Cyber Attack Against Norwegian Military, Massive and Targeted

On March 25 this year a massive and targeted cyber attack was launched against the Norwegian Military Forces – Forsvaret – according several Norwegian news sources. It is being described as one of the most serious so far. Local experts fear more attacks, capable of paralyzing the entire Norwegian economy.

It is likely that important computer systems are infected, and that information has been lost.

National Security Authority

On March 25, hundreds of emails was sent to high-ranking officers in the Norwegian military – Forsvaret. The message was disguised as a regular message from the public directorate, written in perfect Norwegian, with an innocent looking file attached. One person opened the file – and the fight was on.

According to the military spokespersons, the computer where the infected file was activated did not contain any classified information. The attack was discovered and stopped before any sensitive or confidetial information was stolen.

But some data was stolen. It is still unknown how much, and what, information that has been stolen, says Major Ivar Kjaerem at the Military Center for Protection of Critical Information, according the newspaper VG.

And I presume its gonna stay that way…

Cyber attack against Norway have become more like an online game, specially  after last years Peace Prize award.
The Norwegian oil installations in the North Sea was also among the first to detect infections by the Stuxnet worm.

But this one is almost as special as the Stuxnet.

First of all: It seems to have been very well planned, organized and executed. Almost with a military precision.

Secondly: The attackers did already posess detailed information about the Norwegian military as they were able to target between 200 and 300 high-ranking and influential officers.

And third: I happens the day after Norwegian Air Forces has their first raid over Libya.

When it comes to the last point, no one can say for sure if there is any  connection or not.

However, the incident has surely scared the Norwegian military who characterize it as one of the most serious cyber attacks so far.

And the military spokesman seem to suddenly have realized that we ain’t seen nothing, yet.

I belive it is some kind of recognition mission, an attempt to map our systems and possible vulnerabilities, Major Kjaerem says, indicating the expectation of new attacks.

And, of course, the military spokesman underline that they managed to stop this one, and the possibility of anyone penetration the Norwegian military’s security system is very low.

Here’s come the part when I have trouble not laughing…

So, they managed to stop the attack? Our brave soliders? Well, this is what really happened:

The email was received on a Friday afternoon. But some hyperactive warlord decided to pop by the office on Saturday, just to check if we’ve had hit Gaddafi and check the mail and stuff, You know.

What happens next is described by the newspaper VG as follows:

The sender, who was named in the email, did not exist, and it was the aware  receiver who raised the alarm because it was something else attached to the email than the annual report from the Directorate. The attachment behaved strangely, and the person became suspicions.

Well done! boys and girls.

Quite frankly, I’m speechless…

Anyway – last year the Norwegian National Security Authority warned against the threats from cyberspace in their recent 2010 report.

The report states:

It is likely that important computer systems are infected, and that information has been lost.

We we regard it as a very serious matter when the Norwegian military gets attacked like this, says spokesman Kjetil Veire with the National Security Authority.

Adding: When it comes to infected computers, we fear there is a large dark zone. What we have seen here might just be the tip of an iceberg.

No kidding!

But finally security expert at the company Steria, Stein Moellerstad, put the closet in the right corner:

The number of attacks against the Norwegian military will increase. And they can cause more serious damage because the flow of information through the internet has become so huge that both the military and the rest of the public administration has partly lost control.

According to the National Security Authority 2010 report, are cyber attacks capable of paralyzing the entire Norwegian economy in a worst case scenario.

So, now the speculations about who might be behind this are running totally wild.

Local experts say that only about 10 nations in world is capable of launching an attack as this.

That’s bullshit.

Anyone with above average computer skills with a coup;e of buddies to help with the actual launch could do this.

The suspects are millions.

In my mind the most interesting question is: Why Norway?

I mean, we haven’t got much oil left, we’ve sold it all. The same goes for the technology. In other words – not much to spy on.

I assume the NATO material is under a special NATO security facility.

And our famous Oil Fund? Well, we impulsively bought Greek debt for about one billion USD. Perhaps we shouldn’t, but that Greek prime minister look so nice.

The rest is probably gone in a few years anyway as the government will have to pay for all its promises, specially within the health care sector.

It means we don’t have that much money, either.

