Year 2013 will be year of cyber security. CNN expects more cyber wars this year. Cybercrime is on the rise, and last year we saw more and more computer virus attacks. Security company Kaspersky Lab warns of more new cyber-threats against enterprises and mobile devices. Cyber security also relates to mobile.
Security becomes an increasingly important issue. Year 2013 is the year of cyber security. Security company Stonesoft predicts we will face a more targeted launch cyber-attacks, cyber espionage and hactivism. Cyber security is the fastest growing trend in information security and its importance will increase in the future. According to Stonesoft the current security systems are unable to provide adequate protection against targeted attacks: we require proactive cyber protection and willingness to face the unknown threats.
Hacktivism will continue. According to article Anonymous: ‘Expect us 2013′ the hacking group boasted its cyberattacks against the U.S., Syrian, and Israeli governments in 2012. They are also warning people to continue to expect this type of activity.
SCADA security was hit hard in 2012. Some of the big manufacturers hit hard have learned their lessons and test their devices more now. But how are some smaller manufacturers security testing? Metasploit has special category for SCADA
devices. Good idea to test your devices against it.
There is still work to do on Cyber security standards and SCADA standards. For example in very widely used automation security standard IEC 61508 security is addresses only in informative way (NOT MANDATORY. IEC 62443-2-4: A Baseline Security Standard for Industrial Automation Control Systems is a good starting point when thinking on SCADA systems security.
Nowadays you need to think about SCADA system security more then some years ago. Previously, it was thought that it is sufficient to isolate factory process automation system from the office networks and the Internet. This is no longer enough. Nowadays you need to think about information security of production of automation systems. You can’t keep the automation systems isolated from Internet. Accidental connections to Internet from isolated networks happen. Malware can spread through USB memory sticks (Stuxnet did that). And nowadays there are more and more business reasons to connect process automation systems to other networks. So automations system do not anymore live in complete isolation from rest of the world.
Systems with SCADA vulnerabilities have become easier to find. Hackers tap SCADA vuln search engine article tells a search engine that indexes servers and other internet devices is helping hackers to find industrial control systems that are vulnerable to tampering. Search engine Shodan easily pinpoints shoddy industrial controls. Shodan makes it easy to locate internet-facing SCADA, or supervisory control and data acquisition, systems used to control equipment at gasoline refineries, power plants and other industrial facilities. The search engine can also be used to identify systems with known vulnerabilities. Shodan makes networks more vulnerable to brute-force attacks on passwords, many of which may still use factory defaults.
Thousands of SCADA Devices Discovered On the Open Internet article tells that there are all the time news of the continuing poor state of security for industrial control systems. The pair of researchers with found found not only devices used for critical infrastructure such as energy, water and other utilities, but also SCADA devices for HVAC systems, building automation control systems, large mining trucks, traffic control systems, red-light cameras and even crematoriums. Never underestimate what you can do with a healthy list of advanced operator search terms and a beer budget.
Researchers have also found crippling flaws in GPS receivers. Global Positioning System infrastructure critical to the navigation of a host of military and civilian technologies including planes, ships and unmanned drones. GPS system is also used to generate accurate clocks in SCADA system and smart grid devices. Researchers showed that they could permanently de-synchronise the date of Phasor Measurement Units used in smart grid and cause UNIX epoch rollover in a few minutes. The overall landscape of GPS vulnerabilities is startling.
Happy now? Mobiles, cloud, big data now ‘a growing security risk’ article tells that innovations in mobile and cloud computing, social technology and the use of “big data” present an emerging risk to organisations’ IT security, experts have warned. The European Network and Information Security Agency (ENISA), which is an EU advisory body, said that those technologies would increasingly provide the platform for “most of the innovation expected in the area of IT” and warned that with their emergence would come an associated increased cyber threat. ENISA warned that the threat stemming from mobile computing comes from the fact that mobile communications take place over “poorly secured … or unsecured channels”. The most significant threat stems from hackers inserting malicious software in website browser and other software available on mobile devices. Cyber criminals could also use the capabilities of cloud computing for their own gains, such as by storing malware in those systems and using the technology as a platform to launch attacks.
Drive-by downloads attacks against web browsers have become the top web threat. More specifically, attackers are moving into targeting browser plugins such as Java (Java exploits are the major cross-platform threat), Adobe Reader and Adobe Flash. The drive-by download attacks are almost exclusively launched through compromised legitimate websites which are used by attackers to host malicious links and actual malicious code. Exploits are sold for considerable amount of money and quickly included into exploit kits.
Africa’s Coming Cyber-Crime Epidemic article tells that last decade may have just been the first step in a looming African cyber-crime wave. Africa has the world’s fastest-growing middle class, whose members are increasingly tech-savvy and Internet connected and lax law enforcement is a perfect petri dish for increased cybercrime.
European wide cyber police started. EU’s new European Cybercrime Centre (EC3) was just opened few days ago. The facility will act as the “focal point” in the EU’s fight against cybercrime, against both businesses and private citizens. EC3 will act as a hub where crime-fighters can pool expertise and information, support criminal investigations and help develop and spread best practice. It will work with industry to develop threat assessments. It will work closely with the FBI and the US Secret service, in addition to other foreign agencies.
1,930 Comments
Tomi Engdahl says:
S. Korean TV networks, banks under suspect cyber attack
http://www.google.com/hostednews/afp/article/ALeqM5gKlyu7mV_3oNhcRyG7P2JKmn9l3Q
The South Korean military raised its cyber attack warning level Wednesday after computer networks crashed at major TV broadcasters and banks, with initial suspicions focused on North Korea.
The Korea Internet Security Agency, a state watchdog, said computer networks at three TV broadcasters — KBS, MBC and YTN — as well as the Shinhan and Nonghyup banks had been “partially or entirely crippled”.
LG Uplus, an Internet service provider, also reported a network crash.
“South Korea is an IT superpower with good infrastructure but remains relatively vulnerable to hacking,” Park Soon-Tai, manager of the agency’s hacking response team, told AFP in a recent interview.
Tomi Engdahl says:
Apple Releases Patch For Evasi0n Jailbreak (After It’s Used 18 Million Times)
http://apple.slashdot.org/story/13/03/20/0144209/apple-releases-patch-for-evasi0n-jailbreak-after-its-used-18-million-times
“Apple has released a new update for iOS that prevents the jailbreak evasi0n released last month. But that hacking tool has already become the most popular jailbreak ever: It’s been used to remove the software restrictions on 18.2 million devices in the 43 days between its release and the patch”
Tomi Engdahl says:
On Security Awareness Training
The focus on training obscures the failures of security design
http://www.darkreading.com/blog/240151108/on-security-awareness-training.html
Should companies spend money on security awareness training for their employees? It’s a contentious topic, with respected experts on both sides of the debate. I personally believe that training users in security is generally a waste of time and that the money can be spent better elsewhere. Moreover, I believe that our industry’s focus on training serves to obscure greater failings in security design.
In order to understand my argument, it’s useful to look at training’s successes and failures. One area where it doesn’t work very well is health.
Similarly, computer security is an abstract benefit that gets in the way of enjoying the Internet. Good practices might protect me from a theoretical attack at some time in the future, but they’re a bother right now, and I have more fun things to think about.
Computer security is more like hand washing than HIV.
You might have learned to drive 30 years ago, but that knowledge is still relevant today.
On the other hand, password advice from 10 years ago isn’t relevant today (PDF). Can I bank from my browser? Are PDFs safe? Are untrusted networks OK? Is JavaScript good or bad? Are my photos more secure in the cloud or on my own hard drive? The “interface” we use to interact with computers and the Internet changes all the time, along with best practices for computer security.
The threats change constantly, the likelihood of failure is low, and there is enough complexity that it’s hard for people to understand how to connect their behaviors to eventual outcomes. So they turn to folk remedies that, while simple, don’t really address the threats.
computer security is often only as strong as the weakest link.
As long as we build systems that are vulnerable to the worst case, raising the average case won’t make them more secure.
The whole concept of security awareness training demonstrates how the computer industry has failed. We should be designing systems that won’t let users choose lousy passwords and don’t care what links a user clicks on. We should be designing systems that conform to their folk beliefs of security, rather than forcing them to learn new ones.
we should be spending money on security training for developers. These are people who can be taught expertise in a fast-changing environment, and this is a situation where raising the average behavior increases the security of the overall system.
If we security engineers do our job right, then users will get their awareness training informally and organically from their colleagues and friends.
Tomi Engdahl says:
SCADA honeypots attract swarm of international hackers
‘Industrial control systems’ faced attacks from US, China…and, er, Laos
http://www.theregister.co.uk/2013/03/20/scada_honeypot_research/
Vulnerable internet-facing industrial systems controlling crucial equipment used by power plants, airports, factories and other critical systems are subjected to sustained attacks within hours of appearing online, according to new honeypot-based research by Trend Micro.
The security weaknesses of SCADA (supervisory control and data acquisition) industrial control systems have been a major focus of interest in information security circles for the last three years or so thanks to Stuxnet, Duqu, and other similar noteworthy attacks.
Trend Micro threat researcher and SCADA security expert Kyle Wilhoit set out to look into this phenomenon in greater depth by setting up a internet-facing honeypot and record attempted attacks.
All three honeypots included traditional vulnerabilities found across the same or similar systems. Steps were taken to make sure the honeypots were easily discovered. The sites were optimised for searches and published on Google.
The researchers also made sure that that honeypot settings would be seeded on devices that were part of HD Moore’s Shodan Project, which indexes vulnerable routers, printers, servers and internet-accessible industrial control systems. Once a search latches onto a vulnerable embedded device, then Metasploit provides a library of possible attacks, which – as security strategist Josh Corman points out – can be run without any detailed knowledge or skill.
The Trend Micro security researchers excluded simple port scans and focused on recording anything that might pose a threat to internet-facing ICS/SCADA systems. This includes unauthorised access to secure areas of sites, attempted modifications of controllers, or any attack against a protocol specific to SCADA devices, such as Modbus/TCP.
The researchers waited less than a day before the attacks began
It took only 18 hours to find the first signs of attack on one of the honeypots.
The statistics of this report contain data for 28 days with a total of 39 attacks from 14 different countries. Out of these 39 attacks, 12 were unique and could be classified as “targeted” while 13 were repeated by several
A third of attacks against the industrial control system honeypot (35 per cent) originated in China but one in five (19 per cent) originated in the US. Security researchers also found that a surprisingly high 12 per cent of attacks against a honeypot control system they had established came from the southeast Asian nation of Laos.
“This Trend Micro research shows that attackers have enough knowledge to analyse and affect industrial control devices’ infrastructures,”
“This is a wake-up call for operators of these infrastructures to check the security of these systems and ensure they are properly separated from the internet/open networks. The research also shows that it is not only usual suspects attacking, but that these attacks also happen in your own backyard.”
“Security in an ICS/SCADA network is often considered ‘bolt-on’ or thought of ‘after the fact’. When these systems were first brought into service more than 20 or so years ago, security was typically not a concern,” Wilhoit explains.
A recent study by InfraCritical discovered that 500,000 SCADA (supervisory control and data acquisition) networks were susceptible to attack, highlighting the wide-scale vulnerability of systems that control the operations of power and water plants, among other critical facilities. According to recent research conducted by ICS-CERT, 171 unique vulnerabilities affecting 55 different ICS vendors were found last year alone (PDF).
Tomi Engdahl says:
South Korea network attack ‘a computer virus’
http://www.bbc.co.uk/news/world-asia-21855051
Disruption that paralysed the computer networks of broadcasters and banks in South Korea appears to have been caused by a virus, an official close to the investigation has told the BBC.
The official said it was believed a “malicious” code was to blame for the system failure.
