Security trends for 2014

Year 2014 will be a year of cybersecurity after the NSA revelations made in 2013: The headline news is that the NSA has surreptitiously “burrowed its way into nearly all the security architecture” sold by the world’s largest computer networking companies. A lot of people were shocked how NSA monitored and hacked almost everything in Internet. There will still be NSA aftershocks after new material comes out and different parties react to them (and news sources write about them). U.S. cloud services have been put into question for good reason. There will be a lot of NSA spying litigation. Those spying issues will also fuel some haktivism (it has already started to happen).

Security Professionals: Top Cyber Threat Predictions for 2014 article lists the following predictions that seem to pretty propable: Cybersecurity Regulatory Efforts Will Spark Greater Need for Harmonization, Service-Impacting Interruptions for Online Services Will Persist, We Will See an Increase in Cybercrime Activity Related to the World Cup, Rise of Regional Cloud Services, Dev-Ops Security Integration Fast Becoming Critical, Cybercrime that Leverages Unsupported Software will Increase, Increase in Social Engineering and Ransomware will Impact More People.

Ubiquitous mobile computing is all around us, which will lead to increased risks and concerns about social network privacy. Social networks have quickly become the key organizing principle of Internet communication and collaboration. Android anti-virus apps CAN’T kill nasties on sight like normal AV.

2013 was a very hacked year when there was many cases where information on millions or tens of millions of users were stolen from companies. It’s likely that we will see much more of the same in 2014, the way people use passwords and how the on-line services are built have not changed much in one year.

crystalball

Gartner predicts that through 2014, improved JavaScript performance will begin to push HTML5 and the browser as a mainstream enterprise application development environment. I expect that HTML5 related security issues are increased due the fact that the technology being used more in 2014.

Over 50% of net traffic to web sited made by bots! More Than Half of Internet Traffic Is Just Bots article says that security and cloud service provider Incapsula analyzed and found out that more than 60 percent of internet traffic is computer generated, compared to less than 40 percent of traffic that is driven by human clicks. 31% of Bots Are Still Malicious. SEO link building has always a major motivation for automated link spamming, but it is decreasing due the fact that Google was able to discourage it. There are more advanced hacking and automatic vulnerability searching.

DDoS attacks are evolving from volumetric Layer 3-4 attacks to much more sophisticated and dangerous Layer 7 multi-vector threats.

There will be still many SCADA security issues in 2014. Even though traditional SCADA vulnerabilities have become easier to find, the increased connectivity brought with IoT will cause new issues. And there will still be very many controls systems openly accessible from the Internet for practically everybody who knows how to do that. There was a large number of SCADA systems found open in Internet in the beginning of 2013, and the numbers have not considerably dropped during the year. I expect that very many of those systems are still too open in the end of 2014.

The Internet is expanding into enterprise assets and consumer items such as cars and televisions. The Internet of Things (IoT) will evolve into the Web of Things, increasing the coordination between things in the real world and their counterparts on the Web. There will be many security issues to solve and as the system become more widely used more security issues on them will be found in them.

Cloud security will be talked about. Hopefully there will be some clear-up on the terminology on that area, because cloud security can mean a lot of things like the term cloud computing. Cloud security could mean how secure your cloud provider is, a service that runs on cloud filtering what comes through it (for example e-mails, web traffic), it could mean to product protecting some service running on cloud, or it could be a traditional anti-virus service that connects to cloud to advance it’s operation (for example update in real-time, verify unknown programs based on data on cloud). Research firm Gartner forecasts that cloud security sales will increase dramatically in the next few years. Cloud Security sales have increased over the past year by 2.1 billion to $ 3.1 billion in 2015.

Marketers try to put “cloud” term to security product brochures as much as they can. Cloud made ​​from the traditional information security sound old-fashioned because companies are under pressure to move services to the cloud. Also, mobile devices and information security dispersed users to set new standards. OpenDNS ‘s CTO Dan Hubbard says that “Because of the data and equipment run in the cloud users with the cloud is the best way to protect them.” The Snowden Effect will also bring this year of PRIVATE cloud talk on table for security reasons because U.S. cloud services have been put into question for good reason.

In Finland a new Cyber Security Center started in the beginning of 2014. Security articles and warnings from it will be published at kyberturvallisuuskeskus.fi.

Late addition: Crypto-currencies like Bitcoin and similar are on the rise. Early adopters already use them already actively. Those crypto-currencies have many security related issues related to them. The values of the crypto-currencies vary quite much, and easily the value drops considerably when they get so used that different governments try to limit using them. Bitcoin is increasingly used as ramsonware payment method. Bitcoins have been stolen lately quite much (and I expect that to increase when usage increases), and those are stolen from users, on-line wallets and from exchanges. When more money is involved, more bad guys try to get into to get some of it. Sometimes bad guys do not try to steal your money, bit use resources you pay (your own PC, your server capacity, etc.) to generate money for them without you knowing about it. If you plan to use those crypto-currencies be careful to understand what you are doing with them, there is a real possibility that you can loose your money and there is no way that lost money can be recovered.

3,382 Comments

  1. Tomi Engdahl says:

    Sony Pictures attackers demand: “Stop the terrorist film!”
    New data dump on SPE execs along with a helping of malware.
    http://arstechnica.com/security/2014/12/sony-pictures-attackers-demand-stop-the-terrorist-film/

    A new statement from the Sony Pictures cyber-attackers “Guardians of Peace” was posted on GitHub today, claiming that the GOP was not involved in threats to Sony employees over the weekend. Ars learned of the message through an e-mail sent from an account previously associated with the GOP, and the post included a message to Sony as well as a collection of links to download the private data of two Sony executives.

    “We know nothing about the threatening e-mail received by Sony staffers, but you should wisely judge by yourself why such things are happening and who is responsible for it,” the message read.

    While GOP claims to be “working all over the world,” the tone of the message from the group tilted toward implying at least some alignment with North Korea.

    A North Korean government spokesperson denied involvement in the attack on Sony over the weekend: “We do not know where in America the Sony Pictures is situated and for what wrongdoings it became the target of the attack nor we feel the need to know about it,” the statement reads. The spokesperson said, however, that “the hacking into the Sony Pictures might be a righteous deed of the supporters and sympathizers with the DPRK in response to its appeal.”

    Reply
  2. Tomi Engdahl says:

    Meaner POODLE bug that bypasses TLS crypto bites 10 percent of websites
    Some of the world’s leading sites are vulnerable to an easier, more simplified attack.
    http://arstechnica.com/security/2014/12/meaner-poodle-bug-that-bypasses-tls-crypto-bites-10-percent-of-websites/

    Some of the world’s leading websites—including those owned or operated by Bank of America, VMware, the US Department of Veteran’s Affairs, and business consultancy Accenture—are vulnerable to simple attacks that bypass the transport layer security encryption designed to thwart eavesdroppers and spoofers.

    The attacks are a variation on the so-called POODLE exploits disclosed two months ago against secure sockets layer (SSL), an encryption protocol similar to transport layer security (TLS). Short for “Padding Oracle On Downgraded Legacy Encryption,” POODLE allowed attackers monitoring Wi-Fi hotspots and other unsecured Internet connections to decrypt HTTPS traffic encrypted by the ancient SSL version 3. Browser makers quickly responded by limiting or eliminating use of SSLv3, a move that appears to have averted widespread exploitation of the bug.

    On Monday, word emerged that there’s a variation on the POODLE attack that works against widely used implementations of TLS. At the time this post was being prepared, SSL Server Test, a free service provided by security firm Qualys, showed that some of the Internet’s top websites—again, a list including Bank of America, VMware, the US Department of Veteran’s Affairs, and Accenture—are susceptible. The vulnerability was serious enough to earn all sites found to be affected a failing grade by the Qualys service.

    As concerning as POODLE was to security professionals, it required attackers to follow several steps that could often prove difficult in real-world environments. Attackers had to spoof packets sent between websites and end users to force them to use SSLv3. It also required attackers to slightly modify transactions thousands of times until they could successfully guess the contents of encrypted payloads, one character at a time.

    Reply
  3. Tomi Engdahl says:

    It seems that NSA had access to 70 percent of mobile networks to get information:

    Operation Auroragold
    How the NSA Hacks Cellphone Networks Worldwide
    https://firstlook.org/theintercept/2014/12/04/nsa-auroragold-hack-cellphones/

    Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks.

    Karsten Nohl, a leading cellphone security expert and cryptographer who was consulted by The Intercept about details contained in the AURORAGOLD documents, said that the broad scope of information swept up in the operation appears aimed at ensuring virtually every cellphone network in the world is NSA accessible.

    “Collecting an inventory [like this] on world networks has big ramifications,” Nohl said, because it allows the NSA to track and circumvent upgrades in encryption technology used by cellphone companies to shield calls and texts from eavesdropping. Evidence that the agency has deliberately plotted to weaken the security of communication infrastructure, he added, was particularly alarming.

    “Even if you love the NSA and you say you have nothing to hide, you should be against a policy that introduces security vulnerabilities,” Nohl said, “because once NSA introduces a weakness, a vulnerability, it’s not only the NSA that can exploit it.”

    Reply
  4. Tomi Engdahl says:

    Powerful, highly stealthy Linux trojan may have infected victims for years
    Backdoor tied to espionage campaign that has targeted governments in 45 countries.
    http://arstechnica.com/security/2014/12/powerful-highly-stealthy-linux-trojan-may-have-infected-victims-for-years/

    Researchers have uncovered an extremely stealthy trojan for Linux systems that attackers have been using to siphon sensitive data from governments and pharmaceutical companies around the world.

    The previously undiscovered malware represents a missing puzzle piece tied to “Turla,” a so-called advanced persistent threat (APT) disclosed in August by Kaspersky Lab and Symantec. For at least four years, the campaign targeted government institutions, embassies, military, education, research, and pharmaceutical companies in more than 45 countries. The unknown attackers—who are probably backed by a nation-state, according to Symantec—were known to have infected several hundred Windows-based computers by exploiting a variety of vulnerabilities, at least two of which were zero-day bugs. The malware was notable for its use of a rootkit that made it extremely hard to detect.

    Reply
  5. Tomi Engdahl says:

    Google App Engine has THIRTY flaws, says researcher
    Java VM mess unresolved as probe crosses the line and leads to account shutdown
    http://www.theregister.co.uk/2014/12/09/google_app_engine_has_thirty_flaws_says_researcher/

    Adam Gowdiak of Polish security consultancy and research outfit Security Explorations claims to have found myriad security holes in Google’s App Engine.

    Gowdiak says “There are more issues pending verification – we estimate them to be in the range of 30+ in total.”

    “Taking into account an educational nature of the security issues found in Google Apps Engine Java security sandbox and what seems to be an appreciation Google has for arbitrary security research [and] all sorts of sandbox escapes, we hope the company makes it possible for us to complete our work,”

    Reply
  6. Tomi Engdahl says:

    Blackphone launches privacy-aware app store in bid to reward security-conscious devs
    Firm also takes on Samsung Knox with ‘Spaces’
    http://www.theinquirer.net/inquirer/news/2385633/blackphone-launches-privacy-aware-app-store-in-bid-to-reward-security-conscious-devs

    SECURITY-MINDED PHONE MAKER Blackphone has announced the launch of PrivatOS1.1, an updated version of its custom Android software that brings with it a dedicated app store for the privacy-aware.

    Given the smartphone’s hard-line approach to security, Blackphone currently ships without a default app store onboard. That will change in January with the launch of PrivatOS 1.1, which will bring the Blackphone app store.

    “We’re not trying to be another untrusted, third-party app store – there’s lots of those out there already,” he said.

    “We’re looking to provide a selective and curated assortment of privacy-focused apps. That doesn’t just include password management and email encryption apps. It’s those that handle user details appropriately.

    “We wanted to set up an environment in which developers are encouraged to store details in a safe way, and to encourage authenticity. We want to reward developers for being secure.”

    “We look at an app’s permissions. If an email encryption app, for example, wants access to your camera and microphone, it’s probably not right for the Blackphone app store,” Weir-Jones said.

    “As public conversation about privacy expands, we want developers to recognise that security is a good thing to invest in.”

    Reply
  7. Tomi Engdahl says:

    EU law bods: New eCall crash system WON’T TRACK YOU. Really
    Why don’t you trust us? *Cough* BND, GCHQ *cough*
    http://www.theregister.co.uk/2014/12/09/meps_vow_to_protect_citizens_from_spying_cars/

    No, your car won’t be spying on you, say MEPs, but it will call you an ambulance should you need it.

    The European Parliament has reached a deal with national ministers to introduce a mandatory “eCall” system for all new cars from April 2018.

    However, although the system would automatically call the 112 emergency number in the event of a crash, euro lawmakers say that cars will not be continuously tracked.

    “It will be illegal to use eCall to track a driver’s movements or to misuse location data, which must be sent only to the emergency services,” said Olga Sehnalova, the Czech politician who helped broker the deal.

    The proposed rules would also follow the principle of data-minimisation, with only basic details such as the class of vehicle, the type of fuel used, the time of the accident, and the exact location given to the emergency services.

    Nor is any of the data gathered allowed to be passed on to third parties without the explicit consent of the person involved.

    The agreement now needs to be formally approved by all EU member states, and finally Parliament as a whole, probably in March 2015.

    Reply
  8. Tomi Engdahl says:

    EVIL US web giants shield TERRORISTS? Evil SPIES in net freedom CRUSH PLOT?
    Calm Down and Carry On
    http://www.theregister.co.uk/2014/11/28/hold_woolwich/

    Evil US Internet companies are shielding terrorists plotting our destruction! Woo! Evil Tory bastards are using the Woolwich Report as an excuse for a further crackdown on the Internet, muslims and ultra-left Guardian columnists.* Woo!

    Or, perhaps, neither of the above? All the shouting is based on the parliamentary Intelligence and Security Committee’s report, looking into the matter of whether the British intelligence agencies could have prevented the murder of Fusilier Rigby by muslim extremists in Woolwish last year.

    That might have been more tactfully put, but it is not entirely nonsense.

    It is however unreasonable to conclude that US web companies, or CSPs (Communications Service Providers, as the report styles them) are totally OK about terrorists crawling all over their systems plotting jihad. Quite the reverse – they undoubtedly do host various and varied stews of villainy, but that’s not entirely good for business (or relations with governments). Terrorist content is one of the reasons they kill accounts

    Not spotting the “kill a soldier” exchange was undoubtedly a fail on Facebook’s part, but it was a shit-happens kind of fail, the sort that Facebook is undoubtedly going to be looking at to see if its systems could be improved.

