Category Archives: hacking

U.S. links North Korea to Sony hacking

The New York Times reports: American officials have concluded that North Korea ordered the attacks on Sony Pictures’s computers, a determination reached as the studio decided Wednesday to cancel the release of a comedy movie about the assassination of Kim Jong-un that is believed to have led to the hacking.

Senior administration officials, who would not speak on the record about the intelligence findings, said the White House was still debating whether to publicly accuse North Korea of what amounts to a cyberterrorism campaign. Sony’s decision to cancel release of “The Interview” amounted to a capitulation to the threats sent out by hackers this week that they would launch attacks, perhaps on theaters themselves, if the movie was released.

Officials said it was not clear how the White House would decide to respond to North Korea. Some within the Obama administration argue that the government of Mr. Kim must be directly confronted, but that raises the question of what consequences the administration would threaten — or how much of its evidence it could make public without revealing details of how the United States was able to penetrate North Korean computer networks to trace the source of the hacking.

Others argue that a direct confrontation with the North over the threats to Sony and moviegoers might result in escalation, and give North Korea the kind of confrontation it often covets. Japan, for which Sony is an iconic corporate name, has argued that a public accusation could interfere with delicate diplomatic negotiations underway for the return of Japanese nationals kidnapped years ago.

The sudden urgency inside the administration over the Sony issue came after a new threat was delivered this week to desktop computers at Sony’s offices that if “The Interview” was released on Dec. 25, “the world will be full of fear.” It continued: “Remember the 11th of September 2001. We recommend you to keep yourself distant from the places at that time.”

Sony dropped its plan to release the film after the four largest theater chains in the United States — Regal Entertainment, AMC Theaters, Cinemark and Carmike Cinemas — and several smaller chains said they would not show the film. The cancellations virtually killed “The Interview” as a theatrical enterprise, at least in the near term, one of the first known instances of a threat from another nation pre-empting the release of a movie.

While intelligence officials have concluded that the cyberattack on Sony was both state sponsored and far more destructive than any seen before on American soil, there are still differences of opinion over whether North Korea was aided by Sony insiders with an intimate knowledge of the company’s computer systems. [Continue reading…]

Jason Koebler reports: North Korea has denied playing a role in the hack, but called it a “righteous deed.” There’s nothing, really, beyond hatred of The Interview, to tie Guardians of Peace [as the hackers have dubbed themselves] to North Korea, but it’s still a narrative that has played out in the media.

And it’s a narrative that both sides are happy to embrace, [cybersecurity expert Bruce] Schneier speculated in an interview with me. Sony execs can say they’ve been targeted by a dictatorship, and the hackers get to have some fun.

“It’s really a phenomenally awesome hack — they completely owned this company,” Schneier, who is regularly consulted by the federal government on security issues, said. “But, I think this is just a regular hack. All the talk, it’s hyperbole and a joke. They’re [threatening violence] because it’s fun for them — why the hell not? They’re doing it because they actually hit Sony, because they’re acting like they’re 12, they’re doing it for the lulz, no one knows why.”

“Everyone at Sony right now is trying not to get fired,” he added. “There are going to be a lot of firings for Sony at the end of this.” [Continue reading…]

A TMZ headline on Sony Pictures Chief Amy Pascal says ambiguously, “I’m going nowhere” — she’s staying or she’s finished?

Underlining her conviction that everyone inside Sony is blameless, Pascal told Bloomberg News: “I think continuity and support and going forward is what’s important now.” Continuity = no one gets fired. Support = no criticism. Going forward = don’t look back.

But screenwriter Aaron Sorkin is in no doubt about who deserves blame: the press.

If you close your eyes you can imagine the hackers sitting in a room, combing through the documents to find the ones that will draw the most blood. And in a room next door are American journalists doing the same thing. As demented and criminal as it is, at least the hackers are doing it for a cause. The press is doing it for a nickel.

The cause of the hackers being? To defend the image of Kim Jong-un?

I don’t buy it. Much more likely this is an ongoing test of power with the hackers flexing their muscles and now demonstrating that they have the power to torpedo the release of a movie that cost $44 million to produce.

