Cyber-ketju: verkkovakoilu,kännyköiden ja wlanien seuranta, hakkerointi, virukset, DoS etc

[veffeade]

Duoda duoda, mitäs te nyt pelkästään 3G verkoista puhutte?. Pohjalla sielläkin on normi puhe (1-2g) ja data (2-4g) sen päälle. Kännyverkoissa prioriteetti on puheessa. Kännykkä ottaa kiinni siitä tukiasemasta joka on OMAN OPERAATTORIN vahvin. Dataliikenne voidaan roaming määrityksin kieltää vieraan operaattorin verkkoon.

Jokaisessa luurissa on siis mahdollisuus estää verkkovierailut: tämä käsittääkseni koskee vain dataa, koska normi puhe ei koskaan ymmärtääkseni siis kulje muun kuin oman operaattorin verkossa. Tietty jos FSB:n tukiasema matkii Saunalahtea -> kännykkäni ottanee oikeinkin mielellään kiinni tästä tukiasemasta ilman mitään ilmoitusta käyttäjälle ja jos tukiaseman recording on ON-asennossa, jälki jää. Tämähän lienee todistettu näillä "Meillä ei kuulu kuin DNA, naapurilla kuuluu Sonera ja siskon kummin kaimalla kuulluu mökillä ainoastaan Elisa", siis puheyhteydet.

Kumpi tässä nyt on tärkeämpää: Puheen ELSOtus vaiko datan ELSOtus. Data voidaan lähettää salattuna luurista sopivalla softalla, mutta käyttäjä ei voi sille mitään jos tukiasema on hakkerin omistuksessa, ja lähettelee puheen salaamattomana eteenpäin. Salattuahan tuo on kapulasta tukiasemaan.

Mielenkiintoista tässä on se, että esim. operaattori Elisa voi rakentaa "GSM+Data verkon" siten, että toisen operaattorin verkosta on sinne pääsy ilman mitään ilmoitusta käyttäjälle: koskee puhetta ja dataa. Operaattori DNA esim "on ostanut käyttöoikeuden" ao. verkkoratkaisuun ja kas: kännykkä näkee tämän Elisan verkon DNA verkkona ja alkaa jutella sujuvia ilman mitään ilmoituksia asiasta. Käytännössä siis kahden operaattorin välinen "vuokrasopimus ja sopivat laitteet". Jaskaa en tässä puhu, meillä on työpaikan kiinteistössä juurikin tälläinen järjestely. Yhteinen verkko, Elisa näkee verkon Elisana ja DNA aitona DNA:a. Soneran liittymät yllättäen eivät "väärinpäin olevassa Faradayn Häkissä toimi (lue erittäin matalaenergiatalo)"

Koska em. on oikeasti speksien mukaan mahdollista, on siis täysin mahdollista rakentaa "liikkuvia kuunteluasemia" ilman että kenellekään jää mitään jälkeä: Puhe tai data signaali otetaan kapuloista alkuperäisen operaattorin nimissä, tallennetaan, välitetään eteenpäin "viralliselle tukiasemalle".
Tallenteet sitten FSB:n analysointiin.

Tässä tulee mieleen, jotta paras ratkaisu näihin ongelmiin olisi kehittää tämä ratkaisu valmiiksi tosin kääntäen:

Lähde: http://fi.wikipedia.org/wiki/Aleksandr_Solženitsyn

"Oltuaan vankina useissa muissa instituutioissa Solženitsyn siirrettiin erikoisvankila "Numero kuuteentoista" Moskovan ulkopuolella heinäkuussa 1947. Tämä oli niin sanottu šaraška, laitos korkeasti koulutetuille vangeille, tiedemiehille joiden pakkotyöhön kuului pitkälle viety tieteellinen tutkimus. Hänet sijoitettiin sinne matemaattisen lahjakkuutensa takia, jonka ansiosta hän arveli henkensä pelastuneen. Päivisin Solženitsyn työskenteli elektronisen äänentunnistusprojektin kanssa, jonka eräs sovellus oli viestien koodaus".

Muistelen että kyseessä olisi ollut VOKOODERI? (voice coder?)...