    Reply
  9. Tomi Engdahl says:

    Court finds that GCHQ’s Tempora is fine and dandy
    Snooptastic behaviour is legal in principle
    http://www.theinquirer.net/inquirer/news/2385541/court-finds-that-gchqs-tempora-is-fine-and-dandy

    THE UK COURTS have found that GCHQ’s Tempora system is legal in principle under the inglorious Regulation of Investigatory Powers Act.

    Pressure group Privacy International challenged Tempora in the courts, and this weekend it got its answer. It did not like it.

    Privacy International said in a statement that, while the Investigatory Powers Tribunal has found Tempora, the existence of which has not been confirmed by GCHQ, to be essentially legal, it has not said that it is justified. Privacy International is a long-standing Tempora opponent.

    Reply
  10. Tomi Engdahl says:

    Sony Pictures malware tied to Seoul, “Shamoon” cyber-attacks
    Elements of the attacks show a common playbook—and possibly a common toolkit.
    http://arstechnica.com/security/2014/12/sony-pictures-malware-tied-to-seoul-shamoon-cyber-attacks/

    The “wiper” malware that knocked Sony Pictures’ corporate network offline for over a week, now being called Destover, bears a striking resemblance not only to the “DarkSeoul” malware that struck South Korean companies last year, but the Shamoon “wiper” that struck Saudi Aramco in 2012, according to analysis by Kaspersky Labs and other security researchers.

    Reply
  11. Tomi Engdahl says:

    Must diarise: UK.gov Verify ID system will ‘definitely’ work by 2016
    We love the whooshing noise deadlines make as they go by…
    http://www.theregister.co.uk/2014/12/09/ukgov_verify_system_wont_work_until_2016/

    The government insists it will meet its 2016 deadline for all digital services to be underpinned by its gaffe-prone identity assurance system, GOV.UK Verify – despite having failed to move off the increasingly vulnerable Gateway system.

    By March 2016 the Government Digital Service intends all departments to have integrated Verify with their digital public services. At this point, the government plans to stop using the decade-old Gateway system for citizen identity assurance.

    Reply
  12. Tomi Engdahl says:

    Destover: Destructive malware has links to attacks on South Korea
    Some samples of Destover share a C&C server with Volgmer and also share similarities with Jokra and Shamoon.
    http://www.symantec.com/connect/blogs/destover-destructive-malware-has-links-attacks-south-korea

    Backdoor.Destover, the destructive malware that was the subject of an FBI Flash Warning this week, shares several links to earlier attacks directed at targets in South Korea. Some samples of Destover report to a command-and-control (C&C) server that was also used by a version of Trojan.Volgmer crafted to attack South Korean targets. The shared C&C indicates that the same group may be behind both attacks.

    Destover is a particularly damaging form of malware that is capable of completely wiping an infected computer. It was the subject of an FBI Flash Warning earlier this week after at least one variant of it was understood to have been used in a high profile attack.

    he destructive payload of Destover is carried by igfxtrayex.exe. In certain instances, when run, it will:

    Delete all files on fixed and remote drives
    Modify the partition table
    Install an additional module(iissvr.exe)
    Connect to a number of IP addresses on ports 8080 and 8000.

    The Destover attackers use techniques and components, such as file names, that are similar to those used in the Jokra attacks against South Korea in 2013. These attacks crippled servers belonging to several South Korean banks and broadcasting organizations and also defaced the website of a Korean telecoms firm.

    Reply
  13. Tomi Engdahl says:

    Owen Williams / The Next Web:
    Locked Apple ID accounts with two-factor authentication enabled require recovery keys, not just password and trusted device details, to be reactivated

    The dark side of Apple’s two-factor authentication
    http://thenextweb.com/apple/2014/12/08/lost-apple-id-learnt-hard-way-careful-two-factor-authentication/

    How could I be foolish enough to misplace my Apple ID recovery key?

    I swore that I’d taken a screenshot, printed it and had taken a photo of it with my iPhone for extra safekeeping.

    This is when it began to sink in that this single ID held the keys to much of my digital life; everything from iTunes purchases going back seven years, app purchases and even the ability to get my iPhone out of the grips of Find my iPhone’s lock.

    The sinking feeling began.

    “We take your security very seriously at Apple” she told me “but at this time we cannot grant you access back into your Apple account. We recommend you create a new Apple ID.”

    I’d looked almost everywhere twice by this point. Who remembers stuff like this?
    Apple’s two factor signup process tries to point out the importance of the key when you set it up.

    You have to print the key, then re-enter it to show that you’ve got it. I don’t think this step existed when it launched.

    Apple support told me that the security lock doesn’t expire, so there’s no way to get around requiring the key, even though its support site says you can use trusted devices. You’re simply not given that option when your account is locked.

    One has to wonder if it was previously possible, before Mat’s social engineering hack or the iCloud celebrity hackings took place, to recover a two-factor enabled account by using Apple Support.

    I asked Apple PR about this situation, who told me that the support article is correct. If you lose your recovery key with two factor enabled, you lose your account. Apple can’t help you.

    I’ve learnt my lesson about treating recovery keys with extreme caution from this.

    Reply
  14. Tomi Engdahl says:

    DoJ’s extra-territorial data demands: now Ireland is baulking
    Asks for European Commission’s opinion
    http://www.theregister.co.uk/2014/12/10/dojs_extraterritorial_data_demands_now_ireland_is_baulking/

    The American Department of Justice’s legal spat with Microsoft keeps sending out wider ripples, with Ireland now unhappy with the DoJ’s blasé attitude about its jurisdictional reach.

    Microsoft has long been resisting a court order that decided e-mails are “business records” and demanding that Redmond pry open some servers in Ireland and hand the data over to the Department. Neither the identity of the target, nor the nature of the investigation, have been revealed.

    Yesterday, Microsoft fired the first salvo in its current appeal, and with its filing now public, Ireland’s minister for European affairs and data protection has asked the European Commission for its advice.

    Reply
  15. Tomi Engdahl says:

    5 ways to prepare for Internet of Things security threats
    http://www.networkworld.com/article/2855207/internet-of-things/5-ways-to-prepare-for-internet-of-things-security-threats.html

    For businesses and consumers alike, the Internet of Things is helping create smarter, more efficient devices. For enterprise IT and security professionals, it’s also creating a headache.

    Many businesses are eager to deploy smart devices and the Internet of Things (IoT) to capitalize on the many benefits. That excitement, however, may be clouding their judgment when it comes to the security risks. A recent survey of both IT executives and professionals published by cybersecurity company Tripwire found that 63% of C-level executives said they were likely to adopt the IoT to increase productivity and efficiency, while just 27% reported being “very concerned” about the security risks.

    On the other hand, just 30% of responding IT professionals said their company is even equipped to determine whether IoT products would be secure in their environment, and 59% of those working in mid- and large-sized businesses said they believe the Internet of Things could potentially become “the most significant security risk on their network.”

