Observing Cyberwar in Real-Time, Linking Individuals Despite Firewalls and Shielding NGOs from DDoS Attacks — Did Somebody Say Google?

Posted on October 30th, 2013 by Dan Rampe

Digital Attack Map


In addition to squeezing users into using a single logon for Gmail, YouTube and other Google-owned properties and collecting personal information that may or may not have been shared with hostile or friendly governments, what else has Google been up to lately? Well, three things right off the bat: Digital Attack Map, uProxy and Project Shield.

Digital Attack Map is an interactive map that monitors DDoS attacks around the globe revealing what cyberwar looks like in real time. As an example, foreignpolicy.com points to a Digital Attack Map snapshot from August 27th. It shows a portion of Chinese cn domains being knocked offline.

“Chinese authorities described the hack as the largest cyberattack in the country’s history without pointing fingers at any particular party….

“Attacks whose origin and destination are both known are depicted as an arc between the two countries, with the data traveling from source to victim. Attacks whose origins are unknown but whose victims are clear are depicted as a downward flow into the victim country.”

Another example foreignpolicy.com used was the June 25th attack on South Korea that marked the 63rd anniversary of the start of the Korean War. The attack was carried out by the DarkSeoul gang, which has been linked to North Korea. “The attack shut down major media and government websites and represented a high-profile flare-up in ongoing tensions on the Korean Peninsula…. (It) was able to take down a series of prominent websites while using relatively little bandwidth.”

A third example was the “six-day attack on the United States, during which, among other things, hackers targeted U.S. banks. It’s notable for the incredible bandwidth used, which was far larger than that in a typical attack.”

Google also rolled out a proxy plug-in called uProxy. Elias Groll on foreignpolicy.com writes that uProxy “uses a peer-to-peer system to create secure Internet connections. By linking a user in, say, China with her trusted friend in the United States, the browser plug-in allows the user in China to access her American friend’s Internet via an encrypted connection that should, in theory, allow her to bypass the Great Firewall.” Hmmm, wonder if cybercriminals could find a use for it. Oh well, any tool can be used for something other than what the creator intended. knives, axes, bombs. Okay, maybe not bombs.

Finally Google is introducing Project Shield to protect NGOs (Non-Governmental Organizations) such as human rights organizations – wonder if that includes the ASPCA? – from DDoS (Distributed Denial of Service) attacks, which “take down a website by directing a flood of traffic toward it and overwhelming it or rendering it unusable.”

ThreatMetrix secures Web transactions against account takeoverpayment fraudidentity spoofing, malware, and data breaches. The ThreatMetrix Global Trust Intelligence Network, which analyzes 500 million monthly transactions, provides context-based authentication and Web fraud prevention to help companies accelerate revenue, reduce costs and eliminate friction. ThreatMetrix protects more than 1,900 customers and 9,000 websites across a variety of industries, including financial servicesenterprisee-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.


Stocks Come with Risks. So Do Stock Exchanges. Latest Study Shows Half the World’s Exchanges Targeted by Hackers Last Year.

Posted on July 29th, 2013 by Dan Rampe


In 2012, approximately half the world’s securities exchanges were victims of cyberattacks according to a survey of 46 exchanges from every corner of the globe. The interconnected nature of markets invariably causes a cyberattack on one exchange to have implications for others.

Recently a joint staff working paper on exchange cybersecurity was done by the International Organization of Securities Commissions’ (IOSCO) research department and the World Federation of Exchanges office.

The International Organization of Securities Commissions (IOSCO) is the international body that brings together the world’s securities regulators. Its membership regulates more than 95% of the world’s securities markets.

The 57-member World Federation of Exchanges (WFE) is the trade association for regulated financial exchange operators. The WFE develops and promotes standards in markets, supporting reform in the regulation of OTC derivatives markets, international cooperation and coordination among regulators.

Reuters’ John McCrank and Brendan McDermid reported on the joint staff working paper.

“There could be systemic impacts … from cyber attacks in the securities markets, especially considering that our financial system is relying more and more on technological infrastructure,” the report’s author, Rohini Tendulkar of the IOSCO Research Department, said in an interview.

Among the exchanges surveyed, 53 percent said they experienced a cyberattack last year. The most common forms were Denial of Service attacks, which seek to disrupt websites and other computer systems by overwhelming the targeted organizations’ networks with computer traffic, and viruses.

Other forms of cybercrimes reported by the exchanges included laptop theft, website scanning, data theft, and insider information theft. None of the exchanges reported financial theft as part of the attacks.

“Cybercrime also appears to be increasing in terms of sophistication and complexity, widening the potential for infiltration and large-scale damage,” the report said, adding that a major attack could result in widespread public mistrust and a retreat from the markets.

In Britain, worries over hacking and other cyber attacks have pushed aside the euro zone crisis as the top risk for that country’s banks, a senior Bank of England official said last month.

In the United States, exchange operators Nasdaq OMX Group and BATS Global Markets said in February of last year that they were targeted with denial of service attacks. In October 2011, NYSE Euronext’s New York Stock Exchange’s website was inaccessible for 30 minutes, according to an Internet monitoring company, but the exchange said there was no interruption of service.

And in 2010, hackers who infiltrated Nasdaq’s computer systems installed malicious software that allowed them to spy on the directors of publicly held companies, Reuters reported.

There is limited data on the costs of cybercrime to securities markets, but the paper said a number of studies have looked at the costs of cybercrime to society as a whole, with estimates ranging between $388 billion to $1 trillion.

The exchanges in the survey said the direct and indirect cost of cyberattacks cost them each less than $1 million last year.

A spokeswoman for BATS said … the exchange operator invests heavily in proactive security technology, and has made some significant hires on the security side, though for competitive and security issues, she could not give more details. Nasdaq and NYSE declined to comment.

The lack of widely available insurance against cybercrime adds to the risk, as nearly four in five exchanges would have to bear the costs of a major attack themselves, the survey found.”

ThreatMetrix is the fastest-growing provider of integrated web fraud and cybersecurity solutions. The TrustDefender™ Cybercrime Protection Platform helps companies prevent unauthorized access to web and mobile applications, protect sensitive data, and secure transactions against account takeoverpayment fraudidentity spoofing, malware, and data breaches. ThreatMetrix protects more than 1,500 customers and 9,000 websites across a variety of industries, including financial servicesenterprisee-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.

To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.