stuxnet – Stilgherrian

26 May 201326 May 2013

AusCERT 2012 and the militarisation of cyberspace

I didn’t make it to information security conference AusCERT 2013 this year. I’m about to read what’s been written and compile a list — but first, a reflection on what happened in 2012.

When I look back two years to what I wrote from AusCERT 2011, I’m reminded that we were just getting our head around the implications of the Stuxnet worm. Not only was malware being written by organised criminals, and we were facing an explosion of anti-banking malware and mobile malware, and looking ahead to when an angry child might deploy malware against their neighbours — we were now made well aware that malware was also being written by nation states with budgets in the millions of dollars and beyond.

But looking through the list (below) for AusCERT 2012, what jumps out is the emphasis on the militarisation of information security, as well as the emphasis in the scale of criminal activities. I won’t expand on that, because the conversation with AusCERT general manager Graham Ingram speaks for itself.

Articles from AusCERT 2012

AusCERT 2012: DNS poisoning the ‘thin end of a wedge’, ZDNet Australia, 17 May 2012.
AusCERT 2012: Russian crims evade transaction profiling, ZDNet Australia, 17 May 2012.
AusCERT 2012: NSA, FBI split on comms intercepts, ZDNet Australia, 21 May 2012.
The dawn of the cyber posse, ZDNet Australia, 28 May 2012.

Podcasts from AusCERT 2012

Patch Monday episode 139, “War talk dominates AusCERT 2012”, the first of two episodes based on material recorded at the information security conference. The overall theme is that infosec is becoming militarised. We no longer talk about “information assurance” but “defensive cyber operations”. Click through for the full list of speakers.
Patch Monday episode 140, “Cybercrime: it’s just too easy”, the second of two episodes based on material recorded at the AusCERT 2012 information security conference. AusCERT general manager Graham Ingram explains why cybercrime is here to stay, and F-Secure chief research officer Mikko Hypponen details a complex transnational criminal operation that saw goods bought fraudulently in Denmark being resold in Moscow, as well giving his views on hacktivism and the level to which antivirus companies should cooperate with governments.

Bonus Extra Video

After the conference, my flight back to Sydney was delayed. With the need to kill some time, this video was the result.

5 Conference Tips for PR Professionals, an impromptu video message from Gold Coast airport.

~~My compilation of reports from AusCERT 2013 will be posted later today.~~ My compilation of reports from AusCERT 2013 is now online.

10 June 2012

Weekly Wrap 105: Trains, television and Singapore resolved

My week from Monday 4 to Sunday 10 June 2012 was a week of unexpected events.

I didn’t expect to be in Sydney quite as much as I was, and especially not for the purposes of committing television.

I didn’t expect it to be quite so goddam cold.

And I didn’t expect a few other, personal things that I’m not going to be telling you about.

Podcasts

Patch Monday episode 141, “Hosing down the Flame worm hype”, primarily a conversation with Trend Micro senior threat researcher Paul Ferguson.

Articles

America opens new front against Iran … online, Crikey, 4 June 2012. This was triggered by The New York Times confirmation that the Stuxnet worm was indeed a US-Israeli operation.
New revenue stream is kids’ play for Facebook, Crikey, 6 June 2012. Facebook for the under-13s? Yes, we’ve been here before.
LinkedIn takes security “very seriously”? Bollocks!, CSO Online, 8 June 2012.

Media Appearances

On Monday I led a discussion entitled Surviving and thriving as a freelancer in a globalised market for Publish! Blue Mountains.
On Tuesday I spoke about cyberwar on The Project, that being a television program.

Corporate Largesse

None.

The Week Ahead

While Monday is a public holiday, I’ll be putting together the Patch Monday podcast for the Tuesday. Tuesday itself will be a planning day, in theory.

On Wednesday I’m covering a business briefing at the American Chamber of Commerce in Australia entitled The Internet — a Bigger Economic Boom Than Mining, Really for Technology Spectator and, I suspect, Business Spectator as well.

On Thursday I’m covering the lunch of IBM’s report “A Snapshot of Australia’s Digital Future to 2050” (not yet promoted on the internet) for ZDNet Australia.

And then on Friday I have a story due for CSO Online and then another Patch Monday podcast.

My week is arranged! So what are the odds of it actually going to plan?

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream (or they used to before my phone camera got a bit too scratched up) and via Instagram. The photos also appear on Flickr, where I eventually add geolocation data and tags. Yes, I should probably update this stock paragraph to match the current reality.

