2012 IT HIGHLIGHTS: Toasting The Year Past Pt.1

Compiled by Brandon Teoh


Here are the highlights of 2012, the good, the bad and ugly with warts, pimples and all.

JANUARY 2012 – Kicking the year off with a bunch of nasties and boo-boos
Don’t get us wrong. Malware like Koobface and Flamer appeared in January 2012, but throughout the year, many more others appeared as well.

With Koobface, Facebook (the anagram, geddit? Geddit?) identified 5 people as responsible for the Koobface worm. The worm spreads via social networking sites, infecting PCs and building a botnet of compromised computers. It can even create its own account, something it needs to aggressively post links and help it spread further.

The Koobface gang reportedly earned millions of dollars every year by distribution of fake antivirus, click fraud, information-stealing malware, and… online dating service! It infects by using a concept known as command & control.

Not just an interior design choice at Facebook offices, the social networking platform, 
literally gets hacked many times a year. 
Welcome to Facebook… our doors are always open
 to Koobface and a myriad of worms, Trojans and other unmentionables!
(Pic credit: Facebook.com) 

This worm will self-destruct… Flamer is touted to be the most complex malware threat since Stuxnet and Duqu, and also apparently created by professionals by lots of funding.

This malware was built with the ability to obtain information from infected systems primarily located in the Middle East.

The threat has operated discreetly for at least two years with the ability to steal documents, take screenshots of users’ desktops, spread via USB drives, disable security vendor products, and under certain conditions spread to other systems.

The threat may also have the ability to leverage multiple known and patched vulnerabilities in Microsoft Windows, in order to spread across a network. It only targets Microsoft Windows and can self-destruct upon discovery.

Initial telemetry indicates that the targets of this threat are located primarily in Palestinian West Bank, Hungary, Iran, and Lebanon. Other targets include Russia, Austria, Hong Kong, and the United Arab Emirates. The industry sectors or affiliations of individuals targeted are currently unclear. However, initial evidence shows the victims may not all be targeted for the same reason.

Many appear targeted for individual personal activities, rather than their company of employment. Interestingly, in addition to particular organisations being targeted, many of the attacked systems appear to be personal computers being used from home Internet connections. 

LinkedIn leaked… On June 6, 2012, Sophos reported that a file containing 6,458,020 SHA-1 unsalted password hashes had been posted on the Internet, and hackers were working together to crack them. 

A day later, LinkedIn confirmed this and took steps internally to mitigate the situation while also emailing users to advise them to change their passwords immediately.

LinkedIn managed to resolve everything within 2 days of the incident even though this case has become an example of bad computer security policy, control and implementation.

The lethal gaze of Gauss… Gauss was found to be a complex, nation-state sponsored cyber espionage toolkit designed to monitor and steal sensitive data, with a specific focus on browser passwords, online banking account credentials, cookies, and specific configurations of infected machines. It affected users mainly in the Middle East.

Gauss was discovered during ongoing investigation by the International Telecommunication Union (ITU), following the discovery of Flame. The effort aimed to mitigate risks posed by cyber-weapons.

 Carl Friedrich Fauss – poor guy’s face isn’t only on the Deutche mark note,
 there is also a Trojan named after him… 

Gauss victims are estimated to number in the tens of thousands, significantly higher than the number of attacks by Flamer and Duqu.

Gauss got its name from the German mathematician Johann Carl Friedrich Gauss in which its creator named the main module.

Another key feature of Gauss is its ability to infect USB thumb drives, using the same LNK vulnerability that was previously used in Stuxnet and Flame. At the same time, the process of infecting USB sticks is more intelligent. Gauss is capable of “disinfecting” the drive under certain circumstances, and uses the removable media to store collected information in a hidden file. Another activity of the Trojan is the installation of a special font called Palida Narrow, and the purpose of this action is still unknown. 

Investigations revealed that the first incidents with Gauss date back as early as September 2011. On July 2012 the command and control servers of Gauss stopped functioning. 

Leaky vendor… A group of hackers known as “The Lords of Dharmaraja” claimed that they were in possession of Symantec source code and documentation stolen from Indian intelligence agencies.

Symantec first responded that the stolen documentation and source codes have been outdated for current product offerings.

On 17 Jan 2012, as promised by hacker ‘Yama Tough’ the source code was released to the blackhat community.

Symantec immediately responded that the code for Norton Utilities that was posted publicly is related to the 2006 version of Norton Utilities only and that it posed no security threat to users of the current version of Norton Utilities.

After unleashing the source code for pcAnywhere on 17 January 2012, the whole Yama Tough versus Symantec saga came to an abrupt end with no further comment from either parties.

