Cyber Security Intelligence

Twitter< Follow on Twitter >

May Newsletter #1 2014

Pentagon Plans for Inside Hacker Attacks

The Pentagon’s chief information officer, Teresa Takai, said in testimony before the House Armed Services Committee that she and the undersecretaryof defense for intelligence had issued instructionsaimed atclosing security gaps that have allowed insiders to steal sensitive data. Among other things,procedures will be tightenedfor awarding access privileges, strongerrestrictions will be imposed on use of removable media, and a “public key infrastructure” will be implemented.

Takai says dealing with insider threats to federal information systems has become a top priority. To deal with the insider threat, the Pentagon needs togo throughits customary sequence of framing policy, establishing programs to execute the policy, and then identifying products and procedures that can contain thedanger. There are security products on the market that can block the flow of sensitive datato unapproved users and unregistered devices.

Snowden used a cheapcommercial web-crawler to suck information out of NSA’s system. Recognizing thatinsider’s intent on criminal behaviorwill try to cover their tracks, the FBI, TSA and other agencies have come up with sophisticated ways ofdetecting suspicious patterns. These methods typically include the use of information from activity logs, human-resource records, psychological profiles, salary histories, travel itineraries and the like.Understanding how to fuse and evaluate such information without violating the privacy rights of employees is a science, or at least an art, in which the defense department probably lags behind other agencies.

Late last week Hillary Clinton, former Secretary of State, a Senator and the First Lady, said she is not yet convinced that Snowden leaked the classified documents because he was concerned about the basic privacy rights of Americans. This position has been promoted by a number of senior government and western intelligence people recently.

Defending the country’s mass surveillance programs and their extent of surveying while speaking at the University of Connecticut, she blasted Edward Snowden, the ex-NSA contractor, for his actions, according to the daily National Journal.

“I have a hard time thinking that somebody who is a champion of privacy and liberty has taken refuge in Russia under Putin’s authority,” said Clinton. She said she knows the intensity of cyber-attacks as the Secretary of State and a Senator, because, “we were attacked every hour, more than once an hour.” People were desperate to avoid another attack, and I saw enough intelligence as a senator from New York, and then certainly as Secretary, that this is a constant—there are people right this minute trying to figure out how to do harm to Americans and to other innocent people,” said Clinton.

And last week at the second North American Defense Ministerial, with his counterparts from Canada and Mexico, Defense Secretary Chuck Hagel urged a quick start to trilateral work on continental threat assessment and cyber security.

Meeting in Mexico City, Hagel said that Cyber security is common challenge that knows no borders. Each US defense institution works individually to address potential cyber threats, he said, adding that the Defense Department has worked to elevate the importance of cyber security in the National Security Strategy.

In its recently released Quadrennial Defense Review, the department said it would dedicate more resources to cyber security and Hagel said, “While our defense institutions do not have the lead in our respective countries for cyber security, we all share a common interest in safeguarding military communications,” the secretary said. “I propose that we establish a cyber working group to identify potential opportunities to work together to share best practices and lessons learned.”

Hagel has also said recently that his department has made impressive progress in coping with a rising tide of network attacks, describing how thousands of newly trained specialists will enhance the nation’s ability “to deter aggression in cyber space, deny adversaries their objectives, and defend the nation from cyber attacks that threaten our national security.” However Hagel made no mention of plans for dealing withthe kind of insider attacks perpetrated by former NSA contract employee Edward Snowden.

Until very recently federal cyber security efforts were focused almost exclusively on keeping foreign actors and agents out of US networks. However because of the damage caused to military, intelligence and diplomatic capabilities bypeople such as Bradley Manning and Snowden the focus has changed. These insiders, who supposedly had been vetted for handling sensitive information, and whose relatively junior positions might have seemed to providelittle opportunity formischief, caused enormous internal and external security, political and propaganda issues.

It seems the information age iswitnessing aresurgence of destructive insiderbehavior comparable to the leaks fromthe Manhattan Project that helped Russia build its first atomic bomb.So coping with insider threats is rapidly becoming a top federal priority.

Internet is a CIA project so take care before making Google searches says Putin

Russian president Vladimir Putin has said that Internet is a CIA project and Russians should be careful while making Google searches.

