We’ve all grown quite used to the idea of botnets stowing away on PCs out there on the Internet, spamming us from hacked inboxes in unknown places. Now, botnets are going mobile. Microsoft researcher Terry Zink says he’s discovered evidence that an illegal botnet has hijacked smartphones running Google’s Android operating system and used them to send spam from users’ Yahoo email accounts.
You know those completely implausible, unbelievably over-the-top scam emails spelling out some overwrought story about a deceased Nigerian prince, his massive fortune, and the lawyer (esquire, really) who needs your help to transfer the funds out of the country before they are seized by the government? One Microsoft researcher thinks these stories are unbelievable on purpose. Implausible stories drive away all but the most gullible recipients, he argues.
China and the U.S. are playing pretend war to vent their mutual frustrations and avoid a real one, according to a report by the Guardian. The State and Defense departments participated in two hypothetical-conflict sessions last year, and another round is planned for May. The war games were designed to prevent a “sudden military escalation” amid burgeoning anger in Washington over cyber attacks that the U.S. says are originating in China.
This NASA hack story keeps getting worse and worse. We knew that NASA had been the target of a handful off attempted cyber attacks last year, but in testimony before the U.S. House Committee on Science, Space, and Technology over the last week, we're getting the details straight from Paul Martin, NASA's inspector general. NASA was targeted 47 times last year and 13 of those hacks were successful, at various points handing hackers "full functional control" of critical NASA networks. At one point the agency even lost the keys to the International Space Station.
This week’s big cyber news comes packing quite a headline: More than four million PCs have been infected by a malicious program known as TDL-4, a botnet that is so sneaky, so evasive, so hard to detect and disinfect that it is “practically indestructible.” That quote comes courtesy of security researchers Sergey Golovanov and Igor Soumenkov of Kaspersky Labs, a cyber security firm and maker of anti-virus software. It’s a scary thought: a botnet so sophisticated that it can’t be detected and dismantled. But is it true?
Today in cyber threats: more than four million Windows PCs have been commandeered by a botnet that cybersecurity experts are calling nearly “indestructible.” Known as TDL-4 (it’s the fourth iteration of the malicious program), this particular little nuisance hides in places security software rarely checks and speaks with other infected machines and their overseers in a novel encrypted code. Some are calling it the most sophisticated threat out there today. Watch your back, Stuxnet.
The national laboratory that may or may not have played a supporting role in the Stuxnet cyberattack on Iran’s nuclear facilities has been hacked, officials said yesterday, and facility-wide Internet access was cut Friday to stop data from flowing out of the lab. Oak Ridge National Laboratory, located in Tennessee, only lost a few megabytes of data. But it’s unclear what data was stolen, and even less clear where it went.
The Stuxnet worm has generated plenty of commentary from computer industry experts and security pundits, but yesterday the U.S. government’s senior cybersecurity expert at the Department of Homeland Security weighed in, calling the malicious program a “game changer” in cyber warfare. The head of the DHS’s Cybersecurity Center, Sean McGurk, made the statement to the Senate Homeland Security Committee Wednesday.
For about 18 minutes in April, a Chinese telecommunications company hijacked 15 percent of the Internet, redirecting U.S. government and military traffic through Chinese servers. The misdirection affected NASA, all four branches of the military, the office of the Secretary of Defense and the U.S. Senate.
The sophisticated computer worm called Stuxnet, which has been targeting industrial operations around the world, was likely designed to take out Iran’s new Bushehr nuclear reactor, cybersecurity experts say. It’s the first known cyber-super-weapon designed to destroy a real-world target, reports the Christian Science Monitor.