Cyber-ketju: verkkovakoilu,kännyköiden ja wlanien seuranta, hakkerointi, virukset, DoS etc

[ctg]

So here is a radical notion: we need a national resilience strategy that embraces universal analog failover. Instead of moving wholesale to ever-more sophisticated technology, we should seek to balance investments in digital and quantum capability with investments that provide functional insurance, if you will: analog failover for the minimum essential functioning of each lifeline critical infrastructure serving a major population center.

A universal analog failure plan is not always about building something new. We don’t need to create the 21st century equivalents of the Works Progress Administration or the Tennessee Valley Authority, at huge taxpayer expense. Rather, the plan would primarily involve the identification and intentional preservation of infrastructure, technologies, protocols, and skills that are rapidly disappearing as newer generations of workers – so-called digital natives – have no experience of working in an analog world. We need to capture the decades of analog experience in our older workforce (and retirees) before we lose our chance.

Edison famously noted that "Genius is 1% inspiration and 99% perspiration" – in other words, not the ratio people might expect. What if resilience is 50% innovation … and 50% preservation?

In the case of communications, for instance, what is required is the preservation of a base core of copper-enabled connectivity, and the perpetuation of skills and equipment parts to make analog telephones work. Today, we see a move to decommission the copper-wire infrastructure. From a pure business standpoint, decommissioning copper is the right thing to do; but from a public-safety and homeland security perspective, we should reconsider. Decommissioning copper increases homeland security risk, because failover planning calls simply for relying on another server, router, or data center that is also subject to compromise.

We can see parallels in other infrastructure sectors. In water, for example, today's digitally controlled infrastructure replaced electronically operated pneumatic pumps. Many water systems today still have legacy pneumatics in place (although it is not immediately apparent what condition the equipment is in). The people with deep knowledge of those systems are retiring, soon to be retired, or have already died. With a relatively small investment (when compared to widespread development and deployment of new technology), we could complement our innovation programs to refresh those systems and capture that knowledge – at least enough to get us through a real crisis.

The United States has experience of prioritizing the preservation of these valuable skills in other areas, such as the Navy's ship-building program or nuclear propulsion. If we had let "market forces" completely have their way, we could very well have lost the ability to produce the ships we need or maintain our Navy’s nuclear propulsion programs.

For space-based positioning and timing, we could backstop GPS with programs like the enhanced long-range navigation (e-LORAN) system. This system can provide PNT capabilities similar those of GPS, particularly in maritime environments like harbors and along the coasts, using existing infrastructure. It is not a perfect substitute for GPS, but in a world where we have to prioritize back-up systems for resiliency in the lifelines, it is certainly sufficient. Unfortunately, just like copper in the telecommunications sector, this reliable and once-widespread capability is no longer prioritized and portions are being decommissioned.

This post offers ideas for communications, for water, and one for PNT. But what about electricity generation? Power distribution? Emergency communications for our first responders?

https://www.mitre.org/capabilities/...rity-blog/backward-is-forward-analog-failover

 

[min3mat]

Tämäntapainen tapaus tuli aamulla vastaan.

Ilmeisesti Piraattipuolueen kuntavaaliehdokkaan omistamaa domainia/domaineja "mli.fi, mli.ee ja mli.lv" on myyty/yritetty huutokaupata. Kuvakaapauksessa sivulta mainitaan osoitteeseen tulleen vuoden aikana noin 100 kpl viestejä joita tarkoitettu mil.fi osoitteeseen kun pv:llä on typotettu sähköpostia lähettäessä. Asiasta on myös tehty Reddittiin oma viestiketju https://www.reddit.com/r/Suomi/comments/6f6j9x/mitä_olette_mieltä_armeijalle_tarkoitettujen/

Sivuston mainospuheessa sanotaan seuraavaa:

