Home Black Hat Deep Tech Essays Fireside Chat My Take News Alerts Q&A RSAC Videocasts About Contact

Book Excerpts


VIDEO: Can Shape Security revolutionize Web defense?

By Byron V. Acohido

Shape Security. Remember that name. The Silicon Valley start-up emerged from stealth mode this morning to publicly unveil details of its plan to revolutionize cybersecurity.

If Shape can deliver, its technology could radically disrupt the engine that drives cybercrime: botnets.

Related video: Shape Security creates first “botwall’

A botnet is a sprawling network of thousands of infected PCs or Web servers, referred to as bots. The top dozen or so cybercriminal rings command massive botnets honed to automate and scale up the delivery of spam scams, the carrying out of denial-of-service attacks, the booby-trapping of legit websites and the hijacking of online financial accounts.

Botnets can’t be stopped largely because the bad guys have mastered a technique, called polymorphism, by which they continually tweak the underlying malicious code to stay a step ahead of the latest security updates.

Shape’s co-founders came up with the notion of using polymorphism against the bad guys. Shape’s technology doesn’t bother trying to detect botnet activity. Instead, it continually scrambles the exchange of information taking place between a Web server and a Web site visitor, be it a legit user or a malicious bot.

Gartner banking security analyst Avivah Litan credits Shape for breaking new ground. “You’ve got to hand it to them, they did something revolutionary, and you don’t see revolutionary technology very often,” Litan says. “No one ever comes up with new ideas in security. It’s always variations of old ideas and incremental changes.”

Shape has attracted cream-of-the-crop brainpower. Co-founder and CTO Justin Call, principal inventor, helped create the network security tools at security vendor Oakley Networks, which defense giant Raytheon acquired in 2007.

Co-founder and products vice-president Sumit Agarwal was the product chief at Google who helped port Google maps to the Android mobile device platform, and build AdWords into a $6 billion business.

And strategy vice president Shuman Ghosemajumder led development at Google of the systems the search giant uses to … more

The Internet’s 40th anniversary timeline of milestones

The Associated Press and Symantec have each compiled timelines to mark the 40th anniversary of the creation of the Internet. The compilation below begins with LastWatchdog’s description of the current threat landscape. Combined and supplementing the timelines reveal how a military grade experiment, designed with an open architecture that preserves s anonymity, evolved into a global force, embraced with equal fervor by corporations, braggarts and criminals.

Summer of 2009: Bad URLs swamp the Internet. Through the first half of 2009, IBM’s X-Force team tracks a 508% leap in the number of new malicious Web links versus the first half of 2008. Most bad links function as relays to other Web pages set up to quickly embed a wormhole (referred to as a Trojan downloader) to the hard drive of the visitor’s PC. The attacker then uses this wormhole to install code that groups the PC with thousands of other infected machines in a botnet. The attacker is then able to lease out the botnet to other criminals who need computing power to deliver spam, steal data, spread promos for fake antivirus subscriptions and hijack online banking accounts. Bad links are moot, of course, if no one clicks on them. So the Internet has become swamped with ploys to steer people to bad links. They turn up in search query results and in e-mail spam. And bad links are surging through messages and postings on popular social networks. Source: LastWatchdog

2009: The Koobface worm steals logons and contact lists from users of Facebook, MySpace, Twitter, YouTube, Friendster, Bebo and Hi5.  It delivers bad links in messages and microblogs that appear to come from trusted acquaintances.  Source: LastWatchdog

2009: The Seattle Post-Intelligencer becomes the first major daily newspaper to move entirely online. Google announces development of a free computer operating system designed for a user experience that primarily takes place on the Web. Source: AP

2009: Twitter emerges as the fastest … more

Hacking for bragging rights gives way to hacking for ill-gotten profits

Book Excerpt Chapter 1-Built For Speed Pages 14- 21 Zero Day Threat: The Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity

ISBN- 13: 978-1-4027-5695-5

White Hats, Black Hats, Gray Hats

The year is 1999-the close of the twentieth century. “Livin’ la Vida Loca,” Harry Potter, and The Blair Witch Project dominate pop culture. John F. Kennedy, Jr., piloting a small plane to a Martha’s Vineyard wedding, crashes; his wife, her sister, and he die in the tragic accident. Major news organizations hype what turns out to be an inert Y2K threat. Antitrust regulators bear down on Microsoft for using illegal monopolistic practices, while tech darlings Amazon.com and Netscape help inflate the dot-com bubble. Internet stocks launch into the stratosphere.

