IT security rundown for week ending Aug. 26

This past week in security news was highlighted by a hacking revelation out of China, bad news for banks, good news for Sony gaming customers and a curious email that might have been at the heart of the big RSA data breach.

China protests too much?

So it turns out the Chinese government, despite protests to the contrary, has been hacking U.S. targets after all. How do we know? Because Chinese state television broadcast a documentary about hacking and cyberwarfare strategy that showed a demo of a state-sponsored hacking tool purportedly disrupting the operations of a spiritual movement called the Falun Gong, which the Chinese government considers a threat to its authority.

The Chinese documentary, titled "The Internet storm is coming!" (which focused on the official Chinese view of the Pentagon's cyberwarfare strategy), happened to give a quick look at how an attacker targeted a website of the Falun Gong, which in this case was hosted at the University of Alabama in Birmingham.

The brief clip of the attack is thought to be very old film footage if only because this website was taken down several years ago by the university. As The Wall Street Journal noted in its story about the documentary, "The 10-second segment -- part of a longer report on cybersecurity -- appears to be a rare example of an official source contradicting China's repeated assertions that it doesn't engage in cyberattacks, according to Andrew Erickson and Gabe Collins of the China SignPost analytical service, which specializes in military matters."

The cyberwarfare documentary was broadcast by China Central Television Channel 7 last month but the U.S. public got some idea about it last week when Erickson, an associate professor at the U.S. Naval War College's Maritime Studies Institute, published a report about it. The WSJ noted that the footage in question could still be seen on CCTC's website last week featuring Senior Col. Du Wenlong, a researcher at the Chinese army's Academy of Military Sciences, talking about cybersecurity issues.

Another Chinese hacking news angle last week was that Hong Kong police arrested a local man in connection with an Aug. 10 computer attack on the Hong Kong Stock Exchange. That attack forced the exchange to suspend trading about two weeks ago. Now that's where real-life cyberattacks really hurt.

Taking it to the banks

Cybercriminals also really can hit the wallet when they take over business bank accounts, and that is happening on a regular basis, according to the Financial Services Information Sharing and Analysis Center (FS-ISAC), the group of banks that works with the Treasury Department and the FBI on cybersecurity issues of national importance.

Often these commercial account takeovers occur because cybercriminals take control of the bank customer's business computers used for funds transfers by means of specially-designed malware, such as the ZeuS variants.

According to a poll of its members, FS-ISAC last week said 21 institutions reported a total of 108 commercial account takeovers by cybercriminals during the first 6 months of 2010 compared with 86 for the full year of 2009. The only good news in all this is the banks seem to be getting a little better at blocking fraudulent funds transfers out of compromised bank accounts. But irretrievable losses are still piling up.

Sony gets tougher

Speaking of victims of data breaches, Sony (which as we all recall had its online gaming services hacked repeatedly a few months ago) is apparently thinking its gaming customers would appreciate better security. One thing Sony Online Entertainment is doing is offering its customers hardware- and software-based authentication tokens that can generate one-time passwords that customers can use to get into their accounts. One-time passwords are widely regarded as far more secure than simple, reusable passwords.

"Sony Online Entertainment has joined the growing list of gaming companies that offer physical authenticators for protection against account hacking and associated fraud," said a spokeswoman from Vasco, the company through which Sony is offering the authentication tokens. Blizzard Entertainment's World of Warcraft is another Vasco client in the online gaming business, which offers its customers a version of Vasco's one-time-password generation tokens.

Sony wasn't immediately available to comment, but Vasco says Sony is now offering the branded SOE Authenticator, which is based on the Vasco Digipass GO 6 hardware token. As an alternative to a hardware token that would be used in a PC, Sony is also offering customers the choice of a software token based on Vasco technology for mobile devices, such as smartphones.

Jochem Binst, Vasco's director of communications, says Sony is expected to charge about $9.99 for the hardware token, but offer the software-based token for free. He says Sony is operating the Vasco back-end equipment used in the authentication process directly on Sony premises. Vasco is thought to be the sole provider of authentication in this form for Sony online gaming services, he adds.

"It's similar to what we do for the banking world," Binst says.

Hackers going mobile, old school hacking and the RSA email?

Three more security news items worth noting:

* Mobile devices are the next frontier for hackers, and McAfee last week said that Android has emerged as the most-targeted mobile operating system. In its Q2 threats report, McAfee said it found around 1,200 mobile malware samples and about 60% were aimed at Android. Mobile malware is still but a tiny fraction in comparison to malware targeting PCs, but McAfee believes the trend is clear that Android is now the favorite mobile target for attackers writing malware, surpassing what's written for Java Micro Edition. Another interesting tidbit from that report is Abode's products are getting hammered by attackers in terms of known exploit code at a rate that now far exceeds that for Microsoft products.

* The data breach parade keeps marching on, last week led by Yale University, which notified about 43,000 faculty, staff, students and alumni that their names and Social Security numbers were publicly available via Google search for about 10 months. The breach is said to be the result of an FTP server where the data was stored becoming searchable by Google after a change the search engine made last September. But oops, Yale IT staff people didn't know.

* F-Secure last week said it's discovered in a big old pile of collected malware what might be the original booby-trapped email that was the first step in the successful attack on RSA in March to steal information about its SecurID product. Only RSA knows for sure, or at least we hope they know by now.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags securitysony

More about Andrew Corporation (Australia)BlizzardBlizzard EntertainmentFBIF-SecureGoogleLANMcAfee AustraliaMicrosoftRSASonyVascoWall Street

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts