Category Archives: Cyber Issues

ISIS implicated in botched cyberattack

The Associated Press reports: A cyberattack aimed at unmasking Syrian dissidents has experts worried that ISIS is adding malicious software to its arsenal.

Internet watchdog Citizen Lab says an attempt to hack into systems operated by dissidents within the self-styled caliphate could be the work of hackers affiliated with ISIS.

Citizen Lab analyst John Scott-Railton said there is circumstantial evidence of the group’s involvement, and cautioned that if the group has moved into cyber-espionage, “the targets might not stop with the borders of Syria.”

The Nov. 24 attack came in the form of a booby-trapped email sent to an activist collective in Raqqa, Syria, that documents human rights abuses in ISIS’ de-facto capital. The activist at the receiving end wasn’t fooled and forwarded the message to an online safety group.

“We are wanted – even just as corpses,” the activist, whose name is being withheld to protect his safety, wrote in his message to cybersafety trainer Bahaa Nasr. “This email has a virus; we want to know the source.”

The message eventually found its way to Citizen Lab, based at the University of Toronto’s Munk School of Global Affairs. There, Scott-Railton and malware researcher Seth Hardy determined that it could act as a kind of electronic homing beacon by revealing a victim’s Internet Protocol address. [Continue reading…]

Facebooktwittermail

Who hacked Sony? It probably wasn’t North Korea

Regardless of who is responsible, the president views this as a serious national security matter — that is a very close paraphrase of White House Press Secretary Josh Earnest answering questions this afternoon about the Sony hacking.

OK. That’s it. The United States can now be declared certifiably insane!

The hacking may well have nothing to do with North Korea — it may indeed involve disgruntled Sony employees — and yet this is a serious national security matter?!

The only way that claim could marginally make sense would be if one fudged the definition of national security and said that it should include cybercrime committed by Americans targeting Americans — though by that definition, all crime would thence become an issue of national security.

Hollywood, the media, and the public all like stories. Narratives convey meaning in its most easily digestible form: a plot.

Sony Pictures made a movie, The Interview — a political action comedy which ends with the assassination of North Korean leader Kim Jong-un — and the North Koreans didn’t think it was funny. Indeed, they were so outraged they set about trying to make sure the movie would never be released. By yesterday afternoon they seemed to have succeeded.

The problem with this story is it’s probably a work of fiction — and maybe that shouldn’t be any surprise, given its source.

There’s one compelling reason to believe that the real story here has nothing to do with North Korea: in all likelihood the hackers were busy at work before anyone in the Democratic People’s Republic had even heard of Seth Rogen and James Franco.

Sebastian Anthony writes:

The hackers managed to exfiltrate around 100 terabytes of data from Sony’s network — an arduous task that, to avoid detection, probably took months. Given how long it would’ve taken to gain access to Sony Pictures, plus the time to exfiltrate the data, I think the wheels started turning long before North Korea heard about The Interview.

Even if we take the movie out of the equation, the hack just doesn’t feel like something that would be perpetrated by a nation state. The original warnings and demands feel like the attacker has a much more personal axe to grind — a disenfranchized ex employee, perhaps, or some kind of hacktivist group makes more sense, in my eyes.

So far, the sole purpose behind the Sony Pictures hack appears to be destruction — the destruction of privacy for thousands of employees, and the destruction of Sony’s reputation. Much in the same way that murder is a crime of passion, so was the hack on Sony Pictures. Bear in mind that the hackers gained access to almost every single piece of data stored on Sony’s network, including the passwords to bank accounts and other bits of information and intellectual property that could’ve been sold to the highest bidder. The hackers could’ve made an absolute fortune, but instead opted for complete annihilation. This all feels awfully like revenge.

Really, though, the biggest indicator that it was an inside job is that the malware used during the attack used hard-set paths and passwords — the attacker knew the exact layout of the Sony Pictures network, and had already done enough legwork to discover the necessary passwords. This isn’t to say that North Korea (or another nation state) couldn’t have done the legwork, but it would’ve taken a lot of time and effort — perhaps months or even years. A far more likely option is that the attack was carried out by someone who already had access to (or at least knowledge of) the internal network — an employee, a contractor, a friend of an employee, etc.

Before the hacking became public, Sony executives received what looked like a fairly straightforward extortion demand — a demand that made no reference to The Interview.

In the digital variant of a note pasted together from letters cut out of a newspaper, the extortion note came in broken English.

We’ve got great damage by Sony Pictures.
The compensation for it, monetary compensation we want.
Pay the damage, or Sony Pictures will be bombarded as a whole.
You know us very well. We never wait long.
You’d better behave wisely.
From God’sApstls

Maybe there are indeed some telltale signs in the syntax or maybe the author took advantage of Google and Bing’s translation-mangling capabilities by writing in English, translating in Korean (or any other language) and then translating back into English.

If the story here is really about extortion, then to recast it as political probably serves the interests of all parties — including North Korea.

No corporation wants to be publicly exposed as having capitulated to extortion demands — it would much rather hand over the money in secret while portraying itself as a political victim of the hostile foreign government. The North Koreans get the double reward of being credited with a hugely successful act of cyberwar while also getting removed from Hollywood’s list of favorite countries to target. And the Obama administration is able to sidestep a much larger a thornier issue: how to protect the American economy from the relentlessly growing threat of from global cybercrime whose points of origin are notoriously difficult to trace.

Finally, there is another theory about the real identity and motive of the hackers: they are Sony employees begging that no more Adam Sandler movies be made.

Facebooktwittermail

Sony leaks reveal Hollywood is trying to break the internet

The Verge reports: Most anti-piracy tools take one of two paths: they either target the server that’s sharing the files (pulling videos off YouTube or taking down sites like The Pirate Bay) or they make it harder to find (delisting offshore sites that share infringing content). But leaked documents reveal a frightening line of attack that’s currently being considered by the MPAA: What if you simply erased any record that the site was there in the first place?

To do that, the MPAA’s lawyers would target the Domain Name System (DNS) that directs traffic across the internet. The tactic was first proposed as part of the Stop Online Piracy Act (SOPA) in 2011, but three years after the law failed in Congress, the MPAA has been looking for legal justification for the practice in existing law and working with ISPs like Comcast to examine how a system might work technically. If the system works, DNS-blocking could be the key to the MPAA’s long-standing goal of blocking sites from delivering content to the US. At the same time, it represents a bold challenge to the basic engineering of the internet, threatening to break the very backbone of the web and drawing the industry into an increasingly nasty fight with Google. [Continue reading…]

Facebooktwittermail

Malware used to attack Sony was the software equivalent of a crude pipe bomb

Ars Technica reports: According to multiple reports, unnamed government officials have said that the cyber attack on Sony Pictures was linked to the North Korean government. The Wall Street Journal reports that investigators suspect the attack was carried out by Unit 121 of North Korea’s General Bureau of Reconnaissance, the country’s most elite hacking unit.

But if the elite cyber-warriors of the Democratic People’s Republic of Korea were behind the malware that erased data from hard drives at Sony Pictures Entertainment, they must have been in a real hurry to ship it.

Analysis by researchers at Cisco of a malware sample matching the MD5 hash signature of the “Destover” malware that was used in the attack on Sony Pictures revealed that the code was full of bugs and anything but sophisticated. It was the software equivalent of a crude pipe bomb.

Compared to other state-sponsored malware that researchers have analyzed, “It’s a night and day difference in quality,” said Craig Williams, senior technical leader for Cisco’s Talos Security Intelligence and Research Group, in an interview with Ars. “The code is simplistic, not very complex, and not very obfuscated.” [Continue reading…]

Facebooktwittermail

U.S. links North Korea to Sony hacking

The New York Times reports: American officials have concluded that North Korea ordered the attacks on Sony Pictures’s computers, a determination reached as the studio decided Wednesday to cancel the release of a comedy movie about the assassination of Kim Jong-un that is believed to have led to the hacking.

Senior administration officials, who would not speak on the record about the intelligence findings, said the White House was still debating whether to publicly accuse North Korea of what amounts to a cyberterrorism campaign. Sony’s decision to cancel release of “The Interview” amounted to a capitulation to the threats sent out by hackers this week that they would launch attacks, perhaps on theaters themselves, if the movie was released.

Officials said it was not clear how the White House would decide to respond to North Korea. Some within the Obama administration argue that the government of Mr. Kim must be directly confronted, but that raises the question of what consequences the administration would threaten — or how much of its evidence it could make public without revealing details of how the United States was able to penetrate North Korean computer networks to trace the source of the hacking.

Others argue that a direct confrontation with the North over the threats to Sony and moviegoers might result in escalation, and give North Korea the kind of confrontation it often covets. Japan, for which Sony is an iconic corporate name, has argued that a public accusation could interfere with delicate diplomatic negotiations underway for the return of Japanese nationals kidnapped years ago.

The sudden urgency inside the administration over the Sony issue came after a new threat was delivered this week to desktop computers at Sony’s offices that if “The Interview” was released on Dec. 25, “the world will be full of fear.” It continued: “Remember the 11th of September 2001. We recommend you to keep yourself distant from the places at that time.”

Sony dropped its plan to release the film after the four largest theater chains in the United States — Regal Entertainment, AMC Theaters, Cinemark and Carmike Cinemas — and several smaller chains said they would not show the film. The cancellations virtually killed “The Interview” as a theatrical enterprise, at least in the near term, one of the first known instances of a threat from another nation pre-empting the release of a movie.

While intelligence officials have concluded that the cyberattack on Sony was both state sponsored and far more destructive than any seen before on American soil, there are still differences of opinion over whether North Korea was aided by Sony insiders with an intimate knowledge of the company’s computer systems. [Continue reading…]

Jason Koebler reports: North Korea has denied playing a role in the hack, but called it a “righteous deed.” There’s nothing, really, beyond hatred of The Interview, to tie Guardians of Peace [as the hackers have dubbed themselves] to North Korea, but it’s still a narrative that has played out in the media.

And it’s a narrative that both sides are happy to embrace, [cybersecurity expert Bruce] Schneier speculated in an interview with me. Sony execs can say they’ve been targeted by a dictatorship, and the hackers get to have some fun.

“It’s really a phenomenally awesome hack — they completely owned this company,” Schneier, who is regularly consulted by the federal government on security issues, said. “But, I think this is just a regular hack. All the talk, it’s hyperbole and a joke. They’re [threatening violence] because it’s fun for them — why the hell not? They’re doing it because they actually hit Sony, because they’re acting like they’re 12, they’re doing it for the lulz, no one knows why.”

“Everyone at Sony right now is trying not to get fired,” he added. “There are going to be a lot of firings for Sony at the end of this.” [Continue reading…]

A TMZ headline on Sony Pictures Chief Amy Pascal says ambiguously, “I’m going nowhere” — she’s staying or she’s finished?

Underlining her conviction that everyone inside Sony is blameless, Pascal told Bloomberg News: “I think continuity and support and going forward is what’s important now.” Continuity = no one gets fired. Support = no criticism. Going forward = don’t look back.

But screenwriter Aaron Sorkin is in no doubt about who deserves blame: the press.

If you close your eyes you can imagine the hackers sitting in a room, combing through the documents to find the ones that will draw the most blood. And in a room next door are American journalists doing the same thing. As demented and criminal as it is, at least the hackers are doing it for a cause. The press is doing it for a nickel.

The cause of the hackers being? To defend the image of Kim Jong-un?

I don’t buy it. Much more likely this is an ongoing test of power with the hackers flexing their muscles and now demonstrating that they have the power to torpedo the release of a movie that cost $44 million to produce.

What next?

Facebooktwittermail

Google’s Global Fishing Watch is using ‘manipulated data’

Unfortunately, data analysis is only as good as the data. Wired reports: Last week, Google, Oceana and SkyTruth announced they were launching a battle against overfishing everywhere. A noble pursuit, Global Fishing Watch combines interactive mapping technology and satellite data with the all-important Automatic Identification System (AIS) transmissions every tanker, passenger ship and commercial vessel above a certain size is mandated by the UN to send. Global Fishing Watch then visualises the routes taken, to show when a fishing boat strays into or lingers in waters it shouldn’t.

The only problem, maritime analytics company Windward tells us, is that any vessel engaging in illegal activities is gaming the system and manipulating AIS data. We can’t rely on what we’re seeing.

“Until 2012, AIS data was super reliable because it wasn’t commoditised. Nobody had it, so no one needed to clean the data or check it,” Ami Daniel, a former naval officer and cofounder of Windward, tells WIRED.co.uk. “Two years, there was suddenly so much data out there, so many open source portals like marinetraffic.com providing free access to [vessel positions] for everybody. People understood they were being looked at. Once that happened, spontaneously different industries started to manipulate the data.”

According to a report by Windward that looked at AIS data from mid-2013 to mid-2014, there has been a 59 percent increase in GPS manipulations. From July 2012 to August 2014, that data also showed: [Continue reading…]

Facebooktwittermail

How hackers almost toppled the Sheldon Adelson gambling empire

Bloomberg Businessweek reports: Investigators from Dell SecureWorks working for [Sheldon Adelson’s casino empire, Las Vegas] Sands have concluded that the February attack was likely the work of “hacktivists” based in Iran, according to documents obtained by Bloomberg Businessweek. The security team couldn’t determine if Iran’s government played a role, but it’s unlikely that any hackers inside the country could pull off an attack of that scope without its knowledge, given the close scrutiny of Internet use within its borders. “This isn’t the kind of business you can get into in Iran without the government knowing,” says James Lewis, a senior fellow at the Center for Strategic and International Studies in Washington. Hamid Babaei, a spokesman for Iran’s Permanent Mission to the United Nations, didn’t return several phone calls and e-mails.

The perpetrators released their malware early in the morning on Monday, Feb. 10. It spread through the company’s networks, laying waste to thousands of servers, desktop PCs, and laptops. By the afternoon, Sands security staffers noticed logs showing that the hackers had been compressing batches of sensitive files. This meant that they may have downloaded — or were preparing to download — vast numbers of private documents, from credit checks on high-roller customers to detailed diagrams and inventories of global computer systems. Michael Leven, the president of Sands, decided to sever the company entirely from the Internet.

It was a drastic step in an age when most business functions, from hotel reservations to procurement, are handled online. But Sands was able to keep many core operations functioning — the hackers weren’t able to access an IBM (IBM) mainframe that’s key to running certain parts of the business. Hotel guests could still swipe their keycards to get into their rooms. Elevators ran. Gamblers could still drop coins into slot machines or place bets at blackjack tables. Customers strolling the casino floors or watching the gondolas glide by on the canal in front of the Venetian had no idea anything was amiss.

Leven’s team quickly realized that they’d caught a major break. The Iranians had made a mistake. Among the first targets of the wiper software were the company’s Active Directory servers, which help manage network security and create a trusted link to systems abroad. If the hackers had waited before attacking these machines, the malware would have made it to Sands’ extensive properties in Singapore and China. Instead, the damage was confined to the U.S. [Continue reading…]

Facebooktwittermail

Powerful, highly stealthy Linux trojan may have infected victims for years

Ars Technica reports: Researchers have uncovered an extremely stealthy trojan for Linux systems that attackers have been using to siphon sensitive data from governments and pharmaceutical companies around the world.

The previously undiscovered malware represents a missing puzzle piece tied to “Turla,” a so-called advanced persistent threat (APT) disclosed in August by Kaspersky Lab and Symantec. For at least four years, the campaign targeted government institutions, embassies, military, education, research, and pharmaceutical companies in more than 45 countries. The unknown attackers—who are probably backed by a nation-state, according to Symantec—were known to have infected several hundred Windows-based computers by exploiting a variety of vulnerabilities, at least two of which were zero-day bugs. The malware was notable for its use of a rootkit that made it extremely hard to detect.