    Reply
  16. Tomi Engdahl says:

    Belden buys Tripwire for $710m: Will keep network burglers out of Internet of Things things
    Firm hopes to fatten bottom line
    http://www.theregister.co.uk/2014/12/10/belden_buys_tripwire/

    Signal transmission firm Belden has agreed to buy security tools firm Tripwire for $710m in cash.

    The deal, announced Monday, is expected to close in the first quarter of 2015, subject to customary closing conditions.

    Tripwire’s security and compliance products, such as Tripwire Enterprise, will be further developed and marketed to industrial and broadcast markets as well as existing corporate clients. Tripwire’s widely used technology helps clients detect, prevent and respond to myriad security threats.

    “We look forward to incorporating Tripwire technology into selected Belden products and providing Tripwire with access to existing Belden customers that are anxious to improve the robustness and security of their networks,”

    Reply
  17. Tomi Engdahl says:

    Web founder: Europe’s ‘right to be forgotten’ rule is dangerous
    http://www.cnet.com/news/web-founder-europes-right-to-be-forgotten-rule-is-dangerous/

    Tim Berners-Lee thinks scrubbing false information off the Web is fine, but the truth should be preserved for reasons of free speech and history. Also: the robots are already here.

    Europe’s rule saying search engines must respect people’s desire to fade from the Internet’s memory is a bad idea, said Web founder Tim Berners-Lee.

    “This right to be forgotten — at the moment, it seems to be dangerous,” Berners-Lee said Wednesday, speaking here at the LeWeb conference. “The right to access history is important.”

    European rules enshrined the right to be forgotten (PDF), making life difficult for companies like Google, Microsoft and Yahoo whose search engines point to that sort of information. The rule doesn’t demand the removal of the original data — for example an embarrassing news story — but it does require them to screen it out of search results.

    Berners-Lee’s opposition is significant given that he’s usually sympathetic to such causes. Berners-Lee champions online protections for individuals through support for things like privacy, free speech and Net neutrality. But evidently he believes the right-to-be-forgotten rule goes too far.

    In a wide-ranging discussion at the conference, Berners-Lee said it’s appropriate that false information should be deleted. Information that’s true, though, is important for reasons of free speech and history, he said. A better approach to the challenge is rules that protect people from inappropriate use of older information. An employer could be prohibited from taking into account a person’s juvenile crimes or minor crimes more than 10 years old, for example.

    “It’s our society. We build it. We can define the rules about how to use data,” Berners-Lee said. “That’s much better than trying to pretend a thing never happened.”

    Twenty-five years ago, when Berners-Lee invented the software and communication standards of the World Wide Web, he was a technologist. Increasingly, he’s taking that technology experience to the political realm.

    Reply
  18. Tomi Engdahl says:

    Facebook Envisions AI That Keeps You From Uploading Embarrassing Pics
    http://www.wired.com/2014/12/fb/

    Let’s say you’re out drinking with your buddies, things get out of hand, you pull out your smartphone, you take a selfie in the middle of all this drunken revelry, then you take 30 or 40 more, and, without hesitation, you start uploading them to Facebook.

    It’s a common thing to do. But Yann LeCun aims to stop such unbridled behavior—or at least warn people when they’re about to do something they might regret. He wants to build a kind of Facebook digital assistant that will, say, recognize when you’re uploading an embarrassingly candid photo of your late-night antics. In a virtual way, he explains, this assistant would tap you on the shoulder and say: “Uh, this is being posted publicly. Are you sure you want your boss and your mother to see this?”

    Reply
  19. Tomi Engdahl says:

    Re/code:
    Sources: Sony Pictures using AWS to execute denial-of-service attack on sites where its stolen data is available — Sony Pictures Tries to Disrupt Downloads of its Stolen Files — Sony Pictures Entertainment is fighting back

    Sony Pictures Tries to Disrupt Downloads of its Stolen Files
    http://recode.net/2014/12/10/sony-pictures-tries-to-disrupt-downloads-of-its-stolen-files/

    Sony Pictures Entertainment is fighting back.

    The studio behind the “Spider-Man” franchise and “The Social Network” has taken technological counter-measures to disrupt downloads of its most sensitive information, which were exposed when a hacking attack crippled its systems in late November.

    Sony is using Amazon Web Services, the Internet retailer’s cloud computing unit, which operates data centers in Tokyo and Singapore, to carry out the counterattack, one of the sources said. The tactic was once commonly employed by media companies to combat Internet movie and music piracy.

    In one of the most devastating cyber security breaches in recent memory, a hacking group calling itself Guardians of Peace claimed to have stolen under 100 terabytes of Sony Pictures’ financial information, budgets, payroll data internal emails and feature films and has slowly leaked portions of it to public file-sharing sites such as PasteBin.

    The breach has caused havoc within Hollywood’s inner circles as private correspondence between powerful producers and executives have exposed internal politics and petty gripes.

    North Korea, or its sympathizers, are being investigated as suspects in the attack, and while the reclusive state denied any involvement, it praised the perpetrators for their “righteous deed.”

    Reply
  20. Tomi Engdahl says:

    FBI Says There Is No North Korean Connection in Sony Hack “At This Point”
    December 9, 2014, 7:30 AM PST
    http://recode.net/2014/12/09/fbi-says-theres-no-north-korean-connection-in-sony-hack-at-this-point/

    A senior FBI official, speaking at a cyber security conference, said the agency hasn’t confirmed North Korea’s involvement in the hacking attack on Sony Pictures Entertainment, according to Reuters.

    “There is no attribution to North Korea at this point,”

    A previously unknown group calling itself the Guardians of Peace has claimed responsibility for the breach

    Reply
  21. Tomi Engdahl says:

    Xbox, Windows Store now accepting Bitcoin payments
    You can now use Bitcoin to add funds to your Microsoft account.
    http://arstechnica.com/gaming/2014/12/xbox-windows-store-now-accepting-bitcoin-payments/

    Microsoft has added Bitcoin support to Microsoft accounts. Bitcoin funds can be added to accounts to enable digital purchases from the Windows, Windows Phone, Xbox Games, Xbox Music, and Xbox Video stores.

    The Bitcoin support comes via BitPay. Other early commercial Bitcoin supporters, including PayPal and Newegg, also use BitPay.

    Reply
  22. Tomi Engdahl says:

    Charge Anywhere? More like Hacked Everywhere: Mobe cash biz admits 5-year security breach
    Who’s been spying on our network? Anyone know?
    http://www.theregister.co.uk/2014/12/11/mobile_payments_firm_admits_hackers_wiretapped_its_transactions_for_five_years/

    Mobile payments biz Charge Anywhere has admitted a hacker may have been snooping on its systems for FIVE years.

    While probing an internal malware infection, Charge Anywhere discovered someone has been able to eavesdrop on its network traffic since November 2009.

    That investigation revealed all sorts of sensitive data had been swiped from the global company’s compromised computers, included customer names, card numbers, expiration dates and verification codes. Hackers succeeded in defeating Charge Anywhere’s encryption before extracting data

    Charge Anywhere, a New Jersey-headquartered biz that processes payments for mobile apps and websites

    Reply
  23. Tomi Engdahl says:

    Crims at vendors could crock kit says ENISA
    Secure procurement guide wants suppliers to disclose employees’ colourful pasts
    http://www.theregister.co.uk/2014/12/11/crims_at_vendors_could_crock_kit_says_enisa/

    Before you sign on the dotted line to acquire some kit or sign up a service provider, ask the vendor you’re considering if any of their staff have criminal records.

