Year 2013 will be year of cyber security. CNN expects more cyber wars this year. Cybercrime is on the rise, and last year we saw more and more computer virus attacks. Security company Kaspersky Lab warns of more new cyber-threats against enterprises and mobile devices. Cyber security also relates to mobile.
Security becomes an increasingly important issue. Year 2013 is the year of cyber security. Security company Stonesoft predicts we will face a more targeted launch cyber-attacks, cyber espionage and hactivism. Cyber security is the fastest growing trend in information security and its importance will increase in the future. According to Stonesoft the current security systems are unable to provide adequate protection against targeted attacks: we require proactive cyber protection and willingness to face the unknown threats.
Hacktivism will continue. According to article Anonymous: ‘Expect us 2013′ the hacking group boasted its cyberattacks against the U.S., Syrian, and Israeli governments in 2012. They are also warning people to continue to expect this type of activity.
SCADA security was hit hard in 2012. Some of the big manufacturers hit hard have learned their lessons and test their devices more now. But how are some smaller manufacturers security testing? Metasploit has special category for SCADA
devices. Good idea to test your devices against it.
There is still work to do on Cyber security standards and SCADA standards. For example in very widely used automation security standard IEC 61508 security is addresses only in informative way (NOT MANDATORY. IEC 62443-2-4: A Baseline Security Standard for Industrial Automation Control Systems is a good starting point when thinking on SCADA systems security.
Nowadays you need to think about SCADA system security more then some years ago. Previously, it was thought that it is sufficient to isolate factory process automation system from the office networks and the Internet. This is no longer enough. Nowadays you need to think about information security of production of automation systems. You can’t keep the automation systems isolated from Internet. Accidental connections to Internet from isolated networks happen. Malware can spread through USB memory sticks (Stuxnet did that). And nowadays there are more and more business reasons to connect process automation systems to other networks. So automations system do not anymore live in complete isolation from rest of the world.
Systems with SCADA vulnerabilities have become easier to find. Hackers tap SCADA vuln search engine article tells a search engine that indexes servers and other internet devices is helping hackers to find industrial control systems that are vulnerable to tampering. Search engine Shodan easily pinpoints shoddy industrial controls. Shodan makes it easy to locate internet-facing SCADA, or supervisory control and data acquisition, systems used to control equipment at gasoline refineries, power plants and other industrial facilities. The search engine can also be used to identify systems with known vulnerabilities. Shodan makes networks more vulnerable to brute-force attacks on passwords, many of which may still use factory defaults.
Thousands of SCADA Devices Discovered On the Open Internet article tells that there are all the time news of the continuing poor state of security for industrial control systems. The pair of researchers with found found not only devices used for critical infrastructure such as energy, water and other utilities, but also SCADA devices for HVAC systems, building automation control systems, large mining trucks, traffic control systems, red-light cameras and even crematoriums. Never underestimate what you can do with a healthy list of advanced operator search terms and a beer budget.
Researchers have also found crippling flaws in GPS receivers. Global Positioning System infrastructure critical to the navigation of a host of military and civilian technologies including planes, ships and unmanned drones. GPS system is also used to generate accurate clocks in SCADA system and smart grid devices. Researchers showed that they could permanently de-synchronise the date of Phasor Measurement Units used in smart grid and cause UNIX epoch rollover in a few minutes. The overall landscape of GPS vulnerabilities is startling.
Happy now? Mobiles, cloud, big data now ‘a growing security risk’ article tells that innovations in mobile and cloud computing, social technology and the use of “big data” present an emerging risk to organisations’ IT security, experts have warned. The European Network and Information Security Agency (ENISA), which is an EU advisory body, said that those technologies would increasingly provide the platform for “most of the innovation expected in the area of IT” and warned that with their emergence would come an associated increased cyber threat. ENISA warned that the threat stemming from mobile computing comes from the fact that mobile communications take place over “poorly secured … or unsecured channels”. The most significant threat stems from hackers inserting malicious software in website browser and other software available on mobile devices. Cyber criminals could also use the capabilities of cloud computing for their own gains, such as by storing malware in those systems and using the technology as a platform to launch attacks.
Drive-by downloads attacks against web browsers have become the top web threat. More specifically, attackers are moving into targeting browser plugins such as Java (Java exploits are the major cross-platform threat), Adobe Reader and Adobe Flash. The drive-by download attacks are almost exclusively launched through compromised legitimate websites which are used by attackers to host malicious links and actual malicious code. Exploits are sold for considerable amount of money and quickly included into exploit kits.
Africa’s Coming Cyber-Crime Epidemic article tells that last decade may have just been the first step in a looming African cyber-crime wave. Africa has the world’s fastest-growing middle class, whose members are increasingly tech-savvy and Internet connected and lax law enforcement is a perfect petri dish for increased cybercrime.
European wide cyber police started. EU’s new European Cybercrime Centre (EC3) was just opened few days ago. The facility will act as the “focal point” in the EU’s fight against cybercrime, against both businesses and private citizens. EC3 will act as a hub where crime-fighters can pool expertise and information, support criminal investigations and help develop and spread best practice. It will work with industry to develop threat assessments. It will work closely with the FBI and the US Secret service, in addition to other foreign agencies.
1,930 Comments
Tomi Engdahl says:
Kids ‘using coding skills to hack’ friends on games, expert says
http://www.bbc.co.uk/news/technology-21371609?ocid=socialflow_twitter_bbcworld
Children as young as 11 years old are writing malicious computer code to hack accounts on gaming sites and social networks, experts have said.
A report from antivirus company AVG detailed evidence of programs written to “steal” virtual currency.
The team examined closely one particular instance of code that masqueraded as a cheat program for gamers playing Runescape, an online title that has over 200 million signed-up players.
Runescape program screenshot This piece of software was used to steal data from gamers
The program, Runescape Gold Hack, promised to give the gamer free virtual currency to use in the game – but it in fact was being used to steal log-in details from unsuspecting users.
“We found that the malware was trying to steal the data from people and send it to a specific email address.
That email address belonged, Mr Ben-Itzhak said, to an 11-year-old boy in Canada.
Many schools around the world are changing education programmes in schools to teach children to code, rather than simply to use, computers.
“We cannot tell how many kids around the world are [writing malicious programs], but we believe there are more cases like this.
“You teach your children that you can’t take a toy without paying – so I think this type of a message needs to get to the kids when they’re writing software too.”
“We teach English, maths and science to all students because they are fundamental to understanding society,” she said.
“The same is true of digital technology. When we gain literacy, we not only learn to read, but also to write. It is not enough to just use computer programs.”
Tomi Engdahl says:
Software that tracks people on social media created by defence firm
http://www.guardian.co.uk/world/2013/feb/10/software-tracks-social-media-defence
Exclusive: Raytheon’s Riot program mines social network data like a ‘Google for spies’, drawing ire from civil rights groups
A multinational security firm has secretly developed software capable of tracking people’s movements and predicting future behaviour by mining data from social networking websites.
A video obtained by the Guardian reveals how an “extreme-scale analytics” system created by Raytheon, the world’s fifth largest defence contractor, can gather vast amounts of information about people from websites including Facebook, Twitter and Foursquare.
