Cyber-ketju: verkkovakoilu,kännyköiden ja wlanien seuranta, hakkerointi, virukset, DoS etc

[ctg]

When Christmas approaches, the spies of the Five Eyes intelligence services can look forward to a break from the arduous daily work of spying. In addition to their usual job -- attempting to crack encryption all around the world -- they play a game called the "Kryptos Kristmas Kwiz," which involves solving challenging numerical and alphabetical puzzles. The proud winners of the competition are awarded "Kryptos" mugs.

Encryption -- the use of mathematics to protect communications from spying -- is used for electronic transactions of all types, by governments, firms and private users alike. But a look into the archive of whistleblower Edward Snowden shows that not all encryption technologies live up to what they promise.

One example is the encryption featured in Skype, a program used by some 300 million users to conduct Internet video chat that is touted as secure. It isn't really. "Sustained Skype collection began in Feb 2011," reads a National Security Agency (NSA) training document from the archive of whistleblower Edward Snowden. Less than half a year later, in the fall, the code crackers declared their mission accomplished."

http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-security-a-1010361.html

 

[ctg]

At a cybersecurity conference at Fordham university, Director of National Intelligence James Clapper apparently claimed that the Sony Hack was "the most serious cyberattack" made to date against the US. If that's true (and it's likely not), then that really kind of undermines all the claims about just how "serious" cyberattacks are to national security. Yes, the Sony Hack was incredibly embarrassing to Sony and some individuals and partners. Yes, it may cost Sony a significant amount of money in cleaning up the mess. But no one died. No serious long-term problems were created by it. No one has to "rebuild" a city. The actual impact of the hack on the day-to-day lives of most people is next to nothing.

https://www.techdirt.com/articles/2...-which-suggests-no-serious-cyberattacks.shtml

 

[OldSkool]

Sony-tapauksesta on kirjoitettu että se on sikäli poikkeuksellinen "siviilimaailmassa" että siinä ei keskitytty keräämään tietoa tai esim hankkimaan jälleenmyytävää substanssia. Vaan keskityttiin kylmästi aiheuttamaan välitöntä ja laajamittaista tuhoa, nimenomaan yrityksen liiketoiminnalle.
En ole asiaan tarkemmin perehtynyt mutta kyllä lyö firmaa kuin firmaa pahasti molempiin polviin jos firmasta kannetaan julkisuuteen mailit, erilaisia rekistereitä, ja koko tietojärjestelmän rakenne.

http://www.darkreading.com/how-not-to-be-the-next-sony-defending-against-destructive-attacks-/d/d-id/1318516

You know to include the threat of financially motivated cybercriminals in your risk profile. Done.
But what about the ones who don't want money? The ones who just want to hurt you. How do you defend against and recover from attackers whose sole goal is to destroy?
<snip>
Destructive attacks are also, in many ways, easier to do.
"If your only goal is to do damage," says Jonathan Sander, strategy and research officer for Stealthbits Technologies, "you don't need a lot of access."
As some security experts have said, the Sony attackers could have compromised the company with just a humble phishing message, then planted the wiper malware and let it take it from there. Malware is quite good at proliferating itself, so the hackers could simply sit back and watch. Watch as the malware deleted all the company's data and turned its hardware into expensive paperweights.
The Sony hackers opted to first burrow deeper into the network to access and exflitrate huge amounts of data -- intellectual property, regulated personally identifiable information, incriminating emails, and the details of the company's entire IT infrastructure. Instead of selling it, the attackers simply uploaded the whole lot to Pastebin where anyone could see it, damaging the company in another way.
<snip>
It left the company without client machines, email, VoIP, or any of the other usual communications technology.
Further, when a cyber incident occurs, fingers may be pointed, eyebrows raised, and questions asked about whether a malicious insider was involved. Was it a disgruntled ex-worker who has left more timebombs? Is that person still within the company?
That's a scary proposition.
Sony really needs to rebuild from scratch, since every detail of their IT infrastructure was publicly exposed. If one of the culprits could still be working within the company, do you want to involve them in the rebuild process? Or should that all be outsourced to a third-party without a dog in the fight?