While speaking to a group of emerging journalists during a television event last Thursday, Putin said that Internet was developed by the Central Intelligence Agency as a ‘special project’.

While replying to a question about Google searches, Putin said that: Google’s web traffic goes through servers that are placed in the United States and they are monitoring everything. In response to a query from a fledgling pro-Kremlin blogger, Putin claimed that all the information retrieved through Google is monitored and processed byUnited States. He also criticized Russia’s popular most search engine Yandex saying it should be alerted. Putin expressed his apprehension that reason for Yandex’s partial registration abroad is not just for tax reasons but also due to fear of foreign take over.

Putin said that at Yandex they were forced to include, specific number of Americans and Europeans amongst the executives. He shouted out to the Russians to fight for their own benefits. He further added that the Government will play its due part, in the rebuilding but refrained from adding any details.

After Putin’s comments, Yandex shares fell over 4.3 percent on the NASDAQ. The company later explained thatforeign registration is not done to avoid taxes but due to corporate law related issues in an Internet venture that require foreign investment.

The Internet freedom was the major point of discussion yet Russia recently indulged into contemplating a law that allows the government to block blacklisted sites without issuing a court order. Opposition leader Alexei Navalny had his blog blocked and a much visited news website sacked his editor and changed its policy after a warning from the government.

Russia also passed a new legislation in the same week, which will force popular bloggers to register their websites and conform to a similar set of rules being a mass media.

FBI’s ‘Anonymous’ Global Cyber Attacks

Anonymous hacktivist Hector Xavier Monsegur, more commonly known by his handle Sabu, has directed attacks against foreign targets while acting as an informant for the Federal Bureau of Investigation (FBI), according to federal court testimony.

The FBI hacker manager called Sabu employed lots of hackers and worked on hundreds of cyber attacks on foreign websites, including some on the governments of Iran, Syria, Brazil and Pakistan, according to court documents and interviews with people involved in the attacks.

Exploiting vulnerabilities in a popular web hosting software, the informant directed hackers to extract vast amounts of data from bank records to login information and from the government servers of a number of countries. These were then upload it to a server monitored by the FBI, according to court statements during the period he has been cooperating with law enforcement investigations, it is alleged that he directed other hackers to conduct attacks on more than 2,000 domains in 2012 alone,

The details of the 2012 episode have, until now, been kept secret in closed sessions of a federal court in New York and heavily edited and protected documents. While the released documents do not indicate whether the FBI directly ordered the attacks, they suggest that the government may have used hackers to gather intelligence overseas even as investigators were trying to dismantle hacking groups like Anonymous and send computer activists away for lengthy prison terms.

Hector Xavier Monsegur, who used the Internet alias Sabu and became a prominent hacker within Anonymous for a string of attacks on high-profile targets, including PayPal and MasterCard, coordinated these attacks. But by early 2012, Mr. Monsegur of New York had been arrested by the FBI and had already spent months working to help the bureau identify other members of Anonymous, according to previously disclosed court papers.

One of them was Jeremy Hammond, then 27, who, like Mr. Monsegur, had joined a splinter hacking group from Anonymous called Antisec. The two men had worked together in December 2011 to sabotage the computer servers of Stratfor Global Intelligence, a private intelligence firm based in Austin, Tex.

Shortly after the Stratfor incident, Mr. Monsegur, 30, began supplying Mr. Hammond with lists of foreign websites that might be vulnerable to sabotage, according to Mr. Hammond, in an interview, and chat logs between the two men. The New York Times petitioned the court last year to have those documents unredacted, and they were submitted to the court last week with some of the redactions removed.

“After Stratfor, it was pretty much out of control in terms of targets we had access to,” Mr. Hammond said during an interview this month at a federal prison in Kentucky, where he is serving a 10-year sentence after pleading guilty to the Stratfor operation and other computer attacks inside the United States. He has not been charged with any crimes in connection with the hacks against foreign countries.

Mr. Hammond would not disclose the specific foreign government websites that he said Mr. Monsegur had asked him to attack, one of the terms of a protective order imposed by the judge. The names of the targeted countries are also redacted from court documents.

