DOCSLIB.ORG

Internet Security Threat Report

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Internet Security Threat Report INTERNET SECURITY THREAT REPORT 2011 Trends Volume 17 Published April 2012 INTERNET SECURITY THREAT REPORT Paul Wood Mathew Nisbet Executive Editor Malware Data Analyst Manager, Cyber Security Intelligence Security Technology and Response Security Technology and Response Nicholas Johnston Gerry Egan Sr. Software Engineer Sr. Director, Product Management Security Technology and Response Security Technology and Response Bhaskar Krishnappa Kevin Haley Sr. Software Engineer Director, Product Management Security Technology and Response Security Technology and Response Irfan Asrar Tuan-Khanh Tran Security Response Manager Group Product Manager Security Technology and Response Security Technology and Response Sean Hittel Orla Cox Principal Software Engineer Sr. Manager, Security Operations Security Technology and Response Security Technology and Response Eric Chien Hon Lau Technical Director Manager, Development Security Technology and Response Security Technology and Response Eric Park Candid Wueest Sr. Business Intelligence Analyst Principal Software Engineer Anti-Spam Engineering Security Technology and Response Mathew Maniyara David McKinney Security Response Analyst Principal Threat Analyst Anti-Fraud Response Security Technology and Response Olivier Thonnard Tony Millington Sr. Research Engineer Associate Software Engineer Symantec Research Laboratories Security Technology and Response Pierre-Antoine Vervier Benjamin Nahorney Network Systems Engineer Senior Information Developer Symantec Research Laboratories Security Technology and Response Martin Lee Joanne Mulcahy Sr. Security Analyst Technical Product Manager Symantec.cloud Security Technology and Response Daren Lewis John Harrison Principal Strategic Planning Specialst Group Product Manager Symantec.cloud Security Technology and Response Scott Wallace Thomas Parsons Sr. Graphic Designer Director, Development Security Technology and Response Andrew Watson Sr. Software Engineer Security Technology and Response 2 Symantec Corporation INTERNET SECURITY THREAT REPORT TABLE OF CONTENTS Introduction ..........................................................5 Consumerization And Mobile Computing: Balancing The Risks 2011 By Month ....................................................6 And Benefits In The Cloud .......................25 Risks With ‘Bring Your Own Device’ .......................25 ............................................... 2011 In Numbers 9 Threats Against Mobile Devices .............................25 Consumerization Of It And Cloud Computing .....26 Executive Summary .....................................12 Quick Response (QR) codes ....................................27 What Mobile Malware Does With Your Phone .....27 Confidence In The Cloud: Balancing Risks �����������28 Safeguarding Secrets: Industrial Espionage In Cyberspace ���������������������������������������������������14 Spam Activity Trends ..................................29 Spam In 2011 ............................................................ Cyber-Espionage In 2011 ........................................14 29 Impact Of Botnets On Spam ................................... Advanced Persistent Threats ..................................15 30 The Changing Face Of Spam ................................... Targeted Attacks .......................................................16 30 URL Shortening And Spam ...................................... Case Study .................................................................16 31 Where Attacks Come From ��������������������������������������19 Malicious Code Trends ...............................32 Against The Breach: Malware In 2011 .......................................................32 Securing Trust Website Malware .......................................................33 And Data Protection ....................................20 Email-Borne Malware ...............................................34 Data Breaches In 2011 ............................................21 Border Gateway Protocol (BGP) Hijacking .........................................................35 Certificate Authorities Under Attack .....................23 Polymorphic Threats ................................................35 Building Trust And Securing The Weakest Links ....................................................24 Dangerous Web Sites ...............................................36 Exploiting The Web: Attack Toolkits, Rootkits And Social Networking Threats ..............37 Macs Are Not Immune ..............................................38 Rootkits .......................................................................39 Social Media Threats ������������������������������������������������39 Symantec Corporation 3 INTERNET SECURITY THREAT REPORT Closing The Window Best Practice Guidelines Of Vulnerability: Exploits For Businesses .................................................44 And Zero-Day Attacks .................................40 Number Of Vulnerabilities ......................................40 Best Practice Guidelines Weaknesses in Critical For Consumers ................................................46 Infrastructure Systems ............................................41 Old Vulnerabilities Are Still Under Attack ............41 Web Browser Vulnerabilities ..................................41 More Information ..........................................48 New Zero-day Vulnerabilities Create Big Risks .......................................................42 About Symantec ..............................................48 Conclusion: What’s Ahead In 2012 .................................43 