Category Archives: Cyber Issues

Brazil plans to lay trans-Atlantic cable free from NSA surveillance and U.S.-made technology

Bloomberg reports: Brazil is planning a $185 million project to lay fiber-optic cable across the Atlantic Ocean, which could entail buying gear from multiple vendors. What it won’t need: U.S.-made technology.

The cable is being overseen by state-owned telecommunications company Telecomunicacoes Brasileiras SA, known as Telebras. Even though Telebras’s suppliers include U.S. companies such as Cisco Systems Inc., Telebras President Francisco Ziober Filho said in an interview that the cable project can be built without any U.S. companies.

The potential to exclude U.S. vendors illustrates the fallout that is starting to unfold from revelations last year that the U.S. National Security Agency spied on international leaders like Brazil’s Dilma Rousseff and Germany’s Angela Merkel to gather intelligence on terror suspects worldwide.

“The issue of data integrity and vulnerability is always a concern for any telecom company,” Ziober said. The NSA leaks last year from contractor Edward Snowden prompted Telebras to step up audits of all foreign-made equipment to check for security vulnerabilities and accelerated the country’s move toward technological self-reliance, he said. [Continue reading…]

Facebooktwittermail

Maybe better if you don’t read this story on public WiFi

Maurits Martijn writes: The idea that public WiFi networks are not secure is not exactly news. It is, however, news that can’t be repeated often enough. There are currently more than 1.43 billion smartphone users worldwide and more than 150 million smartphone owners in the U.S. More than 92 million American adults own a tablet and more than 155 million own a laptop. Each year the worldwide demand for more laptops and tablets increases. In 2013, an estimated 206 million tablets and 180 million laptops were sold worldwide. Probably everyone with a portable device has once been connected to a public WiFi network: while having a coffee, on the train, or at a hotel.

The good news is that some networks are better protected than others; some email and social media services use encryption methods that are more secure than their competitors. But spend a day walking in the city with Wouter Slotboom, and you’ll find that almost everything and everyone connected to a WiFi network can be hacked. A study from threat intelligence consultancy Risk Based Security estimates that more than 822 million records were exposed worldwide in 2013, including credit card numbers, birth dates, medical information, phone numbers, social security numbers, addresses, user names, emails, names, and passwords. Sixty-five percent of those records came from the U.S. According to IT security firm Kaspersky Lab, in 2013 an estimated 37.3 million users worldwide and 4.5 million Americans were the victim of phishing — or pharming — attempts, meaning payment details were stolen from hacked computers, smartphones, or website users.

Report after report shows that digital identity fraud is an increasingly common problem. Hackers and cybercriminals currently have many different tricks at their disposal. But the prevalence of open, unprotected WiFi networks does make it extremely easy for them. The Netherlands National Cyber ​​Security Center, a division of the Ministry of Security and Justice, did not issue the following advice in vain: “It is not advisable to use open WiFi networks in public places. If these networks are used, work or financial related activities should better be avoided.”

Slotboom calls himself an “ethical hacker,” or one of the good guys; a technology buff who wants to reveal the potential dangers of the internet and technology. He advises individuals and companies on how to better protect themselves and their information. He does this, as he did today, usually by demonstrating how easy it is to inflict damage. Because really, it’s child’s play: The device is cheap, and the software for intercepting traffic is very easy to use and is readily available for download. “All you need is 70 Euros, an average IQ, and a little patience,” he says. I will refrain from elaborating on some of the more technical aspects, such as equipment, software, and apps needed to go about hacking people. [Continue reading…]

Facebooktwittermail

Most of top 100 cybercriminal programmers based in Russian-speaking world says Europol

BBC News reports: There are only “around 100” cybercriminal kingpins behind global cybercrime, according to the head of Europol’s Cybercrime Centre.

Speaking to the BBC’s Tech Tent radio show, Troels Oerting said that law enforcers needed to target the “rather limited group of good programmers”.

“We roughly know who they are. If we can take them out of the equation then the rest will fall down,” he said.