As dynamic as 1999 was, it was a comparative age of innocence when it comes to Internet security. Online shopping and online banking were in a nascent stage. Hacking was the dominion of computer geeks, invariably young males, seeking bragging rights. In the anonymity of cyberspace, the frail nerd pushed around by jocks in the schoolyard could log on to the Internet and emerge as a giant among peers by contriving the cleverest ways to exchange copyrighted music or to cheat at video games. In cyberspace, ethics became pliable, and reality altered, especially for impressionable teenage boys, says Ohio University telecommunications professor Mia Consalvo, author of Cheating: Gaining an Advantage in Video Games.

The introverted lad who would never dare to shoplift a CD from a music store or cheat playing a board game with flesh-and-blood acquaintances might think nothing of pirating a first-run movie or finding a shortcut to beat a popular online game.

“We now have kids who grew up as digital natives,” says Consalvo. “This is the first generation to grow up with computers in the home since the time they were born. They’ve grown up knowing that it’s easier … more

Seeking to impress his girlfriend, Samy worm creator introduces huge new attack surface

Book Excerpt Chapter 15 Pages 189-196 Zero Day Threat: The Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity

ISBN- 13: 978-1-4027-5695-5

Expediters Silly Samy

In another sort of counterintuitive development, a vast new sector opened up where cybercriminals could roam, but it did not derive from the work of a brilliant, handsomely paid mercenary programmer. It blossomed thanks to a popularity-starved script kiddie from Los Angeles, nicknamed Samy, who at age nineteen had too much free time on his hands.

Samy was one of the 32 million denizens-including a good many teenagers and adolescents-who populated the MySpace social networking site. MySpace used a hot new technology called AJAX, which stands for asynchronous JavaScript and XML. AJAX has been widely hailed as the enabling technology for “Web 2.0,” the coming generation of Web sites that are more feature rich and interactive.

Samy would underscore a lesson tech companies should have learned by now-hastily adding convenience-driven features to the Internet was akin to adding flimsy new doors and windows for criminals to test. Miffed by the brevity of his “friends” list, Samy scratched around for a way to hack into the Microsoft Internet Explorer browser and the Apple Safari browser of anybody who happened to click on his MySpace profile.

He began spending a couple of hours a day tweaking the AJAX component that allowed visitors to view his profile. After about a week, he discovered how to manipulate the code moving through AJAX, and contrived a way to install a self-propagating worm on the Internet Explorer or Safari browser of anyone who clicked on his profile. He included Apple’s browser because his girlfriend used a Mac.

Samy’s MySpace worm did three silly things: it added Samy to the visitor’s friends list; it printed “. . . and Samy is my hero” on the bottom of the visitor’s own profile; and it replicated itself … more

How hacker wannabes become profit-driven cyberthieves

Book Excerpt Chapter 4 Pages 46- 49 Zero Day Threat: The Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity

ISBN- 13: 978-1-4027-5695-5

Self-anointed Avenger Exploiters Fall 2003, Edmonton

The oldest of three children in a stable, churchgoing family, Socrates recalls getting hooked on computers as a young kid. Introverted, soft-spoken, and respectful of his parents, Socrates taught himself about all things digital. He became savvy enough around computers to land a job as a technical engineering draftsman not long after graduating from high school. He earned enough to get himself an apartment and buy a state-of-the-art desktop PC. By all outward appearances, by age twenty, he seemed well positioned to make his way in the world.

In his leisure time, Socrates spent endless hours at his keyboard smoking a little pot and playing Counter-Strike, a popular online video game in which participants role-play either as a terrorist out to plant bombs, take hostages, and assassinate enemies, or as a counterterrorist determined to neutralize the terrorists. Comrades communicate by text messaging one another, using Internet slang, on an IRC (Internet relay chat) channel. Chat channels are virtual meeting rooms where people from all over the world convene to exchange text messages in real time about topics of common interests. As with most online, multiplayer video games, cheating on Counter-Strike is not uncommon. For instance, some players will use “wallhacks”-cheat code that renders solid objects semitransparent. This allows the cheater to spot and take aim at rivals hiding behind solid objects.