He said investigators were trying to identify and analyse the virus.
Initially, South Korea’s Communications Commission suspected a cyber-attack. However, the BBC was later told that experts had concluded it was not a denial-of-service attack, of the kind South Korea has experienced in the past.
Tomi Engdahl says:
Cisco switches to weaker hashing scheme, passwords cracked wide open
Crypto technique requires little time and computing resources to crack.
http://arstechnica.com/security/2013/03/cisco-switches-to-weaker-hashing-scheme-passwords-cracked-wide-open/
Password cracking experts have reversed a secret cryptographic formula recently added to Cisco devices. Ironically, the encryption type 4 algorithm leaves users considerably more susceptible to password cracking than an older alternative, even though the new routine was intended to enhance protections already in place.
It turns out that Cisco’s new method for converting passwords into one-way hashes uses a single iteration of the SHA256 function with no cryptographic salt. The revelation came as a shock to many security experts because the technique requires little time and computing resources.
“In my eyes, for such an important company, this is a big fail,”
“Nowadays everyone in the security/crypto/hash scene knows that password hashes should be salted, at least. By not salting the hashes we can crack all the hashes at once with full speed.”
Cisco officials acknowledged the password weakness in an advisory published Monday.
The weakness threatens anyone whose router configuration data may be exposed in an online breach.
Tomi Engdahl says:
Under CISPA, Who Can Get Your Data?
https://www.eff.org/deeplinks/2013/03/under-cispa-who-can-get-your-data
Under CISPA, companies can collect your information in order to “protect the rights and property” of the company, and then share that information with third parties, including the government, so long as it is for “cybersecurity purposes.”
Any government agency could receive data from companies if this were to pass
Under CISPA, which government agencies can get your data?
list of agencies that could get your data under CISPA
Tomi Engdahl says:
Cyber War Manual Proposes Online Geneva Convention
http://yro.slashdot.org/story/13/03/20/2223237/cyber-war-manual-proposes-online-geneva-convention
“A new manual for cyber war has been compiled by international legal experts and published by NATO. The manual proposes that hospitals and dams should be off-limits for online warfare”
NATO Cyber War Manual Says Hackers Are Targets
Online Geneva Conventions proposed for cyber war
http://www.techweekeurope.co.uk/news/nato-cyber-war-manual-says-hackers-are-targets-110838
Cyber war attacks can be a legitimate part of international conflict, but they should not hit civilian targets such as the technology behind hospitals and power stations, according to a manual on the legal status of online warfare, compiled by NATO.
The manual is the first attempt to define how international law such as the Geneva Convention applies to online warfare, and comes at a time when US and European voices are urging a cyber war strategy when faced with politically motivated cyber attacks.
It says that hackers who carry out online attacks on foreign nations can be legitimate targets in a cyber war counterstrike, and also says it is acceptable to respond with conventional force if an online attack leads to death or severe property damage.
Cyber war! What is it good for?
“No international armed conflict has been publicly characterised as having been solely precipitated in cyberspace,” the manual says, but adds the legal definition of an “armed conflict” should be extended to include situations where hostilities only take place in cyberspace, concluding that “cyber operations alone might have the potential to cross the threshold of international armed conflict.”
The manual says that any response to a cyber attack should be proportionate, and that conventional force should not be used unless the cyber attack resulted in death or significant property damage.
While providing a legal framework, the group is keen not to lower the bar so future cyber wars are more likely. ”You can only use force when you reach the level of armed conflict,”
Tomi Engdahl says:
The Right and Wrong Way to Implement Cryptographic Algorithms in Embedded Electronic Systems
http://www.edn.com/design/systems-design/4410267/The-Right-and-Wrong-Way-to-Implement-Cryptographic-Algorithms-in-Embedded-Electronic-Systems
Tomi Engdahl says:
Why Matthew Keys is not ‘the next Aaron Swartz’
http://www.washingtonpost.com/business/technology/why-matthew-keys-is-not-the-next-aaron-swartz/2013/03/20/0eae21f4-90c7-11e2-9abd-e4c5c9dc5e90_story.html
Matthew Keys is no Aaron Swartz. But the Reuters social media producer will face decades in jail under the same law used against Swartz if convicted of helping Anonymous hack the Los Angeles Times Web site in late 2010 — a parallel that has Keys’s lawyers and some commentators grouping the two as twin victims of America’s mangled computer crime laws.
Keys was recently charged with different computer crimes under the same law.
helped Anonymous deface the Los Angeles Times Web site by giving log-in credentials to a hacker in an Anonymous chatroom, shortly after Keys was fired by the company that owns the Times.
CFAA’s biggest problem lies in its use of the phrase “unauthorized access” — a vague, only loosely defined term that has left prosecutors and courts to their own interpretations.
Tomi Engdahl says:
Finnish society would be possible to interfere with network attacks in open automation systems. Aalto University in January in the study was found in 2915 an open device, which can be accessed from the public network to strike.
This study aims to find out how to protect your systems against cyber-attacks.
Compromised systems found in power plants, in addition to up to the hospital, the prison and the traffic control system. Most of the open web was found in the automation systems in industry and buildings.
The problem is exacerbated by the fact that 60 per cent of found devices is known vulnerabilities. In addition, in many cases, the equipment user names it is possible to fish out their web user interfaces.
Source: http://www.tietoviikko.fi/kaikki_uutiset/suomalaisen+itn+heikko+kohta+paljastui++tuhansia+vaarassa/a888636?s=r&wtm=tietoviikko/-21032013&
According to the researchers alarming was that the number of devices in the network interfaces were found in the user names and passwords.
“Devices found hardly should be open on the internet, because then they are vulnerable to attacks. This is a major security threat,” says Aalto University Networking Professor Jukka Manner.
All in all open devices was 2 915, of which 60 percent have been reported in a variety of public security shortcomings or vulnerabilities.
