The week in security: Shutdown tests government security as government beats Silk Road security
- — 09 October, 2013 00:55
The shutdown of the US government was always sure to have information-security repercussions, and they were becoming clear as some argued that the move would become a significant test of federal agencies' security capabilities. The European Union's official Internet service provider was hit with a crippling malware attack, even as US authorities brought criminal charges against 13 Anonymous members for DDoS attacks under the guise of so-called Operation Payback.
Government security capabilities were certainly on show after it was revealed that British police secretly arrested a London-based teen in April over the massive DDoS attack on anti-spam organisation Spamhaus. Authorities also arrested Russ Ulbricht, the owner and operator of illegal goods-trafficking site Silk Road, shutting down the site – which one drug dealer said was like any other retail site – as well as seizing $US3.6 million ($A3.82 million) worth of Bitcoin. The virtual currency was also in the news as Bitcoin forum Bitcointalk.org went offline after a reported cyberattack.
The Silk Road shutdown was widely seen as an important milestone, with the story attracting widespread attention. Yet authorities had their work cut out for them as new figures suggested fraud in the Asia Pacific region cost more than $US350 million ($A370 million), even as companies like Dell moved to add PCI credit-card security compliance to its private-cloud offering in the leadup to forthcoming changes to the handling of SSH server-access keys.
ACMA survey data suggested half of Australians believe they face no risk from malware, while Symantec shut down more than a quarter of the infected machines controlled by the ZeroAccess botnet, while Google removed an application in its Play store that was pretending to be online ad-blocking software AdBlock Plus. Observers were concerned that a new Internet Explorer vulnerability could be widely exploited after it was built into the open-source Metasploit penetration testing tool.
The US National Security Agency (NSA) was in the firing line of some high-profile figures as former Qwest Joe Nacchio, who was released after four and a half years in prison, said the revelations by NSA leaker Edward Snowden would have helped him fight his insider-trading conviction (speaking of Snowden, a US lawmaker said the fugitive information leaker may have had help in his activities). And McAfee founder John McAfee has taken on the NSA with a new devicedesigned to provide secure anonymity online. His proposed 'D-Central' router utilises peer-to-peer networking to avoid the NSA's prying eyes, while his company unveiled a sandboxed malware-isolation tool that opens incoming files and 'explodes' them to see if they contain malware.
Even as revelations suggested there were more NSA leaks to come, the organisation's former CIO slammed the security of Fortune 100 companies and said he was "extremely concerned" about the balance between surveillance and privacy at the organisation. This, as several US senators defended the NSA's surveillance efforts in the interest of anti-terrorism efforts. Little wonder the US placed fourth in a recent ranking of Internet freedom.
SAP was also looking to capitalise on NSA concerns, with news that it may build a second data centre in Australia to cater for growing demand for onshore capability. Bittorrent was said to be developing a new, secure, serverless peer-to-peer messaging client, while anonymous communications service Silent Circle began looking at non government-endorsed encryption algorithms in response to the NSA's widely publicised success in cracking well-known encryption algorithms.
That said, the NSA's efforts to compromise the Tor encryption network have reportedly been a failure. The agency took a different approach with encrypted-email service Lavabit was ordered to provide a copy of its encryption keys and other information, the company's founder revealed. Yet the NSA's efforts to defeat third-party encryption will erode trust in US-based Internet services, some privacy advocates say. But the NSA isn't the only one suffering image problems: even Microsoft can't be trusted, according to a former Microsoft privacy advisor wrote the company's privacy policies in 40 different countries. With one in three European Union jobs created by industries reliant on intellectual property rights, poor privacy could become a sticking point to future growth.
Cisco and Intel were pointing out that there are ways of keeping virtualised server workloads within national boundaries, while Intel bought network security firm Sensory Networks. Security firm Malwarebytes put antivirus cleanup capabilities onto a USB stick, while security company Hold Security joined the ranks of those companies tracing sensitive data through the 'dark Web'. Some of that data will no doubt include information on 2.9 million Adobe customers that was stolen by hackers.
Some were tracing the security features of iOS 7, while security firm Mocana is soon to offer a way of wrapping iOS 7 apps in a layer of security software. Startup company Netskope, for its part, unveiled a security service to monitor the use of cloud-based applications. And, in a view to future challenges, McAfee said it had seen a rapid rise in the volume of malware signed with legitimate digital certificates.