Cyber-ketju: verkkovakoilu,kännyköiden ja wlanien seuranta, hakkerointi, virukset, DoS etc

  • Viestiketjun aloittaja Viestiketjun aloittaja OldSkool
  • Aloitus PVM Aloitus PVM
THE UK has flung open the doors of the National Cyber Security Centre (NCSC) as it looks to protect the country from hackers.

The centre is based in London, near Victoria, and is headed by Ciaran Martin, formerly director general for cyber at GCHQ. Dr Ian Levy, currently technical director for cyber security at GCHQ, will join as technical director. They will oversee 700 staff at the facility.

Speaking ahead of the launch of the centre last month Martin revealed that the government logs over 200 "national security-level cyber incidents" a month, and that it is only a matter of time before one does serious damage.

The creation of a new centre to coordinate the response to cyber threats, including working with the private sector to have the right protection in place, was seen as vital for the future of the country.

Ben Gummer, minister for the Cabinet Office and Paymaster General, said that the centre in London will act as a hub of interactions between government, business and the security world.

"Whilst retaining access to the world-leading capabilities, partnerships and people of the intelligence community, this new centre will have an ‘open door’ policy which will make it easier for businesses of all sizes to get the best support available for cyber issues," he said.

One of the first NCSC projects is working with the Bank of England to produce advice for the financial sector to manage the risks of cyber attacks.

Martin also revealed that the organisation is looking at the idea of a nationwide DNS filter, effectively creating a giant firewall that would block content or websites through partnerships with major network firms operating in the UK.
http://www.theinquirer.net/inquirer...ith-opening-of-national-cyber-security-centre
 
The F.B.I. secretly arrested a former National Security Agency contractor in August and, according to law enforcement officials, is investigating whether he stole and disclosed highly classified computer code developed by the agency to hack into the networks of foreign governments.

The arrest raises the embarrassing prospect that for the second time in three years, a contractor for the consulting company Booz Allen Hamilton managed to steal highly damaging secret information while working for the N.S.A. In 2013, Edward J. Snowden, who was also a Booz Allen contractor, took a vast trove of documents from the agency that were later passed to journalists, exposing surveillance programs in the United States and abroad.

The contractor was identified as Harold T. Martin III of Glen Burnie, Md., according to a criminal complaint filed in late August and unsealed Wednesday. Mr. Martin, who at the time of his arrest was working as a contractor for the Defense Department after leaving the N.S.A., was charged with theft of government property and the unauthorized removal or retention of classified documents.

Mr. Martin, 51, was arrested during an F.B.I. raid on his home on Aug. 27. A neighbor, Murray Bennett, said in a telephone interview on Wednesday that two dozen F.B.I. agents wearing military-style uniforms and armed with long guns stormed the house, and later escorted Mr. Martin out in handcuffs.

According to court documents, the F.B.I. discovered thousands of pages of documents and dozens of computers or other electronic devices at his home and in his car, a large amount of it classified. The digital media contained “many terabytes of information,” according to the documents. They also discovered classified documents that had been posted online, including computer code, officials said. Some of the documents were produced in 2014.

But more than a month later, the authorities cannot say with certainty whether Mr. Martin leaked the information, passed them on to a third party or whether he simply downloaded them.
http://www.nytimes.com/2016/10/06/u...-hamilton.html?smid=tw-nytimes&smtyp=cur&_r=0
 
Hyvä veto naapurin pressalta. Huonompi asia meidän kannalta. Onneksi meillä on Linus ja muut isot nörtit. Plus suurin osa kansaa hyvin perillä asioista.

Russia's State Duma is currently considering a bill that would force government agencies to acquire only open source software, for reasons of national security, economic development and cost.

The Bill, which after some online translation service fun we think is called “On the Specifics of procurement of proprietary (closed) and free software”. The Bill 's explanatory memorandum offers a few reasons for the move, among them a desire to keep roubles in Russia because sanctions agains the nation have meant exchange rates now make purchasing from western concerns unpleasantly expensive.

The memorandum also notes that all the cool countries are using lots of open source and that Russia wants to keep up with the in-crowd.

