back to article US plots to KILL hackers – with bureaucracy!

A new US government "cyber threat" agency will take information on computer security breaches at private companies, pair it with classified intelligence – and put it back out to businesses so they can learn how to beef up their defences. That's the dream, anyway, according to President Obama's homeland security and …

  1. Mark 85 Silver badge

    The last paragraph pretty much sums it up.

    Why start up another bureaucracy when the ones we have already tasked aren't doing the job? Ok.. maybe it's a "feel good" deal that can be pointed to while saying "see, we're doing something". Reality.. is they'll do nothing but play politics and in-fight amongst themselves and with the people they are supposed to be serving. History repeats itself again.

    1. Dan Paul

      Re: The last paragraph pretty much sums it up.

      Have an upvote, theres no "maybe" about it. Obama has meddled in the affairs of almost every agency in the administration. He has a difficult time letting people do their jobs and has lost several key military and staff advisers because of it. He does not like the fact that the people responsible for the NSA and CIA already know more than Obama ever will. His advice goes unheeded because it's useless. The NSA and CIA are not charged with protecting private business.

      The solution is the create another agency that is entirely beholden to him so he can point at it and say he is "tough on hackers" (when nothing could be further from the truth) while bending the new bureaucracy to his will. On a political perspective, it gives him his own personal spy agency. Given how the IRS has acted during the Obama Administration, that becomes a very scary proposition.

      1. Malcom Ryder 1

        Re: The last paragraph pretty much sums it up.

        Can you prove anything you just said? If your big mac was cold you would Probably blame Obama for that too.

  2. P. Lee

    The answer for most security issues is not hard

    Its just tedious and expensive.

    Educate, audit and implement the commonly known good practise.

    Certainly, there are elite blackhats out there, but they are relatively rare.

  3. Ragequit
    Facepalm

    Right, so...

    Sea-Stick will be about as useful against zero-days as a windows internet security package. Meanwhile they'll have legal grounds to slurp up all sorts of consumer data for the greater wood... err good.

    "CTIIC will also hook up different arms of the government, pulling in intelligence from everyone and then act as a source of information for all."

    Ah, so a prime target for any and all hackers then. 50 cents says there will be at least phishing attacks within the first 6 months of operation. If communication isn't done via email then it will be watering hole attacks against any related websites. Or some intern will send off a copy of a few million consumer database records.

  4. Turtle

    Oh The Humanity!

    "US plots to KILL hackers – with bureaucracy!"

    That's very humane. Now if it were up to *me*...

  5. Anonymous Coward
    Anonymous Coward

    US plots to KILL hackers with bureaucracy...?

    Is the word 'bureaucracy' the latest euphemism for 'Drones'?

    1. Mark 85 Silver badge

      Re: US plots to KILL hackers with bureaucracy...?

      Well, instead of a Hellfire, the drone will drop paperwork on them. It might actually be more inhumane to do that then fire the missile.

  6. Anonymous Coward
    Anonymous Coward

    Check out ctiic.com

    Hacked already ?

  7. MarkSitkowski

    There is a better way...

    There's no need for any more agencies, committees, or bureaucracies. The solution is to do what our company does.

    Our IDS/IPS notes the IP address of the attempted hack, enters a rule into the firewall, then looks up the owner in a whois database,and sends an email to their abuse/support line, together with the system log extracts.

    It's totally hands-off automatic, and cuts off the hackers' source of zombies. If everyone did this, it would limit each hacker to just one hack attempt.

    .

    Last June, we were getting 7000 hack attempts a day from a Turkey-based botnet, which had taken over almost every subnet in Argentina and Brazil. The attack died exponentially, as each compromised server was reported and cleaned up by the ISP.

    If anyone wants to do something that actually works, I'm happy to give away the source code of the IDS/IPS for free, together with a dump of our whois database. It's written for Sun, so you'll need to modify the firewall rules if you use IPtables.

