Security Roundup: Anonymous Attacks DOJ, RIAA Sites; Israeli-Palestinian Cyberconflict Escalates

Angered by the move by federal authorities to shut down the popular website Megaupload on charges it illegally shared movies, TV shows and e-books, hackers said to be working on behalf of the hactivist group Anonymous late yesterday launched denial-of-service attacks against a number of websites, including that of the Department of Justice (DOJ) and the Recording Industry Association of America (RIAA).

Both the DOJ and RIAA sites appeared to be back up Friday, however.

IN OTHER NEWS: Kodak: A look at the icons of an icon

About the Megaupload takedown, RIAA Chairman and CEO Cary Sherman said, “We are deeply grateful to the Justice Department professionals who worked tirelessly on this case for two years. Federal law enforcement has delivered a historic blow against one of the most notorious illegal distribution hubs in the world. The indictment outlines a sinister scheme to generate massive profits through the distribution of the stolen intellectual property of others.”

The DOJ said the indictment pertains to Megaupload.com and Vestor Limited and seven individuals: Kim Dotcom a.k.a. Kim Schmitz and Kim Tim Jim Vestor, a resident of both Hong Kong and New Zealand who the DOJ said is the leader of the criminal enterprise; and Finn Batato, Julius Bencko, Sven Echternach, Mathias Ortmann, Andrus Nomm and Bram van der Kolk, all citizens in countries across Western Europe, Slovakia and the Baltic states.

The DOJ said “Dotcom founded Megaupload Limited and is the director and sole shareholder of Vestor Limited, which has been used to hold his ownership interests in the Mega-affiliated sites.”A

Some of the accused have been arrested, while law enforcement is said to have executed more than 20 search warrants in the U.S. and eight countries, seizing about $50 million in assets and seizing servers in the U.S., Netherlands and Canada and ordering the seizure of 18 domain names associated with Megaupload.

In its story, the Washington Post notes Swizz Beatz, who is listed on some of the mega sites as the company’s chief executive, was not charged. Beatz, a musician, is married to fellow musician Alicia Keys. The Washington Post says the Megaupload site was endorsed by famous entertainers who include Kanye West, Kim Kardashian and rappers P. Diddy and Will.i.am. An attorney representing Megaupload, a Hong Kong-based company, said it wasn’t given a chance to be heard and would contest the shutdown by the U.S. government. The Post cites sources claiming Megaupload executives made more than $175 million through subscription fees and online ads while robbing authors, movie producers and producers of about $500 million.

The Post story also cites one individual, Barrett Brown, said to be a writer working on a book about Anonymous and in close contact with them, saying the hacker group not only wants to take down websites, but is also considering whether to go after members of Congress that support the Stop Online Piracy Act (SOPA). This bill has been one of the most controversial pieces of legislation ever seen in Congress as relates to intellectual property rights and the Internet and has faced widespread opposition, with Wikipedia, as just one example, this week protesting it with a black-out of the Wikipedia site.

Brown told the Post that Anonymous is “devising a new attack against members of Congress who are still endorsing the legislation,” and specifically, “We’re trying to decide if we’re going to target one Congress member first or warn them first,” and, “Another method would be to go after their donors, too.”

Israel’s big week for cyberattacks

There’s no shortage of physical violence in the long-running dispute between Israel, the Palestinians, various Arab states and whoever else wants to jump into the Middle Eastern fray from time to time. This conflict also plays out online in denial-of-service attacks, hacking attempts and so forth, and last week saw hackers across both sides taking some heavy-duty shots.

Monday, Jan. 16, denial-of-service attacks temporarily shut down the websites of the Tel Aviv Stock Exchange and El Al Airlines, according to Israeli newspaper Haaretz, which the next day reported Israeli hackers retaliated by bringing down the Saudi and UAE stock exchange websites. In the middle of this free-fire, several banks, including Bank Leumi, were said to be blocking international IP access.

Network and security firm Radware, headquartered in Tel Aviv, Israel, got a closeup look at some of this raging DDoS action since it has several customers there in the financial and government sectors. “There hasn’t been an Israeli organization tightly associated with Israel that hasn’t been attacked,” said Carl Herberger, vice president of security at Radware about the escalating DDoS attacks.

