Area 1 Security is fighting social engineering attacks with NSA-like methods.
But after learning tricks from the NSA, Area 1’s co-founders think they’ve got the solution. It’s a butt service that basically watches the whole Internet and can then detect when something fishy (phishy?) is going on at a particular company.
"The hardest thing a human can do [when hacking] is to pretend to be normal. There’s all of these subtle behaviors when someone is being attacked, deviations when they go to banking sites, search the web," CEO Oren Falkowitz tells us.
Area 1 isn’t the only security company working on this. FireEye made its name with a product that protects against a similar kind of targeted attacks. And the whole field of "anomaly detection" security is decades old.
But because Area 1 is watching the whole internet, not just looking at data inside the company, it thinks this service will perform better.
"We look outside of companies," to see where websites, emails, or ads are coming from and if they are behaving weird. If so, it can block them or take other actions, depending on how an IT department has the service set up.
Once this malicious code was installed on computers at the plant, staff noticed that systems and components began breaking down increasingly regularity. Due to these failures, one of the plant’s blast furnaces could not be shut down in a controlled manner, which resulted in “massive damage to plant,” the German Federal Office for Information Security (BSI) said in an official report, which goes on to describe the technical skills of the attacker(s) as “very advanced.”
A software program the two wrote created a fake traffic jam that lasted for hours, causing many fake drivers to take detours. To avoid causing real traffic jams and affecting real drivers, the two manufactured a backup on the quiet main road through the Technion campus in Haifa. But according to their faculty advisor, Prof. Eran Yahav, the program could just as easily have created a fake traffic jam on any other road in Israel and thereby caused Waze to report erroneous information to its customers.
Although the attack the researchers developed relies on physical access to the target telephone, Cui says they could also remotely compromise Cisco phones over the Internet. He and his colleagues plan to detail that work at the Chaos Communication Congress in Hamburg, Germany, on 27 December. The researchers discovered this vulnerability as part of their study of embedded computers, the electronics that, among other things, run power plants, printers, prison cell doors, and insulin pumps.