“Our search engine has mapped out an estimated 20 to 30 percent of Finland’s ip addresses. Lot of problems can be even more hidden,” says research assistant Seppo Tiilikainen.
“The results show that it is possible that Finland would be up to 10 000 network attacks open automation system. Them all is unlikely to have a significant threat, but the majority should hardly be openly displayed,” says Jukka Manner
Source: http://www.hs.fi/kotimaa/Tuhansien+yritysten+tietoturvassa+merkitt%C3%A4vi%C3%A4+aukkoja+/a1363796047582
REPORT:
Suomen automaatioverkkojen haavoittuvuus -
Raportti Internetissä julkisesti esillä olevista automaatiolaitteista
https://research.comnet.aalto.fi/public/Aalto-Shodan-Raportti-julkinen.pdf
Tomi Engdahl says:
Apple iOS 6.1.3 fix contains another lock screen bypass flaw
http://www.zdnet.com/apple-ios-6-1-3-fix-contains-another-lock-screen-bypass-flaw-7000012912/
Summary: The latest Apple iOS software fix, designed to fix a nasty bug in which unauthorized users could bypass the lock screen and access user data, contains yet another major flaw.
Tomi Engdahl says:
Decade-Old Espionage Malware Found Targeting Government Computers
http://it.slashdot.org/story/13/03/21/0313219/decade-old-espionage-malware-found-targeting-government-computers
“Researchers have unearthed a decade-long espionage operation that used the popular TeamViewer remote-access program and proprietary malware to target high-level political and industrial figures in Eastern Europe.”
Decade-old espionage malware found targeting government computers
“TeamSpy” used digitally signed TeamViewer remote access tool to spy on victims.
http://arstechnica.com/security/2013/03/decade-old-espionage-malware-found-targeting-government-computers/
TeamSpy, as the shadow group has been dubbed, collected encryption keys and documents marked as “secret” from a variety of high-level targets, according to a report published Wednesday by Hungary-based CrySyS Lab. Targets included a Russia-based Embassy for an undisclosed country belonging to both NATO and the European Union, an industrial manufacturer also located in Russia, multiple research and educational organizations in France and Belgium, and an electronics company located in Iran. CrySyS learned of the attacks after Hungary’s National Security Authority disclosed intelligence that TeamSpy had hit an unnamed “Hungarian high-profile governmental victim.”
“Most likely the same attackers are behind the attacks that span for the last 10 years, as there are clear connections between samples used in different years and campaigns,” CrySyS researchers wrote in their report. “Interestingly, the attacks began to gain new momentum in the second half of 2012.”
The attackers relied on a variety of methods, including the use of a digitally signed version of TeamViewer that has been modified
According to Kaspersky, the operators infected their victims through a series of “watering hole” attacks that plant malware on websites frequented by the intended victims.
Tomi Engdahl says:
Cyberspies send ZOMBIES to steal DRUGS from medical research firms
http://www.theregister.co.uk/2013/03/21/medical_cyber_espionage/
Cyber-espionage crews have been targeting the lucrative medical and life science industries using custom malware and spear-phishing, according to new research.
According to a current US counterintelligence report which it delivered to US Congress, healthcare services and medical equipment are expected to be two of the five fastest-growing international investment sectors, with the US among the leading nations worldwide. Multi-billion dollar lifesaving research is being put at risk as cyberspies attempt to crack life science firms’ security.
Security intelligence firm Cyber Squared said that at least three distinct groups have targeted the industry for more than two years since 2010.
When RATs, Trojans and zombies attack
Cyber Squared was able to confirm that the attackers mirrored the legitimate BioDuro website with a drive-by attack site that used a malicious iFrame redirecting users to the IE zero day exploit. BioDuro is Beijing-based life science research firm. Compromised machines were subsequently infected with a variant of Destroy Remote Access Trojan (RAT), which is also known as Thoper-B or Sogu.
“The threats posed by resourced and sophisticated threat groups targeting the medical and life sciences industry is very real,” Rich Barger, chief intelligence officer at Cyber Squared, and a former US Army intelligence analyst. “The application of economic espionage within these industries ultimately leaves multi-billion dollar lifesaving research and medical breakthroughs in the crosshairs.”
Automation systems security issues « Tomi Engdahl’s ePanorama blog says:
[...] also mentioned those dangers on my Security trends for 2013 article. The designers and installers who put together those automation systems should be more [...]
Tomi Engdahl says:
Cyberwar manual lays down rules for online attacks
http://hosted.ap.org/dynamic/stories/E/EU_CYBERWAR_MANUAL?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT
The Tallinn Manual – named for the Estonian capital where it was compiled – was created at the behest of the NATO Cooperative Cyber Defense Center of Excellence, a NATO think tank. It takes existing rules on battlefield behavior, such as the 1868 St. Petersburg Declaration and the 1949 Geneva Convention, to the Internet, occasionally in unexpected ways.
Tomi Engdahl says:
Web Money Gets Laundering Rule
http://online.wsj.com/article_email/SB10001424127887324373204578374611351125202-lMyQjAxMTAzMDIwMTEyNDEyWj.html
The U.S. is applying money-laundering rules to “virtual currencies,” amid growing concern that new forms of cash bought on the Internet are being used to fund illicit activities.
online cash will now be regulated in a similar manner as traditional money-order providers such as Western Union Co.
They would have new bookkeeping requirements and mandatory reporting for transactions of more than $10,000.
Tomi Engdahl says:
Bitcoin prices spike on Euro woes
Spanish citizens hiding their currency under the bed
http://www.theregister.co.uk/2013/03/21/bitcoin_on_a_roll_in_spain/
The well-publicised idea that Cyprus could pinch ten per cent of all local savings accounts to help pay for its government’s budgetary woes seems to have sparked a rush of interest in the crypto-currency Bitcoin.
According to Bloomberg, Bitcoin apps are soaring up the download charts in Spain
Zerohedge wrote on Wednesday that “the value of the virtual currency has soared almost 30 percent in the last two days”, from €37 to over €50, with volumes rising as well.
