Category Archives: hacking

Hackers warned about internet vulnerabilities but were ignored

The Washington Post reports: The seven young men sitting before some of Capitol Hill’s most powerful lawmakers weren’t graduate students or junior analysts from some think tank. No, Space Rogue, Kingpin, Mudge and the others were hackers who had come from the mysterious environs of cyberspace to deliver a terrifying warning to the world.

Your computers, they told the panel of senators in May 1998, are not safe — not the software, not the hardware, not the networks that link them together. The companies that build these things don’t care, the hackers continued, and they have no reason to care because failure costs them nothing. And the federal government has neither the skill nor the will to do anything about it.

“If you’re looking for computer security, then the Internet is not the place to be,” said Mudge, then 27 and looking like a biblical prophet with long brown hair flowing past his shoulders. The Internet itself, he added, could be taken down “by any of the seven individuals seated before you” with 30 minutes of well-choreographed keystrokes.

The senators — a bipartisan group including John Glenn, Joseph I. Lieberman and Fred D. Thompson — nodded gravely, making clear that they understood the gravity of the situation. “We’re going to have to do something about it,” Thompson said.

What happened instead was a tragedy of missed opportunity, and 17 years later the world is still paying the price in rampant insecurity. [Continue reading…]

Facebooktwittermail

Attack gave Chinese hackers privileged access to U.S. systems

The New York Times reports: For more than five years, American intelligence agencies followed several groups of Chinese hackers who were systematically draining information from defense contractors, energy firms and electronics makers, their targets shifting to fit Beijing’s latest economic priorities.

But last summer, officials lost the trail as some of the hackers changed focus again, burrowing deep into United States government computer systems that contain vast troves of personnel data, according to American officials briefed on a federal investigation into the attack and private security experts.

Undetected for nearly a year, the Chinese intruders executed a sophisticated attack that gave them “administrator privileges” into the computer networks at the Office of Personnel Management, mimicking the credentials of people who run the agency’s systems, two senior administration officials said. The hackers began siphoning out a rush of data after constructing what amounted to an electronic pipeline that led back to China, investigators told Congress last week in classified briefings.

Much of the personnel data had been stored in the lightly protected systems of the Department of the Interior, because it had cheap, available space for digital data storage. The hackers’ ultimate target: the one million or so federal employees and contractors who have filled out a form known as SF-86, which is stored in a different computer bank and details personal, financial and medical histories for anyone seeking a security clearance.

“This was classic espionage, just on a scale we’ve never seen before from a traditional adversary,” one senior administration official said. “And it’s not a satisfactory answer to say, ‘We found it and stopped it,’ when we should have seen it coming years ago.” [Continue reading…]

Facebooktwittermail

Fed personnel agency admits history of security problems

The Associated Press reports: An Office of Personnel Management investigative official said Tuesday the agency entrusted with millions of personnel records has a history of failing to meet basic computer network security requirements.

Michael Esser, assistant inspector general for audit, said in testimony prepared for delivery that for years many of the people running the agency’s information technology had no IT background. He also said the agency had not disciplined any employees for the agency’s failure to pass numerous cyber security audits.

Esser and others were testifying Tuesday to the House Oversight and Government Reform Committee about the cyber-theft of private information on millions of former and current federal employees, as well as U.S. security clearance holders, by hackers linked to China.

Officials fear that China will seek to gain leverage over Americans with access to secrets by pressuring their overseas relatives, particularly if they happen to be living in China or another authoritarian country. Over the last decade, U.S. intelligence agencies have sought to hire more people of Asian and Middle Eastern descent, some of whom have relatives living overseas. The compromise of their personal data is likely to place additional burdens on employees who already face onerous security scrutiny.

China denies involvement in the cyberattack that is being called the most damaging U.S. national security loss in more than a decade.

The potential for new avenues of espionage against the U.S. is among the most obvious repercussions of the pair of data breaches by hackers who are believed to have stolen personnel data on millions of current and former federal employees and contractors. [Continue reading…]

Facebooktwittermail

When secret government talks are hacked it shows no one is secure in the connected age

By Carsten Maple, University of Warwick

Hotel rooms aren’t as private as they used to be. Recent reports suggest luxury hotels may have been targeted by national intelligence services trying to spy on negotiations over Iran’s nuclear programme.

