Aethelred versus the Vikings – a neverending story

My peers may remember playing Saxons and Normans on the beach as small children (it was before black and white television and the rise of cowboys and indians and cops and robbers). The alternative was Saxons and Vikings; but suffered because apart from Harold we only knew two Saxons: Alfred and Aethelred. Aethelred was the short straw, because he was never ready – or more accurately, he was ill-advised and accepted bad or no counsel.

Vikings embarking on a denial of service attack – source Wikipedia

Well Aethelred and the Vikings are making a comeback. Aethelred is business and the Vikings are hackers; and it doesn’t seem to matter what good advice is given, Aethelred ignores it and the hackers come back – again, and to gain and again.

Good counsel: encrypt, but Aethelred does not. Use and enforce strong passwords, but he doesn’t. Undertake staff awareness training on a continuous basis, but he doesn’t bother. The list goes on and on.

But the absolute perfect proof that the spirit of Aethelred yet lives and breathes can be seen in a comment from Ashley Stephenson, CEO of Corero Network Security. He was talking about the DDoS attack on Battlefield 3, “yet another in a long line of attacks aimed at disrupting gamers.”

Sometimes such attacks come from the competition; other times its just for the lulz. But, he adds, “Another motive our clients in gaming and across other sectors continue to experience is cyber extortion. Malicious users specifically threaten gaming and other sites, demanding to be paid a ransom or be the victim of a Distributed Denial of Service attack. More often than not these blackmail threats go unreported as some companies opt to pay the ransom rather than go public with the attack in the hope that this will satisfy the hackers, though this is rarely the case and may lead to the site continually being targeted.”

Aethelred, a long-standing Anglo-Saxon tradition that believes we can yet get peace in our time, lives on. Looks like the Vikings are winning again.

Senator Keith Alexander predicts the foretold cyber attack

Strange little article in ZDNet today: Senator warns banks of cyberattack risk, Chase Bank targeted within minutes.

It’s strange on several counts. Firstly, it seems that General Keith Alexander, head of the U.S. military’s Cyber Command, has been promoted (or demoted) to Senator – for it seems to be he who issued the warning.

Then he was gifted with prescient superpowers. He warns of further attacks on the banks.

As if in silent agreement, hackers — potentially with a morbid sense of humor — decided to attack Chase Bank’s website within minutes of the speech, and this was later confirmed by the bank to CNBC. It is unknown whether the cyberattack was connected, but either way, the timing was ironic.

The attack itself was, predictably, a denial-of-service (DoS) attack, although it is unclear whether any financial or account data has been compromised or stolen.
Senator warns banks of cyberattack risk, Chase Bank targeted within minutes

Hmm. How clever of the general to foresee this attack. Who else – certainly not ZDNet apparently – would have had the intelligence to translate the al-Qassam Cyber Fighters’ public statement last week that phase 3 of their operation against US banks had started; and that, as before “a number of american banks will be hit by denial of service attacks three days a week, on Tuesday, Wednesday and Thursday during working hours” into an actual attack on an actual US bank on an actual Tuesday.

I’d like to predict, based on my superhuman knowledge of the current threatscape, that a US bank will be hit on Thursday – and if not on Thursday, then next Tuesday or Wednesday or next Thursday. The motivation, however, is not a morbid sense of humour, but simple, plain, good old indignation.

Anonymous and the ‘threat’ against Akamai and Josh Corman

TechWeekEurope published an article yesterday about a panel discussion on Anonymous at RSA 2012. Although the discussion seems to have included some very rational comments from a number of panelists, the article unsurprisingly headlined on some of the more extreme views voiced by Josh Corman – suggesting for example that within the collective “the common attribute is angst.”

Anonymous was not amused. They give me an ‘official’ (if anything within Anonymous can be official) response, which I used in an article in Infosecurity Magazine here. One thing I left out was the last two sentences: “Anonymous is forever mutating, like a virus responding to its host’s new defences. Today’s mutation will be based on finding out about Josh Corman and the real motivation behind his article, was it just to raise PR for his firm, is it linked to a gov contract etc.”

There is a threat here that I didn’t want to include in a news story.

Anonymous subsequently published the full source of its statement here; so the threat was revealed anyway. It seems that it is being taken seriously. An online chat between Tom Brewster of TechWeekEurope and ATeamAnon went thus:

[The log has been withdrawn at the request of one of the participants. It showed a conversation between the author of the TechWeekEurope article and Anonymous. The journalist was attempting to stop any issue between Anonymous and Josh Corman from escalating. Anonymous indicated that feelings were strong and growing. Updated 08:40, 12 October 2012]

What we don’t know is whether this angst/rage will focus into a coordinated action against Akamai, or whether it will evolve into disjointed small-scale anger from individual groups. That’s why I didn’t report it. But time will tell.