some videos. The one titled “How to Break Web Software” is pretty interesting.

  • email
  • Digg
  • Facebook
  • LinkedIn
  • Google Bookmarks
  • StumbleUpon
 
0 Comments
Leave A Response
« Previous Entries
Go To Top »