    If this sounds like it'll work for you, send me an email at xmarks(at)exemail.com.au.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

  • IBM buys Randori to address multicloud security messes
    Big Blue joins the hot market for infosec investment

    RSA Conference IBM has expanded its extensive cybersecurity portfolio by acquiring Randori – a four-year-old startup that specializes in helping enterprises manage their attack surface by identifying and prioritizing their external-facing on-premises and cloud assets.

    Big Blue announced the Randori buy on the first day of the 2022 RSA Conference on Monday. Its plan is to give the computing behemoth's customers a tool to manage their security posture by looking at their infrastructure from a threat actor's point-of-view – a position IBM hopes will allow users to identify unseen weaknesses.

    IBM intends to integrate Randori's software with its QRadar extended detection and response (XDR) capabilities to provide real-time attack surface insights for tasks including threat hunting and incident response. That approach will reduce the quantity of manual work needed for monitoring new applications and to quickly address emerging threats, according to IBM.

    Continue reading
  • OMIGOD: Cloud providers still using secret middleware
    All the news you may have missed from RSA this week

    RSA Conference in brief Researchers from Wiz, who previously found a series of four serious flaws in Azure's Open Management Infrastructure (OMI) agent dubbed "OMIGOD," presented some related news at RSA: Pretty much every cloud provider is installing similar software "without customer's awareness or explicit consent."

    In a blog post accompanying the presentation, Wiz's Nir Ohfeld and Shir Tamari say that the agents are middleware that bridge customer VMs and the provider's other managed services. The agents are necessary to enable advanced VM features like log collection, automatic updating and configuration syncing, but they also add new potential attack surfaces that, because customers don't know about them, can't be defended against.

    In the case of OMIGOD, that included a bug with a 9.8/10 CVSS score that would let an attacker escalate to root and remotely execute code. Microsoft patched the vulnerabilities, but most had to be applied manually.

    Continue reading
  • Costa Rican government held up by ransomware … again
    Also US warns of voting machine flaws and Google pays out $100 million to Illinois

    In brief Last month the notorious Russian ransomware gang Conti threatened to overthrow Costa Rica's government if a ransom wasn't paid. This month, another band of extortionists has attacked the nation.

    Fresh off an intrusion by Conti last month, Costa Rica has been attacked by the Hive ransomware gang. According to the AP, Hive hit Costa Rica's Social Security system, and also struck the country's public health agency, which had to shut down its computers on Tuesday to prevent the spread of a malware outbreak.

    The Costa Rican government said at least 30 of the agency's servers were infected, and its attempt at shutting down systems to limit damage appears to have been unsuccessful. Hive is now asking for $5 million in Bitcoin to unlock infected systems.

    Continue reading
  • There are 24.6 billion pairs of credentials for sale on dark web
    Plus: Citrix ASM has some really bad bugs, and more

    In brief More than half of the 24.6 billion stolen credential pairs available for sale on the dark web were exposed in the past year, the Digital Shadows Research Team has found.

    Data recorded from last year reflected a 64 percent increase over 2020's total (Digital Shadows publishes the data every two years), which is a significant slowdown compared to the two years preceding 2020. Between 2018 and the year the pandemic broke out, the number of credentials for sale shot up by 300 percent, the report said. 

    Of the 24.6 billion credentials for sale, 6.7 billion of the pairs are unique, an increase of 1.7 billion over two years. This represents a 34 percent increase from 2020.

    Continue reading
  • Symbiote Linux malware spotted – and infections are 'very hard to detect'
    Performing live forensics on hijacked machine may not turn anything up, warn researchers

    Intezer security researcher Joakim Kennedy and the BlackBerry Threat Research and Intelligence Team have analyzed an unusual piece of Linux malware they say is unlike most seen before - it isn't a standalone executable file.

    Dubbed Symbiote, the badware instead hijacks the environment variable (LD_PRELOAD) the dynamic linker uses to load a shared object library and soon infects every single running process.