Now researchers from Moscow-based Kaspersky Lab have detected Linux-based malware used in the same campaign. Turla was already ranked as one of the top-tier APTs, in the same league as the recently disclosed Regin for instance. The discovery of the Linux component suggests it is bigger than previously thought and may presage the discovery of still more infected systems. [Continue reading…]

Facebooktwittermail

Cybersecurity unit drives Israeli Internet economy

Jeff Moskowitz reports: Over the summer, in the middle of a two-month-long Israeli-Palestinian war, representatives of some of the biggest names in tech crammed into the stairwell of a Tel Aviv skyscraper to wait out Hamas rocket fire. Wearing Sequoia Capital name tags and TechCrunch T-shirts, they squeezed against one another, passing the time by talking about the Paris startup scene and the success rate of Iron Dome, Israel’s missile defense system.

They came to Tel Aviv for the demo day of a uniquely Israeli brand of startup incubator: one conducted by graduates of Israel Defense Forces Unit 8200 – the Israeli NSA. It was a fitting reminder of the close ties between Israel’s Silicon Wadi (the nickname for Israel’s startup ecosystem) and the country’s military establishment.

The 8200 is the largest unit in the Israeli army. It’s responsible for signals intelligence, eavesdropping and wiretapping, as well as advanced technical jobs and translating work. It is also widely acknowledged as producing a disproportionately high percentage of Israel’s tech executives and startup founders, including the brains behind Check Point Software Technologies, NICE Systems, and Mirabilis (creator of the proto-instant messaging system ICQ) – three of the biggest Israeli tech companies. [Continue reading…]

Facebooktwittermail

The looming digital security catastrophe

Nicole Perlroth reports: Paul Kocher, one of the country’s leading cryptographers, says he thinks the explanation for the world’s dismal state of digital security may lie in two charts.

One shows the number of airplane deaths per miles flown, which decreased to one-thousandth of what it was in 1945 with the advent of the Federal Aviation Administration in 1958 and stricter security and maintenance protocols. The other, which details the number of new computer security threats, shows the opposite. There has been more than a 10,000-fold increase in the number of new digital threats over the last 12 years.

The problem, Mr. Kocher and security experts reason, is a lack of liability and urgency. The Internet is still largely held together with Band-Aid fixes. Computer security is not well regulated, even as enormous amounts of private, medical and financial data and the nation’s computerized critical infrastructure — oil pipelines, railroad tracks, water treatment facilities and the power grid — move online.

If a stunning number of airplanes in the United States crashed tomorrow, there would be investigations, lawsuits and a cutback in air travel, and the airlines’ stock prices would most likely plummet. That has not been true for hacking attacks, which surged 62 percent last year, according to the security company Symantec. As for long-term consequences, Home Depot, which suffered the worst security breach of any retailer in history this year, has seen its stock float to a high point.

In a speech two years ago, Leon E. Panetta, the former defense secretary, predicted it would take a “cyber-Pearl Harbor” — a crippling attack that would cause physical destruction and loss of life — to wake up the nation to the vulnerabilities in its computer systems.

No such attack has occurred. Nonetheless, at every level, there has been an awakening that the threats are real and growing worse, and that the prevailing “patch and pray” approach to computer security simply will not do. [Continue reading…]

Facebooktwittermail

Is Russia’s cyberwar heating up amid new Cold War?

Moscow Times reports: A recent influx of reports about Russian electronic espionage activity has prompted fresh concerns that the Kremlin may be gunning for a cyberwar with the West.

Not everyone is convinced: Russian IT analysts interviewed by The Moscow Times were more inclined to blame the spike in attack reports on media hype and cybersecurity companies exploiting clients’ fears.

But Russia’s leading expert on domestic security services, Andrei Soldatov, said the pattern of the attacks indicated that the Russian government may be mounting a covert Internet offensive.

Experts could not say, however, whether heavy guns with the FSB electronic espionage agencies have been deployed.

“All government-linked attacks so far have been carried out by people on the market: the cyber-mercenaries,” Soldatov, editor-in-chief of the Agentura.ru website, said Wednesday. [Continue reading…]

Facebooktwittermail

Want to avoid government malware? Ask a former NSA hacker

The Guardian reports: Many of the brightest minds from the National Security Agency and GCHQ staff tire themselves out from long years of service, moving out into the comfort of the private sector.

