Archive for the ‘CyberChaos’ Category

Cameras May Open Up the Board Room to Hackers

Monday, January 23rd, 2012

One afternoon this month, a hacker took a tour of a dozen conference rooms around the globe via equipment that most every company has in those rooms; videoconferencing equipment.

With the move of a mouse, he steered a camera around each room, occasionally zooming in with such precision that he could discern grooves in the wood and paint flecks on the wall. In one room, he zoomed out through a window, across a parking lot and into shrubbery some 50 yards away where a small animal could be seen burrowing underneath a bush. With such equipment, the hacker could have easily eavesdropped on privileged attorney-client conversations or read trade secrets on a report lying on the conference room table.

In this case, the hacker was HD Moore, a chief security officer at Rapid7, a Boston based company that looks for security holes in computer systems that are used in devices like toaster ovens and Mars landing equipment. His latest find: videoconferencing equipment is often left vulnerable to hackers.

Businesses collectively spend billions of dollars each year beefing up security on their computer systems and employee laptops. They agonize over the confidential information that employees send to their Gmail and Dropbox accounts and store on their iPads and smartphones. But rarely do they give much thought to the ease with which anyone can penetrate a videoconference room where their most guarded trade secrets are openly discussed.

– More…

– Research thanks to Gerry B.

Paybacks are hell: Parental spying prompts infiltration of German police system

Wednesday, January 11th, 2012

Der Spiegel published a story in yesterday’s edition of their magazine that the hack on the German police surveillance system “Patras” was prompted by a senior officer spying on his daughter’s internet activities.

The Patras system is used by the police to track suspects using so-called “silent” SMSs and GPS tracking devices planted on automobiles.

It appears that a senior policeman from Frankfurt am Main installed spyware onto his daughter’s computer to keep an eye on her online activities.

It is unclear whether this is legal under German law. It is also unknown whether he used the famous Bundestrojaner or some sort of commercial off-the-shelf spyware.

One of his daughters friends then discovered the spyware on her computer and decided that was justification enough to hack into her father’s computer.

Upon invading her dad’s system he found a selection of sensitive security related emails that enabled access to the Patras system. Two German hackers from a group called n0n4m3 cr3w (noname crew) were arrested after the system was breached in July of 2011.

According to Der Spiegel the policeman had redirected his work emails to his home computer. I expect that this is against the rules and is almost always a bad idea.

The worst part is that such a sensitive network used to covertly track people was accessible without any sort of two-factor authentication.

You would hope that intercepting a few sensitive emails would not provide enough information to allow a VPN connection or access critical infrastructure with such ease.

It is not clear whether this incident is the one that resulted in the successful attack against Patras last summer, or whether they were in fact breached twice.

It is one thing to accept the need of law enforcement to track suspects after receiving the approval of a judge, but it is becoming clear that access to these systems is too easy. It almost invites abuse and could result in criminal cases being compromised.

With great power comes great responsibility, and hopefully the German police have implemented more strict access controls and other authorities with similar power have heard this story and will look into their own security.

– To the original…

 

Smart Phone Makers Gave India Spy Tools, “Leaked” Memos Say

Wednesday, January 11th, 2012

People doubt the deep evil inherent in unbridled Capitalism.   But consider this story.   They are selling our inherent rights to personal privacy in exchange for access to markets for their own, and their shareholder’s, profit.

dennis

= = = = = = = = = = = = = = =

Purported Indian intelligence memos also state that the backdoors provided by Apple, Nokia and RIM allowed India to spy on U.S. government officials

Apple, Nokia and Research In Motion (RIM) gave Indian intelligence agencies secret access to encrypted smartphone communications as the price of doing business in the country, according to what appear to be leaked Indian government documents.

The purported documents, if they are real, indicate that the smartphone giants gave India’s Central Bureau of Investigation (CBI) and Indian military intelligence “backdoor” tools that would let the Indian agencies read encrypted emails sent to and from RIM’s BlackBerrys, Apple’s iPhones and Nokia smartphones.

“Military Intelligence and the CBI have been conducting bilateral cellular and Internetsurveillance operations since April 2011,” reads a document allegedly from the Directorate General of Military Intelligence and publicly posted online.

The memos refer to an agreement between India’s Ministry of Defense and RIM, Nokia and Apple, that considers data interception and surveillance part of the “general framework” allowing the smartphone makers to sell their devices in India.

A “decision was made earlier this year to sign an agreement with mobile manufacturers (MM) in exchange for the Indian market presence,” the military intelligence document reads.

– More…

Researchers warn of new Stuxnet worm

Wednesday, November 2nd, 2011

Researchers have found evidence that the Stuxnet worm, which alarmed governments around the world, could be about to regenerate.

