Year 2013 will be year of cyber security. CNN expects more cyber wars this year. Cybercrime is on the rise, and last year we saw more and more computer virus attacks. Security company Kaspersky Lab warns of more new cyber-threats against enterprises and mobile devices. Cyber security also relates to mobile.
Security becomes an increasingly important issue. Year 2013 is the year of cyber security. Security company Stonesoft predicts we will face a more targeted launch cyber-attacks, cyber espionage and hactivism. Cyber security is the fastest growing trend in information security and its importance will increase in the future. According to Stonesoft the current security systems are unable to provide adequate protection against targeted attacks: we require proactive cyber protection and willingness to face the unknown threats.
Hacktivism will continue. According to article Anonymous: ‘Expect us 2013′ the hacking group boasted its cyberattacks against the U.S., Syrian, and Israeli governments in 2012. They are also warning people to continue to expect this type of activity.
SCADA security was hit hard in 2012. Some of the big manufacturers hit hard have learned their lessons and test their devices more now. But how are some smaller manufacturers security testing? Metasploit has special category for SCADA
devices. Good idea to test your devices against it.
There is still work to do on Cyber security standards and SCADA standards. For example in very widely used automation security standard IEC 61508 security is addresses only in informative way (NOT MANDATORY. IEC 62443-2-4: A Baseline Security Standard for Industrial Automation Control Systems is a good starting point when thinking on SCADA systems security.
Nowadays you need to think about SCADA system security more then some years ago. Previously, it was thought that it is sufficient to isolate factory process automation system from the office networks and the Internet. This is no longer enough. Nowadays you need to think about information security of production of automation systems. You can’t keep the automation systems isolated from Internet. Accidental connections to Internet from isolated networks happen. Malware can spread through USB memory sticks (Stuxnet did that). And nowadays there are more and more business reasons to connect process automation systems to other networks. So automations system do not anymore live in complete isolation from rest of the world.
Systems with SCADA vulnerabilities have become easier to find. Hackers tap SCADA vuln search engine article tells a search engine that indexes servers and other internet devices is helping hackers to find industrial control systems that are vulnerable to tampering. Search engine Shodan easily pinpoints shoddy industrial controls. Shodan makes it easy to locate internet-facing SCADA, or supervisory control and data acquisition, systems used to control equipment at gasoline refineries, power plants and other industrial facilities. The search engine can also be used to identify systems with known vulnerabilities. Shodan makes networks more vulnerable to brute-force attacks on passwords, many of which may still use factory defaults.
Thousands of SCADA Devices Discovered On the Open Internet article tells that there are all the time news of the continuing poor state of security for industrial control systems. The pair of researchers with found found not only devices used for critical infrastructure such as energy, water and other utilities, but also SCADA devices for HVAC systems, building automation control systems, large mining trucks, traffic control systems, red-light cameras and even crematoriums. Never underestimate what you can do with a healthy list of advanced operator search terms and a beer budget.
Researchers have also found crippling flaws in GPS receivers. Global Positioning System infrastructure critical to the navigation of a host of military and civilian technologies including planes, ships and unmanned drones. GPS system is also used to generate accurate clocks in SCADA system and smart grid devices. Researchers showed that they could permanently de-synchronise the date of Phasor Measurement Units used in smart grid and cause UNIX epoch rollover in a few minutes. The overall landscape of GPS vulnerabilities is startling.
Happy now? Mobiles, cloud, big data now ‘a growing security risk’ article tells that innovations in mobile and cloud computing, social technology and the use of “big data” present an emerging risk to organisations’ IT security, experts have warned. The European Network and Information Security Agency (ENISA), which is an EU advisory body, said that those technologies would increasingly provide the platform for “most of the innovation expected in the area of IT” and warned that with their emergence would come an associated increased cyber threat. ENISA warned that the threat stemming from mobile computing comes from the fact that mobile communications take place over “poorly secured … or unsecured channels”. The most significant threat stems from hackers inserting malicious software in website browser and other software available on mobile devices. Cyber criminals could also use the capabilities of cloud computing for their own gains, such as by storing malware in those systems and using the technology as a platform to launch attacks.
Drive-by downloads attacks against web browsers have become the top web threat. More specifically, attackers are moving into targeting browser plugins such as Java (Java exploits are the major cross-platform threat), Adobe Reader and Adobe Flash. The drive-by download attacks are almost exclusively launched through compromised legitimate websites which are used by attackers to host malicious links and actual malicious code. Exploits are sold for considerable amount of money and quickly included into exploit kits.
Africa’s Coming Cyber-Crime Epidemic article tells that last decade may have just been the first step in a looming African cyber-crime wave. Africa has the world’s fastest-growing middle class, whose members are increasingly tech-savvy and Internet connected and lax law enforcement is a perfect petri dish for increased cybercrime.
European wide cyber police started. EU’s new European Cybercrime Centre (EC3) was just opened few days ago. The facility will act as the “focal point” in the EU’s fight against cybercrime, against both businesses and private citizens. EC3 will act as a hub where crime-fighters can pool expertise and information, support criminal investigations and help develop and spread best practice. It will work with industry to develop threat assessments. It will work closely with the FBI and the US Secret service, in addition to other foreign agencies.
1,930 Comments
Tomi says:
Haglund: the police and the armed forces greater powers to the network
Changes in the law is being prepared. Finnish Defense Minister Carl Haglund, the target does not have to pry privacy, but to stop the invaders.
The Board of Directors received a cyber-strategy completed in January . It is prepared on the basis of changes to the law. Defense Minister Carl Haglund (r.) considers it likely that the police and the armed forces are shown more power.
- This is a delicate subject, but the authorities must in today’s world have rights to operate the network. The police and the armed forces are responsible for security in the country, and the legislation must ensure that, for example, that the Internet can act.
In Sweden, the matter is taken care of so-called “spy of the Law”, in which the army can not directly control the cross-border traffic.
- All will understand that the goal is not to pry Finland’s privacy, or read ordinary citizens Gmail and Facebook, but the question is just that to stop and intervene when another of their secret operations against Finland and the Finnish authorities.
Legislative changes have been drafted since January, and the work will be completed in the year.
Source: http://yle.fi/uutiset/haglund_poliisille_ja_puolustusvoimille_lisaa_valtuuksia_verkkoon/6914452
Tomi says:
Professor: Spyware is a secret, but normal
Under international law, Professor Martti Koskenniemi not be surprised to spyware news. According to him, cyber-spying has been talked about for so long, that the spy allegations seem plausible. He also estimates that the Finnish security authorities did have expect something like that.
Koskenniemi notes that the disclosure of the espionage is unlikely to have much practical significance.
- It is somewhat politically damaging to be caught, but the Finnish side direction is very small.
Source: http://www.3t.fi/artikkeli/uutiset/talous/professori_vakoilu_on_salaista_mutta_normaalia
Tomi says:
The network security company Stonesoft cyber secureity manager Jarno Limnell the Department of State Web espionage case it was not a surprise to experts in the field.
- I can not say that it would be so much of a surprise when you look at the kind of news, for example, through the revelations of Edward Snowden has moved, Limnéll says.
According to him, countries have in recent years without avoiding the cost of construction as well kybermaailmassa advanced approaches of online spying is just one part.
-The most interesting question is what happens all the networks, which we do not know anything.
The recent revelations of spying on a few events a year ago. Everyone knows that a couple of years in the IT industry a long time.
- This just seems to be working days. Kybermaailmaan created using the talents States, in addition to an active criminal organizations, Limnéll says.
