Category Archives: cyberattacks

John McAfee: ‘I know who hacked Sony Pictures – and it wasn’t North Korea’

IBT: Anti-virus pioneer John McAfee claims to have been in contact with the group of hackers behind the devastating cyber-attack against Sony Pictures and guarantees they are not from North Korea.

Speaking to IBTimes UK about his current roster of security startups under his Future Tense brand – including secure messaging app Chadder – McAfee spoke about working with the FBI previously but said that, in this case, the agency was “wrong”.

“I can guarantee they are wrong. It has to do with a group of hackers – I will not name them – who are civil libertarians and who hate the confinement the restrictions the music industry and the movie industry has placed on art and so they are behind it.”

Sounds plausible — even more so if it was coming from a different source.

Facebooktwittermail

France: 19,000 websites hacked since Charlie Hebdo attack

Mashable: Hackers have attacked 19,000 French websites in the aftermath of the raid on the office of Charlie Hebdo, according to France’s cyberdefense chief.

The attacks were carried out by “more or less structured” groups, including some well-known Islamic hacking groups, Adm. Arnaud Coustilliere, head of the French Army’s cybersecurity department, told reporters on Thursday.

Coustilliere defined them as “defacement,” referring to common attacks in which hackers take control of a site and replace its content.

“That’s never been seen before.

It’s the first time that a country has been faced with such a large wave,” he said.

Facebooktwittermail

Obama gives speech on cybersecurity… @CENTCOM gets hacked

The Guardian reports: Barack Obama on Monday unveiled a slew of initiatives to improve Americans’ data security.

In a speech at the Federal Trade Commission, the president outlined proposals aimed at improving student data protection and protecting Americans’ financial health. They will, however, require approval from the Republican-majority Congress, which has already received three veto threats from the White House in less than a week in session.

“As we’ve all been reminded over the past year, including the hack of Sony, this extraordinary interconnection creates enormous opportunities but also creates enormous vulnerabilities for us as a nation,” Obama said.

Wired reports: Twitter and YouTube accounts belonging to the military’s US Central Command were hacked on Monday. Hackers supportive of the terrorist group Islamic State, also known as ISIS, took credit and issued a warning to the US military.

“AMERICAN SOLDIERS, WE ARE COMING, WATCH YOUR BACK. ISIS,” the hackers tweeted through the account for the US Central Command, which is the military command for the Middle East, North Africa, and Central Asia. The tweet included a link to a statement that read in part:

“While the US and its satellites kill our brothers in Syria, Iraq and Afghanistan we broke into your networks and personal devices and know everything about you,” it read. “You’ll see no mercy infidels. ISIS is already here, we are in your PCs, in each military base. With Allah’s permission we are in CENTCOM now. We won’t stop! We know everything about you, your wives and children. U.S. soldiers! We’re watching you!”

The group also replaced the Twitter profile image with an image of a person wearing a black and white keffiyeh, and the text CyberCaliphate and “i love you isis.”

Forty minutes after the first hacked tweet, Twitter suspended the account.

According to news reports, the hackers also posted images of spreadsheets that purported to contain the home addresses and other contact information for retired US Army generals and other images purporting to be US military maps and plans. The Pentagon appeared to confirm the authenticity of the information, telling reporters that the exposed information was not classified and that the images came not from the government but from the Massachusetts Institute of Technology. [Continue reading…]

The Washington Post adds: It is not clear whether the hackers are actually with the Islamic State, sympathizers with the militants, or simply pulling a prank on the Pentagon. But J.M. Berger, an analyst and non-resident fellow with the Brookings Institution, said there is reason to believe it could be someone affiliated directly with the Islamic State.

“ISIS has a team of hackers who are very deeply involved in ISIS the organization,” said Berger, author of the forthcoming book “ISIS: The State of Terror.”

“They have been practicing and recruiting for a while, and this has been going on for months and months,” Berger said.