"What you can passively do with this domain is to monitor emails and gather possibly valuable intelligence information. For an active hacker these emails provide way of eavesdropping and injection of malicious information. It can be noted that those who misspell mil to mli and do not see the difference are not often computer savvy. Therefore they are especially vulnerable to this sort of exploitation. Typing errors caused by lower computer skills, decreased vision and attention level and lower motoric skills also correlate with higher age and thus in generally higher rank or position. For sale are three domain names mli.fi, mli.ee and mli.lv. There correspond to the defence force websites and email addresses of Finland (mil.fi), Estonia (mil.ee), and Latvia (mil.lv). Together these three countries cover the whole border between European union and Russia"

Sekä kaappaus sivustosta mli.fi/forsale. En lähde sisältöä sen enempää analysoimaan, mutta .ee ja .lv osoitteiden kuvaukset itsessään ovat jo kiinnostusta herättäviä.

Whois.net kertoo omistajasta seuraavaa:

Viestintävirastolle olen asiasta pistänyt jo postia menemään.

 

[peelo]

@min3mat laita nyt ihmeessä viestiä Puolustusvoimille ja oikeesti KRP/Supollakin on varmaan joku asiakaspalvelu sähköposti. Kaverihan markkinoi tota suoraan rikollisiin tarkoituksiin. Noi kuvat vois myös tallentaa että varmasti löytyy myöhemminkin.

 

[min3mat]

@min3mat laita nyt ihmeessä viestiä Puolustusvoimille ja oikeesti KRP/Supollakin on varmaan joku asiakaspalvelu sähköposti. Kaverihan markkinoi tota suoraan rikollisiin tarkoituksiin. Noi kuvat vois myös tallentaa että varmasti löytyy myöhemminkin.

Kuvat on tallennettu & backupit olemassa ja asiasta on lähetetty viranomaisille postia

 

[ctg]

Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept.

The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the U.S. election and voting infrastructure. The report, dated May 5, 2017, is the most detailed U.S. government account of Russian interference in the election that has yet come to light.

While the document provides a rare window into the NSA’s understanding of the mechanics of Russian hacking, it does not show the underlying “raw” intelligence on which the analysis is based. A U.S. intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document because a single analysis is not necessarily definitive.

https://theintercept.com/2017/06/05...ian-hacking-effort-days-before-2016-election/

https://www.documentcloud.org/documents/3766950-NSA-Report-on-Russia-Spearphishing.html#document/p1

 

[ctg]

Russia's control of cybercrime groups that have come to play a part in its espionage activity is crumbling, according to Cybereason.

The security intelligence outfit reached this conclusion after reviewing the latest tactics and procedures associated with high-profile cyber-espionage pops blamed on the Kremlin. Russia has made use of contractors to run intelligence operations for many years. These criminals-turned-spies offer a resource to the state while enjoying a cloak of semi-protected "status" for their extracurricular malicious activities, providing they are directed against foreign targets.

Ross Rustici, senior manager of intelligence research at Cybereason, said that what the FSB is doing now is an "outgrowth of what the KGB was doing in the 80s".

"With the collapse of the USSR, the Russian government had a problem of recruiting technology talent to accomplish their goals. Through necessity they turned to outsourcing and contractors to cover the work they weren't able to handle in-house. This gave them deniability about subsequent cyber-operations."

http://www.theregister.co.uk/2017/06/06/russia_cyber_militia_analysis/

This eroding control is impacting security around the world, as nation-state actors use the skills they honed with Russia for their own agendas – such as the Carbanak Gang. This has repercussions for international cybersecurity as former state operatives are becoming mercenaries or hackers for hire. "The capabilities that were once indicative of a nation-state actor are now an affordable commodity for the private sector," reports Cybereason.

Other countries looking to emulate the Russian model in their own cyber operations are likely to run into trouble. For one thing, mistakes by non-state actors can escalate quickly. In addition, cybercriminals will "occasionally bite the hand that feeds them", quite aside from the difficulty for a state in controlling any operation that involves maverick hackers. Lastly there's the issue that bringing in independent hackers makes it more likely that any military-grade hacking tools they get hold of will leak, creating an arms control proliferation problem in the process

 

[ctg]

The strange tale of former NSA contractor Reality Winner just got stranger, after a US senator alleged the information she leaked about Russian hacking under-stated the extent of Russia's activities.

