Security Watch

You vs. the One-Armed Bot Army

Plus: Arp spoofing strikes CISRT; how copper thieves can pose threats to your systems.

If you read my column earlier this week, I gave some examples of criminals using not-so-obvious ways to take advantage of exploits. Here are other ways the criminally-minded are gaining the upper hand:

According to Fortent (registration required to read article), bots are being used by criminals to perform money laundering and other financial scams at online casinos. The company believes that bots are, among other things, being used to launder money by losing to pre-determined winners or by swarming a game and collaborating to ensure that one of the bots wins against real-life opponents.

If you’ve ever tried online gambling, ever felt the house was against you? Perhaps it’s not simply odds, but actually information being passed between all of your opponents!

ARP Spoofing Gets Chinese ISRT
The Chinese Incident Security Response Team has reported that its own Web site fell victim to an arp spoofing attack. A site within the hosting network where the CISRT Web servers are housed was used to poison the arp cache of the CISRT web servers, redirecting the Web servers through a criminally crafted proxy on the same network and replacing its gateway address. This meant that any Web responses the server sent to visitors had additional code appended to the page to insert a criminally crafted iFrame with links to MPACK.

So you’re told your site is serving up malware and you launch an investigation looking for the malware or any modification to your Web server’s content. After hours and hours of inspection, you find none! Do you simply put the accusation down to incorrect information or do you have the ability to check the network for inserted proxies?

Old Security Hole Resurfaces, eBay Pays
eBay explained that a hole, exploited by criminals recently to obtain information about bidders, was the result of an old administrative interface that was thought to have been removed some time ago.

If you decommission something, what do you have in place to ensure it is decommissioned? Just as important: Is it still decommissioned and will it stay that way?

Want More Security?

This column was originally published in our weekly Security Watch newsletter. To subscribe, click here.

Not-So-Obvious Reason to Be Mindful of Backups
Some 5,800 customers of Kentucky Utilities were without power around 5 a.m. after police believe a criminal attempted to steal copper. The criminals escaped, but local police believe they are likely to have severe burns as a result of their attempt.

How does this relate to IT security? Well, with incidents like this, you now have to double-check your backup generator when the weatherman says you’re going to get a storm. It's bad enough that some idiot steals the copper from your local power substation. And if they don’t manage to kill themselves, they still have the potential to wreak havoc that's worse than any storm, in terms of the time it may take for you to restore power and your systems back to normal.

About the Author

Russ Cooper is a senior information security analyst with Verizon Business, Inc. He's also founder and editor of NTBugtraq,, one of the industry's most influential mailing lists dedicated to Microsoft security. One of the world's most-recognized security experts, he's often quoted by major media outlets on security issues.

comments powered by Disqus
Most   Popular