Muistelen nähneeni tästä elokuvankin, tosin en ole varma oliko se tämä...

http://fi.wikipedia.org/wiki/Ivan_Denisovitshin_päivä_(elokuva)

Jotenkin tämä pyörii khyl mielessä ...

http://fi.wikipedia.org/wiki/Ensimmäinen_piiri

 

[hessukessu]

Duoda duoda, mitäs te nyt pelkästään 3G verkoista puhutte?. Pohjalla sielläkin on normi puhe (1-2g) ja data (2-4g) sen päälle.

1G verkkoa ei Suomessa enää edes ole. Puhe ja muu kulkee siinä verkossa, joka parhaiten on saatavilla, eli yleensä 3G:ssä.

Mutta muuten oikein.

 

[ctg]

A digital leak to Al Jazeera of hundreds of secret intelligence documents from the world's spy agencies has offered an unprecedented insight into operational dealings of the shadowy and highly politicised realm of global espionage.

Over the coming days, Al Jazeera's Investigative Unit is publishing The Spy Cables, in collaboration with The Guardian newspaper.

Spanning a period from 2006 until December 2014, they include detailed briefings and internal analyses written by operatives of South Africa's State Security Agency (SSA). They also reveal the South Africans' secret correspondence with the "US intelligence agency", the CIA, Britain's MI6, Israel's Mossad, Russia's FSB and Iran's operatives, as well as dozens of other services from Asia to the Middle East and Africa.

The files unveil details of how, as the post-apartheid South African state grappled with the challenges of forging new security services, the country became vulnerable to foreign espionage and inundated with warnings related to the US "War on Terror".

http://www.aljazeera.com/news/2015/...ad-iran-southafrica-leak-150218100147229.html

The scale of the leak, coming 20 months after US whistleblower Edward Snowden handed over tens of thousands of NSA and GCHQ documents to the Guardian, highlights the increasing inability of intelligence agencies to keep their secrets secure.

While the Snowden trove revealed the scale of technological surveillance, the latest spy cables deal with espionage at street level – known to the intelligence agencies as human intelligence, or “humint”. They include surveillance reports, inter-agency information trading, disinformation and backbiting, as well as evidence of infiltration, theft and blackmail.

The leaks show how Africa is becoming increasingly important for global espionage, with the US and other western states building up their presence on the continent and China expanding its economic influence. One serving intelligence officer told the Guardian: “South Africa is the El Dorado of espionage.”

http://www.theguardian.com/world/2015/feb/23/leaked-spy-cables-netanyahu-iran-bomb-mossad

 

[ctg]

http://www.aljazeera.com/news/2015/...a-south-ssa-guardian-mos-150219180058280.html

 

[ctg]

Cisco will ship boxes to vacant addresses in a bid to foil the NSA, security chief John Stewart says.

The dead drop shipments help to foil a Snowden-revealed operation whereby the NSA would intercept networking kit and install backdoors before boxen reached customers.

The interception campaign was revealed last May.

Speaking at a Cisco Live press panel in Melbourne today, Stewart says the Borg will ship to fake identities for its most sensitive customers, in the hope that the NSA's interceptions are targeted.

"We ship [boxes] to an address that's has nothing to do with the customer, and then you have no idea who ultimately it is going to," Stewart says.

"When customers are truly worried ... it causes other issues to make [interception] more difficult in that [agencies] don't quite know where that router is going so its very hard to target - you'd have to target all of them.

There is always going to be inherent risk."

Stewart says some customers drive up to a distributor and pick up hardware at the door.

He says nothing could guarantee protection against the NSA, however. "If you had a machine in an airtight area ... I stop the controls by which I mitigate risk when I ship it," he says, adding that hardware technologies can make malicious tampering "incredibly hard".

Cisco has poked around its routers for possible spy chips, but to date has not found anything because it necessarily does not know what NSA taps may look like, according to Stewart.

After the hacking campaign Borg boss John Chambers wrote a letter to US President Barack Obama saying the spying would undermine the global tech industry.

http://www.theregister.co.uk/2015/0..._supply_chain_taps_ask_cisco_for_a_dead_drop/

 

[Maidan]

http://www.bloomberg.com/news/artic...ity-kaspersky-has-close-ties-to-russian-spies

 

[ctg]

Canada’s spy agency, the Communication Security Establishment (CSE), is a major player in global hacking operations and boasts a vast array of cyberwarfare tools, revealed in news reports on Monday, that rivals that of the United States’ National Security Agency.

http://rinf.com/alt-news/surveillan...eaks-prove-canada-is-hacking-on-global-scale/

 

[BlackFox]

Korjataas hiukan. Roaming ei estä toimimasta eri verkossa, jos kännykkä toteaa sen suomalaiseksi verkoksi niin se siihen yhdistää on se saunalahden masto tai soneran. Roaming estää ulkomaan mastoihin yhdistämisen

 

[Amatööri]

na.

