Archive for the ‘CyberChaos’ Category

Researchers warn of new Stuxnet worm

Wednesday, November 2nd, 2011

Researchers have found evidence that the Stuxnet worm, which alarmed governments around the world, could be about to regenerate.

Stuxnet was a highly complex piece of malware created to spy on and disrupt Iran’s nuclear programme.

No-one has identified the worm authors but the finger of suspicion fell on the Israeli and US governments.

The new threat, Duqu, is, according to those who discovered it, “a precursor to a future Stuxnet-like attack”.

Its discovery was made public by security firm Symantec, which in turn was alerted to the threat by one of its customers.

The worm was named Duqu because it creates files with the prefix DQ.

Symantec looked at samples of the threat gathered from computer systems located in Europe.

Initial analysis of the worm found that parts of Duqu are nearly identical to Stuxnet and suggested that it was written by either the same authors or those with access to the Stuxnet source code.

“Unlike Stuxnet, Duqu does not contain any code related to industrial control systems and does not self-replicate,” Symantec said in its blog.

“The threat was highly targeted towards a limited number of organisations for their specific assets.”

In other words, Duqu is not designed to attack industrial systems, such as Iran’s nuclear production facilities, as was the case with Stuxnet, but rather to gather intelligence for a future attack.

The code has, according to Symantec, been found in a “limited number of organisations, including those involved in the manufacturing of industrial control systems”.

Symantec’s chief technology officer Greg Day told the BBC that the code was highly sophisticated.

“This isn’t some hobbyist, it is using bleeding-edge techniques and that generally means it has been created by someone with a specific purpose in mind,” he said.

Whether that is state-sponsored and politically motivated is not clear at this stage though.

“If it is the Stuxnet author it could be that they have the same goal as before. But if code has been given to someone else they may have a different motive,” Mr Day said.

He added that there was “more than one variant” of Duqu.

“It looks as if they are tweaking and fine-tuning it along the way,” he said.

The worm also removes itself from infected computers after 36 days, suggesting that it is designed to remain more hidden than its predecessor.

The code used a “jigsaw” of components including a stolen Symantec digital certificate, said Mr Day.

“We provide digital certificates to validate identity and this certificate was stolen from a customer in Taiwan and reused,” said Mr Day.

The certificate in question has since been revoked by Symantec.

– More…


GCHQ chief reports ‘disturbing’ cyber attacks on UK

Monday, October 31st, 2011

The UK has been subject to a “disturbing” number of cyber attacks, the director of communications intelligence agency GCHQ has said.

Sensitive data on government computers has been targeted, along with defence, technology and engineering firms’ designs, Iain Lobban said in the Times.

There was a “significant” unsuccessful internet-based attack on Foreign Office computer systems this summer, he added.

On Tuesday, the government hosts a two-day conference on the issue.

Foreign Secretary William Hague convened the London Conference on Cyberspace after criticism that ministers are failing to take the threat from cyber warfare seriously enough.

It aims to bring together political leaders, such as US Secretary of State Hillary Clinton and EU digital supremo Neelie Kroes, with leading cyber security experts and technology entrepreneurs such as Wikipedia founder Jimmy Wales and Cisco vice-president Brad Boston.


Why is it not good to use proprietary Software or Formats?

Monday, October 31st, 2011

Proprietary Software can include back doors – see Skype and Microsoft.

Proprietary formats can include metadata. This is data, which you can’t see but it can lead to your identity. They caught a Greek anonymous activist, because he uploaded a word document with his real name in the metadata.

If you are no computer expert don’t upload anything else then plain TXT files to the Internet. You can use copy and past as well to post it in web services. Even graphic formats like JPEG or TIFF can include data like GPS coordinates, the used camera, user and software name.

It’s very difficult for beginners to find this metadata. So if you are a good designer like the poor Greek one, send your PDF files to a computer expert. He can clean the metadata before the upload.

These programms can show you the metadata:

PDF – BeCyPDFMetaEdit
Viewer for many formats:

The metadata can be useful to locate the author of a document in real life, if you have questions for example. Open source programs like Libre Office uses metadata too. The trick is not to fill in your real name during installation and don’t use your real name for login.

You can use a Linux live system (like TAILS) to produce anonymous documents.


The UK government has its problems with PDF formats too:

“UK’s Ministry of Defence admitted that secret information about its nuclear powered submarines was leaked on the internet by mistake.