    That’s just one of many, many, suggestions made by the European Union Agency for Network and Information Security (ENISA), in a new guide to Secure ICT Procurement in Electronic Communications and Security Guide for IT Procurement.

    The latter document lists seven items to consider when procuring IT, the second of which is human resources security.

    “When legally permitted and justified by a level of criticality of service provided, the vendor should do its due diligence to flag any criminal records in its employees’ background,” the document suggests. Doing so will “avoid any sinister and intentional alterations of products or systems.”

    The guides are intended, in part, to help buyers when negotiating with vendor. ENISA’s research suggests that many IT buyers feel vendors won’t offer them security options they desire and that lack of market alternatives mean plenty of buyers settle for what they can get.

    Reply
  24. Tomi Engdahl says:

    Blu-ray region locks popped by hardware hacker
    ODM firmware allows code to run from USB sticks
    http://www.theregister.co.uk/2014/12/11/bluray_region_locks_popped/

    Scores of Blu-ray players from the biggest names in the industry contain security vulnerabilities that allow region coding to be unlocked, hardware hacker Matthew Garrett says.

    The players use an antiquated digital rights management scheme to control the distribution of movies meaning some films could only be played in the geographic regions in which they were purchased

    “I wanted to watch the movie Hackers but it was region-locked,” Garrett told the Kiwicon hacker conference in Wellington, New Zealand, today. “And I thought well, f*ck.”

    The hardware prober told the rapt house of 1100 hackers, sysadmins and developers how firmware designed by Taiwanese firm MediaTech could be popped to enable the region encoding to be changed.

    “There are literally tens of millions of devices with this flaw,” Garrett said.

    Reply
  25. Tomi Engdahl says:

    Put me through to Buffy’s room, please. Sony hackers leak stars’ numbers, travel aliases
    007, Natalie Portman, Brad Pitt all d0xed – report
    http://www.theregister.co.uk/2014/12/09/sony_hackers_dox_celebs/

    The group which claimed responsibility for hacking Sony Pictures has leaked the phone numbers and travel aliases of Hollywood stars including Brad Pitt, Daniel Craig and Natalie Portman, according to a recent report.

    This latest development will likely pile extra pressure on the comprehensively pwned entertainment giant.

    The celeb leak is the latest embarrassing consequence of the deep impact hack on Sony Pictures network last month.

    Reply
  26. Tomi Engdahl says:

    Why Open Source Matters For Sensitive Email
    http://news.slashdot.org/story/14/12/10/239207/why-open-source-matters-for-sensitive-email

    Over on Opensource.com, Olivier Thierry makes three cases for using open source to power your email solution

    Open source for sensitive email
    https://opensource.com/government/14/12/open-source-sensitive-materials-email

    We often discuss the many benefits of open source software. The single most important factor, the one that all benefits emerge from, is open. This is actually at the heart of what the software is, a community-driven software package with full transparency into the code base. Governments care about open source because it provides three powerful benefits: monetary savings, improved quality, and better security and privacy. This last benefit is often less-than-obvious, but equally important.

    Security and privacy are emergent benefits from the open nature of open source. Following are some areas that lead to this improvement in security and privacy.

    With the ability to move quickly, easily integrate, and review the code’s security firsthand, it is really no surprise that many governments are turning to open source software for their IT projects and initiatives. Despite this acceptance of open source, adoption of open source email systems is lacking.

    Reply
  27. Tomi Engdahl says:

    Cyber Attack Could Cost Sony Studio as Much as $100 Million: Experts
    http://www.nbcnews.com/tech/security/cyber-attack-could-cost-sony-studio-much-100-million-experts-n265666

    Sony Corp’s movie studio could face tens of millions of dollars in costs from the massive computer hack that hobbled its operations and exposed sensitive data, according to cybersecurity experts who have studied past breaches. The tab will be less than the $171 million Sony estimated for the breach of its Playstation Network in 2011 because it does not appear to involve customer data, the experts said.

    Major costs for the attack by unidentified hackers include the investigation into what happened, computer repair or replacement, and steps to prevent a future attack. Lost productivity while operations were disrupted will add to the price tag. The attack, believed to be the worst of its type on a company on U.S. soil, also hits Sony’s reputation for a perceived failure to safeguard information

    “Usually, people get over it, but it does have a short-term effect,” said Lewis, who estimated costs for Sony could stretch to $100 million. It typically takes at least six months after a breach to determine the full financial impact

    Reply
  28. Tomi Engdahl says:

    Sony Pictures Tries to Disrupt Downloads of its Stolen Files
    http://recode.net/2014/12/10/sony-pictures-tries-to-disrupt-downloads-of-its-stolen-files/

    The company is using hundreds of computers in Asia to execute what’s known as a denial of service attack on sites where its pilfered data is available, according to two people with direct knowledge of the matter.

    Sony is using Amazon Web Services, the Internet retailer’s cloud computing unit, which operates data centers in Tokyo and Singapore, to carry out the counterattack, one of the sources said. The tactic was once commonly employed by media companies to combat Internet movie and music piracy.

    Reply
  29. Tomi Engdahl says:

    Dan Goodin / Ars Technica:
    Nation-backed malware targets diplomats’ iPhones, Androids, and PCs
    http://arstechnica.com/security/2014/12/nation-backed-malware-targets-diplomats-iphones-androids-and-pcs/

    Red October attackers are back, with a new, stealthier campaign.

    Researchers have uncovered yet another international espionage campaign that’s so sophisticated and comprehensive that it could only have been developed with the backing of a well resourced country.

    Inception, as the malware is dubbed in a report published Tuesday by Blue Coat Labs, targets devices running Windows, Android, BlackBerry, and iOS, and uses free accounts on Swedish cloud service Cloudme to collect pilfered data. Malware infecting Android handsets records incoming and outgoing phone calls to MP4 sound files that are periodically uploaded to the attackers. The researchers also uncovered evidence of an MMS phishing campaign designed to work on at least 60 mobile networks in multiple countries in an attempt to infect targeted individuals.

    “There clearly is a well-resourced and very professional organization behind Inception, with precise targets and intentions that could be widespread and harmful,” the Blue Coat report stated. “The complex attack framework shows signs of automation and seasoned programming, and the number of layers used to protect the payload of the attack and to obfuscate the identity of the attackers is extremely advanced, if not paranoid.”

    A separate report published Wednesday by researchers from Russia-based Kaspersky Lab has dubbed the espionage campaign Cloud Atlas. They say it’s almost certainly an update of the Red October malware platform that previously infected hundreds of diplomatic, governmental, and scientific research organizations around the world. One of the most sophisticated so-called advanced persistent threats (APTs) ever discovered, Red October seemed to vanish once Kaspersky Lab researchers brought it to light. Wednesday’s report said the Inception/Cloud Atlas platform appeared to be a reinvented version of Red October that was created after it went into hibernation. Bluecoat researchers also acknowledged ties to Red October.