There's also a mention of a security problem caused by IBM software running Russia's national procurement site zakupki.gov.ru. Which is ironic, because the Duma's legislation-tracking site posts .nsf pages – a sure sign that IBM's Notes/Domino is running somewhere.

Another section of the memorandum explains that various Russian government agencies have already adopted open source software. There's even a tantalising mention that the All-Russian Scientific Research Institute of Experimental Physics (RFNC-VNIIEF) “is developing the appropriate platform to replace Microsoft products, VMware and Oracle.”

The Bill is just that. But we know Russia wants to reduce its dependence on imported hardware, again for reasons of security and economic development. We also know that Russian president Vladimir Putin makes nationalism a key part of his platform. Which we note because while the bill and its memorandum talk up nourishing mother Russia and its industries, the bill also says agencies can buy closed source code if they just can't find alternatives.

Business applications that express complex business processes take years to develop and Putin couldn't possibly want Russians to make do with second-class services, could he?
http://www.theregister.co.uk/2016/10/07/russia_government_ponders_open_source_purchasing_preference/
 
Olen epäillyt tämän olevan tosiasia sitten vuosituhanteen vaihteen. Nyt tuli vahvistus. Meidän kannalta hyvä asia, koska olen huomannut tämän olevan erityisesti esillä tavallisilla ihmisillä. Ja siihen ei auta jankuttiminen vaan opettaminen heitä käyttämään one-password systeemejä, h4kk3r1 kieltä salasanoissa.

Olen myös huomannut että 14 merkkiä rupeaa olemaan yläarvo tavallisissa kansalaisissa.

CHANGING PASSWORDS is just too much for some people, according to research, and causes them to do stupid things.

This is called 'security fatigue', apparently, and comes straight from the National Institute of Standards and Technology (NIST) and a collection of clipboards and pens.

"After updating your password for the umpteenth time, have you resorted to using one you know you'll remember because you've used it before? Have you ever given up on an online purchase because you just didn't feel like creating a new account?" asked NIST.

"If you have done any of those things, it might be the result of ‘security fatigue'. It exposes online users to risk and costs businesses money in lost customers."

We reckon it's true. Who hasn't dumped a transaction at the password point? Who hasn't returned to old pastures when it comes to picking a preferred log-in? Probably most of us.

"The finding that the general public is suffering from security fatigue is important because it has implications in the workplace and in people's everyday life," said cognitive psychologist and NIST report co-author Brian Stanton.

"It is critical because so many people bank online, and healthcare and other valuable information is being moved to the internet. If people can't use security, they are not going to, and then we and our nation won't be secure."

Password picking is a problem. People keep using 'Password' as a password, for example, but the results of the study surprised the researchers.

"We weren't even looking for fatigue in our interviews, but we got this overwhelming feeling of weariness throughout all of the data," explained computer scientist and report co-author Mary Theofanos.

"Years ago, you had one password to keep up with at work. Now people are being asked to remember 25 or 30. We haven't really thought about cyber security expanding and what it has done to people."
http://www.theinquirer.net/inquirer...st-thing-to-happen-to-people-since-insecurity
 
CAMBRIDGE, Ma.—The National Security Agency came out in support of encryption again Wednesday, but privacy advocates were quick to contest the agency’s stance, criticizing it for having a different definition of the term than others.

Glenn Gerstell, general counsel for the NSA, stressed that the agency believes in strong encryption multiple times during a panel, “Privacy vs. Security: Beyond the Zero-Sum Game,” at Cambridge Cyber Summit here at MIT, on Wednesday. Related Posts NSA Contractor Charged With Stealing Classified Hacking Secrets October 5, 2016 , 6:31 pm Yahoo Slams Email Surveillance Story: Experts Demand Details October 5, 2016 , 12:30 pm Experts Want Transparency From Government’s Vulnerabilities Equities Process September 20, 2016 , 2:41 pm Another panelist, Cindy Cohn, executive director of the Electronic Frontier Foundation, took offense and said that when the NSA uses the word encryption, it should really place an asterisk at the end.