What next?

Facebooktwittermail

How hackers almost toppled the Sheldon Adelson gambling empire

Bloomberg Businessweek reports: Investigators from Dell SecureWorks working for [Sheldon Adelson’s casino empire, Las Vegas] Sands have concluded that the February attack was likely the work of “hacktivists” based in Iran, according to documents obtained by Bloomberg Businessweek. The security team couldn’t determine if Iran’s government played a role, but it’s unlikely that any hackers inside the country could pull off an attack of that scope without its knowledge, given the close scrutiny of Internet use within its borders. “This isn’t the kind of business you can get into in Iran without the government knowing,” says James Lewis, a senior fellow at the Center for Strategic and International Studies in Washington. Hamid Babaei, a spokesman for Iran’s Permanent Mission to the United Nations, didn’t return several phone calls and e-mails.

The perpetrators released their malware early in the morning on Monday, Feb. 10. It spread through the company’s networks, laying waste to thousands of servers, desktop PCs, and laptops. By the afternoon, Sands security staffers noticed logs showing that the hackers had been compressing batches of sensitive files. This meant that they may have downloaded — or were preparing to download — vast numbers of private documents, from credit checks on high-roller customers to detailed diagrams and inventories of global computer systems. Michael Leven, the president of Sands, decided to sever the company entirely from the Internet.

It was a drastic step in an age when most business functions, from hotel reservations to procurement, are handled online. But Sands was able to keep many core operations functioning — the hackers weren’t able to access an IBM (IBM) mainframe that’s key to running certain parts of the business. Hotel guests could still swipe their keycards to get into their rooms. Elevators ran. Gamblers could still drop coins into slot machines or place bets at blackjack tables. Customers strolling the casino floors or watching the gondolas glide by on the canal in front of the Venetian had no idea anything was amiss.

Leven’s team quickly realized that they’d caught a major break. The Iranians had made a mistake. Among the first targets of the wiper software were the company’s Active Directory servers, which help manage network security and create a trusted link to systems abroad. If the hackers had waited before attacking these machines, the malware would have made it to Sands’ extensive properties in Singapore and China. Instead, the damage was confined to the U.S. [Continue reading…]

Facebooktwittermail

The looming digital security catastrophe

Nicole Perlroth reports: Paul Kocher, one of the country’s leading cryptographers, says he thinks the explanation for the world’s dismal state of digital security may lie in two charts.

One shows the number of airplane deaths per miles flown, which decreased to one-thousandth of what it was in 1945 with the advent of the Federal Aviation Administration in 1958 and stricter security and maintenance protocols. The other, which details the number of new computer security threats, shows the opposite. There has been more than a 10,000-fold increase in the number of new digital threats over the last 12 years.

The problem, Mr. Kocher and security experts reason, is a lack of liability and urgency. The Internet is still largely held together with Band-Aid fixes. Computer security is not well regulated, even as enormous amounts of private, medical and financial data and the nation’s computerized critical infrastructure — oil pipelines, railroad tracks, water treatment facilities and the power grid — move online.

If a stunning number of airplanes in the United States crashed tomorrow, there would be investigations, lawsuits and a cutback in air travel, and the airlines’ stock prices would most likely plummet. That has not been true for hacking attacks, which surged 62 percent last year, according to the security company Symantec. As for long-term consequences, Home Depot, which suffered the worst security breach of any retailer in history this year, has seen its stock float to a high point.

In a speech two years ago, Leon E. Panetta, the former defense secretary, predicted it would take a “cyber-Pearl Harbor” — a crippling attack that would cause physical destruction and loss of life — to wake up the nation to the vulnerabilities in its computer systems.

No such attack has occurred. Nonetheless, at every level, there has been an awakening that the threats are real and growing worse, and that the prevailing “patch and pray” approach to computer security simply will not do. [Continue reading…]

Facebooktwittermail

Want to avoid government malware? Ask a former NSA hacker

The Guardian reports: Many of the brightest minds from the National Security Agency and GCHQ staff tire themselves out from long years of service, moving out into the comfort of the private sector.

