Security Advisor

Hackers Targeting Gmail, Hotmail for Attacks

Increased attacks are being both staged and carried out on some of the Web's most popular e-mail sites. Plus: U.S. gets serious on cyber threats, Syria blocks Internet access.

• By Jabulani Leffall
• 06/06/2011

Windows pros would do well to take note of a predominant trend in the realm of IT security as the week begins: e-mail accounts as both targets and attack vectors.

Adobe announced that a recently patched vulnerability in its flash player on Sunday is still -- despite an out-of-band rollout on Sunday -- being used to hack into the accounts of Gmail users.

Adobe said in its security advisory that the bug exploits cross-site scripting (XSS) weaknesses to pull a jack move on usernames and passwords in Gmail during a browsing session.

It was Google that first reported the problem to Adobe.

The Adobe-Gmail security punch up comes after Trend Micro identified issues with Microsoft's Hotmail accounts in this report. In the Hotmail situation, hackers are apparently using embedded scripts to get usernames and passwords. In this sense, a cross-site scripting vulnerability similar to that exploited in the Gmail incursions is employed to break into Hotmail accounts.

Microsoft's senior response communications manager Bryan Nairn stated publicly that Redmond is working with trend micro to nip this problem in the bud, saying that a solution would come from a "coordinated vulnerability disclosure."

But wait, there's more!

As far back as March, Yahoo! Mail was also an apparent target of attackers who, instead of using cross-site scripting tactics, use an infected spreadsheet file. The corrupt attachment is specially crafted to turn the popular Microsoft Excel program into a weapon against Yahoo! Mail users unfortunate enough to open the document -- which exposes their system to risks such as the threat of personal identifiable information ending up in the hands of hackers.

What this trend suggests is that hackers are hitting up popular e-mail accounts usually accessed in a Web browser session. These e-mail accounts, as opposed to a Microsoft Outlook or secure client-side e-mail account like Outlook, can be accessed from any computer, anywhere and are thus vulnerable as any other destination on the Web.

U.S. Government: Cyber Attacks Considered an Act of War
Google blames China for the latest Gmail incursions listed above and has blamed China for a recent series of attacks on Google products and services. Lockheed Martin, the defense contractor, was also recently hit. As aggregated on this blog, Iran has pointed fingers at the U.S. and Israel for unleashing the Stuxnet worm, which plagued Windows systems last summer.

All of these salvos between governments and among companies leveling accusations at governments lead to a single conclusion: The prospect of cyber war escalations is becoming all the more real.

To that end, the U.S. Department of Defense isn't taking any chances and announced late last week that it was developing a framework to open up a digital front that would protect domestic networks from foreign and domestic attacks.

The Pentagon even went so far as to say it would use conventional warfare against the identified source of cyber attacks, echoing the sentiments of the Obama administration last month, which considered such attacks an act of war.

What's unclear is how any regulatory body or security company will find the source and motives of such attacks. What is clear is that it will likely take a coordinated private and public sector effort to shore up the digital infrastructure of both corporate and government entities.

For its part the Pentagon is expected to finish its cyber defense strategy proposals this month.

Syria Shuts Down Internet Service
Like Egypt and Libya before it, Syria has become the latest predominately Arab nation to become mired in civil unrest. It has also become the latest nation to cut off access to the country's Internet connections, according to this blog post. As of Saturday, James Cowie, CTO of Renesysm, gave a detailed account of what areas were reachable and unreachable, as far as network access is concerned, over the weekend.

He says the news has been slow out of Syria, and while he couldn't confirm whether this outage was coordinated as it was in Libya and Egypt, he did suggest that events there might be reaching a "tipping point."