“I think there should be an asterisk most of the time. I’ve been in meetings with people from the NSA and FBI and when they say we support strong encryption… what they really mean is strong encryption that only they have access to,” Cohn said.
See more at: EFF: NSA’s Support of Encryption ‘Disingenuous’ https://wp.me/p3AjUX-vvM
 
Nyt dokumentti Stuxnetistä on jaossa. Näyttelijän avulla pari rohkeaa Nsa:n ja Cia: ihmistä kertoo tästä katastrofista.

Nsa teki sen. Cyberosaston nörtit.
Joilla työpöydällä valomiekkoja ja kuolemantähtiä. Yksi kulki keltainen viitta harteilla töissä.
Israel oli mukana ja meni muuttamaan sen koodia vastoin sovittua. Se karkasi.

Sillä ei saatu aikaan muuta kuin pieni notkahdus rikastuslaitteiston määrässä noin vuodeksi. Tästä sisuuntuneena Iran hankki niitä vielä enemmän.
Samoin Iranilla on maailman suurimpia cyberyksiköitä nykyään..

Iranin vastaus tuli kahdessa erässä. Ensin jättimäinen petroolikonserni joutui hyökkäyksen kohteeksi. Virus pyyhki heidän laitteet täysin tyhjäksi. Sitten hyökättiin suurimpiin pankkeihin. Ne oli noin viikon alhaalla.

Jenkit lähti vastaamaan tähän. Edelleen iso osa Usan virastoista ei ollut tietoisia, että stuxnet oli heidän. Sitä pidettiin uhkana. Jenkit tunkeutui kaikkialle Iranissa. Teollisuuteen,liikeenteeseen ja sähkö ja rahaverkkoihin.
Ilmatorjunassa roikkuivat seuraten tilannetta ja tarvittaessa sammuttaisivat sen. Jotain vastaavaa odotettavissa nyt Venäjälle viimepäivien uutisten mukaan.

Tapaus on saanut osalliset pelkäämään,koska cybersodassa ei ole sääntöjä vielä. Peräänkuuluttivat, että täytyy alkaa neuvottelemaan pelisäännöistä samanlailla kuin ydinaseista. Ennenkö tapahtuu jotain todella vakavaa. Tuollaisen ison maan sähköverkon romahduttamisesta muistutettiin, että sitä ei saa takaisin päälle noin vain. Siihen liittyy tuhansia suodattimia,jäähdyttimiä ja muita kriittisiä juttuja.
Dokumentti löytyy nimellä Zero day
 
Koneongelmia SIPRNet-verkossa, verkkoa rakennetaan uudelleen:
Teknologian ansiosta sotaa ei enää useinkaan käydä mies miestä vastaan. Pisimmälle etäsodankäynnin on vienyt USA, jonka kriisialueilla tappotöissäkin liikkuvia lennokkeja ohjataan oman maan kamaralta.

Buzzfeed kirjoittaa, että tietokonejärjestelmän kaatuminen esti kauko-ohjattavien lennokkien käytön syyskuussa. Ongelmat iskivät etäpilottien käyttämään SIPRNet-verkkoon (Secret Internet Protocol Router Network).

Tieto tapahtuneesta paljastui ilmavoimien raportista, joka käsitteli ulkopuolisten kumppanien käyttöä.

Toimintakyky onnistuttiin palauttamaan purukumivirityksellä, ottamalla käyttöön heikkotehoisempia varalaitteita. Vian syystä ei ole tietoa, joten kaikki vaihtoehdot ovat avoimina teknisestä viasta hakkerihyökkäykseen.

USA:n tappajalennokkien iskut eivät ole aina osuneet kohdalleen, sivulliset ovat joutuneet tämän tästä uhreiksi. Pian SIPRNet-häiriöiden alettua tällaisia tappavia harhaiskuja tapahtui Syyriassa, Afganistanissa ja Somaliassa. Niiden uhriluvuksi kerrotaan lähes sata ihmistä.