The talks weren’t bugged in the traditional way of hiding microphones in the room. Instead, hackers infected hotel computers with a computer virus that its discoverers say may have been used to gather information from the hotels’ security cameras and phones.

The virus was discovered by cyber-security firm Kaspersky Labs when the company itself was infected by a sophisticated worm known as Duqu2. Kaspersky went about investigating which other systems around the world might have been attacked. Among the huge range of systems they checked, thousands of hotel systems were analysed. Most of these had not been subjected to an attack, but three luxury European hotels had also been hit by Duqu2.

Each was compromised before hosting key negotiations between Iran and world leaders regarding the country’s nuclear programme. Having previously been accused by the US of spying on the talks, Israel – which was not involved in the discussions – is now under suspicion of (and denies) deploying the virus.

Continue reading

Facebooktwittermail

Hackers gained access to records on ‘almost everybody who has got a United States security clearance’

The Associated Press reports: Hackers linked to China have gained access to the sensitive background information submitted by intelligence and military personnel for security clearances, U.S. officials said Friday, describing a cyberbreach of federal records dramatically worse than first acknowledged.

The forms authorities believed may have been stolen en masse, known as Standard Form 86, require applicants to fill out deeply personal information about mental illnesses, drug and alcohol use, past arrests and bankruptcies. They also require the listing of contacts and relatives, potentially exposing any foreign relatives of U.S. intelligence employees to coercion. Both the applicant’s Social Security number and that of his or her cohabitant is required.

In a statement, the White House said that on June 8, investigators concluded there was “a high degree of confidence that … systems containing information related to the background investigations of current, former and prospective federal government employees, and those for whom a federal background investigation was conducted, may have been exfiltrated.”

“This tells the Chinese the identities of almost everybody who has got a United States security clearance,” said Joel Brenner, a former top U.S. counterintelligence official. “That makes it very hard for any of those people to function as an intelligence officer. The database also tells the Chinese an enormous amount of information about almost everyone with a security clearance. That’s a gold mine. It helps you approach and recruit spies.” [Continue reading…]

Adrienne LaFrance writes: it is clear that large-scale data theft is a major problem facing the United States. It has happened before and it will happen again.

In 2012, Verizon said that “state-affiliated actors” made up nearly one-fifth of the successful breaches it recorded that year. In 2013, hackers stole data about more than 100,000 people from the Department of Energy’s network. Officials in the United State blame China for years-long hacking attempts against the Veteran Affairs Department that began as early as 2010 and compromised more than 20 million people’s personal information. And even though the Office of Personnel Management had been hacked before, it appears the agency continued to be astonishingly lax about its own security. [Continue reading…]

Facebooktwittermail

Spy virus linked to Israel targeted hotels used for Iran nuclear talks

The Wall Street Journal reports: When a cybersecurity firm discovered it had been hacked last year by a virus widely believed to be used by Israeli spies, it wanted to know who else was on the hit list.

The Moscow-based firm, Kaspersky Lab ZAO, checked millions of computers world-wide and three luxury European hotels popped up. The other hotels tested—thousands in all—were clean. Researchers at the firm weren’t sure what to make of the results. Then they realized what the three hotels had in common.

Each was infiltrated by the virus before hosting high-stakes negotiations between Iran and world powers over curtailing Tehran’s nuclear program.

The spyware, the firm has now concluded, was an improved version of Duqu, a virus first identified by cybersecurity experts in 2011, according to a Kaspersky report and outside security experts. Current and former U.S. officials and many cybersecurity experts say they believe Duqu was designed to carry out Israel’s most sensitive intelligence collection. [Continue reading…]

Facebooktwittermail

France probes Russian lead in TV5Monde hacking

Reuters reports: Russian hackers linked to the Kremlin could be behind one of the biggest attacks to date on televised communications, which knocked French station TV5Monde off air in April, sources familiar with France’s inquiry said.

A French judicial source told Reuters that the investigators are “leaning towards the lead of Russian hackers,” confirming a report in French magazine L’Express.