Stuxnet was a highly complex piece of malware created to spy on and disrupt Iran’s nuclear programme.

No-one has identified the worm authors but the finger of suspicion fell on the Israeli and US governments.

The new threat, Duqu, is, according to those who discovered it, “a precursor to a future Stuxnet-like attack”.

Its discovery was made public by security firm Symantec, which in turn was alerted to the threat by one of its customers.

The worm was named Duqu because it creates files with the prefix DQ.

Symantec looked at samples of the threat gathered from computer systems located in Europe.

Initial analysis of the worm found that parts of Duqu are nearly identical to Stuxnet and suggested that it was written by either the same authors or those with access to the Stuxnet source code.

“Unlike Stuxnet, Duqu does not contain any code related to industrial control systems and does not self-replicate,” Symantec said in its blog.

“The threat was highly targeted towards a limited number of organisations for their specific assets.”

In other words, Duqu is not designed to attack industrial systems, such as Iran’s nuclear production facilities, as was the case with Stuxnet, but rather to gather intelligence for a future attack.

The code has, according to Symantec, been found in a “limited number of organisations, including those involved in the manufacturing of industrial control systems”.

Symantec’s chief technology officer Greg Day told the BBC that the code was highly sophisticated.

“This isn’t some hobbyist, it is using bleeding-edge techniques and that generally means it has been created by someone with a specific purpose in mind,” he said.

Whether that is state-sponsored and politically motivated is not clear at this stage though.

“If it is the Stuxnet author it could be that they have the same goal as before. But if code has been given to someone else they may have a different motive,” Mr Day said.

He added that there was “more than one variant” of Duqu.

“It looks as if they are tweaking and fine-tuning it along the way,” he said.

The worm also removes itself from infected computers after 36 days, suggesting that it is designed to remain more hidden than its predecessor.

The code used a “jigsaw” of components including a stolen Symantec digital certificate, said Mr Day.

“We provide digital certificates to validate identity and this certificate was stolen from a customer in Taiwan and reused,” said Mr Day.

The certificate in question has since been revoked by Symantec.

– More…

 

GCHQ chief reports ‘disturbing’ cyber attacks on UK

Monday, October 31st, 2011

The UK has been subject to a “disturbing” number of cyber attacks, the director of communications intelligence agency GCHQ has said.

Sensitive data on government computers has been targeted, along with defence, technology and engineering firms’ designs, Iain Lobban said in the Times.

There was a “significant” unsuccessful internet-based attack on Foreign Office computer systems this summer, he added.

On Tuesday, the government hosts a two-day conference on the issue.

Foreign Secretary William Hague convened the London Conference on Cyberspace after criticism that ministers are failing to take the threat from cyber warfare seriously enough.

It aims to bring together political leaders, such as US Secretary of State Hillary Clinton and EU digital supremo Neelie Kroes, with leading cyber security experts and technology entrepreneurs such as Wikipedia founder Jimmy Wales and Cisco vice-president Brad Boston.

More…

Why is it not good to use proprietary Software or Formats?

Monday, October 31st, 2011

Proprietary Software can include back doors – see Skype and Microsoft.

Proprietary formats can include metadata. This is data, which you can’t see but it can lead to your identity. They caught a Greek anonymous activist, because he uploaded a word document with his real name in the metadata.

If you are no computer expert don’t upload anything else then plain TXT files to the Internet. You can use copy and past as well to post it in web services. Even graphic formats like JPEG or TIFF can include data like GPS coordinates, the used camera, user and software name.

It’s very difficult for beginners to find this metadata. So if you are a good designer like the poor Greek one, send your PDF files to a computer expert. He can clean the metadata before the upload.

These programms can show you the metadata:

PDF – BeCyPDFMetaEdit
Viewer for many formats: http://regex.info/exif.cgi

[UPDATE]
The metadata can be useful to locate the author of a document in real life, if you have questions for example. Open source programs like Libre Office uses metadata too. The trick is not to fill in your real name during installation and don’t use your real name for login.

You can use a Linux live system (like TAILS) to produce anonymous documents.

Comments:

The UK government has its problems with PDF formats too:

http://news.slashdot.org/story/11/04/17/0831204/MoDs-Error-Leaks-Secrets-of-UK-Nuclear-Submarine

“UK’s Ministry of Defence admitted that secret information about its nuclear powered submarines was leaked on the internet by mistake.

and

FOCA is a good program to show meta data for windows. You have to give an email adr. to dowload the program …

http://www.informatica64.com/DownloadFOCA/

– To the original…

 

Hackers targeted US government satellites, Congressional report claims

Sunday, October 30th, 2011

It sounds like the stuff of James Bond – foreign hackers managing to gain unauthorised access to US satellites as they orbit 700 km above the Earth, and interfere with their controls.