Ilmavoimien tiedottaja vakuuttaa Buzzfeedille, että järjestelmähäiriö ei ollut syynä näihin.
http://www.tivi.fi/Kaikki_uutiset/t...evika-rampautti-usa-n-tappajalennokit-6590314
alkuperäinen:
The Air Force is investigating the failure of its classified computer network at Creech Air Force Base, a key nerve center for worldwide drone and targeted killing operations, BuzzFeed News has learned. The network, which crashed in early September, has not been completely rebuilt, according to US government contracting records.
https://www.buzzfeed.com/aramroston...omputer-system?utm_term=.yl40qJJ6X#.arJPvVV3q
 
A nuclear power plant became the target of a disruptive cyber attack two to three years ago, and there is a serious threat of militant attacks on such plants, the head of the United Nations nuclear watchdog said on Monday.

International Atomic Energy Agency (IAEA) Director Yukiya Amano also cited a case in which an individual tried to smuggle a small amount of highly enriched uranium about four years ago that could have been used to build a so-called "dirty bomb".

"This is not an imaginary risk," Amano told Reuters and a German newspaper during a visit to Germany that included a meeting with Foreign Minister Frank-Walter Steinmeier.

"This issue of cyber attacks on nuclear-related facilities or activities should be taken very seriously. We never know if we know everything or if it's the tip of the iceberg."

Amano declined to give details of either incident, but said the cyber attack had caused "some disruption" at the plant, although it did not prove to be very serious since the plant did not have to shut down its operations. He said he had not previously discussed the cyber attack in public.

"This actually happened and it caused some problems," he said, adding while the plant did not have to shut down, it "needed to take some precautionary measures."

He said the attack was disruptive, not destructive, a term used to refer to incidents like the 2014 attack that destroyed data on computers of Sony Corp's Sony Pictures Entertainment and rendered some of its internal networks inoperable.

Concerns about cyber attacks on nuclear sites have grown in recent years after the emergence of computer malware that can be used to attack industrial controls. The issue flared again after Belgian media reported that the suicide bombers who killed 32 people in Brussels on March 22 originally looked into attacking a nuclear installation.

Korea Hydro & Nuclear Power Co Ltd, which operates 23 nuclear reactors in South Korea, said in 2014 it was beefing up cyber security after non-critical data was stolen from its computer systems, although reactor operations were not at risk.

In April, German utility RWE increased its security after its Gundremmingen nuclear power plant was found to be infected with computer viruses. The company said they did not appear to have posed a threat to operations.

Security experts say blowing up a nuclear reactor is beyond the skills of militant groups, but the nuclear industry has some vulnerabilities that could be exploited.
http://www.reuters.com/article/us-nuclear-cyber-idUSKCN12A1OC
 
On March 19 of this year, Hillary Clinton's campaign chairman John Podesta received an alarming email that appeared to come from Google. The email, however, didn't come from the internet giant. It was actually an attempt to hack into his personal account. In fact, the message came from a group of hackers that security researchers, as well as the U.S. government, believe are spies working for the Russian government.

At the time, however, Podesta didn't know any of this, and he clicked on the malicious link contained in the email, giving hackers access to his account. The data linking a group of Russian hackers -- known as Fancy Bear, APT28, or Sofacy -- to the hack on Podesta is also yet another piece in a growing heap of evidence pointing toward the Kremlin. And it also shows a clear thread between apparently separate and independent leaks that have appeared on a website called DC Leaks, such as that of Colin Powell's emails; and the Podesta leak, which was publicized on WikiLeaks. All these hacks were done using the same tool: malicious short URLs hidden in fake Gmail messages. And those URLs, according to a security firm that's tracked them for a year, were created with Bitly account linked to a domain under the control of Fancy Bear.

The phishing email that Podesta received on March 19 contained a URL, created with the popular Bitly shortening service, pointing to a longer URL that, to an untrained eye, looked like a Google link. Inside that long URL, there's a 30-character string that looks like gibberish but is actually the encoded Gmail address of John Podesta.