Endnotes ...............................................................49 FIGURES Figure 1 Figure 10 Targeted Attacks Trend Showing Average Key Functionality Of Mobile Risks..................................27 Number Of Attacks Identified Each Month, 2011 .........15 Figure 11 Figure 2 Percentage Of Email Identified As Spam, 2011 ............30 Targeted Email Attacks, By Top-Ten Industry Sectors, 2011 ��������������������������������16 Figure 12 Top Ten Spam Email Categories, 2010-2011 ................31 Figure 3 Attacks By Size Of Targeted Organization ....................17 Figure 13 Average Number Of Malicious Web Sites Figure 4 Identified Per Day, 2011 ................................................33 Analysis Of Job Functions Of Recipients Being Targeted .........................................18 Figure 14 Ratio Of Malware In Email Traffic, 2011 ........................34 Figure 5 Geographical Locations Figure 15 Of Attackers’ IP Addresses ���������������������������������������������19 Rise In Email-Borne Bredolab Polymorphic Malware Attacks Per Month, 2011 ................................35 Figure 6 Timeline Of Data Breaches Figure 16 Showing Identities Breached In 2011 ............................21 Most Dangerous Web Site Categories, 2011 .................36 Figure 7 Figure 17 Top-Ten Sectors Macdefender Trojan Screenshot ������������������������������������38 By Number Of Data Breaches, 2011 ������������������������������22 Figure 18 Figure 8 Total Number Of Vulnerabilities Identified, Top-Ten Sectors 2006-2011 .....................................................................40 By Number Of Identities Exposed, 2011 ........................22 Figure 19 Figure 9 Browser Vulnerabilities In 2010 And 2011 ...................41 Total Mobile Malware Family Count 2010-2012 ...........26 Figure 20 Web Browser Plug-In Vulnerabilities .............................42 4 Symantec Corporation INTERNET SECURITY THREAT REPORT Introduction ymantec has established some of the most comprehensive sources of Internet threat data in the world through the Symantec™ Global SIntelligence Network, which is made up of more than 64.6 million attack sensors and records thousands of events per second. This network monitors attack activity in more than 200 countries and territories through a combination of Symantec products and services such as Symantec DeepSight™ Threat Management System, Symantec™ Managed Security Services and Norton™ consumer products, and other third-party data sources. In addition, Symantec maintains one of the world’s most comprehensive vulnerability databases, currently consisting of more than 47,662 recorded vulnerabilities (spanning more than two decades) from over 15,967 vendors representing over 40,006 products. Spam, phishing and malware data is captured through a variety of sources, including the Symantec Probe Network, a system of more than 5 million decoy accounts; Symantec.cloud and a number of other Symantec security technologies. Skeptic™, the Symantec.cloud proprietary heuristic technology is able to detect new and sophisticated targeted threats before reaching customers’ networks. Over 8 billion email messages and more than 1.4 billion Web requests are processed each day across 15 data centers. Symantec also gathers phishing information through an extensive antifraud community of enterprises, security vendors, and more than 50 million consumers. These resources give Symantec’s analysts unparalleled sources of data with which to identify, analyze, and provide informed commentary on emerging trends in attacks, malicious code activity, phishing, and spam. The result is the annual Symantec Internet Security Threat Report, which gives enterprises and consumers the essential information to secure their systems effectively now and into the future. Symantec Corporation 5 INTERNET SECURITY THREAT REPORT 2011 BY MONTH MOBILE BOTNET THREAT SPAM SOCIAL HACKS
Load more

Recommended publications
  • RSA-512 Certificates Abused in the Wild
    RSA-512 Certificates abused in the wild During recent weeks we have observed several interesting publications which have a direct relation to an investigation we worked on recently. On one hand there was a Certificate Authority being revoked by Mozilla, Microsoft and Google (Chrome), on the other hand there was the disclosure of a malware attack by Mikko Hypponen (FSecure) using a government issued certificate signed by the same Certificate Authority. That case however is not self-contained and a whole range of malicious software had been signed with valid certificates. The malicious software involved was used in targeted attacks focused on governments, political organizations and the defense industry. The big question is of course, what happened, and how did the attackers obtain access to these certificates? We will explain here in detail how the attackers have used known techniques to bypass the Microsoft Windows code signing security model. Recently Mikko Hypponen wrote a blog on the F-Secure weblog (http://www.f-secure.com/weblog/archives/00002269.html) detailing the discovery of a certificate used to sign in the wild malware. Specifically this malware was embedded in a PDF exploit and shipped in August 2011. Initially Mikko also believed the certificate was stolen, as that is very common in these days, with a large amount of malware families having support, or optional support, for stealing certificates from the infected system. Apparently someone Mikko spoke to mentioned something along the lines that it had been stolen a long time ago. During the GovCert.nl symposium Mikko mentioned the certificate again, but now he mentioned that according to the people involved with investigating the case in Malaysia it likely wasn't stolen.
