SONY hack launched from Amazon Cloud

Wow! Amazing Bloomberg report.

For three pennies an hour, hackers can rent Inc. (AMZN)’s servers to wage cyber attacks such as the one that crippled Sony Corp. (6758)’s PlayStation Network and led to the second-largest online data breach in U.S. history.

A hacker used Amazon’s Elastic Computer Cloud, or EC2, service to attack Sony’s online entertainment systems last month, a person with knowledge of the matter said May 13. The intruder, who used a bogus name to set up an account that’s now disabled, didn’t hack into Amazon’s servers, the person said.

The incident helps illustrate the dilemma facing Chief Executive Officer Jeff Bezos: Amazon’s cloud-computing service is as cheap and convenient for hackers as it is for customers ranging from Netflix Inc. (NFLX) to Eli Lilly & Co. (LLY) Last month’s attack on Sony compromised more than 100 million customer accounts, the largest data breach in the U.S. since intruders stole credit and debit card numbers from Heartland Payment Systems in 2009.

“Anyone can go get an Amazon account and use it anonymously,” said Pete Malcolm, chief executive officer of Abiquo Inc., a Redwood City, California-based company that helps customers manage data internally and through cloud computing. “If they have computers in their back bedroom they are much easier to trace than if they are on Amazon’s Web Services.”

Journal of the cyber-plague years

My piece in today’s Observer.

In 1971, Bob Thomas, an engineer working for Bolt, Beranek and Newman, the Boston company that had the contract to build the Arpanet, the precursor of the internet, released a virus called the "creeper" on to the network. It was an experimental, self-replicating program that infected DEC PDP-10 minicomputers. It did no actual harm and merely displayed a cheeky message: "I'm the creeper, catch me if you can!" Someone else wrote a program to detect and delete it, called – inevitably – the "reaper".

Although nobody could have known it 40 years ago, it was the start of something big, something that would one day threaten to undermine, if not overwhelm, the networked world…

So were the Israelis behind the Stuxnet worm?

According to the NYTimes, it’s beginning to look that way.

Experts dissecting the computer worm suspected of being aimed at Iran’s nuclear program have determined that it was precisely calibrated in a way that could send nuclear centrifuges wildly out of control.

Their conclusion, while not definitive, begins to clear some of the fog around the Stuxnet worm, a malicious program detected earlier this year on computers, primarily in Iran but also India, Indonesia and other countries.

The paternity of the worm is still in dispute, but in recent weeks officials from Israel have broken into wide smiles when asked whether Israel was behind the attack, or knew who was. American officials have suggested it originated abroad.

The new forensic work narrows the range of targets and deciphers the worm’s plan of attack. Computer analysts say Stuxnet does its damage by making quick changes in the rotational speed of motors, shifting them rapidly up and down.

Changing the speed “sabotages the normal operation of the industrial control process,” Eric Chien, a researcher at the computer security company Symantec, wrote in a blog post.

Those fluctuations, nuclear analysts said in response to the report, are a recipe for disaster among the thousands of centrifuges spinning in Iran to enrich uranium, which can fuel reactors or bombs. Rapid changes can cause them to blow apart. Reports issued by international inspectors reveal that Iran has experienced many problems keeping its centrifuges running, with hundreds removed from active service since summer 2009…

More detail here.

The worm that’s turning

This morning’s Observer column

In the normal course of events, a Siemens Simatic Programmable Logic Controller PLC would not be of interest to anyone other than a hardcore industrial process engineer. It’s a small, dedicated computer used to control the operations of specialised machinery in a wide range of manufacturing industries. Since June, however, the Siemens controllers have become a topic of intense interest to people like journalists and policymakers who, in normal circumstances, have difficulty controlling a microwave oven.

How come? The reason is the Stuxnet worm, a piece of computer malware as malicious software is called, that has caused a huge stir in the mainstream media…

Now the French government is advising people to stop using IE

Well, well. Even I’m surprised by this.

Following in the footsteps of Germany last week, France is now advising its population to use an alternative browser pending a patch for an Internet Explorer vulnerability.

The French Computer Emergency Response Team (CERT) published an advisory on Friday January 15 stating “pending a patch from the publisher, CERT recommends using an alternative browser.” In the advisory Internet Explorer 7 and 8 are both listed despite Microsoft confirming the vulnerability is only exploitable on Internet Explorer 6.

Last week the German Federal Office for Security in Information Technology (BSI) issued a similary advisory urging its population to stop using IE. According to the BSI the flaw will, put simply, “perform reconnaissance and gain complete control over the compromised system.” The BSI noted that even running Internet Explorer in Protected Mode isn’t enough to stop the flaw. Microsoft issued further insight into the vulnerability this morning in a company blog posting. The software giant confirmed the exploit is only effective against Internet Explorer 6.

