A clever piece of bank account-targeting malware was recently discovered. It does the usual task of transferring money out of the victim’s account. But it also has a clever trick to help delay the victim from noticing the missing money. When he checks his bank statement online, the malware-initiated fund transfers will be dynamically removed. Of course, this assume that the victim is checking his account from the previously-infected computer, but it’s still an interesting trick to buy the criminal some more time.
The novel technique was employed in August by a gang who targeted customers of leading German banks and stole Euro 300,000 in three weeks, according to Yuval Ben-Itzhak, chief technology officer of computer security firm Finjan.
“The Trojan is hooked into your browser and dynamically modifies the text in the html,” Ben-Itzhak says. “It’s a very sophisticated technique.”
via Threat Level
I’m looking forward to finding out the results of this research!
[Sandia's] Thunderbird supercomputer will periodically run a million virtual machines all at once, all with botnet client software. By setting this large network of systems into operation, the researchers, Ron Minnich and Don Rudish, hope to better understand how botnets operate.
It’s a cool idea, and could probably keep me busy forever. The only issue I have with this project is that the time and money would be better spent on trying to improve the fundamental security issues of our computing model, rather than just learning about a symptom (in this case, botnets). Still, it sounds like fun, and will hopefully produce some actionable knowledge in a year or two.
I just read a short but interesting article by Tom DeMarco on the concepts of metrics and control in software engineering. Here’s the bottom line that really resonated with me:
This leads us to the odd conclusion that strict control is something that matters a lot on relatively useless projects and much less on useful projects.
That might not sound intuitive at first, but it makes sense after reading what he has to say.
The article (PDF) is available here: http://www2.computer.org/cms/Computer.org/ComputingNow/homepage/2009/0709/rW_SO_Viewpoints.pdf.
Here’s a quick summary:
The United States and Russia are locked in a fundamental dispute over how to counter the growing threat of cyberwar attacks… Both nations agree that cyberspace is an emerging battleground.
Russia favors an international treaty along the lines of those negotiated for chemical weapons… The United States argues that a treaty is unnecessary.
Basically, it sounds to me like both countries want to continue cyber attacks against each other. The difference is that Russia wants to have a treaty in place so that it can continue to deny what it does, whereas the US would rather not bother with such a thin veil of cooperation.
Cyber attacks aren’t like chemical warfare. First of all, it’s nearly impossible to identify who is attacking you over the Internet. And even if you do have a clue as to which country a hacker is coming from, how will you be ever be able to openly prove that he is working for that country’s government? This quote from the WSJ says it well:
In the digital world, as the cyber threat shows, physical distinctions such as political borders are unhelpful and can be dangerously confusing.
I think we have more important things to deal with regarding cyber security than pointless treaties. It’s time for new solutions to this new and different problem.
U.S. and Italian authorities said Friday they arrested a group of hackers and conspirators who allegedly stole from phone companies around the world. The illegal profits funded terrorist activities, Italian officials alleged.
A federal grand jury in New Jersey indicted three people Friday, including one man who has been linked to al Qaeda. The three suspects, who live in the Philippines, are accused of providing Pakistani nationals in Italy with access to stolen phone lines.