Tuesday, January 20, 2015

The name of Internet’s enemy begins with the letter “E” for Espionage

Every good story a great villain. This bad guy gives meaning to the life of heroes who (disinterested or selfishly) fight to protect the interests of the rest of society. On The Foundation Trilogy by Isaac Asimov, the great villain was the Mule. Actually if you look at Tsugumi Ohba’s (Death Note) work, his main character is both hero and villain at the same time. On cybersecurity, the enemy starts with a capital “E” just like Espionage.

Wherever you look, bad boys always have the same goal: To get something from you. It may be money or information, but boundaries between pure and simple robbery and sophisticated espionage are increasingly blurring. Fobus malware targets Android devices. It is obfuscated under pretext of protecting your privacy. The user downloads an alleged adblocker, usually  from unofficial app markets, which will bring new friends for stealing your information, hijacking your accounts and subscribing to premium services.

Governments are not far behind. They take all the heavy artillery. Two new revelations by Snowden point to the British agency GCHQ for capturing emails sent and received by top international media. For instance, they would have been controlled communications from journalists at The Guardian (used by Snowden to disclose this information) as well as BBC, The New York Times, Le Monde, Reuters, TheSun, The Washington Post, NBC…

Snowden also had some words for the United States. He says this country is preparing for a future cyberwar. Along with such statement he brings out some supposed leaked documents that shows how hundreds of professionals very specialized on offensive security would have been hired, since computer "hackers" do not have to use weapons, but keyboards. Their objective could be the destruction of a country’s critical infrastructure.

Espionage is getting popular, as recently demonstrated by Lizard Squad. This group offers the DDoS service used by them to take XBox Live and PlayStation Network servers down. The ‘funny’ thing is that the whole list of home routers used to perform such denial of service is now on hands of law enforcement14,000 users can now be advised to dismantle the tool because all this information was stored in a plain text file...

People who do not want to take any risk tend to rely on systems that are not on the radar of the malware industry. Among them, Linux distributions seem a good choice. On an article published by Eset a few hours ago it was discussed whether it is necessary an antivirus on Linux desktop. This OS is not mainstream so it is often forgotten by both virus and antivirus creators. However do not forget that Linux is widely used on Internet servers as well as the basis for a high percentage of mobile and internet of things devices (including routers).

The following video shows a live investigation conducted by Jimmy Kimmel popular tv show. They asked people on the street if they want to find out if their passwords are secure. Surprisingly most of them do not hesitate to give their password to a stranger.

This could be called slightly humorous social engineering. Sometimes it is not necessary to be James Bond to feel like a real spy. Nor is it necessary to be a great villain to end up defeated.


Post a Comment