Although, he added, fighting cybercrime remained an uphill battle.

“This is not a static number, it will increase unfortunately,” he said.

“We can still cope but the criminals have more resources and they do not have obstacles. They are driven by greed and profit and they produce malware at a speed that we have difficulties catching up with.”

The biggest issue facing cybercrime fighters at the moment was the fact that it was borderless, he told the BBC.

“Criminals no longer come to our countries, they commit their crimes from a distance and because of this I cannot use the normal tools to catch them.

“I have to work with countries I am not used to working with and that scares me a bit,” he said.

The majority of the cybercrime “kingpins” were located in the Russian-speaking world, he said. [Continue reading…]

Facebooktwittermail

Syrian hackers use WhatsApp, Viber, Facebook and YouTube to spread malware aimed activists

IB Times reports: A group of pro-Assad hackers in Syria are using activist websites, WhatsApp, Viber, YouTube and social media to spread malware which claims to help protect privacy.

The group of hackers has infected more than 10,000 victims using sophisticated techniques to hide the malware they are sharing on websites visited by activists, social media platforms like Facebook, YouTube, Skype and even on instant messaging services WhatsApp and Viber.

The news comes from a report from Kasperksy Lab entitled “Syrian Malware – the ever-evolving threat” which says the group of hackers is highly organised and is targeting victims inside as well as outside of Syria.

The group is playing on the fears of victims in the worn-torn country by spreading fake messages (via email, Skype, Viber etc) which claim to give details about imminent cyber-attacks. [Continue reading…]

Facebooktwittermail

U.S. firm helped the spyware industry build a potent digital weapon for sale overseas

Barton Gellman reports: CloudShield Technologies, a California defense contractor, dispatched a senior engineer to Munich in the early fall of 2009. His instructions were unusually opaque.

As he boarded the flight, the engineer told confidants later, he knew only that he should visit a German national who awaited him with an off-the-books assignment. There would be no written contract, and on no account was the engineer to send reports back to CloudShield headquarters.

His contact, Martin J. Muench, turned out to be a former developer of computer security tools who had long since turned to the darkest side of their profession. Gamma Group, the British conglomerate for which Muench was a managing director, built and sold systems to break into computers, seize control clandestinely, and then copy files, listen to Skype calls, record every keystroke and switch on Web cameras and microphones at will.

According to accounts the engineer gave later and contemporary records obtained by The Washington Post, he soon fell into a shadowy world of lucrative spyware tools for sale to foreign security services, some of them with records of human rights abuse.

Over several months, the engineer adapted Gamma’s digital weapons to run on his company’s specialized, high-speed network hardware. Until then CloudShield had sold its CS-2000 device, a multipurpose network and content processing product, primarily to the Air Force and other Pentagon customers, who used it to manage and defend their networks, not to attack others.

CloudShield’s central role in Gamma’s controversial work — fraught with legal risk under U.S. export restrictions — was first uncovered by Morgan Marquis-Boire, author of a new report released Friday by the Citizen Lab at the University of Toronto’s Munk School of Global Affairs. He shared advance drafts with The Post, which conducted its own month-long investigation. [Continue reading…]

Facebooktwittermail

MonsterMind: Automated cyberwarfare

In “The most wanted man in the world,” his feature article for Wired on Edward Snowden, James Bamford writes: The massive surveillance effort was bad enough, but Snowden was even more disturbed to discover a new, Strangelovian cyberwarfare program in the works, codenamed MonsterMind. The program, disclosed here for the first time, would automate the process of hunting for the beginnings of a foreign cyberattack. Software would constantly be on the lookout for traffic patterns indicating known or suspected attacks. When it detected an attack, MonsterMind would automatically block it from entering the country — a “kill” in cyber terminology.

Programs like this had existed for decades, but MonsterMind software would add a unique new capability: Instead of simply detecting and killing the malware at the point of entry, MonsterMind would automatically fire back, with no human involvement. That’s a problem, Snowden says, because the initial attacks are often routed through computers in innocent third countries. “These attacks can be spoofed,” he says. “You could have someone sitting in China, for example, making it appear that one of these attacks is originating in Russia. And then we end up shooting back at a Russian hospital. What happens next?”