When he wasn’t playing Counter-Strike, Socrates would navigate to mIRC.com, a popular public Web site that serves as a gateway to thousands of chat channels. He gravitated to certain chat rooms where cinema buffs bragged about being the first to post digital copies of the latest Hollywood blockbusters on the Internet for free downloading. He became an avid collector of pirated first-run Hollywood … more

Criminal hacking at the grass roots level

Book Excerpt – The cost of doing business Chapter 8 Pages 95-98 Zero Day Threat: The Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity

ISBN- 13: 978-1-4027-5695-5

March 2005, Edmonton

In the year and a half Yolanda and Jacques were a couple, they had lived in three different places. The apartment they currently occupied, a two-bedroom, third-floor walk-up in the middle-class Mill Woods neighborhood south of the city, was by far the nicest.

Yolanda, twenty-three, was a functioning addict. Her drug of choice: crystal meth. Yolanda held down a decent job as a clerk for a courier company and earned enough to afford a car-she drove a white 1995 Chevy Cavalier-and cover rent and living expenses. Her apartment complex was done in a Hansel and Gretel motif with black trim and faux white stone walls. The rooms were compact. The living room opened via sliding glass door onto a small deck overlooking the street with a territorial view to the northeast of an expansive, undeveloped tract of land.

Prior to moving to Mill Woods, Yolanda and Jacques, twenty-four, a crack cocaine dealer, had lived in an apartment in the run-down Stadium neighborhood near the provincial courthouse, and before that they had lived for three months with Jacques’s father, a crack addict. It wasn’t very long into their relationship before Jacques hit Yolanda for the first time. Jacques had grown up watching his father strike his mother countless times. If his mother cried, the beatings would intensify. Jacques vividly remembered the beating his father administered that culminated with an ambulance rushing his mother to the hospital and cops hauling his father to jail. He was eight years old at the time.

Though Yolanda lived in constant fear, that didn’t stop her from mouthing off to Jacques-or making excuses to others for how he treated her. She spoke often to acquaintances about “Jacques’s psychosis” … more

Microsoft pays $250,000 bounty to catch Netsky/Sasser author

Book Excerpt Chapter 4 Pages 52- 59

Zero Day Threat: The Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity 2008 by Byron Acohido and Jon Swartz, Union Square Press, Sterling Publishing Co. ISBN- 13: 978-1-4027-5695-5

Virus Wars

Subject: Hi

So began the Virus Wars of 2004. It would pit the new breed of for-profit virus writers against an idealistic German teenager. Collateral damage would reverberate around the globe: tens of millions of PCs compromised; hospitals, banks, and transportation systems briefly knocked out. The world would never be the same. After 2004, hacking would become almost exclusively a for-profit criminal exercise, and the Internet-the emergent information superhighway-would become a thoroughfare of thieves. It would start with an innocuous-looking sliver of e-mail moving across the Internet in Australia and New Zealand on January 19, 2004, a Monday morning. It was the beginning of a new workweek. Windows PC users in the Southern Hemisphere logged on to company computers and began absentmindedly cleaning out e-mail in-boxes left dormant over the weekend. Thousands hastily clicked open the e-mail marked “Hi” and read this message:

Test =)


Test, yep.

Lulled into thinking this was some sort of techie-looking test required for one vague reason or another, many took the next step and clicked on the attached icon, a Windows calculator, with the file name:


A functioning calculator, indeed, popped up on the screen. Unseen, a virus, dubbed Bagle.A, went to work. Bagle.A efficiently replicated itself to every e-mail address it could find on the infected PC and quietly opened a back door through which the intruder could return later and install a proxy server. After spreading for two weeks, Bagle.A-like the early variants of SoBig-went dormant. On January 26, a much more aggressive e-mail virus grabbed the spotlight in America. Craig Schmugar was one of the first to see it spreading. A virus research manager … more