 

[veffeade]

"Sony-tapauksesta on kirjoitettu että se on sikäli poikkeuksellinen "siviilimaailmassa" että siinä ei keskitytty keräämään tietoa tai esim hankkimaan jälleenmyytävää substanssia. Vaan keskityttiin kylmästi aiheuttamaan välitöntä ja laajamittaista tuhoa, nimenomaan yrityksen liiketoiminnalle."

Sitähän nämä OP-Pankki, Danske Banke ja Nordea hyökkäykset olivat. Nää vesselit pitäisi ottaa kiinni; asettaa arestiin ja laittaa arestin sijaan palvelukseen SA:lle...

Btw: Miksiköhän nämä huijjausviestit ja varoitukset kansalaisille "XXX Pankin asiakkaille on lähtetty huijausviestejä..." eivät aiheuta hekumaa mitenkään:
- Mistä pirusta nämä lähettäjät ovat hakkeroineet sähköpostiosoitteet joihin lähtellään: Oikeasti herätys nyt F-Secure ja muut

 

[ctg]

Twitter and YouTube accounts belonging to the military’s US Central Command were hacked on Monday. Hackers supportive of the terrorist group Islamic State, also known as ISIS, took credit and issued a warning to the US military.

“AMERICAN SOLDIERS, WE ARE COMING, WATCH YOUR BACK. ISIS,” the hackers tweeted through the account for the US Central Command, which is the military command for the Middle East, North Africa, and Central Asia. The tweet included a link to a statement that read in part:

“While the US and its satellites kill our brothers in Syria, Iraq and Afghanistan we broke into your networks and personal devices and know everything about you,” it read. “You’ll see no mercy infidels. ISIS is already here, we are in your PCs, in each military base. With Allah’s permission we are in CENTCOM now. We won’t stop! We know everything about you, your wives and children. U.S. soldiers! We’re watching you!”

The group also replaced the Twitter profile image with an image of a person wearing a black and white keffiyeh, and the text CyberCaliphate and “i love you isis.”

Forty minutes after the first hacked tweet, Twitter suspended the account

http://www.wired.com/wp-content/uploads/2015/01/centcom-hack11.jpg

 

[ctg]

The FBI’s statement that North Korea is responsible for the cyber attack on Sony Pictures Entertainment has been met with various levels of support and criticism, which has polarized the information security community. At its core, the debate comes down to this: Should we trust the government and its evidence or not? But I believe there is another view that has not been widely represented. Those who trust the government, but disagree with the precedent being set.

http://www.wired.com/2015/01/feds-got-sony-hack-right-way-theyre-framing-dangerous/

The problem in this case is that the government made a decision to have public attribution without the needed public evidence to prove it. It sets a dangerous international precedent whereby we’re saying to the world “we did the analysis, don’t question it—it’s classified—just accept it as proof.”

This opens up scary possibilities. If Iran had reacted the same way when it’s nuclear facility was hit with the Stuxnet malware we likely would have all critiqued it. The global community would have not accepted “we did analysis but it’s classified so now we’re going to employ countermeasures” as an answer. If the attribution was wrong and there was an actual countermeasure or response to the attack then the lack of public analysis could have led to incorrect and drastic consequences. But with the precedent now set—what happens next time?

 

[ctg]

Palantir’s data analysis solution targets three industries: government, the finance sector and legal research. Each of these industries must wrestle with massive sets of data. To do this, Palantir’s toolsets are aimed at massive data caches, allowing litigators and the police to make connections otherwise invisible. For example, a firm hired by the Securities Investment Protection Corporation used Palantir’s software to sort through the mountains of data, over 40 years of records, to convict Ponzi schemer Bernie Madoff (of all things).

http://techcrunch.com/2015/01/11/le...eals-uses-specific-functions-and-key-clients/

The document confirms that Palantir is employed by multiple US Government agencies. One of the company’s first contracts was with the Joint IED Defeat Organization in 2006. From 2007-2009 Palantir’s work in Washington expanded from eight pilots to more than 50 programs.

As of 2013, Palantir was used by at least 12 groups within the US Government including the CIA, DHS, NSA, FBI, the CDC, the Marine Corps, the Air Force, Special Operations Command, West Point, the Joint IED-defeat organization and Allies, the Recovery Accountability and Transparency Board and the National Center for Missing and Exploited Children.