    Reply
  30. Tomi Engdahl says:

    Andrew Wallenstein / Variety:
    Why Publishing Stolen Sony Data is Problematic but Necessary — The more Sony Pictures data keeps leaking, the more my moral compass spins like a weather vane in a hurricane. — What just a week ago seemed such a clear-cut case of doing what my instincts have told me do to every other moment …

    Why Publishing Stolen Sony Data Is Problematic but Necessary
    http://variety.com/2014/biz/opinion/why-publishing-stolen-sony-data-is-problematic-but-necessary-1201377166/

    The more Sony Pictures data keeps leaking, the more my moral compass spins like a weather vane in a hurricane.

    What just a week ago seemed such a clear-cut case of doing what my instincts have told me to do at every other moment of my career is now making me increasingly queasy. It’s getting harder for me to report on the contents of Sony’s leak without wondering whether I’m somehow complicit with these nefarious hackers by relaying the details of seemingly every pilfered terabyte.

    Salaries. Budgets. Scripts. Aliases. On the one hand, I’m drawn to discovering what I’m not supposed to ever know, like the warm conviviality Scott Rudin and Amy Pascal enjoy. On the other hand, I’m repelled by the circumstances by which this opportunity has come to pass.

    Let’s get real: The hackers are playing the press as pawns. Journalists are essentially doing their bidding by taking the choicest data excerpts and waving them around for the world to see, maximizing their visibility.

    No doubt Sony sees the press right now like a zombie mob from “The Walking Dead,” mindlessly staggering from one carcass to another to consume parts of what the hackers already killed.

    When ethical boundaries get murky, it’s only natural to grab for some sense of precedent. The one that comes to mind for me is a relatively recent example: the celebrity nude photo leak in October that besmirched the good names of everyone from Jennifer Lawrence to Ariana Grande.

    The difference between nude celebrity photos and the leaked Sony data, respectable media outlets will argue, is only the latter is “newsworthy.” But what does that really mean?

    Perhaps “newsworthy” is as simple for some publications as “if readers are interested in it, then it is newsworthy.” For others, “newsworthy” conveys some vague sense of the material being important.

    Sony Pictures Tries to Disrupt Downloads of Its Stolen Files
    http://recode.net/2014/12/10/sony-pictures-tries-to-disrupt-downloads-of-its-stolen-files/

    Reply
  31. Tomi Engdahl says:

    Met accused of illegally accessing 20m News UK email records as it fights legal bid to return them
    http://www.pressgazette.co.uk/met-accused-illegally-accessing-20m-news-uk-email-records-it-fights-legal-bid-return-them

    The Metropolitan Police unlawfully accessed journalistic material contained on News UK’s “back-up tapes” containing 20m emails, the company has alleged.

    Reply
  32. Tomi Engdahl says:

    Bank Security Software EULA Allows Spying On Users
    http://yro.slashdot.org/story/14/12/11/2233234/bank-security-software-eula-allows-spying-on-users

    Trusteer Rapport, a software package whose installation is promoted by several major banks as an anti-fraud tool, has recently been acquired by IBM and has an updated EULA.
    Welcome to the future…

    http://www.trusteer.com/support/end-user-license-agreement

    Reply
  33. Tomi Engdahl says:

    New Compilation of Banned Chinese Search-Terms Reveals Curiosities
    http://yro.slashdot.org/story/14/12/12/0011238/new-compilation-of-banned-chinese-search-terms-reveals-curiosities

    Canada’s Citizen Lab has compiled data from various research projects around the world in an attempt to create a manageable Github repository of government-banned Chinese keywords in internet search terms and which may appear in Chinese websites.

    Some curious search terms denied to the Chinese
    http://thestack.com/canada-citizen-lab-chinese-banned-words-111214

    Reply
  34. Tomi Engdahl says:

    How Your In-Store Shopping Affects the Ads You See On Facebook
    http://tech.slashdot.org/story/14/12/11/2222222/how-your-in-store-shopping-affects-the-ads-you-see-on-facebook

    Facebook has made several acquisitions over the years to help advertisers target their ads and extend their reach. Custom Audiences is one such targeting tool, allowing retailers to match shoppers in their stores with their accounts on Facebook.

    How your in-store shopping affects the ads you see on Facebook
    http://www.itworld.com/article/2858515/how-your-instore-shopping-affects-the-ads-you-see-on-facebook.html

    While many activities have migrated online, Facebook is still eager to know how its users shop in physical stores.

    That information helps companies figure out if their ads are effective, and whether to follow up with other ads. Did you buy a bike in that shop but no helmet? Maybe next day in your News Feed you’ll see an ad for one.
    Featured Resource
    Presented by Genesys
    10 Considerations in Moving to a Cloud-Based Contact Center

    This ebook offers ten key considerations when moving to a cloud-based contact center. What are your
    Learn More

    With more than 1.3 billion users, it’s no surprise many businesses feel they have no choice but to advertise on Facebook. But companies want to know their ads work, and most purchases still happen in physical stores, not online.

    Facebook sees an opportunity there. Connecting the dots between the ads users see and the purchases they make in stores is a key goal of its advertising efforts, and its working hard to improve the connections, executives said Wednesday at the company’s headquarters in Menlo Park, California.

    The company has made several acquisitions over the years to help advertisers target their ads and extend their reach.

    “Our match coverage is very, very high,” he said. “We can see quite a bit of the purchase history.”

    Reply
  35. Tomi Engdahl says:

    Hackable intercom lets you SPY on fellow apartment-dwellers
    He knows if you are sleeping, he knows if you’re awake …
    http://www.theregister.co.uk/2014/12/12/hackable_intercom_becomes_neighbour_spy_box/

    Kiwicon Kiwi hacker Caleb “alhazred” Anderson has popped a video intercom device that could have allowed him to spy on the 700 apartments in his building.

    The GrandStream GXV3175 intercom unit has been patched after Anderson – who by day serves as Context Information Security’s lead consultant – began the attack while “inspired” by a hangover.

    “I thought one day ‘I bet I can hack that (the GXV3175) and get a feed into every one of the 700 apartments in my building’,” Anderson told the Kiwicon hacker confab in Wellington today.

    “The unit looks exactly normal, you can’t see that it’s hacked by looking at it.”

    Reply
  36. Tomi Engdahl says:

    WWW: Finnish internet is the world’s freest

    Finnish web may be the second best score in the World Wide Web Foundation’s annual report. In Finland is regarded as the world’s freest Internet and most transparent.

    Figures show that the web has become less free and less equal.

    The best score will go for the Nordic countries and Britain. Web space is the best in Denmark, followed by Finland, Norway, the UK and Sweden. The following countries are the United States, Iceland and South Korea. Experience the poorest score remained in Ethiopia and Myanmar. Most of the Internet in China’s investment was 44.

    Scoring is taken into account in the general availability of the web, the appropriate contents and use of, the freedom and openness, and an empowering effect.

    - What are richer and better educated people are, the more benefits they will receive the digital revolution

    Sir Tim Berners-Lee recognize the internet as a human right:

    - It means guaranteed, economically viable Internet connection for all and ensuring that the Internet data packets are delivered without political or commercial discrimination. It also means web users privacy and freedom, regardless of where they live.