In addition to the possibility of accidentally starting a war, Snowden views MonsterMind as the ultimate threat to privacy because, in order for the system to work, the NSA first would have to secretly get access to virtually all private communications coming in from overseas to people in the US. “The argument is that the only way we can identify these malicious traffic flows and respond to them is if we’re analyzing all traffic flows,” he says. “And if we’re analyzing all traffic flows, that means we have to be intercepting all traffic flows. That means violating the Fourth Amendment, seizing private communications without a warrant, without probable cause or even a suspicion of wrongdoing. For everyone, all the time.”

Facebooktwittermail

Inside Anonymous’ cyberwar against the Israeli government

Mother Jones reports: The shadowy hacker collective known as Anonymous has announced it will launch a round of cyber-attacks this Friday against the Israeli government, in retaliation for Israel’s ongoing military intervention in Gaza. This onslaught would add to a wave of cyber assaults staged in recent weeks by hackers largely from the Middle East, Asia, and South America, who are supporting “OpSaveGaza,” an Anonymous-backed campaign targeting Israeli government websites that has succeeded in temporarily taking down the sites of the Israeli defense ministry and the Tel Aviv police department.

This isn’t the first time Anonymous has zeroed in on Israel; the collective has been launching cyber-attacks against the country for several years, with mixed results. “As a collective ‘Anonymous’ does not hate Israel, it hates that Israel’s government is committing genocide & slaughtering unarmed people in Gaza to obtain more land at the border,” an Anonymous spokesperson, using the Twitter handle @YourAnonCentral, tells Mother Jones. The spokesperson notes that there has never been any Anonymous action taken against Palestinian targets, including Hamas, the outfit governing Gaza and launching rocket attacks against Israel.

The most recent round of cyber-attacks began in early July, and the Anonymous spokesperson claims that collective members sabotaged “thousands” of Israeli websites. Several of the sites targeted were indeed down recently. The International Business Times reported last week that “numerous Israeli government homepages have been replaced by graphics, slogans, and auto-playing audio files.” On Monday, hackers leaked a list of log-in details they claim belong to Israeli government officials, but the government hasn’t confirmed this. [Continue reading…]

Facebooktwittermail

How Russian hackers stole the Nasdaq

Bloomberg Businessweek reports: In October 2010, a Federal Bureau of Investigation system monitoring U.S. Internet traffic picked up an alert. The signal was coming from Nasdaq. It looked like malware had snuck into the company’s central servers. There were indications that the intruder was not a kid somewhere, but the intelligence agency of another country. More troubling still: When the U.S. experts got a better look at the malware, they realized it was attack code, designed to cause damage.

As much as hacking has become a daily irritant, much more of it crosses watch-center monitors out of sight from the public. The Chinese, the French, the Israelis — and many less well known or understood players — all hack in one way or another. They steal missile plans, chemical formulas, power-plant pipeline schematics, and economic data. That’s espionage; attack code is a military strike. There are only a few recorded deployments, the most famous being the Stuxnet worm. Widely believed to be a joint project of the U.S. and Israel, Stuxnet temporarily disabled Iran’s uranium-processing facility at Natanz in 2010. It switched off safety mechanisms, causing the centrifuges at the heart of a refinery to spin out of control. Two years later, Iran destroyed two-thirds of Saudi Aramco’s computer network with a relatively unsophisticated but fast-spreading “wiper” virus. One veteran U.S. official says that when it came to a digital weapon planted in a critical system inside the U.S., he’s seen it only once — in Nasdaq.

The October alert prompted the involvement of the National Security Agency, and just into 2011, the NSA concluded there was a significant danger. A crisis action team convened via secure videoconference in a briefing room in an 11-story office building in the Washington suburbs. Besides a fondue restaurant and a CrossFit gym, the building is home to the National Cybersecurity and Communications Integration Center (NCCIC), whose mission is to spot and coordinate the government’s response to digital attacks on the U.S. They reviewed the FBI data and additional information from the NSA, and quickly concluded they needed to escalate.

