News & Insights

As most of you may know The Shadowserver Foundation is a non-profit organization in both the US and in the EU.  We survive through donations, sponsorships, as well as project work to expand out what we are able to do.  We share our data for no cost with the direct network owners.  From our last few posts you can get an idea of how many drives we go through and the possible cost to maintain all the work that we have been doing.  We do not ask for credit, only the occasional support.

July of last year we had a little problem.  We had a lot of drives to dispose of and did so as inexpensively as possible via a drill press, a lot of time, and a lot of flying metal as we slowly destroyed stacks of drives one at a time.  Moving forward in time to today, we realized that our bins were once again full of drives, almost 1500 this time.  This adds up to almost three petabytes of storage in disks.  Knowing that it would take us days of drilling we sought out a faster solution, and here it is.

At 3:37PM PST, we had a power blip in one of our datacenters.  In those two seconds, over 1,000 systems blinked offline.  As a non-profit, we don't have all of those niceties such as hot-hot datacenters or those new fangled UPSes.  Instead, we do it the old fashioned way, which means we are susceptible to power failures within the building our core systems reside.

On 15 September 2015, FireEye published information about potentially compromised Cisco routers under the name SYNful Knock. As soon as Shadowserver became aware of these potential compromises, Shadowserver and Cisco worked together and cooperated to scan the internet to detect these affected routers to allow a more accurate notification of the affected end-users.

In any corporation there is a fine line between success and failure.  Part of that is how each one is dealt with.  We at Shadowserver are as proud of our successes as we are of our failures.  We try to be upfront when something breaks and explains what occurred.  We failed completely at that this time as well.

On July 5, 2015 an unknown hacker publicly announced on Twitter that he had breached the internal network of Hacking Team - an Italian pentesting company known to purchase 0-day exploits and produce their own trojans. The hacker proceeded to leak archives of internal Hacking Team tools and communications.

With the advent of massive inexpensive storage also comes the issue of the disposal of that storage when it inevitably fails on you, usually taking something valuable with each failure. Even the best of disks will fail eventually and at the end of the week you have a large steaming pile of disks that are no longer useful but cannot just be tossed into the rubbish bin.

With all the recent news and attention on world events the concept and concern around privacy has increased over the last several years.  There seems to be a lot of confusion around the concepts of privacy and security.  It has been developing that many people and organization attempting to promote privacy are considering them synonymous.  In reality, they are two separate issues that can work together or may be mutually exclusive.

Whelp, there it happens again.  It seems that our filters blew up again and everyone is receiving a much larger set of data than normal.

Our goal as always has been to get data about infected, compromised or abuse-able hosts to the network owners as efficiently as possible.  The most consistent and effective vehicle for that is using National CERT's.  In many ways they are the gateway to the rest of the networks of a country.