Unsurprisingly, the security industry welcomes them with open arms. After all, who better to hand out advice than alumni of two of the most sophisticated intelligence agencies on the planet?

A young British company called Darktrace, whose technology was spawned in the classrooms and bedrooms of Cambridge University, can now boast a covey of former spies among their executive ranks. Jim Penrose, who spent 17 years at the NSA and was involved in the much-feared Tailored Access Operations group (TAO), is one of Darktrace’s latest hires.

Though he declined to confirm or deny any of the claims made about TAO’s operations, including Edward Snowden leaks that showed it had hacked into between 85,000 and 100,000 machines around the world, Penrose spoke with the Guardian about how people might want to defend themselves from government-sponsored cyber attacks. [Continue reading…]

Facebooktwittermail

Only top legislators informed of White House computer attack

Reuters reports: An attack by hackers on a White House computer network earlier this month was considered so sensitive that only a small group of senior congressional leaders were initially notified about it, U.S. officials said on Thursday.

The officials said the Democratic and Republican leaders of the Senate and the House of Representatives and the heads of the Senate and House Intelligence Committees, collectively known as the “Gang of Eight,” were told last week of the cyber attack, which had occurred several days earlier.

Security experts said this limited group would normally be informed about ultra-secret intelligence operations and notifying them of a computer breach in this way was unusual. [Continue reading…]

Facebooktwittermail

Maybe better if you don’t read this story on public WiFi

Maurits Martijn writes: The idea that public WiFi networks are not secure is not exactly news. It is, however, news that can’t be repeated often enough. There are currently more than 1.43 billion smartphone users worldwide and more than 150 million smartphone owners in the U.S. More than 92 million American adults own a tablet and more than 155 million own a laptop. Each year the worldwide demand for more laptops and tablets increases. In 2013, an estimated 206 million tablets and 180 million laptops were sold worldwide. Probably everyone with a portable device has once been connected to a public WiFi network: while having a coffee, on the train, or at a hotel.

The good news is that some networks are better protected than others; some email and social media services use encryption methods that are more secure than their competitors. But spend a day walking in the city with Wouter Slotboom, and you’ll find that almost everything and everyone connected to a WiFi network can be hacked. A study from threat intelligence consultancy Risk Based Security estimates that more than 822 million records were exposed worldwide in 2013, including credit card numbers, birth dates, medical information, phone numbers, social security numbers, addresses, user names, emails, names, and passwords. Sixty-five percent of those records came from the U.S. According to IT security firm Kaspersky Lab, in 2013 an estimated 37.3 million users worldwide and 4.5 million Americans were the victim of phishing — or pharming — attempts, meaning payment details were stolen from hacked computers, smartphones, or website users.

Report after report shows that digital identity fraud is an increasingly common problem. Hackers and cybercriminals currently have many different tricks at their disposal. But the prevalence of open, unprotected WiFi networks does make it extremely easy for them. The Netherlands National Cyber ​​Security Center, a division of the Ministry of Security and Justice, did not issue the following advice in vain: “It is not advisable to use open WiFi networks in public places. If these networks are used, work or financial related activities should better be avoided.”

Slotboom calls himself an “ethical hacker,” or one of the good guys; a technology buff who wants to reveal the potential dangers of the internet and technology. He advises individuals and companies on how to better protect themselves and their information. He does this, as he did today, usually by demonstrating how easy it is to inflict damage. Because really, it’s child’s play: The device is cheap, and the software for intercepting traffic is very easy to use and is readily available for download. “All you need is 70 Euros, an average IQ, and a little patience,” he says. I will refrain from elaborating on some of the more technical aspects, such as equipment, software, and apps needed to go about hacking people. [Continue reading…]

Facebooktwittermail

Syrian hackers use WhatsApp, Viber, Facebook and YouTube to spread malware aimed activists

IB Times reports: A group of pro-Assad hackers in Syria are using activist websites, WhatsApp, Viber, YouTube and social media to spread malware which claims to help protect privacy.