But according to an uncensored version of a court statement by Mr. Hammond, leaked online the day of his sentencing in November, the target list was extensive and included more than 2,000 Internet domains. The document said Mr. Monsegur had directed Mr. Hammond to hack government websites in Iran, Nigeria, Pakistan, Turkey and Brazil and other government sites, like those of the Polish Embassy in Britain and the Ministry of Electricity in Iraq.

The hacking campaign appears to offer further evidence that the American government has exploited major flaws in Internet security — so-called zero-day vulnerabilities like the recent Heartbleed bug — for intelligence purposes. Recently, the Obama administration decided it would be more forthcoming in revealing the flaws to industry, rather than stockpiling them until the day they are useful for surveillance or cyber attacks. But it carved a broad exception for national security and law enforcement operations.

Given how closely the FBI was monitoring Monsegur, speculation has arisen about exactly what role the agency played in the attacks he is believed to have orchestrated, and the fact that his sentencing hearings keep getting postponed may be indicative that he is still actively working with law enforcement.

Personal Credentials Leaked from Syrian Sites

A hacker from the European Cyber Army using @ZerOPwn as it’s name has claimed a data leak from two Syrian websites and The leak which is titled “ECA vs. Assad | Part 1″ was posted to pastebin with a preview of some of the users data and a link to sendspace. The attack is apart of a bigger operation that is going on towards what the hackers are claim are pro-Assad targets.

At the same time the counter-revolutionary hacktivist group known as the Syrian Electronic Army (SEA), has made a habit of inflicting humiliating cyber defeats on his ideological rivals in the Western media.

For instance a suspected SEA attempt to hack the accounts of journalists at The Independent a year ago proved unsuccessful, yet the newspaper was targeted again autumn last year when senior staff became aware of a so-called “spear-phishing” operation, attempting to harvest user information and so gain access to the newspaper’s website and/or its social networking accounts. It is thought the group intended to use the platform to publish pro-Assad propaganda.

Phishing is a crude technique whereby hackers pose as a trustworthy entity to obtain personal information, such as passwords or credit card details. Spear-phishing, marginally more sophisticated, is aimed at specific individuals or companies – newspapers, banks, and universities – and uses information gleaned from the public domain against them. The attack typically begins with an email, apparently from someone within the company – and often someone in a position of authority.

Now the recent data leak has resulted in over 60,000 accounts being dumped online and between the two databases are users credentials, which have encrypted passwords for but plaintext for

Both databases have full user details such as full names, contact phone numbers and home addresses.

On the march 30th appears to of been breached and posted to pastebin as well with 3 administrator credentials as well as the vuln entry point and link for the control panel login which is located on the server which redirects to now.

European Cyber Army members posted other cyber attacks vi their twitter @ECA_Legion with data being leaked from, a Syrian hosting website, ddos attacks on sites like, and

The leak of data from the database appears to have plaintext passwords to accounts linked to which is one of the official partners to making all three sites linked together or even owned and operated by the same people possibly.

Some attacks by other ECA members have been carried out and posted to twitter by @ECA_Legion with data being leaked from, a Syrian hosting website, ddos attacks on sites like, and leak of data from the database appears to have plaintext passwords to accounts linked which is one of the official partners to making all three sites linked together or even owned and operated by the same people possibly.

What are Hackers after and why?

For the hacker, digital information that can be monetized is the Holy Grail. The process is rather straightforward: perform reconnaissance, break in, maintain access, and try (as best as you can) to cover over the intrusion.

Every system or computer or network is vulnerable to attack. Vulnerabilities arise because of software bugs (no software is perfect23), misconfigurations (both from the manufacturer and operator-induced), default configurations, and passwords. Many of these are well known, but others are unknown or unpatched by the software provider. These zero-day exploits often lead to system and network intrusions.

Fundamentally, there are four steps in just about any hack-attack:

2. Penetration
3. Maintaining access
4.  Covering tracks

Although the last two steps aren’t strictly necessary, they are helpful in providing down-the-road access and also in helping the preventing the victim from knowing that they have been victimized.

