DOCSLIB.ORG

Threatsaurus the A-Z of Computer and Data Security Threats 2 the A-Z of Computer and Data Security Threats

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Threatsaurus The A-Z of computer and data security threats 2 The A-Z of computer and data security threats Whether you’re an IT professional, use a computer The company has more than two decades at work, or just browse the Internet, this book is of experience and a global network of threat for you. We explain the facts about threats to your analysis centers that allow us to respond rapidly computers and to your data in simple, easy-to- to emerging threats. As a result, Sophos achieves understand language. the highest levels of customer satisfaction in the industry. Our headquarters are located in Boston, Sophos frees IT managers to focus on their Mass., and Oxford, UK. businesses. We provide endpoint, encryption, email, web and network security solutions that are simple to deploy, manage and use. Over 100 million users trust us for the best protection against today’s complex threats, and analysts endorse us as a leader. Copyright 2012 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you have the prior permission in writing of the copyright owner. Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners. 3 Contents Introduction 5 A-Z of threats 8 Security software/hardware 84 Safety tips 108 Malware timeline 127 4 Introduction Everyone knows about computer viruses. Or at least they think they do. Thirty years ago, the first computer virus Today, malware is unlikely to delete your hard appeared, Elk Cloner, displaying a short poem disk, corrupt your spreadsheet, or display a when an infected computer booted up for the message. Such cyber-vandalism has given way 50th time. Since then, cybercriminals have to more lucrative exploits. Today’s viruses might created millions of viruses and other malware— encrypt all your files and demand a ransom. email viruses, Trojans, Internet worms, spyware, Or a hacker might blackmail a large company by keystroke loggers—some spreading worldwide threatening to launch a denial-of-service attack, and making headlines. which prevents customers from accessing the company’s website. Many people have heard about viruses that fill your computer screen with garbage or delete your More commonly, though, viruses don’t cause any files. In the popular imagination, malware still apparent damage or announce their presence means pranks or sabotage. The early 1990s saw at all. Instead, a virus might silently install a global panic about the Michelangelo virus. In the keystroke logger, which waits until the victim 2000s, when millions of computers were infected visits a banking website and then records with the SoBig-F virus and primed to download the user’s account details and password, and unknown programs from the web at a set time, forwards them to a hacker via the Internet. antivirus companies scrambled to persuade The hacker is an identity thief, using these details Internet service providers to shut down servers to clone credit cards or plunder bank accounts. to avoid a doomsday scenario. Hollywood movies The victim isn’t even aware that the computer has like Independence Day reinforced this perception, been infected. Once the virus has done its job, with virus attacks signaled by flashing screens it may delete itself to avoid detection. and alarms. Another trend is for malware to take over your However, this is far from the truth today. computer, turning it into a remote-controlled The threats are no less real now, but they are zombie. It uses your computer without your low-profile, well-targeted, and more likely to be knowledge to relay millions of profit-making about making cash than creating chaos. spam messages. Or, it may launch other malware attacks on unsuspecting computer users. 5 And as social networks like Facebook and Stealthy, small-scale, well-targeted: for now, Twitter have grown in popularity, hackers and this seems to be the way that security threats cybercriminals are exploiting these systems to are going. find new ways of infecting computers and stealing What of the future, though? Predicting how identities. security threats will develop is almost impossible. Hackers may not even target large numbers Some commentators assumed that there would of victims any more. Such high-visibility never be more than a few hundred viruses, attacks bring unwanted attention, and antivirus and Microsoft’s Bill Gates declared that spam companies can soon neutralize malware that is would no longer be a problem by 2006. It’s not widely reported. In addition, large-scale exploits clear where future threats will come from, or can bring hackers more stolen data than they can how serious they will be. What is clear is that handle. Because of this, threats are becoming whenever there is an opportunity for financial more carefully focused. gain, hackers and criminals will attempt to access and misuse data. Spearphishing