Cyber-ketju: verkkovakoilu,kännyköiden ja wlanien seuranta, hakkerointi, virukset, DoS etc

[Ingsoc]

Kotimaa 24.7.2016 klo 17:27
Hurja ennuste F-Securen Hyppöseltä: Tekoäly tekee ohjelmoijista työttömiä
Tekoäly on mullistanut työnteon tietoturvayhtiö F-Securella. Kaksitoista vuotta kehitetty tekoäly seuloo väsymättä haittaohjelmia. Ihmiset voivat keskittyä vaikeimpiin tehtäviin. Tutkimusjohtaja Mikko Hyppönen uskoo, että vielä suurempi mullistus nähdään pian, kun tietokoneet alkavat kirjoittaa virheetöntä ohjelmakoodia. Yle tutustui tekoälyn käyttöön haittaohjelmien metsästyksessä, robotiikassa ja puheentunnistuksessa.

– Uskon, että lähivuosikymmeninä tietokoneet tekevät parempia ohjelmia kuin ihmiset, arvioi F-Securen tutkimusjohtaja Mikko Hyppönen. Kuva: Antti Hannpää / Yle

ILOVEYOU, kertoi sähköpostin otsikko keväällä 2000. Lempeä lupaava sähköposti teki mieli klikata auki heti, ja niin tekivät kymmenet miljoonat. Näin maailman siihen asti tuhoisin tietokonevirus levisi hetkessä ympäri maailmaa. Kotikoneiden lisäksi se tunkeutui CIA:n ja Pentagonin koneille.

– Epäillään, että tämä on yksi laajimmista tai laajin virustapaus koskaan. Kaikissa suurissa suomalaisissa yrityksissä on tartuntoja, totesi F-Securen silloinen tutkimusjohtaja Mikko Hyppönen Ylen TV-uutisissa.

F-Secure oli teknologiabuumin tähtiä. Firman listautumisanti merkittiin 35-kertaisesti, ja yrityksessä metsästettiin viruksia kuumeisesti.

Rakkausvirus oli vasta alkua. 2000-luvun alkuvuosina haittaohjelmien tekijät keksivät rakentaa ohjelmistaan muuntautuvia, joten samasta viruksesta oli liikkeellä lukemattomia versioita. Vuonna 2004 yritykseen tulvi jo päivittäin satoja näytteitä haittaohjelmista.

Energiajuomia kului valtavia määriä, sillä nuoret työntekijät työskentelivät kaikkina vuorokaudenaikoina palvellakseen asiakkaita eri aikavyöhykkeillä. Virusnäytteiden tutkiminen käsityönä oli hidasta, kallista ja epäterveellistä. Kunnes tekoäly tuli taloon.

Tekoäly seikkailee kuin seksituristi
Tavallinen tietokoneohjelma toteuttaa orjallisesti koodarin tekemiä käskyjä. Yksinkertaistaen: ohjelma voi antaa hälytyksen, jos ohjelmakoodista löytyy tietty merkkijono, vaikkapa iloveyou.txt. Tällä periaatteella toimiva ohjelma voi auttaa ihmistä, mutta kyse ei ole silti tekoälystä.

Tekoälyyn perustuva ohjelma toimii toisin. Ihminen esittää tekoälylle suuren määrän esimerkkejä haitallisista ohjelmista ja verkko-osoitteista. Näiden esimerkkien perusteella kone oppii erottamaan haitalliset tiedostot vaarattomista. Seulan tarkkuus parantuu sitä mukaa kun kone saa uusia esimerkkejä ja palautetta.


Tutkimusjohtaja Mika Ståhlberg on yksi F-Securen haittaohjelmia seulovan tekoälyn kehittäjistä. Kuva: Jouni Immonen / Yle
Tällaista koneoppivaa ohjelmistoa alkoivat kehittää vuonna 2005 F-Securen Paolo Palumbo ja Mika Ståhlberg.

– Emme silloin osanneet edes kutsua ratkaisuamme koneoppimiseksi, muistelee Ståhlberg.

Aluksi koneäly pyöri vain tutkijoiden tietokoneella, mutta viime vuosina pilviteknologia on kasvattanut sen laskentatehoa valtavasti. Siksi Palumbon ja Ståhlbergin tiimin kehittämä automaatio ja tekoäly on mullistanut työn F-Securella. Enää tietoturva-ammattilaisten armeijan ei tarvitse valvoa öitä alati lisääntyvien virusversioiden takia.

– Aiemmin meillä oli ihmisiä analysoimassa näytteitä 24/7. Nyt virusanalyytikot ovat muuttuneet rutiinityön tekijöistä koneiden opettajiksi, hän tiivistää.