The group of hackers has infected more than 10,000 victims using sophisticated techniques to hide the malware they are sharing on websites visited by activists, social media platforms like Facebook, YouTube, Skype and even on instant messaging services WhatsApp and Viber.

The news comes from a report from Kasperksy Lab entitled “Syrian Malware – the ever-evolving threat” which says the group of hackers is highly organised and is targeting victims inside as well as outside of Syria.

The group is playing on the fears of victims in the worn-torn country by spreading fake messages (via email, Skype, Viber etc) which claim to give details about imminent cyber-attacks. [Continue reading…]

Facebooktwittermail

U.S. firm helped the spyware industry build a potent digital weapon for sale overseas

Barton Gellman reports: CloudShield Technologies, a California defense contractor, dispatched a senior engineer to Munich in the early fall of 2009. His instructions were unusually opaque.

As he boarded the flight, the engineer told confidants later, he knew only that he should visit a German national who awaited him with an off-the-books assignment. There would be no written contract, and on no account was the engineer to send reports back to CloudShield headquarters.

His contact, Martin J. Muench, turned out to be a former developer of computer security tools who had long since turned to the darkest side of their profession. Gamma Group, the British conglomerate for which Muench was a managing director, built and sold systems to break into computers, seize control clandestinely, and then copy files, listen to Skype calls, record every keystroke and switch on Web cameras and microphones at will.

According to accounts the engineer gave later and contemporary records obtained by The Washington Post, he soon fell into a shadowy world of lucrative spyware tools for sale to foreign security services, some of them with records of human rights abuse.

Over several months, the engineer adapted Gamma’s digital weapons to run on his company’s specialized, high-speed network hardware. Until then CloudShield had sold its CS-2000 device, a multipurpose network and content processing product, primarily to the Air Force and other Pentagon customers, who used it to manage and defend their networks, not to attack others.

CloudShield’s central role in Gamma’s controversial work — fraught with legal risk under U.S. export restrictions — was first uncovered by Morgan Marquis-Boire, author of a new report released Friday by the Citizen Lab at the University of Toronto’s Munk School of Global Affairs. He shared advance drafts with The Post, which conducted its own month-long investigation. [Continue reading…]

Facebooktwittermail

Inside Anonymous’ cyberwar against the Israeli government

Mother Jones reports: The shadowy hacker collective known as Anonymous has announced it will launch a round of cyber-attacks this Friday against the Israeli government, in retaliation for Israel’s ongoing military intervention in Gaza. This onslaught would add to a wave of cyber assaults staged in recent weeks by hackers largely from the Middle East, Asia, and South America, who are supporting “OpSaveGaza,” an Anonymous-backed campaign targeting Israeli government websites that has succeeded in temporarily taking down the sites of the Israeli defense ministry and the Tel Aviv police department.

This isn’t the first time Anonymous has zeroed in on Israel; the collective has been launching cyber-attacks against the country for several years, with mixed results. “As a collective ‘Anonymous’ does not hate Israel, it hates that Israel’s government is committing genocide & slaughtering unarmed people in Gaza to obtain more land at the border,” an Anonymous spokesperson, using the Twitter handle @YourAnonCentral, tells Mother Jones. The spokesperson notes that there has never been any Anonymous action taken against Palestinian targets, including Hamas, the outfit governing Gaza and launching rocket attacks against Israel.

The most recent round of cyber-attacks began in early July, and the Anonymous spokesperson claims that collective members sabotaged “thousands” of Israeli websites. Several of the sites targeted were indeed down recently. The International Business Times reported last week that “numerous Israeli government homepages have been replaced by graphics, slogans, and auto-playing audio files.” On Monday, hackers leaked a list of log-in details they claim belong to Israeli government officials, but the government hasn’t confirmed this. [Continue reading…]

Facebooktwittermail

How Russian hackers stole the Nasdaq

Bloomberg Businessweek reports: In October 2010, a Federal Bureau of Investigation system monitoring U.S. Internet traffic picked up an alert. The signal was coming from Nasdaq. It looked like malware had snuck into the company’s central servers. There were indications that the intruder was not a kid somewhere, but the intelligence agency of another country. More troubling still: When the U.S. experts got a better look at the malware, they realized it was attack code, designed to cause damage.

