Top 5 #InfoSec Reads is back!
Offensive censorship by China, the APWG reports on popular phishing targets, Snowden oversimplifies our sharing habits, Troy Hunt cries for sanity when we use the term "hacked", and a WSIS nomination for ICANN's Investigating DNS Abuse/Misuse training are this week’s Top 5 #InfoSec Reads.
CitizenLab's report on the attack infrastructure that China has added to complement the Great China Firewall (Golden Shield Project) explains in detail how China has taken the offensive in "state level information control" efforts by incorporating "a distinct attack tool that hijacks traffic to (or presumably from) individual IP addresses, and can arbitrarily replace unencrypted content as a man-in-the-middle." The analysis includes a discussion of the nature of recent (DDoS) attacks, how CitizenLabs attributes the Great Cannon activities to the Chinese government, and most disturbingly, how the cannon might be used to target individuals (e.g., dissidents or reporters).
I routinely summarize APWG's quarterly phishing reports and biannual global phishing surveys. Help Net Security's done a fine enough summary that I'll simply point you to their post: attacks against ISPs and banks are up. more brands are being targeted, healthcare records have become increasingly attractive, and crimeware mutations are on the rise.
During a John Oliver Tonight interview, Eric Snowden took the opportunity to allege that "your email is kept" and that while it's good that the US NSA has capabilities to fight hackers, it's not good that it can use these capabilities against the American people. If only the distinction were as simple as a ten word sound bite. Snowden also is quoted in the article as saying, "we shouldn’t change our habits of sharing whatever we want to share, just because the government its doing the wrong thing." This is simply overly simplified or wrong advice. It's overly simple because we should worry equally - yes, equally - about third party data collection because we have no assurances how those parties will share or to whom (including governments). But it's wrong, too.
We should change our habits of sharing because they are bad habits.
Troy Hunt's rant over the exasperatingly frequent misuse of the term "hacked" among journalists is amusing yet raises some important points. Hunt explains that not every attack should be coined a "hack", and not only because certain attacks do not involve hacking in the classical sense but also because classifying certain attacks such as DDOS "gives the culprit too much credit and judges them too harshly in the eyes of the law". This is an important read, especially if you are reporting on #infosec.
I'd call this a shameless plug if I weren't so excited to share. I began developing informal training at the request of law enforcement colleagues several years ago. That training has evolved to full day and continuing engagement for ICANN's Security Team, who have now delivered it to individual law enforcement agencies or public sector actors in every region and in multiple languages. As the program title suggests, the training describes how criminals use the domain name system (DNS) and registration services in malicious or illegal activities, and how attendees can gather information/evidence of these abuses. I'm delighted to have ICANN honored by the World Summit on Information Society nomination and want to thank my Global Stakeholder Engagements and Comms teams for flogging through the nomination process on my/our behalf.