Monthly Archives: January 2010

Cyber War

To most in the security industry these words bring to mind attack and defense of the electronic communications and control of military assets and sensitive government institutions and information. Government vs. government. The US government recognizes this as a developing threat and has undertaken steps to prepare for possible cyber war scenarios. But recent press coverage has been filled with what can be best described as a cyber war between a foreign government and a US commercial business – China and Google. Google’s belief it has the right to do business as it sees fit has come into conflict with a government that does not share this view and apparently has taken action. Most hacking incidents we read about involve criminal activity and easily understood motives – money. Businesses understand this too and are diligent to prevent and minimize this. There are means (at times) to legally redress criminal breaches, minimize and recoup losses – but what of this incident? As large and savvy as Google appears as a business they seem to be on their own against an even larger and capable foreign government and the vast resources it can bring to bear in the electronic arena. A frightening position indeed. Who does Google turn to and for what result? Is this the opening shot of ever increasing and blatant ideological (based on national interests) ‘hacktivism’ by governments as they take action not against governments, but the business and economic assets of countries with differing views?

Do you accept the definition of cyber war presented here? How would you define and what would you call the recent exchange between China and Google? Cyber war to me seems a little extreme and hacktivism a little light.

Google attacked
http://www.npr.org/templates/story/story.php?storyId=122703950

Yahoo and others too?
http://www.bloomberg.com/apps/news?pid=20601204&sid=aRCof4o1aj5Y

Law firm a victim
http://www.securityfocus.com/brief/1062

China’s position
http://www.reuters.com/article/idUSTRE60D0CA20100114

Hacktivism
http://www.sophos.com/blogs/gc/g/2010/01/12/baidu-chinas-largest-search-engine-defaced-iranian-cyber-army/

US Cyber Command
http://www.defense.gov/news/newsarticle.aspx?id=54890

The need for increased security awareness in small to medium business in 2010.

The holidays are over, time to focus on the new year ahead. For some the holidays provide a little more time – as others are busy preparing for the holidays – to research, review and ‘catch up’ on security news and trends from around the industry.
I have always been an advocate for security awareness in the small to medium business (SMB) space. Working in this field I have come to understand the balance between equipment and resources cost and the margins which SMB’s operate within to remain viable. Calls for increasing security can appear to negatively impact this balance. Unfortunately the SMB space is becoming an increasingly popular target for internet criminals as witnessed by these two recent articles.

http://www.krebsonsecurity.com/2010/01/fbi-investigating-theft-of-500000-from-ny-school-district/

http://www.wired.com/threatlevel/2009/12/feds-warn-small-businesses/

Although the targets here were school districts one can easily see the correlation to the SMB space when thinking of resources available and operational processes within an organization. How long would it take for an SMB to notice that the transfer or payment of funds was not proper and then correct it? How much can they afford not to recover? As noted in one article the red flag was raised by the bank and not the customer! One wonders how many SMB’s would receive the same amount of diligence from their banking institutions.

So how does this tie in with VoIP security? Even in these tight economic times unified communications has continued to increase in deployments due in part to operational improvements and cost reduction promises. Growth in UC deployment means increased deployments of SIP trunking and SIP trunking usually means port 5060 is open in your firewall and network. Now we see that this open port can possibly be used as a probe point to other servers and services within the network through the firewall. Its time for SMB’s to think of more than just a firewall and anti-virus (as most SMB’s do) as protection enough from threats.

http://www.theregister.co.uk/2010/01/06/web_based_firewall_attack/

We can understand the criminal intent to go for the ‘big score’ (against the big institutions) but these attacks should remind all to never underestimate the lure of easy cash wherever it may be or whatever the amount – never think your business is ‘not large enough’ to be a target. It’s not the size of the prize but the ease of exploitation that makes you a target.

Growth of SIP trunking:
http://www.infonetics.com/newsletters/newsletter-CRS-Enterprise-Voice-SIP-Trunking-Survey-102709.html

Shodan: Computer Search Engine and VoIP Devices

Most of us are familiar with the information disclosure risks associated with devices like phones and ATAs on the Internet, and this has been mentioned in presentations like Endler/Collier at BlackHat in 2006. However, the recent emergence of Shodan significantly raises the exposure of these devices, especially embedded systems.

Shodan bills itself as a “Computer Search Engine” and some folks have raised questions about the impact, ethics, etc. So far, Shodan has remained under-the-radar, but I expect we’ll see more coverage and questioning of what value-add this service provides to security efforts.

A few simple searches of Shodan will provide the reader more insight of the capabilities of this service. Bear in mind that searches can get much more specific. Also, Shodan is growing, and it’s worth re-visiting the site to gain better perspective of updates.

Example searches:

1. VOIP — http://shodan.surtri.com/?q=voip
2. Nortel — http://shodan.surtri.com/?q=nortel
3. Mitel — http://shodan.surtri.com/?q=mitel
4. .mil — http://shodan.surtri.com/?q=.mil
5. SCADA — http://shodan.surtri.com/?q=scada