But analysts added that just because the Islamic State hacked two social media accounts, it does not mean they threatened classified computer networks. Other hacker organizations, like the Syrian Electronic Army, have seized control of websites, and a group using the same “CyberCaliphate” name and photo seen in the hack against Centcom on Monday hacked the Twitter accounts of the Albuquerque Journal in New Mexico and the WBOC TV station in Salisbury, Md., last week.

“Let’s remember this is a social media account,” said Peter Singer, a strategist and analyst with the New American Foundation in Washington, of the attacks on Monday. “This is not a military command and control network. This is not a network that moves classified or even non-classified internal information back and forth. Essentially what they did is for several minutes take control of the megaphone.”

But Singer said the incident does amount to a public relations victory for the Islamic State, even if they were not directly involved. Embarrassing the U.S. government “is a feather in their cap in terms of pulling off something that other groups have not been able to do, no matter how silly it is at the end of the day.”

Whoever hacked the @CENTCOM account, there’s reason to doubt they are closely tied to ISIS — even though ISIS and its supporters will view this as a propaganda victory and make hyperbolic claims like “the landscape of jihad has changed.”

It turns out that the hackers posted pornographic photos:

Facebooktwittermail

Cyber bomb threats and the hacking of geopolitics

The Soufan Group IntelBrief: The capability of nations and advanced criminal groups to engage in sophisticated cyber espionage and theft is nothing new; and the capability of these actors to impact components of critical infrastructure is also nothing new (the 2012 Saudi Aramco attack comes to mind). What is new is their willingness to actually launch attacks not for intelligence or commercial gain but to impact corporate or geopolitical decisions. Whether it’s having its data stolen or even held hostage via malicious encryption, or having its operations and personnel threatened with physical violence and damage, corporations and governments will find the Age of the Cyber Bomb Threat to be as costly and frustrating as the age of counterterrorism and counter-violent extremism.

Much as in terrorism, cyber conflict runs the spectrum of ideology and motivation. And as with terrorism, cyber conflict’s impact goes far beyond the point of attack. The ubiquity of the Internet means that anyone and everyone is a potential target—which is the point of all forms of terrorism. On December 21, 2014, unidentified attackers (assumed, rightly or wrongly, to be associated with North Korea) hacked into the non-operational computer systems of a functioning nuclear power plant in South Korea. The operator of the plant, Korea Hydro and Nuclear Power (KHNP), stated that at no time were plant operations at risk since those are on a closed and independent system, but that sensitive personnel and plant design data were stolen. In what will become the standard modus operandi for cyber bomb threats, the attackers threatened to destroy the plant if it wasn’t shut down. The threat of additional cyber attacks will be paired with threats of physical attacks.

While North Korea could very well be behind the nuclear reactor hack as well as the Sony hack, so could a range of other actors, given that the malware tools are available online to anyone with sufficient expertise and knowledge of where to look. It is the lack of true certainty that makes cyber attacks so difficult to respond to with counter-attacks. IP addresses are misleading and the tools and the capabilities are widespread enough that “the usual suspects” are now too large to count. With the stakes so high and the public and private players so poorly accounted for, the risks of attacks once thought unlikely will increase with cascading repercussions. [Continue reading…]

Facebooktwittermail

South Korea says North may be behind nuclear plant cyber-attack; three workers later die in construction accident

Bloomberg reports: South Korea is investigating the possible involvement of North Korea in the recent hacking attack on its nuclear power network, Justice Minister Hwang Kyo Ahn said yesterday during a session of the National Assembly.

His remarks came after investigators said an IP address of a suspected hacker was traced to Shenyang city in China, a known location of North Korean computer experts, according to a report in the Chosun Ilbo newspaper today.

“We are investigating without ruling out the possibility that North Korea may be behind the attack,” Minister Ahn said.

The leaks of partial blueprints and operating manuals for South Korean reactors began last week on a blog and were later posted to a Twitter account under the profile “president of anti-nuclear reactor group.” The group also demanded Korea Hydro & Nuclear Power Co., the nation’s nuclear plant operator, halt three facilities by today. The latest postings on Twitter were on Dec. 23. [Continue reading…]

The Associated Press reports: Three South Korean workers died Friday after apparently inhaling toxic gas at a construction site for a nuclear plant being built by South Korea’s monopoly nuclear power company, which has come under recent threats by hackers, a company official said.