is an example. Originally, phishing involved sending out mass-mail messages that appeared to come from banks, asking customers to re-register confidential details, which could then be stolen. Spearphishing, by contrast, confines itself to a small number of people, usually within an organization. The mail appears to come from colleagues in trusted departments, asking for password information. The principle is the same, but the attack is more likely to succeed because the victim thinks that the message is internal, and his or her guard is down. 6 7 A-Z of threats 8 9 Adware Adware is software that displays advertisements on your computer. Adware, or advertising-supported software, Adware can slow down your PC. It can also slow displays advertising banners or pop-ups on your down your Internet connection by downloading computer when you use an application. This is not advertisements. Sometimes programming flaws necessarily a bad thing. Such advertising can fund in the adware can make your computer unstable. the development of useful software, which is then Advertising pop-ups can also distract you and distributed free (for example, Android apps, many waste your time if they have to be closed before of which are adware funded). you can continue using your PC. However, adware becomes a problem if it: Some antivirus programs detect adware and Ì installs itself on your computer without your report it as potentially unwanted applications. consent You can then either authorize the adware program or remove it from your computer. There are also Ì installs itself in applications other than the one dedicated programs for detecting adware. it came with and displays advertising when you use those applications Ì hijacks your web browser in order to display more ads (see Browser hijacker) Ì gathers data on your web browsing without your consent and sends it to others via the Internet (see Spyware) Ì is designed to be difficult to uninstall 10 11 Anonymizing proxy Anonymizing proxies allow the user to hide their web browsing activity. They are often used to bypass web security filters—e.g., to access blocked sites from a work computer. Anonymizing proxies hold significant risks for Ì Productivity: Anonymizing proxies can permit organizations: users to visit sites that, although safe, are often used for non-work purposes Ì Security: The anonymizing proxy bypasses web security and allows users to access infected webpages Ì Liability: Organizations can be legally liable if their computers are used to view pornography, hate material or to incite illegal behavior. There are also ramifications if users violate third-party licenses through illegal MP3, film and software downloads 12 Advanced persistent threat (APT) Advanced persistent threats are a type of targeted attack. APTs are characterized by an attacker who has time and resources to plan an infiltration into a network. These attackers actively manage their attack the information they seek and stealing it. APTs once they have a foothold in a network and should not be confused with more common are usually seeking information, proprietary or botnets, which are usually opportunistic and economic, rather than simple financial data. indiscriminate attacks seeking any available APTs are persistent in that they may remain on a victim rather than specific information. network for some time before gaining access to 13 Autorun worm Autorun worms are malicious programs that take advantage of the Windows AutoRun feature. They execute automatically when the device on which they are stored is plugged into a computer. Autorun worms are commonly distributed on On patched and newer operating systems, USB drives, automatically infecting computers Microsoft has set AutoRun to off by default. as soon as the USB is plugged in. AutoPlay is a As a result, autorun worms should pose less of similar technology to Autorun. It is initiated on a threat in the future. removable media prompting users to choose to listen to music with the default media player, or to open the disk in Windows Explorer. Attackers have similarly exploited AutoPlay, most famously via the Conficker worm. 14 Backdoor Trojan A backdoor Trojan allows someone to take control of a user’s computer via the Internet without their permission. A backdoor Trojan may pose as legitimate Well-known backdoor Trojans include Netbus, software to fool users into running it. OptixPro, Subseven, BackOrifice and, more Alternatively—as is increasingly common— recently, Zbot or ZeuS. users may allow Trojans onto their computer To avoid backdoor Trojans, you should keep your by following a link in spam email or visiting a computers up to date with the latest patches malicious webpage. (to close down vulnerabilities in the operating Once the Trojan runs, it adds itself to the system), and run anti-spam and antivirus computer’s startup routine.
Recommended publications
  • Statistical Structures: Fingerprinting Malware for Classification and Analysis