As much as hacking has become a daily irritant, much more of it crosses watch-center monitors out of sight from the public. The Chinese, the French, the Israelis — and many less well known or understood players — all hack in one way or another. They steal missile plans, chemical formulas, power-plant pipeline schematics, and economic data. That’s espionage; attack code is a military strike. There are only a few recorded deployments, the most famous being the Stuxnet worm. Widely believed to be a joint project of the U.S. and Israel, Stuxnet temporarily disabled Iran’s uranium-processing facility at Natanz in 2010. It switched off safety mechanisms, causing the centrifuges at the heart of a refinery to spin out of control. Two years later, Iran destroyed two-thirds of Saudi Aramco’s computer network with a relatively unsophisticated but fast-spreading “wiper” virus. One veteran U.S. official says that when it came to a digital weapon planted in a critical system inside the U.S., he’s seen it only once — in Nasdaq.

The October alert prompted the involvement of the National Security Agency, and just into 2011, the NSA concluded there was a significant danger. A crisis action team convened via secure videoconference in a briefing room in an 11-story office building in the Washington suburbs. Besides a fondue restaurant and a CrossFit gym, the building is home to the National Cybersecurity and Communications Integration Center (NCCIC), whose mission is to spot and coordinate the government’s response to digital attacks on the U.S. They reviewed the FBI data and additional information from the NSA, and quickly concluded they needed to escalate.

Thus began a frenzied five-month investigation that would test the cyber-response capabilities of the U.S. and directly involve the president. Intelligence and law enforcement agencies, under pressure to decipher a complex hack, struggled to provide an even moderately clear picture to policymakers. After months of work, there were still basic disagreements in different parts of government over who was behind the incident and why. “We’ve seen a nation-state gain access to at least one of our stock exchanges, I’ll put it that way, and it’s not crystal clear what their final objective is,” says House Intelligence Committee Chairman Mike Rogers, a Republican from Michigan, who agreed to talk about the incident only in general terms because the details remain classified. “The bad news of that equation is, I’m not sure you will really know until that final trigger is pulled. And you never want to get to that.”

Bloomberg Businessweek spent several months interviewing more than two dozen people about the Nasdaq attack and its aftermath, which has never been fully reported. Nine of those people were directly involved in the investigation and national security deliberations; none were authorized to speak on the record. “The investigation into the Nasdaq intrusion is an ongoing matter,” says FBI New York Assistant Director in Charge George Venizelos. “Like all cyber cases, it’s complex and involves evidence and facts that evolve over time.”

While the hack was successfully disrupted, it revealed how vulnerable financial exchanges—as well as banks, chemical refineries, water plants, and electric utilities—are to digital assault. One official who experienced the event firsthand says he thought the attack would change everything, that it would force the U.S. to get serious about preparing for a new era of conflict by computer. He was wrong. [Continue reading…]

Facebooktwittermail

Active malware operation let attackers sabotage U.S. energy industry

Ars Technica: Researchers have uncovered a malware campaign that gave attackers the ability to sabotage the operations of energy grid owners, electricity generation firms, petroleum pipelines, and industrial equipment providers.

Called Dragonfly, the hacking group managed to install one of two remote access trojans (RATs) on computers belonging to energy companies located in the US and at least six European countries, according to a research report published Monday by Symantec. One of the RATs, called Havex, was spread by hacking the websites of companies selling software used in industrial control systems (ICS) and waiting for companies in the energy and manufacturing industries to install booby-trapped versions of the legitimate apps.