 

[ctg]

The Drug Enforcement Administration (DEA) and the United States Army have almost certainly been buying questionable remote access hacking tools for years from an Italian company called Hacking Team, via an obscure American reseller called Cicom USA.

Hacking Team openly advertises what it calls its "Remote Control System," (RCS) a piece of malware remotely installed on a target’s computer or smartphone. As the company touts: "Evidence collection on monitored devices is stealth and transmission of collected data from the device to the RCS server is encrypted and untraceable."

http://arstechnica.com/tech-policy/...-1-2m-worth-of-hacking-tools-in-recent-years/

 

[ctg]

Research studies on drone vulnerabilities published in recent years essentially provided hackers a how-to guide for hijacking unmanned aircraft, an Israeli defense manufacturer said Monday.

A real-life downing of a CIA stealth drone by Iranians occurred a month after one such paper was published, noted Esti Peshin, director of cyber programs for Israel Aerospace Industries, a major defense contractor. In December 2011, the Christian Science Monitor reported that Iran navigated a CIA unmanned aerial vehicle safely down to the ground by manipulating the aircraft's GPS coordinates.

The 2011 study, co-authored by Nils Ole Tippenhauer of ETH Zurich and other ETH and University of California academics, was titled "The Requirements for Successful GPS Spoofing Attacks." The scholars detailed how to mimic GPS signals to fool GPS receivers that aid navigation.

"It’s a PDF file… essentially, a blueprint for hackers," Peshin said.

http://www.nextgov.com/defense/2015/04/heres-how-you-hack-drone/111229/?oref=ng-HPtopstory

http://www.cs.ox.ac.uk/files/6489/gps.pdf

 

[Vonka]

Suomen ja Yhdysvaltain intressit eroavat juuri verkkoasioissa. Yhdysvaltain tiedusteluintressi heikentää meidän puolustusvalmiuksiamme, koska Suomen etu liittyy riittäviin suojauksiin ja Yhdysvaltain etu tiedusteluun, joka helpottuu matalilla suojilla ja takaporteilla.

Tiivistän yhden aika mielenkiintoisen Martin von Willebrandtin alustuksen, jossa asiaa selitetään niin, että maallikkokin pääsee jyvälle. Myös kommenttiosio kannattaa lukea:

Yhdysvallat

Yhdysvaltain NSA on verkkotiedustelun resurssien ja osaamisen osalta ylivertaisessa asemassa. Sillä on myös oikeudenkäyttömahdollisuudet isoja yhdysvaltalaisia yrityksiä kohtaan, kuten Microsoft, Google, Amazon, Facebook, Cisco jne. Se on täysin omassa luokassaan. Yhdysvaltojen perinteinen sotakone ja kyberkoneisto on vertaansa vailla. Ainoat uhat ovat ydinaseisku ja terrorismi. Yhdysvaltojen kannattaa kyvykkyytensä kasvattamiseksi satsata verkkotiedusteluun, eli siis NSA:n toimintaan.

Periaatteessa NSA:n tavoite on pitää verkon suojaukset määrätyllä tavalla alhaalla.

Kyberrikollinen saattaa saada huonosti hoidetun pankin toimintakyvyttömäksi, mutta kyberrikollinen ei lähetä vihreitä miehiä tämän jälkeen valvomaan pankin toimintaa ja ”varmistamaan” että pankki toimii. Kyberrikollinen ei käy hybridisotaa. Koska Yhdysvaltoihin ei käytännössä kohdistu hybridisodankäynnin uhkaa, kannattaa sen sietää sitä, että yksittäisiin organisaatioihin voi kohdistua uhkaa, jos se vastapainoksi pystyy keräämään helposti tietoa verkosta. Yhdysvaltojen kannattaa siis – turvallisuusnäkökulmasta – nakertaa verkon turvallisuusstandardeja ja ujutella takaportteja.

Suomi

Terroriuhkakuvan vaikuttavuus on pienempi kuin Venäjän hybridisodankäynnin.