    Statistical Structures: Fingerprinting Malware for Classification and Analysis

    Statistical Structures: Fingerprinting Malware for Classification and Analysis Daniel Bilar Wellesley College (Wellesley, MA) Colby College (Waterville, ME) bilar <at> alum dot dartmouth dot org Why Structural Fingerprinting? Goal: Identifying and classifying malware Problem: For any single fingerprint, balance between over-fitting (type II error) and under- fitting (type I error) hard to achieve Approach: View binaries simultaneously from different structural perspectives and perform statistical analysis on these ‘structural fingerprints’ Different Perspectives Idea: Multiple perspectives may increase likelihood of correct identification and classification Structural Description Statistical static / Perspective Fingerprint dynamic? Assembly Count different Opcode Primarily instruction instructions frequency static distribution Win 32 API Observe API calls API call vector Primarily call made dynamic System Explore graph- Graph structural Primarily Dependence modeled control and properties static Graph data dependencies Fingerprint: Opcode frequency distribution Synopsis: Statically disassemble the binary, tabulate the opcode frequencies and construct a statistical fingerprint with a subset of said opcodes. Goal: Compare opcode fingerprint across non- malicious software and malware classes for quick identification and classification purposes. Main result: ‘Rare’ opcodes explain more data variation then common ones Goodware: Opcode Distribution 1, 2 ---------.exe Procedure: -------.exe 1. Inventoried PEs (EXE, DLL, ---------.exe etc) on XP box with Advanced Disk Catalog 2. Chose random EXE samples size: 122880 with MS Excel and Index totalopcodes: 10680 3, 4 your Files compiler: MS Visual C++ 6.0 3. Ran IDA with modified class: utility (process) InstructionCounter plugin on sample PEs 0001. 002145 20.08% mov 4. Augmented IDA output files 0002. 001859 17.41% push with PEID results (compiler) 0003. 000760 7.12% call and general ‘functionality 0004.
  • Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress

    Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress

    Order Code RL32114 Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Updated January 29, 2008 Clay Wilson Specialist in Technology and National Security Foreign Affairs, Defense, and Trade Division Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Summary Cybercrime is becoming more organized and established as a transnational business. High technology online skills are now available for rent to a variety of customers, possibly including nation states, or individuals and groups that could secretly represent terrorist groups. The increased use of automated attack tools by cybercriminals has overwhelmed some current methodologies used for tracking Internet cyberattacks, and vulnerabilities of the U.S. critical infrastructure, which are acknowledged openly in publications, could possibly attract cyberattacks to extort money, or damage the U.S. economy to affect national security. In April and May 2007, NATO and the United States sent computer security experts to Estonia to help that nation recover from cyberattacks directed against government computer systems, and to analyze the methods used and determine the source of the attacks.1 Some security experts suspect that political protestors may have rented the services of cybercriminals, possibly a large network of infected PCs, called a “botnet,” to help disrupt the computer systems of the Estonian government. DOD officials have also indicated that similar cyberattacks from individuals and countries targeting economic,
  • Xbt.Doc.248.2.Pdf

    Xbt.Doc.248.2.Pdf

    MAY 25, 2018 United States District Court Southern District of Florida Miami Division CASE NO. 1:17-CV-60426-UU ALEKSEJ GUBAREV, XBT HOLDING S.A., AND WEBZILLA, INC., PLAINTIFFS, VS BUZZFEED, INC. AND BEN SMITH, DEFENDANTS Expert report of Anthony J. Ferrante FTI Consulting, Inc. 4827-3935-4214v.1 0100812-000009 Table of Contents Table of Contents .............................................................................................................................................. 1 Qualifications ..................................................................................................................................................... 2 Scope of Assignment ......................................................................................................................................... 3 Glossary of Important Terms ............................................................................................................................. 4 Executive Summary ........................................................................................................................................... 7 Methodology ..................................................................................................................................................... 8 Technical Investigation ................................................................................................................................ 8 Investigative Findings .......................................................................................................................................
  • The Downadup Codex a Comprehensive Guide to the Threat’S Mechanics

    The Downadup Codex a Comprehensive Guide to the Threat’S Mechanics

    Security Response The Downadup Codex A comprehensive guide to the threat’s mechanics. Edition 2.0 Introduction Contents Introduction.............................................................1 Since its appearance in late-2008, the Downadup worm has become Editor’s Note............................................................5 one of the most wide-spread threats to hit the Internet for a number of Increase in exploit attempts against MS08-067.....6 years. A complex piece of malicious code, this threat was able to jump W32.Downadup infection statistics.........................8 certain network hurdles, hide in the shadows of network traffic, and New variants of W32.Downadup.B find new ways to propagate.........................................10 defend itself against attack with a deftness not often seen in today’s W32.Downadup and W32.Downadup.B threat landscape. Yet it contained few previously unseen features. What statistics................................................................12 set it apart was the sheer number of tricks it held up its sleeve. Peer-to-peer payload distribution...........................15 Geo-location, fingerprinting, and piracy...............17 It all started in late-October of 2008, we began to receive reports of A lock with no key..................................................19 Small improvements yield big returns..................21 targeted attacks taking advantage of an as-yet unknown vulnerability Attempts at smart network scanning...................23 in Window’s remote procedure call (RPC) service. Microsoft quickly Playing with Universal Plug and Play...................24 released an out-of-band security patch (MS08-067), going so far as to Locking itself out.................................................27 classify the update as “critical” for some operating systems—the high- A new Downadup variant?......................................29 Advanced crypto protection.................................30 est designation for a Microsoft Security Bulletin.
  • Post-Mortem of a Zombie: Conficker Cleanup After Six Years Hadi Asghari, Michael Ciere, and Michel J.G

