Fujitsu commissioned to develop seek and destroy malware
Jan. 3, 2012
Fujitsu said earlier this morning that it has been commissioned to develop so-called seek and destroy malware, reportedly designed to accurately track and then totally disable the sources of most cyber-attacks that have been on the increase lately.
The cyber-weapon is the result of a three-year $2.3 million project that also involved developing tools capable of monitoring and analyzing the sources of hacking attacks. Deploying the technology would involve clearing both practical and legislative hurdles.
Tracing the exact source of cyber-attacks is inherently difficult, mainly because attackers routinely hide behind botnets and anonymous proxies to launch their attacks, such as denial of service (DoS) assaults. The malware reportedly developed by Fujitsu is designed to trace connections back to their controlling hosts before totally disabling them.
Getting this right is a trivial process and the potential for collateral damage, even before hackers develop countermeasures. Another issue is that, if the tool is ever released, it could fall into the hands of miscreants who might reverse-engineer it before adapting it for their own nefarious purposes.
The malware has reportedly been tested in a "closed network environment". The tool reportedly has the greatest potential in tracking back the sources of DoS attacks. Whether it's any good at the much more difficult process of picking out stealthy industrial espionage-style information-stealing attempts still remains unclear, however.
Currently, Japanese law prohibits offensive responses in retaliation to cyber-attacks, another potential issue but one that's easier to resolve perhaps by updating current laws. The current prohibition has more to do with post-Second World War agreements that restrict Japanese military capabilities than local laws against the creation of computer viruses, however.
Japan is a prime target for cyber-attacks and suffered numerous assaults in 2011. Reported victims include Japan’s parliament and industrial giant Mitsubishi.
The Defense Ministry's Technical Research and Development Institute is understood to have outsourced the development of the tool to Fujitsu. A Defense Ministry official played down talks of offensive applications for the software and said that it was designed for applications such as tracing the source of cyber-attacks against Japanese Self-Defense Force systems.
But Professor Motohiro Tsuchiya of Keio University, a member of a government panel on information security policy, said that Japan ought to accelerate cyber-weapons development.
Fujitsu declined to comment about the supposed cyber-weapon, citing client confidentiality.
In other internet security news
A suspect has been charged by police investigating various Internet attacks allegedly carried out by hacking collective Anonymous against companies and organizations deemed to have acted against the whistleblower website Wikileaks.
Scotland Yard has named 22-year-old student Peter Gibson of Castleton Road, Hartlepool, Cleveland as one of the suspects alleged to have orchestrated DDoS (distributed denial of service) attacks on PayPal, Amazon, Mastercard and Bank of America in December of last year.
Gibson has been charged with conspiracy to do an unauthorised act in relation to a computer, with intent to impair the operation of a computer system or prevent or hinder access to a program or data held in a computer or to impair the operation of any such program or the reliability of such data, said Scotland Yard.
Those are actions that are contrary to Section 1(1) of the Criminal Law Act of 1977, it added.
The Computer Misuse Act, which carries maximum jail sentences of ten years, was not cited by the police.
Gibson is expected to appear at the City of Westminster Magistrates' Court on September 7, 2011.
Detectives at the specialist computer-crime unit quizzed Gibson in April this year. He was one of six people arrested in connection to a U.K. police probe into "Operation Avenge Assange". The five other UK-based men – aged, 15, 16, 19, 20 and 26 were also arrested, following coordinated police raids in the West Midlands, Northants, Herts, Surrey and London, under the Computer Misuse Act in January 2011.
It is alleged that the suspects set off Distributed Denial of Service attacks using a modified piece of open source software known as the Low Orbit Ion Cannon.
The software was used to send a constant stream of data to targeted websites in an effort to greatly slow down or to completely shut down the affected sites.
In July of this year, federal law-enforcement personnel in the U.S. also arrested 16 people accused of carrying out computer crimes that damaged or breached protected systems. Fourteen of these suspects, from ten states across the U.S., were alleged to have been involved in "Operation Avenge Assange".
