Defence Intelligence (company)

Last updated

Defence Intelligence
Company typePrivate company
Industry Information security
Founded2008 [1]
Headquarters,
Number of employees
< 25
Website www.defintel.com

Defence Intelligence, often referred to as Defintel, is an information security company based in Ottawa, Ontario, Canada. [2] The company characterizes itself as offering services for "advanced compromise protection." Their marketing materials describe their services as being for the detection and prevention of compromised systems on a network, and include their Nemesis Compromise Protection (Nemesis) and Harbinger Compromise Assessment (Harbinger) services. [3] [4]

Contents

Defence Intelligence was the security company that discovered the Mariposa botnet [5] in 2008, which consisted of 8 to 12 million individual zombie computers at the time of its dismantling in 2009. [6]

History

Defence Intelligence was founded in 2008 by Christopher Davis, [7] a Canadian security consultant who had previously aided in identifying an 18-year-old hacker [8] in 2000 that stole 26,000 credit card numbers [9] from e-commerce sites. Chris Davis collaborated along with Dan Kaminsky to inform key agencies in the Canadian government about the DNS cache poisoning flaw. [10] Prior to founding Defence Intelligence, Davis was the director of threat analysis for the Atlanta-based security company Damballa (company). [11]

In 2008, Defence Intelligence discovered the Mariposa botnet, one of the largest known botnets to date. [12] In 2009, the Mariposa Working Group was formed. [13] The MWG, consisting of members from Defence Intelligence, Panda Security, Neustar, Directi, and Georgia Tech Information Security Center, worked with international law enforcement to dismantle the botnet and aid in the arrest of the suspected creator and controllers of the botnet. [14]

In 2011 Keith Murphy, founder and president of non-profit One Dollar Nation, became CEO of Defence Intelligence. [15] [16] While no formal press release was made stating this change, numerous news articles began referring to Keith Murphy as CEO. In that same year the company released Nemesis 2.0, [17] the most current version of their main service and launched a new website with updated branding.

Mariposa

Mariposa, meaning "butterfly" in Spanish, was the name given to the botnet as a whole due to its usage of the malware program "Butterfly bot". [18] The botnet was composed of millions of infected or zombie computers controlled by the same operators. The number of computers infected by Mariposa was between 8 and 12 million spread over 190 countries. [19] Victims included more than half of the US Fortune 1000 companies as well as numerous governments and financial and educational institutions. [20] Mariposa was used for denial of service attacks, spamming, and personal information theft. It was capable of spreading via MSN, peer to peer networks, and USB keys. [21] [22]

The Spanish national police Civil Guard (Spain) arrested three men in February 2010 for suspected involvement with the Mariposa botnet. In July 2010 the suspected creator of the "Butterfly bot" malware was arrested by Slovenian police. [23] [24]

Related Research Articles

<span class="mw-page-title-main">Botnet</span> Collection of compromised internet-connected devices controlled by a third party

A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a portmanteau of the words "robot" and "network". The term is usually used with a negative or malicious connotation.

Panda Security is a Spanish cybersecurity software company. Panda Security's core offering is an antivirus software and more recently has expanded into providing and developing cybersecurity software. This includes security products and services for both businesses and home users, as well as protection tools for systems, networks, emails, and other private information. Panda Security employs around 458 people.

Operation: Bot Roast is an operation by the FBI to track down bot herders, crackers, or virus coders who install malicious software on computers through the Internet without the owners' knowledge, which turns the computer into a zombie computer that then sends out spam to other computers from the compromised computer, making a botnet or network of bot infected computers. The operation was launched because the vast scale of botnet resources poses a threat to national security.

<span class="mw-page-title-main">Storm botnet</span> Computer botnet

The Storm botnet or Storm worm botnet was a remotely controlled network of "zombie" computers that had been linked by the Storm Worm, a Trojan horse spread through e-mail spam. At its height in September 2007, the Storm botnet was running on anywhere from 1 million to 50 million computer systems, and accounted for 8% of all malware on Microsoft Windows computers. It was first identified around January 2007, having been distributed by email with subjects such as "230 dead as storm batters Europe," giving it its well-known name. The botnet began to decline in late 2007, and by mid-2008 had been reduced to infecting about 85,000 computers, far less than it had infected a year earlier.