Back in America, Bitcoins are attracting greater regulatory attention
Tomi Engdahl says:
Check my new posting:
Automation systems security issues
http://www.epanorama.net/blog/2013/03/21/automation-systems-security-issues/
Researchers at Aalto University did a study in January 2013 to look into the status of Finnish cyber-security. The researchers found 185 000 devices that answer to HTTP request in Finland.
What is alarming that they which found in 2915 automation systems devices pretty openly connected to Internet in Finland
Those open devices can be accessed from the public network and 60 per cent of found devices have known vulnerabilities. Also a number of devices have user names and passwords that are easy to get to know.
Compromised systems were found in power plants, hospital, industrial automation systems, building automation, one prison and traffic control system.
Tomi Engdahl says:
Weev Gets 41 Months
http://www.f-secure.com/weblog/archives/00002527.html
Much of today’s press coverage (and Twitter reaction) is singularly focused on the Computer Fraud and Abuse Act (CFAA) — which is the (vaguely written) law related to the count of unauthorized access.
So here’s a handy how-to guide on avoiding trouble when disclosing a security flaw:
1. Don’t be an asshole troll.
2. When you discover a flaw, don’t abuse it. Only do enough to demonstrate the problem, no more.
3. Don’t collect, record, and then transmit personally identifiable information (PII) belonging to other people.
4. When contacting reporters, have them volunteer their own device IDs to demonstrate the flaw.
Simple.
Tomi Engdahl says:
Rules of cyberwar: don’t target nuclear plants or hospitals, says Nato manual
http://www.guardian.co.uk/world/2013/mar/18/rules-cyberwarfare-nato-manual
Handbook drawn up for Nato’s Co-operative Cyber Defence Centre of Excellence is first attempt to codify how international law applies to state-sponsored online attacks
State-sponsored cyber-attacks must avoid sensitive civilian targets such as hospitals, dams, dykes and nuclear power stations, according to an advisory manual on cyber-warfare written for Nato, which predicts that online attacks could in future trigger full-blown military conflicts.
The first attempt to codify how international law applies to online attacks includes a provision for states to respond with conventional force if aggression through hacking into computer networks by another state results in death or significant damage to property.
Tomi Engdahl says:
9 Classic Hacking, Phishing and Social Engineering Lies
http://www.cio.com/slideshow/detail/91580/9-Classic-Hacking–Phishing-and-Social-Engineering-Lies?source=cioartmor#slide1
Whether it is on the phone, online or in person, here are 10 lies hackers, phishers and social engineers will tell you to get what they want.
free t shirt maker says:
there should be more websites like this with better information! Thanx for the read! check my work I’d appreciate it!
Tomi Engdahl says:
European Police Office on Tuesday published by the EU Serious and Organized Crime Threat Assessment report.
Drug dealers make more profit than other criminals. They are taking advantage of a bad financial situation, and the Internet.
Drug dealers get involved more and more cyber-crime, security company SophosLabs researcher Beth Jones says.
Thanks to the Internet criminals to reach a broader group of potential victims, concealing their activities and can do more with a variety of crimes shorter term than ever before, Europol report says.
Web and mobility have made many criminal activities global.
Source: http://m.tietoviikko.fi/Uutiset/Huumekauppiaat+ryhtyv%C3%A4t+verkkorikollisiksi
Tomi Engdahl says:
Maybe don’t install that groovy pirated Android keyboard
It could be loggin’ your login, warn experts
http://www.theregister.co.uk/2013/03/25/android_security_omnishambles/
A mobile software developer has turned an popular third party Android mobile keyboard called SwiftKey into a counterfeit package loaded with a trojan as a warning about the perils of using pirated or cracked apps from back-street app stores.
created a modified (backdoored) version of SwiftKey using a tool called apktool combined with basic knowledge of Java and Android.
Casey added that using pirated Android apps, especially from third-party stories, is a serious security risk. He reckons the threat also extends to iPhone apps on a jailbroken phone
“this byte code is not that hard to edit and insert back into an APK.”
Tomi Engdahl says:
Top Chinese university linked to alleged military cybercrime unit
http://news.cnet.com/8301-1009_3-57576051-83/top-chinese-university-linked-to-alleged-military-cybercrime-unit/
The People’s Liberation Army unit (PLA) allegedly responsible for cyberspying on Western targets has collaborated with a top Chinese university on networking and security research papers.
In a finding uncovered by Reuters, Shanghai Jiaotong’s School of Information Security Engineering (SISE) and the People’s Liberation Army Unit 61398 have worked in partnership on at least three papers in recent years.
Tomi Engdahl says:
NATO Researchers: Stuxnet Attack on Iran Was Illegal ‘Act of Force’
http://www.wired.com/threatlevel/2013/03/stuxnet-act-of-force/
A cyberattack that sabotaged Iran’s uranium enrichment program was an “act of force” and was likely illegal, according to research commissioned by NATO’s cyberwarfare center.
“Acts that kill or injure persons or destroy or damage objects are unambiguously uses of force” and likely violate international law, according to the Tallinn Manual on the International Law Applicable to Cyber Warfare, a study produced by international legal experts at the request of NATO’s Cooperative Cyber Defense Center of Excellence in Estonia.
Tomi Engdahl says:
Have your accounts been compromised?
Use the world’s largest database of account credentials to identify and secure vulnerable accounts before you become a victim of fraud or a cyber attack.
https://pwnedlist.com/
Tomi Engdahl says:
Car Owner may remain a prisoner in her car, and the car can go their separate ways. At worst, passenger and other road users are at risk of death, says the Financial Times .
San Diego and University of Washington researchers have experimented with what malicious hackers can make a car blasted its way through the information system. Almost all affecting driving devices can take control without the driver can not do anything about it.
Cars today is a huge information technology and communications, through which the car can be, in principle, to break into. So far, no known case in which the burglary resulting in death.