FOCA is a good program to show meta data for windows. You have to give an email adr. to dowload the program …

– To the original…


Hackers targeted US government satellites, Congressional report claims

Sunday, October 30th, 2011

It sounds like the stuff of James Bond – foreign hackers managing to gain unauthorised access to US satellites as they orbit 700 km above the Earth, and interfere with their controls.

Maybe, if things were turning really bad, the hackers could even “damage or destroy the satellite.”

Well, if the upcoming annual report by the US-China Economic and Security Review Commission is to believed, maybe this isn’t just the imagination of a Hollywood scriptwriter.

According to Bloomberg BusinessWeek, a Congressional commision report to be released next month will reveal that hacker interfered with the operations of two US government satellites in 2007 and 2008.

The hackers, who were said to have gained access to the satellites via a ground station in Spitsbergen, Norway, are said to have interfered with the running of the Landsat-7 and Terra AM-1 Earth observation satellites which examine the planet’s climate and terrain. According to Bloomberg BusinessWeek, the report claims Landsat-7 experienced “12 or more minutes of interference in October 2007 and July 2008”.

NASA’s Terra AM-1 satellite, meanwhile, is said to have suffered interference for two minutes in June 2008 and nine minutes in October of that year. According to the draft report, “the responsible party achieved all steps required to command the satellite.”

– More…


Japanese parliament hit by cyber-attack

Sunday, October 30th, 2011

According to local media reports, hackers were able to snoop upon emails and steal passwords from computers belonging to lawmakers at the Japanese parliament for over a month.

A report in the Asahi Shimbun claims that PCs and servers were infected after a Trojan horse was emailed to a a Lower House member in July.

The Trojan horse then downloaded malware from a server based in China – allowing remote hackers to secretly spy on email communications and steal usernames and passwords from lawmakers.

– More…


Germany spyware: Minister calls for probe of state use

Wednesday, October 12th, 2011

Germany’s justice minister has called for a national and state level probe into the use of controversial computer software to spy on people.

The German state of Bavaria has admitted using the spyware, but claimed it had acted within the law.

Three other states have also confirmed they have used spyware in order to investigate serious criminal offences, a German newspaper reports.

Use of the software was exposed by a German hacker group.

The Berlin-based Chaos Computer Club (CCC) said it had analysed a “lawful interception” malware programme called Federal Trojan, used by the German police force.

They found that, once installed, the programme allows its operators to monitor exactly what the user is looking at – from which websites they have visited, to the emails they send and receive and the calls made through Skype.

“The malware cannot only siphon away intimate data but also offers a remote control or backdoor functionality for uploading and executing arbitrary other programs,” the group wrote on its website.

The program, it said, had “significant design and implementation flaws”, which made “all of the functionality available to anyone on the internet”.

Strong feelings

The CCC had analysed a laptop allegedly belonging to a man accused of illegally exporting pharmaceuticals. His lawyer claims the Trojan program was installed on his client’s computer when it passed through airport customs.

Bavaria Interior Minister Joachim Herrman has confirmed that state officials have been using the software since 2009 – though he made no mention of any specific incidents – and insisted that they had acted within the law. However, he promised a review of the software’s use.

The German broadcaster Deutsche Welle reported on Tuesday that three other states – Baden-Wurttemberg, Brandenburg and Lower Saxony had confirmed using spyware, although it is not clear if all four states had used the same software.

Justice Minister Sabine Leutheusser-Schnarrenberger has called on the federal and state governments to launch an investigation into the matter.

“Trying to play down or trivialise the matter won’t do,” she said. “The citizen, in both the public and private spheres, must be protected from snooping through strict state control mechanisms.”

The BBC’s Stephen Evans says the incident has sparked a row because Germans, given the country’s Nazi and Communist past, feel strongly about spying on citizens. Germany’s constitution stipulates strict protection against it, he adds.

– to the original…


Malware compromises USAF Predator drone computer systems

Monday, October 10th, 2011

– Now, this is scary in several ways….

– dennis

= = = = = = = = = = =

According to a Wired report, malware has infected the control systems used by the United States Air Force to fly Predator and Reaper drones, logging keypresses as the unmanned aircraft are flown remotely in Afghanistan, Libya, Pakistan and other conflict zones.

The malware intrusion is said to have been detected by the Department of Defense’s ownHost Based Security System (HBSS), but attempts to permanently remove the infection from one of America’s most important weapons systems have proven unsuccessful.

Inevitably there has been some concern in the media that malware could interfere with the flight of drones that are not just capable of surveillance, but can also carry deadly missiles to remote targets.