Malaysia’s Internet GDP … McKinsey & Co. and Google attempted to measure how the Internet matters to the Malaysian economy and produced a report which found that Malaysia’s Internet GDP is larger than U.S’s. or China’s.

The Internet is estimated to have contributed 4.1% of Malaysia’s Gross Domestic Product (GDP) in 2010 or US$9.75 billion out of a total US$238 billion GDP (World Bank estimate), thus placing Malaysia among the highest of the 30 fast-growing countries that the report highlights as crucial to the Internet’s future.
The report was derived from our GDP and eCP. eCP or the e-commerce platform demonstrates e-commerce enablement by scoring a country’s online payment enablement, parcel delivery systems and Internet readiness.

The bulk of the Internet economy is due to trading that is not directly related to private and public consumption. It is a result of using the Internet to make business deals and etc. The report found that SMEs benefited mostly from the dominance of The Internet.

Going forward, Google advises to improve the ecosystem via three ways. 1) bringing more companies to the Internet 2) creating more Malaysian content, 3) boosting domestic consumption.

It was also discovered that there is a very low number of Internet entrepreneurs that are successful as compared to the size of the Internet economy.

Wikipedia blacks out for 24 hours… Wikipedia staged a protest against the development of anti-piracy legislation being proposed to the US congress.

Pic credit: Wikipedia.com 

The SOPA (Stop Online Piracy Act) is a US bill introduced by US Representative Lamar S. Smith to expand the ability of US law enforcement to fight online trafficking of copyrighted intellectual property and counterfeit goods.

It contains clauses that would force search engines to stop listing infringing sites in their indexes.
Wikipedia’s founder saw it as a threat for Internet freedom and net neutrality and to make its case heard, Wikipedia went offline for 24 hours after 12pm on Jan 18 2012 (Malaysian time).

Wikipedia considered as one of the five most popular sites in the Internet, was joined by others like Craigslist and technology blog BoingBoing. Google also supported the cause by featuring a message on its search engine, “Tell Congress: Please don’t censor the Web!”

Supporters of SOPA consists largely of Intellectual property owners in the industry of media and entertainment who have sought to find a solution to curb illegal downloads of movies and other contents.
This development is important for countries like Malaysia which the Internet bill states that there will be censorship on the Internet whatsoever.

Similarly… The U.S. government shut down Megaupload.com, a content sharing website after tracking down its founders and operations in New Zealand with the help of the FBI.

The same site was blocked by the Malaysian government during June 2011, sparking protest on the Internet. This time however, it apparently is permanently shut down.

According to reports, company’s executives which include the CEO and CTO were arrested in New Zealand and charged for copyright infringement as well as conspiracy to commit copyright infringement, conspiracy to commit money laundering and conspiracy to commit racketeering.

The Mega Conspiracy group was accused of engaging in a scheme that took more than US$500 million away from copyright holders and generated over US$175 million in proceeds from subscriptions and advertising, according to the indictment unsealed later.

The US Justice Department officials said that the estimate of US$500 million in economic damages was very conservative and likely amounting to more.

This case is unprecedented, but a pretty huge shock for populations in APAC where piracy is endemic.

MARCH 2012 – Technologists and Technicians Bill 2012

The Technologists and Technicians Bill 2012 proposes establishment of of the Malaysia Board of Technologists to facilitate the registration and recognition of technologists and technicians, as well as their registration  based on qualification as a way of recognition for quality control.

In many ways, it aspires to establish professionalism in the ICT industry similar to the level professionalism for conventional engineers, doctors, lawyers and etc.

Given the nature of the industry which is defined by continuous advancing technologies, existing technologists and technicians find it hard to establish equilibrium between knowledge from school and real life practical scenario. In most cases, such ‘professionals’ are subjected to relearning of skills all the time.

This proposal has yet to identify a clear syllabus for proposed technologists and technicians. Based on the current draft, it seems likely it will go down the path of recognising graduates from selected educational institutions.

The draft proposes four categories of professionals.

1.) Professional technologists – for experienced working ‘professionals’. Granted to approve and certify projects

2.) Graduate technologists – for fresh graduates

3.) Certified technicians – for experienced working ‘professionals’. Granted to approve and certify projects.

4.) Qualified technicians – for fresh graduates

The proposed bill which was championed by MOSTI (Ministry of Science Technology & Innovation) had gone through an open discussion session attended by leaders of the industry and public. It was reported that the proposal was not well-received by the ICT community.

MOSTI stated that it didn’t propose the bill but acted on behalf of public interest to facilitate its establishment given that it has noble intentions.

There are no comments

Add yours