Hackers claiming to be supporters of Islamic State caused the public station’s 11 channels to temporarily go off air and posted material on its social media feeds to protest against French military action in Iraq.

But the judicial source said the theory that Islamist militants were behind the cyber attack was no longer the main lead in the investigation.

U.S. cybersecurity company FireEye, which has been assisting French authorities in some cases, said on Wednesday that it believed the attack came from a Russian group it suspects works with the Russian executive branch. Relations between Paris and Moscow have suffered over the crisis in Ukraine, leading France to halt delivery of two helicopter carriers built for Russia. [Continue reading…]

Facebooktwittermail

Hackers may have obtained names of Chinese with ties to U.S. government

The New York Times reports: Investigators say that the Chinese hackers who attacked the databases of the Office of Personnel Management may have obtained the names of Chinese relatives, friends and frequent associates of American diplomats and other government officials, information that Beijing could use for blackmail or retaliation.

Federal employees who handle national security information are required to list some or all of their foreign contacts, depending on the agency, to receive high-level clearances. Investigators say that the hackers obtained many of the lists, and they are trying to determine how many of those thousands of names were compromised.

In classified briefings to members of Congress in recent days, intelligence officials have described what appears to be a systematic Chinese effort to build databases that explain the inner workings of the United States government. The information includes friends and relatives, around the world, of diplomats, of White House officials and of officials from government agencies, like nuclear experts and trade negotiators.[Continue reading…]

Facebooktwittermail

Big U.S. data breaches offer treasure trove for hackers

Reuters reports: A massive breach of U.S. federal computer networks disclosed this week is the latest in a flood of attacks by suspected Chinese hackers aimed at grabbing personal data, industrial secrets and weapons plans from government and private computers.

The Obama administration on Thursday disclosed the breach of computer systems at the Office of Personnel Management and said the records of up to 4 million current and former federal employees may have been compromised.

U.S. officials have said on condition of anonymity they believe the hackers are based in China, but Washington has not publicly blamed Beijing at a time when tensions are high over Chinese territorial claims in the South China Sea. [Continue reading…]

Facebooktwittermail

Hacked emails reveal Russian plans to obtain sensitive Western tech

The Intercept reports: In April 2014, Viktor Tarasov wrote to the head of Ruselectronics, a Russian state-owned holding company, about a critical shortage of military equipment. The Russian military lacked thermal imaging systems — devices commonly used to detect people and vehicles — and Tarasov believed that technology might be needed soon because of the “increasingly complex situation in the southeast of Ukraine and the possible participation of Russian forces” to stabilize the region.

Tarasov, in charge of Ruselectronics’ optical tech subsidiary, was hoping that the head of Ruselectronics would write to the minister of defense for armaments to advance his company 150 million rubles, then about $4 million, to buy 500 microbolometer arrays, a critical component of thermal imaging devices. The money, Tarasov wrote, would allow the company to buy the equipment under a current contract from a French company without the need for signing a new “end-use certificate,” which requires the buyer to disclose the final recipient.

Time was of the essence, he warned, because the West was preparing another round of sanctions against Russia that would slow the purchases and increase costs. Tarasov also claimed that the United States was already providing similar equipment to Ukrainian forces. (Pentagon spokesperson Eileen Lainez confirmed that the Department of Defense had provided thermal imaging devices and night-vision goggles to Ukraine in 2014, along with a variety of other military equipment). [Continue reading…]

Facebooktwittermail

The ‘ISIS cyberwar’ hype machine is doing more harm than good

Lorenzo Franceschi-Bicchierai writes: Last week, hackers claiming to be affiliated with the extremist group known as the Islamic State released an Anonymous-style video making vague threats of “electronic war” against Europe and the US.

There is no proof or evidence that the video actually comes from the group, nor there is any evidence the group, also known as ISIS, has any ability to do anything damaging online other than taking over Twitter feeds or random media sites with their “cyberattacks.”

Yet, that didn’t stop a new round of breathless hype. On Sunday, The Hill wrote that ISIS was preparing for “cyberwar” and an “all-out cyber crusade.”