Source: http://www.3t.fi/artikkeli/uutiset/teknologia/um_n_tietomurto_ei_yllattanyt_it_asiantuntijoita
Tomi Engdahl says:
ARM study shows 75% of biz leaders actively investigating IoT
http://semiengineering.com/week-review-system-level-design-2/
ARM released a study, in conjunction with the Economist Intelligence Unit, that shows 75% of global business leaders are actively researching opportunities on the Internet of Things. The report says the five barriers for companies increasing the use of the IoT are lack of employee skills, lack of senior management commitment, lack of an obvious tie between products and the IoT, immature standards, and the high cost of investment required for the infrastructure.
Tomi Engdahl says:
Securing Intelligent Systems from the Ground Up
http://techonline.com/electrical-engineers/education-training/tech-papers/4416265/Securing-Intelligent-Systems-from-the-Ground-Up
If the layered approach—platform security, software protection, data security—is implemented intelligently and adopted widely, it will serve as a potent security framework that transforms today’s insecure Internet of Things into a secured intelligent system that creates and processes data that can be trusted.
Tomi Engdahl says:
Will NSA revelations lead to the Balkanisation of the internet?
http://www.theguardian.com/world/2013/nov/01/nsa-revelations-balkanisation-internet
As countries move to protect their citizens’ digital privacy, Ian Brown considers their options and the potential impact
There has been criticism of America’s National Security Agency and Britain’s GCHQ from Latin American nations, and close allies such as France and Germany, have expressed dismay. The European Union’s internal market commissioner, Michel Barnier, has called for a “European data cloud”, while its justice commissioner, Viviane Reding, has declared Monday’s European parliament vote on new data protection rules to be “Europe’s declaration of independence”.
These countries are pushing strongly for the UN to take a greater role in future internet governance, as India, Russia and China, have already done.
Brazil argues that it is simply protecting its citizens from an out-of-control US surveillance machine, while promoting the development of local internet businesses – a key 21st century industry. Germany’s privacy commissioners have called for a review of whether Europe’s internet traffic can be kept as far as possible within the EU (and by implication, from the UK).
Are these proposals all steps towards a “Balkanised” set of isolated, national internets, as some fear?
US internet giants, such as Facebook and Google, are concerned at the increased costs and complexity of having to set up national data centres – and perhaps even separate regional subsidiaries, credibly insulated from demands for data from the US and its Five Eyes intelligence allies. But users would see little difference day-to-day.
They might see warnings when information was about to be sent to servers vulnerable to the exercise of US legal powers
However, without significant US legal reform, it is difficult to see what other options exist for countries that are not members of the Five Eyes surveillance club. Calls for the EU to cancel its “safe harbour” agreement, which allows companies to send Europeans’ personal data across the Atlantic, are unlikely to succeed due to the potential economic damage.
Tomi Engdahl says:
iPads banned from cabinet meetings over surveillance fears
Putting the i into iRony
http://www.theinquirer.net/inquirer/news/2304721/ipads-banned-from-cabinet-meetings-over-surveillance-fears
MOBILE PHONES and tablets like the Apple iPad have been barred from UK government cabinet meetings due to fears about foreign surveillance.
The irony here is that the personal communications and data traffic of the whole world is under surveillance and we are rapidly running out of options for opting out.
The UK government runs its own Tempora project surveillance and apparently is quite cosy with the US National Security Agency.
According to a report at the Telegraph, iPads were present during a UK cabinet meeting presentation by Francis Maude but were whipped away as soon as it was finished.
The national security drum was banged, and the speculation is that an iPad can be turned into a two-way communication device without its owner’s awareness.
Tomi Engdahl says:
The most advanced virus? Penetrates into the BIOS and send secret messages with speakers
A well-known security researcher Dragos Ruiu claims to have found a new malicious program that affects their computers at the lowest level, ie in the bios.
So far, the existence of security of the virus has not been received, but no one has even been able to set aside the Ruiun claims.
Computer BIOS striking malware is known already. Badbiosista makes exceptional, however, is that the Ruiu argues that it is immune to even the BIOS, reinstalling.
Even fancier is Ruiun claim that Badbios communicates with other contaminated equipment by sending high frequency sound through the computer.
The sounds are so high in frequency that human ears can not hear them. In contrast, other devices are able to Ruiun the microphone captures the Messages sent to.
Source: http://www.tietoviikko.fi/kaikki_uutiset/kaikkien+aikojen+kehittynein+virus+tunkeutuu+biosiin+ja+lahettaa+kaiuttimilla+salaisia+viesteja/a944433
Tomi Engdahl says:
#badBIOS features explained
http://blog.erratasec.com/2013/10/badbios-features-explained.html#.UnemahBsUik
Dan Goodin at Ars Technica has reported on Dragos Ruiu’s “badBIOS” analysis. I thought I’d explain how some of this stuff works.
The story so far is this: Dragos’s laptops appear to be have been infected by a virus more advanced than anything seen so far, more advanced than Stuxnet or Flame, two previous examples of state-sponsored advanced viruses.
We don’t know of any of this is real.
Also, Dragos hasn’t given us anything we can independently verify. If it’s a bad BIOS, Dragos can extract it and publish it. If a USB drive infects a system, Dragos can use a USB sniffer and dump all the packets going across the USB bus. If it’s ultrasonic audio, Dragos could record the sound in WAV files. He could publish all this stuff, and we could see for ourselves whether it’s real or not. That he hasn’t casts doubt on what he’s found.
Tomi Engdahl says:
Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps
Like a super strain of bacteria, the rootkit plaguing Dragos Ruiu is omnipotent.
http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/
Three years ago, security consultant Dragos Ruiu was in his lab when he noticed something highly unusual: his MacBook Air, on which he had just installed a fresh copy of OS X, spontaneously updated the firmware that helps it boot. Stranger still, when Ruiu then tried to boot the machine off a CD ROM, it refused. He also found that the machine could delete data and undo configuration changes with no prompting. He didn’t know it then, but that odd firmware update would become a high-stakes malware mystery that would consume most of his waking hours.
In the following months, Ruiu observed more odd phenomena that seemed straight out of a science-fiction thriller. A computer running the Open BSD operating system also began to modify its settings and delete its data without explanation or prompting.
“We were like, ‘Okay, we’re totally owned,’” Ruiu told Ars. “‘We have to erase all our systems and start from scratch,’ which we did. It was a very painful exercise. I’ve been suspicious of stuff around here ever since.”
“We had an air-gapped computer that just had its [firmware] BIOS reflashed, a fresh disk drive installed, and zero data on it, installed from a Windows system CD,” Ruiu said. “At one point, we were editing some of the components and our registry editor got disabled. It was like: wait a minute, how can that happen? How can the machine react and attack the software that we’re using to attack it? This is an air-gapped machine and all of a sudden the search function in the registry editor stopped working when we were using it to search for their keys.”
But the story gets stranger still. In posts here, here, and here,
Tomi Engdahl says:
US officials say forget about clemency for Snowden
But Snowden tells Der Spiegel he’s justified due to the call for reform he sparked.
http://arstechnica.com/tech-policy/2013/11/us-officials-say-forget-about-clemency-for-snowden/
If it wasn’t already clear that the US government was unhappy with National Security Agency leaker Edward Snowden—and the feds want him extradited, President Obama denounced him—it is now. Today, the chairwoman of the Senate Intelligence Committee, Dianne Feinstein (D-CA), and her House counterpart, Mike Rogers (R-MI), both emphasized there would be no mercy coming from Washington.
“He was trusted; he stripped our system; he had an opportunity—if what he was, was a whistle-blower—to pick up the phone and call the House Intelligence Committee, the Senate Intelligence Committee, and say I have some information,” Feinstein told CBS’ Face The Nation. “But that didn’t happen. He’s done this enormous disservice to our country, and I think the answer is no clemency.”