Thus began a frenzied five-month investigation that would test the cyber-response capabilities of the U.S. and directly involve the president. Intelligence and law enforcement agencies, under pressure to decipher a complex hack, struggled to provide an even moderately clear picture to policymakers. After months of work, there were still basic disagreements in different parts of government over who was behind the incident and why. “We’ve seen a nation-state gain access to at least one of our stock exchanges, I’ll put it that way, and it’s not crystal clear what their final objective is,” says House Intelligence Committee Chairman Mike Rogers, a Republican from Michigan, who agreed to talk about the incident only in general terms because the details remain classified. “The bad news of that equation is, I’m not sure you will really know until that final trigger is pulled. And you never want to get to that.”

Bloomberg Businessweek spent several months interviewing more than two dozen people about the Nasdaq attack and its aftermath, which has never been fully reported. Nine of those people were directly involved in the investigation and national security deliberations; none were authorized to speak on the record. “The investigation into the Nasdaq intrusion is an ongoing matter,” says FBI New York Assistant Director in Charge George Venizelos. “Like all cyber cases, it’s complex and involves evidence and facts that evolve over time.”

While the hack was successfully disrupted, it revealed how vulnerable financial exchanges—as well as banks, chemical refineries, water plants, and electric utilities—are to digital assault. One official who experienced the event firsthand says he thought the attack would change everything, that it would force the U.S. to get serious about preparing for a new era of conflict by computer. He was wrong. [Continue reading…]

Facebooktwittermail

How a scanner infected corporate systems and stole data: Beware Trojan peripherals

Kurt Marko writes: A new form of highly targeted cyber attack patently demonstrates the shift in malware sophistication and motivation. Annoying hacker pranks done for fun and sport have been supplanted by sophisticated, multi-stage software systems designed for espionage and profit. The new attack, discovered by TrapX, a developer of security software formerly known as CyberSense, is one of an increasingly common genre known as an Advanced Persistent Threat (APT) of the type that stole debit card numbers from Target or sensitive data and login credentials from any number of companies. What makes this recent attack noteworthy isn’t its basic design, operation or targets, but means of initial delivery: contaminated firmware on a type of industrial barcode scanner commonly used in the shipping and logistics industry. Similar to the technique used to introduce the infamous Stuxnet worm that took out Iranian centrifuges and managed to penetrate ostensibly highly secure networks via ordinary USB thumb drives, the so-called Zombie Zero worm invaded corporate data centers through a back door. [Continue reading…]

Facebooktwittermail

Active malware operation let attackers sabotage U.S. energy industry

Ars Technica: Researchers have uncovered a malware campaign that gave attackers the ability to sabotage the operations of energy grid owners, electricity generation firms, petroleum pipelines, and industrial equipment providers.

Called Dragonfly, the hacking group managed to install one of two remote access trojans (RATs) on computers belonging to energy companies located in the US and at least six European countries, according to a research report published Monday by Symantec. One of the RATs, called Havex, was spread by hacking the websites of companies selling software used in industrial control systems (ICS) and waiting for companies in the energy and manufacturing industries to install booby-trapped versions of the legitimate apps.

“This campaign follows in the footsteps of Stuxnet, which was the first known major malware campaign to target ICS systems,” the Symantec report stated. “While Stuxnet was narrowly targeted at the Iranian nuclear program and had sabotage as its primary goal, Dragonfly appears to have a much broader focus with espionage and persistent access as its current objective with sabotage as an optional capability if required.” [Continue reading…]

Facebooktwittermail

U.S. cybercrime laws being used to target security researchers

The Guardian reports: Some of the world’s best-known security researchers claim to have been threatened with indictment over their efforts to find vulnerabilities in internet infrastructure, amid fears American computer hacking laws are perversely making the web less safe to surf.