Yrityksen tietokoneet seikkailevat verkossa väsymättä kuin raskaasti doupatut seksituristit. Ne vierailevat hämärissä paikoissa, vähät välittävät suojautumisesta ja kokeilevat kaikkea niille tarjottua. Tuloksena on valtava määrä tartuntoja, jotka yhä nokkelampi koneäly saa seulottavakseen. Valtaosan näytteistä tietokone pystyy tunnistamaan haitallisiksi tai haitattomiksi. Se tekee työn millisekunneissa.

– Myös kilpailijoilla on vastaavia mekanismeja käytössä, mutta uskomme, että automaatiomme on yksi parhaista tällä alalla. Tämän näyttävät myös testitulokset, sanoo Ståhlberg ylpeänä.

Tekoäly myös luokittelee aineistoa ja merkitsee tapaukset, joita ihmisten on syytä tutkia. Analyytikot käyvät läpi erikoisimpia tapauksia, sekä tilanteita joissa kone on tehnyt virheen. Haasteena ovat usein tapaukset, joissa kone antaa hälytyksen haitallisesta koodista, vaikka ohjelma on tosiasiassa vaaraton.

Tapausten perusteella ihmiset antavat tekoälylle uusia ohjeita haittaohjelmien löytämiseksi, eli opettavat tekoälyä yhä paremmaksi.

Ihminen on tietokoneeseen verrattuna ylivertainen, kun käsillä on jotakin ennennäkemätöntä, kuten uusi verkkovakoilijan hyökkäysohjelma.

– Ihminen pystyy tekemään ratkaisuja konetta paremmin intuitionsa perusteella: tämä näyttää pahalta. Haasteena on saada kone tekemään samat ratkaisut.

Suurimmat muutokset vasta tulossa
Murros virusten metsästäjien arjessa on ollut raju. Neljännesvuosisadan ajan haittaohjelmien kehitystä seurannut F-Securen tutkimusjohtaja Mikko Hyppönen arvioi, että suurin muutos on kuitenkin vasta tulossa.

Nykyään suuri osa tietoturvaongelmista johtuu siitä, että ohjelmakoodeissa on ihmisten tekemiä virheitä eli bugeja. Hyppönen arvioi ongelman poistuvan, kun tietokoneet alkavat kirjoittaa virheetöntä ohjelmakoodia.

– Uskon, että lähivuosikymmeninä tietokoneet tekevät parempia ohjelmia kuin ihmiset. Tietokone joka ohjelmoi itseään, ohjelmoi muutamassa sekunnissa tuhat kertaa paremman ohjelmoivan ohjelman, joka on taas tuhat kertaa edellistä parempi. Samalla kaikki maailman ohjelmoijat jäävät työttömiksi.

Hyppönen kuitenkin lupaa, että tietoturvan ammattilaisilla riittää töitä, vaikka tietokoneet pystyisivät tuottamaan virheetöntä ohjelmakoodia. Koneet eivät mahda mitään ihmisen luovalle hölmöydelle. Ihminen haluaa - nyt ja aina - avata viestin, jossa lukee vaikkapa ILOVEYOU.

– Ihmiset klikkaavat jokaista vastaan tulevaa linkkiä ja kirjoittavat salasanansa joka sivulle, joka sitä kysyy. Tämä ongelma ei poistu mihinkään.

http://yle.fi/uutiset/hurja_ennuste...tekoaly_tekee_ohjelmoijista_tyottomia/9013309

 

[ctg]

Russia's intelligence service said on Saturday that the computer networks of 20 organizations, including state agencies and defense companies, have been infected with spyware in what it described as a targeted and coordinated attack.

The Federal Security Service, the FSB, said the malware and the way the networks were infected were similar to those used in previous cases of cyber espionage found in Russia and other countries. The agency did not say who it suspected of being behind the attacks

http://www.reuters.com/article/us-russia-cyber-attacks-idUSKCN10A0F0

Russia's Government is reporting that malware designed to steal data has been found state systems at two dozen agencies and critical institutions.

Moscow did not reveal the names of the targeted agencies nor which attacks were successful and what data if any was stolen.

Military, scientific, and critical infrastructure organisations were targeted with malware The Register believes, based on Russia's statement, is likely a victim-specific remote access trojan.

Russia's Federal Security Service (FSB) says it "... found evidence of malicious software designed to commit cyber espionage against the computer networks of some 20 organisations located in Russia," in a canned statement.

"The malware is made for each individual victim based on the unique characteristics of the targeted PC.

"It spreads through targeted attacks on PCs through emails containing malicious attachments."

The security agency says it loads modules that capture snapshots of the victim's machine before customising further attacks to help intercept traffic, turn on and monitor microphones, capture screenshots and keystrokes, and siphon a wide variety of data sets.

