You are currently browsing the biTs of M.E. posts tagged: notas


On Intrusion Forensics

A piece on the difficulty of monitoring intrusion events, particularly those that tamper with source code.

January 20, 2010

Fearing Hackers Who Leave No Trace

MOUNTAIN VIEW, Calif. — The crown jewels of GoogleCisco Systems or any other technology company are the millions of lines of programming instructions, known as source code, that make its products run.

If hackers could steal those key instructions and copy them, they could easily dull the company’s competitive edge in the marketplace. More insidiously, if attackers were able to make subtle, undetected changes to that code, they could essentially give themselves secret access to everything the company and its customers did with the software.

http://www.nytimes.com/2010/01/20/technology/20code.html?scp=2&sq;=computer%20hackers&st;=Search

Challenges of Military vs. Civilian Safegaurds Against Intrusion

Challenges that arise when sorting out whether a system intrusion event is rooted in general criminal activity or an structured military offensive effort…

http://www.nytimes.com/2010/01/26/world/26cyber.html?pagewanted=print

January 26, 2010
CYBERWAR

In Digital Combat, U.S. Finds No Easy Deterrent

This article was reported by John Markoff, David E. Sanger and Thom Shanker, and written by Mr. Sanger.
WASHINGTON — On a Monday morning earlier this month, top Pentagon leaders gathered to simulate how they would respond to a sophisticated cyberattack aimed at paralyzing the nation’s power grids, its communications systems or its financial networks.
The results were dispiriting. The enemy had all the advantages: stealth, anonymity and unpredictability. No one could pinpoint the country from which the attack came, so there was no effective way to deter further damage by threatening retaliation. What’s more, the military commanders noted that they even lacked the legal authority to respond — especially because it was never clear if the attack was an act of vandalism, an attempt at commercial theft or a state-sponsored effort to cripple the United States, perhaps as a prelude to a conventional war.
What some participants in the simulation knew — and others did not — was that a version of their nightmare had just played out in real life, not at the Pentagon where they were meeting, but in the far less formal war rooms at Google Inc. Computers at Google and more than 30 other companies had been penetrated, and Google’s software engineers quickly tracked the source of the attack to seven servers in Taiwan, with footprints back to the Chinese mainland.


Endless War Against Intrusion

This article encapsulates many of the issues facing corporate network admins in their endless quest to protect systems.

January 18, 2010

Companies Fight Endless War Against Computer Attacks

The recent computer attacks on the mighty Google left every corporate network in the world looking a little less safe.

http://www.nytimes.com/2010/01/18/technology/internet/18defend.html