Tomi Engdahl says:
Don’t mess with my browser!
http://chrome.blogspot.fi/2013/10/dont-mess-with-my-browser.html
In some ways, it’s safer than ever to be online — especially if you use Chrome. With continued security research and seamless automatic updates, your browsing experience is always getting better and more secure. But recently you may have noticed something seems amiss. Online criminals have been increasing their use of malicious software that can silently hijack your browser settings. This has become a top issue in the Chrome help forums; we’re listening and are here to help.
Bad guys trick you into installing and running this kind of software by bundling it with something you might want, like a free screensaver, a video plugin or—ironically—a supposed security update. These malicious programs disguise themselves so you won’t know they’re there and they may change your homepage or inject ads into the sites you browse. Worse, they block your ability to change your settings back and make themselves hard to uninstall, keeping you trapped in an undesired state.
We’re taking steps to help, including adding a “reset browser settings” button in the last Chrome update, which lets you easily return your Chrome to a factory-fresh state. You can find this in the “Advanced Settings” section of Chrome settings.
Tomi Engdahl says:
12 year old ticking time bomb in Finnish companies
Windows XP is about 12 years old and therefore out of date, and security. The last operating system support will be discontinued in April. Six months later XP becomes more dangerous as a platform that security holes are not blocked.
Despite this, Windows XP is still found in almost one third of the world’s PCs. The problems are easy to push only China and developing countries, the reason, but the Atea and Market Vision fresh market review says another.
In Finland, 40 per cent of is the problem
Market Vision interviewed for the research of more than 300 companies and public sector organizations. According to the survey 40 per cent of Finnish companies and public sector organizations still using Windows XP, at least to some extent.
The large, more than one thousand employees in organizations share is even higher, at around 62 per cent. XP has not got rid of any small less than one hundred people in organizations. XP can be found just under one third of them.
Market Vision of the problems found in a particular major public sector organizations such as hospital districts. The report, however, says that the XP problem encountered in Finland for all types of businesses and organizations.
Atea warns that the projects have now a real hurry.
One reason for the delays is the application changes. Many organizations are using any of the XP platform tailor-made for business applications, such as enterprise resource planning system. Updating your operating system will only succeed when the application has been compensated or the exercise of the new platform.
Windows XP can also be found in addition to updated data centers. Windows Server 2003 Server operating system support only runs for about a year to get XP. Old server platform is still used in many Finnish organizations.
Atea reports that Windows XP sometimes the problem is rotated in such a way that the number of services are transferred to Windows Server 2003-based servers. This can be a period of one year.
Source: http://www.digitoday.fi/data/2013/11/04/12-vuotta-vanha-aikapommi-tikittaa-suomalaisissa-yrityksissa/201315353/66?rss=6
Tomi Engdahl says:
ICO on beefed-up EU privacy rules: Biz bods will need ‘explicit consent’ to slurp data
Never mind what the prime minister said…
http://www.theregister.co.uk/2013/11/04/ico_on_new_draft_data_protection_rules/
Businesses can help ease the transition towards complying with new EU data protection rules by taking a number of steps now, the Information Commissioner’s Office (ICO) has said.
In an ICO blog, Deputy Information Commissioner David Smith said businesses can begin by reviewing their procedures for obtaining consent to the processing of personal data, and also undertake measures to make compliance with new data breach notification rules easier.
Businesses can help ease the transition towards complying with new EU data protection rules by taking a number of steps now, the Information Commissioner’s Office (ICO) has said.
In an ICO blog, Deputy Information Commissioner David Smith said businesses can begin by reviewing their procedures for obtaining consent to the processing of personal data, and also undertake measures to make compliance with new data breach notification rules easier.
“While there will likely continue to be alternatives to relying on an individual’s consent to process their personal information, it’s clear that if your organisation is going to rely on consent then it will need to be ‘explicit’ to be valid,” Smith said.
“There’s still some negotiation to go before we see this high standard adopted, but it’s worth checking now how you are obtaining consent, and whether customers realise what they are consenting to. In the future you may also need to be able to prove that somebody has knowingly given you their consent, so start thinking now as to how you gather and document this.”
Tomi Engdahl says:
Data protection reforms delayed but 2015 deadline gives time to get new rules right, says expert
http://www.out-law.com/en/articles/2013/October/data-protection-reforms-delayed-but-2015-deadline-gives-time-to-get-new-rules-right-says-expert/
New EU data protection laws will not be passed until 2015 after EU leaders negotiated to delay the finalising of the new framework at a meeting last week.28 Oct 2013
“Much needed modernising of data protection rules remains on the agenda and is being taken seriously but with a realistic timescale to negotiate a final draft,” Wynn said. “It is positive that there will remain momentum towards reforms as a result of a deadline being set, which may have been lost if a time limit on negotiations was not agreed. However, there are still differences that remain about exactly how the new regime should look.”
In January 2012 the European Commission outlined plans to update the EU’s existing data protection law regime. It published a draft General Data Protection Regulation which, if introduced, would see a single framework of data protection apply throughout the EU and also bring businesses based outside the trading bloc but targeting services at EU citizens’ within the scope of the rules. The Commission also published a draft Directive specifically to set rules on personal data processing for law enforcement bodies in the EU.
At the moment the EU Data Protection Directive is applied slightly differently within each of the 28 EU member states. The Commission sought to harmonise the rules and bring them up to date for the digital era in outlining its plans for a new Regulation.
“The Government wants to see EU data protection legislation that protects the privacy of individuals, while ensuring businesses of all sizes are able to grow and innovate,” Justice Secretary Chris Grayling said in a statement sent to Out-Law.com. “These should be achieved in tandem, not at the expense of one or the other.”
Tomi Engdahl says:
Cyber-terrorists? Pah! Superhero protesters were a bigger threat to London Olympics
Seb Coe: Taxi drivers blocked from 2012-only lanes were also a bit testy
http://www.theregister.co.uk/2013/11/04/olympics_rsa_coe/
RSA Europe 2013 Protests from groups such as Fathers4Justice were more of a worry to London 2012 Olympic Games organisers than computer hackers, according to the former chairman of London 2012, Lord Sebastian Coe.
He said procedures put in place before the Games to guard its IT systems – including Wi-Fi networks in stadiums as well as the main Olympics website – had worked well.
In practice, risks from pressure groups and local political campaigners proved the biggest headache but precautions against all types of threat had to be prepared, he noted.
“The threats of disruption came from everything from Fathers4Justice through to taxi drivers, angry they weren’t allowed into the Olympic lanes. That tended to be the level of the threat. Most of the challenges weren’t terrorists, cyber or otherwise,” said Coe, who was speaking at the RSA Conference Europe 2013 which took place in Amsterdam this week.
Earlier at the conference, BT security chief executive officer Mark Hughes said that no cyber attack had occurred during the Games, repeating previous statements by the telco giant. BT dealt with over 212 million cyber attacks on the official website during last year’s Olympic and Para-Olympic Games.
A recent documentary from BBC Radio 4 revealed that London Olympics officials were warned hours before the opening ceremony that the event might come under cyber-attack.
The security team had already run extensive tests on the electricity supply systems supporting the games long before the threat, which, based on the discovery of “attack tools and targeting information”, it was feared might relate to the Olympics.
In the event nothing happened. The whole incident is more of an interesting case study on how to deliver super-reliable power supply systems rather than anything that sheds much light on the capabilities of hacktivists or other malign actors when it comes to attacking industrial control gear. It’s unclear who was behind the threat to the Olympics.
Tomi Engdahl says:
Snowden Publishes “A Manifesto For the Truth”
http://yro.slashdot.org/story/13/11/04/1252205/snowden-publishes-a-manifesto-for-the-truth?
“In the letter, Mr. Snowden reflects on the consequences of the information released so far, and their effect on exposing the extent and obscenity of international and domestic surveillance, while continuing to call out the NSA and GCHQ as the worst offenders.”
