hijacking
Latest
Intel's Tiger Lake processors will feature on-chip malware protections
Intel has a new way to defend against malware threats.
Man goes to prison for attempting to hijack web domain at gunpoint
Internet domains are becoming increasingly desirable, especially as the web becomes crowded and it becomes harder to find memorable addresses. However, one man unfortunately took this to a violent extreme. Iowa resident Sherman Hopkins Jr. has been sentenced to 20 years in federal prison for attempting to steal control of doitforstate.com (which doesn't currently point anywhere) in an armed robbery.
Major ISPs agree to FCC's code of conduct on botnets, DNS attacks
The FCC's campaign to secure the internet gained new momentum last week, when a group of major ISPs signed on to a new code of conduct aimed at mitigating cybercrime. Adopted by the FCC's Communications, Security, Reliability and Interoperability Council (CSRIC), the new code targets three main security threats: botnets, DNS attacks and internet route hijacking. The Anti-Bot Code of Conduct invites ISPs to adopt sharper detection methods, and to notify and assist consumers whenever their computers are infected. The DNS code, meanwhile, offers a list of best practices by which ISPs can tighten security. Though it doesn't call for a full adoption of DNSSEC technology, the guidelines do represent a "first step" toward implementation, allowing web users to verify the authenticity of their online destinations. As for internet route attacks, the CSRIC calls for a similarly collective approach, asking ISPs to collaborate on new technologies within an industry-wide framework. In a statement, FCC chairman Julius Genachowski said that these practices "identify smart, practical, voluntary solutions that will materially improve the cyber security of commercial networks and bolster the broader endeavors of our federal partners." The industry apparently agrees, as heavyweights like AT&T, CenturyLink, Comcast, Cox, Sprint, Time Warner Cable, T-Mobile and Verizon have already signed on. For the FCC's full statement, check out the source link below.
Google admits sensitive email accounts have been hacked, some users knew months ago (update: US says no government accounts compromised)
The Contagio security blog posted evidence back in February of targeted attacks against government and military officials on Gmail. Today, nearly four months later, Google has finally admitted this is true: hundreds of personal accounts have been compromised by hackers it believes to be working out of Jinan, the capital of China's Shandong province. The accounts include those of "senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists." The hijackers' aim appears to have been to spy on their targets using Google's automatic forwarding function. But unlike the PSN fiasco, Google insists its internal systems "have not been affected." Instead it seems the hackers used a phishing scam, possibly directing users to a spoof Gmail website before requesting their credentials. Google says its own "abuse detection systems" disrupted the campaign -- but in a footnote right down at the bottom of their official blog page they also credit Contagio and user reports. Update: And in comes China's response, courtesy of Foreign Ministry spokesman, Hong Lei. "Allegations that the Chinese government supports hacking activities are completely unfounded and made with ulterior motives." Ok then, that settles that. Update 2: And the saga continues... According to an AP story published earlier today, the Obama administration has stated that the FBI is looking into allegations that hackers broke into Google's email system, but denied that any official government accounts were compromised. A White House spokesman went on to say that government employees are free to use Gmail for personal purposes, and can not be sure who in the administration might have been affected by the attack. Let's just hope they know how to leave the sensitive stuff at the office.
Europeans working on anti-hijacking software
Even though air travel has gotten marginally safer since the tragedies of 9/11 -- thanks in part to fortified cockpits, increased air marshal presence, and a ban on toenail clippers -- it still doesn't seem impossible for a group of determined individuals to hijack a plane and turn it into a deadly missile. And should such a suicide-style attack happen again, the only surefire way of protecting targets on the ground would seem to be shooting the plane out of the air -- a nightmare scenario that no one wants to see. Well, soon airlines may have another, much safer option at their disposal in the form of a software platform being developed by a consortium of 30-odd European businesses and research institutes that would make an aircraft's systems completely unusable in the event of a cockpit breach -- control of the plane would be passed to officials on the ground -- even if one of the hijackers was among the 1337est of hackers. The $45 million program is being spearheaded by Airbus (already big fans of auto-pilot), Siemens, and the Technical University of Munich, with the first results of the collaboration scheduled to be revealed at an October conference in the UK. Here's to hoping that the group comes up with a working solution sooner rather than later, because this is one technology that just can't be deployed quickly enough.