Raytheon says it has not sold the software – named Riot, or Rapid Information Overlay Technology – to any clients.
But the Massachusetts-based company has acknowledged the technology was shared with US government and industry as part of a joint research and development effort, in 2010, to help build a national security system capable of analysing “trillions of entities” from cyberspace.
Riot pulls out this information, showing not only the photographs posted onto social networks by individuals, but also the location at which the photographs were taken.
“We’re going to track one of our own employees,”
“We know where Nick’s going, we know what Nick looks like,” Urch explains, “now we want to try to predict where he may be in the future.”
The video shows that Nick, who posts his location regularly on Foursquare, visits a gym frequently at 6am early each week. Urch quips: “So if you ever did want to try to get hold of Nick, or maybe get hold of his laptop, you might want to visit the gym at 6am on a Monday.”
Mining from public websites for law enforcement is considered legal in most countries.
However, Ginger McCall, an attorney at the Washington-based Electronic Privacy Information Centre, said the Raytheon technology raised concerns about how troves of user data could be covertly collected without oversight or regulation.
“Social networking sites are often not transparent about what information is shared and how it is shared,” McCall said. “Users may be posting information that they believe will be viewed only by their friends, but instead, it is being viewed by government officials or pulled in by data collection services like the Riot search.”
Tomi Engdahl says:
Bit9 hacked after it forgot to install ITS OWN security product
Malware signed by stolen crypto certs then flung at big-cheese clients
http://www.theregister.co.uk/2013/02/11/bit9_hack/
IT security biz Bit9′s private digital certificates were copied by hackers and used to cryptographically sign malware to infect the company’s customers.
The software whitelisting firm’s certificates were swiped when its core systems were hacked last week. The intruders then signed malicious code and distributed it to the company’s corporate clients.
A number of Bit9′s customers were subsequently infected by the malware because the software was – thanks to the purloined certificates – regarded as safe by networks guarded by Bit9′s technology.
Bit9 said that its subsequent investigation discovered that three of its customers were affected by the illegitimately signed malware.
Bit9 admitted it had been hit by an advanced attack hours after posting a blog post titled “It’s the Same Old Song: Antivirus Can’t Stop Advanced Threats”.
“This incident is a classic example of why relying on one technology to protect your network can be so risky,” notes security consultant Brian Honan.
Honan says the attack aimed to exploit the confidence its client placed in Bit9 in much the same way that the attack against RSA Security was used in attempts to infiltrate the remote access systems of RSA SecurID two-factor authentication customers two years ago.
Tomi Engdahl says:
TIA task group exploring security measures for cabling systems
http://www.cablinginstall.com/articles/2013/february/tia-cabling-security-specs.html
Grant Seiffert, president of the Telecommunications Industry Association (TIA), authored an article titled “Protecting the Communications Infrastructure” that appeared in a recent issue of The CIP Report,
“One area currently facing security threats is cloud computing,” citing a National Institute of Standards and Technology (NIST) report identifying gaps for standards coverage related to the cloud. “In response to this report [U.S. Government Cloud Computing Technology Roadmap, Volume II – Useful Information for Cloud Adopters], TIA’s Engineering Committees are working on standards to close these security gaps,”
For example, TIA-942 “provides requirements and guidelines for several security-related subjects involving data centers, which serve as the engines of the cloud,” Seiffert reports. “This document includes security-related requirements and guidelines appropriate for data centers on the placement of telecommunications spaces, architectural considerations, signage, cable routing, access points, supporting equipment and site selection.”
Seiffert then explains that while the NIST report puts focus on data centers, “prudence would dictate that similar guidance apply to the physical security for other types of premises where cloud access is of particular importance … Accordingly, the Task Group on Network Security is not limiting the focus of the discussions to data centers.”
Furthermore, the group has pointed out installation guidelines in other existing standards—TIA-569 Telecommunications Pathways and Spaces, TIA-568-C.0 Generic Telecommunications Cabling for Customer Premises, TIA-568-C.1, Commercial Building Telecommunications Cabling Standard, and TIA-606 Administration Standard for Telecommunications Infrastructure—as examples of specifications that consider the protection of cabling infrastructure.
Tomi Engdahl says:
EU Data Protection: Proposed Amendments Written by US Lobbyists
http://blogs.computerworlduk.com/open-enterprise/2013/02/eu-data-protection-proposed-amendments-written-by-us-lobbyists/index.htm
It’s becoming clear that the lobbying around the proposed EU directive on Data Protection is some of the most intense ever seen – some activists have said it’s even worse than during ACTA, while on the US side there’s mutterings about starting a “trade war” if it’s passed in its present form.
the shocking truth: that MEPs are proposing amendments to the Data Protection proposal that are taken word for word from the lobbyists. Obviously, what’s worrying here is not the plagiarism, but the fact that measures designed to protect the European public are being stripped out and/or watered down by the very people we elected to defend us.
Tomi Engdahl says:
Not done yet: Oracle to ship revised Java fix on February 19
Addresses flaws left open after February 1 patch
http://www.theregister.co.uk/2013/02/12/oracle_february_java_fix_redux/
If at first you don’t succeed, and all that… Oracle now says the emergency Java Critical Patch Update it rushed out the door on February 1 didn’t fix all of the issues it had originally intended to address, and that a revised patch including fixes for the remaining flaws will ship on February 19.
February 19 had been the original date for the February patch, but Oracle opted to push it out on an accelerated schedule after discovering that exploits for some of the vulnerabilities it addressed were operating in the wild.
Tomi Engdahl says:
How thieves can use a smartphone’s accelerometer to unlock nearby gadgets
http://www.electronicproducts.com/Computer_Systems/Standalone_Mobile/How_thieves_can_use_a_smartphone_s_accelerometer_to_unlock_nearby_gadgets.aspx
Technology is pretty easy to use and surprisingly accurate
There are several different methods for unlocking a touchscreen device, ranging from the simple swipe across the screen to entering a numerical code in order to access the system’s apps. Regardless the method, they all involve one common element: hand motion.
This is proving to be a problem, you see, because today’s smartphone-supplied-accelerometers can actually observe and record the hand motion of an adjacent smartphone user, to allow a nearby thief the ability to more accurately guess the code used to unlock a particular gadget.
And it’s not a specific smartphone or tablet we’re talking about here: all major brands that feature this security feature are at risk.
“Practicality of Accelerometer Side Channels on Smartphones”,
From the team’s abstract:
Modern smartphones are equipped with a plethora of sensors that enable a wide range of interactions, but some of these sensors can be employed as a side channel to surreptitiously learn about user input. In this paper, we show that the accelerometer sensor can also be employed as a high-bandwidth side channel; particularly, we demonstrate how to use the accelerometer sensor to learn user tap and gesture-based input as required to unlock smartphones using a PIN/password or Android’s graphical password pattern. Using data collected from a diverse group of 24 users in controlled (while sitting) and uncontrolled (while walking) settings, we develop sample rate independent features for accelerometer readings based on signal processing and polynomial fitting techniques.
The sensor in question is the accelerometer that logs phone movements in three dimensions: up and down, side to side, and forward and back. It’s primarily used in games to steer or guide things like cars, balls, etc.