Moscow and other governments rarely reveal details of attacks, and the Government says it is working to contain the threat, and identify victims and actors.

Malware writers in the country typically avoid attacking systems located in Russia in what is assumed to be an effort to avoid drawing local heat; It would be among the boldest of attacks should local hacking groups be behind the Moscow trojan attacks.

http://www.theregister.co.uk/2016/0..._scurrying_through_govt_systems_chewing_data/

 

[ctg]

China is apparently cracking down on white-hats, with local reports saying the founder of a 5,000-strong ethical hacker community has been arrested.

The reports first emerged on Chinese-language site Caixinwang and were picked up by the Hong Kong Free Press (HKFP).

The latter outlet report names Fang Xaiodun, founder of a group called Wooyun, as one of ten senior members of the group arrested sometime around July 22, less than a fortnight after the group held its annual convention in Beijing.

Wooyun only disclosed vulnerabilities if they were unable to get a response in private. It was regarded well enough to attract high-profile, public sponsorship for its convention on July 8 and 9: for example, a Chinese Wi-Fi hotspot provider called "exands" used the confab to show off secure Wi-Fi services.

Xaiodun hasn't made any posts to his WeChat account since July 18, and Wooyun's Website has been suspended since July 20. HKFP says Caixinwang's report suggests the group took the site down itself as a precaution, rather than in response to censorship.

With no official statement yet about the arrest, there's only speculation about the reasons – whether Wooyun had knocked on the door of government networks without permission, for example.

The Internet Society of China's legal consultant Zhao Zhanling told HKFP the Wooyun site was used only as the disclosure platform.

http://www.theregister.co.uk/2016/08/01/china_cuffs_ten_whitehats_nobody_knows_why/

Mikä saa kiinan pidättämään omia tietoturvakonsultteja?

 

[ctg]

Flight information screens at Vietnam's two main airports were hacked over the weekend to spout pro-Chinese propaganda.

AP reported that the public address system of Hanoi's Noi Bai airport and the Tan Son Nhat airport, which serves Ho Chi Minh City, were also hacked on Friday evening.

The hackers used the systems to make digs against Vietnam and the Philippines over a long-running territorial dispute against China involving disputed regions of the South China Sea. Authorities took the hacked systems offline.

Vietnam Airlines was also hacked (most likely defaced) around the same time, according to local reports.

Vietnamese transport minister Nguyen Nhat played down the significance of the attacks by saying neither the security of the airport nor its air traffic control systems was affected, according to local news outlet VnExpress.

From a technical perspective what happened in Vietnam is not that different to incidents where US traffic signs have been defaced by prankster hackers to warn of a looming zombie apocalypse. Weak passwords, insufficient or no encryption and a lack of network segmentation are probably behind the Vietnamese pwnage, El Reg's security desk would venture to suggest. Audio announcement systems can also be vulnerable.

For example, three years ago pranksters managed to hack a TV emergency alert system in Montana to broadcast an on-air audio warning about the supposed start of a zombie apocalypse.

http://www.theregister.co.uk/2016/08/01/vietnam_flight_info_hack/

 

[ctg]

PK lietsomassa kybersotaa etelän kanssa.

South Korea is accusing the North of using online attacks to target 90 diplomats, security officials, and journalists and of breaching 56 accounts run by such folk.

The attacks were thought-out and well constructed. Email account credentials were stolen through targeted spear-phishing linked to 27 domains setup to lure specific targets, rather than a generic wave of phishing containing broadly enticing subject matter.

Seoul has not yet confirmed if sensitive state secrets have been compromised, local news agency YonHap reports.

Supreme Prosecutors' Office officials said Monday the attacks occurred between January and June with attacks targeting the ministries of Foreign Affairs, and Defense and Unification.

Journalists posted to those agencies were targeted along with those investigating Pyongyang.

Seoul officials reckon the attacks reek of the North as threat fingerprints mirror those of a confirmed Pyongyang hack in 2014.

They blame the North's General Bureau of Reconnaissance, otherwise known as the nation's state-sponsored offensive hacking unit.

South Korea's National Security Service and the Korea Internet and Security Agency worked in concert with prosecutors to kill the phishing sites.

"It is important (for government officials) to refrain from using private email accounts for official work, and they should frequently change their email passwords," one prosecution official said.

"When officials carry out important tasks, it is desirable for them to take some security steps such as temporarily shutting down the internet."

That advice is off centre. Regular password resets have been long shown to do little to bolster defence or boot intruders, and can actually soften systems since users are generally inclined to select weaker and more cliche passwords as the need to constantly select new codes wears thin.

Shutting off the internet on a machine otherwise open to the public web would be little more than a chance coffee break for attackers.

