Pulse


Pulse

By GCN Staff


A HealthCare.gov denial-of-service attack tool is found. Really.

As if it didn’t already have enough problems of its own, researchers at Arbor Networks have found a denial-of-service attack tool that targets HealthCare.gov, the main federal health care exchange website.

“Destroy Obama Care!” exhorts the writer of the tool, a self-styled American patriot. “ObamaCare is an affront to the Constitutional rights of the people. We HAVE the right to CIVIL disobedience!”

“It’s pretty lame,” said Marc Eisenbarth, manager of the Arbor Security Engineering & Response Team (ASERT).

An analysis of the tool concluded that it is unlikely to succeed in affecting the availability of the site, and Eisenbarth said that there is no indication that it has been used or that the problems being experienced at HealthCare.gov are anything other than self-inflicted.

The tool at one time was available for download on several sites but has since disappeared. “It’s basically gone,” Eisenbarth said, although no exhaustive search for it has been done.

It was found by ASERT through monitoring of peer-to-peer networks using algorithms to detect politically motivated attacks. The anti-ObamaCare tool was interesting more for its motives and rhetoric than for its content, Eisenbarth said. Rather than using any of the available off-the-shelf DDOS attack tools, it was developed by the author using Delphi, a language that often is traced to Russia although that does not appear to be the case this time. Each copy of the tool opens multiple links that make repeated layer 7 -- application layer -- requests to the site, alternating between the URLs for the site’s home page and the contact page.

The author claims that the tool is intended only to deny service to users of the site “and perhaps overload and crash the system,” and that “it has no virus, trojans, worms or cookies.” Eisenbarth said ASERT found no malicious code in it.

ASERT notified the Centers for Medicare and Medicaid Services, which administers the site, and the Homeland Security Department about the tool, and got a callback from DHS. “We talked them off the ledge,” Eisenbarth said.

Posted on Nov 08, 2013 at 12:04 PM1 comments


DHS cites threats from out-of-date Android OS versions

The Homeland Security Department and FBI have warned police, fire departments and security personnel that Android users running out-of-date operating systems on their devices pose a significant security threat to their organizations, NetworkWorld reported.

In the July memo, which was “for official use only” and therefore not widely circulated, DHS said “industry reporting” showed that 44 percent of Android users were “still using versions 2.3.3. through 2.3.7 of the OS – known as “Gingerbread” – which were released in 2011 and carried a number of security flaws that were repaired in subsequent versions.

“The growing use of mobile devices by federal, state and local authorities makes it more important than ever to keep mobile OS[es] patched and up-to-date,” the notice said.

DHS cited three threats to those carrying devices with obsolete Android OSes and outlined a mediation tactic:

SMS Trojans

Text message Trojans account for about half of the malware on older Android devices, DHS said. A common exploit sends texts to premium rate phone numbers owned by criminals and results in high charges to the user. Security suites are now available to knock out the threat, according to the memo.

Rootkits

This is hidden malware that logs a user’s locations, keystrokes or passwords without the user’s knowledge. DHS recommended installing the Carrier IQ test free app that can find and remove the malware.

Fake Google Play domains

Users should install and update antivirus software to knock out these exploits, which trap users into installing apps that let hackers get at financial data and log-in credentials, DHS warned.

Posted on Nov 06, 2013 at 11:23 AM0 comments


Motorola brings modular phones closer to reality

Dave Hakkens’ Phoneblok idea is getting some traction. The project, which envisions phones as open-source, modular devices whose individual components can be changed out and upgraded as needed, got almost a million backers on the Thunderclap website, showing that many people would buy such a phone if it was available. 

Meanwhile, Motorola had been quietly working on a similar idea called Project Ara that, like the Phoneblok, uses a frame to hold the modules in place. A module, according to the Motorola blog, could be a new application processor, a new display or keyboard, an extra battery, a pulse oximeter and so on. 

The idea is to let people customize their phones, or upgrade or replace parts without buying an entire new phone.

Now, Hakkens and Motorola are working together to make the modular phone concept a reality, according to Design Taxi. Motorola will work on Project Ara in the open, engaging with the Phonebloks community throughout the development process. In a few months, the company expects to invite developers to start creating modules for the Ara platform.

Posted on Nov 06, 2013 at 8:30 AM0 comments


Data center outage adds to HealthCare.gov's woes

An outage at the Verizon Terremark data center early Sunday caused the center to lose its connection with the data services hub that links the Affordable Care Act online health insurance marketplaces with federal agencies to verify identity, citizenship, and other facts, according to FCW

The outage was affecting the exchanges in all 50 states, as well as Terremark customers not connected with the marketplaces, according to the Health and Human Services spokeswoman Joanne Peters said. She explained the data center's network connectivity went down during planned maintenance to replace a failed networking component, Reuters reported.  

The data services hub, used by both the federal HealthCare.gov and the state-run exchanges, had been one aspect of the federal operation that was working, allowing many of the state-run exchanges to run effectively while problems plagued HealthCare.gov.

By Monday morning, "Verizon Terremark successfully resolved the issue with the networking component overnight,” HHS spokeswoman Joanne Peters said in a statement. "And as of 7 a.m. ET this morning, the Data Services Hub was fully operational."

Posted on Oct 28, 2013 at 12:50 PM0 comments


Higher ed networks 300 percent more likely to contain malware

Cyberattacks against college and university networks have been on the rise and, apparently, a fair amount of those attacks are successful.

The Internet security company OpenDNS recently said it found that higher education systems were 300 percent more likely to contain malware than networks in government or industry.

“Our research shows that while higher education institutions face the same cyberattacks as enterprises and government agencies, they tend to be compromised by malware and botnets at a much higher rate,” said Dan Hubbard, chief technology officer of OpenDNS and head of the company’s Umbrella Security Labs, which conducted the research. OpenDNS has 50 million users in 160 countries and monitors that traffic for signs of malicious activity.

The biggest threat to higher education systems, according to Umbrella labs, is the Expiro malware, a family of viruses that can infect files on the Windows platform.  It’s often installed when a user visits a malicious website that’s hosting a Java or Adobe PDF exploit, OpenDNS said, and can steal user and system information.

Hubbard acknowledged that colleges and universities run their networks more openly than, say, a government agency does, and they have to allow for access from a variety of mobile and other personal devices owned by students of faculty. But some fundamental security practices can help.

To protect users from visiting malicious sites and block infected devices from being brought into botnet activities, OpenDNS recommends:

• Alerting users when new spear phishing campaigns are detected.

• Using predictive analytics to block "malvertising" and watering hole Web attacks.

• Applying DNS-based enforcement to prevent malware-infected devices from phoning back to botnet operators over non-Web connections.

Posted on Oct 28, 2013 at 9:57 AM0 comments