Tomi Engdahl says:
Google’s Schmidt: NSA Spying on Data Centers Is ‘Outrageous’
http://blogs.wsj.com/digits/2013/11/04/googles-schmidt-on-nsa-china-and-north-korea/
Google Inc. Executive Chairman Eric Schmidt bristled at reports that the U.S. government allegedly spied on the company’s data centers, describing such an act as “outrageous” and potentially illegal if proven.
“It’s really outrageous that the National Security Agency was looking between the Google data centers, if that’s true. The steps that the organization was willing to do without good judgment to pursue its mission and potentially violate people’s privacy, it’s not OK,” Mr. Schmidt told The Wall Street Journal in an interview on Sunday. “The Snowden revelations have assisted us in understanding that it’s perfectly possible that there are more revelations to come.”
Mr. Schmidt said Google had registered complaints with the NSA, as well as President Barack Obama and members of Congress.
“The National Security Agency allegedly collected the phone records of every phone call of 320 million people in order to identify roughly 300 people who might be a risk. That’s just bad public policy…and perhaps illegal,” he said.
Mr. Schmidt said in the interview that the right balance of security and privacy starts with finding the appropriate level of oversight.
electrician school 64055 sweating at night says:
This arricle will help the internet visitors for building up new web site oor even a weblog from stasrt to end.
Here iss my web siye – electrician school 64055 sweating at night
Tomi Engdahl says:
How we know the NSA had access to internal Google and Yahoo cloud data
http://www.washingtonpost.com/blogs/the-switch/wp/2013/11/04/how-we-know-the-nsa-had-access-to-internal-google-and-yahoo-cloud-data/
The Washington Post reported last Wednesday that the National Security Agency has been tapping into the private links that connect Google and Yahoo data centers around the world. Today we offer additional background, with new evidence from the source documents and interviews with confidential sources, demonstrating that the NSA accessed data traveling between those centers.
The background also helps explain the response of U.S. officials following the publication of the story.
The story did not say the NSA breaks into “servers” or “databases.” It said the agency, working with its British counterpart, intercepts communications that run on private circuits between the fortress-like data centers that each company operates on multiple continents.
The distinction is between “data at rest” and “data on the fly.” The NSA and GCHQ do not break into user accounts that are stored on Yahoo and Google computers. They intercept the information as it travels over fiber optic cables from one data center to another.
Our Wednesday story reported that the NSA is not relying only on PRISM to get information from Yahoo and Google. It is also working with its British counterpart, the GCHQ, to break into the private “clouds,” or internal networks, of those companies.
The two companies do not entrust their data center communications to the “public internet,” which is comparable to an international highway system that anyone can use. Instead, they link their data centers with thousands of miles of privately owned or privately leased fiber optic cable – in effect, a system of private highways. When Google and Yahoo have to share a stretch of road with the public internet, they take other precautions to keep their traffic secure.
“This is not traffic you would encounter outside of Google’s internal network,” said one of the experts. The slide shows data in a format that is “only used on and between Google machines. And, also as far as I know, Google doesn’t publish their binary RPC protocol, which is what this resembles.”
An RPC is a “remote procedure call,” and this one is used when one Google data server has to confirm that it is talking to another. The author of the slide confirms that, describing the captured data as “internal server-to-server authentication.” Google’s proprietary authentication system is “Gaia,” which appears in the captured data stream. Another expert with inside knowledge confirmed that its characteristics are not public.
Another NSA slide provided by former contractor Edward Snowden showed that the NSA developed Google-specific “protocol handlers” so that it could parse the company’s proprietary formats and pull out the information it wanted to keep.
Tomi Engdahl says:
Google’s Eric Schmidt Lambasts NSA Over Spying
http://online.wsj.com/news/articles/SB10001424052702304391204579177104151435042
Google Inc. GOOG -0.09% Executive Chairman Eric Schmidt reacted to reports that the U.S. government allegedly spied on the company’s data centers, describing such an act as “outrageous” and potentially illegal if proven.
“It’s really outrageous that the National Security Agency was looking between the Google data centers, if that’s true. The steps that the organization was willing to do without good judgment to pursue its mission and potentially violate people’s privacy, it’s not OK,” Mr. Schmidt told The Wall Street Journal in an interview. “The Snowden revelations have assisted us in understanding that it’s perfectly possible that there are more revelations to come.”
Tomi Engdahl says:
November 04, 2013, 06:00 am
NSA chief likely to lose cyber war powers
http://thehill.com/blogs/hillicon-valley/technology/189036-nsa-chief-likely-to-be-stripped-of-cyber-war-powers
Senior military officials are leaning toward removing the National Security Agency director’s authority over U.S. Cyber Command, according to a former high-ranking administration official familiar with internal discussions.
Keith Alexander, a four star general who leads both the NSA and Cyber Command, plans to step down in the spring.
No formal decision has been made yet, but the Pentagon has already drawn up a list of possible civilian candidates for the next NSA director, the former official told The Hill. A separate military officer would head up Cyber Command, a team of military hackers that trains for offensive cyberattacks and protects U.S. computer systems.
“Some things are better to have two centers of power,” Healey said. “If you have just one, it’s more efficient, but you end up making dumb decisions.”
He argued the government would never, for example, put one general in charge of gathering intelligence in China, commanding covert forces against China and setting policy toward China.
“We’ve now created a center of power that we would never allow in any other area,” Healey said. “And it certainly shouldn’t be allowed in something so critical to our future and national security as the Internet and cyberspace.”
Tomi Engdahl says:
Why the Attack on Buffer Was a Serious Wake-Up Call for the Web
http://blog.programmableweb.com/2013/11/04/why-the-attack-on-buffer-was-a-serious-wake-up-call-for-the-web/
On October 26, 2013, users of both Facebook and Twitter discovered that their accounts were responsible for spamming both social networks with unauthorized posts, many of which promoted a weight-loss scheme. It wasn’t long before the social posting and scheduling service Buffer realized that it was the source of those posts. Its infrastructure had been compromised and, for a brief period, the attackers inherited Buffer’s carte blanche authority to make posts to both Twitter and Facebook on behalf of the Hootsuite-like company’s registered users.
The incident casts a spotlight on the blind faith that end-users are hastily placing in many of the applications to which they’ve entrusted their Twitter and Facebook accounts. If anything, the attack on Buffer should serve as a wake-up call. The Web as it turns out, is not nearly as secure as many believe it to be. The incident also serves as a clarion call to Web developers as well as API providers that security must be their top priority. It is a discipline that is intolerant of short-cuts, cost savings, and incompetence. There’s simply too much at risk. This ProgrammableWeb investigation explains why.
So Many Attack Vectors. So Little Time.
In a blog post dated October 29, 2013, the former head of the Cloud Architecture & Security Team for Adobe’s Creative Cloud initiative and current founder of Evident.io Tim Prendergast wrote “There are far too many APIs being cranked out in such a short period of time… there is no way that they have all been properly secured and built. There will definitely be new attack vectors in an API-centric Internet, but we are still too early to know the pervasiveness of such attacks.”
Web Security Is A Journey. It’s Never Over.
Tomi Engdahl says:
Would the Mob Really Break Your Virtual Kneecaps With Counterfeit Chips?
http://spectrum.ieee.org/tech-talk/semiconductors/devices/would-the-mob-really-break-your-virtual-kneecaps-with-counterfeit-chips
It’s easy to infiltrate a semiconductor chip supply chain with counterfeits. The path from the original manufacturer to the final use is notoriously weak, especially for older chip models, which are often needed for military applications. There are different types of counterfeits: they can be falsely labeled, used, broken, actual fakes, or, as we are told this week, hacked to a specific purpose by the mob.
It’s not a new concern, but IOActive gives it a new twist with the gangster angle. They’re not wrong about the threat, but the company’s blog post smells a little like fear mongering.