North Korea attacks include hacks against Seoul defence contractors, social networks, and major online retailers, all of which have exposed sensitive documents and the personal information of tens of millions of residents

http://www.theregister.co.uk/2016/0..._officials_journalists_pop_53_email_accounts/

 

[ctg]

Tyypillinen NSA/GCHQ keikka

Amnesty International technologist and researcher Claudio Guarnieri and independent security researcher Collin Anderson traced recent Telegram account breaches in Iran to the SMS messages Telegram sends to people when they activate a new device. The texts contain a verification code that Telegram asks people to enter to complete a new device setup. A hacker with access to someone’s text messages can obtain these codes and enter them to add their own devices to the person’s account, thus gaining access to their data including chat histories.

The researchers think the Iranian hacking group Rocket Kitten is behind the Telegram breaches, based on similarities to the infrastructure of past phishing attacks attributed to the group. There is widespread speculation that Rocket Kitten has ties to the Iranian government. “Their focus generally revolves around those with an interest in Iran and defense issues, but their activity is absolutely global,” says John Hultquist, who manages the cyber espionage intelligence team at the security firm FireEye, of Rocket Kitten. In the case of the Telegram attacks, the researchers also suggested that SMS messages may have been compromised by Iranian cell phone companies themselves, an industry that also has potential ties to the government.

https://www.wired.com/2016/08/hack-brief-hackers-breach-ultra-secure-messaging-app-telegram-iran/

Telegram has about 100 million users worldwide and 20 million in Iran. The service has become an important tool for collecting and disseminating information in Iran. It is used by activists, journalists, and citizens more broadly to work around stringent government media control. The roughly 12 people directly targeted in this hack were people like that. “The individuals that are targeted [in these Telegram hacks] are individuals who are human rights activists, they’re opposition figures, they’re individuals tied with people who are currently in jail or under house arrest or these sorts of things,” Anderson said. “The fact that they’re going after these individuals shows that this is part of a larger understanding of the opposition environment inside of the country.”

The hackers also cast a wider net, though, by using Telegram’s API to confirm the phone numbers and usernames of 15 million out of roughly 20 million Iranian Telegram accounts. Though anyone can look up whether a particular individual is a Telegram user, as the company points out, collecting this information on such a large scale creates a different type of security concern, cataloging the majority of the service’s users in addition to targeting a particular few.

 

[ctg]

Black Hat The ongoing conflict between Russian and the Ukraine has shown the increasing sophistication of state-sponsored hackers and the casualties of war have included some surprising victims.

Dr Kenneth Geers, senior research scientist at Comodo and coauthor of a NATO-funded study into the conflict, told delegates at the Black Hat security conference that the conflict showed that online warfare is a fact of life and we had all better get used to the idea. You can grab his slides here and white paper here [PDFs].

“Last month, at a NATO summit in Poland, they adopted the motion that cyberspace is a legitimate domain of warfare. You can agree with that or not but it doesn’t matter, the world’s most powerful military alliance has declared it so.”

Geers has spent the last two years living in Ukraine and studying how the conflict has played out online, away from the battlefield. He said that as tensions on both sides mounted then there was a corresponding increase in hacking activity.

Back in 2012, when the situation was still jaw-jaw, not war-war, websites in Ukraine - and particularly government sites - were frequently defaced. By 2013 Ukrainian sysadmins saw penetration by advanced malware families such as Red October, miniduke and NetTraveler, laying the ground for future attacks.

By the the conflict became a shooting war in 2014 the gloves came off and Ukraine saw a massive and widespread technological campaign. The State Space Agency of Ukraine satellites found that some of its satellites were p0wned, there were special forces attacks against key data lines, and there were a series of political doxing attacks against NATO and the Ukraine.

For example, in February 2014 a highly embarrassing phone call between US Assistant Secretary of State Victoria Nuland and Geoffrey Pyatt, US ambassador to Ukraine, was leaked. In it Nuland was disparaging about some Ukrainian politicians ands was scathing about EU efforts to broker peace in the area, responding with “Fuck the EU.”.

Geers said that, as the troops were moving, there was a different kind of hacking. There was sudden and major changes to Wikipedia pages relating to the country, smart TV sets in the Ukraine were hacked and started displaying Russian propaganda, and fake social media posts were spammed out.

In the latter case the most infamous example was the case of Igor Rosovskiy, who posted on social media that he was a doctor in the Ukraine who had been prevented from treating the wounded by the “fascist” Ukrainian government. These were immediately picked up by Russian media, even after the posts were debunked and the picture of Rosovskiy was identified as being of a Russian dentist.

These attacks weren’t one sided, however. Ukrainian hackers started taking control of Russian digital billboards and broadcast their own propaganda. But the size, depth, and audacity of the Russian attacks shocked NATO, Geers said.