Speaking to USA Today in the video below, Virginia senator Mark Warner, the senior Democrat on the Senate Intelligence Committee, said “the extent of the attacks is much broader than has been reported so far.”

Warner said “several” US states' election-management systems were targeted by Russian interests, but that not all of them know about the attacks.

“We need to declassify more of that information,” he said, so that American citizens can understand the extent of the attacks. With a nod to president Donald Trump's insistence his campaign received no Russian assistance, Warner said he wants to release the information “not to re-litigate 2016” [the presidential election] but in order to ensure future US elections can be defended against similar attacks.

“We do not believe there was any interference in actual voting machines or the final tally,” senator Warner said, adding “I do not believe they got into changing actual voting outcomes.”

http://www.theregister.co.uk/2017/0...r_claims_hacking_is_wider_than_leak_revealed/

Australia has joined the list of countries whose politicians hope to crack encryption by fiat, with the nation's attorney-general George Brandis saying he’s going to take the government’s concerns to “Five Eyes” partners the USA, UK, New Zealand Canada.

Brandis and Australia's cyber security special advisor Alastair MacGibbon have taken to the airwaves in the last 24 hours to explain how they feel technology companies can help to make it harder for terrorists and criminals to communicate.

http://www.theregister.co.uk/2017/06/07/australia_to_float_crypto_backdoors_to_fiveeyes/

 

[ctg]

The commissioners responsible for overseeing the UK's spy agencies have admitted that they have never carried out a formal inspection or audit of the sharing of bulk communications and personal data with industry.

The intelligence agencies' collection of mass communications data has come under repeated scrutiny, and the government was dealt a heavy blow last year when the Investigatory Powers Tribunal ruled that a chunk of its activities had been unlawful.

In a case brought by campaign group Privacy International in October 2016, the court ruled that bulk collection of data carried out by GCHQ and MI5between 1998 and 2015 – through directions given under section 94 of the Telecommunications Act 1984 – was illegal.

The Investigatory Powers Tribunal is holding a follow-up hearing this week, which is looking at three further issues, including whether and how the government shares the bulk communications or personal data it hoards with foreign governments and other organisations.

Although the agencies' official line is not to confirm or deny such data sharing has taken place, historic documents released by NSA whistleblower Edward Snowden have indicated that information had been shared with researchers at the University of Bristol.

And one of the documents put forward during this week's hearing from the two oversight bodies – the Intelligence Services Commissioner and the Interception of Communications Commissioner's Office (IOCCO) – reveals that there has never been a formal audit of information sharing.

The letter, sent to the tribunal and seen by The Register, is in response to a request from Privacy International for more information on the auditing of bulk communications and personal data sharing with industry partners.

Industry partners are understood to cover non-government bodies, many of which will use the information to develop software or hardware to improve storage or manipulation of the data.

The commissioners' letter states: "Neither commissioner with responsibility for the intelligence agencies, nor their inspectors, has ever conducted a formal inspection or audit of industry in this regard."

Elsewhere in the document, the commissioners say that if the agencies think there is merit in sharing personal datasets externally "then it must meet the necessity and proportionality tests under the Security Service Act or the Intelligence Services Act as well as considering any wider legal, political or operational risks".

http://www.theregister.co.uk/2017/06/08/spy_data_sharing_not_audited/

 

[ctg]

Verkkohyökkäykset ovat edullisia, tehokkaita ja kiistanalaisia, mikä selittää F-Securen tutkimusjohtajan Mikko Hyppösen mukaan niiden suosiota. Syyllisen osoittavaa savuavaa asetta harvoin löytyy.