Uhat siitä, että maksuliikenne, energiahuolto tai puhelin- ja viestintäliikenne eivät toimi, ovat isoja uhkia yhteiskunnan toimivuudelle ja myös yhteiskunnan puolustamiselle. Suomen tulisi torjua näitä uhkia. Sama koskettaa yhteiskuntaa laajemminkin: kaikki toiminnan lamautuminen heikentää yhteiskuntamme toimivuutta – esimerkiksi liikenne, kaupan keskusliikkeet, vesihuolto – ja siten puolustuskykyämme, eli kykyämme vastustaa.

Näiden uhkien torjuminen, tai niiden vaikuttavuuden vähentäminen, parantaa Suomen puolustusta, eli nostaa hintaa, jonka hyökkääjä joutuisi tavoitteidensa saavuttamisesta maksamaan.

Ensisijaista on rakentaa mahdollisimman tietoturvallista verkkoa, tehdä verkon tiedustelu, häirintä ja haavoittaminen Suomessa vaikeaksi. Tämä tarkoittaa laitteistojen fyysistä turvallisuutta; verkkoarkkitehtuurin suunnittelua; verkkopalveluiden suunnittelua; verkon laitteita, joiden ohjelmistot tunnemme; avoimia, tunnettuja ja testattuja tiedonvälityksen protokollia; salauksien pysyvää käyttöä ns. end-to-end niin että käytetyt ohjelmat tukevat salausta; tiedon kryptaamista laajasti tunnetuilla teknologioilla. Kaikkeen tällaiseen on olemassa valmiita ratkaisuja, niitä ei vain aina käytetä.

https://intellectualtransitzone.wordpress.com/2015/01/12/verkkotiedustelu-vai-verkkopuolustus/

 

[vlad]

Informaatiosota on kyllä asia, joka jää kaikkineen ymmärtämättä. Oliko eilen uutisissa, että Saksan Turvallisuusviranomainen on hokannut amerikkalaisten 12 tuhatta yritystä päästä järjestelmiin kiinni. Mitä tästä pitää ajatella? Usa siis vakoilee liittolaisiaan sen kuin ehtii, eikä juuri näytä välittävän siitä, että käry käy tasaisin välein. Sitä voisi äkkinäinen kuvitella, että maailman näkeminen mustavalkoisena on tänään suurempaa typeryyttä kuin mitä kuvitella voi.

Kuten todettua, kaikki hyökkäykset eivät välttämättä ole yhdysvaltalaisten käsialaa, mutta toisaalta sitten, aivan kuten totesit, NSA:n osuutta ei pidä vähätellä ja faktisesti yhdysvaltalaisten tiedusteluorganisaatioiden osuus on varmasti merkittävä ja he operoivat kokonaisuudessa siltä kantilta katsoen mikä hyödyttää Yhdysvaltoja eli seuraus on sitten se, että myös niitä liittolaisia vakoillaan ja heidän järjestelmiä testataan ja heidän asemaansa myös kyseenalaistetaan. Pitää siis unohtaa tietty naiivi hyvä usko ja ymmärtää suuren maailman realiteetteja, kaikenlainen tieto voi jossain vaiheessa olla hyödyksi ja aivan kuten Venäjällä myös Yhdysvalloissa (ja monissa muissa maissa) ei tunneta moraalista pistoa sydämessä kun näitä tietoja kerätään ja käytetään hyödyksi ja jos tämä voidaan perustella "valtion turvallisuuden lisäämisellä" niin aina vaan parempi - perustelu kun uppoaa tietyllä tapaa vainoharhaisessa tiedustelumaailmassa ja suurvaltapolitiikassa päättäjiin että kansaan kuin kuuma veitsi voihin.

Ja eri toimijoiden intresseistä sitten seuraa tietenkin se, että asioita tarkastellaan hyvinkin eriävistä näkökohdista lähtien - aihe jonka @Vonka toi viestissään oivallisesti esille.

Se mikä hyödyttää Yhdysvaltoja on ongelma Suomelle, toisaalta se mikä hyödyttää Suomea on tiedustelutoiminnan kannalta tarkasteltuna ongelmallista Yhdysvalloille. Toisaalta sitten Yhdysvallat itse toivoo varmasti asian olevan siten, että ulkovallat löytävät mahdollisimman vähän turvallisuusaukkoja joiden kautta ulottaa tiedustelu Yhdysvaltoihin eli Yhdysvaltojenkin tilanne on tavallaan mielenkiintoinen mutta asemansa kautta sillä on kokonaisuudessa selkeä etu hallussaan. Sillä on ne selkeät takaportit tiedossa, ne joista moni muu joutuu haaveilemaan ja joita moni muu joutuu metsästämään päästäkseen helpommin käsiksi tietoihin (asia yksinkertaistettuna).

