Phone DOS hacker

Phone DOS: What's in it for the crooks

The Homeland Security Department has warned emergency communications centers about a recent spate of denial of service attacks against Public Safety Answering Points and other government phone lines in an effort to extort money from them. Although the audacity -- or stupidity -- of targeting government offices for extortion might be new, Telephony DOS (TDOS) has been around for some time.

Back in 2010 the FBI warned  of a surge of TDOS incidents that apparently were diversions for more serious crime. “During these TDOS attacks, online trading and other money management accounts are being accessed by the perpetrators who are transferring funds out of those accounts,” the agency warned. While the crooks were accessing the victim’s account to change the profile and allow looting, the legitimate phone number was being blocked to keep the victim from accessing the account and to keep account managers from calling to verify changes being made. One victim in Florida lost $400,000.

The bad guys used multiple voice over IP accounts with automatic dialers to flood the target number. But if you don’t want to go to the trouble of doing this yourself, there are people who will do it for you at reasonable rates.

Research analyst Curt Wilson at Arbor Networks last year reported several hacker ads for TDOS-as-a-service. “We also provide service to flood telephones (both mobile and stationary) from $20 a day,” one ad promised. Another offered the service starting at $5 an hour, up to $40 for an entire day. The service providers can either use their own PBX software or can compromise VOIP or PBX systems to use them as bots in TDOS attacks.

“Default credentials are one of the security weaknesses that the attackers leverage to gain access to the VOIP/PBX systems, so organizations should ensure that their telecommunications systems credentials are strong enough to resist brute force attack, and that the ability to reach the telephone system is limited as much as possible in order to reduce the attack surface and convince the attacker to move on to the next victim,” Wilson warned.

There is no word on whether any of the communications offices targeted in the most recent round of attacks have paid the extortion money. But, as Wilson observed last year, “clearly, there is money to be made in the underground economy or these services would not be advertised.”

Posted by William Jackson on Apr 08, 2013 at 9:39 AM0 comments


Security conscious meerkats watching for danger

Do the security conscious see something we don't?

It’s not a seismic shift, but a recent survey on security seems to show a trend, at least among the security conscious, away from Microsoft’s Internet Explorer browser and paid antivirus products in favor of Chrome, Firefox and free antivirus software.

Many readers might say, “What took them so long?”

The growing number of exploits targeting IE for some years prompted recommendations to replace it with alternatives from Google or Mozilla — or to at least limit use of IE. And antivirus has become a low-priority commodity. More intelligent anti-malware tools are taking precedence over signature-based applications. Nobody wants to get rid of the signature-based tools because when they work, they work. But why pay for them? Just use a free download and save your money for more sophisticated products.


Still, I found the degree of the shift interesting.

The survey was conducted by AV Comparatives, an Austrian non-profit that does independent antivirus testing. The results come from 4,715 computer users from around the world, about 16 percent of them in North America. The respondents came primarily from Europe (about 43 percent) and Asia (about 26 percent).

AV Comparatives says that it used control questions to filter out security experts and others trying to spin the results, so that the results reflect average users. Still, if I were a betting man I’d bet that the respondents skew toward the security aware and the paranoid. Who else is likely to take the time to answer a security survey?

As you might expect, operating systems used were dominated by Microsoft, with nearly 62 percent using Windows 7 (32- or 64-bit versions) and about 17 percent using Widows 8. The company noted that Windows 8 use by respondents is significantly higher than among the general public, according to commercial metrics. Older versions of Windows, including XP (12.5 percent) and Vista (about 4 percent) still outranked Apple OSes, which totaled 2.4 percent, although Apple accounts for 7.2 percent of the North American market.

But when it comes to browsers, Microsoft lost its advantage among the survey respondents. About 39 percent said they use Mozilla Firefox and 35 percent use Google Chrome. IE was a distant third with 14.4 percent. The results reflect what had been a trend worldwide away from IE, long the dominant browser, and toward Firefox and Chrome. However, recent statistics from Net Applications  show that IE has rebounded with the release of IE 9 and 10. In February, IE held 55.8 percent of the worldwide market, followed by Firefox (20.12 percent), Chrome (16.27) and Safari (5.42).

As for security software, about 40 percent of respondents are paying for a commercial suite of security tools, and nearly 16 percent are paying for stand-alone antivirus. This combined percentage was about 10 percent higher last year, the company said. About 37 percent were using free antivirus solutions. In North America, free antivirus accounts for 40 percent.

The top choices among antimalware providers also varied with geography. In North America, the top providers in the survey were, in order, Microsoft, Symantec, Avast, Kaspersky and AVIRA. Worldwide, the top providers were Avast, Kaspersky, AVIRA, ESET and Microsoft.

Apparently users are satisfied with the security of the tools they are using. Although they ranked good malware detection rates as more important than impact on system performance, they said vendors needed to work more on reducing the impact on computer performance than on detection rates.

