Digital Cyber Forensics: Conference related info

The Internet has made it easier to perpetrate crimes by providing criminals an avenue for launching attacks with relative anonymity. It is evident that  illegal activities are more often buried into large volumes of data which calls for extensive analysis in order to detect crimes and collect evidence. Most of the time the investigations are of cross-border in nature, requiring coordinated policing  efforts in heterogeneous jurisdictions.

Security: Know your APT

Advanced Persistent Threats (APTs) has been estimated to grow faster than other technologies. APT is a a part of the classified category of cyber crime directed at  business at large and / or political targets. They are built with a high degree of stealithiness over a prolonged duration of operation in order to be successful. APTs are built with a fixed goal of remaining invisible as long as possible. As such, tahe APT operators tend to focus on “low volume” attacks and over time they would have covered a large area,  stealthily crawling from one host to the next as it is being compromised., and ensuring to avoid generating regular or predictable network traffic. Damballa predicts that the volume of persistent attacks directed at large corporations will continue to increase and the victims will continue to feel as though they have been specifically targeted in the year 2012. McaFee is clear in commenting that the solutions in silos don’t enrich each other with relevant data and introduce greater complexity to analysis and remediation, giving the advantage to the perpetrators of the APT. 

Security: Know your DNS

The Domain Name System (DNS), has been defined by RFCs 1034 and 1035. It is a  hierarchical, and distributed database used for providing a service to resolve names for various Internet applications. A zone as understood by everybody is a collection of nodes, forming a contiguous tree structure, with  the start of authority, or SOA. The purpose of SOA is to delegate the naming authority downward, to delegation points, terminating with leaf nodes. The elements of the SOA are made available from the DNS authority servers to recursive DNS servers.

Cyber Operations - Ghost Click

The largest internet cyber sting operation taken by FBI was named as Ghost click. Since 2007, a group of cyber group had deployed a special class of malware called DNSChanger. It is understood that the FBI had arrested six Estonians accused of running a botnet that controlled more than 4 million computers in 100 countries equating  the infections to approximately 4 million computers. It is estimated that there were more than 500,000 infections in the U.S. alone, in a composition of computers belonging to individuals, businesses, and government agencies such as NASA.

Digital Warfare - Use of struxnet is a test run or failed mission? Speculations are ON?

The birth of struxnet has opened up an New era of  discussions in the security community. Since its discovery earlier this year, the sophisticated Stuxnet worm has infected at least 15 industrial plants in a variety of countries. Security experts have universally accepted that the the worm had the ability to target a  specific computer and inflict damage to controls equipment at industrial facilities.

Digital Warfare - Duqu: Struxnet family of BOTS

Stuxnet, the first military-grade cyberweapon known to the world.  Stuxnet was believed to have been released in late 2009 and millions of computers were infected as the worm though there are other references which claim that it was release as early as 2007. Stuxnet was designed to cripple control systems. The list of modules built as a part of Struxnet provide different kinds of permutations and combinations to reassemble the code with variations. One such example was the birth of Duqu.
Duqu, acts as a Trojan, stealing data, potentially acting in the planning stages of an attack. It can be said that DuQu was used as an intelligence gathering tool, possibly  aiming to prepare the ground for future attacks.  According to Alex Gostev, the main module consists of three components:

• a driver that injects a DLL into system processes;
• a DLL that has an additional module and works with the C&C; and
• a configuration file.

Digital Warfare & Struxnet - Where are we in security?

Enisa has come up with a statement that Stuxnet is a specialized malware targeting SCADA systems running Siemens SIMATIC® WinCC or SIMATIC® Siemens STEP 7 software for process visualization and system control.  The software consists of a series of software block, which are combined into a project.Some of the blocks include Function blocks, Operational blocks, and Data blocks. These software system command the components that control speed in gas-enrichment centrifuges, used for separating radioactive isotopes by spinning at supersonic speeds.

Cyber threat Stuxnet & Big data analysis

Cyber threat to national economy is an emerging menace. Countries world wide have started realizing this and have taken their stand. What was once a war on the land is getting shadowed as history.  The new sophisticated warfare has opted for cyber weapons as their gadgets. For example the same blog has mentioned about Federal Trojan and its capabilities. The Trojan was used to intercept skype transactions and other such online transactions. 

BigData & Digital footprint

Big-data is painting the data canvas with novel techniques and methods to handle new forms of business built on predictive intelligence. Going by the statement”Nothing is free in this world” organizations provide certain e-services to capitalize on the fact that  if a customer is not paying for service, then he is the product who can be used to leverage the existing business. Customers at large including free users have chiseled their digital footprints which were hitherto ignored. Thanks to the emergence of big data; the values of such digital footprints have been recognized. Going by the law of survival, when left in wild, there is a need to establish and track the digital footprints in order to profile the customer base. Big data analytic is emerging as a digital foot print tracker and modeler to provide the razor sharp strategic edge for organizations to leverage their existing business and cross pollinate.

Federal Trojan

Federal Trojan aka R2D2 is considered to be one of the SKYPE interceptors as understood from the register. This trojon is also called by other names "0zapftis" or "Bundestrojaner",This trojan has the capability of running on 32 bit systems; with support for 64 bit versions of Windows. The technology works via a local installation of malware on the clients computer. BOTs and Trojans are  classified generally under Malware.