More information on Titan Rain (“Hack attacks”)



Earlier this year there was an article or two about a rumored “hack attack” that was ongoing against US Government (and contractor) computer systems. The stories claimed that the attacks seemed to be coming from China. Today I’m seeing a couple of articles on the topic. First up is an AFP story on the problem it sounds as though little attention has been paid to hardening systems. There is speculation that the Chinese military is involved in the breakins. One incident was very neatly and methodically done, planting a backdoor in 30 minutes.


It’s possible that military flight planning software was copied. What seems to be the worst is that any incidents that happen are being kept secret. (I don’t have a problem with it being secret from the general public, but you would think the organization would see the problems and take BIG steps internally to deal with them.) The only improvements in security seem to be in the Air Force information systems.

As to the origin of Titan Rain….

The attacks have been traced to the Chinese province of Guangdong, and the techniques used make it appear unlikely to come from any other source than the military, said Alan Paller, the director of the SANS Institute, an education and research organization focusing on cybersecurity.

Meanwhile… CIO today has an article on a lack of IT security training in the US making the US more vulnerable.

The SANS Institute warned that U.S. government, military contractor, and bank computer systems are facing a barrage of attacks from overseas hackers, and that network-security management lacks the training to mount an adequate defense.

“American government and corporate computer systems are being riddled with online attacks,” said Allan Paller, director of research at Bethesda, Maryland-based SANS. “But there is a culture of secrecy, and government departments, defense contractors, and banks are not talking about the attacks.”

Further… he gives a scary real story…

“In one government department, I saw a member of staff downloading an upgrade to Internet Explorer on his PC,” said Johannes Ullrich, chief technology officer at the SANS Institute’s Internet Storm Center. “I was monitoring his network connection using intrusion-detection software. I noticed that his computer had been redirected to a Web site in Eastern Europe and was downloading code from that site.”

I’m not terribly surprised really. I’ve worked on computers in a good number of small to medium sized organizations and most of them have received no training whatsoever. I’ve often wondered if larger organizations with an actual IT staff are able to have any training. (DO this, DON’T EVER do that… ) Sadly, I suspect that the answer is NO. In many cases there’s a desire to offer “new services” (I’ll bring in a wireless access point and we can give everyone wireless internet access) that security is never really on the list of considerations. I remember one place in particular seemed somewhat put out that I insisted on an encryption key and MAC address filtering for their Wireless LAN.

Of course the real threats of such “weak network security” is not usually in the realm of people getting hurt (unless someone’s foolish enough to intertie VITAL services to internet connected machines.) The real damage is economic, lost information, identity theft, military secrets (or at least sensitive information). However it’s not unimaginable to paint a scenario where the loss of information puts lives in jeopordy. We really need to teach people about networked computer security.

Related Posts

Blog Traffic Exchange Related Posts
  • Data Security One of the things that apparently is commonly overlooked in the area of computer security is what happens to the data on your hard drive when you get a new computer. I just read an article at geoffreyhuntley.com about some old servers he picked up pretty cheap from a government......
  • Network Security guide for the home or small business network - Part 16 - Learn about the enemy I remember I had a geography teacher once that was a former Marine and he said when he was growing up it was the height of the cold war and geography was interesting to him from a "know your enemy" point of view. That's a good concept to apply to......
  • NY requires businesses to disclose security breaches. The Register writes that New York has passed a law that will require local government agencies and businesses to disclose security breaches. (System broken into or data stolen). I can understand businesses being reluctant to disclose this kind of information. "What will they say about us", "bad reputation", "we'll lose......
Blog Traffic Exchange Related Websites
  • Low Cost Computing for a Baby Boomer Lifestyle I rely heavily on personal computers for work and home activities. So do you. One of my objectives over the past couple of years has been to reduce the cost of computing in the one area where cost-control is easiest: software. I have found many free software applications that work......
  • Are Annuities the New Pension? I have thought and written extensively about the benefits, costs, and risks of immediate and variable annuities for retirement. Now even the White House is suggesting that more boomers consider using annuities to provide lifetime retirement income. In his State of the Union address, President Obama talked about economically supporting......
  • Laptop as a Wireless Router You may some day come across the rare situation of temporarily needing an extra wireless router.  I can't really think of a good example, but I know that I encountered such a situation yesterday.  I decided I would write up an article as it may prove useful to others that may......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site