    Source: http://www.digitoday.fi/yhteiskunta/2014/12/12/www-suomen-internet-on-maailman-vapain/201417129/66?rss=6

    MEASURING THE WEB’S GLOBAL IMPACT
    http://thewebindex.org/

    Reply
  37. Tomi Engdahl says:

    Cisco to release flying pig
    Sourcefire’s been bacon Snort 3.0, now wants you to fry it
    http://www.theregister.co.uk/2014/12/12/cisco_to_release_flying_pig/

    Cisco’s going to release a flying pig.

    The porcine in question is Snort 3.0, a new version of Sourcefire’s popular and well-regarded intrusion protection system. Snort’s mascot is a pig and Sourcefire has, over the years, had a lot of fun with toy pigs and calendars picturing its pig in provocative poses.

    That silliness is, happily, continuing now that Cisco owns the company. So is Snort’s status as an open source project, Snort remains open source. That approach won’t stop Cisco using the tool as “the foundation of Cisco’s Next-Generation IPS”, so Snort 3 will eventually become Borgware. Serious work is also going on, as it’s been revealed that Snort 3.0 is now in Alpha after having been completely re-written in order “to push the envelope of detection farther and faster.”

    So fast it can fly? Who knows.

    Reply
  38. Tomi Engdahl says:

    US parking operator: YEP, hackers got your names, credit card numbers, secret codes…
    DOH! Card expiration dates too
    http://www.theregister.co.uk/2014/12/02/us_parking_garage_breach/

    Point-of-Sale systems have been hacked at major US parking garage operator SP+.

    The breach has resulted in the exposure of customer financial information, SP+ explained at an advisory on Friday. SP+ said it had learned of the breach from the firm that handles its payment card processing.

    The firm operates about 4,200 parking facilities in hundreds of cities across North America but the breach is localised to 17 SP+ parking facilities, mostly in Chicago.

    The security flap follows a plethora of Point-of-Sale system breaches in the US this year affecting Home Depot, Subway sandwich restaurants, KMart, and more.

    Reply
  39. Tomi Engdahl says:

    Europe’s top court mulls vandal’s right to privacy after bloke catches thug on home CCTV
    Pointing a cam at footpath means you gotta obey data law
    http://www.theregister.co.uk/2014/12/11/eu_data_protection_czech_chap/

    Europe’s top court ruled Thursday that data protection rules apply to private surveillance cameras if they record people on the public footpath.

    The regulations in question – the Data Protection Directive – insists personal information can’t be held for longer than necessary, and that consent must be given, and so on, although it’s being rewritten at the moment.

    The European Court of Justice (ECJ) made its ruling regarding surveillance cameras and the directive following the case of a Czech national, František Ryneš.

    Today’s data-protection directive contains an opt-out clause if the person doing the recording has a “legitimate interest in protecting the property, health and life of his family and himself.”

    In Thursday’s judgment, the ECJ decided that recording someone on the street is “personal data” because it is possible to identify the person concerned and that such video surveillance constitutes automatic data processing.

    It said that the exception in the directive for “purely personal or household activities” did not apply because the footpath is a public space.

    Reply
  40. Tomi Engdahl says:

    Congress Passes Bill Allowing Warrantless Forfeiture of Private Communications
    http://yro.slashdot.org/story/14/12/11/2128208/congress-passes-bill-allowing-warrantless-forfeiture-of-private-communications

    Congress has quietly passed an Intelligence Authorization Bill that includes warrantless forfeiture of private communications to local law enforcement. Representative Justin Amash unsuccessfully attempted a late bid to oppose the bill, which passed 325-100. According to Amash, the bill “grants the executive branch virtually unlimited access to the communications of every American.”

    GOP rep attempted late bid to kill spy bill
    http://thehill.com/policy/technology/226752-gop-rep-attempted-late-bid-to-kill-spy-bill

    Reply
  41. Tomi Engdahl says:

    IBM: CISO’s Outgunned in the Cybercrime Corral
    Cloud, mobile, government regulations all weight heavily on CISO office
    http://www.cio.com/article/2857319/cybercrime/ibm-cisos-outgunned-in-the-cybercrime-coral.html

    When it comes to battling sophisticated cyber attacks, Chief Information Security Officers feel well outgunned by the seedy underside of the Internet intent on wrecking havoc on their enterprise environments.

    IBM’s third annual Chief Information Security Officer (CISO) study of 138 security executives found that 60% said their organizations are outgunned in the cyber war and that sophisticated external threats were identified by 40% of security leaders as their top challenge with regulations coming in a distant second at just under 15%.

    IBM said that as enterprise leaders continue to outline business priorities, external threats will require the most organizational effort over the next three to five years – as much as regulations, new technologies, and internal threats combined.

    IBM went on to say that security leaders need to use their influence to manage a broader array of external threats and higher expectations across the business.
    Cybersecurity

    “A more extensive scope of what requires protection (e.g., cloud, mobile, etc.) and new security technologies also contributed to this trend toward increased complexity. CISOs are no longer stewards of security technology but rather decision makers who must always take business operations into account. Security leaders are obtaining more clout and wielding it to contribute to companies’ broader goals while managing risk at every step along the way,” IBM stated.

    Some other interesting facts from the IBM CISO study:

    Protection through isolation is less and less realistic in today’s world

    Despite the wide-spread interconnectivity that drives modern business, security leaders themselves aren’t sufficiently collaborative.

    More than 80% of security leaders have seen the external threat increase in the past three years, and it is viewed as the top current challenge.

    70% of security leaders believe they have mature, traditional technologies that focus on network intrusion prevention, advanced malware detection and network vulnerability scanning.

    Nearly 50% agree that deploying new security technology is the top focus area for their organization, and they identified data leakage prevention, cloud security and mobile/device security as the top three areas in need of dramatic transformation.

    While concern over cloud security remains strong, close to 90% of respondents have adopted cloud or are currently planning cloud initiatives.

    Over 70% of security leaders said real-time security intelligence is increasingly important to their organization.

    Despite the growing mobile workforce, only 45% of security leaders stated they have an effective mobile device management approach.

    nearly 80% of respondents said the potential risk from regulations and standards have increased

    Security leaders are most uncertain about whether governments will handle security governance on a national or global level as well as how transparent they will be in doing so.

    Reply
  42. Tomi Engdahl says:

    Tom Huddleston Jr / Fortune:
    Google to close its Russian engineering office before country’s new rules on data storage take effect Jan. 2015

    Google gives a big ‘nyet’ to Russian engineering operations
    http://fortune.com/2014/12/11/google-russia-engineering/

    Search giant plans to shutter its engineering office, according to a report, after Russia passed restrictive laws on how international tech companies can store data.

    Google may be the latest tech company to pull up stakes in Russia.

    Google has maintained engineering operations in Russia since 2006, but the country has recently become less hospitable to foreign tech companies. Russia recently passed new laws requiring any international tech company to house data concerning Russian citizens within the country rather than in data centers located elsewhere.

    Reply
  43. Tomi Engdahl says:

    Linux-Based Turla Trojan May Have Been Used in Cyber-Espionage Campaign
    http://www.tripwire.com/state-of-security/latest-security-news/linux-based-turla-trojan-may-have-been-used-in-cyber-espionage-campaign/

    Researchers have discovered a stealthy form of malware that hackers may have used in a massive campaign of cyber-espionage discovered earlier this year.

    Kaspersky Lab recently published its findings on the ‘Penguin’ Turla, which is the first known Turla Trojan sample that targets the Linux operating system.

