computer security

Cyber Warfare

by Dave

The potential of Russia to invade Ukraine is red hot news. Experts speculate the first wave of attacks from Russia will be “cyber attacks” which I really had to do some research on this topic. Computers have always had some vulnerability to outside interference. What changed in the last two decades, is that everything is very interconnected, so the network security has real vulnerabilities. It really is machine verses machine, but because humans both code software to attack network servers and to defend them, it is all about people in countries openly violating international norms supported by their government.

A website can be flooded with requests and this can cause time-outs, or denial of service (DoS). It happened to me when I was trying to get an appointment for the first Covid vaccine. This was unintentional and the result of requests greatly exceeding the capacity of the overall system. It can happen intentionally also, and an individual website can be disabled. Frequently, this is called a “distributed denial of service” or DDos attack.

Wikipedia (see link below) states:

“In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.[1] In a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.[2]

A DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, thus disrupting trade. Criminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge, blackmail[3][4][5] and activism[6] can motivate these attacks.”

The DDos attacks have many different forms of attack and defenses. Attacks are meant to disrupt normal communications. The more technical details are provided in the Wikipedia summary as provided below.

As I prepared this post, cyber attacks by Russia had begun. Ukraine’s banks and Ministry of Defense reported the attacks. The impact is not considered serious. Hopefully, the international community is helping keep Ukraine’s cyber defenses in a high state of preparedness. See links.

Stay tuned,

Dave

Links:

Threatpost, “Ukrainian DDoS Attacks Should Put US on Notice–Researchers“, This is reporting from 2/16/2022 and the situation is highly fluid. There are US laws against cyber attacks, and European accords, but this is really very limited.

Wikipedia, Denial-of-service attack, There are many sites covering the cyber attack and defense issues. The summary goes into detail how network attackers look for any means to disrupt internet services through examining potential vulnerabilities. The cyber-extortionists profit by demanding payment in the form of bitcoins to call off the attack. Russia, North Korea and China may be training the next generation of these criminals. The cyber attacks can cause major disruption the telecommunication system, and weaken defenses. I am hoping that the NATO countries have already helped Ukraine to prepare for these attacks.

John McAfee and Cell Phone Security

by Dave

John McAfee can break into the Apple’s iPhone 6 if they just give him a chance, but his claim  is certainly total bluster. The claim gets John McAfee his 15 minutes of fame, although today it has been cut to about 90 seconds on national television.   I explained the government’s problem with hacking through  the iPhone 6 in a separate blog- but it’s worth reviewing.

Apparently, law enforcement departments across the country have a large number of iPhone 6 they would like to open.  FBI Director Comey explained the problem best as they want Apple to remove the watchdog in front of the security system.  Apple’s iPhone 6 has built in  defenses when it suspects there is an intruder.  Entering the password too many times, initiates a delay in password attempts.  The user can activate another security measure which would wipe clean iPhone contents if too many attempts are made on the phone.  The phone is still functional in every respect, except the user’s content such as telephone numbers, pictures, etc is gone. These measures thwart an attempt to open the iPhone by simply trial and error iterations on the password.

So, what the government has been unable to do, is to find a means of calling off the watchdog, presumably by some code change in the operating system.  Once that is done, it could be days, months or years (or never) to hack through the phone by guessing at the password. The government is likely has experts working with other iPhone 6 so they don’t trigger the defense mechanisms on the San Bernadino phone.

Along with pictures, there is likely stored GPS information, useful in tracking the movements of the San Bernadino terrorists.  The contents of  cell phone these days is a phenomenal tool in solving crimes.  But search warrants are required.

Now what you need to know about John McAfee.    John McAfee founded McAfee and Associates,  but he sold out way too soon.  He credits the success of his company, to finding the best individuals to write the anti-virus software.   He has a long history of being an incredible promoter of his latest endeavors.   For decades, he separated himself from the computer technology world. As a great marketer that he is, he was involved in marketing various enterprises including yoga, ultalight flight, and anti-viral medicines based on plants grown in Belize.  With the wealth gained from the sale of McAfee, he built a number of beautiful homes and according to McAfee, had to unload them at a loss.  Now, he has founded Future Tense Central and announced he is running for president.   I don’t see much for sale at his website but a baby monitoring system.

Ok.  So why John McAfee is blowing hot air?  Because if what he is saying is true, he can at any moment,  demonstrate his company’s ability to open  iPhone 6. If he could do that,  I’m sure he will be in strong demand from law enforcement across the country, with much less publicized cases, such as theft and drug cases.  Of course, these would be cases where the police has valid search warrants to hack the phones based on probable cause.

He’s teasing the FBI- I know how to open the phone and you don’t. Ha ha ha.  And I can’t tell you unless you give me the San Bernadino iPhone, which the FBI can’t do, in case John McAfee sets off the watch dogs.

But, McAfee always sounds very good.  He gets invited as keynote speaker at computer security conferences.  And obviously, he knows how to get on MSNBC or Fox News in their attempts to  find commentators on any hot topic of the day.

Stay tuned,

Dave