Nowadays, some cars have a wireless network that can be accessed from outside the vehicle.
So far, infotainment functions are separate from the car while driving management, but the next few years in industry systems may be combined.
Computer are now available for the controlled programs offered. Toyota has a Touch, Ford with Sync and Chrysler have UConnect program.
Source: http://www.tietoviikko.fi/kaikki_uutiset/uusi+uhka+omistaja+voi+jaada+oman+autonsa+vangiksi/a889736?s=r&wtm=tietoviikko/-26032013&
Tomi Engdahl says:
How To Check If Your Account Passwords Have Been Leaked Online and Protect Yourself From Future Leaks
http://www.howtogeek.com/125569/how-to-check-if-your-account-passwords-have-been-leaked-online-and-protect-yourself-from-future-leaks/
Tomi Engdahl says:
Don’t Have a False Sense of Security: 5 Insecure Ways to Secure Your Wi-Fi
http://www.howtogeek.com/132348/dont-have-a-false-sense-of-security-5-insecure-ways-to-secure-your-wi-fi/
You’ve got WEP encryption enabled, your network’s SSID is hidden, and you’ve enabled MAC address filtering so no one else can connect. Your Wi-Fi network is secure, right? Not really.
Good Wi-Fi security is simple: Enable WPA (ideally WPA2) and set a strong password.
Other common tricks for increasing a Wi-Fi network’s security can easily be bypassed. They may deter more casual users, but a strong WPA2 password will deter everyone.
Tomi Engdahl says:
Wi-Fi Enabled Digital Cameras Easily Exploitable
http://yro.slashdot.org/story/13/03/26/003218/wi-fi-enabled-digital-cameras-easily-exploitable
“Newer cameras increasingly sport built-in Wi-Fi capabilities or allow users to add SD cards to achieve them in order to be able to upload and share photos and videos as soon as they take them. But, as proven by Daniel Mende and Pascal Turbing, security researchers with ERNW, these capabilities also have security flaws that can be easily exploited for turning these cameras into spying devices.”
Digital cameras easily turned into spying devices, researchers prove
http://www.net-security.org/secworld.php?id=14651
Mende and Turbing chose to compromise Canon’s EOS-1D X DSLR camera an exploit each of the four ways it can communicate with a network. Not only have they been able to hijack the information sent from the camera, but have also managed to gain complete control of it.
Tomi Engdahl says:
Tietokone magazine tells that criminals are harnessed Finnish heavy-duty equipment into an attack, targeting a spam blocker spamhaus. Security authority Cert-fi says that hundreds of equipment take part in attack.
The inquiry is utilized Finnish unprotected domain name servers, which normally translate the Internet into numeric Internet addresses to network addresses. Reason why no such use of the name servers is that the attack traffic can help to strengthen their several-fold.
U.S. CloudFlare network service provider has for some time focused on a very strong denial of service attack. Attackers’ aim seems to be to interfere against Spam Spam Haus specializes in feature servers.
Cert-fi says that the attack traffic has so far identified more than one hundred Finnish internet address. Addresses these holders will be contacted via the operators.
Finnish Communications Regulatory Authority data, Finnish networks is at least 26 000 a device that you can use the name of the report, and that could theoretically be used in attacks.
Software Name Service (eg BIND) Regulations should be limited to those networks, which name resolution is enabled. Routers or ADSL devices administrative interface, you can normally choose to have the services offered on the Internet (WAN), and what services are available to the internal network (LAN).
Sources:
http://www.tietokone.fi/uutiset/suomesta_hyokataan_usa_aan_varo_kavalaa_tekniikkaa
http://www.cert.fi/tietoturvanyt/2013/03/ttn201303251530.html
Tomi Engdahl says:
How are Java attacks getting through?
http://community.websense.com/blogs/securitylabs/archive/2013/03/25/how-are-java-attacks-getting-through.aspx
Were you aware that Java is increasingly being viewed as a security risk? Of course you were — recent high-profile attacks have firmly established the trend, so we’re not going to do yet another roundup here.
Exploit kits are a very common tool for distribution of many Java-based threats.
It is probably no surprise that the largest single exploited vulnerability is the most recent one, with a vulnerable population of browsers at 93.77%. That’s what the bad guys do — examine your security controls and find the easiest way to bypass them. Grabbing a copy of the latest version of Cool and using a pre-packaged exploit is a pretty low bar to go after such a large population of vulnerable browsers. Most browsers are vulnerable to a much broader array of well-known Java holes, with over 75% using versions that are at least six months old
Tomi Engdahl says:
Online World
http://www.f-secure.com/weblog/archives/00002530.html
The real world isn’t like the online world.
In the real world, you only have to worry about the criminals who live in your city. But in the online world, you have to worry about criminals who could be on the other side of the planet. Online crime is always international because the Internet has no borders.
Today computer viruses and other malicious software are no longer written by hobbyist hackers seeking fame and glory among their peers, but by professional criminals who are making millions with their attacks. These criminals want access to your computer, your PayPal passwords, and your credit card numbers.
It’s all a matter of balancing. When you balance the damage done by cybercrime and compare it to a loss of life, it’s pretty obvious what’s more important.
National police forces and legal systems are finding it extremely difficult to keep up with the rapid growth of online crime. They have limited resources and expertise to investigate online criminal activity.
On the surface, computer security vendors are direct competitors. And in fact, the competition is fierce on the sales and marketing side. But on the technical side, we’re actually very friendly to each other.
In this job, all the vendors are in the same boat.
Tomi Engdahl says:
The DDoS That Almost Broke the Internet
http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet
The New York Times this morning published a story about the Spamhaus DDoS attack and how CloudFlare helped mitigate it and keep the site online. The Times calls the attack the largest known DDoS attack ever on the Internet.
At the time, it was a large attack, sending 85Gbps of traffic. Since then, the attack got much worse
on March 22 at 18:00 UTC, the attack resumed, peaking at 120Gbps of traffic hitting our network.