Kyberiskujen suosion kasvu ja hakkereiden tie uutispyramidin huipulle sai oikeastaan alkunsa jo kymmenen vuotta sitten, aivan Suomen naapurista.

https://yle.fi/uutiset/3-9655795

 

[ctg]

Officials from the United States, the United Kingdom, Canada, Australia and New Zealand will discuss next month plans to force tech companies to break encryption on their products.

The so-called Five Eyes nations have a long-standing agreement to gather and share intelligence from across the globe. They will meet in Canada with a focus on how to prevent "terrorists and organized criminals" from "operating with impunity ungoverned digital spaces online," according to Australian prime minister Malcolm Turnbull.

http://www.theregister.co.uk/2017/06/13/five_eyes_stare_menacingly_at_encryption/

 

[Sardaukar]

Tässä muuten jonkin näköinen kaavio NSA:n organisaatiosta (lonkeroineen):

https://www.mindmeister.com/3085185...-000-civilians-and-military-budget-10-billion

 

[ctg]

Tämä on ollut ongelma yhdeksänkyt luvun alusta asti. Siitä puhutaan, mutta ei julkisesti ja vuosien varrella honeypoteista IPSän ja IDSän on käytetty menemättä mandatooriseen käytönsäännöstelyyn. Kuitenkin suurin pelko on tekoälyn sulautuminen näihin brutaaleihin hyökkäysmetodeihin. Hiljalleen olemme menossa kohti maailmaa missä semiautonomiset botit käyskentelevät netissä kuten normikansalaiset. Siitä ei ole enään kaukana parjatusta pahasta AIsta. En tiedä yhtään hakkeria joka tähän on pystynyt, mutta yritystä on ollut useamman vuosikymmenen.

Traditional methods can't block the latest attackers, but a behavioral approach can tell the difference between bots and humans.

In a recent automated attack, a large bot army hacked into accounts using brute-force methodology and a highly accurate username and password list. PerimeterX researchers discovered that by overwhelming sites with requests from a network of tens of thousands of Internet of Things devices such as Canon printers and network devices, and with each bot sending just a single request every 10 minutes or so, the attacker completed more than 5 million attempts per day. Furthermore, the attack was successful on 8% of attempts, breaching a shocking 400,000 accounts per day.

How can such an attack be so successful? Attackers and the bots they create are in a technological arms race with companies always on the defense, trying to catch up. Next-generation bots are outsmarting companies every day. Detecting and deterring these often invisible attacks is difficult, and the standard tricks of the trade such as logfile analysis, are inadequate.

https://www.darkreading.com/threat-...cks-is-becoming-more-difficult/a/d-id/1329090

 

[Maidan]

Miten minun täytyy suhtautua tälläisen ilmoitukseen?:

VAROITUS!


Apple iPad -laitteesi on vakavasti (6) viruksen vahingoittama!
Olemme havainneet selaimesi Mobile Safari olevan (45,4 %) VAHINGOITTUNUT vioittunut sivustot saamiesi SELAINTROIJALAISTEN vuoksi.

Sinun on toimittava heti, jos et halua jakaa muille tartuntaa ja omia tietojasi, kuten FACEBOOK-TILIÄSI, WHATSAPP-VIESTEJÄSI, VALOKUVIASI JA OMIA SOVELLUKSIASI


Näin voit ratkaista ongelman muutamassa sekunnissa (vaihe vaiheelta):

Vaihe 1: Asenna App Storestä suositeltu sovellus Onavo Protect napauttamalla POISTA VIRUS.

Vaihe 2: Lataa uusimmat päivitykset avaamalla sovellus ja poista mahdolliset vanhemmat (tartunnan saaneet) versiot.
----------
Tälläistä en saanut koskaan aikaisemmin

 

[adam7]

Nää älykodinkoneet on mahtavia.
Vituttais jos jääkaapis olis viikonloppuna kaljaa ja haittaohjelma olis lukinnu oven

https://twitter.com/x/status/863707937084235776

Katso liite: 14685

Tuo eka kuva Siemensin koneesta on tökerösti photoshopattu. Siinä ei ole värinäyttöä.