In fact, I can only see one logical reason to Norway being targeted in this scale:

It’s just too damn easy!

Related by the Econotwist’s:

• UK Treasury Under Constant Cyber Attacks
• Hackers Attact Norway’s Peace Prize Institute
• Norwegian MP Nominate Wikileaks for Nobel Peace Prize
• Hackers Attack Norwegian Government – Again
• EU Institutions Hit By Major Cyber Attack
• Stuxnet Mutants All Over The Web
• Europe: Cyber Criminals Attack Critical Water, Oil and Gas Systems
• The REAL Weapon of Mass Destruction
• Report: Details On China’s Internet Hijacking

Related articles

• US calls on its Nato partners to help resist cyber-attacks (lezrec29.wordpress.com)

Top 10 Cyber Threats of 2011 – Updated

PandaLabs, the antimalware laboratory of Panda Security, the cloud security company, has forecasted several radical innovations in cyber-crime for 2011. Hacktivism and cyber-war; more profit-oriented malware; social media; social engineering and malicious codes with the ability to adapt to avoid detection will be the main threats.

“There will also be an increase in the threats to Mac users, new efforts to attack 64-bit systems and zero-day exploits.”

PandaLabs

Here is a summary of what PandaLabs now predicts as the ten major security trends of 2011:

1. Malware creation:
In 2010, PandaLabs witnessed significant growth in the amount of malware and discovered at least 20 million new strains, more than in 2009. At present, Panda’s Collective Intelligence database stores a total of more than 60 million classified threats. The actual rate of growth year-on-year however, appears to have peaked. Several years ago it was over 100 percent and in 2010 it was 50 percent.

2. Cyber war:
Stuxnet and the WikiLeaks cables suggesting the involvement of the Chinese government in the cyber-attacks on Google and other targets have marked a turning point in the history of these conflicts. Stuxnet was an attempt to interfere with processes in nuclear plants, specifically, with uranium centrifuge. Attacks such as these, albeit more or less sophisticated, are still ongoing, and will undoubtedly increase in 2011, even though many of them will go unnoticed by the general public.

3. Cyber-protests:
Cyber-protests , or hacktivism, are all the rage and will continue to grow in frequency. This new movement was initiated by the Anonymous group and Operation Payback, targeting organizations trying to close the net on Internet piracy, and later in support of Julian Assange, editor-in-chief of WikiLeaks. Even users with limited technical know-how can join in the distributed denial of service attacks (DDoS) or spam campaigns. Despite hasty attempts in many countries to pass legislation to counter this type of activity effectively by criminalizing it, PandaLabs believes that in 2011 there will be more cyber-protests, organized by this group or others that will begin to emerge.

4. Social engineering:
Cyber-criminals have found social media sites to be their perfect working environment, as users are even more trusting with these than with other types of tools, such as email. Throughout 2010, PandaLabs witnessed various attacks that used the two most popular social networks – Facebook and Twitter – as launching pads. In 2011, not only will hackers continue to use these networks, but it is predicted that they will also be used more for distributed attacks.

BlackHat SEO attacks (indexing and positioning of fake websites in search engines) will also be widely employed throughout 2011, as always, taking advantage of hot topics to reach as many users as possible. In addition, a significant amount of malware will be disguised as plug-ins, media players and other similar applications.

5.Windows 7 influencing malware development:

It will take at least two years before there is a proliferation of threats designed specifically for Windows 7. In 2010, PandaLabs began seeing a shift in this direction, and predicts that in 2011, new cases of malware targeting users of this new operating system will continue to emerge.

6.Mobile phones:

In 2011 there will be new attacks on mobile phones, but it will not be on a massive scale. Most of the existing threats target devices with Symbian, an operating system which is now on the wane. Of the emerging systems, PandaLabs predicts that the threats for Android will increase considerably throughout the year, becoming the number one mobile target for cyber-crooks.
7. Tablets:

The dominance of the iPad will start to be challenged by new competitors entering the market. Therefore PandaLabs does not believe that tablet PCs will become a major consideration for the cyber-criminals in 2011.

8. Mac:

Malware for Mac exists, and will continue to exist. And as the market share of Mac users continues to grow, the number of threats will grow. The greatest concern is the number of security holes in the Apple operating system. Developers will need to patch these holes as soon as possible, as hackers are well aware of the possibilities that these vulnerabilities offer for propagating malware.

