| Why 'idiot' humans are the best cyber weapon Jun 1st 2012, 19:29  By Lee Ferran | ABC News – 2 hrs 25 mins ago For the second time in as many years, computer security experts have hailed the discovery of a new cyber weapon as one that could change the face of cyber warfare forever. Flame, publicly disclosed earlier this week and found in dozens of computers in Iran and the Middle East, is thought to be the biggest cyber espionage program ever, capable of recording just about everything that is done on an infected system, all while staying hidden from the user. Before that, Stuxnet, an offensive cyber weapon found in 2010, was reportedly powerful enough to cause physical damage to an Iranian nuclear facility - a feat that had never been accomplished before. Both of these cyber weapons, experts estimate, cost millions of dollars and many years in research and development, most likely under the direction of some nation's intelligence agency. READ: The Smoke Over Flame: Who Is Behind Super Cyber Spy Tool? But as for how to get that advanced code loaded onto the right computers, some of the best hackers in the world may have been forced to rely on a decidedly low-tech but generally dependable ally: human carelessness. A super cyber weapon is no good if it can't get to the target networks and to do that sometimes requires a window to be left open by either a spy on the inside or, more commonly, regular rubes who don't realize they're opening their systems up to a world of hurt. As The New York Times reported today, in Stuxnet's case, the powerful worm had to get into the Iranian nuclear facility's system, but the system was air gapped - meaning it was not connected to any outside networks - so there was no way to hack it directly. Instead, someone would have to physically bring the worm in, either on purpose or without knowing it. "That was our holy grail," one of the people involved in the Stuxnet operation told The Times. "It turns out there is always an idiot around who doesn't think much about the thumb drive in their hand." According to Liam O Murchu, operations manager for the security response team at the U.S.-based cyber security firm Symantec and one of the first to analyze the Stuxnet code, that's likely just how it happened: Someone who had been tricked into downloading Stuxnet onto their personal computer unknowingly transferred the malware to a thumb drive and then, after heading to work at the supposedly secure Iranian facility, plugged the thumb drive into the internal network, letting Stuxnet loose to wreak its havoc - all without knowing a thing was wrong. READ: Could Cyber Superweapon Stuxnet Be Turned on U.S.? Similarly, reports by several international cyber security firms said that analysis of the Flame code suggests it's designed in part to be able to transfer secretly from one network to another by thumb drive as well. But carelessness when it comes to thumb drives is not reserved for overseas users. Last June, the Department of Homeland Security ran a test in which it secretly dumped computer discs and thumb drives into the parking lots of U.S. government buildings and private contractors, according to a Bloomberg report. The test found that 60 percent of people who picked up the devices plugged them into their office computers - potentially compromising the entire internal network. If the drive or CD had an official seal on it, the number shot up to 90 percent plugged in. Beyond thumb drives, O Murchu said one of the most popular ways hackers attempt to gain access to a network through human error is by spear phishing, a method in which the hacker specifically targets an individual and poses as a friend or colleague in an attempt to trick him or her into downloading a compromised file, usually in the form of an email attachment. It's this way that Duqu, another highly sophisticated espionage program believed to be closely linked to Stuxnet, was able to spread throughout computers in Europe when it was discovered last October, O'Murchu said. It's also the method the DHS said earlier this month was being used by a foreign power for months as they targeted the control systems for American gas pipelines. In November, the U.S. State Department reported it had experienced a 35 percent increase in "spear phishing and/or malicious email traffic" over just the year before. All this is evidence, O Murchu said, that attackers are increasingly relying on the "human aspects" of cyber attacks, rather than targeting the systems directly, and reiterates a mantra that O Murchu and some other cyber security experts have been repeating for years: no matter how sophisticated the attack or how capable the defenses, the weakest link in cyber security is often the human at the keyboard. READ: U.S. Computer Emergency Readiness Team Security Tip on Thumb Drives Also Read 
