Dubai: After creating his first public jailbreaking software for the iPhone in 2009, American hacker George Hotz then turned his attention to hacking the Sony PlayStation 3 gaming console and started a blog to keep followers posted on his progress.
Soon after the Jersey Shore native presented his PS3 jailbreak to the world in 2010, Sony countered last January by serving Hotz — aka geohot, million75 or mil — with court papers signalling that the Japanese corporate giant was suing, a case that was settled on March 31 between the two parties.
Not long after news of the settlement, however, Sony revealed to the world that its Sony PlayStation Network (PSN) fell victim to cyber attack and that the account details of more than 77 million users around the globe may have been accessed. Over the next several weeks, it was revealed that several other hacking episodes may have exposed more than 100 million account details on Sony servers, including 250,000 accounts in the UAE, 14,000 of which contained credit card details of PSN users.
On his website, geohotgotsued.blogspot.com, Hotz denied any involvement in the Sony hacking, later attributed to hacktivist group Anonymous, who attacked Sony apparently in retaliation for suing Hotz.
"And to anyone who thinks I was involved in any way with this, I'm not crazy and would prefer not have the FBI knocking on my door. Running homebrew and exploring security on your devices is cool, hacking into someone else's server and stealing databases of user info is not cool. You make the hacking community look bad...," Hotz wrote on his blog in late April.
"To the perpetrator, two things. You are clearly talented and will have plenty of money [or a jail sentence and bankruptcy] coming to you in the future," Hotz wrote, adding that he hoped the culprit(s) behind the Sony hack wouldn't "sell people's information".
Facebook's find
On June 27, TechUnwrapped reported that Hotz was reportedly now working for Facebook, which confirmed the 21-year-old who had hacked Apple and Sony was now in their employ. Facebook hasn't divulged the nature of Hotz's work with the social networking site but some speculate it may have something to do with an unparalleled rash of high-profile cyber attacks upon global corporations, financial institutions and sensitive government agencies around the globe in the last two months.
Adopting a brazen, highly gifted hacker to work on the inside of Facebook's digital fortress and its database of more than 600 million global users may help fend off future attacks by hacker groups such as Anonymous, an online group dedicated to a free internet through online hactivism protests, as well as Lulzsec, a splinter group of Anonymous activists who are said to have laid claim to recent cyber intrusions.
In recent months, no one seems immune as the list of hacked corporations, organisations and governments grows longer. According to Reuters, US deputy defence secretary William J. Lynn confirmed earlier this year that more than 100 intelligence agencies from other countries have attempted to break into US defence department computer systems to access military data.
After RSA and Sony PSN were hacked, Fox Networks was hacked and data was taken reportedly by Lulzsec in April. Then Citigroup was compromised and 200,000 pieces of customer of data were reportedly stolen.
In early May, the UAE's gov.ae domain may have been entered after 112 outdated usernames and passwords for gov.ae addresses were posted online by unknown hackers although the incident has not been confirmed by senior officials.
On May 21, American defence firm Lockheed Martin was hacked but halted the intrusion in time to stem the flow of data and then, nine days later, Lulzsec broke into PBS. Two days later, Google's email system was illegally entered. Honda Canada confirmed 283,000 customer records were accessed in a data breach.
In June, hackers went on a cyber spree cracking their way into the Turkish government, the International Monetary Fund, Spanish National Police, the Central Intelligence Agency and Sega who said up to 1.3 million user accounts may have been compromised.
A report released by Symantec in April found that, on average, there were 260,000 identities exposed per breach last year in which, aside from targeted hacking activities, there were 286 million unique variants of malware recorded.
There are two clear motives for hackers emerging in recent months; for financial gain and hactivism to make a corporate or political statement, says Justin Doo, security practice director, Emerging Regions, Symantec Corporation.
"Recent events can be broadly broken into two areas: targeted hacks where groups are pursuing financial benefit from compromising another organisation's data, these you would expect to be covert and stealthy, the value of the data is heightened where the information owner is not aware that the data has been stolen or exfiltrated," Doo told Gulf News.
Increase in hacktivism
"The other area we have seen is a considerable increase in hacktivism — attacks perpetrated for little or no financial gain, often stated to address perceived imbalances of justice — large global organisations targeting individuals as an example, where the individual lacks the financial wherewithal to defend their position, regardless of propriety of original behaviour."
And hackers are shifting their modes of operation as some companies move to shield specific information from attack as compared to days when the thinking was to protect the system as a whole.
Organisations are moving "from a system centric to an information centric approach when it comes to IT; this change has been noticed by organisations outside of their environment and this is where we have seen an alteration in the activities that target that data," Doo said.
Entities with large computer data systems holding sensitive data are encrypting data in concert with higher-security measures, he said.
"As the high-profile attacks of recent weeks demonstrate, there are organisations, both government, quasi-government and enterprises alike that have seen their defences breached. Some well-known global brands have suffered from unwanted attention due to these breaches, which has served to heighten awareness within public and private sector to the dangers associated with data loss," Doo said.
Organisations still tend to underestimate threat
Dubai: You might be forgiven for presuming that the rash of recent cyber intrusions around the globe has thrown a substantive scare into corporations, financial institutions and governments.
But some in the security field say the new fears emerging from the hackings isn't enough to convince organisations with large databases to ramp up existing electronic security measures.
Paul Wright, MEA principal consultant, Forensic and Investigative Response, Verizon, has helped investigate some of the roughly 800 data breach cases his firm has handled per year since 2005.