    Post-Mortem of a Zombie: Conficker Cleanup After Six Years Hadi Asghari, Michael Ciere, and Michel J.G

    Post-Mortem of a Zombie: Conficker Cleanup After Six Years Hadi Asghari, Michael Ciere, and Michel J.G. van Eeten, Delft University of Technology https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/asghari This paper is included in the Proceedings of the 24th USENIX Security Symposium August 12–14, 2015 • Washington, D.C. ISBN 978-1-939133-11-3 Open access to the Proceedings of the 24th USENIX Security Symposium is sponsored by USENIX Post-Mortem of a Zombie: Conficker Cleanup After Six Years Hadi Asghari, Michael Ciere and Michel J.G. van Eeten Delft University of Technology Abstract more sophisticated C&C mechanisms that are increas- ingly resilient against takeover attempts [30]. Research on botnet mitigation has focused predomi- In pale contrast to this wealth of work stands the lim- nantly on methods to technically disrupt the command- ited research into the other side of botnet mitigation: and-control infrastructure. Much less is known about the cleanup of the infected machines of end users. Af- effectiveness of large-scale efforts to clean up infected ter a botnet is successfully sinkholed, the bots or zom- machines. We analyze longitudinal data from the sink- bies basically remain waiting for the attackers to find hole of Conficker, one the largest botnets ever seen, to as- a way to reconnect to them, update their binaries and sess the impact of what has been emerging as a best prac- move the machines out of the sinkhole. This happens tice: national anti-botnet initiatives that support large- with some regularity. The recent sinkholing attempt of scale cleanup of end user machines.
  • A Honeypot for Arbitrary Malware on USB Storage Devices

    A Honeypot for Arbitrary Malware on USB Storage Devices

    A Honeypot for Arbitrary Malware on USB Storage Devices Sebastian Poeplau Jan Gassen University of Bonn Elmar Gerhards-Padilla Institute of Computer Science 4 Fraunhofer FKIE Friedrich-Ebert-Allee 144 Cyber Defense research group 53113 Bonn Friedrich-Ebert-Allee 144 53113 Bonn Abstract—Malware is a serious threat for modern information be infected usually by pretending to be vulnerable computers technology. It is therefore vital to be able to detect and analyze or services. Most commonly, honeypots are run on dedicated such malicious software in order to develop contermeasures. systems, i. e. machines that are maintained exclusively for the Honeypots are a tool supporting that task—they collect malware samples for analysis. Unfortunately, existing honeypots concen- purpose of capturing malware. Honeypots enable researchers trate on malware that spreads over networks, thus missing any and anti-virus companies to analyze new types of malware and malware that does not use a network for propagation. to develop countermeasures, and they are vital in generating A popular network-independent technique for malware to signatures of previously unknown malware. Even though there spread is copying itself to USB flash drives. In this article we are various different honeypot concepts, they all face one basic present Ghost, a new kind of honeypot for such USB malware. problem: How to trick malware into infecting a honeypot It detects malware by simulating a removable device in software, thereby tricking malware into copying itself to the virtual device. machine? We explain the concept in detail and evaluate it using samples Many of the employed concepts make use of the fact that of wide-spread malware.
  • Undergraduate Report

    Undergraduate Report

    UNDERGRADUATE REPORT Attack Evolution: Identifying Attack Evolution Characteristics to Predict Future Attacks by MaryTheresa Monahan-Pendergast Advisor: UG 2006-6 IINSTITUTE FOR SYSTEMSR RESEARCH ISR develops, applies and teaches advanced methodologies of design and analysis to solve complex, hierarchical, heterogeneous and dynamic problems of engineering technology and systems for industry and government. ISR is a permanent institute of the University of Maryland, within the Glenn L. Martin Institute of Technol- ogy/A. James Clark School of Engineering. It is a National Science Foundation Engineering Research Center. Web site http://www.isr.umd.edu Attack Evolution 1 Attack Evolution: Identifying Attack Evolution Characteristics To Predict Future Attacks MaryTheresa Monahan-Pendergast Dr. Michel Cukier Dr. Linda C. Schmidt Dr. Paige Smith Institute of Systems Research University of Maryland Attack Evolution 2 ABSTRACT Several approaches can be considered to predict the evolution of computer security attacks, such as statistical approaches and “Red Teams.” This research proposes a third and completely novel approach for predicting the evolution of an attack threat. Our goal is to move from the destructive nature and malicious intent associated with an attack to the root of what an attack creation is: having successfully solved a complex problem. By approaching attacks from the perspective of the creator, we will chart the way in which attacks are developed over time and attempt to extract evolutionary patterns. These patterns will eventually
  • Adware-Searchsuite