Wonder if French and German users will pay any attention to this.

Hooray! I’ve won

Latest spam message:

We wish to inform you that you are one of the winners of
STATE EDUCATIONAL STUDENT AWARD July 2009,your e-mail address won and
Therefore you have been approve for a lump sum of (900.000.00 Usd)
Nine Hundred Thousand Dollars to support your Education through the
internet Wedsite .This promotional program takes place every year,and
is promoted and sponsored by eminent personalities like the Sultan of
Brunei,Billgate of Microsoft and other corporate organizations.



(1) My Name is ……….i came from……..i hereby apply to claim
my prize that i won, as winner of the STATE EDUCATIONAL STUDENT
AWARD,i am requested to claim my prize of…… which my school email
id was among winners of the year July 2009.
(2) AGE………..(3) SEX…………(4) COUNTRY…………

Contact the bank and call them:
PRO ACCOUNT Officer In charge.

Can’t wait!

Er, who falls for this crap? Somebody must.

Spam, spam, spam

According to the latest report (pdf format) from MessageLabs, 90.4% of all email is spam. The percentage is unchanged from last month. Other highlights from the report:

• Viruses – One in 269.4 emails in June contained malware (an increase of 0.06% since May)
• Phishing – One in 280.4 emails comprised a phishing attack (unchanged since May)
• Malicious websites – 1,919 new sites blocked per day (an increase of 67.0 % since May)
• 58.8% of all web-based malware intercepted was new in June, an increase of 24.6% since May
• The Cutwail Botnet bounces back
• 83.2% of all spam was sent via botnets in June
• Image spam continues, accounting for 8-10% of all spam in June
• Instant Messaging malware increases – 1 in 78 IM-based hyperlinks point to malicious websites

Tech Review reports that a team of researchers at the Georgia Institute of Technology has come up with a potentially more efficient approach to identifying spam. The researchers analyzed 25 million e-mails and discovered several characteristics that could be gleaned from a single packet of data and used to efficiently identify junk mail. For example, legitimate email tends to come from computers that have a lot of ports open for communication, whereas bots tend to keep open only the SMTP port. They also found that geographical mapping of IP addresses helps. Spam, it turns out, tends to travel farther than legitimate email.

Twitter puzzles

This tweet by Rory Cellan-Jones sent me to Twittercounter, which produced this chart:

Suggests that something strange is going on. Compare, for example, with the chart for my account, which accurately reflects data coming from email notifications from Twitter.

Hmmm… Is a spambot signing up ‘followers’ of Rory?

LATER: Now he’s back to his original track.

Which suggests that there’s something wrong with Twittercounter?

Moral: put not your faith in these statscounting services.

What’s going on in your browser window?

If you want a measure of how far we’ve moved from the days of simple HTML, then just install the NoScript add-on for Firefox. It detects every script that a site is running within the page and asks you to make a decision about whether to allow it or not. It’s an eye-opener. The image shows what happened when I opened a normal page from the Wall Street Journal.

The sad fact is that there’s so much AJAX-like stuff out there that running NoScript is a bit of a pain. The old adage about the price of liberty being eternal vigilance needs updating. The price of online security is endless hassle.

Saving Thunderbird

Thoughtful article by Glyn Moody.

Email is dying. Time and again I come across comments to the effect that people have given up on their email inbox, and simply junked their messages. Increasingly, people are turning to Twitter, Facebook and LinkedIn as their messaging medium. It’s not hard to see why. These are opt-in services: you get to choose who can contact you, unlike email.

This has led to the scourge of spam, which now represents 94% of all email, according to Google’s Postini subsidiary. A classic Tragedy of the Commons has resulted, whereby a few selfish individuals exploit and ultimately destroy a resource used by all. Sadly, it looks like the battle against spam is lost; even though services like Gmail offer extremely efficient filtering in my experience, it’s a poor substitute for a messaging service that can assume that you want to see everything that is sent to you, because only people of interest are allowed to contact you.

The more Facebook and Twitter spread, the more people will be turning to these opt-in networks for their communications; email, as a result, will dwindle in importance, turning into a kind of digital wasteland inhabited mostly by those too poor, uninformed or lazy to move on, and by spamming parasites who prey on them. I don’t imagine that Thunderbird wishes to become the software of choice for either…

This makes sense. As our communications ecosystem evolves, so too should the software. From now on we will need comms clients wwhich do everything — including email. I guess that’s where Tweetdeck et al are headed. Maybe that’s how Thunderbird should evolve?