Tag Archive for: Engineers

At least 1,000 engineers worked on supply chain hack, tech exec says — GCN

/in


network monitoring (nmedia/Shutterstock.com)

At least 1,000 engineers worked on supply chain hack, tech exec says

  • By Justin Katz
  • Feb 24, 2021

The scope and scale of the SolarWinds supply chain hack was made plain by Microsoft President Brad Smith when he told senators that the company estimates the breach likely took “at least a thousand” skilled and capable people to pull off.

The hack leveraged flaws in IT management software from SolarWinds and products from other vendors to inject malware into computer networks, and has affected nine federal agencies and 100 private companies. Microsoft analyzed all of the engineering required for the attack and determined it took the work of “at least a thousand very skilled, capable engineers. So we haven’t seen this kind of sophistication matched with this kind of scale,” Smith told the Senate Select Committee on Intelligence.

Many private- and public-sector cybersecurity experts have laid the blame for the attack at Russia’s feet.

“We went through all the forensics. It is not very consistent with cyber espionage from China, North Korea or Iran, and is most consistent with cyber espionage and behaviors we’ve seen out of Russia,” Kevin Mandia, CEO of FireEye, said at the Feb. 23 hearing.

George Kurtz, president and CEO of Crowdstrike, added that while his company could not corroborate an attribution to Russia, he has not seen evidence to contradict it.

The White House has continued to say the campaign is “likely Russian in origin,” but is waiting to complete a formal investigation before using more specific language. FireEye, which is credited with discovering the initial breach, has been more cautious, saying that the hack was likely the work of a state or state-sponsored actor.

Gregory Touhill, the federal government’s first chief information security officer and a retired Air Force brigadier general, said in January that formal attribution requires a level of proof that can stand up in court.

“When it comes to attribution, what the intelligence and law enforcement community has to do is …literally trace it all…

Source…

Engineers design transistor that disguises key computer chip hardware from hackers

/in


A hacker can reproduce a circuit on a chip by discovering what key transistors are doing in a circuit – but not if the transistor “type” is undetectable.

transistor types

Purdue University photo/John Underwood

Purdue University engineers have demonstrated a way to disguise which transistor is which by building them out of a sheet-like material called black phosphorus. This built-in security measure would prevent hackers from getting enough information about the circuit to reverse engineer it.

Reverse engineering chips is a common practice – both for hackers and companies investigating intellectual property infringement. Researchers also are developing x-ray imaging techniques that wouldn’t require actually touching a chip to reverse engineer it.

The approach that Purdue researchers have demonstrated would increase security on a more fundamental level. How chip manufacturers choose to make this transistor design compatible with their processes would determine the availability of this level of security.

How to fool a hacker?

A chip computes using millions of transistors in a circuit. When a voltage is applied, two distinct types of transistors – an N type and a P type – perform a computation. Replicating the chip would begin with identifying these transistors.

“These two transistor types are key since they do different things in a circuit. They are at the heart of everything that happens on all our chips,” said Joerg Appenzeller, Purdue’s Barry M. and Patricia L. Epstein Professor of Electrical and Computer Engineering.

“But because they are distinctly different, the right tools could clearly identify them – allowing you to go backwards, find out what each individual circuit component is doing and then reproduce the chip.”

If these two transistor types appeared identical upon inspection, a hacker wouldn’t be able to reproduce a chip by reverse engineering the circuit.

Appenzeller’s team showed in their study that camouflaging the transistors by fabricating them from a material such as black phosphorus makes it impossible to know which transistor is which. When a voltage toggles the transistors’ type, they appear exactly the same to a hacker.

Building a…

Source…

Navy Cyber Warfare Engineers Share Professional Experiences, Perspectives at SAS 2018

/in

  1. Navy Cyber Warfare Engineers Share Professional Experiences, Perspectives at SAS 2018  DVIDS (press release)

  2. New threats mean new training for the Navy  C4ISRNet

    3. Full coverage

cyber warfare news – read more

Interop: 12 killer (and free) tools for network engineers

/in

LAS VEGAS — Visibility is key to troubleshooting network woes, but getting such access can be expensive. To help out, a veteran networking pro shared with attendees of the Interop conference in Las Vegas his list of a dozen mostly free “killer” tools.

mike pennacchi

Network Protocol Specialists owner Mike Pennacchi: Free tools can be customized to fit your needs

“There are commercial tools that do most of these functions,” says Mike Pennacchi, owner and lead network analyst at Network Protocol Specialists. “If you don’t have any budget, this gives you the tools without spending a lot of money.”

To read this article in full or to leave a comment, please click here

Network World Tim Greene