Tässä oikea näyttö

https://twitter.com/x/status/863919976046047232

Tuo Miele taas on laitosastianpesukone. Se näkyy kun tviitin kuvaa katsoo oikeassa ylälaidassa on "professional". Juttu mokasta
http://securityaffairs.co/wordpress/57457/iot/mele-washer-disinfector-flaw.html

 

[adam7]

Miten minun täytyy suhtautua tälläisen ilmoitukseen?:

VAROITUS!


Apple iPad -laitteesi on vakavasti (6) viruksen vahingoittama!
Olemme havainneet selaimesi Mobile Safari olevan (45,4 %) VAHINGOITTUNUT vioittunut sivustot saamiesi SELAINTROIJALAISTEN vuoksi.

Sinun on toimittava heti, jos et halua jakaa muille tartuntaa ja omia tietojasi, kuten FACEBOOK-TILIÄSI, WHATSAPP-VIESTEJÄSI, VALOKUVIASI JA OMIA SOVELLUKSIASI


Näin voit ratkaista ongelman muutamassa sekunnissa (vaihe vaiheelta):

Vaihe 1: Asenna App Storestä suositeltu sovellus Onavo Protect napauttamalla POISTA VIRUS.

Vaihe 2: Lataa uusimmat päivitykset avaamalla sovellus ja poista mahdolliset vanhemmat (tartunnan saaneet) versiot.
----------
Tälläistä en saanut koskaan aikaisemmin

huijaus

 

[ctg]

Russian attempts to hack key American election systems are more advanced than first thought, according to Homeland Security officials on Wednesday.

In a public hearing into election hacking held by the US Senate Intelligence Committee, the Department of Homeland Security's acting director of the cyber division, Dr Samuel Liles, claimed that the electoral systems of 21 as-yet-unnamed states were tested by hackers from the Russian government in October last year.

The attackers used a variety of publicly known exploits and software vulnerabilities to try to get into election registration and management systems, but not the vote tallying equipment itself. Liles said that of the 21 states that were probed, only a few actually got cracked. He opined that this was probably a preliminary run looking for vulnerabilities.

"A small number of the networks were successfully exploited," he said. "They made it through the door."

http://www.theregister.co.uk/2017/06/22/russian_hackers_cracked_electoral_networks/

 

[min3mat]

Miten minun täytyy suhtautua tälläisen ilmoitukseen?:


VAROITUS!


Apple iPad -laitteesi on vakavasti (6) viruksen vahingoittama!
Olemme havainneet selaimesi Mobile Safari olevan (45,4 %) VAHINGOITTUNUT vioittunut sivustot saamiesi SELAINTROIJALAISTEN vuoksi.

Sinun on toimittava heti, jos et halua jakaa muille tartuntaa ja omia tietojasi, kuten FACEBOOK-TILIÄSI, WHATSAPP-VIESTEJÄSI, VALOKUVIASI JA OMIA SOVELLUKSIASI


Näin voit ratkaista ongelman muutamassa sekunnissa (vaihe vaiheelta):

Vaihe 1: Asenna App Storestä suositeltu sovellus Onavo Protect napauttamalla POISTA VIRUS.

Vaihe 2: Lataa uusimmat päivitykset avaamalla sovellus ja poista mahdolliset vanhemmat (tartunnan saaneet) versiot.
----------
Tälläistä en saanut koskaan aikaisemmin

1) Onko laitteesi Applen iPad
2) Uskotko että joku virustorjuntamainos tietäisi että siellä on tasan tarkkaan kuusi (6) virusta jotka kaikki ovat vahingoittaneet konetta
3) Toimisiko Mobile Safari jos se olisi 45,4 % vahingoittunut selaintroijalaisien vuoksi
4) Onko viruksentorjuntafirman puolesta laillista markkinoida uhkauksilla (ystävillesi tulee tartunta, valokuvat lähtee)
5) Voisiko kaikki 6 virusta poistaa ja safarin (45,4% vahingoittunut) korjata "muutamassa sekunnissa"
6) Ovatko nykypäiväiset virukset poistettavissa poistamalla "tartunnan saaneet versiot" sovelluksista
7) Näyttääkö teksti hyvältä ja virallisen kuuloiselta suomelta, esimerkiksi "laitteesi on vakavasti (6) viruksen vahingoittama) ja näkyykö oikeissa mainoksissa PALJON CAPS LOCKKIA