Questions are understandably being asked as to whether a remote hacker could interfere with the drones mid-flight, or send information to a third party about the drone’s whereabouts or intended target.

Wired quotes an unnamed source familiar with the infection as saying:

"We keep wiping it off, and it keeps coming back... We think it’s benign. But we just don't know."

Hmm.. If I “just didn’t know” I would assume the worst. In computer security, it’s always safest to assume the worst possible scenario has happened and take the necessary steps until you have proven that it hasn’t, rather than assume everything is ticketyboo.

– More…


Russian hacker sells home and cars to pay RBS

Thursday, September 22nd, 2011

A Russian hacker who breached the security of RBS’ WorldPay service and stole $9m (£6m) has had his property sold to compensate the bank.

Viktor Pleshchuk’s two flats and two cars, a BMW and a Lada, were auctioned off in Saint Petersburg on Monday.

According to a Russian news portal RIA Novosti, the sale raised 10m roubles (£200,000).

It reported that the money had been transferred to RBS, something the bank was unable to confirm.

Mr Pleshchuk and seven other Eastern European hackers managed to get their hands on the personal data of thousands of RBS customers in 2008.

They used the information to create fake debit cards and withdraw huge amounts of cash from ATMs in as many as 280 cities around the world.

The money was taken from 2,100 bank cash machines within 12 hours in the US, Russia, Estonia, Italy, Hong Kong, Japan and Canada.

– More…


Hacked security firm closes its doors

Thursday, September 22nd, 2011

Dutch security firm DigiNotar has filed for voluntary bankruptcy following a series of attacks by a hacker.

The attackers penetrated DigiNotar’s internal systems and then issued fake security certificates so they could impersonate web firms.

The certificates are believed to have been used to eavesdrop on the Google email accounts of about 300,000 people.

The hacker behind the attacks claims to have penetrated four other firms that issue security certificates.

No tears

DigiNotar’s parent company Vasco Data Security said the firm had been put into voluntary bankruptcy. A trustee for the business has been appointed who will oversee the winding up of DigiNotar.

The scale of the attack on DigiNotar began to be uncovered on 19 July when the firm said it first found evidence of an intrusion. It started to revoke certificates and an investigation was carried out to find out how much damage had been done.

An initial report found that hundreds of fake certificates had been issued and hackers had almost total access to DigiNotar’s network.

The security certificates it and many other firms issue act as a guarantee of identity so people can be sure they are connecting to the site they think they are.

The fake certificates DigiNotar revoked were for some of the biggest net firms including Google, Facebook, Twitter and Skype.

It is thought the fake certificates for Google were used in Iran to peep at the email accounts of about 300,000 people.

Soon after discovering the attack, DigiNotar stopped issuing certificates altogether. Once wound up, its business and assets will be folded into Vasco.

“We are working to quantify the damages caused by the hacker’s intrusion into DigiNotar’s system and will provide an estimate of the range of losses as soon as possible, ” said Vasco in a statement.

It added that its network and systems remained separate from DigiNotar and, as a result, “there is no risk for infection of Vasco’s strong authentication business”.

– More…


Hackers attack high-tech military contractor, break into submarine manufacturing plant

Tuesday, September 20th, 2011

Mitsubishi Heavy Industries, Japan’s biggest defense contractor, has revealed that it suffered a hacker attack in August that caused some of its networks to be infected by malware.

The firm – which is involved in a wide range of activities including space rockets, the production of jet fighters, shipbuilding, and running nuclear power plants – said that 45 network servers and 38 PCs became infected with malware at ten facilities across Japan.

The infected sites included its submarine manufacturing plant in Kobe and the Nagoya Guidance & Propulsion System Works, which makes engine parts for missiles.

The Japanese newspaper Yomiuri claimed that at least eight different pieces of malware, including some which stole data, were discovered at Mitsubishi sites.

A Mitsubishi spokesperson, however, was quoted as saying that “there is no possibility of any leakage of defense-related information at this point.”

The company first noticed the attack on August 11th, and expects to have the results of an investigation into the security breach by the end of September.

If Mitsubishi Heavy Industries was targeted by hackers, the obvious question to ask is who was behind the attack and what was the motive?

Earlier this year we saw a series of cyber attacks against US military contractors, including Lockheed MartinL-3 Communications and Northrop Grumman, and US Deputy Defense Secretary William Lynn publicly claimed that a foreign intelligence agency was behind a hack attack that stole classified information about a top secret weapons system.

– more…