Unsurprisingly, the security industry welcomes them with open arms. After all, who better to hand out advice than alumni of two of the most sophisticated intelligence agencies on the planet?

A young British company called Darktrace, whose technology was spawned in the classrooms and bedrooms of Cambridge University, can now boast a covey of former spies among their executive ranks. Jim Penrose, who spent 17 years at the NSA and was involved in the much-feared Tailored Access Operations group (TAO), is one of Darktrace’s latest hires.

Though he declined to confirm or deny any of the claims made about TAO’s operations, including Edward Snowden leaks that showed it had hacked into between 85,000 and 100,000 machines around the world, Penrose spoke with the Guardian about how people might want to defend themselves from government-sponsored cyber attacks. [Continue reading…]

Facebooktwittermail

‘Regin’ malware comes from Western intelligence agency, say experts

The Guardian reports: Regin is the latest malicious software to be uncovered by security researchers, though its purpose is unknown, as are its operators. But experts have told the Guardian it was likely spawned in the labs of a western intelligence agency.

None of the targets of the Regin hackers reside on British soil, nor do any live in the US. Most victims are based in Russia and Saudi Arabia – 28% and 24% respectively.

Ireland had the third highest number of targets – 9% of overall detected infections. The infections lists doesn’t include any “five eyes” countries – Australia, Canada, New Zealand, the UK and the US.

“We believe Regin is not coming from the usual suspects. We don’t think Regin was made by Russia or China,” Mikko Hypponen, chief research officer at F-Secure, told the Guardian. His company first spied Regin hiding on a Windows server inside a customer’s IT infrastructure in Northern Europe.

Only a handful of countries are thought capable of creating something as complex as Regin. If China and Russia are ruled out, that would leave the US, UK or Israel as the most likely candidates. [Continue reading…]

Facebooktwittermail

Why Google is scarier than the NSA

For anyone who is really afraid of what the NSA might do with its information gathering capabilities, there’s a simple personal solution: stop using electronic devises.

Simple, but not easy — at least for most people.

Given that most Americans are now tied to their devices as though they were dialysis machines on which our lives depend, we should probably be more concerned, however, about how we are being watched constantly and the information gathered is constantly being used not by the Big Brother of our fears but instead by the Big Brother that truly follows our every step.

James Robinson writes: I’ve been in Boston all week. I had to tell my mother where I was, but not Google. Its seamlessness in switching up my Google ad results, changing its suggestions to me of places to visit and ads to click on, was instantaneous.

Google knew where I was going, as I was making the trip. We’re used to this by now. It’s justified under the umbrella of modern convenience. But should it be?

This morning, a new Public Citizen report, “Mission Creep-y: Google is Quietly Becoming One of the Nation’s Most Powerful Political Forces While Expanding Its Information-Collecting Empire” came across my desk. It doesn’t break news. But it is an exhausting catalog of Google’s powerful information gathering apparatus, its missteps, and its massive social ambition.

When you put the isolated pieces together, it can kind of make you choke on your breakfast.

At a consumer level, Google is all over you. Its search algorithm takes in 200 different variables about you, pulling in information it gleans from your use of all of its products: Maps, YouTube, Gmail, and more. These are services you use, like, all of the time that can reveal very personal things. Since 2012, Google has made it its stated policy to track you as one user across all of its services, no matter what device you’re using. (This “comingling” of information, e.g. search history with chat transcripts, resulted in several lawsuits from privacy groups.)

Through its acquisition of DoubleClick Google knows what websites you were on when you saw a certain ad. Like all companies, it tracks your web history by placing a cookie in your browser. But because of the prevalence of Google Analytics and DoubleClick across the web now, once Google has identified you, it’s really, really difficult for you to ever be out of the company’s sight. [Continue reading…]

Facebooktwittermail

Tracking ISIS, stalking the CIA: how anyone can be big brother online

Tom Fox-Brewster writes: “Our choice isn’t between a world where either the good guys spy or the bad guys spy. It’s a choice of everybody gets to spy or nobody gets to spy.” So said the security luminary Bruce Schneier at BBC Future’s World-Changing Ideas Summit in October. He was considering a world in which the metadata zipping around us and the static information sitting on web servers across the globe is accessible to those with the means and the will to collect it all.