    [Show full text]
  • Sample Iis Publication Page
    https://doi.org/10.48009/1_iis_2012_133-143 Issues in Information Systems Volume 13, Issue 1, pp. 133-143, 2012 HACKERS GONE WILD: THE 2011 SPRING BREAK OF LULZSEC Stan Pendergrass, Robert Morris University, [email protected] ABSTRACT Computer hackers, like the group known as Anonymous, have made themselves more and more relevant to our modern life. As we create and expand more and more data within our interconnected electronic universe, the threat that they bring to its fragile structure grows as well. However Anonymous is not the only group of hackers/activists or hacktivists that have made their presence known. LulzSec was a group that wreaked havoc with information systems in 2011. This will be a case study examination of their activities so that a better understanding of five aspects can be obtained: the Timeline of activities, the Targets of attack, the Tactics the group used, the makeup of the Team and a category which will be referred to as The Twist for reasons which will be made clear at the end of the paper. Keywords: LulzSec, Hackers, Security, AntiSec, Anonymous, Sabu INTRODUCTION Information systems lie at the heart of our modern existence. We deal with them when we work, when we play and when we relax; texting, checking email, posting on Facebook, Tweeting, gaming, conducting e-commerce and e- banking have become so commonplace as to be nearly invisible in modern life. Yet, within each of these electronic interactions lies the danger that the perceived line of security and privacy might be breached and our most important information and secrets might be revealed and exploited.
    [Show full text]
  • Bakalářská Práce 2013
    Masarykova univerzita Filozofická fakulta Ústav české literatury a knihovnictví Kabinet informa čních studií a knihovnictví Bakalá řská diplomová práce 2013 Alena Brožová Masarykova univerzita Filozofická fakulta Kabinet informa čních studií a knihovnictví Informa ční studia a knihovnictví Alena Brožová AntiSec: hacktivistická kampa ň za svobodu na internetu Bakalá řská diplomová práce Vedoucí práce: PhDr. Pavla Ková řová 2013 Prohlašuji, že jsem diplomovou práci vypracovala samostatn ě s využitím uvedených pramen ů a literatury. …………………………………………….. Podpis autora práce Zde bych cht ěla pod ěkovat vedoucí práce PhDr. Pavle Ková řové za pomoc a cenné rady v pr ůběhu tvorby bakalá řské diplomové práce. Bibliografický záznam BROŽOVÁ, Alena. AntiSec: hacktivistická kampa ň za svobodu na internetu . Brno: Masarykova univerzita, Filozofická fakulta, Ústav české literatury a knihovnictví, Kabinet informa čních studií a knihovnictví, 2013, 59 s. Vedoucí bakalá řské práce PhDr. Pavla Ková řová. Anotace Bakalá řská diplomová práce „AntiSec: hacktivistická kampa ň za svobodu na internetu“ se zabývá hackerskými útoky v rámci operace AntiSec, které byly uskute čněny pod záštitou propagace svobodného internetu, svobody informací a svobody projevu. Práce se zabývá etickou oprávn ěností provedení útok ů v souvislosti s pravidly definovaných etických teorií a kodex ů. Pro toto hodnocení jsou využity principy dimenzionální analýzy. Výsledkem práce je souhrn informací o prob ěhnuté operaci s důrazem na eti čnost provedených útok ů. Annotation Bachelor thesis „AntiSec: hacktivism campaign for freedom on the internet“ deals with hacker attacks in Operation AntiSec which were made under the auspices of promoting free internet, freedom of information and freedom of expression. The work deals with the ethical legitimacy of carrying out attacks in relation to the rules of defined ethical theories and codes.