“This campaign follows in the footsteps of Stuxnet, which was the first known major malware campaign to target ICS systems,” the Symantec report stated. “While Stuxnet was narrowly targeted at the Iranian nuclear program and had sabotage as its primary goal, Dragonfly appears to have a much broader focus with espionage and persistent access as its current objective with sabotage as an optional capability if required.” [Continue reading…]

Facebooktwittermail

U.S. cybercrime laws being used to target security researchers

The Guardian reports: Some of the world’s best-known security researchers claim to have been threatened with indictment over their efforts to find vulnerabilities in internet infrastructure, amid fears American computer hacking laws are perversely making the web less safe to surf.

Many in the security industry have expressed grave concerns around the application of the US Computer Fraud and Abuse Act (CFAA), complaining law enforcement and lawyers have wielded it aggressively at anyone looking for vulnerabilities in the internet, criminalising work that’s largely benign.

They have also argued the law carries overly severe punishments, is too vague and does not consider context, only the action.

HD Moore, creator of the ethical hacking tool Metasploit and chief research officer of security consultancy Rapid7, told the Guardian he had been warned by US law enforcement last year over a scanning project called Critical.IO, which he started in 2012. The initiative sought to find widespread vulnerabilities using automated computer programs to uncover the weaknesses across the entire internet. [Continue reading…]

Facebooktwittermail

Computers, and computing, are broken

Quinn Norton writes: Once upon a time, a friend of mine accidentally took over thousands of computers. He had found a vulnerability in a piece of software and started playing with it. In the process, he figured out how to get total administration access over a network. He put it in a script, and ran it to see what would happen, then went to bed for about four hours. Next morning on the way to work he checked on it, and discovered he was now lord and master of about 50,000 computers. After nearly vomiting in fear he killed the whole thing and deleted all the files associated with it. In the end he said he threw the hard drive into a bonfire. I can’t tell you who he is because he doesn’t want to go to Federal prison, which is what could have happened if he’d told anyone that could do anything about the bug he’d found. Did that bug get fixed? Probably eventually, but not by my friend. This story isn’t extraordinary at all. Spend much time in the hacker and security scene, you’ll hear stories like this and worse.

It’s hard to explain to regular people how much technology barely works, how much the infrastructure of our lives is held together by the IT equivalent of baling wire.

Computers, and computing, are broken.

For a bunch of us, especially those who had followed security and the warrantless wiretapping cases, the revelations weren’t big surprises. We didn’t know the specifics, but people who keep an eye on software knew computer technology was sick and broken. We’ve known for years that those who want to take advantage of that fact tend to circle like buzzards. The NSA wasn’t, and isn’t, the great predator of the internet, it’s just the biggest scavenger around. It isn’t doing so well because they are all powerful math wizards of doom. [Continue reading…]

Facebooktwittermail

America’s double standards on cybercrime and national security

The New York Times reports: The National Security Agency has never said what it was seeking when it invaded the computers of Petrobras, Brazil’s huge national oil company, but angry Brazilians have guesses: the company’s troves of data on Brazil’s offshore oil reserves, or perhaps its plans for allocating licenses for exploration to foreign companies.

Nor has the N.S.A. said what it intended when it got deep into the computer systems of China Telecom, one of the largest providers of mobile phone and Internet services in Chinese cities. But documents released by Edward J. Snowden, the former agency contractor now in exile in Russia, leave little doubt that the main goal was to learn about Chinese military units, whose members cannot resist texting on commercial networks.

The agency’s interest in Huawei, the giant Chinese maker of Internet switching equipment, and Pacnet, the Hong Kong-based operator of undersea fiber optic cables, is more obvious: Once inside those companies’ proprietary technology, the N.S.A. would have access to millions of daily conversations and emails that never touch American shores.

Then there is Joaquín Almunia, the antitrust commissioner of the European Commission. He runs no company, but has punished many, including Microsoft and Intel, and just reached a tentative accord with Google that will greatly change how it operates in Europe.