During the study, the team altered the component’s purpose to record the unlocking gesture movements of nearby gadget holders (sitting). They then developed a prediction model that showed the sensor was able to classify the PIN entered 43% of the time and pattern 73% of the time within 5 attempts when selecting from a test set of 50 PINs and 50 patterns.
Worth noting is that the accelerometer’s accuracy suffered when users walked around with the gadgets
Tomi Engdahl says:
Hackers hit TV broadcast: “The zombies rise from their graves”
Montanalainen TV channel KRTC Posted on Monday, Steve Wilkon the show, the news channel alarm suddenly went on.
“The dead are rising from their graves and go attack the living. Follow the on-screen instructions. Zombies are extremely dangerous,” a male voice said.
KRTC denied that the warning would come from them
Source: http://www.iltasanomat.fi/viihde/art-1288539621393.html
Tomi Engdahl says:
Montana TV warns of ZOMBIE ATTACK in epic prank hack
Cops: ‘Wait. What if … ?’
http://www.theregister.co.uk/2013/02/12/spoof_zombie_apocalypse_warning/
Pranksters managed to hack a TV emergency alert system in Montana on Monday to broadcast an on-air audio warning about the supposed start of a zombie apocalypse.
KRTV quickly repudiated the statement and launched an investigation into the incidents, which it blames on as yet unidentified hackers.
“Someone apparently hacked into the Emergency Alert System and announced on KRTV and the CW that there was an emergency in several Montana counties. This message did not originate from KRTV, and there is no emergency,” the CBS affiliate station said in a short statement on the incident.
“Our engineers are investigating to determine what happened and if it affected other media outlets.”
US Motorway signs have been hacked to warn of “zombies ahead” and similar incidents before but the epic KRTV hack takes this to another level.
Tomi says:
Everything You Know About Password-Stealing Is Wrong
http://it.slashdot.org/story/13/02/12/1333249/everything-you-know-about-password-stealing-is-wrong
“An article by some Microsofties in the latest issue of Computing Now magazine claims we have got passwords all wrong. When money is stolen, consumers are reimbursed for stolen funds and it is money mules, not banks or retail customers, who end up with the loss.”
“Stealing passwords is easy, but getting money out is very hard. Passwords are not the bottleneck in cyber-crime and replacing them with something stronger won’t reduce losses.”
Tomi Engdahl says:
Is Everything We Know About Password Stealing Wrong?
http://research.microsoft.com/pubs/161829/EverythingWeKnow.pdf
Federal Reserve Regulation E guarantees that US consumers are made whole when their bank passwords are stolen. The implications lead us to several interesting conclusions.
First, emptying accounts is extremely hard: transferring money in a way that is irreversible can generally only be done in a way that cannot later
be repudiated.
Since password-enabled transfers can always be repudiated this explains the importance of mules, who accept bad transfers and initiate good ones.
This suggests that it is the mule accounts rather than those of victims that are pillaged.
We argue that passwords are not the bottle-neck, and are but one, and by no means the most important, ingredient in the cyber-crime value chain. We show that, in spite of appearances, password-stealing is a bad business proposition.
Tomi Engdahl says:
U.S. said to be target of massive cyber-espionage campaign
http://www.washingtonpost.com/world/national-security/us-said-to-be-target-of-massive-cyber-espionage-campaign/2013/02/10/7b4687d8-6fc1-11e2-aa58-243de81040ba_story.html
A new intelligence assessment has concluded that the United States is the target of a massive, sustained cyber-espionage campaign that is threatening the country’s economic competitiveness, according to individuals familiar with the report.
The National Intelligence Estimate identifies China as the country most aggressively seeking to penetrate the computer systems of American businesses and institutions to gain access to data that could be used for economic gain.
The report, which represents the consensus view of the U.S. intelligence community, describes a wide range of sectors that have been the focus of hacking over the past five years, including energy, finance, information technology, aerospace and automotives, according to the individuals familiar with the report, who spoke on the condition of anonymity about the classified document. The assessment does not quantify the financial impact of the espionage, but outside experts have estimated it in the tens of billions of dollars.
Cyber-espionage, which was once viewed as a concern mainly by U.S. intelligence and the military, is increasingly seen as a direct threat to the nation’s economic interests.
Tomi Engdahl says:
Watching porn is bad for your smartphone
http://money.cnn.com/2013/02/11/technology/security/smartphone-porn/
We’re not making any moral judgments here. But it is definitively a bad idea to visit pornography sites on your smartphone or tablet.
Nearly one-quarter of malware on mobile devices comes from porn websites, according to a new study from Blue Coat, a Web security and optimization company.
Mobile users don’t check out porn sites often — less than 1% of all mobile traffic is pornography. But when they do go to those sites, the risk of inadvertently downloading malware to their devices increases three-fold. That makes watching porn on smartphones a far bigger threat than viewing porn on a PC.
Porn led to more malware on smartphones and tablets than e-mail spam, malicious websites, and fake apps combined.
“When you click a link on a mobile phone, it’s harder to know what form of Russian roulette they’re playing.”
Tomi Engdahl says:
Android becoming mobile malware magnet, says report
http://www.zdnet.com/android-becoming-mobile-malware-magnet-says-report-7000011197/
Summary: As for the breakdown of Android malware, Blue Coat noted 58 percent was Android root exploits and rogue software.
The Android platform is becoming a key mobile target for cybercriminals, who are getting much more efficient with their malware, according to a Blue Coat Systems report.
In a mobile malware report, Blue Coat notes that Android is a popular target.
As for the breakdown of Android malware, Blue Coat noted 58 percent was Android root exploits and rogue software. Android malware via malnets—networks designed to deliver malicious payloads—was 40 percent of the total.
The Android malware issue is increasingly a buzz kill for the enterprise. CXOs are balking at having to support multiple flavors of Android and have largely focused on Apple’s iOS for their bring your own device policies.
Another notable nugget from the Blue Coat report was that pornography is a key threat vector on mobile devices. The catch is mobile users go to porn sites less than 1 percent of the time.
Tomi Engdahl says:
The device that caused the power outage at Super Bowl
http://www.electronicproducts.com/Analog_Mixed_Signal_ICs/Power_Management/The_device_that_caused_the_power_outage_at_Super_Bowl.aspx
Following investigation, experts able to pinpoint component responsible for blackout
Cyberterrorism. Beyoncé. A disgruntled San Francisco 49ers fan. They each held the spotlight this past week as everyone speculated what caused the blackout during the second half of this year’s Super Bowl matchup between the Baltimore Ravens and San Francisco 49ers in New Orleans.
The actual cause of the power outage? A relay. That’s right — the component meant to protect power going to the Superdome from cable failure was, in fact, the very source of this enormous catastrophe.
