We’ve all grown quite used to the idea of botnets stowing away on PCs out there on the Internet, spamming us from hacked inboxes in unknown places. Now, botnets are going mobile. Microsoft researcher Terry Zink says he’s discovered evidence that an illegal botnet has hijacked smartphones running Google’s Android operating system and used them to send spam from users’ Yahoo email accounts.
As you logged in to write a comment this morning, think about where your smartphone was sitting. Was it next to your keyboard, where you could ensure you didn’t miss any notifications? If so, your phone could track everything you wrote. It could use the accelerometer to detect keyboard vibrations, deciphering every word of your insightful anonymous commentary. A hacker could conceivably use it to find out everything you write, with up to 80 percent accuracy, researchers say.
This week’s big cyber news comes packing quite a headline: More than four million PCs have been infected by a malicious program known as TDL-4, a botnet that is so sneaky, so evasive, so hard to detect and disinfect that it is “practically indestructible.” That quote comes courtesy of security researchers Sergey Golovanov and Igor Soumenkov of Kaspersky Labs, a cyber security firm and maker of anti-virus software. It’s a scary thought: a botnet so sophisticated that it can’t be detected and dismantled. But is it true?
The national laboratory that may or may not have played a supporting role in the Stuxnet cyberattack on Iran’s nuclear facilities has been hacked, officials said yesterday, and facility-wide Internet access was cut Friday to stop data from flowing out of the lab. Oak Ridge National Laboratory, located in Tennessee, only lost a few megabytes of data. But it’s unclear what data was stolen, and even less clear where it went.
The Stuxnet worm has generated plenty of commentary from computer industry experts and security pundits, but yesterday the U.S. government’s senior cybersecurity expert at the Department of Homeland Security weighed in, calling the malicious program a “game changer” in cyber warfare. The head of the DHS’s Cybersecurity Center, Sean McGurk, made the statement to the Senate Homeland Security Committee Wednesday.
One of the major problems with current cybersecurity measures is that while systems can detect the erratic behavior that heralds an incoming attack, there often isn't a whole lot those systems can do once the attack is underway short of pulling the servers offline, resulting in lost revenues and credibility for Web sites and a loss of key services for users. A new MIT system aims to change that by keeping servers and applications running even as it contains an incoming cyberattack.
Five amazing, clean technologies that will set us free, in this month's energy-focused issue. Also: how to build a better bomb detector, the robotic toys that are raising your children, a human catapult, the world's smallest arcade, and much more.