Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

At long last, Internet’s root zone to be secured

The issue regarding who will handle the root keys now has an interim solution. Citing largely geopolitical concerns it has been decided that the interim solution will be VeriSign will manage the root-signing key while ICANN manages a separate key-signing key.

This was a result of the US Department of Commerce’s National Telecommunications and Information Administration (NTIA) wanting to move forward with the signing of the .gov root by the end of this year. The process resulted with VeriSign and ICANN submitting their own proposals that provided contrasting visions for implementing the complicated framework.

Click here for more information.

Data-sniffing trojans burrow into Eastern European ATMs

Eastern European ATMs, from multiple ATM equipment providers, have been infected by malware. Already having received 16 updates, over the last 18 months, using the “rapid development lifecycle” method of coding, the malware was written with professional standards. The malware scans a user’s track 2 information from the card as well as captures the user’s PIN code.

Using a controller card members of the ring can insert the card that will in turn bring up a window offering 10 command options. Some options include printing the collected data, restore log files to the condition prior to the malware installation and uninstall the malware altogether. Another option allows for the machine to dispense all its cash.

Click here for more information.

Twitter Trends exploited to promote scareware

Through the establishment of hundreds of accounts, and the addition of multiple messages under the topic of “Phish Tube Broadcast”, hackers are attempting to generate enough traffic to have the messages rank high in the Trending Topic list. The messages then have links to malicious sites promoting the sale of fake antivirus software, otherwise known as scareware.

Click here for more information.

Tories, LibDems under election day cyberattack

With Britons going to the polls attacks were launched on the websites of the Conservative Party and the Liberal Democrat Party. The Conservative Party, or the Tories, were hit with a DDoS attack taking their site down for just shy of one hour. The Liberal Democrat’s website was also hit with large amounts of traffic. When people were able to get through to the site they reached a “Oops something is wrong” page, yielding the fact that their site was also hacked with a new or revised page.

Comment: As the threat of cyber warfare is ramping up on the international-front, here is a clear example of the same techniques being used at the local level.

Click here for more information.

Huawei stymied by India security fears

Currently the last firm in the bid for supplying mobile network equipment for southern India, India media is reporting that granting the contract would be a security risk for India’s mobile network. The fear, as expressed with previous bids to the UK and Australia, is the equipment from Huawei will contain backdoors that can be exploited by the Chinese government for purposes of cyber warfare.

Comment: Whether government sponsored or not, China has had a string of incidents where hacks have originated from China. China was also blamed for malware implanted on the PCs of diplomatic missions of close to 100 countries. The question has to be asked, however, might the same be true of equipment from other countries?

Click here for more information.

US Grapples With How To Retaliate In Cyberattacks

In trying to understand how far the US can go in the pursuit of cybercriminals, or even defining what constitutes a digital act of war, the first thing is clear, identify the hacker, terrorist or the nation that launched the attack.

Unlike traditional crimes or wars, which occur from defined people, groups or nations, the Internet is a vast presence with no defined boundaries.

In the pursuit of hackers or cyber attacks against the US’ critical infrastructure several basic issues are being discussed.

• Privacy issues. When trying to seek out hackers, there are limits based on privacy issues and limits on intrusion as defined by the US Constitution. To truly chase hackers may mean this space such lines of privacy will need to be crossed.

• Terrorists. While terrorists may not have the skills to launch such attacks, they can hire out groups who have the skills and the botnets in place from which to launch such attacks. Such attacks can be launched from one or more countries without the respective country(ies) knowledge.

• Intent. Countries may have little wish to proactively launch a cyberattack against the US’ critical infrastructure as that would result in a declaration of war.

Click here for more information.

Congressional Hearing on ICANN

Regarding the conclusion of ICANN’s Joint Project Agreement (JPA) with the US government, ICANN’s CEO, Paul Twomey and five others were the main focus of a Congressional Hearing before the Commerce Subcommittee on Communications, Technology and the Internet.

The following link has information and presentations regarding the hearing.

Click here for more information.