According to Bitly's own statistics, that link, which has never been published, was clicked two times in March. That's the link that opened Podesta's account to the hackers, a source close to the investigation into the hack confirmed to Motherboard. That link is only one of almost 9,000 links Fancy Bear used to target almost 4,000 individuals from October 2015 to May 2016. Each one of these URLs contained the email and name of the actual target. The hackers created them with with two Bitly accounts in their control, but forgot to set those accounts to private, according to SecureWorks, a security firm that's been tracking Fancy Bear for the last year.
http://www.esquire.com/news-politics/a49791/russian-dnc-emails-hacked/
 
Naapurin valtiollisesta operaatiosta, missä tiedusteluviranomaiset tuntuvat toimivan käsittelijöinä yksittäisille ryhmille, mitä he kontrolloivat ties millä. Raha ja kiristys on varmaan ne kaksi suosituinta. Numerokaupunki on varmaan jossain siellä listalla, mutta ilman mitään todisteita, tämä on pelkkää spekulaatiota heidän toiminnasta.

Security researchers have shone fresh light on the allegedly Russian state-sponsored hacking crew blamed for ransacking the US Democratic National Committee's computers.

Sednit – also known as APT28, Fancy Bear and Sofacy – has been operating since 2004. The cyber-mob has reportedly infiltrated machines operated by targets as diverse as the DNC, the German parliament, Hillary Clinton's presidential campaign boss John Podesta, former US Secretary of State Colin Powell, and the French TV network TV5Monde.

Other targets include high-profile figures in Eastern European politics – such as Ukrainian leaders, NATO officials and Russian political dissidents. Thousands of emails with booby-trapped links to password-stealing phishing pages were sent out by the gang to victims, snaring anyone who followed the bit.ly- and tiny.cc-concealed URLs and handed over their login credentials.

Sensitive documents and private emails taken from some of the hacking targets – notably the DNC and John Podesta – were leaked online via WikiLeaks and other sites. It strongly suggests that WikiLeaks, DC Leaks and Guccifer 2.0 are working from the same source material – material obtained and disclosed by these alleged state-backed miscreants in Russia.

But it's not just phishing attacks that the Spetsnaz of computer hacking favors. The crew also wields zero-day exploits to infect computer systems belonging to its targets, according to security researchers at ESET, the Slovakian IT security company:

Most of the targets uncovered by ESET's research have Gmail addresses, the majority of which belong to individuals. Individual targets included political leaders and heads of police of Ukraine, members of NATO institutions, members of the People's Freedom Party, Russia's People's Freedom Party, Russian political dissidents 'Shaltay Boltai,' an anonymous Russian group known to release private emails of Russian politicians, journalists based in Eastern Europe, academics visiting Russian universities, and Chechen organizations.

The group exploited no fewer than six zero-day vulnerabilities in the likes of Windows, Adobe Flash and Java last year alone, according to ESET. "A run-of-the-mill criminal gang would be unlikely to make use of quite so many previously unknown, unpatched vulnerabilities because of the significant skill, time and resources required to properly uncover and exploit them," it concludes.
http://www.theregister.co.uk/2016/10/20/alleged_dnc_hackers_six_zerodays/

https://regmedia.co.uk/2016/10/20/eset-sednit-part1.pdf
 
Näin se homma etenee, yhtiöiden pakottaessa Mandantory Security Rulings, ja ihmiset eivät ymmärrä että automatic update on vuotanut vuosia. Se on suora kanava koneen haltuunottoon. Ei helppo exploitti, mutta ollut tiedossa ties kuinka kautta. Kuitenkin menee ihmisten huomion ohi, koska suurin osa käyttäjistä ei ymmärrä konfikuroinnin hienouksia taikka miten systeemi toimii käytännössä.

Kaspersky Labs researcher Anton Ivanov says an advanced threat group was exploiting a Windows zero day vulnerability before Microsoft patched it last week.

Microsoft says the graphics device interface vulnerability (CVE-2016-3393) allowed attackers to gain remote code execution and elevation of privilege powers.

Ivanov's analysis reveals a hacking group dubbed FruityArmor was exploiting the vulnerability in chained attacks, using a True Type Font to trigger the bug.

Here's some of his explanation:

"In the case of FruityArmor, the initial browser exploitation is always followed by an EoP exploit. This comes in the form of a module, which runs directly in memory. The main goal of this module is to unpack a specially crafted TTF font containing the CVE-2016-3393 exploit.

