Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Security Companies Team Up, Take Down Chinese Hacking Group
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
100%
0%
Marilyn Cohodas,
User Rank: Strategist
10/29/2014 | 11:47:55 AM
Re: We Have Arrived at Gibson's Dystopia
Point taken. We can't go full speed ahead and ignore the potential risks..
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
10/29/2014 | 11:46:00 AM
Re: We Have Arrived at Gibson's Dystopia
Ah, but you'll note, @Marilyn Cohodas, that I also agree it's a step in the right direction and feel it's finally time we saw this happen - for clarification, what I'm getting at is: Now that we're here, what more can we do to prevent a good thing turning into a bad thing?  I'm that guy that wants to push and combat until the criminal elements are out of our electronic space, but caution and self-preservation are as important elements in this battle as the battle strategy itself :-)
Marilyn Cohodas
100%
0%
Marilyn Cohodas,
User Rank: Strategist
10/29/2014 | 8:44:44 AM
Re: We Have Arrived at Gibson's Dystopia
Must respecfully disagree, @Christian Bryant. I think it's a big step in the right direction to see competing security companies collaborate to take down a common adversary. Sure there is potential for abuse. Nothing is perfect. But the best way to defeat the attackers is for the defenders to work in concert against them.
RetiredUser
100%
0%
RetiredUser,
User Rank: Ninja
10/28/2014 | 7:49:06 PM
We Have Arrived at Gibson's Dystopia
Well, OK - maybe not to the extreme of William Gibson's novel Neuromancer, but I'm seeing the signs for sure.  Reading the Axiom report is interesting.  "Finally" is the word that comes to mind.  The report opens the Key Findings with the statement: 

"Axiom is responsible for directing highly sophisticated cyber espionage operations against numerous Fortune 500 companies, journalists, environmental groups, pro-democracy groups, software companies, academic institutions, and government agencies worldwide for at least the last six years. In our coordinated effort, we performed the first ever-private sponsored interdiction against a sophisticated state sponsored advanced threat group. Our efforts detected and cleaned 43,000 separate installations of Axiom tools, including 180 of their top tier implants."

Now, I don't read a ton of fiction - I'm happier with manuals and HOWTOS. But in reading this report, I can't help but wonder at what's next. Cyberwarfare is clearly here at the level of Nations and that is mildly disturbing. The fact that incredibly wealthy corporations have pulled together (like pseudo-governments) and (seemingly) taken the law into their own hands is either frightening or inspiring. I said "finally" earlier because I have always supported the idea of combative cyber security, though it is incredibly risky. But I am thinking of those who almost have to fight for themselves, the small business owner who stands to lose everything.

But here we have mega corporations re-defining the rules of cyber crime; sabotage and espianage are alive and well, reprisals are on the way. At what point before we are the recipients of computer technology pre-built with nasties at both at the hardware and software level? (And yes, for those who are catching on, I'm echoing James Turner from O'Reilly here.)

The report also notes:

"The breadth and scope of Axiom's operations served as motivation and justification for the approach adopted by the coalition of large scale data capture, analysis, and distribution of both data and analytical output to industry. In the intervening period, the coalition has received a substantial amount of information relating to the removal of these malware tools. To date, over 43,000 separate installations of Axiom-related tools have been removed from machines protected by Operation SMN partners, and 180 of those infections were examples of Hikit, the late-stage persistence and data exfiltration tool that represents the height of an Axiom victim's operational lifecycle."

Again, "finally" - the kind of language I like to read, but also again, how far?  It's similar to old-fashioned terrorism where we have to reach that point of "enough". but then the path we take to combat it may lead us down a dark road, and in some ways make the enemy stronger.

Maybe for now this is what we need.  But I am holding my breath a little for the backlash.  In the meantime, saddle up.  Tech just got a whole lot more serious, and we need to sharpen our skills all the more.

 

 


Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Who knew face masks could also prevent the PII from spreading
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31618
PUBLISHED: 2021-06-15
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why...
CVE-2021-20027
PUBLISHED: 2021-06-14
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls.
CVE-2021-32684
PUBLISHED: 2021-06-14
magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec, an...
CVE-2021-34693
PUBLISHED: 2021-06-14
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
CVE-2021-27887
PUBLISHED: 2021-06-14
Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim’s browser. This issue affects: Hitachi ABB Power Grids ...