Many in the security industry have expressed grave concerns around the application of the US Computer Fraud and Abuse Act (CFAA), complaining law enforcement and lawyers have wielded it aggressively at anyone looking for vulnerabilities in the internet, criminalising work that’s largely benign.

They have also argued the law carries overly severe punishments, is too vague and does not consider context, only the action.

HD Moore, creator of the ethical hacking tool Metasploit and chief research officer of security consultancy Rapid7, told the Guardian he had been warned by US law enforcement last year over a scanning project called Critical.IO, which he started in 2012. The initiative sought to find widespread vulnerabilities using automated computer programs to uncover the weaknesses across the entire internet. [Continue reading…]

Facebooktwittermail

Serious security flaws found in Israeli-made surveillance gear used by law enforcement

Ars Technica reports: Software used by law enforcement organizations to intercept the communications of suspected criminals contains a litany of critical weaknesses, including an undocumented backdoor secured with a hardcoded password, security researchers said today.

In a scathing advisory published Wednesday, the researchers recommended people stop using the Nice Recording eXpress voice-recording package. It is one of several software offerings provided by Ra’anana, Israel-based Nice Systems, a company that markets itself as providing “mission-critical lawful interception solutions to support the fight against organized crime, drug trafficking and terrorist activities.” The advisory warned that critical weaknesses in the software expose users to attacks that compromise investigations and the security of the agency networks. [Continue reading…]

Facebooktwittermail

Bots were responsible for bitcoin’s stratospheric ascent, anonymous report claims

Gigaom reports: An authoritative-looking report has appeared that suggests bitcoin’s meteoric rise late last year — from $200 to $1,200 in one month — may have at least partly been the work of bots, possibly associated with those running the melted-down MtGox online exchange.

The so-called Willy Report emerged on Sunday, claiming to demonstrate fraudulent activity at MtGox. Is it correct? Hard to tell at this point, though it is based on public logs and it does at least have in its favor an absence of accompanying malware (something that blighted the last bundle of alleged MtGox fraud evidence).

According to the report’s anonymous author, automated bots dubbed Willy and Markus spent much of 2013 repeatedly creating new MtGox accounts and using them to “buy” large amounts of bitcoin without actually spending any real money. In total, the two bots probably bought up a volume that’s “suspiciously close” to the 650,000 bitcoins MtGox CEO Mark Karpeles claims the company lost, the report notes. [Continue reading…]

Facebooktwittermail

Study: 97% of companies using network defenses get hacked anyway

Ars Technica: A security study drawing data from more than 1,600 networks over a six-month period found that 97 percent of the networks experienced some form of breach—despite the use of multiple layers of network and computer security software. The study, performed by analysts from security appliance vendor FireEye and its security consulting wing Mandiant, compared current network defenses to the Maginot Line, the infamous French fortress chain that the Germans bypassed during their May 1940 invasion.

The data collected from network and e-mail monitoring appliances from October 2013 to March 2014 also showed that three-quarters of the networks had command-and-control traffic indicating the presence of active security breaches connected to over 35,000 unique command-and-control servers. Higher-education networks were the biggest source of botnet traffic.

Facebooktwittermail

Computers, and computing, are broken

Quinn Norton writes: Once upon a time, a friend of mine accidentally took over thousands of computers. He had found a vulnerability in a piece of software and started playing with it. In the process, he figured out how to get total administration access over a network. He put it in a script, and ran it to see what would happen, then went to bed for about four hours. Next morning on the way to work he checked on it, and discovered he was now lord and master of about 50,000 computers. After nearly vomiting in fear he killed the whole thing and deleted all the files associated with it. In the end he said he threw the hard drive into a bonfire. I can’t tell you who he is because he doesn’t want to go to Federal prison, which is what could have happened if he’d told anyone that could do anything about the bug he’d found. Did that bug get fixed? Probably eventually, but not by my friend. This story isn’t extraordinary at all. Spend much time in the hacker and security scene, you’ll hear stories like this and worse.

It’s hard to explain to regular people how much technology barely works, how much the infrastructure of our lives is held together by the IT equivalent of baling wire.