Reconnaissance is the process of gathering as much information as possible about the target/victim’s environment. Reconnaissance, then, involves a holistic view of the target. We begin the investigation of any organization by looking at its footprint on the Internet. What are the company websites? Do they expose information about the company and its make-up? Who are the principal individuals in an organization and what’s the corporate culture? Are email addresses and other confidential information visible?

By surfing search engines, an attacker gleans other information such as office locations, physical security, information posted about network, and system configurations? Is too much information (also called TMI) being released both through job sites, as well as social networks such as Facebook, LinkedIn, and so on?

Passive analysis has its limits, however. We may be able to identify Internet-facing systems, for example, but not their operating systems or applications providing services. The Domain Naming System (DNS) will help us inventory systems and applications that provide services to Internet users. We may not, however, be able to identify supporting systems. For example, is there a database system supporting a website? What software and operating systems provide those data services?

Scanning and enumeration allow us to probe deeper into an organization’s infrastructure. Hackers look for live systems, the TCP and UDP ports that provide services, the applications providing those services, and they identify the operating system and computer architecture in the process, as well as any vulnerabilities that may be obvious or yield to scanning tools.
Following reconnaissance, the next step is to actually penetrate the target/victim environment. In certified ethical hacking (CEH) parlance, this is called system hacking. Using the handyman metaphor, hackers have many tools in their tool belt. These include:

Breaking passwords are very often the first and most effective mechanism for penetrating a system or network. Passwords can be guessed, intercepted as network traffic, retrieved directly from systems, broken with various brute force, and other cracking attacks.

Hackers attack websites at six tiers: defacement, DoS, attacking the website, attacking the web infrastructure, attacking the database underneath the web server, and attacking the web client.
Whether to a spread political, religious, or social message (or “just because they can”), we see website defacement is a common problem. Usually because of misconfiguration or software bugs, defaced websites often display messages related to the cause of the attacker.

Because websites facing the Internet are often in protected zones, breaking into the web server can lead to further attacks within the network. Internet-facing websites usually reside within screened or protected subnets, often called DMZs. Breaking into a web server can lead to further attacks within the DMZ or into the corporate networks behind them.

The web infrastructure provides support connecting the website and the underlying services. Challenging the web infrastructure may provide the same level of access to the database system or to the DMZ.

Databases underneath web servers provide a wealth of personally identifiable information (PII), including email addresses, contact information, and (often) credit card or other information that can be used for identity theft.

Finally, the trust between the web server and the web client can be violated. With both cross-site scripting (XSS) and cross-site request forgery (CSRF), the web browser can be manipulated to perform actions such as information theft, redirecting the client to a new website, delivery of malware, and attacks against other web servers.

Malware. Commonly, malware is defined as malicious software. Originally from French, mal means sick, ill, or bad. We can look at four different types of malware, understanding that there is a large overlap between them. Trojans, named for the story of the Trojan horse from the Homeric poems about the Peloponnesian wars, are ways of maintaining remote control. Aside from providing access to the network over time these also allow large-scale remote control of systems in the eponymously named botnets. Other kinds of malware include viruses and worms, which are self- propagating software often used to carry Trojans, and rootkits, which mask the presence of malware.

Network Interception. Often called sniffing, network interception involves eavesdropping on network communications to allow the gathering of data. The three principal purposes of sniffing are to steal passwords and other access information, usurp someone else’s network access and generally observe and record network communications.

We associate Denial of Service (DoS) with attacks on websites or other related services. The primary purpose of a DoS attack is to render a service unusable on the Internet. Whether for social, religious, governmental, political purposes, or “just for the fun of it”—DoS attacks have been in the news over the last few years. A style of attack, using botnets, allows the attack to be spread across (potentially) millions of systems to render networks and systems inoperable. These distributed denial of service (DDoS) attacks have brought down major networks. DDoS attacks can also be used to mask another attack or set of attacks.

Once a system or network has been penetrated, that may be enough. Consider the case of the thief who makes off with millions of credit cards from a website. More often, hackers require continuous access to a network in order to perpetrate their crime. Maintaining access is the process continuing control of the victim network or systems. Trojans and other malware, including those propagated by viruses and worms, provide this remote- access and remote control.