 

[ctg]

The Birth of D Weapons

According to top secret documents from the archive of NSA whistleblower Edward Snowden seen exclusively by SPIEGEL, they are planning for wars of the future in which the Internet will play a critical role, with the aim of being able to use the net to paralyze computer networks and, by doing so, potentially all the infrastructure they control, including power and water supplies, factories, airports or the flow of money.

During the 20th century, scientists developed so-called ABC weapons -- atomic, biological and chemical. It took decades before their deployment could be regulated and, at least partly, outlawed. New digital weapons have now been developed for the war on the Internet. But there are almost no international conventions or supervisory authorities for these D weapons, and the only law that applies is the survival of the fittest.

Canadian media theorist Marshall McLuhan foresaw these developments decades ago. In 1970, he wrote, "World War III is a guerrilla information war with no division between military and civilian participation." That's precisely the reality that spies are preparing for today.

The US Army, Navy, Marines and Air Force have already established their own cyber forces, but it is the NSA, also officially a military agency, that is taking the lead. It's no coincidence that the director of the NSA also serves as the head of the US Cyber Command. The country's leading data spy, Admiral Michael Rogers, is also its chief cyber warrior and his close to 40,000 employees are responsible for both digital spying and destructive network attacks.

http://www.spiegel.de/international...-preparations-for-cyber-battle-a-1013409.html

 

[ctg]

Long ago, the story goes, Greek soldiers tried for 10 years to conquer the city of Troy. Eventually, they departed, leaving behind a large wooden horse, apparently as a gift. The Trojans pulled the beautiful tribute inside. Later, a group of Greek soldiers slipped out of the horse and opened the gates for their compatriots, who easily sacked the sleeping city.

Nowadays, some 3,000 years on, a Trojan is a seemingly innocuous piece of software that actually contains malicious code. Security companies are constantly developing new tests to check for these threats. But there is another variety of Trojan—the “hardware Trojan”—that has only started to gain attention, and it could prove much harder to thwart.

A hardware Trojan is exactly what it sounds like: a small change to an integrated circuit that can disturb chip operation. With the right design, a clever attacker can alter a chip so that it fails at a crucial time or generates false signals. Or the attacker can add a backdoor that can sniff out encryption keys or passwords or transmit internal chip data to the outside world.

There’s good reason to be concerned. In 2007, a Syrian radar failed to warn of an incoming air strike; a backdoor built into the system’s chips was rumored to be responsible. Other serious allegations of added circuits have been made. And there has been an explosion in reports of counterfeit chips, raising questions about just how much the global supply chain for integrated circuits can be trusted.

http://spectrum.ieee.org/semiconductors/design/stopping-hardware-trojans-in-their-tracks

 

[ctg]

Just weeks ago, SPIEGEL published the source code of an NSA malware program known internally as QWERTY. Now, experts have found that it is none other than the notorious trojan Regin, used in dozens of cyber attacks around the world.

http://www.spiegel.de/international...-publishes-source-code-a-1015255.html#ref=rss

 

[ctg]

Crypto pioneer Phil Zimmermann has labelled UK Prime Minister David Cameron’s anti-encryption plans as "absurd".

Zimmermann, creator of the PGP email privacy package, countered Cameron's argument that encryption is creating a means for terrorists and child abusers to communicate in private, arguing instead that intelligence agencies such as GCHQ and the NSA have "never had it so good".

http://www.theregister.co.uk/2015/02/03/zimmermann_slams_cameron_anti_encryption_policies/

 

[ctg]

Germany's external spy agency saves tens of millions of phone records every day, according to leaked files that expose its NSA-style mass surveillance programme for the first time.

The Bundesnachrichtendienst, or BND, Germany's foreign intelligence agency, collects metadata on 220 million calls every day, with at least some of this data passed onto the NSA.

Moreover, the information hoovered up includes records of phone numbers involved in a call or text message, the time of a communication and the length of a call (but, crucially, not the content of a communication).

BND carries out surveillance of international communications sent by both satellites and internet cables that pass through one of several key locations, Die Zeit Online reports.

