September 19, 2014

Simple routing mistake breaks Internet on 18-SEP-2014

Did you know the Internet broke down for a bit on 18-SEP-2014?  It's true...and all it took was a simple mistake with a routing table.  Just ask VolumeDrive.  At around 06:49 UTC on 18-SEP-2014, VolumeDrive started advertising to one of it's upstream ISPs (Atrato) all the routes it knew from another one of it's ISPs (Cogent).

How big was the mistake you ask?  Well normally it advertises 39 networks (a.k.a. prefixes) but this time it advertised 400,000...that's 400K networks!  The entire global routing table for the Internet is 500K networks, or 80% of the entire Internet.

The impact was traffic was rerouted through the ISP Atrato erroneously.  Whoops.  And this stuff can easily be done.  A much more detailed (and quite good one I might add) can be found on Renesys' website.  Go have a read.

June 15, 2014

US Senate is concerned about Internet 'malvertising'

The US Senate issued a report on the problems with Internet/online ad networks that are distributing malware to unsuspecting consumers.  The investigation was conducted by the Committee on Homeland Security's Permanent Subcommittee on Investigations, which stated the objective was to raise consumer awareness and pressure ad networks to clean up the problems.  The report is called "Online Advertising and Hidden Hazards to Consumer Security and Data Privacy" dated May 15, 2014.  Senator Carl Levin and Senator John McCain led the committee.

At least some attention is being brought to this problem; it's a start.  Now let's see what kind of results they can achieve.  Sorry for my pessimism but I'm not going to be holding my breadth on this.  Unless they are able to exact financial repercussions onto the networks, in my opinion little will be changed.

A PDF of the report is here:,d.b2U

You can also find the transcripts from the associated hearing on May 15, 2014 here:

Citing:  Credit to Spyware Sucks blog who highlighted this report. Go check out his blog, he has interesting posts there.

May 24, 2014

In the category of 'This is News?'

Two recent news stories invoked a 'this is new news?' reaction from me.  More like 'this is OLD news.'

The one article is about Russians perpetrating cyber-espionage against American companies and the other is about online cyber-gangs hacking online companies.  The victim of the latter news story is eBay (link here to story).  Those of us in the information security industry who investigate compromises/breaches and track attackers are not surprised by any of this.  We've seen Chinese and Russian attackers going after American company's systems, applications, data, etc. for many many years.

And it's not getting any better...they aren't letting up and neither are we.  Keep fighting the good fight!

FBI threatens to go after Russian hackers

eBay hacking: online gangs are after you

April 27, 2014

Highlighting Various Articles

Some of these items are a bit dated but I thought I'd showcase them in case you missed them like I did.

10 Most Significant Hacks in 2013 by Nextgov (Jan 2014)

Nextgov website publishes list of what they deem as the "...10 most significant infiltrations reported in 2013 as far as damage to national security, economic security and privacy."(#1)

The titles from their list.  See link to article for details.

1. An unauthorized user gained access to an Army database of U.S. dams that documented the number of people who would be killed in the event of a collapse.

2. A suspected government-sponsored Chinese hacking team allegedly penetrated a decoy U.S. water utility.

3. The prolonged surveillance of New York Times reporters that Bejtlich’s firm helped uncover.

4. During a fall summit in St. Petersburg, G20 heads of state and staff allegedly received tainted thumb drives and smartphone chargers from their Russian hosts.

5. North Korea was blamed for paralyzing the networks running South Korean banks and television stations.

6. Ex-NSA contractor Edward Snowden exposed a cache of government secrets documenting mass domestic surveillance and intercepts of foreign allies' emails and phone calls.

7. A hijacked Associated Press Twitter feed describing explosions at the White House briefly -- but significantly -- affected financial markets.

8. The Energy Department's inspector general lambasted officials for sluggishness in responding to a breach that ultimately affected 104,000 federal employees.

9. Adobe acknowledged the theft of 2.9 million customer records as well as valuable software code. The targeted goods included many software tools used by federal agencies, such as Adobe Acrobat and ColdFusion.

10. During the height of the holiday shopping season, cyber thieves nicked credit and debit card data from up to 40 million in-store Target customers.

Article link:

#1 - This quote and titles in 1-10 items above quoted from article called "Ten Worst Hacks of 2013" by; Link: above

Neiman Marcus Hackers Set Off Thousands of Alerts While Bagging Credit Card Data (Feb 2014)

The Neiman Marcus attackers set off 60,000 security alerts during their attack.  That number is HUGE.  This occurred during the 3.5 month attack timeline.  IMO, this is why you need people monitoring logs along with machines, and not just depending on machines only.

Article link:

Microsoft opens new Cybercrime Center in Redmond, WA USA (Nov 2013)

Quotes from the articles:
"Advancing the fight against cybercrime to protect consumers and make the Internet safe"
"It's a world-class laboratory where a seasoned team of cybercrime investigators engage in a high-stakes game of chess, trying to stay a move or two ahead of the world’s most odious Internet criminals in an effort to make the web a safer place."

Article link: (with a good number of pictures including cybercrime heat maps)

Article Highlight: Q1-2014 SPAM study by Sophos shows interesting results

Every quarter Sophos studies spam and releases the results. This years title is "The Dirty Dozen Spampionship: Who's who in the global spam-sending league?"

The study shows the amount of spam sent by country. It's important to note that this does not necessarily correlate to the bad actor's physical location.  Most of these actors don't send it directly from their networks but rather utilizes resources, usually infected PCs (aka zombies), on other networks many times in countries other the one they reside in.  A couple tidbits I found interesting...

  • By volume the United States tops the list at 16.4% of total spam.  This is a huge lead as the next offending country, Spain, comes in at 5.0% of all spam volume followed by Russia (4.4%), Italy (4.3%), and China (4.1%).
  • Israel, who in the past spawns off information security start-up companies, is #3 in the list by population.  That's surprising to me.
  • I expected Russia, China, and India to be higher based on some of the data I've personally seen

Link to article:
(short link)