In each of these cases, American officials insist, when speaking off the record, that the United States was never acting on behalf of specific American companies. But the government does not deny it routinely spies to advance American economic advantage, which is part of its broad definition of how it protects American national security. In short, the officials say, while the N.S.A. cannot spy on Airbus and give the results to Boeing, it is free to spy on European or Asian trade negotiators and use the results to help American trade officials — and, by extension, the American industries and workers they are trying to bolster. [Continue reading…]

Facebooktwittermail

U.S. charges five in Chinese army with hacking

The Wall Street Journal reports: The Justice Department indicted five Chinese military officers, alleging they hacked U.S. companies’ computers to steal trade secrets, a major escalation in the fight between the two superpowers over economic espionage.

The indictment, unsealed Monday, marks the first time the U.S. government has publicly accused employees of a foreign power with cybercrimes against American firms. It also marks the most extensive formal allegations by the government of the kind of hacking that American corporations have long complained about, but until now have rarely acknowledged.

Among those named as victims in the document are brand names from America’s industrial heartland, including U.S. Steel Corp., Westinghouse Electric Co. and Alcoa Inc.

U.S. officials said other cases relating to China are being prepared. In addition, alleged hackers in Russia are likely to be charged soon, according to people familiar with the government’s investigations. U.S. agencies have also been investigating incidents with possible ties to Iran and Syria, these people say.

It is unlikely the suspects will ever be brought to trial in the U.S., since there is no extradition treaty with China. Yet in publicly naming the five, and providing details in a 48-page indictment, the Obama administration is ratcheting up the political and diplomatic costs to China and others if they use computers to steal secrets or attack U.S. interests. [Continue reading…]

Reuters adds: China on Tuesday summoned the U.S. ambassador in Beijing and warned it would retaliate if Washington followed through with the charges. It said the affair would damage “mutual trust”.

At the centre of the row is a nondescript tower block in the northern suburbs of China’s financial capital Shanghai, home to Chinese People’s Liberation Army (PLA) Unit 61398.

The 12-storey block houses as many as several thousand staff, according to Mandiant, a U.S. cyber security firm recently acquired by global network security company FireEye Inc . Mandiant identified the location as the source of a large number of espionage operations in a 70-page report last year. [Continue reading…]

Facebooktwittermail

BlackShades malware bust ends in nearly 100 arrests worldwide

CNET reports: Law enforcement officials from 19 countries joined forces over the last two days to takedown nearly 100 alleged hackers. These purported hackers were said to be creating, selling, and using what the FBI calls a “particularly insidious” computer malware known as BlackShades.

Over the course of the operation, officials’ searched 359 houses and confiscated more than 1,100 data storage devices, such as computers, laptops, cell phones, routers, external hard drives, and USB memory sticks. Law enforcement also seized “substantial quantities” of cash, illegal firearms, and drugs, according to the European Union’s law enforcement agency Europol.

BlackShades is a type of malicious software that acts as a Remote Access Tool, or RAT — letting users remotely control a victim’s computer. Once a hacker installs BlackShades onto a victim’s computer, they can see anything on the computer, such as documents, photographs, passwords, banking credentials, and more. They can also deny access to files, record victims’ keystrokes, and activate the computer’s webcam.

One case of BlackShades use documented by Europol involved an 18-year-old man from the Netherlands who allegedly infected roughly 2,000 computers to take photos of women and girls who were using the machines.

Since 2010, BlackShades has been distributed and sold to thousands of people worldwide in more than 100 countries and used to infect more than half a million computers, according the FBI. Certain versions of the malware can be bought for as little as $40. [Continue reading…]

Facebooktwittermail

FBI keeps internet flaws secret to defend against hackers

Bloomberg reports: The Obama administration is letting law enforcement keep computer-security flaws secret in order to further U.S. investigations of cyberspies and hackers.

The White House has carved out an exception for the Federal Bureau of Investigation and other agencies to keep information about software vulnerabilities from manufacturers and the public. Until now, most debate has focused on how the National Security Agency stockpiles and uses new-found Internet weaknesses, known as zero-day exploits, for offensive purposes, such as attacking the networks of adversaries.

The law enforcement operations expose a delicate and complicated balancing act when it comes to agencies using serious security flaws in investigations versus disclosing them to protect all Internet users, according to former government officials and privacy advocates. [Continue reading…]

Facebooktwittermail