Zeit Online has learned from secret BND documents that agency locations are involved in gathering huge amounts of metadata. Metadata vacuumed up across the world (220 million pieces a day) flows into BND branch offices in the German towns of Schöningen, Reinhausen, Bad Aibling and Gablingen.

There, they are stored for between a week and six months and sorted according to still-unknown criteria.

But the data aren’t just collected; they are also used to keep tabs on, and track of, suspects.

The collection of telecoms traffic of German citizens would breach national data protection laws. The "classified files" omit a full explanation of either how this data is collected or how the call records of German citizens are filtered off before this information is stored.

The leaked intelligence docs revealed that approximately one per cent of the metadata trawl every day is stored for up to 10 years. The remainder is discarded after weeks or months.

Privacy group Access Now, which according to its website "defends and extends the digital rights of users at risk around the world", called on the BND to curtail its NSA-style "collect-it-all" programme, with Germany being one of the most vocal international critics of NSA surveillance.

Peter Micek, a policy counsel and telecoms expert at Access, said the revelations about German spying showed the importance of getting international safeguards and agreements about online privacy rights.

Micek argued that mass surveillance is a poor tool in fighting terrorism: "What happened in Paris was terrible, but now I think that officials are simply grasping at straws. Retaining more data on ordinary users — regardless on what level — is not going to solve our problems."

Eric King, deputy director of Privacy International, which claims to "fight for the right to privacy across the world", added that "untargeted telephone surveillance being undertaken by BND is neither necessary nor proportionate and must be brought under control".

"Saying that it is collecting personal information from non-Germans is no justification for this level of spying, and is an insult to the rest of the world," he told Die Welt‬. ®

http://www.theregister.co.uk/2015/02/04/germany_bnd_muscles_in_on_metadata_mass_surveillance/

 

[ctg]

"A remote-code execution vulnerability existed in how Group Policy received and applied policy data when connecting to a domain," explained Microsoft's security team.

"Concurrently, a vulnerability existed whereby Group Policy could fail to retrieve valid security policy and instead apply a default, potentially less secure, group policy. This could, in turn, be used to disable the domain enforced SMB Signing policy."

The team continued:

More importantly, SMB Client doesn’t require SMB Signing by default so it is possible to direct the domain related traffic, especially the unencrypted traffic, to attacker controlled machines and serve malicious content to the victims in response. To block this kind of attacks we added the ability to harden the UNC path access within domain network.

The Redmond giant said it's not aware of anyone exploiting this design flaw in the wild.

http://www.theregister.co.uk/2015/0...unprecedented_zeroday_design_flaw_in_windows/

Tietenkään Redmond ole tietoinen mistään mitään kun suunnittelun jäljet johtavat pieneen peilitaloon marylandissa.

 

[ctg]

After the Stuxnet digital weapon was discovered on machines in Iran in 2010, many security researchers warned that US adversaries would learn from this and other US attacks and develop similar techniques to target America and its allies.

A newly published document leaked by Edward Snowden indicates that the NSA feared the same thing and that Iran may already be doing exactly this. The NSA document from April 2013, published today by The Intercept, shows the US intelligence community is worried that Iran has learned from attacks like Stuxnet, Flame and Duqu—all of which were created by the same teams—in order to improve its own capabilities.

http://www.wired.com/2015/02/nsa-acknowledges-feared-iran-learns-us-cyberattacks/

 

[ctg]

Tämä teknologia mahdollistaa uusien offensiivisien viiruksien luomisen ja melkein läpipääsemättömän anonymiteetin. Samalla se pakottaa uusien puolustusten luomisen ja käyttöönoton, kun analysointi ei ole enään niin helppoa.

Software reverse engineering, the art of pulling programs apart to figure out how they work, is what makes it possible for sophisticated hackers to scour code for exploitable bugs. It’s also what allows those same hackers’ dangerous malware to be deconstructed and neutered. Now a new encryption trick could make both those tasks much, much harder.

At the SyScan conference next month in Singapore, security researcher Jacob Torrey plans to present a new scheme he calls Hardened Anti-Reverse Engineering System, or HARES. Torrey’s method encrypts software code such that it’s only decrypted by the computer’s processor at the last possible moment before the code is executed. This prevents reverse engineering tools from reading the decrypted code as it’s being run. The result is tough-to-crack protection from any hacker who would pirate the software, suss out security flaws that could compromise users, and even in some cases understand its basic functions.