[Photo: Sydney CBD viewed from Harris St, Ultimo, on Friday evening. Yes, another Instagram shot taken with my battered phone camera. This situation will change soon.]

08 June 2012

Flame gets me talking cyberwar worms on The Project

The Flame worm seems to have captured the imagination of the mainstream media this week — to the point where I ended up talking about it on the Channel TEN program The Project on Tuesday night.

If you’re not up to speed yet, try my day one piece for Crikey then my day two piece for CSO Online — the latter having been written after we’d all calmed down a bit.

As you can see, I’ve uploaded the relevant video clip to YouTube because I can’t seem to get the official embed code from The Projectâ€™s website to work properly. If that YouTube embed isn’t working either, you can view the segment on YouTube. Or watch the entire program segment on The Projectâ€™s website.

Yes, The Project team really did manage to turn a discussion of cyberwar into a joke about masturbating to internet pornography. It’s a talent.

Continue reading “Flame gets me talking cyberwar worms on The Project”

01 June 2012

Talking Stuxnet and Flame worms on ABC Local Radio

The Stuxnet worm that attacked Iran’s uranium enrichment program was indeed launched by the US, according to a major investigative report published by the New York Times shortly before I was due to appear on ABC Local Radio this evening.

So guess what we talked about.

Yes, the Stuxnet worm, as well as the newly-discovered Flame worm that’s been in the news this week — including my Day 1 piece for Crikey and Day 2 for CSO Online.

The host was Dom Knight, and here’s a recording of the whole conversation.

Podcast: Play in new window | Download (6.3MB)

15 May 201216 May 2012

AusCERT 2012: What’s changed since 2011?

I’m currently on the train down from the Blue Mountains to Sydney, en route to the AusCERT 2012 information security conference on the Gold Coast, and I’m thinking about what stories might emerge.

Here’s what I wrote last year when, just like this year, I was on the ZDNet Australia team:

AusCERT 2011: Firms ignore ID theft risk, in which Bennett Arron explains that police forces don’t yet take this stuff seriously enough. Has this improved? I’m seeing talk but no action.
AusCERT 2011: Son of Stuxnet within a year: expert, in which Eric Byres explains why the Stuxnet worm — the presumed US-with-Israeli-help anti-SCADA attack on Iran’s nuclear program — would spawn a wave of copycats. This didn’t happen. Why not?
AusCERT 2011: Black hats and whitegoods, a story which was provided with the year’s best headline by CBS Interactive’s Brian Haverty where I discussed how the Internet of Things and a billion smart appliances would be the vector for a new wave of attacks. This hasn’t happened — yet — but is it still just around the corner?
AusCERT 2011: Bank theft goes truly mobile, in which Amit Klein, chief technology officer at Trusteer, predicted third-generation anti-banking malware on smartphones by Christmas. Did this happen? Well, not really. Why not?
AusCERT 2011: Silent victims thwart cybercops: Qld Police, in which Detective Superintendent Brian Hay, head of the Fraud and Corporate Crime Group of the Queensland Police Service, bemoaned the lack of hard data. I know how he feels. Do we have any yet?

The feeling I get from scanning those headlines is that there’s always a lot of scaremongering but the threats often don’t materialise. Are the threats over-stated? Does pointing out the threats trigger an effort to counter them, thus defeating them? Is it all just a bit too screechy?

And over the last year there’s been so much talk of imminent cyberwar. Is that just this year’s fashionable scary thing on a stick? I intend to ask a few questions. And I’ll plug it again: Thomas Rid says we shouldn’t believe the hype.

I haven’t yet looked in detail at the conference program but will do so over the next few hours. What do you reckon I should be investigating?

[Update 16 May 2012, 0625 AEST: Changed second paragraph to emphasise that I am covering the event for ZDNet Australia this year as well as last.]

12 January 201212 January 2012

Talking cybersecurity on ABC Radio National Breakfast

Actually, this message about cybersecurity being a serious emerging theme for 2012 seems to be getting more mainstream coverage than I thought it would. I was part of a cybersecurity panel discussion that was broadcast on ABC Radio National’s Breakfast this morning.

Also taking part were Richard Stiennon, chief research analyst at IT-Harvest in Detroit (I spoke with him about Anonymous and Stratfor on this week’s Patch Monday podcast), and Sean Kopelke, director of security and compliance solutions at Symantec Australia. The host was Jonathan Green, who is usually editor of ABC The Drum.

Over at the ABC’s website you can find the program audio and (perhaps, eventually) transcript. But I’m also including the audio below, just in case their systems fail.

Podcast: Play in new window | Download (Duration: 20:35 — 9.5MB)