The late science fiction author, Robert Heinlein, famously said, “The only crime is getting caught.” Covering tracks is the process of attempting to erase tracks of the intrusion and the actions of the attacker. Dr Clifford Stoll’s 1988 book, The Cuckoo’s Egg, describes one of the earliest excursions into the hacker underground.

A SANS Analyst Survey

SANS defines four waves of devices making up the Internet of Things:

1. PCs, servers, routers, switches and other such devices bought as IT devices by enterprise IT people, primarily using wired connectivity

2. Medical machinery, SCADA, process control, kiosks and similar technologies bought as appliances by enterprise operational technology (OT) people primarily using wired connectivity

3. Smartphones and tablets bought as IT devices by consumers (employees) exclusively using wireless connectivity and often multiple forms of wireless connectivity

4. Single-purpose devices bought by consumers, IT and OT people exclusively using wireless connectivity, generally of a single form

It is this fourth wave that most people envision when they think of the IoT, but many in the security community who responded to the SANS Securing the “Internet of Things” Survey recognized that they are already dealing with the security issues of the first three waves and have started to see the leading edge of the fourth wave.

Another important aspect of this fourth wave is the dramatic growth of embedded computing and communications capabilities into just about everything—automobiles, trains, electric meters, vending machines and so on. Many of these items have had embedded software and processors, but mobile Internet connectivity is being added and bringing them onto the IoT. The embedded nature of the software causes problems for enterprise vulnerability assessment and configuration management processes.

In October 2013, SANS set out to find out what the security community thought about the current and future security realities of the IoT by posting a survey for security personnel active in the IT space. This report documents in detail the results provided by the 391 respondents.

Key findings include the following:

Business Insurance Cyber Risk Summit

The Business Insurance Cyber Risk Summit is scheduled for May 22 in Washington, D.C., is a leadership conference created to guide corporate executives, risk managers, legislators and policymakers, regulators, law firms, consultants, technology executives, and insurance industry executives as they define standards—and a common governance framework—for shared responsibility, protection and recovery from the rapidly accelerating exposure to and threat from cyber-crime and other cyber-related attacks.

Who should attend the Business Insurance Cyber Risk Summit?

Corporate C-Suite, board members, technology and risk management executives who need to gain a better understanding of the cyber-related exposures facing businesses, including such risks as:

Policymakers and government regulators, including state and federal lawmakers and regulators who are tasked with:

Insurers, reinsurers, law firms, consultants and other service providers who need to understand the cyber risk landscape and who need to contribute to the creation of cyber risk protection, mitigation and recovery strategies, including:

General media also will be invited, especially journalists who are covering the creation of cyber risk policy by government and those who must quickly attain an understanding of the inter-related dependencies created by cyber-crime, cyber terrorism and the risk to business, government, consumers, shareholders, insurers and others.

Measuring the Net's growth dividend

The Internet is a vast mosaic of economic activity, ranging from millions of daily online transactions and communications to smartphone downloads of TV shows. Little is known, however, about how the Net in its entirety contributes to global growth, productivity, and employment.

New McKinsey research examined the Internet economies of the G8 nations (Canada, France, Germany, Italy, Japan, Russia, the United Kingdom, and the United States), as well as Brazil, China, India, South Korea, and Sweden. It found that the Internet accounts for a significant and growing portion of global GDP.

An extensive study by the McKinsey Global Institute (MGI)—Internet matters: The Net’s sweeping impact on growth, jobs, and prosperity—includes these findings:

These findings suggest that corporate leaders will need to sharpen their focus on the opportunities the Internet offers for new products and expanded customer reach. Public-sector leaders ought to promote broad access to the Net, since Internet usage, quality of infrastructures, and Internet expenditure are correlated with higher growth in GDP per capita. Companies should also pay attention to how quickly Internet technologies can disrupt business models by radically changing markets and driving efficiencies. For governments, investments in infrastructure, human capital, financial capital, and business-environment conditions will help strengthen their Internet supply ecosystems.