The accident at the construction site in the southeastern city of Ulsan came as the state-run Korea Hydro and Nuclear Power Co. was on high alert over a series of threats by hackers who claim they can disable the control systems of its plants. Choi Hee-ye, a company spokeswoman, said there was no reason to believe that Friday’s accident was linked to the cyberattack threats.

The victims were working at the construction site when they fell unconscious and were taken to a hospital, where they later died, Choi said. [Continue reading…]

Facebooktwittermail

U.S. puts new focus on fortifying cyber defenses

The Wall Street Journal reports: The Obama administration is increasingly concerned about a wave of digital extortion copycats in the aftermath of the cyberattack on Sony Pictures Entertainment, as the government and companies try to navigate unfamiliar territory to fortify defenses against further breaches.

About 300 theaters on Thursday screened the movie that apparently triggered the hacking attack, a comedy about the assassination of North Korean leader Kim Jong Un, after Sony reversed its initial decision to acquiesce to hacker demands that the film be shelved.

Still, the threat to Sony — allegedly by North Korea—marked “a real crossing of a threshold” in cybersecurity, given its unusually destructive and coercive nature, said Michael Daniel, the cybersecurity coordinator for the White House National Security Council.

“It really is a new thing we’re seeing here in the United States,” Mr. Daniel said. “You could see more of this kind of activity as countries like North Korea and other malicious actors see it in their interest to try and use that cyber tool.” [Continue reading…]

Countries like North Korea is arguably a category of one. “Other malicious actors” is the group to be more concerned about — a category in which governments may still be in the minority. It’s a group that includes disgruntled employees, hackers, hactivists, criminal organizations, and corporate competitors.

Facebooktwittermail

Putting North Korea’s ‘widespread’ internet outage in perspective

If a tree falls in a forest and no one is around to hear it, does it make a sound?

When four networks go down in a country where hardly anyone has internet access, does it make any sense to say that North Korea had an internet outage?

Every single day there are outages on a much larger scale all over the world and apart from for the technicians whose task it is to fix them, they largely go unnoticed.

Two weeks ago there was an outage of 148 networks in the U.S. It didn’t merit media coverage — just a tweet.

A 9 hour 31 minute outage that prompted headlines suggesting the U.S. government might have launched a cyberattack in response to the Sony hack, drew this more measured observation from Mashable:

While nobody knows who blocked access for the four networks and 1,024 IP addresses in the country, the consensus is clear: it wouldn’t have taken much. The attack appears to have been a relatively simple distributed denial of service, or DDoS — the kind of thing just about any experienced hacker could launch.

Meanwhile, North Korea, never known to exercise restraint when it comes to launching fusillades of wild rhetoric, on Sunday threatened to destroy America, which is to say, they are ready to “blow up” every city in this country. The Policy Department of the National Defence Commission of the DPRK said:

The army and people of the DPRK who aspire after justice and truth and value conscience have hundreds of millions of supporters and sympathizers, known or unknown, who have turned out in the sacred war against terrorism and the U.S. imperialists, the chieftain of aggression, to accomplish the just cause.

Obama personally declared in public the “symmetric counteraction”, a disgraceful behavior.

There is no need to guess what kind of thing the “symmetric counteraction” is like but the army and people of the DPRK will never be browbeaten by such a thing.

The DPRK has already launched the toughest counteraction. Nothing is more serious miscalculation than guessing that just a single movie production company is the target of this counteraction. Our target is all the citadels of the U.S. imperialists who earned the bitterest grudge of all Koreans.

The army and people of the DPRK are fully ready to stand in confrontation with the U.S. in all war spaces including cyber warfare space to blow up those citadels.

Funny how a nuclear-armed government can threaten to destroy this country and no one takes it seriously and yet when unknown hackers ominously evoke memories of 9/11, Sony executives panic.