Ja informaatiosotaan kovin ohuelti liittyen on todettava, että luulisi, että viimeistään Ukrainan kriisi on paljastanut sen, että mikä arvo osalla kv. sopimuksia on - niitä noudatetaan vain niin kauan kuin ne hyödyttävät itseä ja toisin päin ajatellen, jos on mahdollista olla noudattamatta sopimusta (syystä tai toisesta) näin tehdään jos mikään merkittävä intressi tai oma etu ei puolla sopimuksen noudattamista. Venäjä ei ole ainoa maa joka rikkoi tai jätti velvoitteensa täyttämättä helmikuussa 1994 allekirjoitetun Budapestin sopimuksen kohdalla. Venäjän rikottua sopimusta ei Yhdysvallatkaan arkaillut asiassa ja sen jälkeen sopimuspaperi oli lähinnä wc-paperin arvoinen.

vlad.

edit: lähti vahingossa kesken kaiken matkaan ja siksi viestiä editoitu ts. kirjoitettu valmiiksi.

 

[baikal]

Eikä kaikki vakoilu suinkaan ole turvallisuuspoliittisen tiedon hankintaa. Kaupan, politiikan, teollisuuden.....kaikki MUU on vähintään yhtä suuressa asemassa. Yhdysvaltain aivan julkisesti huoneentauluun kirjaama dogmi on, että se aikoo säilyttää ylivertaisen taloudellisen ja sotilaallisen aseman Pallolla. Se on sanottu jo niin monen presidentin suulla, aivan julkisesti, että sitä tuskin kannattaa epäillä. Ja käsien työ ja tekeminen on näyttänyt selvästi sen, että aie ei ole turhaa uhoa.

Taloudellisen ylivertaisen aseman hankkiminen ja ylläpitäminen ei onnistu ilman vakoilua. Ja kun taloudellinen asema on turvattu, niin kyllä fyrkka näyttää riittävän siihen sopivan sotilaallisen potentiaalinkin ylläpitämisen. Talouden, kaupan ja politiikan vakoileminen ei ole mitään nääh mitä sitten - hommaa. Väen väkisin se panee epäilemään, ettei mikään muukaan toiminta ole aina sitä, miltä ensin näyttää. Maailma muuttui paljon epäselvemmäksi ja vaikeammaksi, kun siitä tuli yksinapainen. Voisi luulla, että siitä se auvo ja onni lohkeaa, kun on vain yksi Kurko, mutta ei taida niinkään ihan mennä.

 

[ctg]

Most people realize that emails and other digital communications they once considered private can now become part of their permanent record.


But even as they increasingly use apps that understand what they say, most people don’t realize that the words they speak are not so private anymore, either.

Top-secret documents from the archive of former NSA contractor Edward Snowden show the National Security Agency can now automatically recognize the content within phone calls by creating rough transcripts and phonetic representations that can be easily searched and stored.

The documents show NSA analysts celebrating the development of what they called “Google for Voice” nearly a decade ago.

Though perfect transcription of natural conversation apparently remains the Intelligence Community’s “holy grail,” the Snowden documents describe extensive use of keyword searching as well as computer programs designed to analyze and “extract” the content of voice conversations, and even use sophisticated algorithms to flag conversations of interest.

The documents include vivid examples of the use of speech recognition in war zones like Iraq and Afghanistan, as well as in Latin America. But they leave unclear exactly how widely the spy agency uses this ability, particularly in programs that pick up considerable amounts of conversations that include people who live in or are citizens of the United States.

Spying on international telephone calls has always been a staple of NSA surveillance, but the requirement that an actual person do the listening meant it was effectively limited to a tiny percentage of the total traffic. By leveraging advances in automated speech recognition, the NSA has entered the era of bulk listening.

And this has happened with no apparent public oversight, hearings or legislative action. Congress hasn’t shown signs of even knowing that it’s going on.

https://firstlook.org/theintercept/2015/05/05/nsa-speech-recognition-snowden-searchable-text/

 

[ctg]

LULZ

A trio of transparency boffins have revealed personal details of 27,000 intelligence officers they say are working on surveillance programs. The resulting dump not only names the officers, but in some cases tells you where they live based on data sourced from LinkedIn profiles and other easy-to-access sources.

