The cyberspace has experienced a myriad of nasty things since commencement and there appears to be no signs of stopping. In fact, the chain of attacks is just getting started and we have to brace ourselves for more to come. Our roundup of stories in the internet security space this week speaks of more cases of hacks and leaks, but we also see security experts doing more and more to deal with them.
To start, Blizzard’s recently released game–Diablo 3–is anticipating cheaters to exploit the game. This is pretty rampant among popular games, as with the case of its prequel Diablo 2, more than a decade ago. To fend off these crafty players’ efforts in ruining the game of 12 years in the making, Blizzard reiterated that those caught cheating with hacks, bots, or modification to the game client will be banned permanently, not just from playing the game but from entire Blizzard ecosystem.
“Blizzard Entertainment has always taken cheating in any form in Blizzard games very seriously, and that’s no different for Diablo® III,” the video game giant warned. “If a Diablo III player is found to be cheating or using hacks, bots, or modifications in any form, then as outlined in the Diablo III end user license agreement, that player can be permanently banned from the game. This means that the player will be permanently unable to log in to Battle.net® to play Diablo III with his or her account.”
Last.fm reported a leak last week and encouraged its users to change their passwords. The details of the hacking incident were not revealed but they said it only affected “a small fraction” of their 40 million users. This makes Last.fm among the clutch of prominent cyberspace hubs that experienced an attack.
“We are currently investigating the leak of some Last.fm user passwords. This follows recent password leaks on other sites, as well as information posted online,” said Last.fm on the site. “As a precautionary measure, we’re asking all our users to change their passwords immediately.”
The disbanded notorious hacker group LulzSec is rising from the grave as it resurfaced last week and released a heap of Twitter authentication details owned by users who signed for TweetGif, an animated GIF-sharing application. It was published on Pastebin.org as a .SQL file.
“The file contained an unusually detailed trove of information on each member: usernames, passwords, real names, locations, bios, avatars, secret tokens used to authenticate TweetGif to pull Twitter data, and even their last tweet,” said PCMag. “The hackers’ motivations are unclear at this point; an announcement posted on Pastebin merely linked to a destination for people to download the .SQL file.”
Microsoft and Google warned users of an unpatched Internet Explorer flaw used by cyberpunks to hack Gmail accounts. It uses drive-by attack through a fake webpage even with little or no interaction with users. Though it is actively addressed, it is yet to be fixed so everyone is vulnerable to it. For now, Microsoft released a tool to block these attacks. Check out Microsoft Knowledge Base Article 2719615 for instruction on how to install and use the tool.
It turns out that two of the deadliest cyber weapons ever discovered –Flame malware and Stuxnet worm– are potentially “parallel projects” because they have same source code. It is to be expected that the world will hold the US and Israeli governments accountable for this because, well, they launched Stuxnet to attack Iran to search for a nuclear weapons program.
“We’re very confident that the Flame team shared some of their source code with the Stuxnet group. It’s conclusive proof that the two worked together, at least once,” said Roel Schouwenberg from Kaspersky Lab.
Stuxnet was discovered in mid 2010, though it was already detected sometime June 2009. Meanwhile, Flame virus was found out only recently even though it’s 20MB in size, making it 20 times larger than Stuxnet. There’s even a possibility that Flame pre-dates Stuxnet by a year or so, and it’s amazing how this huge piece of code remained covered for years. Another thing that links the two malware together is their synergy: Stuxnet for attack, and Flame for reconnaissance.
With cyber-attacks surging spectacularly these days, US Cyber Command’s James Caroland, and Cyber Security Research Center’s Greg Conti created a commentary about the essence of thinking like a cheater. They called it “Lessons of the Kobayashi Maru: Cheating is Fundamental.”
For the information of those who don’t know, Kobayashi Maru is an unwinnable test from the Star Trek Universe designed to juice out the real person in a military commander. The examinee is tasked to rescue a ship, that which is Kobayashi Maru, only to be doomed to fail in the end. What’s important is that the examiners get to see how the commander does during and after the struggle. However, one person, Captain James T. Kirk, managed to circumvent the expected outcome and successfully rescued Maru by exploiting the program. In short, he cheated.