Subscribe to RSS / Follow on Twitter / Join Facebook page / Advertise on The Klaxon / Log in / Register

The Klaxon / Crisis. It reveals character.
Resources

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Related Posts
Most Popular
  • Time to volunteer for Haiti earthquake will come; right now, victims need experts
  • Jobs
  • California earthquake should be Golden State's wake-up call to prepare
  • It's time to wake up, America: Amy Bishop, Fort Worth terror suspect epitomize fear to speak up
  • 8.8-magnitude quake sends Chile warning to the Ring of Fire
  • Louisiana sheriff's 'Operation Exodus' needs its own emergency plan
  • University of Alabama shooting highlights communication problem
  • Help Pittsburgh sisters devastated by Haiti earthquake
  • UK threat level has entire world on alert for terrorism
  • Contact
    •
    1. Time to volunteer for Haiti earthquake will come; right now, victims need experts
    2. Jobs
    3. California earthquake should be Golden State's wake-up call to prepare
    4. It's time to wake up, America: Amy Bishop, Fort Worth terror suspect epitomize fear to speak up
    5. 8.8-magnitude quake sends Chile warning to the Ring of Fire
    • Flashpoint: Mechanical

    Former Army specialist hacks ‘T-Spot,’ shows U.S. not ready for cyber attack

    By Chuck Frank / chuck@theklaxon.com / 02.09.2010

    Updated on: 02.08.10 at 11:46 pm

    Former U.S. Army computer-security specialist Christopher Tarnovsky stood up in front of the audience at the Black Hat Technical Security Conference and demonstrated how to do the impossible.

    Tarnovsky hacked into a chip carrying a “Trusted Platform Module” or TPM. TPM chips are the computer industry’s highest standard of security and are present in more than 100 million computers sold to businesses and individuals.

    Hacking the TPM in a computer allows access to all highly sensitive documents in government and business—and virtually every secret on a personal computer.

    Tarnovsky’s discovery comes on the heels of the most expansive cyber attack on American business in history.

    Operation Aurora in December 2009 silently was launched by Chinese hackers. Their goal: Retrieve the source codes from Google, Adobe, Juniper and 34 other high-profile companies.

    The opportunity they exploited was a little-known programming hole called “zero-day” in the Internet Explorer software.

    Their ultimate goal was to be able to compromise U.S. energy, communication and financial infrastructure by not only invading without detection, but being able to control it.

    Tarnovsky unlocked the most secure chip manufactured by Infineon Technologies and claimed that his technique will work on the entire line of security chips manufactured by Infineon. Infineon is the leading maker of TPM chips.

    The only good news is that hackers trying to attempt the “Tarnovsky Torquemada,” must first get their hands on a smart phone, laptop or X-box, and literally torture the TPM chip in acid baths, rust remover, and finally use acupuncture to get to the nerve center of the chip. But once they have found the “T-Spot,” it’s goodness, gracious, great balls of data.

    From personal video game peripheral to war plan documents at the Pentagon, there will be no stopping data streams.

    Tarnovsky is the cyber watchman on the wall. It’s midnight, and all is definitely not well.

    It’s time to wake up world and demand an accounting before every pocket is emptied while we sleep.

    Comments(2)

    1. Social comments and analytics for this post…

      This post was mentioned on Twitter by websecuritynews: Former Army specialist hacks ‘T-Spot,’ shows US not ready for cyber attack http://ow.ly/16×3Xa...

    2. “Operation Aurora in December 2009 silently was launched by Chinese hackers. Their goal: Retrieve the source codes from Google, Adobe, Juniper and 34 other high-profile companies.”

      Attribution has not been established, although Chinese hackers are being suspected. After all, the command & control servers were based in Taiwan and the US.

      “Their ultimate goal was to be able to compromise U.S. energy, communication and financial infrastructure by not only invading without detection, but being able to control it.”

      Possibly, but how do you know when you are not even aware of the identity of those responsible for the attacks.

    Respond





    © The Klaxon 2010 / Terms and Conditions / Contact Us
    Powered by WordPress 2.9.2 / The Klaxon is a handheld journalism medium.
    Site design and development by Greg Mihalko

     Thanks to our partners:
    Providence Emergency Management Agency