M.C McGrath, founder of Transparency Toolkit, along with coder Brennan Novak and sysadmin Kevin Gallagher have compiled the records into the ICWatch database searchable by company, title, name, and location.

McGrath says the astonishing open-air intelligence gaffes reveal details about intelligence officers' private and work lives, along with previously unknown intelligence programs.

"Luckily it is very easy to find out who is in the surveillance state with just a few Google searches," McGrath says.

"People post things like 'I know how to use XKeyScore and MS Word'."

http://www.theregister.co.uk/2015/0...profiles_reveal_new_intel_ops_home_addresses/

Tälläinen tapaus yleensä saisi median huutamaan kurkku suorana murhaa, mutta ei tälle voi muuta kuin nauraa.

 

[ctg]

Cyber-spies are increasingly attempting to hide their command and control operations in plain sight by burying their command infrastructure in the forums of internet heavyweights, including Microsoft.

FireEye and Microsoft have successfully shut down the Chinese threat actor APT17’s use of the MSFT TechNet blog to hide their hacking operations. State-sponsored hackers were posting comments on TechNet in order to embed encoded commands that only their malware could use.

APT17, a China-based advanced persistent threat group, posted in forum threads and created profile pages to host encoded C2 IP addresses that would direct a variant of the BLACKCOFFEE backdoor to their C2 server. TechNet’s security was not compromised by this tactic, which could also work on other forums and boards.
Most threat actors choose to compromise or hijack easily manipulated websites to host command and control nodes, which is a very noisy tactic that allows for quick detection of their location. APT17’s tactics of embedding phone home instructions on Microsoft’s forums are more subtle, but not unprecedented in the wider field of botnet communications. For example, some zombie networks have previously made use of Twitter profiles as a communication channel. APT17 had been observed using popular search engines including Google and Bing to hide their activities and host locations from security researchers.

“This latest tactic by APT17 of using websites’ legitimate functionalities to conduct their communications shows just how difficult it is for organisations to detect and prevent advanced threats,” said Laura Galante, manager, threat intelligence, FireEye. “Given its effectiveness, we anticipate that this encoding and obfuscation will become a truly pervasive tactic adopted by threat actors around the world.”

APT17 predominantly targets US government entities, the defence industry, law firms, information technology companies, mining companies, and non-governmental organisations. FireEye reckons the group is sponsored by the Chinese government.

A summary of FireEye’s research into APT17 can be found in a blog post here, explaining in more depth in a white-paper (pdf). ®

http://www.theregister.co.uk/2015/0...t_unwittingly_hosted_chinese_apt_botnet_node/

 

[ctg]

The activities of yet another long-running apparently state-sponsored hacking crew have finally been exposed.

The Naikon cyber-espionage group has been targeting government, military and civil organisations around the South China Sea for at least five years, according to researchers at Kaspersky Lab.

The Naikon attackers appear to be Chinese-speaking and chiefly interested in top-level government agencies and civil and military organisations in countries such as the Philippines, Malaysia, Cambodia, Indonesia, Vietnam, Myanmar, Singapore, and Nepal.

The group relies on standard cyber-spy tactics: custom malware and spear phishing featuring emails carrying attachments designed to be of interest to the potential victim. This attachment might look like a Word document, but is in fact an executable file with a double extension.

Naikon has developed platform-independent code and the ability to intercept the entire network traffic, marking them out as more capable than the norm.

The remote access trojan routinely used by the crew comes with 48 commands, including instructions for downloading and uploading data, installing add-on modules or working with the command line.

Each target country has a designated human operator, whose job it is to take advantage of cultural aspects of the country, such as a tendency to use personal email accounts for work.

As well as this social engineering to fine-tune targeting, the group also routinely places its hacking command and control infrastructure (a proxy server) within the country’s borders to facilitate real-time connections and data exfiltration.

The tactic means that suspicious traffic is not travelling outside a target's country and is therefore less likely to be flagged as potentially dodgy and subjected to further scrutiny.

"The criminals behind the Naikon attacks managed to devise a very flexible infrastructure that can be set up in any target country, with information tunnelling from victim systems to the command centre," explained Kurt Baumgartner, principal security researcher at Kaspersky Lab. "If the attackers then decide to hunt down another target in another country, they could simply set up a new connection. Having dedicated operators focused on their own particular set of targets also makes things easy for the Naikon espionage group."