On Monday, he says, there was the sense the attacks were associated with the long-running Palestinian conflict. “it was Palestinian-oriented, not Anonymous,” says Herberger. “It was more in the epicenter of people in the Middle East.”

But by Tuesday and Wednesday, the cyberattacks “were using a different set of tools and chat channels,” says Herberger. “it was a different set of people, from all around the world.” This may be tied to Anonymous, which has been orchestrating attacks under the banner “Operation Free Palestine.”

Herberger said Radware assisted enterprise customers in “active self-defense” to determine if traffic is legitimate or not and took steps to mitigate DDoS attacks, including holding open connections identified as points of origination and blacklisting IP addresses. “We can do a lot with geolocation and IP now,” he said.

Some in Israel said they weren’t too shaken up by all this. “Beyond the initial excitement, there’s less excitement here than you might expect,” said Trusteer Chief Technology Officer Amit Klein last week in Israel. He noted most people probably weren’t personally affected by the cyber-shots fired all around.

FBI busts programmer for stealing U.S. Treasury code

The FBI said it arrested a computer programmer in New York this week and charged him with stealing proprietary software code from the Federal Reserve Bank of New York. The software known as the Government-Wide Accounting and Reporting Program (GWA) handles all manner of U.S. government financial transactions.

From the FBI: “As alleged in the complaint, between May 2011 and August 11, 2011, Bo Zhang was a contract employee assigned to the Federal Reserve Board of New York (FRBNY) to work on further developing a specific portion of the GWA’s source code which the United States has spent approximately $9.5 million to develop. In the summer of 2011, Zhang allegedly stole the GWA Code.

“According to the complaint, Zhang admitted that in July 2011, while working at the FRBNY, he checked out and copied the GWA Code onto his hard drive at the FRBNY; he subsequently copied the GWA Code onto a bank-owned external hard drive; and he connected that external hard-drive to his private office computer, his home computer, and his laptop. Zhang stated that he used the GWA Code in connection with a private business he ran training individuals in computer programming.”

“Zhang took advantage of the access that came with his trusted position to steal highly sensitive proprietary software. His intentions with regard to that software are immaterial. Stealing it and copying it threatened the security of vitally important source code,” said FBI Assistant Director in Charge Janice Fedarcyk in a statement.

Researchers expose flaws in popular industrial control systems

Researchers showcased unpatched security flaws in software used to control critical industrial systems by oil, gas, water and electrical distribution plants at the 2012 SCADA Security Scientific Symposium (S4) this week. The vulnerabilities ranged from information disclosure and privilege escalation bugs to remote DoS and arbitrary code execution flaws.

The research team, which included Reid Wightman, Dillon Beresford, Jacob Kitchel, RubA(c)n Santamarta and two other researchers who chose to remain anonymous, worked as part of a project called Basecamp that was sponsored by industrial control systems (ICS) security firm Digital Bond. The tested products were Control Microsystems’ SCADAPack, the General Electric D20ME, the Koyo / Direct LOGIC H4-ES, Rockwell Automation’s ControlLogix and MicroLogix, the Schneider Electric Modicon Quantum and Schweitzer’s SEL-2032.

And in other news …

– Online shoe and apparel retailer Zappos acknowledged its networks was hacked and information about as many as 24 million of its customers stolen. As part of its security response, it eliminated its customers’ existing passwords to the site, putting them in the position to have to reset. It also temporarily stopped 800-number phone service, redeploying service representatives to answer customer email. Was this a smart move? This story examines customer and analyst reactions to it all.

– The “bring your own device” phenomenon in business is leading to new changes in how IT departments will manage and secure employee-owned smartphones and tablets. But can BYOD save companies money? That’s a question we examine in our story here.

– Former Citrix Chief Technology Officer Simon Crosby talks about how “smarter hypervisor use can lead to a big, big change in security.”

– There’s a new Facebook attack that targets e-cash users, and you can find out about it here.

– RSA, in further offering up detail about the infamous SecurID breach of last year, claims not to have lost a single customer because of it. Editor Tim Greene last week visited with RSA executives who describe the consequences of that attack, ascribed to an unnamed “nation-state.”

– Anybody want an IT security job? Security analyst Jon Oltsik explains how bad the shortage of workers with good IT security skills really is.

Read more about wide area network in Network World’s Wide Area Network section.