    Adware-Searchsuite

    McAfee Labs Threat Advisory Adware-SearchSuite June 22, 2018 McAfee Labs periodically publishes Threat Advisories to provide customers with a detailed analysis of prevalent malware. This Threat Advisory contains behavioral information, characteristics and symptoms that may be used to mitigate or discover this threat, and suggestions for mitigation in addition to the coverage provided by the DATs. To receive a notification when a Threat Advisory is published by McAfee Labs, select to receive “Malware and Threat Reports” at the following URL: https://www.mcafee.com/enterprise/en-us/sns/preferences/sns-form.html Summary Detailed information about the threat, its propagation, characteristics and mitigation are in the following sections: Infection and Propagation Vectors Mitigation Characteristics and Symptoms Restart Mechanism McAfee Foundstone Services The Threat Intelligence Library contains the date that the above signatures were most recently updated. Please review the above mentioned Threat Library for the most up to date coverage information. Infection and Propagation Vectors Adware-SearchSuite is a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them. Mitigation Mitigating the threat at multiple levels like file, registry and URL could be achieved at various layers of McAfee products. Browse the product guidelines available here (click Knowledge Center, and select Product Documentation from the Support Content list) to mitigate the threats based on the behavior described in the Characteristics and symptoms section.
  • A Crawler-Based Study of Spyware on the Web

    A Crawler-Based Study of Spyware on the Web

    A Crawler-based Study of Spyware on the Web Alexander Moshchuk, Tanya Bragin, Steven D. Gribble, and Henry M. Levy Department of Computer Science & Engineering University of Washington {anm, tbragin, gribble, levy}@cs.washington.edu Abstract servers [16]. The AOL scan mentioned above has provided simple summary statistics by directly examining desktop in- Malicious spyware poses a significant threat to desktop fections [2], while a recent set of papers have considered security and integrity. This paper examines that threat from user knowledge of spyware and its behavior [6, 29]. an Internet perspective. Using a crawler, we performed a In this paper we change perspective, examining the na- large-scale, longitudinal study of the Web, sampling both ture of the spyware threat not on the desktop but from an executables and conventional Web pages for malicious ob- Internet point of view. To do this, we conduct a large-scale jects. Our results show the extent of spyware content. For outward-looking study by crawling the Web, downloading example, in a May 2005 crawl of 18 million URLs, we found content from a large number of sites, and then analyzing it spyware in 13.4% of the 21,200 executables we identified. to determine whether it is malicious. In this way, we can At the same time, we found scripted “drive-by download” answer several important questions. For example: attacks in 5.9% of the Web pages we processed. Our analy- sis quantifies the density of spyware, the types of of threats, • How much spyware is on the Internet? and the most dangerous Web zones in which spyware is • Where is that spyware located (e.g., game sites, chil- likely to be encountered.
  • PARK JIN HYOK, Also Known As ("Aka") "Jin Hyok Park," Aka "Pak Jin Hek," Case Fl·J 18 - 1 4 79

    PARK JIN HYOK, Also Known As ("Aka") "Jin Hyok Park," Aka "Pak Jin Hek," Case Fl·J 18 - 1 4 79

