Cyber Security: China Biggest Threat, Cyber Pearl Harbor, Russian Underground, Passwords and Anonymous v Karl Rove

China Deemed Most Threatening Actor in Cyberspace

China is “the most threatening actor in cyberspace” as its intelligence agencies and hackers use increasingly sophisticated techniques to gain access to U.S. military computers and defense contractors, according to the annual report of the  U.S.-China Economic and Security Review Commission mandated by Congress.  The report added that Chinese hackers have moved into more sophisticated targets such as senso and apertures deployed on military platforms.  The  report calls an investigation of China’s cyber activities and for sanctions against specific companies found to engage in industrial espionage.  The Commission noted that the global percentage of attack traffic dropped two-thirds during a recent Chinese holiday.

US Defense Secretary Warns of Cyber Pearl Harbor

Speaking following a wave of attacks on US financial institutions and the recent Shamoon virus which rendered 30,000 computers at Saudi oil company Aramco permanently inoperable, U.S. Defense Secretary Leon Panetta warned of a Cyber Pearl Harbor which he described as
Tan attack that would cause physical destruction and loss of life, paralyze and shock the nation, and create a profound new sense of vulnerability. . . .  An aggressor nation or extremist group could use these kinds of cyber tools to gain control of critical switches.   They could derail passenger trains, or even more dangerous, derail passenger trains loaded with lethal chemicals. They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.
Panetta called for Congress to act on pending cyber security legislation.

Russian Underground – The Costco for Cyber Crime

Security firm Trend Micro has provided an overview of the cyber crime services and prices offered by the Russian underground revealing “a vibrant community of ne’er-do-wells offering every conceivable service at dirt-cheap prices”.   For example, the following can be had for $500 or less:
    • Hiring a DDoS attack: $30-$70/day
    • Email spam: $10 per one million emails
    • SMS spam: $3-$150 per 100-100,000 messages
    • Botnet: $200 for 2,000 bots
    • DDoS botnet: $700
    • Hacking Facebook or Twitter account: $130
    • Hacking Gmail account: $162
    • Hacking corporate mailbox: $500

Rik Fergus – Director of Security Research and Communication at Trend Micro discussed this report on last week’s Cyber Law and Business Report.

2012 List of Worst Passwords Relatively Unchanged

SplashData’s annual “25 Worst Passwords of the Year” was recently released and the top five were virtually unchanged consisting of:  password, 123456; 12345678 , abc123 and qwerty.   Using the website, the worst password is easily changed into a very strong password by adding characters and capitalization as follows:

  • password – 8% (very weak)
  • Password – 26% (weak)
  • Password1 – 54% (good)
  • Password#1 – 72% (strong)
  • Password#12A – 92% (very strong)

Anonymous Claims it Blocked Rove Attempt to Steal Election

Hackitivist group Anonymous claims that it monitored the operations of Karl Rove’s political organization and created a firewall that blocked 105 election day attempts to access election servers in Ohio, Florida and Virginia.  Some claim this might explain Rove’s election night meltdown after Fox News called Ohio for President Obama.

More Info:  China Most Threatening Cyberspace Force; , U.S. Panel Says, Bloomberg; Panetta Warns of Dire Threat of Cyberattack on U.S, New York Times; ;Cyberattack on Mideast energy firms was among most destructive, Panetta says, Washington Post. Russian Underground Offers Cybercrime Services at Dirt-Cheap Prices, Wired; Trend Micro Report, Russian Underground 101;  ‘Jesus,’ ‘welcome’ join list of worst passwords; Cnet,  Anonymous claims Karl Rove tried to hack/steal the election, Examiner