Facebooktwittermail

Stuxnet-like cyberattack on German steel factory causes ‘massive damage’

IDG News Service reports: A German steel factory suffered massive damage after hackers managed to access production networks, allowing them to tamper with the controls of a blast furnace, the government said in its annual IT security report.

The report, published Wednesday by the Federal Office for Information Security (BSI), revealed one of the rare instances in which a digital attack actually caused physical damage.

The attack used spear phishing and sophisticated social engineering techniques to gain access to the factory’s office networks, from which access to production networks was gained. Spear phishing involves the use of email that appears to come from within an organization. After the system was compromised, individual components or even entire systems started to fail frequently.

Due to these failures, one of the plant’s blast furnaces could not be shut down in a controlled manner, which resulted in “massive damage to plant,” the BSI said, describing the technical skills of the attacker as “very advanced.” [Continue reading…]

Facebooktwittermail

Why there’s still reason to doubt North Korea was behind the Sony attack

Why would the FBI say it has “enough information to conclude that the North Korean government is responsible for these actions,” if that’s not really true?

Firstly, the FBI and the U.S. government as a whole is always reluctant to present itself as ignorant. Presenting itself as having privileged access to secret information is something every government does in order to bolster its image of power. The FBI can’t tell us exactly how it knows what it claims to know because “the need to protect sensitive sources and methods precludes us from sharing all of this information” — trust us; we know; we’re the FBI.

Secondly, the only way that North Korea can convincingly refute the accusation is to identify the real culprits — and they have no means of doing that.

Given the appalling reputation of the leaders of the hermit kingdom, there is a prevailing assumption of guilt even in the absence of compelling evidence, which makes the FBI’s accusation an easy sell.

Sean Gallagher recently wrote: “Based on the amount of data stolen, and the nature of the malware itself, it’s likely the attackers had physical access to the network and that the attack may have been ongoing for months…”

Are we to imagine that North Korea not only instigated the attack but was also able to recruit inside collaboration?

I can see this as central to the plot that numerous Hollywood screenwriters must currently be working on for a blockbuster thriller about how an evil dictator tries to destroy Hollywood, but I can’t really see it in real life.

Michael Hiltzik writes:

The North Korea/”Interview” narrative is comforting in several ways. It feeds into the tendency to attribute almost God-like capabilities to an adversary, especially a secretive one; that’s very much a scenario favored by Hollywood. (Think of the all-time definitive James Bond movie line, from “Dr. No”: “World domination–same old dream.”) And it helps Sony executives deflect blame — how could anyone expect them to defend against an attack by such a sinister, all-powerful enemy? You can expect to see more coverage, like this piece from CNN, about North Korea’s shadowy “Bureau 121,” purportedly its Cyberattack Central.

There are great dangers in mistaken attribution — it shifts attention from the real perpetrators, for one thing. A counterattack against North Korea could needlessly provoke the regime, wrecking the few diplomatic initiatives taking place.

Here’s a rundown of the counter-narrative.

–“Whitehat” hacker and security expert Marc W. Rogers argues that the pattern of the attack implies that the attackers “had extensive knowledge of Sony’s internal architecture and access to key passwords. While it’s plausible that an attacker could have built up this knowledge over time … Occam’s razor suggests the simpler explanation of an insider,” perhaps one out for workplace revenge. (N.B. “Occam’s razor” is the principle that the simplest explanation for something is often the best.)

–The assertion that the attack was uniquely sophisticated, which is an element of the accusation against North Korea, is both untrue and incompatible with the North Korea narrative. It presupposes that a nation-state without a native computer infrastructure could launch an unprecedented assault. More to the point, very similar hacking technology has been used in earlier hacks in Saudi Arabia and elsewhere. The consulting firm Risk Based Security has a discussion of these and other aspects of the Sony affair.

