Tag: Observations

OODA Loop – Joseph Menn: Observations From Two Decades Of Tech Journalism

October 1, 2022/in Computer Security

Covering technology issues, and specifically cybersecurity as a journalist is a tough endeavor. Some of these technologies are complex as are the security vulnerabilities often inherent in their deployment and making these topics broadly accessible can be a challenge. Many of the underlying issues touch upon national security and civil liberties creating an interesting nexus that must be highlighted in the proper context. Lastly, it can be a challenge to create trusted relationships with the hacker community, but they provide essential perspectives and leads.

Joseph Menn has established himself as one of the top journalists covering these issues for over two decades at organizations like the Financial Times, Los Angeles Times, Bloomberg, Reuters, and now at the Washington Post. He’s spoken at conferences like Black Hat, Def Con, and RSA. He’s written three books covering topics like Napster, cybercrime, and most recently the infamous hacker group cDC in his book “Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World”.

In the OODAcast, Joseph provides insights from his career as a journalist covering technology and cybersecurity. We explore how he first got involved with Def Con Black Hat and the value of attending the events. Joseph discusses how he first got introduced to the cDC and why he decided to write a book about the group and developed an overall positive outlook in the critical role hackers will play in saving the world.

Official Bio:

Joseph Menn joined The Washington Post in 2022 where he specializes in computer security, hacking, privacy and surveillance. He has perhaps the longest running track record among professional journalists covering cyber security and cyber conflict issues, having over two decades of experience on the topic. Prior to the Washington Post he covered cybersecurity and technology for Reuters, the Financial Times and the Los Angeles Times

His books include “Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World” (2019) and “Fatal System Error: The Hunt for the New Crime Lords who are Bringing Down the Internet” (2010).

Podcast Version:

External Links:

Cult of the Dead Cow book

Source…

Observations on Resolver Behavior During DNS Outages

January 21, 2022/in Internet Security

When an outage affects a component of the internet infrastructure, there can often be downstream ripple effects affecting other components or services, either directly or indirectly. We would like to share our observations of this impact in the case of two recent such outages, measured at various levels of the DNS hierarchy, and discuss the resultant increase in query volume due to the behavior of recursive resolvers.

During the beginning of October 2021, the internet saw two significant outages, affecting Facebook’s services and the .club top level domain, both of which did not properly resolve for a period of time. Throughout these outages, Verisign and other DNS operators reported significant increases in query volume. We provided consistent responses throughout, with the correct delegation data pointing to the correct nameservers.

While these higher query rates do not impact Verisign’s ability to respond, they raise a broader operational question—whether the repeated nature of these queries, indicative of a lack of negative caching, might potentially be mistaken for a denial-of-service attack.

Facebook

On Oct. 4, 2021, Facebook experienced a widespread outage, lasting nearly six hours. During this time most of its systems were unreachable, including those that provide Facebook’s DNS service. The outage impacted facebook.com, instagram.com, whatsapp.net and other domain names.

Under normal conditions, the .com and .net authoritative name servers answer about 7,000 queries per second in total for the three domain names previously mentioned. During this particular outage, however, query rates for these domain names reached upwards of 900,000 queries per second (an increase of more than 100x), as shown in Figure 1 below.

Figure 1: Rate of DNS queries for Facebook’s domain names during the 10/4/21 outage.

During this outage, recursive name servers received no response from Facebook’s name servers—instead, those queries timed out. In situations such as this, recursive name servers generally return a SERVFAIL or “server failure” response, presented to end users as a “this site can’t be reached” error.

Figure 1 shows an increasing query…

Source…

The Sunburst hack was massive and devastating — 5 observations from a cybersecurity expert

January 4, 2021/in Computer Security

So much remains unknown about what is now being called the Sunburst hack, the cyberattack against U.S. government agencies and corporations. U.S. officials widely believe that Russian state-sponsored hackers are responsible.

The attack gave the perpetrators access to numerous key American business and government organizations. The immediate effects will be difficult to judge, and a complete accounting of the damage is unlikely. However, the nature of the affected organizations alone makes it clear that this is perhaps the most consequential cyberattack against the U.S. to date.

An act of cyberwar is usually not like a bomb, which causes immediate, well-understood damage. Rather, it is more like a cancer — it’s slow to detect, difficult to eradicate, and it causes ongoing and significant damage over a long period of time. Here are five points that cybersecurity experts — the oncologists in the cancer analogy — can make with what’s known so far.

1. The victims were tough nuts to crack

From top-tier cybersecurity firm FireEye to the U.S. Treasury, Microsoft, Intel and many other organizations, the victims of the attack are for the most part firms with comprehensive cybersecurity practices. The list of organizations that use the compromised software includes firms like MasterCard, Lockheed Martin and PricewaterhouseCoopers. SolarWinds estimates about 18,000 firms were affected.

As CEO of cybersecurity firm Cyber Reconnaissance Inc. and an associate professor of computer science at Arizona State University, I have met security professionals from many of the targeted organizations. Many of the organizations have world-class cybersecurity teams. These are some of the hardest targets to hit in corporate America. The victims of Sunburst were specifically targeted, likely with a primary focus on intelligence gathering.

2. This was almost certainly the work of a nation — not criminals

Criminal hackers focus on near-term financial gain. They use techniques like ransomware to extort money from their victims, steal financial information, and harvest computing resources for activities like sending spam emails or mining for cryptocurrency.

Criminal hackers exploit well-known security…

Source…

The Sunburst hack was massive and devastating – 5 observations from a cybersecurity expert | Opinion

December 31, 2020/in Computer Security

Paulo Shakarian, Arizona State University

So much remains unknown about what is now being called the Sunburst hack, the cyberattack against U.S. government agencies and corporations. U.S. officials widely believe that Russian state-sponsored hackers are responsible.

The attack gave the perpetrators access to numerous key American business and government organizations. The immediate effects will be difficult to judge, and a complete accounting of the damage is unlikely. However, the nature of the affected organizations alone makes it clear that this is perhaps the most consequential cyberattack against the U.S. to date.

An act of cyberwar is usually not like a bomb, which causes immediate, well-understood damage. Rather, it is more like a cancer – it’s slow to detect, difficult to eradicate, and it causes ongoing and significant damage over a long period of time. Here are five points that cybersecurity experts – the oncologists in the cancer analogy – can make with what’s known so far.

1. The victims were tough nuts to crack

From top-tier cybersecurity firm FireEye to the U.S. Treasury, Microsoft, Intel and many other organizations, the victims of the attack are for the most part firms with comprehensive cybersecurity practices. The list of organizations that use the compromised software includes firms like MasterCard, Lockheed Martin and PricewaterhouseCoopers. SolarWinds estimates about 18,000 firms were affected.

As CEO of cybersecurity firm Cyber Reconnaissance Inc. and an associate professor of computer science at Arizona State University, I have met security professionals from many of the targeted organizations. Many of the organizations have world-class cybersecurity teams. These are some of the hardest targets to hit in corporate America. The victims of Sunburst were specifically targeted, likely with a primary focus on intelligence gathering.

2. This was almost certainly the work of a nation – not criminals

Criminal hackers focus on near-term financial gain. They use techniques like ransomware to extort money from their victims, steal financial information, and harvest computing resources for activities like sending spam emails or mining for…

Source…

Tag Archive for: Observations

Facebook

1. The victims were tough nuts to crack

2. This was almost certainly the work of a nation – not criminals