Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


07:35 AM

FBI Faces Fresh Cyber Threats

Deputy director talks terrorists and teenagers, warning US firms of new cyber threats

NEW YORK -- From dirty bombs and high-tech spies to teenagers planning DOS attacks with Sony PlayStations, the F.B.I. has its hands full with a growing number of cyber-threats, according to David Thomas, deputy assistant director of the agency's science and technology branch.

The official, a keynoter at a conference here today, warned that the Internet is more important to U.S. national security than ever before. "We know that terrorists would like to create a dirty bomb," he said, explaining that his agency has to keep this know-how within the U.S. "Spying is changing -- whereas before people had to travel to the U.S., now they don't have to."

Senior officials, such as 9/11 Commissioner Jamie Gorelick and former presidential security adviser Richard Clarke, have already highlighted the cyber-threat posed by groups such as Al-Qaida, although this is just one of many issues on Thomas's desk. (See U.S.: Al Qaeda Eyeing Cyber Threats.)

A new breed of hackers, for example, is emerging in eastern Europe, posing a fresh challenge to corporate America. "They are using brokerage accounts to manipulate stocks now," warned Thomas. "If you have a brokerage account, you have to watch it like a hawk."

For some time now, eastern Europe has been the cyber-equivalent of the Wild West, with governments struggling to clamp down on hackers and organized crime. Even Thomas has been a victim. "I gave an interview for the Wall Street Journal last January on eastern European hacking groups and within four hours my accounts had been cleared out," he said.

The official explained that the next frontier in the battle against cyber-crime is further east. "Strategically, all my people are looking at China -- you have got a lot of people [there] that are tech-savvy," he said, explaining that, in a population of around 1.5 billion, even a tiny percentage of cyber-criminals could cause major problems for American firms.

Against this backdrop, businesses should start rethinking their storage and VOIP security strategies, according to Thomas. "Companies need to look at the way they store their data," the official told Byte and Switch, adding that CIOs can make a hacker's life more difficult by storing customer names, dates of birth, and social security numbers on separate servers.

U.S. firms also need to reappraise their perimeter security. "There's an over-reliance on firewalls -- [CIOs] think that they can do everything, but they can't," he said adding that firewalls and intrusion prevention systems (IPSs) often possess too many vulnerabilities of their own.

VOIP also presents big challenges, according to the official. "There was a case out of Newark [where] a guy had set up his own private network where he was stealing bandwidth from the private telephone companies," he explains.

The fraudster, apparently, was making $1.5 million a year simply by hacking into telecom firms' VOIP switches. This trend, warned Thomas, is on the rise. "We have seen a tremendous increase in hacking into public bridges," he explains, adding that hackers targeting VOIP switches can cost a telecom around $70,000 a month in lost revenues.

Then there is the ongoing threat posed by geeky, yet technically gifted, adolescents. To illustrate his point, Thomas related the story of an FBI raid on the home of 15-year-old American hacker, who was suspected of causing a major Denial of Service (DOS) attack in Cyprus.

Despite the feds confiscating all the kid's computers, he somehow used the Linux operating system on his Sony playstation to get back online and buy replacement gear. "That night, he wrote a DOS attack that knocked the FBI.gov Website off for three days," added Thomas, prompting laughter from the audience.

A number of vendors used today's LegalTech event to unveil new products and talk about their roadmaps. SAN specialist Xiotech, for example, announced plans to integrate its products with a new set of compliance-related services. (See Xiotech Intros Products, Services.)

These solutions, according to Mike Stoltz, the vendor's vice president of marketing, will be geared around initiatives such as the Federal Rules for Civil Procedure (FRCP), and will be available later this quarter. (See FRCP Tip Sheet.) The vendor, he added, has also got its eye on possible M&A in areas such as e-discovery and consulting. "You will see some announcements from us very shortly," he explained.

Elsewhere, Iron Mountain announced a partnership with e-discovery specialist Stratify and classification vendor Kazeon changed the user interface on its IS1200-ECS device, which its claims will make it easier for lawyers to use. (See Iron Mountain Forges Alliance and Kazeon Reduces Cost of E-Discovery.)

— James Rogers, Senior Editor Byte and Switch

  • Iron Mountain Inc. (NYSE: IRM)
  • Kazeon Inc.
  • Sony Corp. (NYSE: SNE)
  • Xiotech Corp.


    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 8/3/2020
    'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
    Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
    Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness
    Robert Lemos, Contributing Writer,  7/28/2020
    Register for Dark Reading Newsletters
    White Papers
    Cartoon Contest
    Current Issue
    Special Report: Computing's New Normal, a Dark Reading Perspective
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    The Threat from the Internetand What Your Organization Can Do About It
    The Threat from the Internetand What Your Organization Can Do About It
    This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2020-07-31
    There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a ma...
    PUBLISHED: 2020-07-31
    There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
    PUBLISHED: 2020-07-31
    Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains mali...
    PUBLISHED: 2020-07-31
    VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are a...
    PUBLISHED: 2020-07-31
    VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against the ...