Maybe, if things were turning really bad, the hackers could even “damage or destroy the satellite.”

Well, if the upcoming annual report by the US-China Economic and Security Review Commission is to believed, maybe this isn’t just the imagination of a Hollywood scriptwriter.

According to Bloomberg BusinessWeek, a Congressional commision report to be released next month will reveal that hacker interfered with the operations of two US government satellites in 2007 and 2008.

The hackers, who were said to have gained access to the satellites via a ground station in Spitsbergen, Norway, are said to have interfered with the running of the Landsat-7 and Terra AM-1 Earth observation satellites which examine the planet’s climate and terrain. According to Bloomberg BusinessWeek, the report claims Landsat-7 experienced “12 or more minutes of interference in October 2007 and July 2008”.

NASA’s Terra AM-1 satellite, meanwhile, is said to have suffered interference for two minutes in June 2008 and nine minutes in October of that year. According to the draft report, “the responsible party achieved all steps required to command the satellite.”

– More…

 

Japanese parliament hit by cyber-attack

Sunday, October 30th, 2011

According to local media reports, hackers were able to snoop upon emails and steal passwords from computers belonging to lawmakers at the Japanese parliament for over a month.

A report in the Asahi Shimbun claims that PCs and servers were infected after a Trojan horse was emailed to a a Lower House member in July.

The Trojan horse then downloaded malware from a server based in China – allowing remote hackers to secretly spy on email communications and steal usernames and passwords from lawmakers.

– More…

 

Germany spyware: Minister calls for probe of state use

Wednesday, October 12th, 2011

Germany’s justice minister has called for a national and state level probe into the use of controversial computer software to spy on people.

The German state of Bavaria has admitted using the spyware, but claimed it had acted within the law.

Three other states have also confirmed they have used spyware in order to investigate serious criminal offences, a German newspaper reports.

Use of the software was exposed by a German hacker group.

The Berlin-based Chaos Computer Club (CCC) said it had analysed a “lawful interception” malware programme called Federal Trojan, used by the German police force.

They found that, once installed, the programme allows its operators to monitor exactly what the user is looking at – from which websites they have visited, to the emails they send and receive and the calls made through Skype.

“The malware cannot only siphon away intimate data but also offers a remote control or backdoor functionality for uploading and executing arbitrary other programs,” the group wrote on its website.

The program, it said, had “significant design and implementation flaws”, which made “all of the functionality available to anyone on the internet”.

Strong feelings

The CCC had analysed a laptop allegedly belonging to a man accused of illegally exporting pharmaceuticals. His lawyer claims the Trojan program was installed on his client’s computer when it passed through airport customs.

Bavaria Interior Minister Joachim Herrman has confirmed that state officials have been using the software since 2009 – though he made no mention of any specific incidents – and insisted that they had acted within the law. However, he promised a review of the software’s use.

The German broadcaster Deutsche Welle reported on Tuesday that three other states – Baden-Wurttemberg, Brandenburg and Lower Saxony had confirmed using spyware, although it is not clear if all four states had used the same software.

Justice Minister Sabine Leutheusser-Schnarrenberger has called on the federal and state governments to launch an investigation into the matter.

“Trying to play down or trivialise the matter won’t do,” she said. “The citizen, in both the public and private spheres, must be protected from snooping through strict state control mechanisms.”

The BBC’s Stephen Evans says the incident has sparked a row because Germans, given the country’s Nazi and Communist past, feel strongly about spying on citizens. Germany’s constitution stipulates strict protection against it, he adds.

– to the original…

 

Malware compromises USAF Predator drone computer systems

Monday, October 10th, 2011

– Now, this is scary in several ways….

– dennis

= = = = = = = = = = =

According to a Wired report, malware has infected the control systems used by the United States Air Force to fly Predator and Reaper drones, logging keypresses as the unmanned aircraft are flown remotely in Afghanistan, Libya, Pakistan and other conflict zones.

The malware intrusion is said to have been detected by the Department of Defense’s ownHost Based Security System (HBSS), but attempts to permanently remove the infection from one of America’s most important weapons systems have proven unsuccessful.

Inevitably there has been some concern in the media that malware could interfere with the flight of drones that are not just capable of surveillance, but can also carry deadly missiles to remote targets.

Questions are understandably being asked as to whether a remote hacker could interfere with the drones mid-flight, or send information to a third party about the drone’s whereabouts or intended target.

Wired quotes an unnamed source familiar with the infection as saying:

"We keep wiping it off, and it keeps coming back... We think it’s benign. But we just don't know."

Hmm.. If I “just didn’t know” I would assume the worst. In computer security, it’s always safest to assume the worst possible scenario has happened and take the necessary steps until you have proven that it hasn’t, rather than assume everything is ticketyboo.

– More…