This culminated in an attack on the 2014 Ukrainian presidential election itself. After votes were cast on election day the official government website reported the wrong result. The hacked site reported that a candidate from a far-right party who received few votes had won, and again Russian media ran with the news.

Then there was the infamous hacking attack against the Ukrainian power system that blocked out 50 substations and left 200,000 people in the dark. Geers said the blackout was initiated by spear phishing staff at electrical utilities, blocking backup systems, with the possible use of a Cisco zero-day to gain control of key systems.

"There is no question cyberwar exists, but whether it rises to being a weapon of mass distraction isn’t certian,” he said. “It’s not decisive I think. But if you’re a tank commander and the opponent has a zero day on an app you need then it’s going to be a long day on the battlefield because modern military hardware is basically a collection of computers.”

http://www.theregister.co.uk/2016/0...s_and_billboards_all_hacked_in_ukrainian_war/

 

[ctg]

Iranin valtiollisesta.

Black Hat An attack group known for rudimentary phishing scams and having operational security so bad their servers were popped by Check Point has compromised a dozen Telegram accounts and gained phone numbers for a further 15 million, possibly with state assistance.

Telegram is a well-regarded end-to-end encrypted chat client used by some 100 million users including 20 million of Iran's 77 million residents.

The hack relied on the interception of SMS, a pervasive but imperfectly-secure means of delivering second factor authentication.

Iranian telcos could have provided the messages to the state-supported hacking group, researchers suggested. Tried-and-tested phone porting scams would be another way to redirect the text messages in order for attackers to add themselves as additional users on targeted Telegram accounts.

The "Rocket Kitten" hacking group has previously targeted civilian organisations and academia in Germany and Israel and holds some level of supporting interest in the Iranian state. It has compromised Israeli nuclear scientists and physicists, ex-military, Saudi scholars, NATO regional posts, and various media outlets.

It is behind hundreds of campaigns, labelled "projects" by the group, cooked up to compromise various targets.

It last year targeted organisations and probed security researchers with old-school and largely defunct macro document scams that require users of modern Office installations to click through security warnings to deliberately enable macros. Check Point popped the group's servers in November and found what it reckoned was the real identities of two Rocket Kitten members.

The operational security blunder meant one group member linked his alias with a real identity, while the entire group had infected their systems with their own malware in what Check Point wonks called an "utter lack of operational security".

"If all that wasn’t enough, we also managed to retrieve an updated resume for [one of the attackers]," they said at the time.

Check Point guessed the group was part of the large contingent of nationalist script kiddies who use scripts and bots to deface thousands of sites every day, and were roped into the world of espionage by Tehran.

Researchers Claudio Guarnieri of Amnesty International and independent hacker Collin Anderson suspect Iranian ISPs may have been prevailed upon to assist the attack, the pair told Reuters ahead of their talk at Black Hat Las Vegas.

"We have over a dozen cases in which Telegram accounts have been compromised, through ways that sound like basically coordination with the cellphone company," Anderson told the wire service.

The verification method is used by almost all IT services including Google and Facebook as a seemingly unshakable trade-off between convenience and security.

Compromising SMS is easy for established hackers. A target's basic information is all that's required - and often much less - for telecommunications providers to allow all incoming calls and SMS to be redirected to an attacker's phone number.

It is useful for capturing two factor authentication codes and bank transfer confirmation when stealing funds.

Telcos are notorious for allowing phone porting using information obtainable from most Facebook accounts.

http://www.theregister.co.uk/2016/0...pwned_by_textnabbing_flop_sec_script_kittens/

 

[JR49]

http://www.theregister.co.uk/2016/0...s_and_billboards_all_hacked_in_ukrainian_war/

Onpa mielenkiintoista. Pitäisköhän alkaa tehdä kuvakaappauksia tietyistä wiki-sivuista, jotta näkisi itse tilanteen elämisen...
Ja tuo smart-tv -hakkerointi, voiko Elisa Viihteeni muuttua alkaa suoltaa suomeksi vihollisen propagandaa primetimeen?

 

[ctg]

Ja tuo smart-tv -hakkerointi, voiko Elisa Viihteeni muuttua alkaa suoltaa suomeksi vihollisen propagandaa primetimeen?

Luultavasti tapahtuu, mutta ongelma naapurilla on että suomi on yksi maailman vaikeimmista kielistä opiskella ja sen sujuva tuottaminen vaatii melkein alkuperäisen suomalaisen.

 

[ctg]

120 000 bitcoinia on prosentti koko 12 miljoonasta, mikä on vapaana markkinoille. En halua spekuloida kuka teki, mutta summa on mieletön, kun ajattelee miten paljon asioita sillä voidaan ostaa. On melkein kuin joku teki itsestään kertaheitoilla bit coinien bill gatesin.