The Naikon crew recently locked horns with Hellsing, another cyberspy group. The incident prompted Kaspersky Lab researchers, who were already looking into Hellsing, to cast their attention towards Naikon.

http://www.theregister.co.uk/2015/05/18/naikon_cyberspies_spying/

 

[ctg]

The United States tried to deploy a version of the Stuxnet computer virus to attack North Korea's nuclear weapons program five years ago but ultimately failed, according to people familiar with the covert campaign.

The operation began in tandem with the now-famous Stuxnet attack that sabotaged Iran's nuclear program in 2009 and 2010 by destroying a thousand or more centrifuges that were enriching uranium. Reuters and others have reported that the Iran attack was a joint effort by U.S. and Israeli forces.

According to one U.S. intelligence source, Stuxnet's developers produced a related virus that would be activated when it encountered Korean-language settings on an infected machine.

But U.S. agents could not access the core machines that ran Pyongyang's nuclear weapons program, said another source, a former high-ranking intelligence official who was briefed on the program.

The official said the National Security Agency-led campaign was stymied by North Korea's utter secrecy, as well as the extreme isolation of its communications systems. A third source, also previously with U.S. intelligence, said he had heard about the failed cyber attack but did not know details.

North Korea has some of the most isolated communications networks in the world. Just owning a computer requires police permission, and the open Internet is unknown except to a tiny elite. The country has one main conduit for Internet connections to the outside world, through China.

In contrast, Iranians surfed the Net broadly and had interactions with companies from around the globe.

A spokeswoman for the NSA declined to comment for this story. The spy agency has previously declined to comment on the Stuxnet attack against Iran.

The United States has launched many cyber espionage campaigns, but North Korea is only the second country, after Iran, that the NSA is now known to have targeted with software designed to destroy equipment.

Washington has long expressed concerns about Pyongyang's nuclear program, which it says breaches international agreements. North Korea has been hit with sanctions because of its nuclear and missile tests, moves that Pyongyang sees as an attack on its sovereign right to defend itself.

U.S. Secretary of State John Kerry said last week that Washington and Beijing were discussing imposing further sanctions on North Korea, which he said was "not even close" to taking steps to end its nuclear program.

SIEMENS SOFTWARE

Experts in nuclear programs said there are similarities between North Korea and Iran's operations, and the two countries continue to collaborate on military technology.

Both countries use a system with P-2 centrifuges, obtained by Pakistani nuclear scientist A.Q. Khan, who is regarded as the father of Islamabad's nuclear bomb, they said.

Like Iran, North Korea probably directs its centrifuges with control software developed by Siemens AG that runs on Microsoft Corp's Windows operating system, the experts said. Stuxnet took advantage of vulnerabilities in both the Siemens and Microsoft programs.

Because of the overlap between North Korea and Iran's nuclear programs, the NSA would not have had to tinker much with Stuxnet to make it capable of destroying centrifuges in North Korea, if it could be deployed there.

Despite modest differences between the programs, "Stuxnet can deal with both of them. But you still need to get it in," said Olli Heinonen, senior fellow at Harvard University's Belfer Center for Science and International Affairs and former deputy director general of the International Atomic Energy Agency.

NSA Director Keith Alexander said North Korea's strict limitations on Internet access and human travel make it one of a few nations "who can race out and do damage with relative impunity" since reprisals in cyberspace are so challenging.

When asked about Stuxnet, Alexander said he could not comment on any offensive actions taken during his time at the spy agency.

David Albright, founder of the Institute for Science and International Security and an authority on North Korea's nuclear program, said U.S. cyber agents probably tried to get to North Korea by compromising technology suppliers from Iran, Pakistan or China.

"There was likely an attempt" to sabotage the North Korean program with software, said Albright, who has frequently written and testified on the country's nuclear ambitions.

OLYMPIC GAMES

The Stuxnet campaign against Iran, code-named Olympic Games, was discovered in 2010. It remains unclear how the virus was introduced to the Iranian nuclear facility in Natanz, which was not connected to the Internet.

According to cybersecurity experts, Stuxnet was found inside industrial companies in Iran that were tied to the nuclear effort. As for how Stuxnet got there, a leading theory is that it was deposited by a sophisticated espionage program developed by a team closely allied to Stuxnet's authors, dubbed the Equation Group by researchers at Kaspersky Lab.

