Security Research
Showing results for 
Search instead for 
Do you mean 

HP Security Research OSINT (OpenSource Intelligence) articles of interest--July 25, 2014

SR-FI_Team on ‎07-25-2014 07:33 AM

Below, you will find the HP Security Research key articles of interest for July 25th, 2014. These are publically available articles that are provided as a news service only. The intent of this blog post is to share current events related to the cyber security industry. 


‘Optical fibre’ made out of thin air

Air waveguides use differences in density to keep light beams focused. Scientists say they have turned thin air into an “optical fibre” that can transmit and amplify light signals without the need for any cables. In a proof-of-principle experiment, they created an “air waveguide” that could one day be used as an instantaneous optical fibre to any point on earth, or even into space.

International cybercrime ring that breached StubHub brought down
Manhattan District Attorney (DA) Cyrus R. Vance, Jr. announced Wednesday the indictment of six individuals in connection with an “international cybercrime ring that was able to take over StubHub, LLC user accounts, steal personal identifying information, use victims’ credit cards to make fraudulent electronic ticket purchases and transfer the proceeds through a global network of accomplices in the United States, United Kingdom, Russia and Canada.”


Identifying cyber-criminals is No. 1 challenge, high-profile lawyer says
A hacker known as “Track2” helped steal more than 200,000 credit card numbers from small retailers across the United States and sold them online to other criminals for more than $2 million, according to a federal indictment.
“This is a very, very famous hacker,” said Arkady Bukh, a Brooklyn-based defense attorney. “That person deserves to be sentenced to a very, very long jail time. It’s not a question.”


Here’s how I invented and maintained a fake person online
On April 8, 2013, I received an envelope in the mail from a nonexistent return address in Toledo, Ohio. Inside was a blank thank-you note and an Ohio state driver’s license. The ID belonged to a 28-year-old man called Aaron Brown--6 feet tall and 160 pounds with a round face, scruffy brown hair, a thin beard, and green eyes. His most defining feature, however, was that he didn’t exist. I know that because I created him.


Antifragility--The goal for high-performance IT organizations
"Antifragile" is the term meant to describe the exact opposite of fragile. It’s not the same as robust or resilient, two terms often conflated with the notion of antifragility, and two terms I’ve used to describe desirable attributes often associated with well-designed and well-managed online services. When customers say the cloud service they’re reliant upon is “robust” or “resilient,” we, as the IT professionals responsible for that service, can be justifiably proud of our efforts.


Your reputation precedes you: History, reputation, and the Chrome Malware warning
Several web browsers, including Google Chrome and Mozilla Firefox, use malware warnings to stop people from visiting infectious websites. However, users can choose to click through (i.e., ignore) these malware warnings. In Google Chrome, users click through a fifth of malware warnings, on average. We investigate factors that may contribute to why people ignore such warnings.


BareCloud: Bare-metal analysis-based evasive malware detection
The volume and the sophistication of malware are continuously increasing and evolving. Automated dynamic malware analysis is a widely-adopted approach for detecting malicious software. However, many recent malware samples try to evade detection by identifying the presence of the analysis environment itself, and refraining from performing malicious actions.


Deloitte: Offensive defense--DDoS disruption a simple method to tarpit and mitigate the Dirt Jumper drive--smart attack
Modern DDoS attacks are generally executed via a botnet, a large collection of machines that have been infected with a specialized malware that can effectively disable the function of a targeted system or device by flooding it with communication requests. Hosting providers have responded by developing pattern-based detection capabilities to support rapid response. However, malware developers have adjusted with recently developed capabilities to circumvent the measures employed by anti-DDoS hosting providers.


Dragonfly: Cyberespionage attacks against energy suppliers
A cyberespionage campaign against a range of targets, mainly in the energy sector, gave attackers the ability to mount sabotage operations against their victims. The attackers, known to Symantec as "Dragonfly," managed to compromise a number of strategically important organizations for spying purposes and, if they had used the sabotage capabilities open to them, could have caused damage or disruption to the energy supply in the affected countries.


KPMG INDIA: Cybercrime survey report 2014
In a digital age, where online communication has become the norm, internet users and governments face increased risks of becoming the targets of cyber attacks. As cyber criminals continue to develop and advance their techniques, they are also shifting their targets focusing less on theft of financial information and more on business espionage and accessing government information. To fight fast-spreading cybercrime, businesses and governments must collaborate globally to develop an effective model that can control the threat.


In the past three months, Palo Alto Networks® has identified a series of attacks emanating from Nigerian actors against customers in Taiwan and South Korea. Their team is tracking this activity under the code name "Silver Spaniel." These attacks have deployed commodity tools that can be purchased for small fees on underground forums and deployed by any individual with a laptop and an e-mail address.


The information contained in this blog post is from publicly available sources. Avoid suspicious links and advertisements. These articles do not represent HP’s view or position on any of the topics listed. 

0 Kudos
About the Author


27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all