The Mega-D, also known by its alias of Ozdok, is a botnet that at its peak was responsible for sending 32% of spam worldwide.

Koobface is a network worm that attacks Microsoft Windows, Mac OS X, and Linux platforms. This worm originally targeted users of networking websites like Facebook, Skype, Yahoo Messenger, and email websites such as GMail, Yahoo Mail, and AOL Mail. It also targets other networking websites, such as MySpace, Twitter, and it can infect other devices on the same local network. Technical support scammers also fraudulently claim to their intended victims that they have a Koobface infection on their computer by using fake popups and using built-in Windows programs.

Zeus is a Trojan horse malware package that runs on versions of Microsoft Windows. It is often used to steal banking information by man-in-the-browser keystroke logging and form grabbing. Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became more widespread in March 2009. In June 2009 security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster.com, ABC, Oracle, Play.com, Cisco, Amazon, and BusinessWeek. Similarly to Koobface, Zeus has also been used to trick victims of technical support scams into giving the scam artists money through pop-up messages that claim the user has a virus, when in reality they might have no viruses at all. The scammers may use programs such as Command prompt or Event viewer to make the user believe that their computer is infected.

Alureon is a trojan and rootkit created to steal data by intercepting a system's network traffic and searching for banking usernames and passwords, credit card data, PayPal information, social security numbers, and other sensitive user data. Following a series of customer complaints, Microsoft determined that Alureon caused a wave of BSoDs on some 32-bit Microsoft Windows systems. The update, MS10-015, triggered these crashes by breaking assumptions made by the malware author(s).

The Rustock botnet was a botnet that operated from around 2006 until March 2011.

Avalanche was a criminal syndicate involved in phishing attacks, online bank fraud, and ransomware. The name also refers to the network of owned, rented, and compromised systems used to carry out that activity. Avalanche only infected computers running the Microsoft Windows operating system.

The Mariposa botnet, discovered December 2008, is a botnet mainly involved in cyberscamming and denial-of-service attacks. Before the botnet itself was dismantled on 23 December 2009, it consisted of up to 12 million unique IP addresses or up to 1 million individual zombie computers infected with the "Butterfly Bot", making it one of the largest known botnets.

The Lethic Botnet is a botnet consisting of an estimated 210 000 - 310 000 individual machines which are mainly involved in pharmaceutical and replica spam.

The Bredolab botnet, also known by its alias Oficla, was a Russian botnet mostly involved in viral e-mail spam. Before the botnet was eventually dismantled in November 2010 through the seizure of its command and control servers, it was estimated to consist of millions of zombie computers.

OSX.FlashBack, also known as the Flashback Trojan, Fakeflash, or Trojan BackDoor.Flashback, is a Trojan horse affecting personal computer systems running Mac OS X. The first variant of Flashback was discovered by antivirus company Intego in September 2011.

The Kelihos botnet, also known as Hlux, is a botnet mainly involved in spamming and the theft of bitcoins.

Dexter is a computer virus or point of sale malware which infects computers running Microsoft Windows and was discovered by IT security firm Seculert, in December 2012. It infects PoS systems worldwide and steals sensitive information such as credit and debit card information.

Virut is a cybercrime malware botnet, operating at least since 2006, and one of the major botnets and malware distributors on the Internet. In January 2013, its operations were disrupted by the Polish organization Naukowa i Akademicka Sieć Komputerowa.

<span class="mw-page-title-main">Gameover ZeuS</span> Peer-to-peer botnet

GameOver ZeuS (GOZ), also known as peer-to-peer (P2P) ZeuS, ZeuS3, and GoZeus, is a Trojan horse developed by Russian cybercriminal Evgeniy Bogachev. Created in 2011 as a successor to Jabber Zeus, another project of Bogachev's, the malware is notorious for its usage in bank fraud resulting in damages of approximately $100 million and being the main vehicle through which the CryptoLocker ransomware attack was conducted, resulting in millions of dollars of losses. At the peak of its activity in 2012 and 2013, between 500,000 and 1 million computers were infected with GameOver ZeuS.