Computers, and computing, are broken.

For a bunch of us, especially those who had followed security and the warrantless wiretapping cases, the revelations weren’t big surprises. We didn’t know the specifics, but people who keep an eye on software knew computer technology was sick and broken. We’ve known for years that those who want to take advantage of that fact tend to circle like buzzards. The NSA wasn’t, and isn’t, the great predator of the internet, it’s just the biggest scavenger around. It isn’t doing so well because they are all powerful math wizards of doom. [Continue reading…]

Facebooktwittermail

America’s double standards on cybercrime and national security

The New York Times reports: The National Security Agency has never said what it was seeking when it invaded the computers of Petrobras, Brazil’s huge national oil company, but angry Brazilians have guesses: the company’s troves of data on Brazil’s offshore oil reserves, or perhaps its plans for allocating licenses for exploration to foreign companies.

Nor has the N.S.A. said what it intended when it got deep into the computer systems of China Telecom, one of the largest providers of mobile phone and Internet services in Chinese cities. But documents released by Edward J. Snowden, the former agency contractor now in exile in Russia, leave little doubt that the main goal was to learn about Chinese military units, whose members cannot resist texting on commercial networks.

The agency’s interest in Huawei, the giant Chinese maker of Internet switching equipment, and Pacnet, the Hong Kong-based operator of undersea fiber optic cables, is more obvious: Once inside those companies’ proprietary technology, the N.S.A. would have access to millions of daily conversations and emails that never touch American shores.

Then there is Joaquín Almunia, the antitrust commissioner of the European Commission. He runs no company, but has punished many, including Microsoft and Intel, and just reached a tentative accord with Google that will greatly change how it operates in Europe.

In each of these cases, American officials insist, when speaking off the record, that the United States was never acting on behalf of specific American companies. But the government does not deny it routinely spies to advance American economic advantage, which is part of its broad definition of how it protects American national security. In short, the officials say, while the N.S.A. cannot spy on Airbus and give the results to Boeing, it is free to spy on European or Asian trade negotiators and use the results to help American trade officials — and, by extension, the American industries and workers they are trying to bolster. [Continue reading…]

Facebooktwittermail

U.S. charges five in Chinese army with hacking

The Wall Street Journal reports: The Justice Department indicted five Chinese military officers, alleging they hacked U.S. companies’ computers to steal trade secrets, a major escalation in the fight between the two superpowers over economic espionage.

The indictment, unsealed Monday, marks the first time the U.S. government has publicly accused employees of a foreign power with cybercrimes against American firms. It also marks the most extensive formal allegations by the government of the kind of hacking that American corporations have long complained about, but until now have rarely acknowledged.

Among those named as victims in the document are brand names from America’s industrial heartland, including U.S. Steel Corp., Westinghouse Electric Co. and Alcoa Inc.

U.S. officials said other cases relating to China are being prepared. In addition, alleged hackers in Russia are likely to be charged soon, according to people familiar with the government’s investigations. U.S. agencies have also been investigating incidents with possible ties to Iran and Syria, these people say.

It is unlikely the suspects will ever be brought to trial in the U.S., since there is no extradition treaty with China. Yet in publicly naming the five, and providing details in a 48-page indictment, the Obama administration is ratcheting up the political and diplomatic costs to China and others if they use computers to steal secrets or attack U.S. interests. [Continue reading…]

Reuters adds: China on Tuesday summoned the U.S. ambassador in Beijing and warned it would retaliate if Washington followed through with the charges. It said the affair would damage “mutual trust”.

At the centre of the row is a nondescript tower block in the northern suburbs of China’s financial capital Shanghai, home to Chinese People’s Liberation Army (PLA) Unit 61398.

The 12-storey block houses as many as several thousand staff, according to Mandiant, a U.S. cyber security firm recently acquired by global network security company FireEye Inc . Mandiant identified the location as the source of a large number of espionage operations in a 70-page report last year. [Continue reading…]

Facebooktwittermail