It’s worth noting that Risk Based Security’s team isn’t entirely convinced by the FBI statement. In an update to their commentary Friday, they observed that the agency has “not released any evidence to back these claims.” They add: “While the FBI certainly has many skilled investigators, they are not infallible. Remember, this agency represents the same government that firmly stated that Iraq had weapons of mass destruction, leading the U.S. into a more than ten year conflict, which was later disproven.

Finally, Caroline Baylon from Chatham House, in an interview with ITN, laid out the reasons why the North Korean government was probably not behind the hack:

Facebooktwittermail

Feds release new details about malware targeting Sony

Ars Technica reports: The highly destructive malware believed to have hit the networks of Sony Pictures Entertainment contained a cocktail of malicious components designed to wreak havoc on infected networks, according to new technical details released by federal officials who work with private sector security professionals.

An advisory published Friday by the US Computer Emergency Readiness Team said the central malware component was a worm that propagated through the Server Message Block protocol running on Microsoft Windows networks. The worm contained brute-force cracking capabilities designed to infect password-protected storage systems. It acted as a “dropper” that then unleashed five components. The advisory, which also provided “indicators of compromise” that can help other companies detect similar attacks, didn’t mention Sony by name. Instead, it said only that the potent malware cocktail had targeted a “major entertainment company.” The FBI and White House have pinned the attack directly on North Korea, but so far have provided little proof. [Continue reading…]

Facebooktwittermail

FBI offers circumstantial evidence that North Korea is responsible for Sony hack

FBI statement: As a result of our investigation, and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions. While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:

  • Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.
  • The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
  • Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.

The emphasis above is mine.

It’s reasonable to assume that the hackers don’t want to get caught and thrown in jail. It’s also reasonable to assume that they would want to evade detection by disguising themselves as North Korean. An abundance of clues that this attack emanated from North Korean sources may just as likely indicate that it came from somewhere else.

Moreover, given that the U.S. government takes a firm position on refusing to pay ransoms for the release of hostages, why would they not have strongly advised Sony to refuse to capitulate in the face of implausible threats?

President Obama now says that Sony “made a mistake” by pulling the release of the film.

Hmmm… Maybe Sony will now reconsider its decision — they can pitch the release of The Interview as an appropriate form of retaliation and also take advantage of the most massive run of free publicity a movie has ever had.

Sony executives may honestly believe that this film is “desperately unfunny,” but at the end of the day, this isn’t about free speech — it’s about making money.

Facebooktwittermail

Lessons from the Sony hack

Peter W. Singer and Allan Friedman write: The hack of Sony has often been lumped in with stories ranging from run of the mill online credit card theft to the Target, Home Depot and JP Morgan breaches to the time that Iranian-linked hackers allegedly “erased data on three-quarters of Aramco’s corporate PCs.” In fact, most of these crimes have little more in common than the fact that they were committed using computers. It’s a lot like lumping together every incident in New York that involves a gun, whether it’s a bank robbery, a murder or a football player accidentally shooting himself.

What made the Sony hack distinct is that it mixed an evidently organized effort, using advanced tools (what is known as an “advanced persistent threat”) that some have linked to the North Korean state, but with the goal of maximizing attention and embarrassment for the target. That is, they weren’t a few hackers phishing after any target, nor were they trying to keep quiet, so that they could continue to secretly exfiltrate data. Rather, they appear to have wanted to cause havoc — and make sure everyone knew.

Differentiating between these kinds of threats is critical, because different risks require different types of responses. The claims some have made that the Sony hack is an act of “cyberterrorism” are a case in point. The FBI definition of cyberterrorism requires “an act that results in violence,” which stealing scripts about James Bond carrying out acts of violence wouldn’t meet. This also applies to the recent threats by the hackers to create 9/11 style events at any movie theater that shows the film. Rapidly becoming an illustration on how not to handle online threats, virtually all the major U.S. theater companies have now said they won’t show the movie. Yet the ability to steal gossipy celebrity emails is clearly not the same as having the capacity to undertake physical attacks at thousands of movie theaters across the country. So, at least based on their actions so far, the “bitter fate” the hackers promised moviegoers is most likely to be the price they pay for popcorn. [Continue reading…]

Facebooktwittermail

ISIS implicated in botched cyberattack

The Associated Press reports: A cyberattack aimed at unmasking Syrian dissidents has experts worried that ISIS is adding malicious software to its arsenal.