[ [ [['Connery is an experienced stuntman', 2]], 'http://yhoo.it/KeQd0p', '[Slideshow: See photos taken on the way down]', ' ', '630', ' ', ' ', ], [ [['Connery is an experienced stuntman', 7]], ' http://yhoo.it/KpUoHO', '[Slideshow: Death-defying daredevils]', ' ', '630', ' ', ' ', ], [ [['know that we have confidence in', 3]], 'http://yhoo.it/LqYjAX ', '[Related: The Secret Service guide to Cartagena]', ' ', '630', ' ', ' ', ], [ [['We picked up this other dog and', 5]], 'http://yhoo.it/JUSxvi', '[Related: 8 common dog fears, how to calm them]', ' ', '630', ' ', ' ', ], [ [['accused of running a fake hepatitis B', 5]], 'http://bit.ly/JnoJYN', '[Related: Did WH share raid details with filmmakers?]', ' ', '630', ' ', ' ', ], [ [['accused of running a fake hepatitis B', 3]], 'http://bit.ly/KoKiqJ', '[Factbox: AQAP, al-Qaeda in Yemen]', ' ', '630', ' ', ' ', ], [ [['have my contacts on or glasses', 3]], 'http://abcn.ws/KTE5AZ', '[Related: Should the murder charge be dropped?]', ' ', '630', ' ', ' ', ], [ [['have made this nation great as Sarah Palin', 5]], 'http://yhoo.it/JD7nlD', '[Related: Bristol Palin reality show debuts June 19]', ' ', '630', ' ', ' ', ], [ [['have made this nation great as Sarah Palin', 1]], 'http://bit.ly/JRPFRO', '[Related: McCain adviser who vetted Palin weighs in on VP race]', ' ', '630', ' ', ' ', ], [ [['A JetBlue flight from New York to Las Vegas', 3]], 'http://yhoo.it/GV9zpj', '[Related: View photos of the JetBlue plane in Amarillo]', ' ', '630', ' ', ' ', ], [ [['the 28-year-old neighborhood watchman who shot and killed', 15]], 'http://news.yahoo.com/photos/white-house-stays-out-of-teen-s-killing-slideshow/', 'Click image to see more photos', 'http://l.yimg.com/cv/ip/ap/default/120411/martinzimmermen.jpg', '630', ' ', 'AP', ], [ [['Titanic', 7]], 'http://news.yahoo.com/titanic-anniversary/', ' ', 'http://l.yimg.com/a/p/us/news/editorial/b/4e/b4e5ad9f00b5dfeeec2226d53e173569.jpeg', '550', ' ', ' ', ], [ [['He was in shock and still strapped to his seat', 6]], 'http://news.yahoo.com/photos/navy-jet-crashes-in-virginia-slideshow/', 'Click image to see more photos', 'http://l.yimg.com/cv/ip/ap/default/120406/jet_ap.jpg', '630', ' ', 'AP', ], [ [['xxxxxxxxxxxx', 11]], 'http://news.yahoo.com/photos/russian-grannies-win-bid-to-sing-at-eurovision-1331223625-slideshow/', 'Click image to see more photos', 'http://l.yimg.com/a/p/us/news/editorial/1/56/156d92f2760dcd3e75bcd649a8b85fcf.jpeg', '500', ' ', 'AP', ] ] [ [ [['did not go as far his colleague', 8]], '29438204', '0' ], [ [[' the 28-year-old neighborhood watchman who shot and killed', 4]], '28924649', '0' ], [ [['because I know God protects me', 14], ['Brian Snow was at a nearby credit union', 5]], '28811216', '0' ], [ [['The state news agency RIA-Novosti quoted Rosaviatsiya', 6]], '28805461', '0' ], [ [['measure all but certain to fail in the face of bipartisan', 4]], '28771014', '0' ], [ [['matter what you do in this case', 5]], '28759848', '0' ], [ [['presume laws are constitutional', 7]], '28747556', '0' ], [ [['has destroyed 15 to 25 houses', 7]], '28744868', '0' ], [ [['short answer is yes', 7]], '28746030', '0' ], [ [['opportunity to tell the real story', 7]], '28731764', '0' ], [ [['entirely respectable way to put off the searing constitutional controversy', 7]], '28723797', '0' ], [ [['point of my campaign is that big ideas matter', 9]], '28712293', '0' ], [ [['As the standoff dragged into a second day', 7]], '28687424', '0' ], [ [['French police stepped up the search', 17]], '28667224', '0' ], [ [['Seeking to elevate his candidacy back to a general', 8]], '28660934', '0' ], [ [['The tragic story of Trayvon Martin', 4]], '28647343', '0' ], [ [['Karzai will get a chance soon to express', 8]], '28630306', '0' ], [ [['powerful storms stretching', 8]], '28493546', '0' ], [ [['basic norm that death is private', 6]], '28413590', '0' ], [ [['songwriter also saw a surge in sales for her debut album', 6]], '28413590', '1', 'Watch music videos from Whitney Houston ', 'on Yahoo! Music', 'http://music.yahoo.com' ], [ [['keyword', 99999999999999999999999]], 'videoID', '1', 'overwrite-pre-description', 'overwrite-link-string', 'overwrite-link-url' ] ]  | |
沒有留言:
張貼留言