C5IS examines Dark Mail, the long-awaited secure email system that may not be so hacker-proof as advertised. A former General Counsel for the National Security Agency once commented that if an agent could obtain sufficient metadata on a target, then “content” became almost irrelevant. Metadata alone would provide sufficient indication of the target’s whereabouts, identity … [Read more...]
The Art and Science of DNS Hijacking
DNS hijacking is a form of cyber attack that involves using malware to infect a target’s device, gain access to its TCP/IP data, change these settings, then re-route the target to a fake duplicate of a bona fide site to either capture personal information or to track the target, or both. As a stock in trade not only of black hats but also ethical malware companies and law … [Read more...]
Blue Coat Systems Jousts With Hacking Team – And Misses
Security company Blue Coat Systems has won kudos from security press in recent days for spotting an Android-focused drive-by attack supposedly linked to Italian ethical malware company, The Hacking Team. The comparatively rare but highly lethal exploit of Android vulnerabilities was discovered at Blue Coat laboratory, and has the gift of infecting targeted mobile devices merely … [Read more...]
FireEye Mandiant: FBI’s Secret Malware Friend?
When reports emerge about the U.S. Federal Bureau of Investigations’ offensive cyber capabilities (creating a fake newspaper website to catch a Seattle bomber and similar phishing escapades) the question always arises: Where does this talent arise -- in-house of via subcontractor? -- and the short answer is FireEye Mandiant. Before we delve into how Mandiant works with the … [Read more...]
FBI Network Investigative Techniques: Gray Realm of Legal Blackhat
Recent reports on FBI Network Investigative Techniques (NITs) skirt two key issues: What is the legal authority for the legal Blackhat activities, and once a warrant is obtained, what are the specific technologies involved -- just malware or something more? As it turns out, both the legal and technical aspects of NITs constitute a gray realm that blurs the black and white … [Read more...]