Yesterday afternoon, BitFinex, a Bitcoin exchange in Hong Kong, disabled its customer deposits and withdrawals functions and replaced the trading engine on its website with notification of a major security breach. Later in the day, Zane Tackett, the “Director of Community and Product Development” took to Reddit (under the username “zanetackett”) to confirm that an attack had occurred and that nearly 120,000 bitcoins had been stolen from individual customer accounts.

This latest hack, which amounts to a loss of around US $72 million, is the biggest plundering of a Bitcoin exchange since 2014 when 850,000 bitcoins disappeared from the books during Mark Karpeles’s tenure as CEO of Mt. Gox. As was the case in 2014, the value of the currency is now crashing. The market price of bitcoin, which had begun to steadily increase at the beginning of the summer, fell 15 percent on news of the BitFinex hack.

The statement from BitFinex provides no details as to how the attack was conducted, but assures customers that “the theft is being reported to—and we are co-operating with—law enforcement.”

Statements from Tackett on social media seem to rule out the possibility of an inside job. As a result, much speculation is being placed on the key management strategy that BitFinex had setup with its partner, BitGo, a Bitcoin wallet provider that uses multisignature transactions for security.

Multisignature transactions allow Bitcoin users to assign multiple private keys—the cryptographic proof required to initiate a transaction on the network—to a single Bitcoin address. In order to strengthen security, the keys attached to a multisignature address can be divied up among parties such that no one entity has full license to the spend the coins in that address. The measure is designed to provide an alternative to the single point of failure where one person holding a master key stands to lose everything in the event of a hack. If used correctly, multi-signature transactions can also limit the amount of trust in the relationship between cryptocurrency traders and exchanges.

BitFinex was compelled to set up multi-signature addresses for each of its trading customers after an investigation into its operations by the Commodity Futures Trading Commission. Among other things, the regulatory commission faulted BitFinex for holding client funds in an internal address that was exclusively controlled by the exchange. In order to comply with the Commission, BitFinex turned to BitGo. Each customer was then assigned a separate Bitcoin address to hold their deposits with three keys assigned. One key was held by BitGo. Two were held by BitFinex—one offline and one online. For any transaction to go through, any two of these keys would have to be presented.

As a holder of two of the keys, BitFinex, or a hacker with access to both the company’s keys, could have initiated the fraudulent transactions. Or, the hack could have involved a breach of both the BitGo and BitFinex security apparatus.

However, both scenarios make it clear that multisignature wallets are not a magic solution to the problem of rampant robbery of Bitcoin exchanges. Even the strongest security tools are useless when improperly implemented, as seems to be the case once again.

http://spectrum.ieee.org/tech-talk/...-exchange-loses-nearly-120000-bitcoin-in-hack

 

[JR49]

Luultavasti tapahtuu, mutta ongelma naapurilla on että suomi on yksi maailman vaikeimmista kielistä opiskella ja sen sujuva tuottaminen vaatii melkein alkuperäisen suomalaisen.

Näyttäähän niitä halukkaita suomalaisia löytyvän. Viimeksi Itä-Ukrainan suunnalta. Ja sujuvaa suomea tämä tamperelainen Venäjän Uutisetkin suolsi.

 

[Korsumajuri]

...summa on mieletön, kun ajattelee miten paljon asioita sillä voidaan ostaa. On melkein kuin joku teki itsestään kertaheitoilla bit coinien bill gatesin.

Näennäinen syy: hakkeri
Todellinen syy: bitcoin-pörssiä pyörittävien kriminaali välinpitämättömyys tietoturvasta

 

[OldSkool]

Tulipa vaan mieleen korostaa sitä että vaikka tälle palstalle linkatut uutiset (kiitos postaajille!) näyttävän tapahtuvan kauempana, suurvalloissa, usa, kiina, venäjä, lähi-itä jne ...
... niin ei pidä uskoa etteikö vastaavia murtoja tai kykyjä olisi myös euroopassa. Niistä ei vaan ole uutisia.
Ukraina-tyyppinen operaatio tulee taas joskus mutta missä.

 

[OldSkool]

Verkkovakoilu-uutinen: F-Secure on Ylen mukaan selvittänyt että Kiina on vakoiluohjelman takana, jossa urkittiin erimielisiä osapuolia ja sattuu natsaamaan oikeudenkäynnin etenemisen kanssa. Yllättyikö joku MPnettiläinen?
http://yle.fi/uutiset/suomalaisyhti...n_haittaohjelman__alkuperamaana_kiina/9073638

 

[ctg]

Cyber Command would be separated from the National Security Agency, a spy agency responsible for electronic eavesdropping, the officials said. That would give Cyber Command leaders a larger voice in arguing for the use of both offensive and defensive cyber tools in future conflicts. Both organizations are based at Fort Meade, Maryland, about 30 miles north of Washington, and led by the same officer, Navy Adm. Michael S. Rogers. A former senior intelligence official with knowledge of the plan said it reflects the growing role that cyber operations play in modern warfare, and the different missions of the Cyber Command and the NSA. The official spoke on condition of anonymity.

http://www.reuters.com/article/us-usa-cyber-idUSKCN10G254

 

[ctg]

The mission: to detect and patch as many software flaws as possible. The competitors: seven dueling supercomputers about the size of large vending machines, each emblazoned with a name like Jima or Crspy, and programmed by expert hacker teams to autonomously find and fix malicious bugs.

These seven “Cyber Reasoning Systems” took the stage on Thursday for DARPA’s Cyber Grand Challenge at the Paris Hotel and Conference Center in Las Vegas, Nev. They were competing for a $2 million grand prize in the world’s first fully autonomous “Capture the Flag” tournament. After eight hours of grueling bot-on-bot competition, DARPA declared a system named Mayhem, built by Pittsburgh, Pa.-based ForAllSecure as the unofficial winner. The Mayhem team was led by David Brumley. Xandra, produced by TECHX from GammaTech and the University of Virginia, placed second to earn a $1 million prize; and Mechanical Phish by Shellphish, a student-led team from Santa Barbara, Calif., took third place, worth $750,000.

DARPA is verifying the results and will announce the official positions on Friday. The triumphant bot will then compete against human hackers in a “Capture the Flag” tournament at the annual DEF CON security conference. Though no one expects one of these reasoning systems to win that challenge, it could solve some types of bugs more quickly than human teams.

Darpa hopes the competition will pay off by bringing researchers closer to developing software repair bots that could constantly scan systems for flaws or bugs and patch them much faster and more effectively than human teams can. DARPA says quickly fixing such flaws across billions of lines of code is critically important. It could help to harden infrastructure such as power lines and water treatment plants against cyberattacks, and to protect privacy as more personal devices come online.

http://spectrum.ieee.org/tech-talk/...-software-bugs-in-darpa-cyber-grand-challenge

The teams were not told what types of defects their systems would encounter in the finale, so their bots had to reverse engineer DARPA’s challenge software, identify potential bugs, run tests to verify those bugs, and then apply patches that wouldn’t cause the software to run slowly or shut down altogether.

To test the limits of these Cyber Reasoning Systems, DARPA planted software bugs that were simplified versions of famous malware such as the Morris worm and the Heartbleed bug. Scores were based on how quickly and effectively the bots deployed patches and verified competitors’ patches, and bots lost points if their patches slowed down the software. “If you fix the bug but it takes 10 hours to run something that should have taken 5 minutes, that's not really useful,” explains Corbin Souffrant, a Raytheon cyber engineer.

Members of the Deep Red team described how their system accomplished this in five basic steps: First, their machine (named Rubeus) used a technique called fuzzing to overload the program with data and cause it to crash. Then, it scanned the crash results to identify potential flaws in the program’s code. Next, it verified these flaws and looked for potential patches in a database of known bugs and appropriate fixes. It chose a patch from this repository and applied it, and then analyzed the results to see if it helped. For each patch, the system used artificial intelligence to compare its solution with the results and determine how it should fix similar patches in the future.

During the live competition, some bugs proved more difficult for the machines to handle than others. Several machines found and patched an SQL Slammer-like vulnerability within 5 minutes, garnering applause. But only two teams managed to repair an imitation crackaddr bug in SendMail. And one bot, Xandra by the TECHx team, found a bug that the organizers hadn’t even intended to create.

Whether humans or machines, it’s always nice to see vanquished competitors exhibit good sportsmanship in the face of a loss. As the night wound down, Mechanical Phish politely congratulated Mayhem on its first place finish over the bots’ Twitter accounts.

 

[ctg]

Security experts have discovered a malware platform that’s so advanced in its design and execution that it could probably have been developed only with the active support of a nation state.

The malware—known alternatively as “ProjectSauron” by researchers from Kaspersky Lab and “Remsec” by their counterparts from Symantec—has been active since at least 2011 and has been discovered on 30 or so targets. Its ability to operate undetected for five years is a testament to its creators, who clearly studied other state-sponsored hacking groups in an attempt to replicate their advances and avoid their mistakes. State-sponsored groups have been responsible for malware like the Stuxnet- or National Security Agency-linked Flame, Duqu, and Regin. Much of ProjectSauron resides solely in computer memory and was written in the form of Binary Large Objects, making it hard to detect using antivirus.

Because of the way the software was written, clues left behind by ProjectSauron in so-called software artifacts are unique to each of its targets. That means that clues collected from one infection don’t help researchers uncover new infections. Unlike many malware operations that reuse servers, domain names, or IP addresses for command and control channels, the people behind ProjectSauron chose a different one for almost every target.

…


Part of what makes ProjectSauron’s so impressive is its ability to collect data from air-gapped computers. To do this, it uses specially prepared USB storage drives that have a virtual file system that isn’t viewable by the Windows operating system. To infected computers, the removable drives appear to be approved devices, but behind the scenes are several hundred megabytes reserved for storing data that is kept on the air-gapped machines. The arrangement works even against computers in which data-loss prevention software blocks the use of unknown USB drives.

Kaspersky researchers still aren’t sure precisely how the USB-enabled exfiltration works. The presence of the invisible storage area doesn’t in itself allow attackers to seize control of air-gapped computers. The researchers suspect the capability is used only in rare cases and requires use of a zero-day exploit that has yet to be discovered. In all, Project Sauron is made up of at least 50 modules that can be mixed and matched to suit the objectives of each individual infection.

http://arstechnica.com/security/201...sually-advanced-malware-that-hid-for-5-years/

 

[miheikki]

Pokemon off.

UUTISET http://www.mikrobitti.fi/2016/08/ar...-ette-vastaa-75-paivittaiseen-tekstiviestiin/
ARMEIJAKUNNAN KOMENTAJALTA TUIMA MÄÄRÄYS: ”KERTOKAA PUOLISOILLENNE JA ÄIDEILLENNE, ETTETTE VASTAA 75 PÄIVITTÄISEEN TEKSTIVIESTIIN”


Merijalkaväen tehtävä on taistella ja suojella Yhdysvaltain etua, ei notkut naama kiinni älypuhelimessa, armeijakunnan komentajana toimiva kenraali Robert B. Neller muistuttaa.

Nellerin mukaan Yhdysvaltain armeijan nykymeno on aivan mahdotonta. Sotilaat ovat naama kiinni älypuhelimessa ja käyttävät surutta gps-yhteyksiä.

Nellerin mukaan hän on nähnyt harjoituksia, joissa älylaitteiden käyttö on jopa saattanut paljastaa sijainnin vihollisille. Erääseen tällaisista harjoituksista osallistui Marine Expeditionary Force, jonka tehtävänä on toimia etulinjassa.

”Mistä luulette, että MEFin tukikohdan suurin elektomagneettinen merkki oli lähtöisin? Majoitusalueelta. Miksikö? Siksi, koska kaikilla oli puhelimet päällä. Täytyykö meidän kerätä heiltä puhelimet pois?” Neller kysyy.

”Tiedän, että se kuulostaa hölmöltä, mutta se ei silti ole sitä. Joten, kyllä, merijalkaväen sotilaat, lähdemme maastoon 30 päiväksi. Jättäkää puhelimet autoihinne ja ilmoittakaa puolisoillenne, äideillenne, enoillenne ja tädeillenne, että ette tulee saamaan heidän 75 päivittäistä tekstiviestiään ja vastaamaan niihin”, Neller sanoo.

Yhdysvaltain merivoimat on käynnistänyt ohjelman, jossa riippuvuutta seurannan mahdollistavasta teknologiasta rajoitetaan. Tämä helpottaa laivaston liikkeiden naamiointia potentiaaliselta viholliselta. Ohjelmassa muun muassa pyritään kouluttamaan merivoimien henkilöstöä suunnistamaan jälleen tähtien avulla. Älylaitteiden käyttö sota-aluksella voi kuitenkin pilata suunnitelmat.

”Tajusimme, että ratkaisumme ei olekaan oikea, koska, tiedättehän, merimies Hicks päätti tarkistaa Facebook-sivunsa, suunnisti kannelle yöllä puhelin kourassaan, ja mikä siinä puhelimessa on? Siinä on GPS. Joten kuka tahansa maailmassa pystyy sen jälkeen kertomaan, että gps-signaali on peräisin jostain päin valtamerta, todennäköisesti laivalta”, Neller muistuttaa.

Neller vaatii, että merijalkaväki alkaa taas keskittyä olennaiseen: kaivamaan poteron, naamioitumaan ja liikkumaan jatkuvasti ja mahdollisimman huomaamattomasti, CNN kirjoittaa.

”Milloin viimeksi näitte Irakissa tai Afghanistanissa operoivien sotilaiden naamioivan itsensä, jotta heitä ei havaittaisi? Milloin viimeksi?” Neller tivaa.

 

[Korsumajuri]

Ja tuo smart-tv -hakkerointi, voiko Elisa Viihteeni muuttua alkaa suoltaa suomeksi vihollisen propagandaa primetimeen?

Se suoltaa sitä jo nyt.