Category: Cyber & Tech

Cyber & Tech: Three undersea cables cut: traffic disturbed between Europe and Asia 814 Reads

Saturday, December 20, 2008 - 12:45 AM

3 cables cut this morning
France Telecom Marine cable ship about to depart

PARIS — France Telecom observed today that 3 major underwater cables were cut: “Sea Me We 4” at 7:28am, “Sea Me We3” at 7:33am and FLAG at 8:06am. The causes of the cut, which is located in the Mediterranean between Sicily and Tunisia, on sections linking Sicily to Egypt, remain unclear.

Most of the B to B traffic between Europe and Asia is rerouted through the USA. Traffic from Europe to Algeria and Tunisia is not affected, but traffic from Europe to the Near East and Asia is interrupted to a greater or lesser extent (see country list below).

Part of the internet traffic towards Réunion is affected as well as 50% towards Jordan. A first appraisal at 7:44 am UTC gave an estimate of the following impact on the voice traffic (in percentage of out of service capacity):

Saudi Arabia: 55% out of service
Djibouti: 71% out of service
Egypt: 52% out of service
United Arab Emirates: 68% out of service
India: 82% out of service
Lebanon: 16% out of service
Malaysia: 42% out of service
Maldives: 100% out of service
Pakistan: 51% out of service
Qatar: 73% out of service
Syria: 36% out of service
Taiwan: 39% out of service
Yemen: 38% out of service
Zambia: 62% out of service

Cyber & Tech: Cyberwarfare, hackings on the rise in partisan battles - Web is new realm of Moroccan-Algerian conflict 269 Reads

Monday, November 17, 2008 - 11:00 AM

Hackers attacked Algerian websites and posted anti-government messages

ALGIERS (Ramadan Belamry)

The Algerian-Moroccan dispute over the Western Sahara has entered a new realm as hackers took the decades-old land conflict into cyberspace with attacks on websites and domain names.

Hackers assumed to be Moroccan intensified their attacks on Algerian websites and posted vitriolic statements condemning both governments in a series of series of hackings that included news websites in French and Arabic.

Among the targets of the most recent attack was the French speaking website Le Quotidien d'Oran (Wahran Daily). The hackers cursed both the Algerian and Moroccan governments and posted statements like "Damn both governments."

The electronic battle started a month ago when suspected Algerian hackers posted a banner with the Moroccan flag and the words "Le portail du Sahara Marocain" (The portal of Moroccan Sahara) on the French-language news site Tout sur L'Algerie (All about Algeria). They also posted stories lashing out at Algeria and the independence movement group Polisario Front.

We took the matter to French courts to regain the domain and punish the culprits

--------------------------------------------------------------------------------
Lounés Ghamash, editor

Extension of political dispute

Lounés Ghamash, editor of Tout Sur L'Algerie, identified Hakim Allal as the hacker responsible for the attack and said he used the account of one of his reporters.

Allal allegedly asked for €5,000 ($6,338) to restore the domain.

"We took the matter to French courts to regain the domain and punish the culprits," Ghamash said.

The Paris-based Tout Sur L'Algerie is popular among Algerian intellectuals and decision-makers. Its extensive coverage of the Western Sahara issue could have aroused Moroccan resentment and triggered the hacking.

Experts say electronic warfare is the extension of the political dispute between the two countries.

Cyber & Tech: Phishing: Better known as Fishing for Information 287 Reads

Sunday, November 16, 2008 - 12:33 AM

by
Casey Britton

Nov. 16, 2008

Phishing is the illegal acquisition personal information such bank account numbers, credit numbers or user names and passwords at online stores which are then used for identity theft and illegal purchases.

Phishing comes in many forms in this day and age. The most popular way to contact a potential victim is by using the branding (identity) of a major bank, corporation or online business to gain the victims trust.

As more and more transactions move online finding a large customer base is relatively easy. E-mail lists and customer databases are either purchased, stolen, in some cases hacked (using illegal means to access server information) to obtain the user base or member list. Mass mailing is used through anonymous re-mailers which are devised to hide the identity of the Phisher.

Whether the victim replies to an e-mail or clicks a link in an e-mail taking them to a web page form where they are asked to confirm account numbers, passwords or other personal information the process used to verify the scam is the same.

In both cases by referring to the source code of the page requesting the information, the evidence is in the HTML. HTML (Hypertext Markup Language) is the set of markup symbols or codes inserted in a file intended for display on the World Wide Web. The markup tells the Web browser how to display a Web page's words and images for the user.

