Federal Strategy Unit for IT FSUIT Federal Intelligence Service FIS Reporting and Analysis Centre for Information Assurance MELANI www.melani.admin.ch Information Assurance Situation in Switzerland and Internationally Semi-annual report 2010/II (July – December) MELANI – Semi-annual report 2010/II Information Assurance – Situation in Switzerland and Internationally Contents 1 Focus Areas of Issue 2010/II ..........................................................................................3 2 Introduction .....................................................................................................................4 3 Current National ICT Infrastructure Situation ..............................................................5 3.1 Distributed denial-of-service attacks against SP, CVP, FDP and SVP websites5 3.2 Attacks of Wikileaks sympathizers .....................................................................5 3.3 First Cyber Europe exercise ...............................................................................6 3.4 "Stories from the internet" for more security in the information society .............. 7 3.5 Phishing of e-mail accounts ................................................................................8 3.6 Mobile Internet outage ........................................................................................8 3.7 Radio outage in the Bern region .........................................................................9 3.8 "Black hat SEO" campaign also with .ch domains ..............................................9 3.9 Fight against malicious websites ......................................................................11 3.10 27C3: we come in peace – and hack your website ..........................................13 3.11 Anti-Botnet Initiative Switzerland evaluation study ...........................................15 3.12 Cyber Defence Project Leader .........................................................................15 3.13 OpenX server ...................................................................................................15 4 Current International ICT Infrastructure Situation .....................................................16 4.1 Stuxnet attack on industrial control systems ....................................................16 4.2 Wikileaks ..........................................................................................................17 4.3 SSL and two-factor authentication – security for customers ............................ 19 4.4 Incidents related to trading in emissions rights .................................................19 4.5 NATO trains cyber defence and includes cyber threats in its strategic concept20 4.6 Trend toward USB worms ................................................................................21 4.7 "Here you have" computer worm – "Iraq Resistance" ......................................22 4.8 Dutch police separate large botnet from the Internet .......................................23 4.9 ZeuS and SpyEye – merger of two of the largest e-banking trojans? .............. 23 4.10 "J1 Network" money laundering organization broken up .................................. 24 4.11 Credit card money mule ...................................................................................25 5 Trends / Outlook ...........................................................................................................26 5.1 Stuxnet – the beginning of SCADA trojans .......................................................26 5.2 DDoS – background and motivations ...............................................................27 5.3 Mobile (in)security ............................................................................................29 5.4 Cloud computing – security measures .............................................................31 5.5 Network monopoly – a security problem? ........................................................32 6 Glossary ........................................................................................................................34 7 Appendix .......................................................................................................................39 7.1 DDoS – Analysis of an increasingly frequent phenomenon ............................. 39 2/42 MELANI – Semi-annual report 2010/II Information Assurance – Situation in Switzerland and Internationally 1 Focus Areas of Issue 2010/II • Stuxnet - Attack against control systems Using the example of the Stuxnet computer worm, the media widely discussed the problem of attacks on control systems (SCADA) during the reporting year – a problem that had been a concern of experts for quite some time. Stuxnet is, however, the first case that drew considerable attention worldwide. With sufficient motivation and resources, practically any system can be infiltrated and sabotaged sooner or later. It must be expected that similar attacks will occur again in future. ► Current topics internationally: Chapter 4.1 ► Current topics internationally: Chapter 4.6 ► Trends / Outlook: Chapter 5.1 • Distributed denial-of-service (DDoS) attacks Attacks on the availability of websites, i.e. distributed denial-of-service (DDoS) attacks, are used for various purposes in the cyberworld. Initially, attacks occurred primarily as simple acts of vandalism. Meanwhile, however, the motivations have shifted. DDoS attacks are currently observed as tools of revenge, for instance, as a way to damage competitors or extort protection money, or as politically motivated attacks. ► Current topics in Switzerland: Chapter 3.1 ► Current topics in Switzerland: Chapter 3.2 ► Trends / Outlook: Chapter 5.2 ► Appendix: Chapter 7.1 • Smartphone security For a long time, it was assumed that the threat of viruses for smartphones was modest, since smartphones were not seen as a worthwhile target for the malware industry. Reasons included the large number of operating systems, the difficulties in spreading malware, and the lack of "computer crime business models". The increasing popularity of smartphones and mobile phones with PC-like functionality and the storage of sensitive data on these devices is making them increasingly attractive for criminals, however. ► Trends / Outlook: Chapter 5.3 • Website infections persist at high level Website infections are currently the most widely used dissemination vector for malware. Central servers offering content to different websites play a key role in this regard. A single act of compromising especially online advertising, but also statistics services, can result in far-reaching consequences. ► Current topics in Switzerland: Chapter 3.9 ► Current topics in Switzerland: Chapter 3.13 • Phishing against Internet services increases Especially vulnerable are those services protected only by a username and password and if money can be made directly or indirectly by accessing them. In addition to emissions trading, this primarily concerns credit cards, online payment systems, auction platforms, e-mail providers, and social networks. ► Current topics in Switzerland: Chapter 3.5 ► Current topics internationally: Chapter 4.3 ► Current topics internationally: Chapter 4.4 3/42 MELANI – Semi-annual report 2010/II Information Assurance – Situation in Switzerland and Internationally 2 Introduction The twelfth semi-annual report (July – December 2010) of the Reporting and Analysis Centre for Information Assurance (MELANI) presents the most significant trends involving the threats and risks arising from information and communication technologies (ICT). It provides an overview of the events in Switzerland and abroad, illuminates the most important developments in the field of prevention, and summarizes the activities of public and private actors. Explanations of jargon and technical terms (in italics) can be found in a Glossary (Chapter 6) at the end of this report. Comments by MELANI are indicated by a shaded box. Selected topics covered in this semi-annual report are outlined in Chapter 1. Chapters 3 and 4 discuss breakdowns and failures, attacks, crime and terrorism connected with ICT infrastructures. Selected examples are used to illustrate important events of the second half of 2010. Chapter 5 discusses trends and contains an outlook on expected developments. Chapter 7 is an Appendix with expanded technical explanations and instructions on selected topics covered in the semi-annual report. 4/42 MELANI – Semi-annual report 2010/II Information Assurance – Situation in Switzerland and Internationally 3 Current National ICT Infrastructure Situation 3.1 Distributed denial-of-service attacks against SP, CVP, FDP and SVP websites The websites of the four largest Swiss political parties were attacked using distributed denial- of-service (DDoS) within a single week and were impaired or shut down for several hours. In the case of the SP, the attacks began on Monday, 8 November 2010, while the CVP registered an attack on the following Thursday. On Friday evening, it was the FDP's turn, and on Sunday the SVP's. According to the SP, up to 200 computers especially from Germany, the Netherlands and the United States accessed the website at the same time. Within four hours, this amounted to eight million hits. The CVP spoke of more than 120 computers that initiated access to their website at the same time. The attacks probably were carried out using a botnet. Nothing is known about the motivation of these attacks, especially whether the attacks were related to the popular votes
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages42 Page
-
File Size-