Looks like ISIS wannabes successfully hacked the media once again. [Continue reading…]

Facebooktwittermail

GCHQ openly recruiting hackers as British government seeks more surveillance powers

Forbes: Now that the Conservative Party has secured a majority government in the UK, it’s pushing ahead with plans to expand the surveillance state with the Communications Data Bill, also known as Snooper’s Charter, which would require communications providers from BT to Facebook to maintain records of customers’ internet activity, text messages and voice calls for a year. This may have emboldened GCHQ, the British spy agency and chief NSA partner, which has, for the first time, openly called for applicants to fill the role of Computer Network Operations Specialists, also known as nation-state funded hackers.

According to a job ad for a Computer Network Operations Specialist, a student or graduate will have to have, or soon have, “a Bachelor’s or Master’s degree incorporating ethical hacking, digital forensics or information security”.

Facebooktwittermail

Russian hackers read Obama’s unclassified emails, officials say

The New York Times reports: Some of President Obama’s email correspondence was swept up by Russian hackers last year in a breach of the White House’s unclassified computer system that was far more intrusive and worrisome than has been publicly acknowledged, according to senior American officials briefed on the investigation.

The hackers, who also got deeply into the State Department’s unclassified system, do not appear to have penetrated closely guarded servers that control the message traffic from Mr. Obama’s BlackBerry, which he or an aide carries constantly.

But they obtained access to the email archives of people inside the White House, and perhaps some outside, with whom Mr. Obama regularly communicated. From those accounts, they reached emails that the president had sent and received, according to officials briefed on the investigation. [Continue reading…]

Facebooktwittermail

Hackers trick Israeli military with ‘girls in the IDF’ emails

Reuters reports: Hackers have managed to penetrate computer networks associated with the Israeli military in an espionage campaign that skillfully packages existing attack software with trick emails, according to security researchers at Blue Coat Systems Inc.

The four-month-old effort, most likely by Arabic-speaking programmers, shows how the Middle East continues to be a hotbed for cyber espionage and how widely the ability to carry off such attacks has spread, the researchers said.

Waylon Grange, a researcher with Blue Coat who discovered the campaign, said the vast majority of the hackers’ software was cobbled together from widely available tools, such as the remote-access Trojan called Poison Ivy.

The hackers were likely working on a budget and had no need to spend much on tailored code, Grange said, adding that most of their work appeared to have gone into so-called social engineering, or human trickery.

The hackers sent emails to various military addresses that purported to show breaking military news, or, in some cases, a clip featuring “Girls of the Israel Defense Forces.” Some of the emails included attachments that established “back doors” for future access by the hackers and modules that could download and run additional programs, according to Blue Coat. [Continue reading…]

Facebooktwittermail

China is said to use powerful new weapon to censor internet

The New York Times reports: Late last month, China began flooding American websites with a barrage of Internet traffic in an apparent effort to take out services that allow China’s Internet users to view websites otherwise blocked in the country.

Initial security reports suggested that China had crippled the services by exploiting its own Internet filter — known as the Great Firewall — to redirect overwhelming amounts of traffic to its targets. Now, researchers at the University of California, Berkeley, and the University of Toronto say China did not use the Great Firewall after all, but rather a powerful new weapon that they are calling the Great Cannon.

The Great Cannon, the researchers said in a report published Friday, allows China to intercept foreign web traffic as it flows to Chinese websites, inject malicious code and repurpose the traffic as Beijing sees fit.

The system was used, they said, to intercept web and advertising traffic intended for Baidu — China’s biggest search engine company — and fire it at GitHub, a popular site for programmers, and GreatFire.org, a nonprofit that runs mirror images of sites that are blocked inside China. The attacks against the services continued on Thursday, the researchers said, even though both sites appeared to be operating normally.

But the researchers suggested that the system could have more powerful capabilities. With a few tweaks, the Great Cannon could be used to spy on anyone who happens to fetch content hosted on a Chinese computer, even by visiting a non-Chinese website that contains Chinese advertising content.

“The operational deployment of the Great Cannon represents a significant escalation in state-level information control,” the researchers said in their report. It is, they said, “the normalization of widespread and public use of an attack tool to enforce censorship.” [Continue reading…]

Facebooktwittermail

How the U.S. thinks Russians hacked the White House

CNN reports: Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.