To illustrate their point, the authors dissect a chip ordered from an online electronics broker. IOActive, which investigates counterfeit claims, took the microprocessor in question apart and found that it was a ST ST19AF08 chip pretending to be a ST19XT34.
By itself, this is not surprising. Counterfeiting chips is a rampant, possibly already billion-dollar business that continues to grow, and it has, in fact, probably already been infiltrated by organized crime. The number of counterfeit incidents goes up every year, according to private companies and the US government—in part due to US legislation that is pushing companies to report finding fakes.
IOActive’s conclusion is that if it is easy to fake a chip and difficult to identify a fake, it must also be easy for criminal organizations and foreign governments to make minor modifications to chips that would never be noticed at all. A bad chip in the right place could compromise security with backdoors, malicious code, or rigged algorithms.
Tomi Engdahl says:
Antivirus bods grilled: Do YOU turn a blind eye to government spyware?
AS IF G-men would tell us about state-sponsored badness, scoff AV firms
http://www.theregister.co.uk/2013/11/05/av_response_state_snooping_challenge/
Security guru Bruce Schneier has joined with the Electronic Frontier Foundation and 23 other privacy and digital rights activists to call on antivirus firms to publicly state they do not turn a blind eye towards state-sponsored malware.
The existence of the NSA’s Tailored Access Operations (TAO) hacking squad unit has been an open secret for years, but recent revelations have fleshed out the details and revealed that NSA hackers have procedures that mean they generally only resort to malware only in cases where it’s unlikely their malicious code will be detected.
Effective security scanners might therefore be a factor when the NSA decides whether or not to run malware-based attacks
“As a manufacturer of antivirus software, your company has a vital position in providing security and maintaining the trust of internet users as they engage in sensitive activities such as electronic banking,” the privacy activists and security experts wrote in an open letter to antivirus companies. “Consequently, there should be no doubt that your company’s software provides the security needed to maintain this trust.”
Tomi Engdahl says:
Bitcoin Protocol Vulnerability Could Lead To a Collapse
http://slashdot.org/story/13/11/04/2247258/bitcoin-protocol-vulnerability-could-lead-to-a-collapse
“Cornell researchers unveiled an attack on the Bitcoin mining protocol that enables selfish mining pools to earn more than their fair share. In a technical report the authors explain this attack can be performed by a pool of any size. Rational miners will join this pool to increase their benefits, creating a snowball effect that may end up with a pool commanding a majority of the system’s mining power.”
Tomi Engdahl says:
5 World Problems Too Big for Big Data
http://www.cio.com/article/742142/5_World_Problems_Too_Big_for_Big_Data?page=1&taxonomyId=600010
Despite advances in computing power, storage and analytics technology, some challenges are still too big for big data. Here’s a look at five such problems — and what it will take to solve them.
Health Records for the World: Medicine Where It’s Needed Most
Human Brain Map: See How the Rest of the Body Works
Map World Supply of Uranium: Track Weaponization, Energy Supply
Real-time Global Crime Data: More Proactive Policing
Tracking Everyone’s Children: Better, More Timely Amber Alerts
Tomi Engdahl says:
Think Hoarding Passwords Keeps You Safe From Firing? Think Again
http://www.forbes.com/sites/ericgoldman/2013/11/04/think-hoarding-passwords-keeps-you-safe-from-firing-think-again/
Most employees think they are indispensable to their employers, but in fact, most employees are easily replaced. A recent legal ruling involved an IT manager who sought job security by holding “the keys to the kingdom”–the passwords to the company’s computer network that only he possessed. His plan didn’t become a fast track to climbing the corporate ladder; instead, it led to his relocation into a jail cell.
He apparently distrusted his co-workers and sought to make himself unfireable, so he arranged to become the only person with his network’s passwords. When he was suspended from his job, he refused to divulge the passwords so that his employer could reassume control over its network.
For taking these steps, Childs was convicted of violating California’s state computer crime law (California Penal Code Sec. 502(c)(5)), which criminalizes taking an action that “knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network.” He was sentenced to four years in prison and ordered to pay nearly $1.5 million in restitution, the bulk of which compensates the employer for its post-firing efforts to find and fix Childs’ backdoors.
Tomi Engdahl says:
Tuomioja on Finnish Foreign Ministry online spying: These things of interest spies
Foreign Minister Erkki Tuomioja (SDP), a number of EU countries has been similar to the Foreign Service subject to a fraction. No country has been told of cases on its own initiative in the public eye, or even the Union, Tuomioja said.
Tuomioja continued cyber espionage doping: one hundred percent safety has not been possible to obtain.
The issue was not Red October-malware, Tuomioja said. Red October polluted the only one workstation.
According to Tuomioja, EU issues, economic and trade issues have attracted spies, military, do not.
Source: http://www.iltalehti.fi/uutiset/2013110517687594_uu.shtml
Tomi Engdahl says:
Comparison: Finland kyber-laws badly lags behind other EU countries
The Ministry of Defence will finalize legal safeguards , which would extend the powers of the authorities , including internet traffic monitoring .
Finland is in kyber-readiness EU top of the tail , survives among EU countries from the comparison .
Finland with the same level of only a handful of other EU countries , and those, all are former Eastern European countries , the Finnish Defence Administration told Helsingin Sanomat .
As part of the kyberstrategiaa Ministry of Defence is currently finalizing legal safeguards , which would give the authorities the existing capacity significantly broader , inter alia, Internet traffic monitoring and electronic intelligence .
This would make it able to identify the launch cyber-attacks such as the ministries in early stage.
The new law is expected to be completed end of the year .
Among other things, the Swedish kyber-lab is regarded as a good example.
Jyrki Kasvi:
“Sweden is the legality of society and one of the only countries in the kyber law is provided for the public at the level . Must say that I’m just not all that Swedish radio intelligence will , inter alia, by e-mail . But when laws have been laid down in the Swedish Parliament , so there may also be considered whether the laws or not , ”
“In the U.S. , however no one will no longer be able to control what security officials are doing, because it’s all secret. , It ‘s scary ,”
“We have outside office hours, the authorities do not have now, in practice, readiness to act . I have compared the situation to the fact that we would have a sign at the border that we ask the aggressor please return to the issue on Monday morning . ”
Kyber-law preparation is a politically sensitive issue. Civil rights and privacy authorities may need to be put to the test because of the expanded spy powers .
Source: http://www.hs.fi/kotimaa/a1383544453582?jako=78652065a711119704045629a4bb242a&ref=fb-share
Tomi Engdahl says:
South Korea is stuck with Internet Explorer for online shopping because of security law
http://www.washingtonpost.com/world/asia_pacific/due-to-security-law-south-korea-is-stuck-with-internet-explorer-for-online-shopping/2013/11/03/ffd2528a-3eff-11e3-b028-de922d7a3f47_story.html
South Korea is renowned for its digital innovation, with coast-to-coast broadband and a 4G LTE network that reaches into Seoul’s subway system. But this tech-savvy country is stuck in a time warp in one way: its slavish dependence on Internet Explorer.
For South Koreans who use other browsers such as Chrome or Safari, online shopping often begins with a pop-up notice warning that they might not be able to buy what they came for.
“Purchases can only be made through Internet Explorer,” says one such message on the Web site of Asiana Airlines, one of South Korea’s two major carriers.
But South Koreans remain captive to laws passed 14 years ago, which — in the name of Internet security — require citizens to bank and make nearly all purchases with Internet Explorer. Three-quarters of the country’s Web usage involves Internet Explorer, according to a measurement by the Web analytics firm StatCounter — among the highest in the world.
“Internet Explorer has bugs. It freezes. It requires all these annoying updates,” said Lee Dong-won, a 35-year-old businessman.