Other than the scale, which was already among the largest DDoS attacks we’ve seen, there was nothing particularly unusual about the attack to this point. Then the attackers changed their tactics. Rather than attacking our customers directly, they started going after the network providers CloudFlare uses for bandwidth.
Once the attackers realized they couldn’t knock CloudFlare itself offline even with more than 100Gbps of DDoS traffic, they went after our direct peers. In this case, they attacked the providers from whom CloudFlare buys bandwidth.
There are approximately a dozen Tier 1 providers on the Internet. The nature of these providers is that they don’t buy bandwidth from anyone. Instead, they engage in what is known as settlement-free peering with the other Tier 1 providers. Tier 2 providers interconnect with each other and then buy bandwidth from the Tier 1 providers in order to ensure they can connect to every other point on the Internet.
The challenge with attacks at this scale is they risk overwhelming the systems that link together the Internet itself. The largest routers that you can buy have, at most, 100Gbps ports. It is possible to bond more than one of these ports together to create capacity that is greater than 100Gbps however, at some point, there are limits to how much these routers can handle. If that limit is exceeded then the network becomes congested and slows down.
At the bottom of this attack we once again find the problem of open DNS recursors. The attackers were able to generate more than 300Gbps of traffic likely with a network of their own that only had access 1/100th of that amount of traffic themselves. We’ve written about how these mis-configured DNS recursors as a bomb waiting to go off that literally threatens the stability of the Internet itself. We’ve now seen an attack that begins to illustrate the full extent of the problem.
Unlike traditional botnets which could only generate limited traffic because of the modest Internet connections and home PCs they typically run on, these open resolvers are typically running on big servers with fat pipes.
“I’ve often said we don’t have to prepare for the largest-possible attack, we just have to prepare for the largest attack the Internet can send without causing massive collateral damage to others. It looks like you’ve reached that point, so… congratulations!”
Tomi Engdahl says:
Cyberfight puts a drag on the Internet
http://news.cnet.com/8301-1009_3-57576530-83/cyberfight-puts-a-drag-on-the-internet/
A fight between a spam-fighting group called Spamhaus and a Dutch Web host Cyberbunker has been called the biggest public DDoS battle in history.
Runescape membership says:
Hi there, simply become alert to your blog via Google, and found that it is really informative. I am going to watch out for brussels. I’ll be grateful if you proceed this in future. Numerous folks might be benefited from your writing. Cheers!
Tomi says:
Yes, This Week’s DDoS Attack Was Huge, And Part Of An Ominous Trend
http://readwrite.com/2013/03/29/ddos-attack-was-huge-and-part-of-a-trend
Depending on who you believe, the week long Spamhaus-Cyberbunker cyberattack we covered Wednesday was either a threat to the Internet itself or hyped up by an overzealous security vendor. Either way, it was still serious business.
distributed denial-of-service assaults that aim to knock target computers off the Internet — are real, and have been on the rise since 2010.
This week’s attack was more than 300Gbps — way above the norm, in other words.
That’s because the attackers actually co-opted part of the Internet’s basic infrastructure — the Domain Name System, or DNS — in such a way as to greatly amplify the firehose stream of data they were directing at target computers.
Holden says DNS is becoming an increasingly popular target for DDoS. As many as 27 million DNS servers across the Internet are “open” in a way that allows them to be hijacked this way.
Tomi Engdahl says:
Army Practices Poor Data Hygiene on Its New Smartphones, Tablets
http://www.wired.com/dangerroom/2013/04/army-data-hygiene/
The Army absolutely loves its new Android, iOS and Windows smartphones and tablets. Just not enough to properly secure the sensitive data it stores on them.
A spot check of mobile devices used by the Army at its West Point military academic and its corps of engineers shows inconsistent and outright poor data security. The Pentagon inspector general has found that the smartphones and tablets the Army buys at local electronics stores often aren’t configured to protect sensitive data, leaving it to individual users to safeguard their data.
Predictably, soldiers didn’t. At West Point, 15 out of 48 inspected mobile devices didn’t even have passwords set up.
It’s not just passwords. The Army’s chief information officer isn’t adequately tracking the non-BlackBerry mobile devices soldiers presently use
The U.S. military is set to make a major push into the mobile market. It’s talking with carriers, hardware and operating-system manufacturers to get what it refers to as a “family of devices” — hundreds of thousands of them — into troops’ hands.
Tomi Engdahl says:
Exclusive: Ongoing malware attack targeting Apache hijacks 20,000 sites
Mysterious “Darkleech” exposes visitors to potent malware exploits.
http://arstechnica.com/security/2013/04/exclusive-ongoing-malware-attack-targeting-apache-hijacks-20000-sites/
Tens of thousands of websites, some operated by The Los Angeles Times, Seagate, and other reputable companies, have recently come under the spell of “Darkleech,” a mysterious exploitation toolkit that exposes visitors to potent malware attacks.
The ongoing attacks, estimated to have infected 20,000 websites in the past few weeks alone, are significant because of their success in targeting Apache, by far the Internet’s most popular Web server software. Once it takes hold, Darkleech injects invisible code into webpages, which in turn surreptitiously opens a connection that exposes visitors to malicious third-party websites, researchers said. Although the attacks have been active since at least August, no one has been able to positively identify the weakness attackers are using to commandeer the Apache-based machines. Vulnerabilities in Plesk, Cpanel, or other software used to administer websites is one possibility, but researchers aren’t ruling out the possibility of password cracking, social engineering, or attacks that exploit unknown bugs in frequently used applications and OSes.
Landesman picked a random sample of 1,239 compromised websites and found all were running Apache version 2.2.22 or higher, mostly on a variety of Linux distributions. According to recent blog posts published here and here by researchers from security firm Securi, Darkleech uses rogue Apache modules to inject malicious payloads into the webpages of the sites it infects and to maintain control of compromised systems. Disinfecting Web servers can prove extremely difficult since the malware takes control of the secure shell (SSH) mechanism that legitimate administrators use to make technical changes and update content to a site.
