December 2008 Archives

The year-end holiday season is the time for cheering and merrymaking for almost everyone around the world. But for millions of Internet users in countries as diverse as United Kingdom to UAE, and India to Japan, this year's holidays may be ending as a damp squib. That's because repairs of SeaMeWe 4 ( which is one of the three major undersea cables - the other two are SeaMeWe 3 and FLAG Europe Asia cable) that snapped on December 19 and was being repaired, broke again a day after Christmas at a different place about 240 miles way from where it was being repaired.

What is worse, the repair of that break is not expected to be complete before January 4 or 5 because the repair ship is now sailing somewhere else and will take at least until December 31 to even reach the location of the new breakage.

"Although the other two cables have been bearing much of the traffic leads, connectivity and connection speeds of millions of Internet users in India, Saudi Arabia, Lebanon, Taiwan, Yemen and another half a dozen countries including UK are suffering," said an Internet Association Industry source.

According to reports quoting sources at France Telecom, the company that is undertaking the repairs, SeaMeWe 4 (Short for South East Asia-Middle East-Western Europe 4 cable)  snapped again between Italy and Egypt due to an underwater earthquake on Dec. 26, a day after traffic had been restored following the December 19 breakage.

SeaMeWe 4, along with the other two cables, carry as much as 75 % of the Internet traffic between Europe and the Middle East and Asia. Repeated snapping of these cables highlight the fragility of the submarine cables that carry voice and Internet traffic thousands of miles between continents. The Flag and Sea Me We cables were also cut in January this year allegedly due to accidental anchoring of a ship, or an undersea earthquake, although there was also a suspicion that the damage could have been a sabotage.

Ruling out sabotage this time round though, a France Telecom spokesman said, "It is unlucky, but cables can always snap." However, is it really just bad luck? Consider this; the SeaMeWe cables broke thrice this year - the latest being twice within the same week. And that's not all; between end-January and mid-February this year there were reportedly eight cuts of other cables, all unexplained like those of the Flag and SeaMeWe cables. Barring one, all of them have occurred in waters near predominantly Muslim nations.

Hmmm.... food for thought maybe!

The recent discovery by Websense Security Labs, a California-based security research firm, of cyber criminals paying the search engine Google to host their malicious websites is certainly one of the most unnerving examples of how dangerous e-crime is becoming. But perhaps the scarier part of the new face of e-crime is the fact that it has evolved from simple spam or phishing attacks to organized criminal activities where investments are made to create a trap for luring unsuspecting users.

It has also taken the specter of web terrorism, say some experts, and this can make surfing the web even frightening.  Admittedly, how else can you describe the plight of clicking on a sponsored link as part of regular surfing only to be led to sites created by cyber-criminals for malicious purposes? And especially when such links are sponsored links hosted by no other than "reputed' and 'trusted' websites like Google and Yahoo. 

In a starling revelation a week ago, Websense said that in its weekly surveillance of millions of web sites, it spotted a download site offering a popular utility bound with malware. This which infects the computer that downloads the software and forces the user to pay $40 to clean it up. (Visit the link http://securitylabs.websense.com/content/Blogs/3264.aspx  for details.)

Apparently it may look like just another smart money-making move of e-criminals, but according to Elad Sharf, the security researcher of Websense who discovered this malware, this is an offence of serious proportions because it demonstrates "how the reputations of legitimate and popular applications and online services are being abused to serve and help malware authors to spread malicious software."

He adds, "Everybody has favorite applications and tools. When it is time to find and download a copy of an application, Google is often used to help locate a download site."

And that's what makes this discovery terrifying. Indeed it is not a novelty anymore that the volume of legitimate web sites getting compromised with malicious code continue to surpass the number of sites created by attackers specifically for malicious purposes. Increasingly,  cyber-criminals have started latching onto on web sites that all trust to launch their attacks on unsuspecting web surfers.

Websense says attackers have become sophisticated enough to take advantage of flaws in traditional security measures and bypass reputation-based systems to increase their attack effectiveness.

According to Websense the strategy to attack legitimate Web sites with good reputations worldwide with data-stealing malicious code has reached massive proportions. For instance, in the first half of 2008, more than 75 percent of the top 100 web sites with seemingly "good" reputations were compromised by attackers. This represented a 50 percent increase over the last six months.

Some of the sites named by Websense include MSNBC, ZDNet, Wired, and United Nations. In addition to these sites, says Websense, email spammers are also taking advantage of the reputation of popular email services like Yahoo! and Gmail to bypass antispam systems.

Websense Security Labs found spammers using sophisticated tools and bots to break the "CAPTCHA " systems that were developed to keep email and other services safe from spammers and other malicious activity. Microsoft Live Mail, Google's popular Gmail service and Yahoo! mail services were all compromised by this breakthrough method.