New Orleans-based Entergy Corporation took blame for the incident, though they couldn’t exactly put a finger on what caused the relay to go down. This isn’t much of a surprise since devices like this do fail fairly often according to Shabab Mehraeen, an assistant professor of electrical engineering at Louisiana State University
Tomi Engdahl says:
The White House
Office of the Press Secretary
For Immediate Release
February 12, 2013
Executive Order — Improving Critical Infrastructure Cybersecurity
http://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity
Tomi Engdahl says:
Controversial cyber bill CISPA returns to Congress for debate, same as before
http://www.theverge.com/2013/2/13/3984442/cispa-back-in-congress
Tomi Engdahl says:
President Obama’s Cybersecurity Executive Order Scores Much Better Than CISPA On Privacy
http://www.forbes.com/sites/andygreenberg/2013/02/12/president-obamas-cybersecurity-executive-order-scores-much-better-than-cispa-on-privacy/
With the reintroduction of the much-maligned Cyber Intelligence Sharing and Protection Act scheduled for the day after the State of the Union, the House of Representatives may have hoped the President’s own cybersecurity initiative would divert some of the attention away from the controversial legislation known as CISPA. Instead, the White House’s long-awaited executive order on cybersecurity is actually scoring points with the privacy advocates–and putting CISPA in a worse light than ever.
President Obama released a long-awaited cybersecurity executive order Tuesday night along with his fifth State of the Union address, outlining new policies aimed at stemming the tide of cyberespionage on American companies and government agencies, as well as shoring up the defenses for American critical infrastructure vulnerable to cyberattacks.
Much of the executive order focuses on enabling government agencies to share information about cybersecurity threats with the private sector. That means the Department of Homeland Security and the Director of National Intelligence will share unclassified threat data with companies that might be vulnerable to attackers, and also share classified information with operators of critical infrastructure–what the order defines as “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact” on the nation’s security, economy, health or safety.
But while the order allows the sharing of government data with the private sector, the data sharing doesn’t flow back the other way. That means the order, unlike CISPA, doesn’t raise the hackles of privacy groups that have protested that CISPA could grant immunity to private sector firms who want to share their user’s personal information with the government.
Tomi Engdahl says:
Hackers can easily breach Emergency Alert Systems
http://news.cnet.com/8301-1009_3-57569322-83/hackers-can-easily-breach-emergency-alert-systems/
Security researchers warn that many emergency alert system devices used by radio and TV stations are susceptible to cyberattacks, which could cause widespread panic.
Hackers broke into several television stations’ Emergency Alert Systems this week and broadcast that zombies were “rising from their graves” and “attacking the living.”
While a comical hoax, security consultancy firm IOActive warns that this type of behavior is dangerous and not that hard for hackers to do, according to Computerworld. This week it’s zombies, but next time it could be something that might make people really panic, such as an anthrax or terrorist attack.
IOActive says that devices used by TV and radio stations to air emergency alerts have critical vulnerabilities that make them susceptible to cyberattacks. If these devices are breached, hackers could feasibly broadcast anything they like to millions of viewers and listeners.
“We found some devices directly connected to the Internet and we think that it’s possible that hackers are currently exploiting some of these vulnerabilities or some other flaws,” chief technology officer of IOActive Cesar Cerrudo told Computerworld.
The hacker that got into the television stations’ systems for the zombie hoax reportedly used a “back door” attack.
Tomi Engdahl says:
Charge your smartphone, become a cyberspy
http://news.cnet.com/8301-17852_3-57568765-71/charge-your-smartphone-become-a-cyberspy/
It seems that some in the U.S. Army garrison in South Korea charge their smartphones using government computers. This is something of a cybersecurity oopsie.
There’s just never enough battery life on your smartphone, is there?
Now, efficiency is very important to the Army. Which means it’s always tempting to charge a smartphone by plugging it into a computer.
The small drawback at a U.S. Army outpost is that these would be government computers. Which may have all sorts of secrets within, some that Julian Assange has never seen or even heard of.
As the U.S Army itself informs us on its Web site, these heedless smartphone owners have become the most virulent cybersecurity violators in the whole of South Korea.
You see, in a recent seven-day period alone, there were 129 such cyberviolations detected by the Korea Theater Network Operations Center.
Most apparently charge up innocently. It’s a reflex reaction, like not thinking straight.
As Lt. Col Mary M. Rezendes, 1st Signal Brigade operations officer-in-charge, said of these scofflaws: “They don’t realize that computers recognize their phones as hard drives and that their software puts our network at risk.”
Perhaps the U.S. Army might provide special charging stations, so that confusion can be kept at a minimum.
Tomi Engdahl says:
Welcome to the Malware-Industrial Complex
http://www.technologyreview.com/news/507971/welcome-to-the-malware-industrial-complex/
The U.S. government is developing new computer weapons and driving a black market in “zero-day” bugs. The result could be a more dangerous Web for everyone.
Every summer, computer security experts get together in Las Vegas for Black Hat and DEFCON, conferences that have earned notoriety for presentations demonstrating critical security holes discovered in widely used software. But while the conferences continue to draw big crowds, regular attendees say the bugs unveiled haven’t been quite so dramatic in recent years.
One reason is that a freshly discovered weakness in a popular piece of software, known in the trade as a “zero-day” vulnerability because the software makers have had no time to develop a fix, can be cashed in for much more than a reputation boost and some free drinks at the bar. Information about such flaws can command prices in the hundreds of thousands of dollars from defense contractors, security agencies and governments.
This trade in zero-day exploits is poorly documented, but it is perhaps the most visible part of a new industry that in the years to come is likely to swallow growing portions of the U.S. national defense budget, reshape international relations, and perhaps make the Web less safe for everyone.
Zero-day exploits are valuable because they can be used to sneak software onto a computer system without detection by conventional computer security measures, such as antivirus packages or firewalls.
Since then, more Stuxnet-like malware has been uncovered, and it’s involved even more complex techniques (see “The Antivirus Era Is Over”). It is likely that even more have been deployed but escaped public notice.
“On the one hand the government is freaking out about cyber-security, and on the other the U.S. is participating in a global market in vulnerabilities and pushing up the prices,” says Soghoian
Exploits for mobile operating systems are particularly valued, says Soghoian, because unlike desktop computers, mobile systems are rarely updated. Apple sends updates to iPhone software a few times a year, meaning that a given flaw could be exploited for a long time. Sometimes the discoverer of a zero-day vulnerability receives a monthly payment as long as a flaw remains undiscovered. “As long as Apple or Microsoft has not fixed it you get paid,” says Soghioan.
No law directly regulates the sale of zero-days in the United States or elsewhere, so some traders pursue it quite openly. A Bangkok, Thailand-based security researcher who goes by the name “the Grugq” has spoken to the press about negotiating deals worth hundreds of thousands of dollars with government buyers from the United States and western Europe. In a discussion on Twitter last month, in which he was called an “arms dealer,” he tweeted that “exploits are not weapons,” and said that “an exploit is a component of a toolchain … the team that produces & maintains the toolchain is the weapon.”
Large contractors are hiring many people with computer security skills, and some job openings make it clear there are opportunities to play more than just defense.
“Every country makes weapons: unfortunately, cyberspace is like that too,” says Sujeet Shenoi, who leads the U.S.-government-sponsored Cyber Corps Program at the University of Tulsa. His program trains students for government jobs defending against attacks, but he fears that defense contractors, also eager to recruit these students, are pushing the idea of offense too hard.
Tomi Engdahl says:
Thanks, Adobe. Protection for critical zero-day exploit not on by default
http://arstechnica.com/security/2013/02/thanks-adobe-protection-for-critical-zero-day-exploit-not-on-by-default/
Reader protected view: Like car airbags that work only if owners flip a switch.