    [Show full text]
  • A PRACTICAL METHOD of IDENTIFYING CYBERATTACKS February 2018 INDEX
    In Collaboration With A PRACTICAL METHOD OF IDENTIFYING CYBERATTACKS February 2018 INDEX TOPICS EXECUTIVE SUMMARY 4 OVERVIEW 5 THE RESPONSES TO A GROWING THREAT 7 DIFFERENT TYPES OF PERPETRATORS 10 THE SCOURGE OF CYBERCRIME 11 THE EVOLUTION OF CYBERWARFARE 12 CYBERACTIVISM: ACTIVE AS EVER 13 THE ATTRIBUTION PROBLEM 14 TRACKING THE ORIGINS OF CYBERATTACKS 17 CONCLUSION 20 APPENDIX: TIMELINE OF CYBERSECURITY 21 INCIDENTS 2 A Practical Method of Identifying Cyberattacks EXECUTIVE OVERVIEW SUMMARY The frequency and scope of cyberattacks Cyberattacks carried out by a range of entities are continue to grow, and yet despite the seriousness a growing threat to the security of governments of the problem, it remains extremely difficult to and their citizens. There are three main sources differentiate between the various sources of an of attacks; activists, criminals and governments, attack. This paper aims to shed light on the main and - based on the evidence - it is sometimes types of cyberattacks and provides examples hard to differentiate them. Indeed, they may of each. In particular, a high level framework sometimes work together when their interests for investigation is presented, aimed at helping are aligned. The increasing frequency and severity analysts in gaining a better understanding of the of the attacks makes it more important than ever origins of threats, the motive of the attacker, the to understand the source. Knowing who planned technical origin of the attack, the information an attack might make it easier to capture the contained in the coding of the malware and culprits or frame an appropriate response. the attacker’s modus operandi.
    [Show full text]
  • TLS Attacks & DNS Security
    IAIK TLS Attacks & DNS Security Information Security 2019 Johannes Feichtner [email protected] IAIK Outline TCP / IP Model ● Browser Issues Application SSLStrip Transport MITM Attack revisited Network Link layer ● PKI Attacks (Ethernet, WLAN, LTE…) Weaknesses HTTP TLS / SSL FLAME FTP DNS Telnet SSH ● Implementation Attacks ... ● Protocol Attacks ● DNS Security IAIK Review: TLS Services All applications running TLS are provided with three essential services Authentication HTTPS FTPS Verify identity of client and server SMTPS ... Data Integrity Detect message tampering and forgery, TLS e.g. malicious Man-in-the-middle TCP IP Encryption Ensure privacy of exchanged communication Note: Technically, not all services are required to be used Can raise risk for security issues! IAIK Review: TLS Handshake RFC 5246 = Establish parameters for cryptographically secure data channel Full handshake Client Server scenario! Optional: ClientHello 1 Only with ServerHello Client TLS! Certificate 2 ServerKeyExchange Certificate CertificateRequest ClientKeyExchange ServerHelloDone CertificateVerify 3 ChangeCipherSpec Finished ChangeCipherSpec 4 Finished Application Data Application Data IAIK Review: Certificates Source: http://goo.gl/4qYsPz ● Certificate Authority (CA) = Third party, trusted by both the subject (owner) of the certificate and the party (site) relying upon the certificate ● Browsers ship with set of > 130 trust stores (root CAs) IAIK Browser Issues Overview Focus: Relationship between TLS and HTTP Problem? ● Attacker wants to access encrypted data ● Browsers also have to deal with legacy websites Enforcing max. security level would „break“ connectivity to many sites Attack Vectors ● SSLStrip ● MITM Attack …and somehow related: Cookie Stealing due to absent „Secure“ flag… IAIK Review: ARP Poisoning How? Attacker a) Join WLAN, ● Sniff data start ARP Poisoning ● Manipulate data b) Create own AP ● Attack HTTPS connections E.g.