With so many cheap or free tools out there, it is easy for anyone to set up their own NSA-esque operations and collect all this data. Though breaching systems and taking data without authorisation is against the law, it is possible to do a decent amount of surveillance entirely legally using open-source intelligence (OSINT) tools. If people or organisations release data publicly, whether or not they mean to do so, users can collect it and store it in any way they see fit.

That is why, despite having a controversial conviction to his name under the Computer Misuse Act, Daniel Cuthbert, chief operating officer of security consultancy Sensepost, has been happily using OSINT tool Maltego (its open-source version is charmingly called Poortego) to track a number of people online.

Over a few days this summer, he was “stalking” a Twitter user who appeared to be working at the Central Intelligence Agency. Maltego allowed him to collect all social media messages sent out into the internet ether in the area around the CIA’s base in Langley, Virginia. He then picked up on the location of further tweets from the same user, which appeared to show her travelling between her own home and a friend or partner’s house. Not long after Cuthbert started mapping her influence, her account disappeared.

But Cuthbert has been retrieving far more illuminating data by running social network accounts related to Islamic State through Maltego. By simply adding names to the OSINT software and asking it to find links between accounts using commands known as “transforms”, Maltego draws up real-time maps showing how users are related to each other and then uncovers links between their followers. It is possible to gauge their level of influence and which accounts are bots rather than real people. Where GPS data is available, location can be ascertained too, though it is rare to find accounts leaking this – only about 2% of tweets have the feature enabled, says Cuthbert. [Continue reading…]

Facebooktwittermail

‘You’re not anonymous anymore when you’re using Tor’

The Wall Street Journal reports: Law enforcement authorities across Europe and the U.S. shut dozens of illegal websites and arrested some operators, employing new and as yet unknown techniques to unmask those using an anonymity network.

Authorities said on Friday they made the arrests by piercing the anonymity offered by Tor, a network that relies on encryption tools and 1,000s of servers to mask online activities. Tor, which is partly funded by the U.S. government, is used by dissidents in authoritarian countries such as Iran, China and Saudi Arabia to access the Internet, but people operating and visiting websites that sell contraband also use it to conceal their identities.

Internet security experts said it was unlikely authorities had cracked Tor’s sophisticated encryption protocols. “If that were the case, the implications would be huge,” said an official with Welund Horizon, a London firm that provides intelligence on cybercrime to law-enforcement agencies and large corporations.

That law enforcement was able to locate Tor users is “a game changer,” said Ulf Bergstrom, a spokesman for Eurojust, the European Union’s legal coordination agency. “You’re not anonymous anymore when you’re using Tor.” [Continue reading…]

Facebooktwittermail

The FBI’s secret House meeting to get access to your iPhone

National Journal reports: The Obama administration is ramping up its campaign to force technology companies to help the government spy on their users.

FBI and Justice Department officials met with House staffers this week for a classified briefing on how encryption is hurting police investigations, according to staffers familiar with the meeting.

The briefing included Democratic and Republican aides for the House Judiciary and Intelligence Committees, the staffers said. The meeting was held in a classified room, and aides are forbidden from revealing what was discussed.

Facebooktwittermail

Only top legislators informed of White House computer attack

Reuters reports: An attack by hackers on a White House computer network earlier this month was considered so sensitive that only a small group of senior congressional leaders were initially notified about it, U.S. officials said on Thursday.

The officials said the Democratic and Republican leaders of the Senate and the House of Representatives and the heads of the Senate and House Intelligence Committees, collectively known as the “Gang of Eight,” were told last week of the cyber attack, which had occurred several days earlier.

Security experts said this limited group would normally be informed about ultra-secret intelligence operations and notifying them of a computer breach in this way was unusual. [Continue reading…]

Facebooktwittermail