9. HTML5:

HTML5 is the perfect target for many types of criminals and could eventually replace Flash. It can be run by browsers without any plug-ins, making it even more attractive to find a security hole that can be exploited to attack users regardless of which browser they use. PandaLabs expects to see the first attacks on HTML5 in the coming months.

10. Highly dynamic and encrypted threats:
PandaLabs expects dynamic and encrypted threats to increase in 2011. PandaLabs is receiving more and more encrypted, stealth threats designed to connect to a server and update themselves before security companies can detect them. There are also more threats that target specific users, particularly companies, as information stolen from businesses will fetch a higher price on the black market.

Related by the Econotwist’s:

• EU Institutions Hit By Major Cyber Attack
• Hackers Target The New York Stock Exchange

• NASDAQ Hackers Aimed At Corporate Bonds
• NASDAQ Comments On Hackers, Lack of Information
• FBI Initiate Worldwide Crack Down On Hackers
• Cyber Attacks Force EU to Close Emission Trading System
• Internet Nuke Bomb Ready To Blow
• Cyber Criminals Attack Critical Water, Oil and Gas Systems
• The REAL Weapon of Mass Destruction

Related Articles:

• Cyber Crimes Will Rise in Year 2011: Symantec (globalthoughtz.com)
• Cyber criminals targeting mobile devices (premierlinedirect.co.uk)
• Will Energy Facilities Be The Next Targets Of Cyber-War? (paulsparrows.wordpress.com)
• Hackers hunt prey on smartphones, Facebook (canada.com)
• Cyber criminal ambitions growing, report says (business.financialpost.com)
• Malware threats highlight commercial insurance benefits (premierlinedirect.co.uk)

Anonymous Amateurs & Script Kiddies

The underground cyber movement has drawn a lot of attention to themselves in the aftermath of WikiLeaks’ disclosure of the secret US embassy cables. In their vendetta against financial institutions who has suspended the accounts of WikiLeaks associates, they’ve managed to take down the websites of major companies like Visa, MasterCard and PayPal. Not bad for a bunch of uneducated teenager! But really; how dangerous are these people?

“A lot of these kids probably are getting into the thrill of it without having the expertise and knowledge that they’re actually committing a crime.”

Paul Sop

A cyber war? Online vandalism? A virtual sit-in? A Computerized protest? It’s not easy to find a category for the many distributed denial of service (DDoS) attacks carried out by the group Anonymous recently. But after hearing and reading what the IT experts have to say about it, I think the term vandalism is the most accurate.

That said; I also believe that parts of the group have the potential to become very real – and very dangerous – cyber soldiers at some point in time.

But right now is a loosely organized group of protesters, just as the hippies in the 60’s, or the punk rockers of the 80’s.

Little Impact

According to Panda Security, Anonymous managed to hold down PayPal’s blog and MasterCard’s main site for more than one day.

Visa and a Swiss bank had theirs sites down for several hours, but others were out for just a few minutes.

Paul Sop, CIO at the cyber security company, Protexic, says that taking down a “brochure site” has little impact on a company’s bottom line, but adds that it could have collateral damage by affecting another system.

That’s what many assumes happened to MasterCard, as their SecureCode authentication also got hit the day of the attack, according to the magazine PC Pro.

PayPal’s transaction system also went down at the same time the company’s blog was being attacked.

This damage can amount to millions of pounds, according to Paul Sop.

Not At All Sophisticated

Despite the “successful” attracts, are the methods used pretty simple, and not at all sophisticated. It is traditional bot-net command and architecture.

They are carried out by using a widespread- and very available – software called Low Orbit Ion Cannon (LOIC).

The LOIC software has been around for quite some time. But it’s has developed to become a very user-friendly piece of software that can be run from any computer.

One version even has a JavaScript based interface, equipped with drop-down menus from which you can choose a target, easier to navigate than a Windows Home Basic application.

Of course, if 10.00 people run it at the same time it can cause trouble, but hardly any severe damage.

And – of course – the security firms have this kind of activity mostly under control.

“You can actually watch when it’s used by others, giving a puppet master kind of control,” Paul Sop tells PC Pro .