Mirai is malware that turns networked devices running Linux into remotely controlled bots that can be used as part of a botnet in large-scale network attacks. It primarily targets online consumer devices such as IP cameras and home routers. The Mirai botnet was first found in August 2016 by MalwareMustDie, a white hat malware research group, and has been used in some of the largest and most disruptive distributed denial of service (DDoS) attacks, including an attack on 20 September 2016 on computer security journalist Brian Krebs' website, an attack on French web host OVH, and the October 2016 Dyn cyberattack. According to a chat log between Anna-senpai and Robert Coelho, Mirai was named after the 2011 TV anime series Mirai Nikki.

Cryptojacking is the act of exploiting a computer to mine cryptocurrencies, often through websites, against the user's will or while the user is unaware. One notable piece of software used for cryptojacking was Coinhive, which was used in over two-thirds of cryptojacks before its March 2019 shutdown. The cryptocurrencies mined the most often are privacy coins—coins with hidden transaction histories—such as Monero and Zcash.

References

  1. "Defence Intelligence Announces New Anti-Malware Product, New Look". PRWeb.com. June 20, 2011. Retrieved January 13, 2012.
  2. "About The Company". Defence Intelligence. Archived from the original on December 17, 2011. Retrieved January 13, 2012.
  3. "Nemesis" (PDF). Defence Intelligence. Retrieved January 13, 2012.
  4. "Harbinger" (PDF). Defence Intelligence. Retrieved January 13, 2012.
  5. Corrons, Luis (March 3, 2010). "Mariposa Botnet". PandaLabs Blog. Retrieved January 13, 2012.
  6. "Mariposa botnet: - Dismantling". TonicBooks.com. November 9, 2011. Retrieved January 13, 2012.
  7. "Major Security Flaw Discovered: Internet Privacy Compromised at All Levels". Reuters.com. July 22, 2008. Archived from the original on September 12, 2012. Retrieved January 13, 2012.
  8. "Interview: Raphael Gray A.K.A. Curador". PBS.org. January 13, 2012.
  9. "Interview: Chris Davis". PBS.org. January 13, 2012.
  10. "Major Security Flaw Discovered: Internet Privacy Compromised at All Levels". Reuters.com. July 22, 2008. Archived from the original on September 12, 2012. Retrieved January 13, 2012.
  11. Jackson Higgins, Kelly (February 15, 2008). "Botnet Hunters Reveal New Spin on Old Tricks". PBS.org. Retrieved January 13, 2012.
  12. "Law Enforcement Agencies In Spain And USA Dismantled One Of The Largest Botnets In History". CyberInsecure.com. March 3, 2010. Retrieved January 13, 2012.
  13. "Mariposa botnet". PandaLabs.com. March 3, 2010. Retrieved January 13, 2012.
  14. Leyden, John (March 3, 2010). "How FBI, Police Busted Massive Botnet". theregister.co.uk. Retrieved January 13, 2012.
  15. "Are communists targeting Harper?". Canoe Network. June 7, 2011. Archived from the original on July 7, 2012. Retrieved January 13, 2012.{{cite news}}: CS1 maint: unfit URL (link)
  16. "W5: Investigating Canada's big cyber security problem". CTV W5. March 19, 2011. Retrieved January 13, 2012.
  17. Baumgardt, Verena (June 20, 2011). "Defence Intelligence Announces New Anti-Malware Product, New Look". PRweb.com. Retrieved January 13, 2012.
  18. "Mariposa Botnet Analysis" (PDF). Defence Intelligence. October 8, 2009. Retrieved January 13, 2012.
  19. "How FBI, police busted massive botnet". ZD Net. March 3, 2010. Retrieved January 13, 2012.
  20. Arthur, Charles (March 3, 2010). "Alleged controllers of 'Mariposa' botnet arrested in Spain". guardian.co.uk. Retrieved January 13, 2012.
  21. "Mariposa White Paper" (PDF). Defence Intelligence; Mariposa Whitepaper. Retrieved January 13, 2012.
  22. "Mariposa botnet: Spain makes three arrests". ZD Net. March 3, 2010. Retrieved January 13, 2012.
  23. "Alleged Mariposa Botnet Hacker Arrested in Slovenia". PC World. July 28, 2010. Retrieved January 13, 2012.
  24. "Three arrested in connection with Mariposa botnet". Computer World. July 28, 2010. Retrieved January 13, 2012.