THE WORLD OF MALWARE : then and now.

Malware attacks has a history and the truth is that it has come to stay or even more viral and harmful with the technology development and outbreak of internet.

The  414s of the  80s: name derived from the area code of the perpetrators  in US (Milwaukee, Wisconsin) A typical case malware attack back in the 80s was that of the  US high-school  hackers who hacked into the  Digital Eguipment Corporation  with the motive of having fun, categorized as ....... by Kaido, but they broke into Digital Eguipment Corporation VMS operating system causing damage worth 1,500usd with the aid of personal computers  and simple hacking techniques leverage on common /default passwords by deleting the corporation billing records

Need to say that most of the hackers were not persecuted but they only agreed to stop their potentially harmful activities. The Duo prosecuted(Wondra  and co.) were based on harassing calls that followed their hacking. I would say this case was a true picture of the legislation crawling to meet up with technology as the computer crime legislations were passed after the case by the legislators.

Visit http://www.washingtonpost.com/wp-dyn/articles/A50636-2002Jun26_2.html

And https://en.wikipedia.org/wiki/The_414s for details

As opposed to individuality or group of young hackers approach with the primary motive of fun seen in the above case, malware attack has today turned into  political weapon in the hand of the world superpowers, a recent case as revealed by Edwards Snowden  is that of  US and UK using malware as a tool to for power  uphold (politically and business wise.  Hacking which was initially for fun has today been converted for spy and surveillance in the quest for national supremacy. This was done by NSA hacking not only the likes of Facebook, Microsoft and other international conglomerates but also by hacking US rival countries such as Russia and China among others.

Visit www.bbc.com/news/world-us-canada-23123964 for more details

Comments:

Malware attack has evolve from stage of individualistic to national weapon.

From no gain motive to business motive.

But the fact is that it has always been supremacy driven, among individuals, business and nations.

My question is, can malware attack as national tools of destruction be regulated as recorded in the case of 414s?  Or has this come to stay to replace physical(traditional  international war)? May be time will tell.

As  summarised by the following souce, world of malware has evolved as shown below:

• Hackerly exploration (“What's in there?”)
• Clueless experimentation (“What happens if”)
• Expression of frustration (“I'll show you all!”)
• Expression of politics (“Free X or suffer!”)
• Malware as a weapon
• Malware as a business model 

(Source:https://beta.wikiversity.org/wiki/Security_and_Privacy_in_a_Networked_World/The_World_of_Malware)

PUBLISHED CASE OF CYBERWAR

US VERSUS CHINA AN “EXPOSE” BY EDWARD SNOWDEN  , REPORTED as “Tsinghua`s hub role made its target for NSA”  This article appeared in the South China Morning Post print edition

To confirm the whistleblowing act of Edward Snowden on  US hacking Chinese university and servers, Prof Xu Ke, deputy director of Computer Networks at t Tsinghua University explained that data passing  through their network backbones were not encrypted but that the data would have no use for individuals mining or spying it but might be of great use for countries and organisations.

Snowden revealed how US NSA are spying on China and Hong Kong, it was mind blowing to have this coming from a 29 years old ex employee of Central Intelligence Agency, could it be he is frustrated by the system, or he is under an intoxication or probably because he wants fame, or that he truly meant to save the Victims of US cyberwarfare out of good heart? This is a question i don't have an answer to.

I was revealed in this report that US spied not only on the Chinese university being the home of Hong Kong Internet Exchange but also on the Telecommunication players in china to have access to the SMS and other data needed by them .

It was surprising to know that about 63 computers  and servers of the Chinese university were attacked in  a single day in January 2013. Another area that need clarification is the answer to the question on WHY is US doing these? May to keep firm grip of the  world power ego?. May be the real answer lie in what actually NSA is looking for in terms of data. I believe if there is answer to what exactly the data they need are , then, we can answer the why question.

For details visit the links below.

Also what will be the fate of Snowden as he has breached confidentiality?

Sources:

http://www.scmp.com/news/china/article/1266892/exclusive-nsa-targeted-chinas-tsinghua-university-extensive-hacking

http://www.forbes.com/2010/03/03/jeffrey-carr-internet-technology-security10-cyberwar.html

Social Engineering case of Amy Gaf Young and Jabber on FACEBOOK

The case below was a story of how social engineers work on their victims emotions to defraud them.