The recently discovered zero-day attacks targeting critical vulnerabilities in Adobe’s ubiquitous Reader application are able to bypass recently added security defenses unless end users manually make changes to default settings, company officials said.
According to an advisory Adobe published Wednesday night, the “protected view” feature prevents the current attacks from working—but only if it’s manually enabled. To turn it on, access Preferences > Security (Enhanced) and then check the “Files from potentially unsafe locations,” or even the “All files” option. Then click OK. There’s also a way for administrators to enable protected view on Windows machines across their organization.
Tomi Engdahl says:
Spammers unleash DIY phone number slurping web tool
http://www.theregister.co.uk/2013/02/14/phone_harvesting_service_creates_spam_menace/
Mobile spammers have released a DIY phone number harvesting tool, but instead of advertising it solely on criminals-only online hangouts, they’re trying to flog it out in the open.
A new version of the phone number harvesting tool crawls the web and indexes mobile numbers, phone ID numbers, the names of the owner, and the associated mobile operator – among other information. Users of the tool can choose which country they want to target.
The harvested information is later used for various malicious and fraudulent purposes.
“Cybercriminals and spammers are not strangers to the concept of market segmentation,”
“Just like true marketers, the developer of the tool has included the option to choose a specific region within the available countries, with the idea to assist in the inevitable malicious and fraudulent activity that will result from this phone number harvesting activity.”
The DIY phone number harvesting tool is an example of a wider trend of selling tools that once were exclusively available to sophisticated cybercriminals to less elite cybercrooks though underground forums
Tomi Engdahl says:
Security sector is not a savior for Finland
Security-sector salary is less than expected for new professionals. Demand is now mainly for specific specialist.
“Review of information security professionals need to be clearly exaggerated. Cuber-threads are to slow to change to jobs “, says Timo Kotilainen from information security consulting company Nixu
“If cyber threads would not be so on the surface, security, save more. The world is so serious events, especially in international companies that have had a dilemma, “network security appliances, the CEO of Stonesoft Ilkka Hiidenheimo says.
Security companies employ Finland, Technology Industries of study, 2, 000 people. It does not include other fields that work with security.
Source: http://www.3t.fi/artikkeli/uutiset/tyoelama/tietoturva_alasta_ei_olekaan_pelastajaksi
Tomi Engdahl says:
Security Advisory for Adobe Reader and Acrobat
https://www.adobe.com/support/security/advisories/apsa13-02.html
Adobe has identified critical vulnerabilities (CVE-2013-0640, CVE-2013-0641) in Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier for Windows and Macintosh, and Adobe Reader 9.5.3 for Linux. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.
Users of Adobe Reader XI and Acrobat XI for Windows can protect themselves from this exploit by enabling Protected View. To enable this setting, choose the “Files from potentially unsafe locations” option under the Edit > Preferences > Security (Enhanced) menu.
Mitigate the Adobe Reader/Acrobat XI Vulnerability
http://www.f-secure.com/weblog/archives/00002502.html
Users can protect themselves by enabling “Protected View”.
Adobe recommends choosing the “Files from potentially unsafe locations” option, but to be frank, we suggest you select “All files”.
No patch yet for Adobe PDF exploits – Adobe suggests a workaround; Mac and Linux users need not apply
http://nakedsecurity.sophos.com/2013/02/14/no-patch-yet-for-pdf-exploits/
Even the new and improved security features in the latest version, Reader XI, aren’t enough to head this one off at the pass, at least by default.
If you do get attacked, it might not immediately be obvious.
There is a mitigation, but you’ll need to upgrade to XI if you’re not there already, and it’s for Windows only. It won’t work on your Mac or your Linux box.
What you do to defend yourself, says Adobe, is to turn on Protected View
On Linux, you’re stuck back at Reader 9, which doesn’t have the security mitigations that were introduced for Windows and Macintosh in Reader X and XI.
You might consider switching to a different PDF reader on Linux, at least temporarily
Tomi Engdahl says:
“Frost” Attack Unlocks Android Phones’ Data By Chilling Their Memory In A Freezer
http://www.forbes.com/sites/andygreenberg/2013/02/14/frost-attack-unlocks-android-phones-data-by-chilling-its-memory-in-a-freezer/
A pair of researchers at Erlangen University in Germany have shown that a trick known as a “cold boot attack” can read data from a Samsung Galaxy Nexus running the latest version of Android, even when the phone is protected by a PIN and has its storage disk encrypted.
The attack, which was first shown on PCs in 2008 but has never before been applied to mobile devices, takes advantage of an effect known as the “remanence,” the lingering information that remains for a few moments in a device’s memory even when a power source has been removed. The colder the memory, the longer that information lingers. “RAM doesn’t lose its content immediately,” says Mueller. “If it’s 30 degrees celsisus, it’s lost in one or two seconds. But if you cool the phone, the contents are lost in five or six seconds. That gives us enough time to reboot the phone and access the memory.”
the researchers can access all data stored in RAM. Given that phones are rarely switched off, that often contains a significant cache of sensitive personal data, the researchers point out.
Mueller says there are no easy defenses against the attack, other than turning a phone off before it’s out of the owner’s possession. Rebooting a phone more often may also leave less sensitive data in its memory.
Tomi Engdahl says:
The result of pinging all the Internet IP addresses
http://www.securityartwork.es/2013/02/07/the-result-of-pinging-all-the-internet-ip-addresses/?lang=en
In the previous post we considered the theoretical cost and feasibility of scanning all Internet IP addresses and it resulted to be very low. Therefore, we decided to conduct a little experiment: see if it was possible to scan the entire Internet, of course without doing anything harmful.
Ping overall results answered: 284,401,158 IP addresses responded to the ping, i.e. 7% of systems.
We can see that many networks do not answer anything, mainly because they are reserved networks. Also, there are blocks with many IPs answering.
Obviously from the number of answers it is not possible to draw conclusions about the density of IP population, as they may be conveniently filtered.
This experiment is a proof of concept of how easy it is to make a global action against all Internet, with almost no cost, short time and basic knowledge. We can see that it would be possible to scan a TCP port, or even do some intrusion attack globally (always stateless), for which any UDP attack could be very effective (as it did with slammer). In any case these actions are and would be considered as attacks, so as expected we will not go further and evolve this project.
Probed that IPv4 is really small, we have another argument to answer the usual question: Why would somebody want to attack me?
Although the experiment has been the most innocuous and harmless we could thought about, during the experiment we have received some complaints from organizations related to the the scan. However, taking into account the number of “attacked” sites, the complaints have been few and the hosting provider that received the pings acted in any case time communicating the complaint after the end of the experiment, which shows that such a global attack would be really unstoppable.
Tomi Engdahl says:
Taiwan Easycard: Risks and rewards of your life on one card
http://www.bbc.co.uk/news/technology-21410362
Beep, and a smart card gets you on a bus.
Beep, and the same card opens your office door. Beep, and you buy your coffee at a corner shop. Beep, you pay for parking, open the exit gate. Beep, check out a library book.
Beep. Beep. Beep. At school or university, the card becomes your ID.
As Taiwan’s capital, Taipei, wakes and the sunlight strikes its skyscrapers, the members of one family make sure their wallets contain one important thing – Easycard.