If the people who took this survey know what they are doing, maybe it’s time for those of us who have stuck with Microsoft IE and are paying for antivirus to reevaluate priorities.

Posted by William Jackson on Mar 28, 2013 at 9:39 AM3 comments


IPv6 killer apps Internet globe images

Killer app for IPv6? It’s the Internet.

I recently solicited comments on what the killer app might be that would drive demand for and adoption of IPv6, the next generation of Internet Protocols. From what the readers had to say, the killer app is the Internet itself. Despite the possibilities for improved functionality in the new protocols, the overriding reason for using them is simply to keep the Internet alive and well as the old address pool dries up.

With the current IPv4 infrastructure becoming increasingly fragmented and fragile, “the Future is IPv6, or no Internet,” one reader commented. “You choose.”

There were no examples offered of anyone actually using the capacity or capability of the protocols for anything innovative. The only reason for enabling them is that this is where future growth of the Internet must take place, and anyone who wants to remain accessible without living behind increasingly congested bottlenecks will have to accept IPv6 traffic.

Two readers offered examples of current applications that would benefit from eliminating the fragmentation caused by Network Address Translation, voice over IP and multicasting for delivery of radio and television over the Internet. Some current trends support these ideas.

The NPD Group recently announced that there are more than half-a-billion Internet-connected devices in the U.S. homes, an average of 5.7 per household. Since the beginning of 2013, the number of tablets in use grew by nearly 18 million and the number of smart phones by 9 million.

This growth in IP is occurring at the same time that reliance on traditional electronic media is shrinking. As early as 2010, the National Center for Health Statistics reported  that nearly 27 percent of American homes did not have traditional wireline telephones. And the Nielsen Co. estimated that the number of households in the United States with television dropped from 115.9 million in 2011 to 114.7 million in 2012. The drop started with the digital conversion of television in 2009. The poor economy and demographic shifts with more young people relying on Internet for entertainment also contributed to the decline.

It appears that for the near future, the primary job of IPv6 will be keeping the Internet robust enough to enable its continued expansion as communications, information and entertainment medium. But that does not mean that the new protocols will not be put to some interesting and innovative uses.

“The ‘Killer App’ is, first and foremost, the increased connectivity implicit in the larger address space,” one reader commented. “What comes from that increased connectivity is, well, up to you to decide!”

Posted by William Jackson on Mar 22, 2013 at 9:39 AM7 comments


Woman waiting under a clock

Will IPv6 ever have a killer app?

The volume of IPv6 traffic, though still small, has grown steadily over the last year. Although most federal agencies missed the Sept. 30, 2012 deadline for enabling the new protocols on public facing Web sites, they are slowly adopting IPv6. Hurricane Electric, which bills itself as the world’s largest native IPv6 backbone, has announced that it has connected more than 2,000 IPv6 networks.

But the world still is waiting for a reason to make the move. To date, the main reason for transitioning to the new Internet Protocols is that you have to. The Office of Management and Budget told agencies in 2010 that they had to enable IPv6, and the pool of available IPv4 addresses is drying up. Anyone who wants large blocks of new addresses now must get them in IPv6.

So far, however, the new protocols are being used pretty much like the old ones. When will we see a killer app that will make people want to use IPv6, and what will it be?

There has been a lot of talk in the last decade about the improved security that can be achieved with IPv6, the new Internet of Things it will enable and the benefits of true end-to-end connectivity once everyone gets rid of Network Address Translation (NAT).  A global organization such as the Defense Department stands to benefit from access to a nearly endless supply of IP endpoints that could be used to monitor, track and control millions of things anywhere in the world.
 
But despite changes such as the rapid growth of mobile devices, we still are using IP devices pretty much the same way we have for years. Screens are smaller, keyboards are virtual and there is some location-specific functionality, but a mobile device essentially is a little IPv4 PC.

Owen DeLong, IPv6 evangelist for Hurricane Electric, obviously is a fan of the new protocols. He thinks doing away with NAT will be a good thing. So what does he think the killer app for IPv6 will be? “None,” he says. People don’t feel they are missing anything with IPv4 now, and the benefits of a new set of Internet Protocols are too complex for today’s short attention spans. “It’s not something you can explain to the average user in a 10-word sound bite,” he said.

But the interesting thing about killer apps is that, like the Spanish Inquisition, no one expects them. They are unplanned and become part of our lives before we know it. Is the next one already out there?

Are there any innovative uses of IPv6 by your agency or office? Has anyone found a use for the protocols that enables some functionality that was not practical before? Do you have a problem that you think IPv6 can solve? Drop me a line at wjackson@gcn.com and tell me if the new protocols are being used, how they are being used, or how you would like them to be used. Maybe we can identify a driver for the move to IPv6.

Posted by William Jackson on Mar 14, 2013 at 9:39 AM9 comments