    [Show full text]
  • Web and Mobile Security
    Cyber Security Body of Knowledge: Web and Mobile Security Sergio Maffeis Imperial College London bristol.ac.uk © Crown Copyright, The National Cyber Security Centre 2021. This information is licensed under the Open Government Licence v3.0. To view this licence, visit http://www.nationalarchives.gov.uk/doc/open- government-licence/. When you use this information under the Open Government Licence, you should include the following attribution: CyBOK Web & Mobile Security Knowledge Area Issue 1.0 © Crown Copyright, The National Cyber Security Centre 2021, licensed under the Open Government Licence http://www.nationalarchives.gov.uk/doc/open- government-licence/. The CyBOK project would like to understand how the CyBOK is being used and its uptake. The project would like organisations using, or intending to use, CyBOK for the purposes of education, training, course development, professional development etc. to contact it at [email protected] to let the project know how they are using CyBOK. bristol.ac.uk Web & Mobile Security KA • This webinar covers and complements selected topics from the “Web & Mobile Security Knowledge Area - Issue 1.0” document [WMS-KA for short] • “The purpose of this Knowledge Area is to provide an overview of security mechanisms, attacks and defences in modern web and mobile ecosystems.” • We assume basic knowledge of the web and mobile platforms – The WMS-KA also covers some of the basic concepts assumed here Web and Mobile Security 3 Scope • The focus of WMS-KA is on the intersection of mobile and web security, as a result of recent appification and webification trends. – The KA does not cover specific mobile-only aspects including mobile networks, mobile malware, side channels.
    [Show full text]
  • Reporting, and General Mentions Seem to Be in Decline
    CYBER THREAT ANALYSIS Return to Normalcy: False Flags and the Decline of International Hacktivism By Insikt Group® CTA-2019-0821 CYBER THREAT ANALYSIS Groups with the trappings of hacktivism have recently dumped Russian and Iranian state security organization records online, although neither have proclaimed themselves to be hacktivists. In addition, hacktivism has taken a back seat in news reporting, and general mentions seem to be in decline. Insikt Group utilized the Recorded FutureⓇ Platform and reports of historical hacktivism events to analyze the shifting targets and players in the hacktivism space. The target audience of this research includes security practitioners whose enterprises may be targets for hacktivism. Executive Summary Hacktivism often brings to mind a loose collective of individuals globally that band together to achieve a common goal. However, Insikt Group research demonstrates that this is a misleading assumption; the hacktivist landscape has consistently included actors reacting to regional events, and has also involved states operating under the guise of hacktivism to achieve geopolitical goals. In the last 10 years, the number of large-scale, international hacking operations most commonly associated with hacktivism has risen astronomically, only to fall off just as dramatically after 2015 and 2016. This constitutes a return to normalcy, in which hacktivist groups are usually small sets of regional actors targeting specific organizations to protest regional events, or nation-state groups operating under the guise of hacktivism. Attack vectors used by hacktivist groups have remained largely consistent from 2010 to 2019, and tooling has assisted actors to conduct larger-scale attacks. However, company defenses have also become significantly better in the last decade, which has likely contributed to the decline in successful hacktivist operations.
