Cyber Defense Weekly: Symantec, Stratfor and SOPA

Monday, January 16, 2012

Cyber Defense Weekly


As predicted in last week's CDW, 2012 is shaping up to be "interesting". The massive breach of Stratfor is still dominating news, blogs, and Twitter posts. 

Major Internet companies are contemplating shutting down their sites in a day of protest against the egregious SOPA, Japan has evidently contracted with Fujitsu to produce anti-malware malware, and Symantec's source code has been stolen by a group of Indian hackers associated with Anonymous.

The Strafor Hack Continued

The Stratfor hack has been well documented in this text "ezine" put out by Anonymous adherents. They provide a line by line record of their exploit, helpfully annotated.

If you want to brush up on your Unix commands it makes a great read. Incidentally, in the round up of news coverage they give a hat tip to my column last week under the heading "FINALLY SOMEONE GETS IT".   

Evidently the part they liked was my warning of the consequences of the 5.5 million Stratfor emails taken from Stratfor's Zimbra email server. Reuters says these emails are being prepared for release and that Anonymous is preparing 9,000 mirror sites to hold the database.

Most of the chatter in the past days has been about the use of the 860,000 leaked Stratfor email addresses for a massive spam campaign. The emails are "from" the founder of Stratfor and link to the above ezine as well as the classic Rick Roll gag.

Listen to the podcast interview I did with Stilgherrian in Australia.  "Anonymous vs. Stratfor: the real issues".


The proposed Stop Online Piracy Act (SOPA) is yet another horribly conceived and misguided bill coming out of Congress. I give it little chance of passing although it represents the other side of technology legislation and the influence that lobbyists have on the process.

A national data breach law has been in the works for seven years. I once attended a Senate vote on such a bill. Where is it now? It is a victim of numerous parties trying to water it down and kill it. So today most organizations have to comply with 40+ State laws instead of one national law.

The same pressures are being exerted in the interest of national competitiveness and protection of intellectual property to make it absurdly easy to shut down sites that post copyrighted material. 

I am sure the implied threat of  Google and Facebook shutting down their services for a day is a feint, but it would certainly gain a lot of attention.

Japan Contracts for Cyber Weapons

John Leyden at the Register has this to report:


"Fujitsu has been commissioned to develop 'seek and destroy' malware, reportedly designed to track and disable the sources of cyber-attacks. The fledgling cyber-weapon is the result of a three-year $2.3 million project that also involved developing tools capable of monitoring and analysing the sources of hacking attacks, The Daily Yomiuri reports. Deploying the technology would involve clearing both practical and legislative hurdles."


I can imagine one way to implement this. Identifying Command and Control servers for botnets is a common practice.  Microsoft often works with hosting providers and local law enforcement to shut these down.


Botnet intelligence services like Seculert and Unveillance use data gleaned from C&C servers to identify infected hosts within their client's networks. If Japan were to commandeer those servers they could inject code that would remove and even patch the infected machines.  It's an idea.


YamaTough has Symantec Source Code

A hacker going, by the handle YamaTough, shook things up last week with continued releases of data that his team of Indian hackers (Anonymous again) pilfered from servers they cracked at the Indian embassy in Paris.

As Kevin McAleavey explains over at Infosec Island there is probably little concern about the Symantec source code that the hackers discovered. It is vintage 2006. 

The real story  is the level of public espionage that is being carried out around the world as defense and intelligence agencies are targeted in the so called Anti-sec movement. The leaked documents coming from such hacks is illuminating the previously murky world of spies.

In this case we are treated to copies of documents in the hands of the Indian Military Intelligence relating to the US-China economic and Security review Commission, the group that publishes the annual report on China for Congress.

There are also documents that reveal India's ongoing plan to require cell phone manufacturers to allow eavesdropping and tracking of mobile devices.

And then there is the copy of Symantec's source code in the hands of the Indian government. This is not an unusual practice. Many government and large businesses require vendors to provide source code so they can run their software assurance tests against it. 

The question is: why can't vendors use DRM (Digital Rights Management) to keep control of that source code and avoid embarrassing data losses like this event?

Best of @cyberwar

  • I post frequent updates to the @cyberwar stream on Twitter. Follow me for breaking news and commentary.
  • More on Belarus:
  • Belarus law makes it a misdemeanor to browse foreign websites? Link
  • Candidates mostly silent on cyber security strategies: Link
  • Symantec confirms source code components are exposed. Link
Possibly Related Articles:
Infosec Island Symantec Cyberwar Anonymous hackers Source Code Cyber Defense Japan cyber weapon SOPA Stratfor YamaTough Digital Rights Management
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.