“But everybody I know uses it,” said Seo Yeon-ho, a 25-year-old design student.
Those with computers that run Windows have no problem; even if they otherwise browse through Chrome or Firefox, they can double-click on IE when it’s time to make purchases.
But those with Apple computers — for which IE isn’t available — have it harder.
The story of how South Korea became dependent on Internet Explorer begins in the late 1990s.
South Korea’s government was among the first to encourage shopping and banking online, but many people were concerned about Internet safety.
To reassure South Korean customers, the government created its own system to authenticate the identities of online buyers. To make purchases, shoppers had to supply their names and social security numbers and apply for government-issued “digital certificates,” which they could present to sellers as proof of ID. The whole process took just a few clicks.
But the back-and-forth was technologically complicated, and it came with a catch: It required a piece of additional software, or “plug-in,” known as ActiveX — which is also made by Microsoft and worked in tandem only with Internet Explorer.
That system, implemented in 1999, remains largely in place today.
The certificates are not necessary on international sites such as eBay and Amazon.com, in which credit card information is passed from buyer to seller — and verified by a third, private party — with technology built into Web browsers.
South Korean Internet security officials insist that the certificates are necessary to maintain trust on the Web, though they recently approved two approaches — rarely used — for smaller purchases that don’t require ActiveX.
Many South Koreans say they are happy, in theory, to trade a little inconvenience for the sake of security. But critics here argue that the dependence on Internet Explorer has actually made the nation more vulnerable to malware. They point to a string of massive data thefts and cyberattacks in recent years.
In current versions of Internet Explorer, Web surfers must approve the use of ActiveX by clicking “Yes” to a question asking whether to proceed.
In South Korea’s National Assembly, a small group of lawmakers is pushing a bill to loosen the security laws. “We’ve fallen behind the times, and we’re clinging to an old tech trend,”
Tomi Engdahl says:
Revealed: Britain’s ‘secret listening post in the heart of Berlin’
Claims that GCHQ has maintained spying operations even after US pulled out
http://www.independent.co.uk/news/uk/home-news/revealed-britains-secret-listening-post-in-the-heart-of-berlin-8921548.html
Documents leaked by the US National Security Agency whistleblower Edward Snowden show that GCHQ is, together with the US and other key partners, operating a network of electronic spy posts from diplomatic buildings around the world, which intercept data in host nations.
An American intercept “nest” on top of its embassy in Berlin – less than 150 metres from Britain’s own diplomatic mission – is believed to have been shut down last week as the US scrambled to limit the damage from revelations that it listened to mobile phone calls made by Chancellor Angela Merkel.
But the NSA documents, in conjunction with aerial photographs and information about past spying activities in Germany, suggest that Britain is operating its own covert listening station within a stone’s throw of the Bundestag, Germany’s parliament, and Ms Merkel’s offices in the Chancellery, using hi-tech equipment housed on the embassy roof.
Tomi Engdahl says:
Anatomy of a password disaster – Adobe’s giant-sized cryptographic blunder
http://nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-disaster-adobes-giant-sized-cryptographic-blunder/
One month ago today, we wrote about Adobe’s giant data breach.
As far as anyone knew, including Adobe, it affected about 3,000,000 customer records, which made it sound pretty bad right from the start.
But worse was to come, as recent updates to the story bumped the number of affected customers to a whopping 38,000,000.
We took Adobe to task for a lack of clarity in its breach notification.
One of our complaints was that Adobe said that it had lost encrypted passwords, when we thought the company ought to have said that it had lost hashed and salted passwords.
The breach data
A huge dump of the offending customer database was recently published online, weighing in at 4GB compressed, or just a shade under 10GB uncompressed, listing not just 38,000,000 breached records, but 150,000,000 of them.
As breaches go, you may very well see this one in the book of Guinness World Records next year, which would make it astonishing enough on its own.
We kept the password hints, because they were very handy indeed
The first question is, “Was Adobe telling the truth, after all, calling the passwords encrypted and not hashed?”
The next question is, “What encryption algorithm?”
Now let’s work out, “What is the password that encrypts as 110edf2294fb8bf4 and the other common repeats?”
Bear in mind that salted hashes – the recommended programmatic approach here – wouldn’t have yielded up any such information – and you appreciate the magnitude of Adobe’s blunder.
There’s more to concern youself with.
Adobe also decribed the customer credit card data and other PII (Personally Identifiable Information) that was stolen in the same attack as “encrypted.”
And, as fellow Naked Security writer Mark Stockley asked, “Was that data encrypted with similar care and expertise, do you think?
Tomi Engdahl says:
Op-ed: Lavabit’s primary security claim wasn’t actually true
Ladar Levison stood up for users’ privacy—but perhaps a little too late.
http://arstechnica.com/security/2013/11/op-ed-a-critique-of-lavabit/
The quest for secure e-mail
I think we should celebrate and support Ladar for making the hard choice that he did to at least speak out and let his users know they’d been compromised. However, I think we should simultaneously be extremely critical of the technical choices and false guarantees that put Ladar in that position. There is currently an effort underway to release the Lavabit infrastructure under an open source license, which I worry will result in more of the same. Given its technical foundations, I wouldn’t advocate supporting the continuation of the Lavabit project.
Rather than funding Lavabit, if you’re interested in supporting a secure e-mail project, I have two alternate recommendations:
Mailpile: Despite what anyone tells you, end to end encrypted e-mail is not possible in a webmail world. The first precondition for developing a usable and forward secure e-mail protocol is a usable mail client, and I currently believe that Mailpile is our best shot at that.
Leap Encrypted Access Project: This is a secure e-mail project by people who fundamentally understand the challenges, the history, and the politics. They’ve been working on an incremental plan for developing a secure e-mail system with some really smart people, and I think we’ll all benefit from their work.
Trevor Perrin has also been doing some excellent work on an asynchronous protocol for secure e-mail, which I encourage everyone to take a look at and follow along.
Tomi Engdahl says:
Spying row: Indonesia threatens to stop co-operating on people smuggling
http://www.theguardian.com/world/2013/nov/04/spying-row-indonesia-threatens-to-stop-co-operating-on-people-smuggling
‘If Australia feels that there are ways of obtaining information other than the official one then one wonders where we are in terms of co-operation,’ says foreign minister Marty Natalegawa
The Indonesian foreign minister, Marty Natalegawa, has escalated the diplomatic row between Australia and Indonesia after revelations about Australia’s intelligence gathering activities by suggesting co-operation on people smuggling operations may be reviewed.
Last week Fairfax Media used documents leaked to German news magazine Der Spiegel by NSA whistleblower Edward Snowden to show that Australia was gathering intelligence from listening posts across the Asia-Pacific region.
Tomi Engdahl says:
Google Bots Doing SQL Injection Attacks
http://blog.sucuri.net/2013/11/google-bots-doing-sql-injection-attacks.html
One of the things we have to be very sensitive about when writing rules for our CloudProxy Website Firewall is to never block any major search engine bot (ie., Google, Bing, Yahoo, etc..).
To date, we’ve been pretty good about this, but every now and then you come across unique scenarios like the one in this post, that make you scratch your head and think, what if a legitimate search engine bot was being used to attack the site? Should we still allow the attack to go through?
This is exactly what happened a few days ago on a client site; we began blocking Google’s IP addresses because of the structure of the requests which were in fact SQLi attacks. Yes, Google bots were actually attacking a website.
What is going on?
It seems that while Google could really care less about your site and has no real interest in hacking you, their automated bots can be used to do the heavy lifting for an attacker.
Stealth Attacks Using Bots
Let’s assume we have an attacker, his name is John. John is your everyday hacker, he spends his day crawling the web looking for new vulnerabilities. In the process, he finds a number of vulnerable sites or web servers, ripe for the picking. John though, is not your average hacker, he is very aware of the forensics process, and knows that to be a successful hacker, you must cover your tracks.