This may suggest that the attackers don’t have any special hacking skills,. However, on the other hand, the LOIC programs are still evolving and the latest versions has encryption features that makes the whole thing easier to hide.

Craig Labowitz, chief scientist at Arbor Networks points out that the recent attacks, assumed to be launched by members of Anonymous, is not only DDoS attacks.

There’s a wide range of methods, and the level of complexity might vary for one to another.

A Crowd-Sourced Phenomena

This also reflects the diversity of the cyber protesters. “It’s a crowd-sourced phenomena,” Sop calls it.

“With Anonymous you have thousands of people, anyone can change the attack, the rate of the attack or the protocols they’re using,” he explains.

And this is what keeps the security experts on their toes.

Paul Sop compares it to a game of chess: When the attackers discover that a countermeasure is being launched, they change the attack.

Communication and information are shared in chat rooms.

The chat rooms are also the Anonymous weakest link because the security people easily can log into them and figure out what’s cooking.

And this seems to be a pretty effective method of prevention.

“As we were blocking their attacks, they get discouraged because a lot of these users are very young and they want that endorphin rush,” Sop says. “Annoy them enough, and eventually they lose interest and go on to something else,” he concludes.

This attack and counterattack activity has elevated the worries about a co-called cyber war.

Vandalism

Craig Labowitz characterize the Anonymous attacks as “vandalism”.

But adds: “That isn’t to say that this doesn’t pose a threat, as writers of these tools evolve, as more machines become involved.”

According to the security industry, hackers control between 40 and 60 million computers worldwide.

Several hundred thousand people have downloaded the LOIC software.

The PC Pro Magazine has also spoken with a couple of Anonymous representatives, who emphasize that they don’t speak for the whole group.

They do, however, claim that there is between 500 and 1000 member who are “highly skilled” and who have “very large bot-nets” and “a lot of experience.”

The rest are just protesters, they say.

“They are just people who stand up for what they believe in, and shouldn’t be referred to as hackers,” say one.

And the Anonymous dismiss the speculations about them trying to spark a cyber-war.

“The DDoS attacks were neither an act of so-called cyber war, or sit-in, they were more of a wake-up call to the world about the suppression off the freedom of the press,” says another Anonymous.

The Amateurs

Regardless of motivation, DDoS is illegal in most countries. So far has 3 people been arrested in the Netherlands and in Greece.

And there will likely be more arrests. Just downloading a LOIC program can give up to two years in prison. Only since the WikiLeaks turbulence started, the software has been downloaded more than 100.000 times from the sites of SurgeForce.net.

The ting is: this software do not hide IP addresses. So, it’s an easy task for Sop, Labowitz and other security people to find out who use it.

And you can be sure they’re handing the information over to the authorities.

The Script Kiddies

Anyway – there is one thing the security experts won’t mention:

Have you ever heard about “script kiddies”?

Well, it’s a slang in hacker communities for young aspiring hackers who writes basic scripts for the real ones (the criminals), who then put it together in increasingly sophisticated ways to create more and more dangerous malware.

According to my own sources in the hacker environment, there are many script kiddies amongst the Anonymous.

Mr. Sop says in the interview that the Anonymous kids probably are getting into the thrill without having the expertise and the knowledge that they’re actually committing a crime.

In other words: it seems like organized cyber criminals have started to use children to do their dirty work and carry out the testing of new components, as they at the same time are hiding their own asses.

Now, there’s the really ugly side of the story.

Related by the Econotwist’s:

• FBI Initiate Worldwide Crack Down On Hackers
• Gambling Addicted Hacker Steal 400 Billion Gaming Chips
• Cyber Attacks Force EU to Close Emission Trading System
• Internet Nuke Bomb Ready To Blow
• A Homepage For The Homeless

Related Articles:

• ‘Hacktivists’ launch second attack on Egypt (msnbc.msn.com)
• In the chatroom with the cyber guerrillas (reuters.com)
• U.K. police nab 5 Anonymous DDoS suspects (news.cnet.com)
• “TWO *REAL* GUNS POINTED AT ME”: how the FBI raided Anonymous (arstechnica.com)
• Let’s Be Careful About Calling This a Cyber-War (gigaom.com)