What does an Editor at Vanity Fair know about Hacking that you don't?
I never would have thought Vanity Fair had it in them. Actually I would have never thought to look at their articles for security information, ever. That was until today. Only one slip on MSNBC this morning. Everything I have read in the article dead on.
Really this is the last place online I would ever look to read a security article. But today after listening to Morning Joe on MSNBC with the editor (I believe) of Vanity Fair talking about RAT (Remote Access tool) and Cyber-espionage.
The Article (linked here) is 100% on the money in my opinion and from my experience.
I'm not sure why the security community didn't get involved more but because corporations move at a snails pace I'll look to read something before the end of the month.
I would like to quote a few things from the article that are very true and like many that collect evidence files most companies do not want to hear about it.
I wrote that most IT administrators would rather be in the dark than to hear their network is hacked. I say most because since 1998 to date I have only had one (1) person respond to a notice about a hacked server. I've had 3 local companies call but it was only because the server was completely offline.
The only email notice that was responded to was from the US Forestry Department in Washington State back in 2000. They told me the server was in a fire lookout station and shouldn't have been on at all. Now, did they fix it? I will never know. But they did disconnect it from the internet which saved other computers from being infected with the same virus.
Now for the quote of all quotes related to the IT community.
"We've seen this before," Alperovitch says. "Victims don't want to know they're victims. I guess that's just victim psychology: if you don't know about it, it's not really happening." (Page Two of Vanity Fair Article.)
You can read the full article and come to your own conclusion about how the IT Security world reacts to cyber hacking. By writing anything today you could subject your own servers to a hack but then again you might help someone protect their system better by exchanging information.
I'm sure you have heard of the XCtM Project if you have visited this site before. It is a simple little passive monitoring of a single little website that offers a great deal of information about what' going on online.
I personally don't monitor via the internet private networks or anything behind a firewall. And I don't monitor anything that isn't under contract with me. But what I do monitor is hacked computers that attempt to deface products and services I offer online.
To reward the poor IT security I have automated scripts that email the abuse contact listed in ARIN about the abuse. After reading the article I couldn't believe that IT administrators refused help from security experts. If you think you couldn't detect a hack before or during the hack how in the world can you tell us you can conduct a forensic evaluation of your network?
Remember this line? "It's not IF you are hacked. It's WHEN you are hacked."
Scripts (aka hacks) run 24/7. The XCtM Project monitors what you tell it to monitor. We show living website spam posting from the Pharma Spam Botnets. Soon we will add more specific monitoring pages to show other types of scripted hacks. Typically we see 200 to 300 spam posts each day from hacked computers (Trojan Backdoor virus) and about 50 spam posts per day from botnets controlled by spam groups. (Paid or leased computers designed for spam and network abuse.)
The hacked computers are of interest. They offer the best of the worst. Most times you can login to the hacked computer just like the spammer and hide your real connection just like the spammer is doing.
The Insurance company that has had a workstation infected for over 2 months in California will most likely ignore any email attempt to inform them of the problem. If you contact MicroTrends, Microsoft, Local School Districts, Applications companies they also most likely will delete your email and continue on with their day.
So how do you report a network that has been hacked? The idea I have is to do just like some sites do with hardware reviews. Maybe like some feedback sites and review sites. From what I have seen if you own the business and have a bad review you have to pay a subscription to have the bad reviews removed from the internet.
Should Security Experts start posting bad security reviews about companies that do not act when action is needed?
Because the XCtM is a monitoring application detecting network abuse from other networks it's a direct attack on networks I have control over. I feel the information I collect about the abuse can be offered to the public as a public service. I'm I thinking correctly? I'm not going to get into a legal argument but if you attempt to break into my home and my camera takes your picture I'm going to post it online so the police can see who you are right away.
In the Case of the Cloud networks I've detected with hacked computers should I wait for months to go by keeping my fingers crossed for some IT Tier I person to email, "We are investigating your claims." or should I post the actual company and warn consumers about the possibility of personal and private information being stolen because of the Cloud Network server in Florida?
I'll be asking Vanity Fair their take on this type of information. I feel it's best to keep your abuse email box clean and read the email when it comes from a valid domain name like xtremecomputer.com . You will be listed by City and State but our technicians get the full file when they login.
The fact is companies will for the most part not take any action to correct the issues we find. If McAfee couldn't get a response what do you think XtremeComputer.Com would get? Nothing.
Here's what I propose to the IT world. When we detect your cloud network as being "Compromised" we will offer the information to a local technician and ask that technician to visit your company and help. We are going to call this a sales and service lead. It's a cold call based on active connections. It is a qualified cold call but like any knock on your door you don't have to answer.
The claim McAfee and Vanity Fair made was IT administrators were not returning emails. If that's the case let's jump to the old fashioned telephone calls and knock on your front door visits.
Because our records come from ARIN we can only guess that the records are updated correctly. When we send a technician to your office feel free to turn them away if the IP address block is not yours. But do yourself a favor and your company and update the ARIN records with the correct information.
Look forward to calling a few of you myself. That's after I send off an email to MicroTrends about a hacked server in their office.
MSNBC Morning Joe Video. Take a look at what I watched and comment if you can pick on the only thing I would have to question. It was very little but overall this was the best report all decade.
By the way, nice job on taking "Lots of Notes". You saved me time.
XCtM Project v1.9. We monitor our own sites to keep your abusive networks out.