News & Insights

At 3:37PM PST, we had a power blip in one of our datacenters.  In those two seconds, over 1,000 systems blinked offline.  As a non-profit, we don't have all of those niceties such as hot-hot datacenters or those new fangled UPSes.  Instead, we do it the old fashioned way, which means we are susceptible to power failures within the building our core systems reside.

On 15 September 2015, FireEye published information about potentially compromised Cisco routers under the name SYNful Knock. As soon as Shadowserver became aware of these potential compromises, Shadowserver and Cisco worked together and cooperated to scan the internet to detect these affected routers to allow a more accurate notification of the affected end-users.

In any corporation there is a fine line between success and failure.  Part of that is how each one is dealt with.  We at Shadowserver are as proud of our successes as we are of our failures.  We try to be upfront when something breaks and explains what occurred.  We failed completely at that this time as well.

On July 5, 2015 an unknown hacker publicly announced on Twitter that he had breached the internal network of Hacking Team - an Italian pentesting company known to purchase 0-day exploits and produce their own trojans. The hacker proceeded to leak archives of internal Hacking Team tools and communications.

With the advent of massive inexpensive storage also comes the issue of the disposal of that storage when it inevitably fails on you, usually taking something valuable with each failure. Even the best of disks will fail eventually and at the end of the week you have a large steaming pile of disks that are no longer useful but cannot just be tossed into the rubbish bin.

With all the recent news and attention on world events the concept and concern around privacy has increased over the last several years.  There seems to be a lot of confusion around the concepts of privacy and security.  It has been developing that many people and organization attempting to promote privacy are considering them synonymous.  In reality, they are two separate issues that can work together or may be mutually exclusive.

Whelp, there it happens again.  It seems that our filters blew up again and everyone is receiving a much larger set of data than normal.

Our goal as always has been to get data about infected, compromised or abuse-able hosts to the network owners as efficiently as possible.  The most consistent and effective vehicle for that is using National CERT's.  In many ways they are the gateway to the rest of the networks of a country.

We have been engaged in scanning of the internet for its better health for over a year (we started with a few, then grew to a dozen).  The decreases in abusable systems has dropped significantly in several areas.  We have also had an inadvertent effect of identifying networking misconfiguration on many networks which has helped improve the stability and security of those organizations.

On Monday June 2nd 2014, the US Department of Justice announced an ongoing operation to take down the infamous Gameover Zeus and CryptoLocker cybercrimal botnet infrastructures. "Operation Tovar" is a joint effort between international law enforcement agencies, such as the FBI, UK NCA and Europol/EC3, plus multiple private partners.