Wednesday, October 27, 2010

Cybersecurity in the News

Hackers shopping malware network
By Washington Times' reporter Shaun Waterman

According to a Washington Times article, a hacker group calling itself the Iranian Cyber Army is gathering a network of infected computers, and selling it to cybercriminals to spread spam and malicious software.

Aviv Raff, of the computer security firm Seculert, told The Washington Times that the group was exploiting a vulnerability in the popular blogging software program WordPress to gain control of unsuspecting Internet users' computers and add them to its network — known as a botnet, or robot network — of infected machines. He said the botnet, one of hundreds controlled by hacker gangs and cybercrime syndicates all over the world, could be used to launch cyber-attacks against Tehran's enemies.

Most researchers regard the Iranian Cyber Army (ICA) as "hacktivists" — politically motivated pro-Iranian hackers — and there is no evidence they are linked to the Tehran government. Almost a year ago, a group using that name attacked U.S.-based social networking platform Twitter, and then Chinese search engine Baidu, briefly diverting visitors to those Web pages to a different page decorated with an Iranian flag, nationalist slogans and anti-U.S. and anti-Israel images.

"We are not sure if they are really Iranians," Raff said of the ICA, "but they are supporters of the Iranian regime."

He said his firm was trying to identify the geographical origin of the attacks, but such tracing is notoriously difficult in cyberspace, where hackers can launch attacks from computers they control half a world away from their own location.

"At the moment, there is no way of knowing who these people really are," said Jason Glassberg, of the computer firm Casaba Security.

"They could be Iranians," he told The Times. "It could just as easily be a 13-year-old in New Jersey."

Politically motivated cybervandalism like the ICA defacement of the Twitter and Baidu sites is relatively common, and usually no more than a nuisance. For example, Islamic hacker groups, many of them apparently based in Turkey, defaced Danish websites after a newspaper there published cartoons of the Prophet Muhammad in September 2005.

But ICA's most recent hack appears to be much more aggressive, said Mr. Raff. He said European newsblog site TechCrunch, and "hundreds" of other smaller sites that use WordPress had been compromised over the past two months. Visitors were surreptitiously redirected to a hacker-controlled website, where they were infected with a so-called Trojan downloader — a kind of malicious software that allows hackers to take control of the user's computer.

The Trojan was placed on the visitors' computers by exploiting well-known vulnerabilities in several widely used software packages, including Adobe PDF, Java and Internet Explorer.

Read the full article at:

No comments: