Cyber-ketju: verkkovakoilu,kännyköiden ja wlanien seuranta, hakkerointi, virukset, DoS etc

[ctg]

Naapuri asialla

The US Democratic National Committee (DNC) has confirmed that hackers thought to be part of Russian state intelligence have had access to their servers for nearly a year. They have read emails, chat logs, and opposition research documents.

The attack was uncovered six weeks ago, after IT admins noticed something strange was going on in the DNC's servers. All the computers in the opposition research department had been accessed and two files had been stolen.

"The security of our system is critical to our operation and to the confidence of the campaigns and state parties we work with," said Representative Debbie Wasserman Schultz (D-FL), the DNC chairwoman, told the Washington Post.

"When we discovered the intrusion, we treated this like the serious incident it is ... Our team moved as quickly as possible to kick out the intruders and secure our network."

After calling in security company CrowdStrike, investigators found that not one, but two different hacking teams had had the run of the DNC's servers. Both of them were already well known and are thought to be state-sponsored groups.

One, dubbed Fancy Bear, has been active for the last ten years and is thought to be part of the Russian military intelligence GRU. The other, Cozy Bear, is the group that successfully and persistently cracked the White House and US military servers last year.

"We've had lots of experience with both of these actors attempting to target our customers in the past, and know them well," said Dmitri Alperovitch, CTO of CrowdStrike.

"In fact, our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis. Their tradecraft is superb, operational security second to none, and the extensive usage of 'living-off-the-land' techniques enables them to easily bypass many security solutions they encounter."

The team found that Cozy Bear had managed to get into the DNC server last summer using a SeaDaddy implant developed in Python and compiled with py2exe and another Powershell backdoor. It used a battery of remote access tools – including AdobeARM, ATI-Agent, and MiniDionis – to establish a large-scale data scanning operation.

In April, Fancy Bear, which uses a wide variety of custom-built hacking tools for Windows, Linux, OS X, iOS, Android and Windows Phones (though in the latter case, why bother?), broke into the DNC servers and it was its clumsy attempts to steal data that tipped off the IT staff about both operations.

"We have identified no collaboration between the two actors, or even an awareness of one by the other," Alperovitch said.

"Instead, we observed the two Russian espionage groups compromise the same systems and engage separately in the theft of identical credentials. While you would virtually never see Western intelligence agencies going after the same target without de-confliction for fear of compromising each other's operations, in Russia this is not an uncommon scenario."

An analysis of the servers showed that no financial, donor or personal information had been accessed or stolen by the two teams, the DNC said. Instead, the hackers went after the communications systems and research servers.

"Political organizations do not invest much in IT security, as they have few assets worth stealing, so this attack was likely carried out by low-level hackers within the attacking organization," said John Gunn, a veep at VASCO Data Security.

"The DNC can't really have anything on Trump that isn't already somewhere on the internet, and it is hard to imagine that the hack would reveal anything more intriguing than what Trump is already saying almost daily."

A Russian Embassy spokesman said he had no knowledge of such intrusions. ®

http://www.theregister.co.uk/2016/06/14/russian_government_hackers_spent_year_in_dnc_servers/

 

[ctg]

Kiinan valtiollisesta ja heidän käyttämistään työkaluista.

In the world of cyberespionage, the Chinese are king. More nation-state attacks are attributed to it than any other country. Though the assumption has been that the motive behind most of this spying was to gain a competitive advantage for Chinese companies, there had not been much proof. Until now. A new espionage campaign attributed to China shows an almost one-to-one correlation between the breaches and China’s economic interests.

The group, discovered last November by the Dutch security firm Fox-IT and dubbed Mofang, has struck more than a dozen targets in various industries and countries since at least February 2012, and is still active. Mofang has targeted government agencies in the US, military agencies in India and Myanmar, critical infrastructure in Singapore, research and development departments of automotive companies in Germany, and the weapons industry in India.

But one campaign in particular, conducted in relation to business dealings in Myanmar’s Kyaukphyu special economic zone, provides clues about the attackers’ motives. In that attack, Mofang targeted a consortium overseeing decisions about investments in the zone, where China’s National Petroleum Corporation hoped to build an oil and gas pipeline.

“It’s a really interesting campaign to see where initial investments by a China state-owned company [appeared to drive the breaches],” says Yonathan Klijnsma, senior threat intelligence analyst with Fox-IT. “Either they were afraid of losing this investment or they just wanted more [business opportunities].”

https://www.wired.com/2016/06/revea...-group-hacking-countrys-economic-bottom-line/

 

[ctg]

High-tech hackers brought in by the Pentagon to breach Defense Department websites were able to burrow in and find 138 different security gaps, Defense Secretary Ash Carter said Friday.

The so-called white-hat hackers were turned loose on five public Pentagon internet pages and were offered various bounties if they could find unique vulnerabilities. The Pentagon says 1,410 hackers participated in the challenge and the first gap was identified just 13 minutes after the hunt began.

Overall, they found 1,189 vulnerabilities, but a review by the Pentagon determined that only 138 were valid and unique.

The experiment cost $150,000. Of that, about half was paid out to the hackers as bounties, including one who received the maximum prize of $15,000 for submitting a number of security gaps. Others received varying amounts, to as low as $100.

"These are ones we weren't aware of, and now we have the opportunity to fix them. And again, it's a lot better than either hiring somebody to do that for you, or finding out the hard way," said Carter.

The Pentagon said this was the first time the federal government has undertaken a program with outsiders attempting to breach the networks. Large companies have done similar things.

Called "Hack the Pentagon," the program will be followed by a series of initiatives, including a process that will allow anyone who finds a security gap in Defense Department systems to report it without fear of prosecution. The department will also expand the bounty program to the military services and encourage contractors to allow similar scrutiny.

One of the hackers was David Dworken, who just graduated from high school. He said he worked on the program during his free time, logging in between homework assignments. He ended up submitting six vulnerabilities, but they all were reported by other hackers also.

He said he started getting interested in hacking when he was in the 10th grade. "I took a computer science course at my school and then other students and I were actually just messing around and we found a couple vulnerabilities on my school's website. That's the first thing I did with that," the future Northwestern University student told reporters.

Even though he didn't qualify for a payout, Dworken said it was worthwhile.

"It also works well in terms of, like networking and getting a reputation kind of thing," he said. "You know, I'm just in high school. I've had recruiters contact me about internships over the summer."

http://abcnews.go.com/Technology/wireStory/hackers-find-security-gaps-pentagon-websites-39945560

 

[ctg]

Iipot ja Jenkit yhdistävät omat cyberlafkansa. Mitäköhän tästä seuraa?

The US and Israel and due to announce a bilateral threat sharing programme involving co-operation between the two allies' Computer Emergency Response Teams.

The agreement, due to be signed on Tuesday, was trailed in respective conference speeches by Alejandro Mayorkas, deputy secretary of US Homeland Security and Dr Eviatar Matania, head of the Israel National Cyber Directorate.

The exchange will involve the sharing of vulnerabilities, attacks and (importantly) mitigation strategies in “near real time”.

“Not everything we gather will be propagated but the screening will be automatic,” said Dr Matania. Data shared will be anonymised so as not to reveal the identity of a company under attack and filtered for relevancy.

All this will be done automatically without human review and will help to tackle threats.

Information sharing between private sector companies and the US government is a hugely contentious issue, resulting in repeated legislative delays before the passage of the Cybersecurity Information Sharing Act last December.

Many in Silicon Valley don’t trust the government to keep sensitive data secure, particularly in the wake of the OPM hack, which spilled the private information of million of government employees. Privacy advocates opposed the bill as a facilitator of yet more indiscriminate mass snooping (surveillance).

Israel has a completely different political and business culture to the US so this sort of thing is hardly controversial. “Companies, sectors and countries need to share information,” according to Dr Matania, who added that the US is a “natural ally”.

Although the idea of active defence or hacking back against security attackers is coming into vogue at least in the US, the Israeli government is opposed to it. “We can’t let private companies do something that’s the role of the state,” according to Dr Matania, who added that to proceed otherwise would cause “chaos”.

“Companies should limit themselves to securing their own networks and running honeypots,” he added.

Quite a few people view the security scene on the inter webs as already chaotic, thanks in no small part to the activities of the intel agencies of nation states. During his speech, Dr Matania articulated a strategy of “changing the unbalanced equation between attackers and defenders” in cybersecurity, a worthy but problematic ambition.

Quizzed by El Reg on this point, Dr Matania acknowledged this was a difficult mission. He suggestion that automatic detection tolls can change how developers work and minimise coding mistakes. ®

http://www.theregister.co.uk/2016/06/20/israel_uk_infoshare_pact/

 

[ctg]

Pelottava. Onkohan kukaan koskaan vetänyt FBIta Haagin oikeusistuimeen?

A federal district court in Virginia has ruled that the FBI has the right to hack into computers around the world without getting a local warrant, and without any review by courts.

The ruling, by US District Judge Henry Morgan, comes during the prosecution of Edward Matish.

Matish is one of the 100-plus suspects arrested after the FBI took over the Playpen child abuse website and used it to infect visitors with a "network investigative technique" (NIT). This revealed their IP addresses and details of the computers they were using.

Other attempts to prosecute Playpen cases has led to problems, with some courts finding that because the FBI only got a single warrant to cover all NIT infections, the search warrants were invalid. Not so Judge Morgan, who said a local warrant wasn't needed and IP addresses couldn’t be considered protected.

"The court finds that Defendant possessed no reasonable expectation of privacy in his computer's IP address, so the Government's acquisition of the IP address did not represent a prohibited Fourth Amendment search," the ruling reads.

"Even an Internet user who employs the Tor network in an attempt to mask his or her IP address lacks a reasonable expectation of privacy in his or her IP address."

The judge also denied the defendant's counsel the opportunity to examine the NIT to see if it performed as claimed. He said it was subject to "law enforcement privilege," and wasn't relevant to the defence in this case.

"This case embodies the fundamental collision between the duty of our Government to protect its citizens from the dangers caused by child pornography with the implied right of privacy under the Fourth Amendment," he wrote.

"Notably, the Government already has found that protecting its citizens outweighs the First Amendment's right of freedom of speech, for it applies prior restraint to child pornography."

The ruling is expected to be appealed but Mark Rumold, a senior staff attorney Electronic Frontier Foundation, slammed it as setting a very dangerous precedent and called it "dangerously flawed".

"The implications for the decision, if upheld, are staggering: law enforcement would be free to remotely search and seize information from your computer, without a warrant, without probable cause, or without any suspicion at all," he said.

"To say the least, the decision is bad news for privacy. But it's also incorrect as a matter of law, and we expect there is little chance it would hold up on appeal." ®

http://www.theregister.co.uk/2016/06/24/judge_rules_fbi_can_hack_any_time_any_place_anywhere/

 

[ctg]

Attackers have popped three prominent US hospitals, using deliberately ancient malware so old that it slips under the radar of modern security controls to compromise Windows XP boxes and gain network beacheads.

The attacks were foiled using deceptive honeypot-style frameworks, according to California-based TrapX.

Hospitals were attacked between late 2015 and early this year, potentially compromising medical systems such as x-ray machines, and fluoroscopy radiology systems.

TrapX detailed the attacks in its paper MEDJACK.2 Hospitals Under Siege [PDF] descrbing how the three hospitals contained a "multitude of backdoors and botnet connections" under attacker control.

"The malware utilized for this attack was specifically selected to exploit older versions of Windows," TrapX researchers wrote of the attacks.

"It enabled the attacker to install a backdoor within the enterprise, from which they could launch their campaign and quietly exfiltrate data and perhaps cause significant damage using a ransomware attack.

"[Attackers] can extend their foothold on these compromised systems to potentially breach the patient records over an extended period of time."

http://www.theregister.co.uk/2016/06/28/medjack/

 

[BlackFox]

 

[ctg]

Auts.

A chinese gambling company has been pulverised with multiple nine-vector, 470 Gbps, 110 million packet-per-second distributed denial of service (DDoS) attacks, some of the biggest and most complex ever recorded.

The unnamed company was attacked by DDoS that used nine vectors in a very rare bid to bypass Incapsula's mitigation services. "The assault was significantly complex by network layer standards, relying on a mix of nine different payload types," Incapsula researchers Ofer Gayer and Igal Zeifman say.

"Such nine-vector assaults are very rare in our experience.

"Usually a perpetrator’s goal in using multi-vector attacks is to switch between different payload types in an attempt to bypass a mitigation service."

The anti-DDoS firm says only 0.2 percent of attacks it saw in the first quarter of this year were multi-vector.

The pair say attackers begun attacking the gambling company with a measly 250Gbps DDoS before stepping it up to launch the heaviest ever recorded by the firm.

http://www.theregister.co.uk/2016/07/01/470_gbps_multivector_chinese_gambling/

 

[BlackFox]

Tästä ollaan väännetty foorumillakin kun tokinaisimmat meinasivat käyttää facebookkeja ym sodassakin "helppouden" takia.
Näin Instagram-kuva voi paljastaa kokonaisen sotasuunnitelman – siksi sometusta vahdataan myös Suomen armeijassa

• 163

ARMEIJA

1.7.2016 @ 11:27 JUSSI PULLINENJUUSO MÄÄTTÄNEN<URL> nyt.fi/a1467339297210
Vuonna 2010 Israelin armeijan erikoisyksikkö valmistautui operaatioon Länsirannalla. Tarkoitus oli pian tehdä pidätyksiä läheisessä palestiinalaiskylässä.

Sitten yksi sotilaista päivitti Facebook-statuksensa: ”Keskiviikkona me puhdistamme kylää – tänään pidätyksiä, huomenna pidätyksiä, ja sitten jos Jumala suo, torstaina kotiin.”

Operaatio päättyi päivitykseen. Tieto oli luultavasti hyvin nopeasti kohteen tiedossa, eikä pidätyksistä tulisi enää mitään. Israelin armeija julkaisi vastauksena kirjeen, jossa varoitettiin sotilaita sosiaalisesta mediasta: vihollisen tiedustelu lukee kaikki mahdolliset päivitykset, ja virhe voi koitua joukkojen kohtaloksi.

Muutamaa vuotta myöhemmin sama toistui Ukrainassa. Maassa soti joukkoja, jotka näyttivät venäläisiltä, joiden kalusto vaikutti venäläiseltä, mutta joiden venäläisyyttä maan hallitus ei myöntänyt.

Sitten internet-etsivät penkoivat vähän syvemmältä. Löytyi Instagram-tilejä ja Vkontake-profiileja, joissa poseerasivat venäläissotilaat. Sitten Vice Newsin toimittaja seurasi yhden venäläissotilaan some-päivitysten perusteella tämän reittiä: retki Ukrainaan näytti selvältä.

Tämä tiedetään myös Suomen armeijassa.

Kun tuhannet suomalaisnuoret maanantaina aloittavat asepalveluksen varuskunnissa, heitä odottavat tiukat some-ohjeet. Älypuhelimet on pantava suureksi osaksi aikaa pois – ja syy on sama kuin Israelissa ja Ukrainassa. Kuvat voisivat paljastaa liikaa – ja niitä seurataan.

Sosiaalisessa mediassa tapahtuman avoimen tiedustelun merkittävyyttä korostaa myös Jarno Limnéll, ja häntä kannattaa kuunnella tässä asiassa.

Limnéll työskentelee kyberturvallisuuden professorina Aalto-yliopistossa sekä kyberturvallisuus- ja kehitysjohtajana teknologiayritys Instassa. Jos joku siis tässä maassa tietää Instagram-kuvien turvallisuusuhkan, se on Limnéll.

Hänen mukaansa niin sanottu perinteinen tiedustelu ja uusi sosiaalisen median tiedustelu kulkevat nykyisin käsi kädessä.

”Asevoimissa kehitellään taatusti koko ajan uusia keinoja ja työkaluja sitä varten, että sosiaalisen median valtavasta tietovirrasta pystytään keräämään oleellinen”, Limnéll sanoo.

Tosiasia on Limnéllin mukaan se, että vääränlainen päivitys sosiaaliseen mediaan voi saman tien paljastaa viholliselle kaiken tarpeellisen salaiseksi tarkoitetusta operaatiosta.

Se ei ole ihme, sillä jo siviilimaailmassakin meistä pystytään oikeilla menetelmillä luomaan noin 90 prosentin todennäköisyydellä tarkka henkilökuva.

Limnéll sanoo, että oleellista on nimenomaan se, miten älylaitteita käytetään. Esimerkiksi asepalveluksessa kännyköiden kokonaiskielto ei ole missään tapauksessa tarpeen, vaan tunnelmien välittäminen ja kuvien ottaminen oikeissa paikoissa on vain hyödyllistä.

Limnéll puhuu ”vastuullisuuden kulttuurista”: pitää tietää, mitä voi tehdä älylaitteilla ja mitä ei.

Vapaa-ajalla Suomen tuoreet alokkaat saavatkin käyttää puhelintaan melko vapaasti. Armeijassa ongelmia tulee, jos alkaa kuvata kännykällään sotilaskalustoa, varusteita tai muita arkaluontoisia paikkoja. Niiden lataaminen Youtubeen tai Instagramiin on kiellettyä, itse asiassa palvelusrikos.

Kesäkuussa Yle uutisoi, että yksi uuden ajan ongelmista puolustusvoimissa on kännyköiden käyttö, valo- tai videokuvaaminen ja parhaimmillaan jopa Periscope-lähetykset. Silti inttimateriaalia löytyy netistä pilvin pimein, eikä sen löytämiseksi tarvitse edes olla kummoinen velho.

Parin puhelinsoiton perusteella puolustusvoimien linja ei kuitenkaan kuulostaa aivan yhtenäiseltä.

Kainuun Prikaatin esikuntapäällikkö, eversti Rainer Peltoniemi on asian suhteen tiukkana. Hän kertoo, että kuvien lataaminen someen on selvästi kiellettyä.

”Meillä oli tällainen yksittäistapaus, jossa varusmies oli ottanut itsestään selfien varustus päällä sotilasharjoituksessa ja julkaissut sen. Asia korjattiin, kuva poistettiin ja henkilön kanssa tilanne käytiin läpi.”

Peltoniemen mukaan tällaisessa tapauksessa on kuitenkin helposti inhimillisestä virheestä, jossa henkilö ei ole tiennyt tai muistanut tarkkoja säädöksiä. Jos kuitenkin selvästi tahallisesti julkaisee kiellettyjä valokuvia, se on palvelusrikos ja siitä seuraa kurinpitoseuraamus.

Kurinpitoseuraamus voi olla esimerkiksi poistumiskielto. Tahallaan julkaistu Instagram-kuva voi siis estää lomille pääsemisen.

Karjalan Prikaatin esikuntapäällikkö, everstiluutnantti Sami-Antti Takamaa on kevyemmällä kannalla. Hän sanoo tietävänsä, että ”pojat ottavat kuvia ja julkaisevat niitä”.

Mitä tahansa ei silti Takamaankaan mukaan kuvata. Jos taustalla on kalustoa, joka paljastaa salaisia tietoja puolustusvoimien toiminnasta, ollaan kuvien sensuroinnissa tarkkoina.

Ukrainassa tankki- ja tykkiselfieistä on yritetty päätellä, mikä taktiikka sota-alueella on käytössä. Viatonkin selfie voi paljastaa asiantuntijalle paljon.

Uusin ongelma ovat Periscopen kaltaiset live-lähetykset.

Niitä ei esimerkiksi harjoitusten aikana saa lähettää, koska Periscope paljastaa sijaintiedot.

Eikä Periscope ole tässä asiassa mikään uusi tapaus: Instagram-kuvista on voinut tarkastella kuvien lokaatioita jo vuosien ajan.

Everstiluutnantti Takamaa korostaakin kännyköiden käytöstä puhuessaan nimenomaan tietoturvaa.

”Heti alussa varusmiehille kerrotaan, ettei kannata olla liian sinisilmäinen. Tarkat ohjeistukset kännykän käytöstä palveluksessa annetaan heti koulutuksen alkuvaiheessa. Monet sovellukset kertovat, missä esimerkiksi valokuva on tarkalleen otettu. Sen avulla ulkopuolinen voi halutessaan seurata, missä toiminta tapahtuu.”

Jos siis olet aloittamassa asepalvelusta, varaudu siihen, että sinulle luennoidaan ensimmäisten viikkojen aikana, kuinka puhelimesi voi toimia paikantimena. Sitä puolustusvoimat ei halua.

Kännyköiden lisäksi maailmalla on alettu puuttua myös muihin älylaitteisiin. Kiinan armeija kielsi älykellojen käytön jo vuosi sitten juuri niiden paikannettavuuden vuoksi.

Monet näistäkin asioista ovat tosin puolustusvoimille aika uusia, eikä niihin löydy mitään selvää ohjekirjaa. Paljon oleellisempaa on se, että kännykät pysyvät poissa tieltä silloin, kun on muuta tekemistä.

Toki puolustusvoimilla on jo vuosien ajan huolehdittu sosiaalisesta mediasta, ja jo muutama vuosi sitten armeija aloitti virallisen someagentti-projektin.

Juuri siksi Takamaa ja Peltoniemi muistuttavat, että ennen kaikkea armeija tarjoaa virkistävän vapautuksen jatkuvasta kännykän näpräämisestä ja somessa roikkumisesta.

 

[ctg]

Vaikuttaisi tämä fanspoilt on pelkkä lähetystapa, ei exploitti.Tunnollinen hakkeri, joka seuraa myös tuulettimiaan, ei tartte edes kuulla tuulettimen vaihtavan nopeutta jos hän huomaa säännöllisyyden tuulettimen nopeudessa. Joutuu viruksen kirjoittaja kikkailemaan tuon kanssa jos haluaa homman pysyvän piilossa.

Changing a computer’s fan speed produces an audio signal that can be hijacked to steal data, say computer security experts who have tested the technique.


…

Fansmitters are simple in principle. Almost all computers use fans to cool the main CPU and the graphics card, and to pump air through the chassis. When they’re operating normally, the main sound produced by these fans is the result of rotating blades forcing air past static vanes.

The frequency of this sound depends on the number of blades and their rate of rotation. It is usually in the region of hundreds of hertz. Any alteration to this rotation rate changes the frequency of the sound.

This is the basis of their approach. These guys have created malware that alters the rotation speed, and hence sound, of a computer fan to encode data.

The malware transmits information using a special protocol in which the information is divided into packets made up of a preamble and a payload. The preamble consists of the signal 1010, which a listening device can use for calibration. This is followed by a payload of 12 bits that encode the data to be transmitted. This can be picked up by any listening device nearby, such as a smartphone.

One potential problem is that a user might notice, and become suspicious of, the variations in fan noise. So Guri and co use low frequencies of 140 to 170 hertz, which are more difficult for humans to hear. “Modulating the data over change of close frequencies is also less noticeable by a user, as it blends in and appears as natural background environmental noise,” they say.

https://www.technologyreview.com/s/...are-can-steal-data-from-air-gapped-computers/

 

[ctg]

On a giant flat-screen TV in an old Emeryville, California warehouse, a floating orb fires red, blue, pink, and yellow beams into a honeycomb of hexagonal blocks. The blocks are black, white, and gray, but as the beams hit them, they change—flashing, fading, absorbing color. And when they do, scores tally just above.

On the same screen, from adjacent windows, three commentators provide additional color, as if this was a videogame championship. “You can see who’s being owned, and who’s doing the owning,” says one, a theoretical physicist named Hakeem Oluseyi.

But this isn’t a videogame. The other two commentators are veteran white-hat hackers, experts at reverse-engineering software in search of security holes. The slick-bald guy (with the ponytail in back) is Visi, and the thin one with the hipster beard is HJ, short for Hawaii John. No other names given. They’re hackers.

All this is dress rehearsal for a $55 million hacking contest put on by Darpa, the visionary research wing of the US Defense Department. The contest is called the Cyber Grand Challenge, and it’s set for early August. Seven teams will compete inside seven supercomputers erected in a ballroom at the Paris hotel in Las Vegas, each unleashing artificially intelligent software that will defend one machine—and virtually attack the rest.

No one has ever really deployed a bot like that—software that can, completely on its own, find and repair security holes in real time. If these bots reach maturity, it would be a fundamental shift in computer security. But none of that is visual. So, to prove it can work, Darpa is going all Tron, visually recreating what goes on inside those seven machines. It’s not enough to have bots play Capture the Flag. You need to see it. “What’s happening inside the central processing unit? What’s happening inside the memory?” says Mike Walker, the veteran white-hat hacker turned Darpa program manager who oversees the Grand Challenge. “That’s what we’re trying to do here.”

http://www.wired.com/2016/07/__trashed-19/

 

[ctg]

The new documentary about Stuxnet, ‘Zero Days’, says the U.S. had a far larger cyber operation against Iran called Nitro Zeus that has compromised the country’s infrastructure and could be used as a weapon in any future war.

Quoting unnamed sources from inside the NSA and CIA, the movie says the Nitro Zeus program has infiltrated the systems controlling communications, power grids, transportation and financial systems, and is still ready to “disrupt, degrade and destroy” that infrastructure if a war should break out with Iran.

The multi-million dollar program was run from within the NSA during the same time Stuxnet was active, and was put in place should the U.S. be drawn into a war there because Israel launched an attack against Iran, according the film by academy award winning director Alex Gibney. The movie opened in U.S. theaters today.

http://www.networkworld.com/article/3093470/security/stuxnet-the-movie-the-u-s-has-pwned-iran.html

 

[BlackFox]

 

[ctg]

Huvittavinta tuossa Zer0Days tähän mennessäIranilaisten suorittaessa vastahyökkäyksen, POTUS sanoi että yksityissektori hoitaa asian, koska serverit sijaitsevat iranin ulkopuolella. Jotenkin tuntuu, että päättäjät eivät tiedosta millainen kenttä kyber on todellisuudessa. Netissä ei ole rajoja, mutta käyttäjät voidaan eritellä toisistaan, varsinkin valtiollisten ollessa kyseessä. Silti mihin asetetaan se raja miten pitkälle mennään kyberaseessa, kun hyökkäyksillä voidaan saada mahdollisesti valtio polvilleen kyberin lamauttaessa valtion infran.

 

[Fremen]

Venajan uudet data-lait tuovat ongelmia vahan kaikille, nelja suurinta ISP:ta veikkasivat kayttajahintojen 2-3 kertaistuvan, lisaksi kaikki internet start-upit ovat umpikusessa. Kukaan ei tunnu miettineen implementointia kovin pitkalle viranomaispuolella... (Moscow Times 12.07.16)

http://www.themoscowtimes.com/article.php?id=574962

 

[ctg]

VPN provider Private Internet Access has pulled out of Russia in the wake of new internet surveillance legislation in the country.

The company claims that some of its Russian servers were seized by the national government as punishment for not complying with the rules, which ask providers to log and hold all Russian internet traffic and session data for up to a year.

‘We believe that due to the enforcement regime surrounding this new law, some of our Russian Servers (RU) were recently seized by Russian Authorities, without notice or any type of due process,’ wrote Private Internet Access in a blog post.

The provider assured users that as it does not log any traffic or session data, no information was compromised – ‘Our users are, and will always be, private and secure.’

Upon learning of the federal action, the company immediately removed its Russian availability and announced that it would no longer be operating in the region.

Private Internet Access also added that following the incident, it was updating all of its certificates and client applications ‘with improved security measures to mitigate circumstances like this in the future, on top of what is already in place.’

The company advised that users must now update their desktop clients, and noted that its manual configurations now support the ‘strongest new encryption algorithms including AES-256, SHA-256, and RSA-4096.’

Russian authorities are tightening control over the internet and have long targeted VPNs and anonymising tools such as Tor, and other web proxies, while expanding surveillance capacity.

In July 2014, the government passed a data localisation law which stipulates that all foreign internet services processing Russians’ data must host the information on local servers. According to Freedom House, a U.S. human rights NGO, privacy advocates at the time raised concerns that the rule could make Russians more susceptible to government surveillance.

https://thestack.com/security/2016/07/12/vpn-provider-removes-russian-presence-after-servers-seized/

 

[ctg]

Power quality expert Alex McEachern set out to build an advanced power sensor for utility distribution grids, and accidentally produced a promising tool to protect power grids from cyber attack. The equipment–developed by McEachern and collaborators at the University of California Berkeley and Lawrence Berkeley National Laboratory—is part of the starter pack for military installations competing in a $77 million power grid cyber security R&D contest that DARPA is kicking off next month.

“What we’re trying to do is to take the most sensitive instruments that have ever been made for looking at the grid, and looking at what they might be able to see from inside military bases,” says McEachern, who is president of Alameda, Calif.-based power quality firm Power Standards Lab.

Defending against cyber attacks is a mission with new urgency following the Internet-based disruption of Ukraine’s power grid in December 2015—a sophisticated hack planned and executed over more than six months by what is widely thought to be a well-financed team within Russia. Cybersecurity experts called that attack a wake-up call for North American utilities, which are just beginning to invest in network monitoring and other active defenses for their industrial control systems.

DARPA says it may take “many years” for U.S. utilities to mount effective defenses against what could be devastating attacks. "Beyond the severe domestic impacts, including economic and human costs, prolonged disruption of the grid would hamper military mobilization and logistics, impairing the government’s ability to project force or pursue solutions to international crises,” wrote the agency in a December 2015 release announcing its Rapid Attack Detection, Isolation, and Characterization Systems (RADICS) program.

RADICS' goal is to develop automated power grid defense systems that are independent of utilities. It envisions systems that can detect grid cyberattacks, isolate key utility equipment, and accelerate the reboot of power systems post-attack. McEachern’s sensors are fundamental to the four-year effort’s initial phase (codenamed Steel Thread), whose first task is developing situational awareness on the grid.

RADICS teams must fuse multiple data streams in real time to provide early warning of a cyber attack. Today's best intrusion detection schemes watch for errant commands on industrial control systems. McEachern’s equipment offers a non-traditional approach: watching for irregularities in the physical behavior of the grid itself.

http://spectrum.ieee.org/energywise...ting-cyberintruders-by-taking-the-grids-pulse

 

[ctg]

The xDedic market has resurfaced, this time on a Tor network domain and with the inclusion of a new $50 USD enrollment fee. XDedic’s original domain (xdedic[.]biz) disappeared shortly after a June 16 Kaspersky Lab report describing how xDedic provided a platform for the sale of compromised RDP servers. At the time of the report, there were 70,000 hacked servers for sale for as little as $6, and the website was doing brisk business.

Researchers at Digital Shadows reported today that a June 24 post to the Russian-language forum, exploit in, included a link to the .onion site now hosting xDedic. “The new xDedic site was found to be identical in design to the previous site and although discussion in the exploit in thread indicated that accounts on the previous site had not been transferred to the new site, accounts could be freely registered,” Digital Shadows wrote in an incident report shared with Threatpost. “However, following registration, accounts had to be credited with $50 USD in order to activate them.”

https://wp.me/p3AjUX-v0F

Buyers were able to peruse a list of available servers, each entry providing specific details on system information, whether admin privileges are available, antivirus running on the machine, browsers, uptime information, download and upload speeds, and the price and location. xDedic marketed itself as a medium for bringing affiliates together, taking a percentage of the money involved as its cut.

 

[ctg]

The Chinese government likely hacked computers at the Federal Deposit Insurance Corporation in 2010, 2011 and 2013 and employees at the U.S. banking regulator covered up the intrusions, according to a congressional report on Wednesday.

The report cited an internal FDIC investigation as identifying Beijing as the likely perpetrator of the attacks, which the probe said were covered up to protect the job of FDIC Chairman Martin Gruenberg, who was nominated for his post in 2011.

"The committee's interim report sheds light on the FDIC's lax cyber security efforts," said Lamar Smith, a Republican representative from Texas who chairs the House of Representatives Committee on Science, Space and Technology.

"The FDIC's intent to evade congressional oversight is a serious offense."

The report was released amid growing concern about the vulnerability of the international banking system to hackers and the latest example of how deeply Washington believes Beijing has penetrated U.S. government computers.

The report did not provide specific evidence that China was behind the hack.

Shane Shook, a cyber security expert who has helped investigate some of the breaches uncovered to date, said he did not see convincing evidence in the report that the Chinese government was behind the FDIC hack.

"As with all government agencies, there are management issues stemming from leadership ignorance of technology oversight," Shook said.

Speaking in Beijing, Chinese Foreign Ministry spokesman Lu Kang repeated that China opposed hacking and acted against it.

People should provide evidence for their accusations and not wave around speculative words like "maybe" and "perhaps", he told reporters.

"This is extremely irresponsible."

http://www.reuters.com/article/us-cyber-fdic-china-idUSKCN0ZT20M

http://www.theregister.co.uk/2016/07/13/congress_accuses_fdic_of_hiding_chinese_hack/

 

[ctg]

The research wing of the US military has picked the seven teams who will compete to build machine-learning software that can find and patch bugs automatically to fend off hackers.

The DARPA Cyber Grand Challenge will be held at the DEF CON hacking conference next month. The agency has put up $2m in prize money in the unlikely event of a team building a system that can not only find flaws but write its own patches and deploy them without crashing.

The competition was inspired by DARPA's 2004 Grand Challenge to build a self-driving car. While that competition was initially a failure – with no car lasting more than eight miles before crashing out – the research inspired Google and others to build automated vehicles that have since clocked up millions of miles of travel.

Now DARPA wants to do the same for computer security. We're told software flaws go undetected in the wild for an average of 312 days; the agency has invested $55m in the Cyber Grand Challenge to build a system that can sniff out and fix programming errors automatically in seconds.

Mike Walker, the DARPA program manager organizing this year's contest, said the bar had been set deliberately high, and the agency isn’t expecting any team to produce a perfect system that can find and fix all flaws this year.

Early trials had been promising, however. In qualifying heats last year, 131 pieces of software were examined by AI rivals to find 590 software flaws that DARPA knew about. No team even came close to finding and fixing them all, but by combining the best results from each team, the test code was 100 per cent patched by the end of the competition.

For the final, the selected seven teams have each been given a DARPA-constructed high-performance computer powered by about a thousand Intel Xeon processor cores and 16TB of RAM. They have to program their machine with what DARPA calls a "cyber reasoning system" that will compete without human intervention to find and address exploitable flaws hidden in DARPA-supplied code.

"Is it possible the systems will fail at the start line? Every Grand Challenge we're had indicates that the answer is yes," Walker said. "Autonomy is incredibly hard and autonomy for the first time is breathtakingly hard. But it's not a viable proof of autonomy if we don't cut the cord for the final."

The cyber reasoning systems will also be networked so they can examine their competitors' software for flaws and get extra points if they can automatically generate proof-of-concept exploits for bugs found in their opponents.

The contest will be held over ten hours beginning at 5pm on August 4 in the Paris hotel ballroom in Las Vegas. At the end of the competition, the first-place team will win $2m, with $1m and $750,000 awards for second and third place.

"What I'm going to be interested in is not the result, but the first five minutes," Walker said. "For people who've played Capture the Flag, like myself, the first five minutes is finger-stretching and coffee time, but the machine could potentially get something done."

Once the competition is over all, the teams' code – and DARPA's test code – will be put online in perpetuity under an open-source license. Walker said DARPA was encouraging hackers to use the source for their own use. ®

http://www.theregister.co.uk/2016/0...rity_battle_in_def_con_cyber_grand_challenge/