While the White House has said the breach only affected an unclassified system, that description belies the seriousness of the intrusion. The hackers had access to sensitive information such as real-time non-public details of the president’s schedule. While such information is not classified, it is still highly sensitive and prized by foreign intelligence agencies, U.S. officials say.

The White House in October said it noticed suspicious activity in the unclassified network that serves the executive office of the president. The system has been shut down periodically to allow for security upgrades.

The FBI, Secret Service and U.S. intelligence agencies are all involved in investigating the breach, which they consider among the most sophisticated attacks ever launched against U.S. government systems. ​The intrusion was routed through computers around the world, as hackers often do to hide their tracks, but investigators found tell-tale codes and other markers that they believe point to hackers working for the Russian government. [Continue reading…]

Facebooktwittermail

Meet Anonymous International, the hackers taking on the Kremlin

Daniil Turovsky writes: Around 10am on 14 August 2014, an unremarkable man walked into a café near Tishinskaya Square in Moscow. He ordered a coffee, sat down, opened up a cheap laptop and launched a few applications: a text editor, an app for encrypted chat, and a browser.

Then, he opened Twitter and wrote: “I’m resigning. I am ashamed of this government’s actions. Forgive me.”

The tweet immediately appeared on prime minister Dmitri Medvedev’s official Twitter account, visible to his 2.5m followers.

Taking a sip of his coffee, he wrote a few more tweets: “I will become a photographer. I’ve dreamed about it for some time”; “Vova [Putin]! You are wrong!”

The tweeter is a member of Anonymous International, better known as Shaltai Boltai (Humpty Dumpty in Russian), arguably the most famous hacker group in the country after claiming responsibility for a series of high-profile leaks.

In the past two years, they’ve gained access to documents detailing the Russian state’s game plan for a supposedly “grassroots” demonstration in Moscow in support of its actions in Crimea; details about how the Kremlin prepared Crimea’s secessionist referendum; and private emails allegedly belonging to Igor Strelkov, who claims he played a key role in organising the pro-Russian insurgency in Donetsk, Ukraine. [Continue reading…]

Facebooktwittermail

Politics intrude as cybersecurity firms hunt foreign spies

Reuters reports: The $71 billion cybersecurity industry is fragmenting along geopolitical lines as firms chase after government contracts, share information with spy agencies, and market themselves as protectors against attacks by other nations.

Moscow-based cybersecurity firm Kaspersky Lab has become a leading authority on American computer espionage campaigns, but sources within the company say it has hesitated at least twice before exposing hacking activities attributed to mother Russia.

Meanwhile, U.S. cybersecurity firms CrowdStrike Inc and FireEye Inc (FEYE.O) have won fame by uncovering sophisticated spying by Russia and China – but have yet to point a finger at any American espionage.

The balkanization of the security industry reflects broader rifts in the technology markets that have been exacerbated by disclosures about government-sponsored cyberattacks and surveillance programs, especially those leaked by former U.S. intelligence agency contractor Edward Snowden.

“Some companies think we should be stopping all hackers. Others think we should stop only the other guy’s hackers – they think we can win the war,” said Dan Kaminsky, chief scientist at security firm White Ops Inc, putting himself in the former camp.

Kaspersky Lab has faced questions about its connections to Russian intelligence before: Chief Executive Eugene Kaspersky had attended a KGB school, Chief Operating Officer Andrey Tikhonov was a lieutenant colonel in the military, and Chief Legal Officer Igor Chekunov had served in the KGB’s border service.

Eugene Kaspersky said the firm has never been asked by a government agency to back away from investigating a cyberattack, and said that its international team of researchers would not be swayed by any one country’s national interests.

Still, several current and former Kaspersky Lab employees said the firm has dithered over whether to publish research on at least two Russian hacking strikes.

Last year, Kaspersky Lab officials privately gave some paying customers a report about a sophisticated computer spying campaign that it had uncovered. But the company did not publish the report more widely until five months after British defense contractor BAE Systems Plc (BAES.L) exposed the campaign, linking it to another suspected Russian government operation and noting that most infected computers were found were in Ukraine. [Continue reading…]

Facebooktwittermail