Internet watchdog Citizen Lab says an attempt to hack into systems operated by dissidents within the self-styled caliphate could be the work of hackers affiliated with ISIS.

Citizen Lab analyst John Scott-Railton said there is circumstantial evidence of the group’s involvement, and cautioned that if the group has moved into cyber-espionage, “the targets might not stop with the borders of Syria.”

The Nov. 24 attack came in the form of a booby-trapped email sent to an activist collective in Raqqa, Syria, that documents human rights abuses in ISIS’ de-facto capital. The activist at the receiving end wasn’t fooled and forwarded the message to an online safety group.

“We are wanted – even just as corpses,” the activist, whose name is being withheld to protect his safety, wrote in his message to cybersafety trainer Bahaa Nasr. “This email has a virus; we want to know the source.”

The message eventually found its way to Citizen Lab, based at the University of Toronto’s Munk School of Global Affairs. There, Scott-Railton and malware researcher Seth Hardy determined that it could act as a kind of electronic homing beacon by revealing a victim’s Internet Protocol address. [Continue reading…]

Facebooktwittermail

Malware used to attack Sony was the software equivalent of a crude pipe bomb

Ars Technica reports: According to multiple reports, unnamed government officials have said that the cyber attack on Sony Pictures was linked to the North Korean government. The Wall Street Journal reports that investigators suspect the attack was carried out by Unit 121 of North Korea’s General Bureau of Reconnaissance, the country’s most elite hacking unit.

But if the elite cyber-warriors of the Democratic People’s Republic of Korea were behind the malware that erased data from hard drives at Sony Pictures Entertainment, they must have been in a real hurry to ship it.

Analysis by researchers at Cisco of a malware sample matching the MD5 hash signature of the “Destover” malware that was used in the attack on Sony Pictures revealed that the code was full of bugs and anything but sophisticated. It was the software equivalent of a crude pipe bomb.

Compared to other state-sponsored malware that researchers have analyzed, “It’s a night and day difference in quality,” said Craig Williams, senior technical leader for Cisco’s Talos Security Intelligence and Research Group, in an interview with Ars. “The code is simplistic, not very complex, and not very obfuscated.” [Continue reading…]

Facebooktwittermail

How hackers almost toppled the Sheldon Adelson gambling empire

Bloomberg Businessweek reports: Investigators from Dell SecureWorks working for [Sheldon Adelson’s casino empire, Las Vegas] Sands have concluded that the February attack was likely the work of “hacktivists” based in Iran, according to documents obtained by Bloomberg Businessweek. The security team couldn’t determine if Iran’s government played a role, but it’s unlikely that any hackers inside the country could pull off an attack of that scope without its knowledge, given the close scrutiny of Internet use within its borders. “This isn’t the kind of business you can get into in Iran without the government knowing,” says James Lewis, a senior fellow at the Center for Strategic and International Studies in Washington. Hamid Babaei, a spokesman for Iran’s Permanent Mission to the United Nations, didn’t return several phone calls and e-mails.

The perpetrators released their malware early in the morning on Monday, Feb. 10. It spread through the company’s networks, laying waste to thousands of servers, desktop PCs, and laptops. By the afternoon, Sands security staffers noticed logs showing that the hackers had been compressing batches of sensitive files. This meant that they may have downloaded — or were preparing to download — vast numbers of private documents, from credit checks on high-roller customers to detailed diagrams and inventories of global computer systems. Michael Leven, the president of Sands, decided to sever the company entirely from the Internet.