“This makes an application completely opaque,” says Torrey, who work as a researcher for the New York State-based security firm Assured Information Security. “It protects software algorithms from reverse engineering, and it prevents software from being mined for vulnerabilities that can be turned into exploits.”

A company like Adobe or Autodesk might use HARES as a sophisticated new form of DRM to protect their pricey software from being illegally copied. On the other hand, it could also mean the start of a new era of well-armored criminal or espionage malware that resists any attempt to determine its purpose, figure out who wrote it, or develop protections against it. As notable hacker the Grugq wrote on twitter when Torrey’s abstract was posted to SyScan’s schedule, HARES could mean the “end of easy malware analysis. ”

http://www.wired.com/2015/02/crypto-trick-makes-software-nearly-impossible-reverse-engineer/

Torrey says he intends HARES to be used for protection against hacking—not for creating mysterious malware that can’t be dissected. But he admits that if HARES works, it will be adopted for offensive hacking purposes, too. “Imagine trying to figure out what Stuxnet did if you couldn’t look at it,” he says. “I think this will change how [nation-state] level malware can be reacted to.”

 

[Amatööri]

lähelle pysäköidystä maasturista nousee pari nahkatakkista miestä ….

Mites se Dingon kappale? Nahkatakkinen tyttö.... No se siitä. Voisihan noita nahkatakkeja vähän rapsuttaa ja katsoa mitä tapahtuu? Heittäis vaikka pari isompaa kiveä maasturin ikkunoihin. Tulleeko Supo paikalle, vai tavallinen polliisi. En kyllä kehota ketään näin tekemääm, sillä se olisi rikos. Ja yllyttäminen rikokseen on sama kuin itse tekisi ko. rikoksen.

 

[Johannes]

"Helsingin Sanomien käyttämät laitteet havaitsivat verkkohäiriöitä ainakin Tehtaankadun loppupäässä ja Kulosaaren lähetystöalueella."

Ei hirveästi yllätä. Mutta mikä yllättää on että luuri ei osaa kertoa käyttäjälleen, että mistä on kyse vaikka softassa olisi mahdollisuus antaa käyttäjälleen ilmoitus mitä luotain havaitsi muuten kuin värejä käyttämällä.

Yleisesti tunnettu fakta, että normi 3GPP teknologialla verkkoon voi asentaa tukiaseman, joka väittää olevansa TeliaSonera, Elisa tai muun verkon normi tukari. Tukari valmistajia on N kappaletta ja kaikilla on salausalgoritmit hanskassa. Toisaalta, mikään ministeriö tai suurempi yritys Suomessa ei saisi olla niin tyhmä, että luottaa strategisissa asioissa kännyverkkoihin. Mobiileihin on saatavilla myös salaussoftia, joilla liikenne salataan vielä kertaalleen.

Pitää ottaa myös huomioon se, että "häiriöt" voivat olla ihan tavallista paskaa radioverkkosuunnittelua. Sekin on enemmän kuin tavallista.

Helppo keino etsiä noita vääriä tukareita on sammuttaa hetkeksi se oikea verkko. Nämä väärät tukarit jatkavat toimintaansa. Uuups.... Eikös muutama kuukausi sitten Hesassa käynyt niin, että oli "verkon softapäivitys" ongelmia ja verkkoja oli nurin.

Ihanaa kun voi heittää kunnon salaliittoteorian johonkin kohtaan...

Johannes

 

[hessukessu]

3G verkoissa myös tukiasema tunnistaa itsensä käyttäjälle, joten se ei onnistu. Sen sijaan voi toki häiritä 3G:n matalaksi ja tarjota "omaa" 2G tukiasemaa tilalle. Puhelin ottaa sen automaattisesti käyttöönsä ja 2G:ssä tukiasema ei tunnista itseään puhelimelle, joten vilppi onnistuu.