Subsequently, spammers have been able to sign up for the free email accounts on a mass basis and send out spam from email accounts with good reputations. With a free signup process, access to a wide portfolio of services and domains that are unlikely to be blacklisted given their reputation, spammers have been able to launch attacks on millions of users worldwide while maintaining anonymity.

"Clearly, these are terrifying developments," says Kaustubh Dhavse, Deputy Director (ICT practice) Frost & Sullivan. "For a simple user like you and me, it is getting increasingly difficult and scary to use the web. After all if trusted websites like Google and Yahoo can be compromised, who knows what may be lurking inside all the unknown links that a web surfs clicks everyday."

Having exploited scores of security measures adopted by experts to make IT networks secure, hackers have started riding on antivirus software as well to sneak into computers and networks.

iViZ, an Indian information security company that offers penetration and vulnerability testing for Applications and Networks has just discovered a new technique that hackers and e-criminals are using these days to break into computers -- crashing the antivirus software itself.

iViz says hackers have developed codes that can make antivirus software crash and create a loophole in the network, which then can be used to nestle a malicious code in a computer. The company says that so far, it has spotted 6 popularly used antivirus software products, both commercial and open source, which hackers have been able to break into. These are AVG, F-Secure (F-Prot), Sophos, ClamAV, BitDefender and Avast.

Explaining how hackers trespass a seemingly secure system and break into it by exploiting its antivirus software, Bala said that an attacker crafts an email with malicious payload first and sends it to the target user. As the vulnerable antivirus software scans the email, the malicious code crafted specifically to exploit that antivirus, either crashes the antivirus software or executes an arbitrary code, to go around security and implant another malicious code into the computer.

"Once this malicious code is nestled in a computer, the attackers can use it to steal information or cause a denial of service 'condition," said Bala Girisaballa, vice-president (head of product management & marketing), iViz

A dedicated research team at iViz, which conducts extensive research on attack techniques and checks robustness of applications and networks stumbled upon the vulnerabilities by trying to penetrate networks protected by popular commercial and open source antivirus software products.

Using a variety of file fuzzing techniques, the team discovered abnormal behavior in these products while handling complex or unusual executable header data, especially in the case of executables packed with 3rd party packers like UPX, FSG etc.

Multiple bugs were found in those six antivirus software, some of which proved to be vulnerable enough to make the antivirus itself a back door for hackers. "So far we have come across six that we have named, but there may be more which we haven't been able to identify yet," says Bala. "The makers of the affected antivirus software vendors have been informed. Many admitted [the problem] but we have also faced denial."

According to iViz, although home computers are affected most by this breach, companies and businesses, as well as government departments are also highly susceptible to its risks.

Indeed, e-criminals always manage to remain a step ahead, don't they? And their turf keeps expanding not sparing even the big-daddy security experts. For instance, yesterday, in another shocking revelation Microsoft announced that there is a security flaw in its Internet Explorer 7, the world's most popular Web browser.

This flaw, like those in antivirus products allows criminals to take control of computers and steal personal information.  "We are actively investigating the vulnerability that these attacks attempt to exploit," Microsoft said in a statement. "We will continue to monitor the threat environment and update this advisory if this situation changes."

Microsoft added that about 0.2 per cent of Internet Explorer users have already been affected by the flaw.

Driven partly by the urge to become a more developed country before ascending into the NATO next year, and partly by the ambition of becoming a Cyber Hub of South Europe,  Albania is seriously mulling a nationwide WiMAX network that could start rolling out as soon as in the next six months.

According to sources close to the development, the Government has decided to invite private players for setting up the infrastructure, instead of investing in it directly. However, to support the project in this 11,000 square mile country, the government may trade out assets like WiMax license, tax incentives, and even access to the government buildings.

"The government is still formulating its plans and strategies, but Albania has committed itself to making broadband universal in the country in the belief that a nationwide broadband network will lead to extensive economic enhancements and development." said a noted telecom advisor, who is working as a consultant to the project, requesting anonymity.

The Government is also planning to be the anchor tenant of this network through its e-school imitative, the Education Network of Albania, or, ENEA. This is a centralized organization under the ministry of education that addresses, supervises and controls Albania's education sector. One of ENEA's biggest projects currently is to get the country's 2,700 odd schools connected through a broadband network, which would also be used for e-government and commercial applications.

ENEA plans to invite the private sector to roll out the network, against which it will assure the network owner, the business of the broadband connectivity to all its schools.