    [Show full text]
  • SSL/TLS Interception Proxies and Transitive Trust Jeff Jarmoc Dell Secureworks Counter Threat Unit℠ Threat Intelligence
    SSL/TLS Interception Proxies and Transitive Trust Jeff Jarmoc Dell SecureWorks Counter Threat Unit℠ Threat Intelligence Presented at Black Hat Europe – March 14, 2012. Introduction Secure Sockets Layer (SSL) [1] and its successor Transport Layer Security (TLS) [2] have become key components of the modern Internet. The privacy, integrity, and authenticity [3] [4] provided by these protocols are critical to allowing sensitive communications to occur. Without these systems, e- commerce, online banking, and business-to-business exchange of information would likely be far less frequent. Threat actors have also recognized the benefits of transport security, and they are increasingly turning to SSL to hide their activities. Advanced Persistent Threat (APT) attackers [5], botnets [6], and even commodity web attacks can leverage SSL encryption to evade detection. To counter these tactics, organizations are increasingly deploying security controls that intercept end- to-end encrypted channels. Web proxies, data loss prevention (DLP) systems, specialized threat detection solutions, and network intrusion prevention systems (NIPS) offer functionality to intercept, inspect, and filter encrypted traffic. Similar functionality is present in lawful intercept systems and solutions enabling the broad surveillance of encrypted communications by governments. Broadly classified as “SSL/TLS interception proxies,” these solutions act as a “man in the middle,” violating the end-to-end security promises of SSL. This type of interception comes at a cost. Intercepting SSL-encrypted connections sacrifices a degree of privacy and integrity for the benefit of content inspection, often at the risk of authenticity and endpoint validation. Implementers and designers of SSL interception proxies should consider these risks and understand how their systems operate in unusual circumstances.
    [Show full text]
  • Certificate Transparency: New Part of PKI Infrastructure
    Certificate transparency: New part of PKI infrastructure A presentation by Dmitry Belyavsky, TCI ENOG 7 Moscow, May 26-27, 2014 About PKI *) *) PKI (public-key infrastructure) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates Check the server certificate The server certificate signed correctly by any of them? Many trusted CAs NO YES Everything seems to We warn the user be ok! DigiNotar case OCSP requests for the fake *.google.com certificate Source: FOX-IT, Interim Report, http://cryptome.org/0005/diginotar-insec.pdf PKI: extra trust Independent Trusted PKI source certificate DANE (RFC 6698) Certificate pinning Limited browsers support Mozilla Certificate Patrol, Chrome cache for Google certificates Certificate transparency (RFC 6962) Inspired by Google (Support in Chrome appeared) One of the authors - Ben Laurie (OpenSSL Founder) CA support – Comodo Certificate Transparency: how it works • Log accepts cert => SCT Client • Is SCT present and signed correctly? Client • Is SCT present and signed correctly? Auditor • Does log server behave correctly? Monitor • Any suspicious certs? Certificate Transparency: how it works Source: http://www.certificate-transparency.org Certificate Transparency how it works Source: http://www.certificate-transparency.org Certificate Transparency current state Google Chrome Support (33+) http://www.certificate-transparency.org/certificate-transparency-in-chrome Google Cert EV plan http://www.certificate-transparency.org/ev-ct-plan Certificate Transparency current state Open source code 2 pilot logs Certificate Transparency: protect from what? SAVE from MITM attack ü Warning from browser ü Site owner can watch logs for certs Do NOT SAVE from HEARTBLEED! Certificate transparency and Russian GOST crypto Russian GOST does not save from the MITM attack Algorithm SHA-256 >>> GOSTR34.11-2012 Key >>> GOST R 34.10-2012 Q&A Questions? Drop ‘em at: [email protected] .
    [Show full text]
  • Zerohack Zer0pwn Youranonnews Yevgeniy Anikin Yes Men