"One of the the most challenging aspects is getting organisations to understand where they are vulnerable to e-crime attack. It is sometimes difficult to get organisations to think like a criminal and regularly update their security defences in order to combat evolving criminal methods," said Wright, who is based in Dubai and heads a team of forensic investigators.
When a data breach occurs, security experts work hard to encourage clients to react as quickly as possible when evidence of the intrusion is fresh and tracking the entry path is easier, he said.
Even when secure systems are put in place, Wright said one of the most critical steps to containing a data breach is acting quickly to gauge the full extent of the cyber intrusion. "Security breaches and the compromise of sensitive information are very real concerns for organisations worldwide. When such incidents are discovered, response is critical," Wright told Gulf News."
One step ahead
Staying one step ahead of hackers is difficult given that some are well connected and work in groups to remain at the forefront of hacking technology, he said.
"Data breaches are not a country-specific phenomenon; they can occur anywhere that information traverses or resides. That's not to say that no regional differences and trends exist, as they do, however possibly not as prominently as we may think. In our latest Data Breach Investigations Report we saw a striking jump in the percentage of incidents originating from Eastern Europe — 65 per cent — largely due to the widespread and prolific attacks from organised criminal groups hailing from this region. These were followed by attacks from North America and Asia.
"Organisations in the Middle East, or in any other region around the world, are not immune to opportunistic attacks, or against the more targeted ones. We have witnessed the same criminal behaviour and fundamental security mistakes everywhere around the world, and in every type of organisation," he said.
The latest Verizon 2011 Data Breach Investigations Report shows that while cyber attacks are on the increase, it would appear that records actually confirmed stolen are decreasing as more hackers are hunted down by authorities. Of the 761 data breach cases probed last year by Verizon, four million client records were confirmed stolen.
"This highlighted a change of tactics by cyber criminals, with them opting to play it safe in light of recent arrests and prosecutions of high-profile hackers. Most of these are targeting ‘cashable' forms of data like credit card numbers, bank accounts, [and] personal information," he said.
The report found that hackers used backdoor measures to gain stealthy entry. "The method utilised in the highest percentage of breaches and stolen records was exploitation of backdoors or command-control functionality. This isn't the backdoor itself [which is considered malware], but is inextricably linked to it. With a backdoor installed, attackers can bypass security mechanisms to gain access without relying on legitimate channels."
Governments step up safeguards
Dubai: Dr Angelika Plate, director of strategic security consultancy, helpAG in the Middle East, says throwing technology at a growing hacking problem may not be enough.
Sound management plans are critical for governments to back up large capital investments in technological security updates.
Plate said, "there is a strong emphasis on technical solutions — which are of course good and necessary — whilst the managerial framework for such solutions including sound implementation, regular updates, correct maintenance and policies and procedures for the use, is sometimes overlooked. Security is always only as good as the weakest link; therefore more emphasis could be placed on holistic information security solutions."
Plate has been working to help Abu Dhabi achieve certification against the ADSIC standards, an Abu Dhabi-specific certification scheme.
Regional risks
Plate didn't speak directly of the UAE gov.ae breach in early May but said the hacking "trend is reflected here in the region, and governments are as well on the radar of computer criminals as any other organization might be. As the bad boys get more and more educated and better equipped, it is very important for governments in the region to ensure that their protection is in accordance with best practice industry standards and fully up to date. This is the only way to avoid that a successful attack will take place sooner or later."
James Lyne, director of technology strategy, Sophos, said governments are working hard to put up proper barriers to keep hackers out.
"There has been a huge surge of investment in cyber and, generally speaking, governments have been pushing hard to re-factor policies and update security controls. Governments tend to have a significant surface area of different organisations and need to make sure that modern security controls and policies are consistently applied across all of their branches, not just core obvious attack points."
Lyne said hackers are also growing more sophisticated.
"The volume of threats is increasing but their quality certainly isn't reducing. These crime packs are making high-quality generic malicious code accessible to a wider range of cyber criminals. The bad guys have developed an illicit economy and how have a channel, franchise models, technical support and…services to help steal data. These crime packs are making it easier for the bad guys to conduct low level attack," Lyne said.
"Over the coming years, we expect the volumes to increase further and a focus on a wider range of platforms."
Tips: staying protected
Some simple, but essential security practices for organisations to embrace are as follows:
- Focus on essential controls. Many enterprises make the mistake of pursuing exceptionally high security in certain areas while almost completely neglecting others. Businesses are much better protected if they implement essential controls across the entire organisation without exception.
- Eliminate unnecessary data. If you do not need it, do not keep it. For data that must be kept, identify, monitor and securely store it.
- Secure remote access services. Restrict these services to specific IP addresses and networks, minimising public access to them. Also, ensure that your enterprise is limiting access to sensitive information within the network.
- Audit user accounts and monitor users with privileged identity. The best approach is to trust users but monitor them through pre-employment screening, limiting user privileges and using separation of duties. Managers should provide direction, as well as supervise employees to ensure they are following security policies and procedures.
- Monitor and mine event logs. Focus on the obvious issues that logs pick up, not the minutae. Reducing the compromise-to-discovery timeframe from weeks and months to days can pay huge dividends.
- Be aware of physical security assets. Pay close attention to payment card input devices, such as ATMs and gas pumps, for tampering and manipulation.
— Source: Verizon