"The project has recently started and many alternatives are being worked out; we're not sure which one of all alternatives will be selected. All I can say right now is in the next few months (that is before the NATO 2009 annual meeting) things might be a bit more concrete," said an official from the office of Information Society directly under the Prime Minister of Albania.

To help the country to come out from the "shackles of communism" president George Bush urged the 26 member countries NATO in April this year to include Albania (and Croatia) within its fold.

According to the US, Albania has overcome war and hardship to built peaceful relations with its neighbors, and should be included in the NATO to assure its citizens that NATO members will be at its side when the country is threatened by any other nation.

With the US backing Albania's inclusion, experts expect that Albania could become a NATO member in the Organization's annual meeting in April next year.

However, ENEA also says that the network is crucial for enabling Albania to transition to the new, knowledge-based, network-driven economy. "Presently there's an insufficient networking infrastructure in Albania slowing down what otherwise is a fast-growing economy (about 6% GDP growth per year)," says an internal policy document of ENEA.

Despite the fact that the county was Internet-enabled as far back as the mid-90s, Albania remains the most backward country in the region and in Europe, say experts. "Internet connection is not only slow, but is also expensive," says a country resident.

'The WiMAX network will represent the most valuable national asset and will serve as a platform for a multitude of viable networking solutions ranging from IP voice to IPTV to e-government to commercial mission-critical applications for the industry," says the ENEA document.

As per the document licenses for WiMAX would be offered through an auction process to be conducted in three phases.The first auction to be held early next year will be for Durres-Tirana-Kavaja (Albanian cities) circle. This will be followed with a license for the Shkodra-Elbasan-Vlora circle, and then for the rest of the country.

India may be the most vulnerable place in the world now for physical terror attacks, but experts who trawl the Internet to track terror trails in cyberspace say that the country is equally vulnerable to cyber terrorism.

In fact, they say that even as physical hits by the bombs and guns are intermittent, for over two years terrorist organizations have been hitting India continuously through the Internet with their radical Islamist propaganda . And the impact of that onsought is no less agonizing than the thousands who have been killed so far by the terrorist bombs and guns.

The propaganda using the Internet is intense, and encompasses not only websites but also blogs, Web 2.0 -- like the Orkut -- and other areas of the cyberspace, including email groups and even recorded messages left as voice mails.

Cyber attacks can come in many forms. However it is the anti-Indian propaganda, or what some call "radical Islamist propaganda," that dominates.

"The hatred they are spreading is often hard hitting. But unfortunately there's nothing much India can do because much of it escapes the authorities' notice," says Alok Mukhopadhyay, associate fellow, at the New Delhi-based Institute for Defence Studies and Analyses, an independent think tank on issues of national and international security.

"The propaganda is almost always in Urdu or Arabic which few in India can follow," he said. "The other problem with regard to particularly radical Islamist websites is that,these sites are hosted from developed countries in the EU like Germany, Spain, Italy, France and the likes, where such websites are not under close scrutiny of the respective governments."

Mukhopadhyay has done a research on radical Islamic organizations in Europe and their discourses on South Asia. He adds that yet another problem is that the radical Islamist websites also come in various European languages and keep on changing their web interfaces, fearing imminent ban by the authorities. "The clever use of cyberspace then, makes tracking of propaganda all the more difficult." he says.

According to experts the biggest impact of cyber terrorism is that it has been able to spread its hatred or radicalism far and wide, as well as attract followers from all walks of life succeeding in converting them to insurgents.

"Close examinations reveal that most of the websites are designed to target Internet users in the age group of 16 to 26 years," says Mukhopadhyay.

This form of 'radical Islamism', he adds, intensified by a media revolution, communication technology and, specifically, through the Internet, has deeply influenced the minds of many young Muslims around the world.

"Sadly, most perpetrators of terrorist incidents or persons involved in hatching conspiracies are young and belong to the Muslim community; many of whom do not have any terrorist antecedents at all. Neither is it a fact that all of them are poor," says Mukhopadhyay.

Indeed, many instances have shown that the persons involved in such activities were not only educated and from sound economic background but also had promising lives and careers.

Nevertheless, according to Cyber Society of India (CYSI) raging a passive ideological war is not the only form of cyberterrorism India suffers from; the country is also attacked routinely by terrorist hackers who snoop into government owned websites and personal computers for monetary gains.

This is why CYSI feels that besides ramping up the country physical security infrastructure, the government also needs to ramp up the country's ICT infrastructure to prevent cyberattacks.

Through a recent plea to the IT ministry, CYSI has called for development of a comprehensive, integrated security system to address security concerns of India's ICT space. Urging the government to take proactive measures, CYSI has also called for a revamp of the country's IT ACT of 2000 to make it effective for the current challenges India faces in the cyberspace.