The Information Warfare Monitor/ (Citizen Lab, Munk School of Global Affairs, University of Toronto and the SecDev Group, Ottawa) and the Shadowserver Foundation announce the release of Shadows in the Cloud: An investigation into cyber espionage 2.0. FULL REPORT. The report documents a complex ecosystem of cyber espionage that systematically targeted and compromised computer systems [...]
SecDev.cyber Blog
The “Kneber” Botnet, Spear Phishing Attacks and Crimeware
February 28, 2010 – 8:25 am
by Nart Villeneuve (Chief Research Officer, SecDev.cyber) Introduction Targeted attacks, known as “spear phishing,” are increasingly exploiting government and military themes in order to compromise defense contractors in the Unites States. [1] In 2009, the Washington Post reported that unknown attackers were able to break into a defense contractor and steal documents pertaining to the [...]
Google, China, and the coming threat from cyberspace
February 3, 2010 – 9:13 pm
SecDev Cyber Principals Ron Deibert and Rafal Rohozinski published an editorial in the Christian Science Monitor on January 28, 2010. [W]e believe targeted cyber attacks such as these will grow in frequency as cyberspace becomes more heavily contested. Ron Deibert is director of the Citizen Lab and a principal with the SecDev Group. He is [...]
Malware Attacks on Solid Oak After Dispute with Greendam
January 25, 2010 – 9:38 am
The Malware Lab, of which Nart Villeneuve is a member, posted an analysis of the attacks on Solid Oak which occurred after researchers found significant portions of code from Solid Oak’s Cybersitter in China’s Greendam filtering software. Read the full post here.
Malware Market
January 7, 2010 – 12:48 pm
There is a market for malware tools complete but buyers, sellers, and middlemen or “guarantors” that vouch for the sellers and his/her product. In fact, there is a “developer ecosystem” around the development of plugins around some of the more popular kits. These tools are effective even if are simplistic from a technical perspective. It [...]
Russian Malware Bundle
November 6, 2009 – 12:59 pm
The Malware Lab, of which Nart Villeneuve is a member, blogged about Russian malware that was found in a packet capture file from an infected computer associated with a political figure. Key findings: From the malware connections recorded in the packet capture file we were able to discover malware that bundled a Black Energy bot [...]
Smarter sleuthing can save our online privacy
November 3, 2009 – 8:41 pm
The Director of the Citizen Lab (Munk Centre of International Studies, University of Toronto), Ron Deibert published an editorial in the Globe and Mail on 2 November 2009. Police don’t need intrusive powers to tackle modern Internet crime – there’s a new paradigm Ron Deibert is director of the Citizen Lab and a principal with [...]
“0day”: Civil Society and Cyber Security
October 28, 2009 – 9:30 am
The Infowar Monitor, of which SecDev is a partner, has published a briefing that explores cases in which there is a some form of relationship between 0day exploits and their use against civil society organizations in an effort to understand the effect of these attacks given the difficult nature of attribution. Summary Civil society organizations [...]
Targeted Malware Attack on Foreign Correspondent’s based in China
October 1, 2009 – 12:42 am
The Infowar Monitor, of which SecDev is a partner, has published a short briefing detailing targeted malware attacks on foreign correspondent’s based in China. Key Findings: The content of the email, and the accompanying malicious attachment, are in well written English and contain accurate information. The email details a reporter’s proposed trip to China to [...]
SecDev & GhostNet
September 29, 2009 – 9:49 pm
The SecDev Group, along with the Information Warfare Monitor published “Tracking GhostNet: Investigating a Cyber Espionage Network,” a report released in March 2009 (www.tracking-ghost.net), which made extensive use of Palantir to analyze data obtained through technical and human-based sources. We discovered a suspected cyber espionage network of over 1,295 infected computers in 103 countries, 30% [...]