“We really can’t go about without it, all our life depends on it,”
Taiwan introduced its smart card – equipped with radio frequency identification (RFID) tag – in 2002, following the examples of Hong Kong, Japan and Singapore.
Taiwan, pupil Students in many Taipei schools have ID cards integrated with Easycard
“Your daughter is safely at school,” reads a text message sent to Mrs Tsai.
As soon as Chelsea touches her Easycard to a sensor at the entrance to the school, her mother receives a message.
So how does it feel – being able to control so many aspects of your life with just one card?
“It’s convenient – this way we don’t have such a fat wallet,” says Mr Huang.
The first generation of the card is the most popular – with nine million cards actively used every year – and it stores no personal information, says Mr Chang.
When the owner registers the card, his or her name is encrypted and stored in a centralised back-end system – not on the card itself.
But there are also privacy concerns, says Prof Shey-shi Lu, of National Taiwan University.
In a couple of years, says Mr Chang, you might need just one card to travel around Asia.
Tomi Engdahl says:
Internet of things: Should you worry if your jeans go smart?
http://www.bbc.co.uk/news/business-15004063
What if those new jeans you’ve just bought start tweeting about your location as you cross London Bridge?
It sounds far-fetched, but it’s possible – if one of your garments is equipped with a tiny radio-frequency identification device (RFID), your location could be revealed without you knowing about it.
This technology is just one of the current ways of allowing physical objects to go online – a concept dubbed the “internet of things”, which industry insiders have shortened to IoT.
“A typical city of the future in a full IoT situation could be a matrix-like place with smart cameras everywhere, detectors and non-invasive neurosensors scanning your brain for over-activity in every street,” says Rob van Kranenburg, a member of the European Commission’s IoT expert group.
“The IoT challenge is likely to grow both in scale and complexity as seven billion humans are expected to coexist with 70 billion machines and perhaps 70,000 billion ‘smart things’, with numbers infiltrating the last redoubts of personal life,” says Gerald Santucci, head of the networked enterprise and RFID unit at the European Commission.
“In such a new context, the ethical worries are manifold: to what extent can surveillance of people be accepted? Which principles should govern the deployment of the IoT?”
Another way to make things smarter is by embedding sensors in them and sending data online via a wireless low-power technology called Zigbee.
IBM is doing just that – its project that remotely monitors the environment that could affect the health of elderly people in Bolzano, Italy, extended caretaker supervision with sensors embedded all over the patients’ homes, providing round-the-clock peace of mind not only for the patients but for their families too.
Cars are rapidly becoming smart, too.
Toyota, for instance, has always been one of the frontrunners in telematics – and now it has decided to team up with Salesforce.com to allow cars to chat to their drivers on a private social network.
Tomi Engdahl says:
Facebook’s Never Had A Big User Data Breach, But May Never Recover When It Does
http://techcrunch.com/2013/02/16/facehacked/
It’s not if, but when. Between crooks, hackers and foreign governments, Facebook probably can’t avoid a serious user data breach forever. When it happens, Facebook may never be able to quiet fears that “personal data isn’t safe there.” That could cause a chilling effect on sharing, jeopardize its future in commerce, and cut short its lifetime.
Yesterday, though, Facebook announced something very unsettling. A “sophisticated attack” uploaded malware onto the computers of several Facebook engineers when they visited a hacked mobile developer site. Facebook quickly quarantined and scrubbed the devices
So far, there’s been no evidence that any user data had been compromised.
Regardless, it was a very close call.
To date, Facebook has managed to keep what is possibly the world’s largest repository of private information from falling into the wrong hands. Its fellow social networks haven’t been as successful. Twitter most recently saw 250,000 accounts accessed by hackers, and last year the passwords for 6.5 million LinkedIn accounts were stolen and published online.
It’s the psychological damage to Facebook’s brand that will be the real killer. The world’s news outlets would be all over a breach.
The world will know, and the fear will sweep across the news feed. Quick to jump to the worst conclusions and re-share sensational stories, Facebook will be filled with people advising friends to cease sharing, pull out all their data, and shut down their accounts. Most won’t go that far, but the looming worry that nothing is safe on Facebook will permeate the world population and slam its stock price.
Facebook already struggles to fight a perception that it creeps on people’s data, and that its privacy controls are so confusing that people accidentally expose their own information. The emergence of vulnerability to outside attack will compound these issues.
Tomi Engdahl says:
Protecting People On Facebook
https://www.facebook.com/notes/facebook-security/protecting-people-on-facebook/10151249208250766
Facebook, like every significant internet service, is frequently targeted by those who want to disrupt or access our data and infrastructure. As such, we invest heavily in preventing, detecting, and responding to threats that target our infrastructure, and we never stop working to protect the people who use our service. The vast majority of the time, we are successful in preventing harm before it happens, and our security team works to quickly and effectively investigate and stop abuse.
Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack. This attack occurred when a handful of employees visited a mobile developer website that was compromised. The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops. The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day.
After analyzing the compromised website where the attack originated, we found it was using a “zero-day” (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware. We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability.
Tomi Engdahl says:
Brace for MORE ZOMBIE ATTACK ALERT pranks, warns security bod
Passwords left on default, kit facing the web, and worse
http://www.theregister.co.uk/2013/02/18/eas_vulns/
Vulnerabilities in America’s TV emergency alert system – exploited last week by pranksters to put out fake warnings of a zombie apocalypse – remain widespread, it is claimed. And that’s after station bosses remember to change the default passwords on their broadcast equipment.
Mischievous miscreants managed to hack into a television station’s emergency alert system in Montana to broadcast an on-air audio warning about the end of the world.
The attack on KRTC’s equipment was repeated in other three states: two stations were electronically broken into in Michigan as well as several others in California, Montana and New Mexico, according to Karole White, president of the Michigan Association of Broadcasters. “It isn’t what [the pranksters] said,” White said. “It is the fact that they got into the system.”
It is understood the hacks were possible because the TV stations had failed to change the default passwords on kit facing the public internet.
An advisory sent by regulators at the FCC to broadcasters urged IT bosses to take immediate action to correct the problem
Reuters reports that an alert controller box from Monroe Electronics had been abused to carry out at least some of the apocalypse pranks.
Meanwhile, researchers at IOActive Labs discovered a substantial number of insecure emergency alert system devices directly connected to internet, making it possible for hackers to exploit holes in attacks that go beyond pure mischief.
Tomi Engdahl says:
Emergency Alert System hacking incident being investigated
http://www.krtv.com/news/emergency-alert-system-hacking-incident-being-investigated/
An illegal intrusion into the nation’s Emergency Alert System (EAS) is being investigated.
During Monday’s cyber-attack, at least four television stations were the victims of a hoax after hackers broke into their EAS equipment.
The stations were WBKP and WNMU in Marquette, Michigan; KNME/KNDM in Albuquerque, New Mexico; and KRTV in Great Falls, Montana.
the intrusion is a very serious federal offense and is being investigated by the FCC and the FBI.
Tomi Engdahl says:
Security mistakes can destroy IT company business in Finland:
Employee compensation costs (EUR 160 000 in damages) resulting from porn surfing and information security failings threw energy company owned IT company Enerit to end it’s business. The owner companies also decided to end development services purchase from Enerit.
