Seeking Address: Why Cyber Attacks Are So Difficult to Trace Back to Hackers

security, Internet

Cyber attacks may not be a new phenomenon but the recent successes scored against high-profile targets includingCitiGroupGoogleRSA and government contractors such as Lockheed Martinunderscore the targets’ current failure to block security threats enabled by theInternet. Malicious hackers use the very same technology that enables online banking, entertainment and myriad other communication services to attack these very applications, steal user data, and then cover their own tracks.

One common practice that attackers employ to evade detection is to break into poorly secured computers and use those hijacked systems as proxies through which they can launch and route attacks worldwide. Although such attacks are an international problem, there is no international response, which frustrates local law enforcement seeking cooperation from countries where these proxy servers typically reside.

Address unknown
Every day seems to bring news of some new cyber attack. “We’re seeing more reports on invasive attacks on a much more regular basis,” says Chris Bronk, an information technology policy research fellow at Rice University’s James A. Baker III Institute for Public Policy and a former U.S. State Department diplomat.

The hardest problem in finding the source of these attacks is attribution. Each data packet sent over the Internet contains information about its source and its destination. “The source field can be changed [spoofed] by an attacker to make it seem like it’s coming from someplace it’s not,” says Sami Saydjari, president of the cyber-security consultancy Cyber Defense Agency and a former program manager of information assurance at the Defense Advanced Projects Agency (DARPA).

“If your network is under attack and you’re trying to find out who’s doing it, purely technical means are insufficient for that,” says David Nicol, director of the Information Trust Institute at the University of Illinois, Urbana–Champaign. “The way that we assemble complicated networks of computers until recently hasn’t been done at all with security in mind except in a cursory way, and that’s the fundamental problem.”

By way of example, Nicol points out that he uses a virtual private network that connects to a proxy server before connecting him to the Internet. This enables him to encrypt data he sends over the network and protect the identity of his own Internet protocol (IP) address. “I do this to thwart information harvesting that commercial Web sites usually have,” he adds. “I’ve got nothing to hide but that doesn’t mean I want information about me harvested and sold.”

Unfortunately, such tactics are also employed for malicious purposes. Cyber attackers use viruses, worms and other malware to take control of Internet servers or even personal computers, creating a network of “zombie” computers (also called botnets) under their control that they can use to launch their attacks. As a result, an attack may appear to come from a particular server or computer, but this does not mean the attack originated at that device, Nicol says, adding that often a string of proxies located in different countries are used in an attack, “greatly complicating the legal process of trying to piece it all together.”

Facebook Users DROP In U.S.: Millions Left The Social Network In May 2011

Facebook Traffic

Facebook is almost at 700 million users, but it recently experienced big dips in U.S. and Canadian growth.

According to Inside Facebook, the social networking site hit 687 million monthly users in June, though the growth rate overall has been slower than normal for the past two months. Though for the past year Facebook has grown by at least 20 million users each month, in April and in May, it grew by 13.9 and 11.8 million respectively.

And in the U.S. and in Canada, Facebook actually lost users.

U.S. accounts fell by close to 6 million, from 155.2 million at the beginning of May to 149.4 million at the end. This marks the first time American Facebook membership has dropped in the last year. Canadian users also fell by about 1.5 million.

Inside Facebook notes that once about 50 percent of a country’s population is on Facebook, growth basically stops. Indeed, losses over 100,000 were recorded by the U.K., Norway, and Russia.

Meanwhile, Facebook’s growth was bolstered by gains in developing countries like Mexico, Brazil and India, each of which picked up about 2 million users from May to June.

TechCrunch also pointed out that Twitter and LinkedIn are making big gains in many of the surveyed countries, with Twitter coming in as the number two social network for the U.S., the U.K., Canada, Australia, Germany and France.

Lily Allen: Marriage and Facebook clickjacking in the same weekend

Lily Allen

Although we see scams spreading on the Facebook social network every day of the week, there seems to be a special spurt of activity at weekends.

Maybe people who are susceptible to scams are more likely to be clicking on links apparently shared by their Facebook friends at the weekend, or maybe the bad guys are taking advantage of Facebook’s own security team being caught on the hop.

I don’t know the reason, but it’s never a surprise to see scams spreading quickly on Saturdays and Sundays. This last weekend we saw scams such as “The World Funniest Condom Commercial – LOL”Baby Born Amazing Effect – WebCamera and “This Guy Took A Picture Of His Face Every Day For 8 Years” make their mark once again, for instance.