----------------------

Yleisesti lähes kaikki nykypäivän rikosmielessä tehdyt haittaohjelmat pyrkivät erehdyttämään kohdehenkilöä tekemään jotain. Tulisi avata ja suorittaa tärkeä liitetiedosto, avata tärkeä myöhästymismaksu, ladata tietoturvapäivitys tai lähettää IT-tukeen käyttäjätunnukset ja salasana koska niitä on voitu väärinkäyttää. Tämä viesti täyttää käytännössä kaikki klassisen troijalaisviestin periaatteet. Eli vilkkuvia valoja, jotain on mennyt pahasti pieleen ja asioita tulee korjata NYT HETI ÄKKIÄ PAINA TÄSTÄ - vauhdilla.

Suosittelen ettet paina yhtään mitään, mutta jos vahingossa ehdit jo asentaa, niin säilytä viesti ja pistä rikosilmoitus menemään. Rikosilmoitus siksi, että jos laitteen kautta otetaan esimerkiksi pikavippejä, on sinulla vahva laillinen turva että et itse ole niitä pikavippejä ottanut koska rikosilmoitus asiasta on tehty x.y päivänä.

 

[Maidan]

1) Onko laitteesi Applen iPad
2) Uskotko että joku virustorjuntamainos tietäisi että siellä on tasan tarkkaan kuusi (6) virusta jotka kaikki ovat vahingoittaneet konetta
3) Toimisiko Mobile Safari jos se olisi 45,4 % vahingoittunut selaintroijalaisien vuoksi
4) Onko viruksentorjuntafirman puolesta laillista markkinoida uhkauksilla (ystävillesi tulee tartunta, valokuvat lähtee)
5) Voisiko kaikki 6 virusta poistaa ja safarin (45,4% vahingoittunut) korjata "muutamassa sekunnissa"
6) Ovatko nykypäiväiset virukset poistettavissa poistamalla "tartunnan saaneet versiot" sovelluksista
7) Näyttääkö teksti hyvältä ja virallisen kuuloiselta suomelta, esimerkiksi "laitteesi on vakavasti (6) viruksen vahingoittama) ja näkyykö oikeissa mainoksissa PALJON CAPS LOCKKIA

----------------------

Yleisesti lähes kaikki nykypäivän rikosmielessä tehdyt haittaohjelmat pyrkivät erehdyttämään kohdehenkilöä tekemään jotain. Tulisi avata ja suorittaa tärkeä liitetiedosto, avata tärkeä myöhästymismaksu, ladata tietoturvapäivitys tai lähettää IT-tukeen käyttäjätunnukset ja salasana koska niitä on voitu väärinkäyttää. Tämä viesti täyttää käytännössä kaikki klassisen troijalaisviestin periaatteet. Eli vilkkuvia valoja, jotain on mennyt pahasti pieleen ja asioita tulee korjata NYT HETI ÄKKIÄ PAINA TÄSTÄ - vauhdilla.

Suosittelen ettet paina yhtään mitään, mutta jos vahingossa ehdit jo asentaa, niin säilytä viesti ja pistä rikosilmoitus menemään. Rikosilmoitus siksi, että jos laitteen kautta otetaan esimerkiksi pikavippejä, on sinulla vahva laillinen turva että et itse ole niitä pikavippejä ottanut koska rikosilmoitus asiasta on tehty x.y päivänä.

En painanut mitään onneksi, sen muistanut jo ennestään,ettei saa asentaa mitääm, kun tuli kerran yksi vähän samantyyppinen hujausviesti tähän laitteseen, se oli silloin fishing.

