dcsimg

Controlling Information Online

  • Controlling Information Online-

    With the goal of controlling and monitoring information (as well as stealing data), hackers will develop combination attacks that affect DNS service providers and compromise certificate authorities. These sophisticated, effective threats will be increasingly difficult to detect and will obviate the need for attackers to place a “man in the middle.” Even security-conscious users will not be able to tell if they are on a malicious site if DNS provisioning systems are compromised. And if stolen certificate authorities are employed, attackers can create fake banking applications and more to control access to information, steal personal data and money.

    Barry Hensley, director of the Counter Threat Unit at Dell SecureWorks, cites the 2011 DigiNotar Certificate Authority (CA) breach as a manipulation of security controls with the intent of controlling and monitoring private citizens’ information. In the case of DigiNotar, a hacker going by the handle of “COMODOHacker” seized control of CA servers, created fraudulent certificates and used them to execute “man-in-the-middle” attacks against hundreds of thou­sands of victims. The scheme enabled the hacker to access Iranian Gmail users’ messages and monitor much of their Internet traffic.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18

Controlling Information Online

  • 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18
  • Controlling Information Online-12

    With the goal of controlling and monitoring information (as well as stealing data), hackers will develop combination attacks that affect DNS service providers and compromise certificate authorities. These sophisticated, effective threats will be increasingly difficult to detect and will obviate the need for attackers to place a “man in the middle.” Even security-conscious users will not be able to tell if they are on a malicious site if DNS provisioning systems are compromised. And if stolen certificate authorities are employed, attackers can create fake banking applications and more to control access to information, steal personal data and money.

    Barry Hensley, director of the Counter Threat Unit at Dell SecureWorks, cites the 2011 DigiNotar Certificate Authority (CA) breach as a manipulation of security controls with the intent of controlling and monitoring private citizens’ information. In the case of DigiNotar, a hacker going by the handle of “COMODOHacker” seized control of CA servers, created fraudulent certificates and used them to execute “man-in-the-middle” attacks against hundreds of thou­sands of victims. The scheme enabled the hacker to access Iranian Gmail users’ messages and monitor much of their Internet traffic.

In the past year, we have witnessed cyber attacks of unprecedented sophistication and reach. These attacks demonstrate that malicious actors have the ability to com­promise and control millions of computers that belong to governments, private enterprises and ordinary citizens. If we are going to prevent motivated adversaries from attack­ing our systems, stealing our data and harming our critical infrastructure, the broader community of security research­ers — including academia, the private sector and govern­ment — must work together to understand emerging threats and to develop proactive security solutions to safeguard the Internet and physical infrastructure that relies on it.

This slideshow features emerging cyber threats for 2012, identified by the Georgia Tech Information Security Center and the Georgia Tech Research

Institute.

More

Slideshows

:

Ten Apple Apps for BusinessApple apps to help increase business productivity.

Top Eight Features in Windows Server 8 Windows Server 8 is a technically sophisticated operating system that is crammed with features that bring many previously enterprise-only capabilities to small and mid-sized businesses.

Seven Points CIOs Must Know About the Board of Directors Seven areas that CIOs must understand and act upon in order to effectively work with the board.