The Court of Appeal, the man threatened the company’s energy security by downloading Korpelan power computers illegal files and programs, such as pornography. Enerit took care of the Korpela energy company security issues since 2006. It’s a worker broke many security provisions. Among other things, the firewall was set to too broad a licenses for outside users. Poor security because of threats of the entire electrical distribution and control. Also other companies could gain access to customer data.
Sources:
http://yle.fi/uutiset/pornosurffailu_kaatoi_eneritin_konkurssiin/6498521
http://www.tietoviikko.fi/kaikki_uutiset/yle+tyontekija+holmoili+suomalaisen+itfirman+konkurssiin/a879967?s=r&wtm=tietoviikko/-18022013&
Tomi Engdahl says:
NOW: American firms hacked traced to the Chinese military headquarters
U.S. and Chinese relations threaten to deteriorate further, as a U.S. security company has found evidence of Chinese military extensive computer hacking. Hacking is specifically targeted at the United States.
American security company says it had strong evidence of the Chinese army’s participation in computer hacking. In the global information security specialist Mandiant company plans to publish an extensive report on the matter today.
According to the report a number of hacker attacks in the United States who have done work in the same 12-story building on the outskirts of Shanghai. The building is a secret Chinese military unit 61398′s headquarters.
Chinese Embassy strongly disputes the computer hacking in an interview and says it is an illegal activity.
Source: http://yle.fi/uutiset/nyt_amerikkalaisfirmojen_hakkeroijat_jaljitettiin_kiinan_armeijan_paamajaan/6501701
Tomi Engdahl says:
Chinese Army Unit Is Seen as Tied to Hacking Against U.S.
http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?hp&_r=1&
On the outskirts of Shanghai, in a run-down neighborhood dominated by a 12-story white office tower, sits a People’s Liberation Army base for China’s growing corps of cyberwarriors.
The building off Datong Road, surrounded by restaurants, massage parlors and a wine importer, is the headquarters of P.L.A. Unit 61398. A growing body of digital forensic evidence — confirmed by American intelligence officials who say they have tapped into the activity of the army unit for years — leaves little doubt that an overwhelming percentage of the attacks on American corporations, organizations and government agencies originate in and around the white tower.
“Either they are coming from inside Unit 61398,” said Kevin Mandia, the founder and chief executive of Mandiant, in an interview last week, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”
Tomi Engdahl says:
APT1: Exposing One of China’s Cyber Espionage Units
This report is focused on the most prolific cyber espionage group Mandiant tracks: APT1. This single organization has conducted a cyber espionage campaign against a broad range of victims since at least 2006.
http://intelreport.mandiant.com/
Tomi Engdahl says:
Chinese Army Unit Is Seen as Tied to Hacking Against U.S.
http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?pagewanted=all&_r=0
But the most troubling attack to date, security experts say, was a successful invasion of the Canadian arm of Telvent. The company, now owned by Schneider Electric, designs software that gives oil and gas pipeline companies and power grid operators remote access to valves, switches and security systems.
Telvent keeps detailed blueprints on more than half of all the oil and gas pipelines in North and South America, and has access to their systems. In September, Telvent Canada told customers that attackers had broken into its systems and taken project files. That access was immediately cut, so that the intruders could not take command of the systems.
“This is terrifying because — forget about the country — if someone hired me and told me they wanted to have the offensive capability to take out as many critical systems as possible, I would be going after the vendors and do things like what happened to Telvent,“ Mr. Peterson of Digital Bond said. “It’s the holy grail.”
Mr. Obama alluded to this concern in the State of the Union speech, without mentioning China or any other nation. “We know foreign countries and companies swipe our corporate secrets,” he said. “Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air-traffic control systems. We cannot look back years from now and wonder why we did nothing.”
“Right now there is no incentive for the Chinese to stop doing this,” said Mr. Rogers, the House intelligence chairman. “If we don’t create a high price, it’s only going to keep accelerating.”
Tomi Engdahl says:
Facebook Hacks Points to Much Bigger Threat for Mobile Developers
http://www.ibtimes.co.uk/articles/436476/20130218/facebook-hack-signals-much-larger-problem-mobile.htm
The “sophisticated attack” on Facebook revealed last week could indicate a much larger threat to mobile developers according to one security expert.
Sean Sullivan, security advisor at Finnish security company F-Secure has examined the attack on Facebook drawing some worrying conclusions for mobile app developers who may be the target of similar attacks in coming days, weeks and months.
Sullivan believes that far from being a problem for Facebook, this attacks points to a much larger problem for mobile app developers whose systems could easily be compromised resulting in thousands if not millions of apps being compromised.
The attack vector was a mobile developer’s website which a number of Facebook engineers visited on their laptops, with malware being downloaded in the background and infecting the machines.
Facebook did admit that the exploit used took advantage of a zero-day vulnerability in Java, but Sullivan had a more interesting question to ask: “What malware on what type of laptop?”
Sullivan says F-Secure received new Mac malware samples to analyse late on Friday night, hours after the Facebook hack was announced.
These samples were uploaded to VirusTotal, a free online virus and malware scanner, on 31 January which was the day before Twitter was hacked and 250,000 of its accounts compromised.
“There’s a Mac threat out there and most Mac users are completely unaware of it. They have a false sense of security,”
Sullivan has this advice for mobile app developers:
“Any developer who has Java enabled in his browser, has visited mobile developer websites in the last couple of months, and finds evidence his computer is compromised – probably should use his source code versioning system to check recent commits.”
Tomi Engdahl says:
Google Engineers Found More Than Half of Microsoft’s Bugs
http://www.tomsguide.com/us/Google-Engineers-Microsofts-Bugs-Windows,news-16778.html
ZoomGoogle engineers are responsible for discovering more than half of the bugs addressed in Microsoft’s latest update.
Two engineers found 32 of the 57 bugs.
“Keeping Internet users safe is about more than just making sure our own products are secure. We frequently report flaws we discover while testing our products and services on various platforms. Reporting bugs to software vendors in a responsible manner is part of a healthy security community.”
Tomi Engdahl says:
Security firm releases screen capture video of alleged Chinese military hackers at work
http://thenextweb.com/asia/2013/02/19/security-firm-releases-screen-videos-of-chinese-hackers-at-work/
Security firm Mandiant has released a damning report offering unprecedented evidence, including screen capture video, of the actions of an alleged Chinese military-backed hacking group.
More specifically, the group is believed to be the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department, also known as Unit 61398.
While Chinese officials have dismissed the claims of state-sponsored hacking as “groundless”, numerous media organizations, including Bloomberg and The Wall Street Journal, and companies have come forward to state that they faced similar attacks.
Tomi Engdahl says:
US security firm alleges massive Chinese hacking
http://www.google.com/hostednews/ap/article/ALeqM5gqGzo86yXzI9q8-HN1zYXx7QVgog
China has frequently been accused of hacking, but the report by Virginia-based Mandiant Corp. contains some of the most extensive and detailed accusations to date linking its military to a wave of cyberspying against U.S. and other foreign companies and government agencies
“It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively,” it said.