    The Intezer/BlackBerry team discovered Symbiote in November 2021, and said it appeared to have been written to target financial institutions in Latin America. Analysis of the Symbiote malware and its behavior suggest it may have been developed in Brazil. 

    Continue reading
  • Russia, China warn US its cyber support of Ukraine has consequences
    Countries that accept US infosec help told they could pay a price too

    Russia and China have each warned the United States that the offensive cyber-ops it ran to support Ukraine were acts of aggression that invite reprisal.

    The US has acknowledged it assisted Ukraine to shore up its cyber defences, conducted information operations, and took offensive actions during Russia's illegal invasion.

    While many nations occasionally mention they possess offensive cyber-weapons and won't be afraid to use them, admissions they've been used are rare. US Cyber Command chief General Paul Nakasone's public remarks to that effect were therefore unusual.

    Continue reading
  • Facebook phishing campaign nets millions in IDs and cash
    Hundreds of millions of stolen credentials and a cool $59 million

    An ongoing phishing campaign targeting Facebook users may have already netted hundreds of millions of credentials and a claimed $59 million, and it's only getting bigger.

    Identified by security researchers at phishing prevention company Pixm in late 2021, the campaign has only been running since the final quarter of last year, but has already proven incredibly successful. Just one landing page - out of around 400 Pixm found - got 2.7 million visitors in 2021, and has already tricked 8.5 million viewers into visiting it in 2022. 

    The flow of this phishing campaign isn't unique: Like many others targeting users on social media, the attack comes as a link sent via DM from a compromised account. That link performs a series of redirects, often through malvertising pages to rack up views and clicks, ultimately landing on a fake Facebook login page. That page, in turn, takes the victim to advert landing pages that generate additional revenue for the campaign's organizers. 

    Continue reading
  • Google has more reasons why it doesn't like antitrust law that affects Google
    It'll ruin Gmail, claims web ads giant

    Google has a fresh list of reasons why it opposes tech antitrust legislation making its way through Congress but, like others who've expressed discontent, the ad giant's complaints leave out mention of portions of the proposed law that address said gripes.

    The law bill in question is S.2992, the Senate version of the American Innovation and Choice Online Act (AICOA), which is closer than ever to getting votes in the House and Senate, which could see it advanced to President Biden's desk.

    AICOA prohibits tech companies above a certain size from favoring their own products and services over their competitors. It applies to businesses considered "critical trading partners," meaning the company controls access to a platform through which business users reach their customers. Google, Apple, Amazon, and Meta in one way or another seemingly fall under the scope of this US legislation. 

    Continue reading
  • Feds raid dark web market selling data on 24 million Americans
    SSNDOB sold email addresses, passwords, credit card numbers, SSNs and more

    US law enforcement has shut down another dark web market, seizing and dismantling SSNDOB, a site dealing in stolen personal information.

    Led by the IRS' criminal investigation division, the DOJ, and the FBI, the investigation gained control of four of SSNDOB's domains, hobbling its ability to generate cash. The agents said it raked in more than $19 million since coming online in 2015.

    Continue reading
  • Healthcare organizations face rising ransomware attacks – and are paying up
    Via their insurance companies, natch

    Healthcare organizations, already an attractive target for ransomware given the highly sensitive data they hold, saw such attacks almost double between 2020 and 2021, according to a survey released this week by Sophos.

    The outfit's team also found that while polled healthcare orgs are quite likely to pay ransoms, they rarely get all of their data returned if they do so. In addition, 78 percent of organizations are signing up for cyber insurance in hopes of reducing their financial risks, and 97 percent of the time the insurance company paid some or all of the ransomware-related costs.

    However, while insurance companies pay out in almost every case and are fueling an improvement in cyber defenses, healthcare organizations – as with other industries – are finding it increasingly difficult to get insured in the first place.

    Continue reading

Biting the hand that feeds IT © 1998–2022