Here’s a couple of other scams we saw, where the links were pointing to clickjacking pages:

Lily Allen shows her breasts on British television!

Lily Allen shows her breasts on British television!
In a broadcast on Channel 4, the singer Lilly Allen shows us her beautiful breasts.

That’s probably not the kind of thing that pop star Lily Allen wants spreading around on Facebook on the very same weekend that she’s getting married.

Meanwhile, some folks took advantage of the weekend to enjoy a trip to the theme park:

Woman has an orgasm on a roller coaster

W0man has an 0rgasm on a r0ller c0aster
I love how the dude stops laughing and goes completely silent once he realizes his girlfriend wasn't joking about having an orgasm.

Note the funky spelling with zeros replacing “o”s – presumably in an attempt to avoid filters.

Hopefully not many people need reminding by now, but you should always think twice before clicking on an unknown link even if it does appear to have been shared by one of your Facebook friends.

Maybe we’d all be safer if everyone had a cold shower before logging into Facebook..

If you’re on Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 90,000 people.

HOAX: McDonald’s Official Statement Condemns Racist Sign [UPDATED]

Making the Twitter rounds on a super-sized scale today (under the hashtag of #seriouslymcdonalds) is this obviously fake sign that’s allegedly in a McDonald’s restaurant. It claims that “African-American customers are now required to pay an additional fee of $1.50 per transaction.” The picture originated on twitpic and has gone viral from there.

A tipoff that this is a fake? We called that 800 number you see at the bottom of the sign, and it connected to the KFC Customer Satisfaction Hotline. But really, think about it: Would any McDonald’s franchisee or employee tape such a sign on the door of a McDonald’s restaurant? It would be career suicide.

Further proof: On McDonald’s official Twitter account, the company says it’s a hoax:





Ultimate proof: We called the company and got an official statement from Rick Wion, McDonald’s director of social media:

“The sign is obviously a hoax. As a company and a brand we have a long and proud history of diversity inclusion across our system on both sides of the counter.

“From our management crew, franchisees — across the board, we’re very proud of our record of diversity. This is unfortunately an example of how rumors can outspeed the truth. Over the last 48 hours we’ve been tweeting and striving to clarify that this is a hoax.”

Horrific Le Mans Crash Goes Viral on YouTube [VIDEO]

Horrific Le Mans Crash Goes Viral on YouTube [VIDEO]

Watching this dramatic crash that happened early in the 24 Hours of Le Mans race on Saturday, you might wonder how 41-year-old driver Allan McNish survived such violence.

As you can see in the video, McNish, who won the 24 Hours of Le Mans race in 2008, walked away from the accident. Chalk that up to a barrier lined with rubber tires, effective crash protection built into his Audi R18 TDI’s roll cage, and the numerous parts of the car designed to rip away to diffuse the energy of the impact.

Even though the rest of the car virtually exploded when it hit the wall, notice how the chassis of the Audi R18remained in one piece, thanks to its single-piece construction designed to add more rigidity, unlike previous Le Mans Audis whose chassis were built in two halves.

Beyond McNish’s walkaway, surprisingly, no bystanders were hurt in the accident, according to Yahoo Sports. Early on Sunday morning, another Audi R18 won the 2011 24 Hours of Le Mans race by 13 seconds.


YouTube Box Office now in India

If YouTube was your one stop destination for videos, now it will become your one stop destination for movies as well. YouTube and Intel have partnered to bring you the latest blockbusters online. You can log on to to get started.

Opening the box office in India is Yash Raj Film’s Band Baaja Baaraat. Users will  have the option to view the movie in 720p and 1080p apart from the other standard resolutions.

Continuous play will however depend on the Internet speed. Movie trivia and contests also make an appearance on this YouTube page to add to the Bollywood novelty. Deleted scenes, making of the movie and other features that are available on the movie DVD will also be available. YouTube already has a movies channel that lets you watch movies for free but this initiative by Google in India Intel will bring the big blockbuster titles to the web screen.

With the growth in broadband penetration and increasing Internet speeds in India, the day seems pretty close when a large number of households will be able to stream movies to their TVs directly from the web. With Netflix making its intentions clear to enter the Indian market, we will soon see great competition in the online movie streaming business.

For NDTV Updates, follow us on Twitter or join us on Facebook