Embedded or hidden in the code will be a form field that will send the information to the Phisher. Where the user responds to the e-mail, the information is not normally sent to the return e-mail address the victim will see but to either an online database or yet another e-mail address which can also be found in the HTML.

View Source: Check the code

From the View menu on either the web browser (Internet Explorer, Netscape, and FireFox) or e-mail client (Outlook, Outlook Express or mail system attached to the browser) select View Source. This action will show the user the HTML code. If you are being asked to provide information that has to be a form. The form will utilize fields or areas for the information to be typed. In the form coding you will be able to view where the information is being sent. In a lot of cases the form data will probably be sent to a foreign e-mail account or web site.

In a HTML form the data in the form fields are handled by two means of coding, the sendto or post tags. The sendto tag will send the information to an e-mail address. The post tag will send the information to an online database. Either way, once the requested data is entered into the form field and sent, the Phisher has your information.

If you feel you have been a victim of identity theft or if charges appear on your bank or credit card statement that appear to have been used for internet purchases that you did not make, notify your financial institution and/or credit card company and report the crime to http://www.usdoj.gov/criminal/cybercrime/reporting.htm.

Cyber & Tech: New internet security system no longer secure 296 Reads

Saturday, November 01, 2008 - 08:07 AM

London (IANS): Researchers have cracked the so-called McEliece encryption system, to potentially secure Internet traffic during the age of quantum computing in future.

The attack succeeded last month by means of a large number of linked computers throughout the world, informed Eindhoven University of Technology (EUT) Netherlands professor Tanja Lange.

Earlier this year she and her PhD student Christiane Peters, together with Daniel Bernstein, visiting professor (University of Illinois, Chicago), had discovered a way to speed up attacks against the 30-year-old McEliece cryptosystem.

The researchers wrote software that would decrypt a McEliece cipher text in just one week on a cluster of 200 computers, according to an EUT release.

The software was run recently on several dozen computers in Eindhoven, Amsterdam, France, Ireland, Taiwan and the US. A lucky computer in Ireland found the cipher text.

The successful attack was announced recently at a conference in Cincinnati (US) on post-quantum cryptography. The researchers said that the McEliece cryptosystem can be scaled to larger key sizes to avoid their attacks and remains a leading candidate for post-quantum cryptography.

At present, banks use the RSA code from 1977 for securing matters such as electronic transactions. For RSA the currently used key sizes are significantly larger than initially thought: a single PC would need only three weeks to break the parameters from the original paper.

Yet a quantum computer will have no problems cracking even the improved current version. For this reason, anticipating the introduction of the quantum computer (which Lange thinks will take at least 10 more years) and to deal with long-term confidentiality such as health records, researchers are trying to find better encryption systems.

Cyber & Tech: How to combat the botnet army 285 Reads

Thursday, October 30, 2008 - 10:21 AM

The count of bot-infected PCs has begun to climb dramatically, but there are steps you can take to protect yourself and your PC

By Erik Larkin, IDG News Service
October 29, 2008

The malware armies are growing, with a sharp rise in the number of computers corralled into botnets --far-flung networks of infected PCs that digital crooks use to steal financial account data, relay spam, and launch crippling Internet attacks. Now that popular Web sites can invisibly and unwillingly spread malicious software, the days of staying safe just by being careful where you surf are sadly long gone. But you can take steps to protect yourself and your PC from these threats.

The volunteer white hats of Shadowserver , a nonprofit organization dedicated to battling the bot scourge, maintain a count of how many bot-infected PCs they see with their distributed Internet sensors. In mid-June that count began to climb dramatically, eventually exploding from a sample set between 100,000 and 200,000 for most of the year to a peak of about 500,000 in mid-September.]

Since Shadowserver's sensors don't see every botnet, the total number of bot-infected machines is almost certainly a good deal larger. And some of the apparent increase stems from Shadowserver's having launched more sensors. But "there are clearly more bots and infected PCs," says Andre´ M. DiMino, a Shadowserver founder. "There's a rise in the surface area of infections and consequently the number of bots we're seeing."

Some experts tie the botnet rise to a recent wave of Web-based attacks. SQL injection attacks , a type of assault against online applications, can crack open vulnerable but otherwise benign Web sites and allow a malicious hacker to insert booby-trapped code. When someone unknowingly browses a poisoned site, the triggered booby trap invisibly hunts for exploitable software holes through which it can install a bot or other malware. Once it infects a PC, a bot contacts a server on the Internet to pick up commands, such as to steal financial-site log-ins, from its thieving controller.