Tomi Engdahl says:
Top 100 Adobe Passwords with Count
http://stricture-group.com/files/adobe-top100.txt
We do not (yet) have the keys Adobe used to encrypt the passwords of 130,324,429 users affected by their most recent breach. However, thanks to Adobe choosing symmetric key encryption over hashing,
selecting ECB mode, and using the same key for every password, combined with a large number of known plaintexts and the generosity of users who flat-out gave us their password in their password hint, this is not preventing us from presenting you with this list of the top 100 passwords selected by Adobe users.
Tomi Engdahl says:
The ten-year-old girl called ‘Sweetie’ who has caught more than a THOUSAND sexual predators including 110 Britons
http://www.dailymail.co.uk/news/article-2487397/Terre-des-Hommes-creates-CGI-girl-called-Sweetie-entice-child-porn-predators.html
Dutch chapter of children’s rights group Terre des Hommes created 10-year-old girl and posed as her in internet chatrooms
Researchers were approached by 20,000 predators from 71 countries and they have identified 1,000 of these and given their identities to Interpol
He said webcam sex with minors – which usually involves men from Western countries paying children from impoverished countries for sex shows – is still ‘a cottage industry’ and need to be stopped.
‘It’s still not too late,’ Guyt said. ‘Our worst scenario is that the same thing will happen with this as has happened with child pornography – that is now a multi-billion dollar industry in the hands of criminal gangs.’
Terre des Hommes has posted a documentary about its 10-week investigation on YouTube and begun a petition aimed at pressing police and politicians to do more to halt such illegal sex shows.
Terre des Hommes has for years worked to combat child prostitution in Southeast Asia and staff members noticed in recent years that young prostitutes were disappearing from their usual haunts: cafes, restaurants and hotels frequented by sex tourists.
They discovered that sex tourists no longer have to leave their homes to exploit children, thanks to the proliferation of high-speed Internet connections, Guyt said.
‘We have to make sure the world community understands the scale and nature of this phenomenon,’ Guyt said.
Tomi Engdahl says:
Crowdfunded audit of ‘NSA-proof’ encryption suite TrueCrypt is GO
Line-by-line code exam will blow hidden backdoor doubts into orbit, hope devs
http://www.theregister.co.uk/2013/11/06/truecrypt_audit_is_go/
A fundraising effort to pay for an independent, professional security audit of TrueCrypt, the popular disk encryption utility, has raised enough money to pay for an arguably long overdue audit of the security software.
TrueCrypt is a widely used utility that encrypts and decrypts entire drives, partitions or files within a virtual disk. The tool can also hide volumes of data on discs.
Cryptography expert Bruce Schneier uses TrueCrypt on an air-gapped PC to work on NSA files leaked by Edward Snowden. Yet this isn’t quite the ringing endorsement it might seem at first.
Tomi Engdahl says:
“Sweetie” Sting: Dutch activists claim to nab 1,000 sex predators using computer-generated “child”
http://www.cbsnews.com/8301-504083_162-57610865-504083/sweetie-sting-dutch-activists-claim-to-nab-1000-sex-predators-using-computer-generated-child/
(CBS/AP) AMSTERDAM – Dutch children’s rights activists used a computer-generated image of a 10-year-old Philippine girl to catch suspected sex predators and say that, as a result, they successfully unmasked 1,000 Internet users from 71 countries who wanted to pay to watch a child engage in sex acts via webcam.
The result was shocking, the group’s director of projects, Has Guyt, told The Associated Press on Monday.
“If we don’t intervene soon, this sinister phenomenon will totally run out of control,” said Terre des Hommes director of projects Hans Guyt as he stood in front of a wall plastered with the pixelated faces of adults duped by “Sweetie.”
Tomi Engdahl says:
Neglected Privacy Board to Probe Spygate Scandal
http://www.wired.com/threatlevel/2013/06/privacy-board-spygate/
A neglected and overlooked federal oversight board hit the limelight today when NSA chief Keith Alexander agreed publicly to cooperate with an investigation into the spygate scandal by the Privacy and Civil Liberties Oversight Board.
The five-member board, created in 2004 on the recommendation of the 9/11 Commission, first met in 2006. One member resigned a year later after the President George W. Bush administration made more than 200 revisions to its first report.
The board was subsequently transformed into an independent agency, with the power of subpoena and to review classified material. But the board was virtually idle from 2008 until last year, when four board members were confirmed by the Senate, with the fifth one in May.
The spygate investigation, proposed by Sen. Tom Udall (D-New Mexico), will peer into one of the biggest privacy scandals in the nation’s history. The board’s chairman, confirmed last month, is David Medine, a former associate director of the Federal Trade Commission.
Because there was no chairman, the board has done little. It has no website.
Tomi Engdahl says:
Hacking of Finnish Ministry of Foreign Affairs – how to protect yourself from
attack?
Foreign spies were staying over at the Finnish Foreign Ministry on the web. How you can protect yourself from such attacks? For ordinary users play an important role.
Ministry of Foreign Affairs web spying became public last week. The case was very unusual in Finnish conditions. One or more of the attackers were put in spyware Ministry of the data network, which is used to lower the level of security into their daily life. The malware had acted in the network may be up to four years.
Such attacks are the manner and quite different in intent than the criminals by “normal” web attacks. Used machines malware and pollution are a variety of ways. In order to protect against attacks, it is important to understand how the attacker is.
Ministry of Foreign Affairs of sorts espionage attacks are sometimes used in the English language the term Advanced Persistent Threat or APT. It refers to the attack destination network re-injected with advanced malware, the purpose of which is to be hidden for a long time.
These attacks, the specialty is just customization. Widely disseminated, malicious criminals are mass merchandise, whose goal is to scrape together as much as possible victims. Targeted attacks an attacker sees a lot of effort an individual an important target pollution. It could be a state-level destination, for example, or a major company.
Spyware dissemination of the use of two basic ways. The second is a customized e-mail, which is masked in some way to join the near work. This can be anything from work-related report, or invitation for an event.
The trap is a message hidden in the Annex or the accompanying net link. They found behind the real conditions of the material, and so the victim does not notice the malware infection.
Another channel for malware distribution is a USB flash drive. USB memory can be swallowed up in the vicinity of the target persons. The simplest sticks can be left outside the premises of the organization.
When an organization’s spyware on your computer, it will tend to spread to other computers on the same network.
Apt-targeted attacks and used in spyware detection is very difficult. Authority Security Cert-Fi says that the attack in the design special attention was paid to hide the infection.
If a person suspects such as spyware detected, it may remove themselves from your computer, and “clean up after themselves.”
Traditional security software and virus scans are not usually help. An important part of the protection is prevention.
The first step is based on getting things done right. Operating systems and applications, security updates should be up-to-date. You should also give priority to applications which have invested in information security – and avoid the continuing security problems in well-known programs. Such means can be difficult to do with the attacks.
It is also user training and mentoring.
Unknown usb flash drives should never be used to connect computers at work.
Strong security: no were
However, it is important to note that an attacker can not get in to any remedy in the. If the destination network you want to really get into this and take the necessary time and resources, the penetration usually end up being successful. The infection may be able to detect the organization of network traffic observation, but it is a difficult and tedious – and the damage may already have occurred.
Source: http://www.tietokone.fi/artikkeli/uutiset/ulkoministerion_hakkerointi_miten_suojautua_hyokkayksilta
Tomi Engdahl says:
Embassy Espionage: The NSA’s Secret Spy Hub in Berlin
http://www.spiegel.de/international/germany/cover-story-how-nsa-spied-on-merkel-cell-phone-from-berlin-embassy-a-930205-3.html
The scandal revives an old question: Are the German security agencies too trusting of the Americans? Until now, German agencies have typically concerned themselves with China and Russia in their counterintelligence work
The ongoing spying scandal is also fueling allegations that the Germans have been allowing the NSA to lead them around by the nose. From the beginning of the NSA scandal, Berlin has conducted its attempts to clarify the allegations with a mixture of naivety and ignorance.