“We have noticed that they are modifying all SSH binaries and inserting a version that gives them full access back to the server,” Securi CTO Daniel Cid wrote in January. “The modifications not only allow them to remote into the server bypassing existing authentication controls, but also allow them to steal all SSH authentications and push it to their remote servers.”
Tomi says:
DHS Warns of ‘TDos’ Extortion Attacks on Public Emergency Networks
http://krebsonsecurity.com/2013/04/dhs-warns-of-tdos-extortion-attacks-on-public-emergency-networks/
As if emergency responders weren’t already overloaded: Increasingly, extortionists are launching debilitating attacks designed to overwhelm the telephone networks of emergency communications centers and personnel, according to a confidential alert jointly issued by the Department of Homeland Security and the FBI.
According to the alert, these recent TDoS attacks are part of a bizarre extortion scheme that apparently starts with a phone call to an organization from an individual claiming to represent a collections company for payday loans.
DHS notes that the attacks can prevent both incoming and/or outgoing calls from being completed, and the alert speculates that government offices/emergency services are being “targeted” because of the necessity of functional phone lines. The alert says that the attacks usually follow a person with a heavy accent demanding payment of $5,000 from the company because of default by an employee who either no longer works at the PSAP or never did.
Tomi says:
Wiping a Smartphone Still Leaves Data Behind
http://hardware.slashdot.org/story/13/04/02/2015254/wiping-a-smartphone-still-leaves-data-behind
“To probably no one’s surprise, wiping a smartphone by standard methods doesn’t get all the data erased. “
Tomi says:
Break Out a Hammer: You’ll Never Believe the Data ‘Wiped’ Smartphones Store
http://www.wired.com/gadgetlab/2013/04/smartphone-data-trail/all/
Few things are more precious, intimate and personal than the data on your smartphone. It tracks your location and logs your calls. It’s your camera and your mobile banking device; in some cases it is a payment system in and of itself that knows what you bought and when and where and for how much. All of which explains why you wipe it before sending it off to a recycler or selling it on eBay, right? Problem is, even if you do everything right, there can still be lots of personal data left behind.
Simply restoring a phone to its factory settings won’t completely clear it of data. Even if you use the built-in tools to wipe it, when you go to sell your phone on Craigslist you may be selling all sorts of things along with it that are far more valuable — your name, birth date, Social Security number and home address, for example. You may inadvertently sell your old photos, nudes and all. The bottom line is, the stuff you thought you had gotten rid of is still there, if someone knows how to look.
basics says:
I saw those article awesome post
Tomi Engdahl says:
A DDoS (Distributed Denial of Service) Threat has now become the #1 threat to availability & security for enterprise. But the true impact goes far beyond the financial cost…..
The 7 Deadly Syns of a DDoS Attack
1. Distraction – IT personnel tied up addressing the attack
2. Interference – Larger number of help desk calls
3. Toil – Extra manual work to re-enter transactions
4. Disruption – Lost employee output
5. Expense – Increased SLA Credit payments
6. Deprivation – Current and prospective business loss
7. Disgrace – Reputation impact
Source: http://exclusive-networks.mailpv.net/a/s/10044338-6f028429c318bc9712facf566cadde2e/322561
Tomi Engdahl says:
Cyberwarfare Rising as Governments Embrace the Digital Battlefield
http://www.designnews.com/author.asp?section_id=1386&doc_id=260581
The 1983 movie WarGames was about a seemingly harmless high school student who was able to hack into a military computer mainframe
At the time of its release, it seemed ludicrous
Fast-forward 30 years, and that notion is no longer the case, as not only can world governments deliver collateral damage or cause disruption over an Internet connection, but they can do so with little to no cost, and without using conventional weapons.
Since the beginning of the new millennium, cyber-attacks have increased from a few dozen a year to roughly 110,000 every hour
The attacks are targeted at specific branches of the nation’s government, corporations, banks, and power grids residing in those host nations.
As the attacks have increased, governments around the globe have sanctioned new command structures to handle their respective countries’ digital tactics and security, such as the US’s Cyber Command (USCYBERCOM), which is tasked with cyber-operations, managing of cyber-resources, and responsibility for the security of military networks. Other notable commands that engage in similar practices include the Indian CERT (Computer Emergency Response Team), China’s newly formed Blue Army, and England’s MI6.
Over the last few years, more serious cyber attacks, which have done significant damage to both networks and infrastructures, have been reported, leaving world leaders irate and pointing fingers at those they deem responsible.
As we enter the new decade, the probability of continued attacks on information infrastructure is sure to increase. The consequences of these acts can, and will, affect each nation’s citizens as governments have the power to inflict serious damage through cyberspace that can ruin economies, destroy infrastructure (power, water, and even agriculture), and levy monetary resources from major banks just by using cheap software and a laptop connected to the Internet
Tomi Engdahl says:
Samsung taps Absolute Software for mobile security on Knox, Galaxy S4
http://www.zdnet.com/samsung-taps-absolute-software-for-mobile-security-on-knox-galaxy-s4-7000013412/
Summary: Headed for Samsung Knox when it debuts this year, Absolute asserted that Samsung mobile devices will be the first to offer “constant, tamper-proof security connection for tracking, wiping, recovery and IT servicing.”
Tomi Engdahl says:
MIT To End Open-Network Policy In Response To Recent Attacks
http://it.slashdot.org/story/13/04/03/2224256/mit-to-end-open-network-policy-in-response-to-recent-attacks
“MIT announced that despite a long history of running an open network (so that any student can run a server on any port, without any questions asked), it will now end this policy due to recent denial-of-service attacks and gunman hoax.”
Tomi Engdahl says:
Russian Cyber Criminal Unmasked As Creator of “Most Successful” Apple Malware:
Who Wrote the Flashback OS X Worm?
http://krebsonsecurity.com/2013/04/who-wrote-the-flashback-os-x-worm/