    AO 91 (Rev. 11/11) Criminal Complaint UNITED STATES DISTRICT COURT for the RLED Central District of California CLERK U.S. DIS RICT United States ofAmerica JUN - 8 ?018 [ --- .. ~- ·~".... ~-~,..,. v. CENT\:y'\ l i\:,: ffl1G1 OF__ CAUFORN! BY .·-. ....-~- - ____D=E--..... PARK JIN HYOK, also known as ("aka") "Jin Hyok Park," aka "Pak Jin Hek," Case fl·J 18 - 1 4 79 Defendant. CRIMINAL COMPLAINT I, the complainant in this case, state that the following is true to the best ofmy knowledge and belief. Beginning no later than September 2, 2014 and continuing through at least August 3, 2017, in the county ofLos Angeles in the Central District of California, the defendant violated: Code Section Offense Description 18 U.S.C. § 371 Conspiracy 18 u.s.c. § 1349 Conspiracy to Commit Wire Fraud This criminal complaint is based on these facts: Please see attached affidavit. IBJ Continued on the attached sheet. Isl Complainant's signature Nathan P. Shields, Special Agent, FBI Printed name and title Sworn to before ~e and signed in my presence. Date: ROZELLA A OLIVER Judge's signature City and state: Los Angeles, California Hon. Rozella A. Oliver, U.S. Magistrate Judge Printed name and title -:"'~~ ,4G'L--- A-SA AUSAs: Stephanie S. Christensen, x3756; Anthony J. Lewis, x1786; & Anil J. Antony, x6579 REC: Detention Contents I. INTRODUCTION .....................................................................................1 II. PURPOSE OF AFFIDAVIT ......................................................................1 III. SUMMARY................................................................................................3
  • An API Honeypot for Ddos and XSS Analysis

    An API Honeypot for Ddos and XSS Analysis

    An API Honeypot for DDoS and XSS Analysis G Leaden, Marcus Zimmermann, Casimer DeCusatis, Fellow, IEEE, and Alan G. Labouseur Marist College School of Computer Science and Mathematics Poughkeepsie, NY 12601 fG.Leaden1, Marcus.Zimmermann1, Casimer.DeCusatis, [email protected] Abstract—Honeypots are servers or systems built to mimic II. BACKGROUND critical parts of a network, distracting attackers while logging their information to develop attack profiles. This paper discusses Not long after making G-Star Studio available online, we the design and implementation of a honeypot disguised as a REp- observed a number of unauthorized connection attempts to resentational State Transfer (REST) Application Programming its Application Programming Interface (API). These attacks Interface (API). We discuss the motivation for this work, design specifically targeted G-star Studio’s REpresentational State features of the honeypot, and experimental performance results Transfer (REST) API. under various traffic conditions. We also present analyses of both a distributed denial of service (DDoS) attack and a cross-site A REST API is among the most commonly used API scripting (XSS) malware insertion attempt against this honeypot. architectures today [6]. There are many examples of recent attacks against REST APIs, including well-publicized attacks on the Nissan Leaf smart car [7] and the U.S. Internal Revenue Service database. Existing APIs do not always follow security I. INTRODUCTION best practices, and developers might be lulled into a false sense of security by believing that their API will not be an attack The number and severity of cyber attacks has grown signif- target. In an effort to improve the security of our SecureCloud icantly in recent years [1], [2].
  • Backdoors in Software: a Cycle of Fear and Uncertainty

    Backdoors in Software: a Cycle of Fear and Uncertainty

    BACKDOORS IN SOFTWARE: A CYCLE OF FEAR AND UNCERTAINTY Leah Holden, Tufts University, Medford, MA Abstract: With the advent of cryptography and an increasingly online world, an antagonist to the security provided by encryption has emerged: backdoors. Backdoors are slated as insidious but often they aren’t intended to be. Backdoors can just be abused maintenance accounts, exploited vulnerabilities, or created by another agent via infecting host servers with malware. We cannot ignore that they may also be intentionally programmed into the source code of an application. Like with the cyber attrition problem, it may be difficult to determine the root cause of a backdoor and challenging to prove its very existence. These characteristics of backdoors ultimately lead to a state of being that I liken to a cycle of fear where governments or companies throw accusations around, the public roasts the accused, and other companies live in fear of being next. Notably missing from this cycle are any concrete solutions for preventing backdoors. A pervasive problem underlies this cycle: backdoors could be mitigated if software developers and their managers fully embraced the concept that no one should ever be able to bypass authentication. From the Clipper chip to the FBI and Apple’s standoff, we will examine requested, suspected, and proven backdoors up through the end of 2017. We will also look at the aftermath of these incidents and their effect on the relationship between software and government. Introduction: A backdoor has been defined as both “an undocumented portal that allows an administrator to enter the system to troubleshoot or do upkeep” and “ a secret portal that hackers and intelligence agencies used to gain illicit access” (Zetter).