    The piece of malware is unique because of its stealth. Undetectable by the netstat command, the Linux Turla activates once the attacker sends a series of “magic numbers” in specially crafted packets.

    The fact that the Turla malware has expanded onto the Linux operating system means that it will become more difficult to track and dangerous to deal with going forward.

    Reply
  44. Tomi Engdahl says:

    The ‘Penquin’ Turla
    A Turla/Snake/Uroburos Malware for Linux
    http://securelist.com/blog/research/67962/the-penquin-turla-2/

    So far, every single Turla sample we’ve encountered was designed for the Microsoft Windows family, 32 and 64 bit operating systems. The newly discovered Turla sample is unusual in the fact that it’s the first Turla sample targeting the Linux operating system that we have discovered.

    This newly found Turla component supports Linux for broader system support at victim sites. The attack tool takes us further into the set alongside the Snake rootkit and components first associated with this actor a couple years ago. We suspect that this component was running for years at a victim site, but do not have concrete data to support that statement just yet.

    The Linux Turla module is a C/C++ executable statically linked against multiple libraries

    Its functionality includes hidden network communications, arbitrary remote command execution, and remote management. Much of its code is based on public sources.

    This Turla cd00r-based malware maintains stealth without requiring elevated privileges while running arbitrary remote commands. It can’t be discovered via netstat, a commonly used administrative tool. It uses techniques that don’t require root access, which allows it to be more freely run on more victim hosts. Even if a regular user with limited privileges launches it, it can continue to intercept incoming packets and run incoming commands on the system.

    To start execution, the process requires two parameters: ID (a numeric value used as a part of the “magic packet for authentication”) and an existing network interface name.

    The module statically links PCAP libraries, and uses this code to get a raw socket, applies a filter on it, and captures packets, checking for a specific condition (the *original cd00r first used this method, based on ports and SYN-packets).

    Although Linux variants from the Turla framework were known to exist, we haven’t seen any in the wild yet.

    Reply
  45. Tomi Engdahl says:

    New ‘Fakedebuggerd’ Vulnerability Must Be Taken Seriously
    http://www.tripwire.com/state-of-security/vulnerability-management/new-fakedebuggerd-vulnerability-must-be-taken-seriously/

    In November 2014, information about “Fakedebuggerd”—a new vulnerability used to gain root access to install files on the Android device file system—was published by Chinese antivirus company 360.

    The vulnerability enables an attacker to access an area that can be accessed only with system or root permissions. It uses two known Android 4.x Privilege Escalation (PE) exploits, FramaRoot and TowelRoot, to run code under root privileges and to install a root toolkit on the device, allowing an attacker to hide the code and avoid attempts to remove the malicious apps.

    This represents a serious escalation in Android malware, and is the first time we’ve seen reports of malware that uses Android 4.x PE exploit vulnerabilities to run code on an infected device. Once on the device, the malicious code collects sensitive data like unique identifiers, device versions and network connectivity data.

    Using these two exploits together also guarantees a high rate of infection. The Towelroot exploit is based on the futex vulnerability (CVE-2014-3153) – a Linux vulnerability most Android devices prior to Android Lollipop are exposed to.

    Reply
  46. Tomi Engdahl says:

    The Voice of the CISO: Interview with Amar Singh
    http://www.tripwire.com/state-of-security/security-awareness/the-voice-of-the-ciso-interview-with-amar-singh/

    What are your business priorities, and how do you relate them to your efforts in cyber security?

    We have to remember that for most organizations, businesses still define success as “we have not been attacked.” The fact is that this is not realistic when it comes to any business that operates in cyber security. CISOs and enterprises need to realize that at some point they will fall victim to a cyber attack, and they need to reframe their understanding of success as their ability to bounce back.

    As to priorities, very few businesses demand cyber readiness as part of their business priorities.

    For the cyber executive, success takes on the meaning of cyber management knowledge and preparedness, that is, having management understand how cyberspace and the “real” world intersect so that they can make effective business decisions.

    Some of the mistakes that CISOs and security professionals make includes chasing the technology rather than addressing those risks and threats that affect the business and its processes.

    Interesting. Keeping this in mind, do you find that your executives are adequately literate about cyber security? How does it affect how you communicate and develop security strategies with them?

    Well it’s a two-way street. Today, cyber ignorance is not only prolific. It is acceptable insofar as most business can operate with their upper echelons not understanding the difference between an apple and an orange.Then again, a lot of what we are seeing today is also a generational thing.

    Without a doubt, younger executives have a better overall, albeit minuscular, grasp of cyber security. I do not, however, see this current situation lasting indefinitely. In the near future, cyber executives are going to have to understand a basic level of technology, coding and cyber security.

    Your referencing nation-states brings up an interesting point. Before we end our discussion, do you think anyone in particular is doing cyber security right in today’s world and why?

    That is a very open-ended question! Many countries and organisations are doing a lot of things rights. In particular, the UK and other governments are definitely making the right noises in encouraging small business to take cyber security seriously.

    Reply
  47. Tomi Engdahl says:

    How Identifiable Are You On the Web?
    http://yro.slashdot.org/story/14/12/14/1943218/how-identifiable-are-you-on-the-web

    This updated browser fingerprinting tool implements the current state of the art in browser fingerprinting techniques

    https://amiunique.org/

    Reply
  48. Tomi Engdahl says:

    Now at the Sands Casino: An Iranian Hacker in Every Server
    http://www.businessweek.com/articles/2014-12-11/iranian-hackers-hit-sheldon-adelsons-sands-casino-in-las-vegas

    Most gamblers were still asleep, and the gondoliers had yet to pole their way down the ersatz canal in front of the Venetian casino on the Las Vegas Strip. But early on the chilly morning of Feb. 10, just above the casino floor, the offices of the world’s largest gaming company were gripped by chaos. Computers were flatlining, e-mail was down, most phones didn’t work, and several of the technology systems that help run the $14 billion operation had sputtered to a halt.

    Computer engineers at Las Vegas Sands Corp. (LVS) raced to figure out what was happening. Within an hour, they had a diagnosis: Sands was under a withering cyber attack. PCs and servers were shutting down in a cascading IT catastrophe, with many of their hard drives wiped clean. The company’s technical staff had never seen anything like it.

    “Hundreds of people were calling IT to tell them their computers weren’t working,”

    Most people, he recalls, switched over to their cell phones and personal e-mail accounts to communicate with co-workers.

    In an effort to save as many machines as they could, IT staffers scrambled across the casino floors of Sands’ Vegas properties—the Venetian and its sister hotel, the Palazzo—ripping network cords out of every functioning computer they could find, including PCs used by pit bosses to track gamblers and kiosks where slots players cash in their tickets.

    This was no Ocean’s Eleven. The hackers were not trying to empty a vault of cash, nor were they after customer credit card data, as in recent attacks on Target (TGT), Neiman Marcus, and Home Depot (HD). This was personal. The perpetrators wanted to punish the company, or, more precisely, its chief executive officer and majority owner, the billionaire Sheldon Adelson.

    This was new. Other countries have spied on American companies, and they have stolen from them, but this is likely the first time—occurring months before the late November attack on Sony Pictures Entertainment (SNE)—that a foreign player simply sought to destroy American corporate infrastructure on such a scale.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*