Snowden and Wikileaks are now part of the History of Government DataThefts

On September 23, 1780, three members of the New York militia intercepted a British spy carrying correspondence between Benedict Arnold, commander of the American garrison at West Point, and thehead ofBritish military forces in the colonies. The correspondence revealed General Arnold to be a traitor who had been sharing sensitive information with the enemy — information that might enable the British to seize control of the strategic Hudson River Valley. Arnold had used his position as a trusted insider to undermine the patriot cause, and his peers in the Continental Army had unwittingly aided the general’streachery byignoring numerous clues pointing to disloyalty.

Although Arnold’sperfidy predated the invention of electronic media — the first working telegraph appearedin the 1820s– it set a precedent for later traitors. Trusted insiders who use their access to sensitiveinformation in ways damaging to the national interest have become a chronic security concern. During the 1940s, Manhattan Project insiders helped Russia obtain the secrets of the atomic bomb. In the 1960s, Navy chief warrant officer John Walker began an 18-year career as a spy, sharing information about secret codes, ballistic-missile submarines and other sensitive matters with the Soviet Union. In the 1980s and 1990s, CIA counter-intelligence officer Aldrich Ames revealed the identities of U.S. agents to the Russians, as did another CIA insider, Edward Lee Howard. FBI special agent Robert Philip Hanssen was later discovered to be doing the same thing.

And those are just the traitors who were caught. There were probably other insiders mining government databases and passing on secret documents to countries like Russia and China who were never detected. The more recent cases of Army private Bradley Manning and NSA contract worker Edward Snowden may seem different because they sought to share their secrets with the world, but counter-intelligence experts have long known that insiders betray their country for a variety of motives. Money, some by ideology, and some by ego motivate some. Some are being blackmailed or coerced. For instance, the Manhattan Project insiders who helped Russia get the bomb professed high-minded motives similar to those Snowden now cites.

Whatever the motives, it is clear there has been a persistent pattern of government insiders compromising sensitive information from the earliest days of the Republic. What have changed are the tools nowavailable to such people for exfiltrating vast amounts of data without being noticed until serious damage is done. It was common in earlier times for wayward insiders to be caught as theysurreptitiously transported information to locations where it could be handed over to enemy agents, butno such subterfuge is necessary todaybecause everything that matters is digitized. There are many, many ways of moving digital data around. So the government confronts the nightmare of a persistent dangerbeinggreatly exacerbatedby new technology. What to do?

First, the government needs to acknowledge the priority of containing insider threats to the security of sensitive data, and recognize that coping with trusted insiders gone wrong is a very different challenge from keeping outsiders at bay.

Second, federal agencies need to license whatever off-the-shelf products are available that can block the transfer of sensitive data to unregistered devices or unapproved users; they shouldn’t waste time waiting for the perfect solution, because too much is at risk.

Third, the agencies that have the most experience in keeping tabs on insiders, like the FBI and TSA, need to help other federal organizations understand how to uncover the subtle clues revealing bad intent on the part of trusted insiders. Until those three things have been done, Washington will not begin to get a handle on the problem.

Financial services now on the 'front line' of Cyber

Financial services are the front lines for a lot of the cyber battles being sparked today, argued Rich Mogull, CEO of information security research firm Securosis. The reason why, according to Mogull, is simple: that’s where the money is.

During a panel discussion at the Kaspersky Lab enterprise IT summit on Tuesday afternoon, Mogull along with executives from Visa, Wells Fargo, and McKinsey Research took a pulse on the rise and fall of cyber attacks on financial services and retailers.

Looking at the Target breach last winter, amid others that preceded it, Visa’s chief enterprise risk officer Ellen Richey acknowledged that the payments system is often the primary target. But as we see an increasing stream of data breaches, Richey highlighted what might be a silver lining, if there is one: fraud rates are one-third the level they were a few decades ago.
McKinsey Research consultant Chris Rezek concurred that some metrics and trends seem to be stabilizing, but concerns are certainly growing.

Steve Adegbite, senior vice president of enterprise information security oversight and strategy at Wells Fargo, lamented that methodology hasn’t actually changed. The difference now, Adgebite suspected, is that these criminals are casting their nets wider to achieve larger volume by going after softer targets. To mitigate these threats, Adegbite advised setting up a third-party security program looping in supply chain and legal to ensure and encourage the same levels of security all around.