Tältä voi suojautua niin, että vääntää puhelimen asetukset niin, että puhelin ei milloinkaan ota yhteyttä 2G verkkoon. Mutta kukapas moista viitsii tehdä, sehän veisi varmaan 5s aikaa ja olisi niiiiiiin vaivalloista ja eihän kukaan nyt mun puhelintani kuuntele jne. yms. tms.

 

[peelo]

3G verkoissa myös tukiasema tunnistaa itsensä käyttäjälle, joten se ei onnistu. Sen sijaan voi toki häiritä 3G:n matalaksi ja tarjota "omaa" 2G tukiasemaa tilalle. Puhelin ottaa sen automaattisesti käyttöönsä ja 2G:ssä tukiasema ei tunnista itseään puhelimelle, joten vilppi onnistuu.

Tältä voi suojautua niin, että vääntää puhelimen asetukset niin, että puhelin ei milloinkaan ota yhteyttä 2G verkkoon. Mutta kukapas moista viitsii tehdä, sehän veisi varmaan 5s aikaa ja olisi niiiiiiin vaivalloista ja eihän kukaan nyt mun puhelintani kuuntele jne. yms. tms.

Taitaa vaan olla että suurimmalla osalla puhelimista ei voi tehdä valintaa jolla saisi 2G-verkon estettyä. Puhelimen voi pakottaa pelkästään 2G-verkkoon.



Jotenkin mulla sellainen käsitys että noi valetukiasemat on vain häirintään ja verkon käyttäjien kartoittamiseen. Mitään varsinaista tietoa tuollaisen valetukiaseman avulla ei ilmeisesti voi kerätä. Eli kännykkä tekee kyselyn tukiasemista, valetukiasema vastaa ja kännykkä yrittää liittyä tukiasemaan. Mutta tukiasema ei ole operaattorin verkossa joten mitään varsinaista datan siirtoa ei tapahdu kun oikeaa vastaanottajaa ei ole tavoitettu. Eiköhän kuitenkin aluksi muodosteta yhteys operaattorin "keskukseen" tai esim puhelun osalta vastaanottajaan. Meneekö se jotenkin näin?

 

[hessukessu]

Taitaa vaan olla että suurimmalla osalla puhelimista ei voi tehdä valintaa jolla saisi 2G-verkon estettyä. Puhelimen voi pakottaa pelkästään 2G-verkkoon.

No ainakin joka ikinen Androidi ja Nokialainen, joka minulla on ollut, on kiltisti pysynyt vain 3G verkossa kun se on niin määrännyt. Jos 3G:tä ei ole ollut, se on pudonnut pois verkosta. Sieltä senkun vaan valitsee "pelkästään 3/4G" niin se on siinä.

Tosin tuo 3G salauskin on kyllä paskaa ja murtuu tarpeen vaatiessa helposti tiedustelupalveluiden toimesta. 4G:ssä tilanne on käsittääkseni vielä parempi, mutta ei siinäkään ole tajuttu ottaa kunnon vahvoja salauksia käyttöön jostain kumman syystä. Mutta estää tuo nyt ainakin valetukiasemalla tehtävän rutiinikuuntelun kun pakottaa sen kännykän 3/4G-verkkoon eikä muuhun.

Mutta tukiasema ei ole operaattorin verkossa joten mitään varsinaista datan siirtoa ei tapahdu kun oikeaa vastaanottajaa ei ole tavoitettu. Eiköhän kuitenkin aluksi muodosteta yhteys operaattorin "keskukseen" tai esim puhelun osalta vastaanottajaan. Meneekö se jotenkin näin?

Ei mene. Valetukiasema voi ottaa puhelimen vastaan (siis jos on 2G verkossa) ja reitittää puhelun normaaliin verkkoon väittämällä sinne, että puhelimesta on salaus otettu pois päältä. Rautalankana siis homma menee niin, valetukiasemasta on vaikka linkki suoraan varsinaiseen tukiasemaan tai johto jonnekin muualle antenniin josta yhteys on varsinaiseen tukiasemaan. Puhelin kääntää salauksen pois, koska valetukiasema väittää, ettei salausta nyt tueta ja oikea tukiasema kääntää salauksen pois, koska valetukiasema väittää sille olevansa tuo puhelin joka ei nyt pysty jostain syystä salausta käyttämään.