It was a drastic step in an age when most business functions, from hotel reservations to procurement, are handled online. But Sands was able to keep many core operations functioning — the hackers weren’t able to access an IBM (IBM) mainframe that’s key to running certain parts of the business. Hotel guests could still swipe their keycards to get into their rooms. Elevators ran. Gamblers could still drop coins into slot machines or place bets at blackjack tables. Customers strolling the casino floors or watching the gondolas glide by on the canal in front of the Venetian had no idea anything was amiss.

Leven’s team quickly realized that they’d caught a major break. The Iranians had made a mistake. Among the first targets of the wiper software were the company’s Active Directory servers, which help manage network security and create a trusted link to systems abroad. If the hackers had waited before attacking these machines, the malware would have made it to Sands’ extensive properties in Singapore and China. Instead, the damage was confined to the U.S. [Continue reading…]

Facebooktwittermail

Is Russia’s cyberwar heating up amid new Cold War?

Moscow Times reports: A recent influx of reports about Russian electronic espionage activity has prompted fresh concerns that the Kremlin may be gunning for a cyberwar with the West.

Not everyone is convinced: Russian IT analysts interviewed by The Moscow Times were more inclined to blame the spike in attack reports on media hype and cybersecurity companies exploiting clients’ fears.

But Russia’s leading expert on domestic security services, Andrei Soldatov, said the pattern of the attacks indicated that the Russian government may be mounting a covert Internet offensive.

Experts could not say, however, whether heavy guns with the FSB electronic espionage agencies have been deployed.

“All government-linked attacks so far have been carried out by people on the market: the cyber-mercenaries,” Soldatov, editor-in-chief of the Agentura.ru website, said Wednesday. [Continue reading…]

Facebooktwittermail

Syrian hackers use WhatsApp, Viber, Facebook and YouTube to spread malware aimed activists

IB Times reports: A group of pro-Assad hackers in Syria are using activist websites, WhatsApp, Viber, YouTube and social media to spread malware which claims to help protect privacy.

The group of hackers has infected more than 10,000 victims using sophisticated techniques to hide the malware they are sharing on websites visited by activists, social media platforms like Facebook, YouTube, Skype and even on instant messaging services WhatsApp and Viber.

The news comes from a report from Kasperksy Lab entitled “Syrian Malware – the ever-evolving threat” which says the group of hackers is highly organised and is targeting victims inside as well as outside of Syria.

The group is playing on the fears of victims in the worn-torn country by spreading fake messages (via email, Skype, Viber etc) which claim to give details about imminent cyber-attacks. [Continue reading…]

Facebooktwittermail

U.S. firm helped the spyware industry build a potent digital weapon for sale overseas

Barton Gellman reports: CloudShield Technologies, a California defense contractor, dispatched a senior engineer to Munich in the early fall of 2009. His instructions were unusually opaque.

As he boarded the flight, the engineer told confidants later, he knew only that he should visit a German national who awaited him with an off-the-books assignment. There would be no written contract, and on no account was the engineer to send reports back to CloudShield headquarters.

His contact, Martin J. Muench, turned out to be a former developer of computer security tools who had long since turned to the darkest side of their profession. Gamma Group, the British conglomerate for which Muench was a managing director, built and sold systems to break into computers, seize control clandestinely, and then copy files, listen to Skype calls, record every keystroke and switch on Web cameras and microphones at will.

According to accounts the engineer gave later and contemporary records obtained by The Washington Post, he soon fell into a shadowy world of lucrative spyware tools for sale to foreign security services, some of them with records of human rights abuse.

Over several months, the engineer adapted Gamma’s digital weapons to run on his company’s specialized, high-speed network hardware. Until then CloudShield had sold its CS-2000 device, a multipurpose network and content processing product, primarily to the Air Force and other Pentagon customers, who used it to manage and defend their networks, not to attack others.

CloudShield’s central role in Gamma’s controversial work — fraught with legal risk under U.S. export restrictions — was first uncovered by Morgan Marquis-Boire, author of a new report released Friday by the Citizen Lab at the University of Toronto’s Munk School of Global Affairs. He shared advance drafts with The Post, which conducted its own month-long investigation. [Continue reading…]

Facebooktwittermail