But a big cash grab isn’t the only motivation — even when going after global financial institutions. Richey pointed toward denial-of-service (DoS) attacks, primarily conducted by “hacktivists,” an increasingly common term online for hackers motivated by political causes.
Adegbite predicted that most attackers are going to move where the data is, meaning emerging technologies in the cloud and datacenters could be most at risk. Both Adegbite and Richey reminded that threats are different around the world, by region, making it more complicated and challenging for global payments systems providers. Richey added what worries her more is keeping data onshore as well as secure.

Reflecting on the debilitating Heartbleed bug discovered last week, Rezek stressed it’s not just about preventing breaches but having a good response plan in place, which is often most visible to end users through immediate and informative disclosures.

Bad Bot Landscape Overview by Distil Networks

The Bad Bot Landscape ReportQ1 2014 contains statistics on the evolution of malicious architectures under different axis of analysis like geographical area, originating ISP, originating organization and hostingprovider, size and many others.

Experts atDistil observed an increase of cloud-hosted botnets,mainly based on the Amazon cloud architecture, which was seen hosting 14%of malicioustraffic. However Amazon is not the only provider abused by cybercrime, “cheap hosting” providers representa privileged choice for bad actorsbecause they usually implement a poormonitoring and a put in place a few safeguards to prevent Bad Bot origination.

Where Bad Bots Come From? Russia, China, and India are not in the top positions of the ranking, the US (46%), Great Britain (19%), Germany (9.6 %), and The Netherlands (3.3%) are the top four countries exploited by criminals to host the malicious structure.

Distil Networks has released its “Bad Bot Landscape Report” for 2013. The company has a database of 7 billion Bad Bots, 2.2 billion of which it identified and catalogued last year.

Distil warns that Bad Bot traffic is on the rise. The numbers in the overall web traffic has almost doubled from the first quarter of 2013 to the same period of 2014 (from 12.25% to 23.6%). On the other hand, the percentage of good Bots decreased from just over 27% to 19.4% in the same period.

The report also shows that the top source for Bad Bots is the United States. In the US, the most significant Bad Bot activity is recorded between 6PM and 9PM ET. In 2013, the biggest botnet was Pushdo, which affected a total of 4.2 million IP addresses and almost as many computers. Distil has also determined that of all industries, the financial services industry serves the highest percentage of bad traffic.

When it comes to the mobile environment, nine of the top ten global operators are affected by Bad Bots.

“The bad bot landscape is evolving fast, causing varied levels of harm to all Internet stakeholders, especially website owners. Bad Bot volume will continue to grow for one simple reason—Bots are an effective means to an end for the dark side of the Internet community. The annual report presents significant Bad Bot data and dispels some widely held views regarding their origins,” said Distil CEO and Co-founder Rami Essaid.

“For example, more Bad Bots originate from the United States than any other country.

In addition to the report, Distil has developed a bot that’s designed to check the date on which SSL certificates have been issued. This is important because many companies were forced to reissue certificates due to the Heartbleed bug.

Cyber Matters for Everyone

Cyber issues have been too long been left only to the 'IT' crowd, ... when it's something—whether you are working in politics, in media, inmilitary, in law, in business, or just frankly as a good citizen or as a good parent—you need to know more about.It connects to all of these different issues and yet most of us have been operating from this position of, frankly, ignorance. And we're being taken advantage of.
- Peter Singer

A generation ago, “cyberspace” was just a term from science fiction, used to describe the nascent network of computers linking a few university labs. Today, our entire modern way of life, from communication to commerce to conflict, fundamentally depends on the Internet. And the CyberSecurity issues that result challenge literally everyone: politicians wrestling with everything from cybercrime to online freedom; generals protecting the nation from new forms of attack, while planning new cyber wars; business executives defending firms from once unimaginable threats, and looking to make money off of them; lawyers and ethicists building new frameworks for right and wrong. Most of all, CyberSecurity issues affect us as individuals. We face new questions in everything from our rights and responsibilities as citizens of both the online and real world, to simply how to protect ourselves from this new type of danger.

The full web site is currently under development and will be available soon!