Anonymous's assault against PayPal, MasterCard, Visa, Amazon, and others was mounted after those companies cut off services to WikiLeaks, following publication by the whistle-blower site of classified U.S. diplomatic memos.
In other internet security news
A police investigator working on Scotland Yard's inquiry into alleged phone-hacking at the now-defunct Sunday tabloid the News of the World was arrested by senior officers from the anti-corruption unit of London's Metropolitan police late last week.
The police said that on Thursday, August 18 they arrested a serving MPS officer from Operation Weeting on suspicion of misconduct in a public office relating to unauthorized disclosure of information as a result of a proactive operation.
They didn't release the name of the officer, who was described as a 51-year-old male detective constable, and Scotland Yard only confirmed he had been arrested after releasing the man on bail until September 29, pending further investigation.
As is customary in such incidents, the officer was suspended from his job the next day. "I made it very clear when I took on this investigation the need for operational and information security. It is hugely disappointing that this may not have been adhered to," said Deputy Assistant Commissioner Sue Akers, who is in charge of Operation Weeting.
"The MPS takes the unauthorized disclosure of information extremely seriously and has acted rapidly in making this arrest," she added.
Meanwhile, a thirty-five-year-old man was also released the next day, after being in police custody on suspicion of conspiring to unlawfully intercept voicemails.
He was bailed to return at a yet-to-be-determined date in October. Reports suggest that former NotW features writer Dan Evans was the man arrested then bailed by police on Friday.
James Desborough, who joined the Sunday tabloid as a reporter in 2005 before being promoted to Hollywood editor in 2009, was also arrested last Thursday as part of the Operation Weeting probe.
In other internet security news
On August 15, and after reporting on Anonymous' hacking of BART's Web site and after the leak of user information from mybart.org, some in the Internet security community started receiving messages on Twitter and elsewhere from sources purporting to be tied to Anonymous.
They were all critical of the leak of personal info from mybart.org, pointing to dissent on Twitter and Anonymous IRC channels. "Just wanted you to know not all of Anon approves!" read one of the messages. Then today, it seems to have all become too much for one former Anonymous hacker.
Until now, he's gone by the handle "SparkyBlaze" and now he officially resigned as a Manchester, U.K., resident named Matthew who has had enough of what he calls a lot of nonsense from a group that claims to do good and no evil.
He goes on to say that "higher-up" Anons have thrown other members of the collective "to the lions," claiming that Anonymous' campaigns and leadership have been ineffective and prey on "kids" to do their dirty work and risk arrest.
Some inside the internet security community contacted SparkyBlaze and asked if the BART operation was the last straw for him. He says "That was one factor, mainly it was because I was just fed up with anon putting people's data on-line and then claiming to be the big heroes."
SparkyBlaze adds that he did find it hypocritical that Anonymous claimed to be fighting for BART users by putting their data online.
With regard to his own involvement with Anonymous, SparkyBlaze says he supported a number of operations, "and some un-ethical ones that I am not proud of but, I never exposed people's data-- and of that, I can be proud of. I want to be clear on that."
He says he was proud to be involved in attacks on sites run by Iran's government, but not so proud to have been involved in the Sony attacks a few months ago.
"If I get arrested with this I will have to deal with it. I don't care about what anon do now and I just want to say that not all anon's are bad-- just a few. Some do want change. They are just going about it in the wrong way," said SparkyBlaze.
SparkyBlaze's defection from Anonymous has made at least minor waves within the organization. A post by Commander X, purported to have led a number of recent hacks, including last week's BART operation, suggests SparkyBlaze should be considered persona non grata:
SparkyBlaze says that that posting was in response to his calling Commander X an "idiot for exposing people's data and supporting it" coupled with his Pastebin.
You can link to the Internet Security web site as much as you like.