    Zerohack Zer0Pwn YourAnonNews Yevgeniy Anikin Yes Men YamaTough Xtreme x-Leader xenu xen0nymous www.oem.com.mx www.nytimes.com/pages/world/asia/index.html www.informador.com.mx www.futuregov.asia www.cronica.com.mx www.asiapacificsecuritymagazine.com Worm Wolfy Withdrawal* WillyFoReal Wikileaks IRC 88.80.16.13/9999 IRC Channel WikiLeaks WiiSpellWhy whitekidney Wells Fargo weed WallRoad w0rmware Vulnerability Vladislav Khorokhorin Visa Inc. Virus Virgin Islands "Viewpointe Archive Services, LLC" Versability Verizon Venezuela Vegas Vatican City USB US Trust US Bankcorp Uruguay Uran0n unusedcrayon United Kingdom UnicormCr3w unfittoprint unelected.org UndisclosedAnon Ukraine UGNazi ua_musti_1905 U.S. Bankcorp TYLER Turkey trosec113 Trojan Horse Trojan Trivette TriCk Tribalzer0 Transnistria transaction Traitor traffic court Tradecraft Trade Secrets "Total System Services, Inc." Topiary Top Secret Tom Stracener TibitXimer Thumb Drive Thomson Reuters TheWikiBoat thepeoplescause the_infecti0n The Unknowns The UnderTaker The Syrian electronic army The Jokerhack Thailand ThaCosmo th3j35t3r testeux1 TEST Telecomix TehWongZ Teddy Bigglesworth TeaMp0isoN TeamHav0k Team Ghost Shell Team Digi7al tdl4 taxes TARP tango down Tampa Tammy Shapiro Taiwan Tabu T0x1c t0wN T.A.R.P. Syrian Electronic Army syndiv Symantec Corporation Switzerland Swingers Club SWIFT Sweden Swan SwaggSec Swagg Security "SunGard Data Systems, Inc." Stuxnet Stringer Streamroller Stole* Sterlok SteelAnne st0rm SQLi Spyware Spying Spydevilz Spy Camera Sposed Spook Spoofing Splendide
    [Show full text]
  • Legal Checks on Surveillance and Modern Modes of Warfare William Howell (University of Chicago) and Mariah Zeisberg (University of Michigan)
    Legal Checks on Surveillance and Modern Modes of Warfare William Howell (University of Chicago) and Mariah Zeisberg (University of Michigan) (This essay appeared in the Boston Review earlier this summer.) As the Obama era comes to a close, two antithetical visions of our government appear before us. On the first, executive power on domestic issues is not merely contained; it is subdued. A curious blend of congressional initiative and intransigence render a domesticated presidency. But we also have caught glimpses of an enormous and largely clandestine national security apparatus. Whereas the president’s ambitions for domestic policymaking are checked fiercely and ceaselessly, Congress either affirmatively protects or passively cedes vast discretionary power to the president on matters of national security. What explains this disparity, and what can be done about it? In particular, can the formal tools of policy oversight meaningfully constrain the creeping power of the surveillance state or modern ways of warfare? Most constitutional law scholars think so. Through investigations, hearings, audits, and publicity, they argue, Congress and the courts can check executive secrecy. These scholars are not entirely wrong, but their hopes are exaggerated. Traditional legal reasoning, preoccupied with political checks, has an impoverished view of the nature of modern surveillance and obscures the generative forces behind various forms of public and private resistance to state surveillance. • • • A recent argument on this score, and one that reflects many of characteristic features of current legal reasoning, can be found in University of Minnesota law professor Heidi Kitrosser’s new book Reclaiming Accountability. Kitrosser recommends that we recommit ourselves to the basic constitutional framework for limiting presidential war powers.
    [Show full text]
  • Security Economics in the HTTPS Value Chain
    Security Economics in the HTTPS Value Chain Hadi Asghari*, Michel J.G. van Eeten*, Axel M. Arnbak+ & Nico A.N.M. van Eijk+1 * [email protected], [email protected] Delft University of Technology, Faculty of Technology Policy and Management + [email protected], [email protected] University van Amsterdam, Faculty of Law, Institute for Information Law Abstract. Even though we increasingly rely on HTTPS to secure Internet communications, several landmark incidents in recent years have illustrated that its security is deeply flawed. We present an extensive multi-disciplinary analysis that examines how the systemic vulnerabilities of the HTTPS authentication model could be addressed. We conceptualize the security issues from the perspective of the HTTPS value chain. We then discuss the breaches at several Certificate Authorities (CAs). Next, we explore the security incentives of CAs via the empirical analysis of the market for SSL certificates, based on the SSL Observatory dataset. This uncovers a surprising pattern: there is no race to the bottom. Rather, we find a highly concentrated market with very large price differences among suppliers and limited price competition. We explain this pattern and explore what it tells us about the security incentives of CAs, including how market leaders seem to benefit from the status quo. In light of these findings, we look at regulatory and technical proposals to address the systemic vulnerabilities in the HTTPS value chain, in particular the EU eSignatures proposal that seeks to strictly regulate HTTPS communications. Keywords: HTTPS, Cybersecurity, Internet Governance, Constitutional Values, E-Commerce, Value Chain Analysis, Security Economics, eSignatures Regulation, SSL, TLS, Digital Certificates, Certificate Authorities.
    [Show full text]