Amy chatted her cousin up with nice introduction, the normal greeting, but smartly change the tune of the conversation that  that she was stranded in London with her mum as they have been rubbed off their cell phones and  credit cards. In essence, they need help.

But  Amy  the scamer sent a wrong signal to the supposed victim  when the chat reads He instead of SHE.  And also that HE traveled with his WIFE and KIDS, while the real Amy is a girl not married , without kids. Error! Huh?

The situation warrant that Jabber should be emotional and start panicking and immediately swinging into action to save the lives of dear ones. He however was calm and sensitive enough to notice the gender interchange and also that his Mum hardly travel without his knowledge.

Without hesitation, he scattered the conversation by letting the scamer knows that his plot was not well planned that the cousin is a lady without kids not a Male and without kids as contrary to the scamer`s claims.

Source: http://www.jasoncupp.com/2010/03/facebook-chat-scam-asking-for-money-urgent/

Personal Comment.

Lesson from this is that it can save us the pain inflicted by scamers if the supposed victims can be calm and sensitive enough to notice where to fault the claims of the scamers.

Different cases of scamers versus victims (social engineering) always have gaps for careful, non emotional and most times greedy prey  to know  predators plan to strike but majority of the victims are being overruled by emotions and  greed.

Imaging if Jabber  had given in to the plot without careful analysis of the messages from the scamers, he would have at least thousands of Dollars to save families that never exist.

Social engineering is full of deception but most successful cases showed that the victims could have averted it, only if, they could control their emotions and greed

SOCIAL ENGINEERING

Social Engineering involves using non technical skills  or methods to have access to computer users information enough to cause damage, meaning social engineers could be likened to criminals whose major vision is to leverage on human weaknesses to strike. The tool required by social engineer is ASKING ASKING ASKING, No wonder the statement „“Instead of a Motto:“ You only have to ask“.

So in social engineering,  information about people are  gathered without  the use of technology.

As computer users in a networked world, it is important to know the techniques used by the Social Engineers to avoid falling victim because its a world of deception to gain undue advantage.

It is  world of little things counts for me when talking of Security and Privacy in this context, a world  where any action or inaction can be used against you in the future even immediately.

For example out of ignorance, a sticky paper used to  retrieve my lost account details such as password and username  not properly kept or trashed i the bin can sell me out and later be  used to wipe my hard earn money? Scary i thing? But it is true, it is a similar to a social engineering techniques called DUMPSTER DIVING.

May be to some computer users, the DUMPSTER DIVING technique for them is no tricky, but TAILGATING is also a disguise that any corporation can fall for, imagine a well suited fresh guy with fake invitation to a business or town hall meeting of a bank executives to discuss critical issues on the bank.  After having undue access to the information needed without carrying gun, the after effect could be bankruptcy.  Social engineering still all about deceit or robbing without carrying weapon.

SHOULDER STUFFING is another technique used by social engineers, remember that we are in a world of everybody turning into freelance journalist  with our mobile smartphones,  the same way social engineers could get  a snapshot of our abandoned Facebook page or even email box for vital information .  Imaging sleeping when already logged in to check account balance with Pin code card and other account details exposed in a room of social engineer, a glance or peep could be dangerous here.

The question is who is saved from the attack of social engineers? In a word, i will answer NOBODY, but some measures could be used to prevent falling victim

The simple answer or way to prevent being a victim is AWARENESS, computer users in a networked world needs to be aware that safety in this context depends on their actions or in-actions,  act they should know which data if leaked could sell them out and prevent it from leaking. Using Shredders to shred papers is awesome, CCTV in an apartment is cool and may be, covering our PCs with clothes when we need to log on with sensitive passwords and username to our internet bank is the way to go like Edward Snowden.

But the statement below has the most paramount message to prevent us being a victim of social engineers: Using the words of Confucius, "Education breeds confidence, confidence breeds hope and hope breeds peace", for peace or something related to peace in a networked world, security and privacy education  and training is a great tool for computer users.

Sources :

http://www.csoonline.com/article/2124681/security-awareness/social-engineering-the-basics.html

https://beta.wikiversity.org/wiki/Security_and_Privacy_in_a_Networked_World/