The U.S. effort got that far in North Korea as well. Though no versions of Stuxnet have been reported as being discovered in local computers, Kaspersky Lab analyst Costin Raiu said that a piece of software related to Stuxnet had turned up in North Korea.

Kaspersky had previously reported that the software, digitally signed with one of the same stolen certificates that had been used to install Stuxnet, had been submitted to malware analysis site VirusTotal from an electronic address in China. But Raiu told Reuters his contacts had assured him that it originated in North Korea, where it infected a computer in March or April 2010.

Some experts said that even if a Stuxnet attack against North Korea had succeeded, it might not have had that big an impact on its nuclear weapons program. Iran's nuclear sites were well known, whereas North Korea probably has at least one other facility beyond the known Yongbyon nuclear complex, former officials and inspectors said.

In addition, North Korea likely has plutonium, which does not require a cumbersome enrichment process depending on the cascading centrifuges that were a fat target for Stuxnet, they said.

Jim Lewis, an advisor to the U.S. government on cybersecurity issues and a senior fellow at the Center for Strategic and International Studies, said there are limitations to cyber offense.

A cyber attack "is not something you can release and be sure of the results," Lewis said.

http://www.reuters.com/article/2015...xnet-idUSKBN0OE2DM20150529?utm_source=twitter

 

[ctg]

We are in the early years of a cyber war arms race, security guru Bruce Schneier warned delegates at the Infosecurity Europe exhibition on Wednesday.

Schneier, CTO of Resilient Systems, said the much publicised student attacks on Iran by the US and Israel in 2010, Iran’s attack on Saudi Aramco, China’s apparent role in hacking GitHub, and the North Korean assault on Sony Pictures last year are all examples of the phenomenon.

“These nations are building up for cyber war and now we're all in the blast radius,” he warned, while speaking in London.

Most of these attacks — including Stuxnet and the assault on GitHub — inflict collateral damage, Schneier told El Reg, adding that cyber attacks are likely to become mainstream aspect of many conflicts. “I’m afraid things will get out of hand,” he said.

During a keynote presentation, Schneier focused on a detailed commentary on last year’s attack on Sony Pictures. After months of doubting North Korea’s involvement in the attack Schneier was finally convinced of its role by a mid January article by David Sanger in the New York Times.

Other theories — most notably that a disgruntled insider collaborated with elements of Anonymous to launch the attack — were widely touted in the weeks following the attack. This illustrates the wider point that attributing attacks in cyberspace is very hard, Schneier said.

“You can be attacked and not be sure if it's a nuclear-powered government or two guys in a basement,” Schneier noted.

The security industry has developed technology to rebuff high volume, unfocused attacks. However, skilled and focused attackers, commonly referred to in the infused biz as advanced persistent threats (APTs), or otherwise known as state-sponsored cyberspies, remain a huge challenge.

“A sufficiently skilled, funded and motivated attacker will never fail to get in,” Schneier said. The “high skill, high focused” attack thrown against Sony would have floored most every target, he added.

“Fundamentally, I don't think any of us could withstand this type of attack from this type of adversary,” Schneier concluded.

Schneier claimed that the $15m clean-up costs booked by Sony Pictures in the wake of the attack seem to under-estimate costs and further charges will likely follow. ®

http://www.theregister.co.uk/2015/06/04/schneier_global_cyber_war_warns/

Russia is the chief suspect in the recent hack of the Bundestag, according to esteemed German daily Der Spiegel.

Officials within the German government are still refusing to publicly point the finger, but sources close to the Bundestag’s tech department have told El Reg that all indications point to a state-sponsored attack.

Sophisticated Trojan malware penetrated the entire Bundestag network and slurped data from even lawmakers' computers — all 20,000 accounts are thought to be vulnerable.

Der Spiegel said techies had finally managed to read parts of the source code and now suspect that the Kremlin is behind the infiltration. The malware apparently closely resembles that used in a 2014 attack on a German data network.

Network access at the Bundestag is slowly returning to normal according to staff.

In January, a pro-Russian hacker group in Ukraine claimed responsibility for a cyberattack that paralysed the Bundestag and German Chancellery for several hours. ®

http://www.theregister.co.uk/2015/06/04/ruskies_are_behind_german_government_cyber_attack/