China’s Foreign Ministry dismissed the report as “groundless,” and the Defense Ministry denied any involvement in hacking attacks.
“To make groundless accusations based on some rough material is neither responsible nor professional,” Hong told reporters at a regularly scheduled news conference.
Tomi Engdahl says:
A Shocking Expose of China’s Black PR Industry Implicates Government Officials, is Quickly Deleted from the Web
http://www.techinasia.com/caixin-posts-shocking-expose-chinas-black-pr-industry-story-quickly-deleted-web/
Almost everyone knows about the public relations industry, but fewer people know about what in China is referred to as Black PR, the underground internet industry that has evolved with the spread of web 2.0 through China.
Black PR firms provide client companies with both post deletion services to help them escape negative news stories, and some also provide placement for soft ads and hit pieces attacking competitors. The top black PR firms can offer these services even for stories posted to China’s most popular news portals.
Charging money to delete posts is illegal — this came as a surprise to many of Xinxun and Yage’s employees, according to the Caixin article — but some black PR firms employ even darker tactics. In a pinch, some firms have been known to create fake government stamps and use them to send faux-official takedown notices to get articles pulled from the web. Another tactic is a more classic form of blackmail: the PR firm uses its connections or bribery to place a negative article online, then approaches the company that’s the subject of the article and offers to have it removed — for a high fee, of course.
Tomi Engdahl says:
Exclusive: Apple, Macs hit by hackers who targeted Facebook
http://www.reuters.com/article/2013/02/19/us-apple-hackers-idUSBRE91I10920130219
Apple Inc was recently attacked by hackers who infected Macintosh computers of some employees, the company said Tuesday in an unprecedented disclosure describing the widest known cyber attacks targeting Apple computers used by corporations.
The same software, which infected Macs by exploiting a flaw in a version of Oracle Corp’s Java software used as a plug-in on Web browsers, was used to launch attacks against Facebook, which the social network disclosed on Friday.
Tomi Engdahl says:
This Is the Site Likely Responsible for the Recent Major Tech Company Hacks
http://allthingsd.com/20130219/this-is-the-site-likely-responsible-for-the-recent-major-tech-company-hacks/
Apple, Facebook, Twitter — all hacked. And there’s probably more to come.
In the spate of large companies hacked in recent weeks, it seems that many of them have one thing in common. Many have visited one compromised website specifically devoted to sharing information related to mobile development — and it’s not just tech companies visiting the site.
The site is called iPhoneDevSDK, according to sources close to the Facebook hacking investigation. It’s a hub for many companies concentrated on the mobile space.
Facebook referred us back to the company’s blog post from last week, without going into further detail.
Of note: Do not visit this site, as it may continue to be compromised. While it’s potentially risky to publicize the website, AllThingsD is providing the name to inform readers
So going forward, the question now isn’t which company is next, but rather which one is willing to admit it next.
“I truly believe we’re going to see quite a bit more of these announcements as companies start to get smarter and look more closely at their systems,” Soltani told AllThingsD in a previous interview.
Now, “it’s not a matter of whether or not you’ve been compromised,” Soltani said. “It’s whether you have the expertise to tell.”
Tomi Engdahl says:
US prepares economic countermeasures in light of recent cyberattacks
http://www.theverge.com/2013/2/19/4006612/us-prepares-economic-countermeasures-in-light-of-recent-cyberattacks
The recent rash of hacking attacks shows no sign of slowing
but the US government is preparing some measures to help address the situation. The Associated Press is reporting that the White House will release a new strategy tomorrow, outlining penalties, fines, and trade restrictions designed to deter countries from participating in such efforts.
The announcement would come just days after The New York Times detailed a report from security firm Mandiant.
Tomi Engdahl says:
Finnish police has investigated a number of companies during the winter on crimes against VoIP PBX. PBXs are hacked and have played international calls (calls to Asia from 5000 to 35 000 Euros in costs).
Intrusion victims of equipment have not been maintained for years and no devices have generally found traces of the perpetrators.
Police remind companies to take care of all the public data network devices connected to the updating and maintenance.
Source: http://www.tietoviikko.fi/kaikki_uutiset/poliisi+varoittaa+unohdetuista+voipvaihteista++jopa+35+000+euron+lasku/a880624?s=r&wtm=tietoviikko/-20022013&
Tomi Engdahl says:
Viruses in the future also TV users nuisance
Portable mobile devices resemble more and more computers, they are also exposed to security risks and viruses. Security companies believe that the future of malware will also TVs, tablets and mobile phones, the owners of a nuisance.
Malicious software design tend to make easy money from its programs. Viruses can be for example, to collect information about the phones, and then transfer the collected information to third parties.
More and more malware in the bombing toll numbers and text messaging services while the user is quite unaware of what is even going on.
Mustonen, already known cases in which the STB has been infiltrated by malicious cyber criminals as a tool by using the set-top box computing power for criminal purposes.
Legislation from the perspective of responsibility for computer security issues, ultimately falls on the user. User is responsible for use of the service, equipment, and software security. Telecommunications companies and mobile phone manufacturers are not obliged to maintain information security as promised services.
- The operator’s responsibility for the careful use of information technology can be compared to the use of a credit card. The user is responsible, for example, where the device is stored, and whether passwords are protected from the kind of services in connection with using the device, Office of Communication of safety regulations Lawyer says Erika Leinonen.
Often, security issues, however, move in a gray area. Malicious software can basically get lost in the machine also reliable services, such as search engines.
- Today, modern security threats are such that the user can not even influence them. If the user hits with a harmful program, so he is at the stage very difficult to blame for what happens next, security expert Sean Sullivan, F-Secure says.
Source: http://yle.fi/uutiset/virukset_tulevaisuudessa_myos_televisionkayttajien_kiusa/6493119
Tomi Engdahl says:
How Anonymous accidentally helped expose two Chinese hackers
The HBGary hack offered security researchers a treasure trove of information.
http://arstechnica.com/security/2013/02/how-anonymous-accidentally-helped-expose-two-chinese-hackers/
How did security firm Mandiant put names to two previously unknown Chinese hackers who, it says, steal American corporate secrets for the Chinese government? With a little inadvertent help from Anonymous.
Tomi Engdahl says:
Firing up a security framework
http://www.controleng.com/single-article/firing-up-a-security-framework/ed12be3c26056f197c9ac756004629d9.html
Like anything in the cyber security arena, things have to move fast and just after the Obama Administration signed an Executive Order calling for stronger security movement to help protect critical infrastructure, the first step in the development of a Cybersecurity Framework is moving forward.
That first step involves creating a set of voluntary standards and best practices to guide industry in reducing cyber risks to the networks and computers vital to the nation’s economy, security and daily life.
NIST will issue a Request for Information from critical infrastructure owners and operators, federal agencies, state, local, territorial and tribal governments, standards-setting organizations, other members of industry, consumers, solution providers and other stakeholders.
NIST will use the input to identify existing consensus standards, practices and procedures that are effective and can truly undergo adoption to protect its digital information and infrastructure from the full range of cyber security threats. The framework will not dictate “one-size-fits-all” solutions, but will instead enable innovation by providing guidance that is technology neutral and recognizes the different needs and challenges within and among critical infrastructure sectors.