Mielessä kävikin että tämäkin voi olla hujaus, tämä näytti edellisen varrattuna "pelottavammalta", kirkkuvalta ja vilkkuvalta, kun taas edellinen oli harma ja hyvin vaatimaton.
Suljin vain sivun ja jatkoin sarjan katselu.
Kun se tuli taas, ja päätin varmistaa mielirauhan säilyttämiseksi.

Kiitos että vastasitte.

 

[ctg]

Pelottava

WikiLeaks has published online more top-secret documents it has obtained from the CIA describing the agency's hacking tools. This time the dossier details software codenamed Brutal Kangaroo that agents can use to infect targets' air-gapped computers with malware.

The documents, originally written on May 11, 2015 and revised on February 23 the following year, outline the Brutal Kangaroo project, which use compromised Windows PCs to spread malware to non-networked machines via USB sticks. The suite, which supersedes previous toolkits dubbed EZCheese and Emotional Simian, is the kind of cyber-weapon American intelligence may well have used to spread the Stuxnet nasty.

According to the user guide [PDF], the software consists of four specific applications. Shattered Assurance is the server-side code that forms the basis of the attack system and infects USBG drives plugged into an infected computer with the Drifting Deadline malware.

Once an infected thumb drive is plugged into a target computer that is set up to autorun its contents and is using Windows 7 as an operating system and running .Net 4.5, Drifting Deadline deploys Shadow malware onto the system.

Shadow is a much older piece of code – the user manual [PDF] is dated August 31, 2012 – that has client and server versions and is highly configurable for specific targets. The operator can set it up to collect system data of up to 10 per cent of the system's memory, watermark all data it collects, and store it on an encrypted partition on the infected computer's hard drive.

Once the infection has been achieved, Shadow will look for other connected systems and infect those too. It can be set up to put the exfiltrated data onto any new thumb drives that are installed in the system, or send it as a burst if it detects an open internet connection.

The final app in Brutal Kangaroo is Broken Promise, which is a tool used to examine the purloined data easily and quickly. Taken together, the Brutal Kangaroo suite could be very useful for defeating air-gapped machines and is certainly more feasible than more esoteric methods.

There's nothing too surprising about the Brutal Kangaroo suite, or most of the other documents WikiLeaks is releasing as part of its Vault 7 archive. The software described is all something you'd expect an intelligence agency to use.

As for the Stuxnet connection, this malware was put live well after the infection that borked Iran's nuclear centrifuges. However, it's more likely that an insider in Iran was hired to deliver the Stuxnet code into the air-gapped network, rather than spamming the country with malware.

The releases do, however, suggest that whoever thinks up the CIA's software names could get a second job thinking up good names for teenage garage bands. DarkSeaSkies, Sonic Screwdriver, and now Brutal Kangaroo – someone is missing their calling.

Then again, they might need a new job if they were one of the CIA contractors who reportedly focused their hacking skills on the snack machines in their office. According to reports, the contractors found a way to disable the payment system on the snack machines and stole $3,324.40 worth of nibbles.

http://www.theregister.co.uk/2017/06/22/wikileaks_cia_brutal_kangaroo/

 

[ctg]

Naapurista päivää. Vittumaisin homma on selittää maanantaiaamuna politiikolle että niiden passit on uudistettu ja miksi. Intraemaililla sitä ei voi tehdä.

The Russian government is suspected of being behind a cyber-attack on parliament that breached dozens of email accounts belonging to MPs and peers.

Although the investigation is at an early stage and the identity of those responsible may prove impossible to establish with absolute certainty, Moscow is deemed the most likely culprit.

The disclosure follows the release of the first details of the “sustained” cyber-attack that began on Friday. Fewer than 90 email accounts belonging to parliamentarians are believed to have been hacked, a parliamentary spokesman said.

https://www.theguardian.com/politic...-on-uk-parliament-russia-is-suspected-culprit