It also seems to be difficult for German intelligence agencies to actually track the activities of the NSA. High-level government officials admit the Americans’ technical capabilities are in many ways superior to what exists in Germany.
But now, as a consequence of the spying scandal, the German agencies want to beef up their capabilities. “We’re talking about a fundamental realignment of counterintelligence,”
One focus of strategic considerations is the embassy buildings in central Berlin. “We don’t know which roofs currently have spying equipment installed,” says the security official. “That is a problem.”
Trade Agreement at Risk?
But now German-American relations are threatened with an ice age.
EU Leaders Consider Consequences
The American spying tactics weren’t far from the minds of leaders at the EU summit in Brussels last Thursday, either.
Because despite all the anger, Merkel still didn’t want to give up using her old number as of the end of last week. She was using it to make calls and to send text messages. Only for very delicate conversations did she switch to a secure line.
What the NSA revelations mean for you? « Tomi Engdahl’s ePanorama blog says:
[...] mean for you? I have linked to many news related to NSA spying information by Edward Snowden at Security trends for 2013 comments. He succeeded beyond anything the journalists or Snowden himself ever imagined (exploded [...]
Tomi Engdahl says:
Microsoft and Facebook sponsor Internet Bug Bounty program, offer cash for hacking the Internet stack
http://thenextweb.com/insider/2013/11/06/microsoft-facebook-sponsor-internet-bug-bounty-program-offer-cash-hacking-internet-stack/
Microsoft and Facebook today jointly launched a new initiative called the Internet Bug Bounty program. In short, the two companies are looking to secure the Internet stack by rewarding anyone and everyone who hacks it, and responsibly discloses any vulnerabilities they find.
The minimum bounty for hacking any component of the Internet is $5,000. Here are the requirements for discovered security holes:
Be widespread: vulnerability manifests itself across a wide range of products, or impacts a large number of end users.
Be vendor agnostic: vulnerability is present in implementations from multiple vendors or a vendor with dominant market share.
Be severe: vulnerability has extreme negative consequences for the general public.
Be novel: vulnerability is new or unusual in an interesting way.
Tomi Engdahl says:
Details Emerge of Potential Google Monitor in Europe
http://bits.blogs.nytimes.com/2013/11/06/details-emerge-of-potential-google-monitor-in-europe/
Wanted: A Google watchdog in Europe.
A 96-page description of the potential job emerged on Wednesday, giving a window into what Google faces if it signs the latest settlement offer from the European Commission and ends the long-running antitrust case against the company.
Tomi Engdahl says:
Edward Snowden leaks could help paedophiles escape police, says government
http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/10431337/Edward-Snowden-leaks-could-help-paedophiles-escape-police-says-government.html
Paedophiles and other criminals could benefit from the Guardian newspaper’s stories based on leaks by Edward Snowden, the High Court hears
Paedophiles may escape detection because highly-classified material about Britain’s surveillance capabilities have been published by the Guardian newspaper, the government has claimed.
The claims emerged as lawyers for the Home Office launched a hard-hitting defence against a legal challenge which is seeking to establish the partner of a Guardian journalist was wrongly detained at Heathrow airport in August.
Revealing the capabilities of MI5, MI6 and the government listening post GCHQ would make it easier for “terrorists to evade detection” and for “hostile foreign states to identify our intelligence officers and take steps against them”, said Mr Robbins.
“It is right that the police should take action when an individual is suspected of couriering highly sensitive material that is of use to terrorists and other actors who seek to undermine our freedoms,” said Mr Robbins’ statement.
“The Security Service believed that the onward transmission of the material posed a significant threat to UK national security.”
Tomi Engdahl says:
Furious Google techie on NSA snooping: ‘F*CK THESE GUYS’
‘Laws are for the little people’ groans saddened securo-bod
http://www.theregister.co.uk/2013/11/07/google_engineers_slam_nsa/
Eric Schmidt’s indignation over the NSA’s reported spying on links between Google’s data centres pales in comparison to the righteous indignation of his engineers.
The latest leaks from whistleblower Edward Snowden provide evidence that Google and Yahoo! data centre interconnects were being tapped by the NSA’s spies, as part of a program code-named MUSCULAR.
Both Yahoo! and Google are knowing participants in the NSA’s even more notorious PRISM web surveillance dragnet program.
But PRISM apparently wasn’t enough for the signals intelligence agency, hence its decision to use MUSCULAR to covertly hoover up any of the bits it might have missed by tapping into fibre-optic links leased or run by Google (and others) between its data centres.
All this is in addition to GCHQ’s Tempora program for wholesale collection of traffic through transatlantic fibre-optic cables and Bullrun – the bete noire of security professionals – which is the NSA’s effort to work with hardware and software technology vendors to weaken encryption standards and their underlying components.
Tomi Engdahl says:
Truly secure clouds? Possible but not likely say Georgia Tech boffins
And that’s before we hook up the Internet of Things
http://www.theregister.co.uk/2013/11/07/cloud_mobile_keep_sysadmins_awake_georgia_tech/
Georgia Tech has added itself to the chorus, nay, throng of voices warning that poorly-implemented cloud computing and the world of BYO mobile devices are threats to enterprise security.
In its Emerging Cyber Threats 2014 report, GT’s Information Security Center joins World+Dog in noting that the Snowden NSA whistle-blowing has concentrated minds wonderfully on the question “who’s reading my cloud?”
However, trying to secure what leaves the premises comes at a cost, says GTISC director Wenke Lee: “Encryption in the cloud often impacts data accessibility and processing speed. So we are likely to see increased debate about the tradeoffs between security, functionality and efficiency.”
Even if a company bites the bullet and encrypts everything going to the cloud services it has bought on contract with an enterprise provider, the report notes that employees’ individual use of “shadow” services like Dropbox, Box.com and Google’s sharing services can undermine that security
In the mobile space, GTISC points to the university’s own work on AppStore vetting bypasses and malicious chargers.
Tomi Engdahl says:
Robot Stock Exchange believes Twitter: The risk of major losses
Large enterprises have not understood how easily their Twitter accounts to be hijacked. Therefore, it can easily affect stock prices, security company F-Secure’s Chief Research Officer Mikko Hypponen warned. Courses react to the news before the people.
An example of this was in April, when the Syrians hackers hijacked the AP news agency’s Twitter account, and President Barack Obama’s tweeted wounded in the explosion at the White House. New York Stock Exchange Dow Jones Industrial Average index tumbled 130 points instantly.
If this is the case the media to the house, a victim can be sure to have the traditional business, Hypponen said. And social media account hijacking is not even difficult.
- It is definitely easier than any other firm breaking into the system, Hypponen said.
Attackers know the systems, because they use them themself.
And then just to spread false information.
The damage can occur faster than anyone understand what is going on. This was also the New York Stock Exchange plummeted in April.
Exchange Robots sold huge amounts of shares before any man had time to react to news of Obama’s bogus injury.
The algorithms of money doing it, that interprets the news of milliseconds before others.
The attacker data rates the rapid decline and subsequent rise is ideal. That means the shares discount sales.
The password for grabs
makes it easy to
The company’s Facebook or Twitter account as vulnerable as any man: it is the one at the back of your password.
- They are not just something fun accounts. They can really affect the reputation of the firm and the exchange rate, and they can be active against the attack.
Source: http://www.digitoday.fi/tietoturva/2013/11/07/porssirobotti-uskoo-twitteria-vaarana-suurvahinko/201315513/66?rss=6