After unpacking, the module directly loads the code exploit from memory with the help of AddFontMemResourceEx. After successfully leveraging CVE-2016-3393, a second stage payload is executed with higher privileges to execute PowerShell with a meterpreter-style script that connects to the command and control server."

The attack saw browser sandboxes broken and higher privileges attained before a second payload executed with the newly-acquired higher access privileges.

Windows 10's efforts to push font processing into a special user mode that restricts privileges did not stop the exploit.

"This is a very good solution but the code has the same bug in the TTF processing," Ivanov says.

The researcher says the group is unusual in its use of Powershell for its entire attack platform including the main malicious implant.

He did not reveal complete details of the attack to safeguard as-yet unpatched users
http://www.theregister.co.uk/2016/10/21/fruity_hacking_group_loses_zero_day_in_october_patch_parade/
 
Tänään olivat Ruotsin kriisi-infon verkkosivut hyökkäyksen kohteena.


Ja nyt on nurin ainakin seuraavat sivustot: Twitter, Spotify, Netflix, Amazon, Tumblr and Reddit.

Kyseessä on ollut ainakin kaksi "hyökkäysaaltoa": "At least two successive waves of online attacks blocked multiple major websites Friday, at times making it impossible for many users on the East Coast to access Twitter, Spotify, Netflix, Amazon, Tumblr and Reddit." lähde: http://www.usatoday.com/story/tech/...-east-coast-netflix-spotify-twitter/92507806/

Melkeinpä uskaltaisin veikata, että tulevina viikkoina näitä nähdään lisää. Ei jää tähän.

vlad
 
Ja nyt on nurin ainakin seuraavat sivustot: Twitter, Spotify, Netflix, Amazon, Tumblr and Reddit.

Kyseessä on ollut ainakin kaksi "hyökkäysaaltoa": "At least two successive waves of online attacks blocked multiple major websites Friday, at times making it impossible for many users on the East Coast to access Twitter, Spotify, Netflix, Amazon, Tumblr and Reddit." lähde: http://www.usatoday.com/story/tech/...-east-coast-netflix-spotify-twitter/92507806/

Melkeinpä uskaltaisin veikata, että tulevina viikkoina näitä nähdään lisää. Ei jää tähän.

vlad

Idea on ainakin selvä. Kriisisivut alas ja samalla estetään tiedonkulku Twitterissä ja Facebookissa ym. Tämä on samanlaista harjoittelua kuin kaikki muukin. Yksi tohelo valmistautuu sotaan.
 
Idea on ainakin selvä. Kriisisivut alas ja samalla estetään tiedonkulku Twitterissä ja Facebookissa ym. Tämä on samanlaista harjoittelua kuin kaikki muukin. Yksi tohelo valmistautuu sotaan.

RFRL:llä hiukan tästä massiivisesta hyökkäyksestä - jäljet johtavat Venäjälle ja Kiinaan.

"Hacking Group From Russia, China Claims Credit For Massive Cyberattack

A hacker group from China and Russia claimed responsibility for a massive cyberattack that caused outages on popular websites from the U.S. east coast to Europe and Asia on October 21.

New World Hackers claimed responsibility for the attack via Twitter, though U.S. authorities said they could not verify the claim. They said they organized networks of "zombie" computers to throw 1.2 terabits per second of data at servers managed by Dyn Inc.

"We didn't do this to attract federal agents, only test power," two group members who identified themselves as "Prophet" and "Zain" told AP via Twitter. They said more than 10 members participated in the attack.

The two told AP that 30 people have access to the @NewWorldHacking Twitter account that claimed responsibility for the attack. They said 20 are in Russia and 10 in China.

Dyn, which serves some of the biggest names on the web including Twitter, Netflix, Spotify, and PayPal, said it does not know who was behind the attacks. The FBI said it is investigating the matter.

The hacking group has in the past claimed responsibility for similar attacks against sites including ESPN and the BBC. It has also claimed responsibility for cyberattacks against Islamic State
." (linkki: http://www.rferl.org/a/hacking-grou...witter-massive-cyberattack-dyn-/28068649.html )

Aamulla jäi Aamu-tv sun muut katsomatta (nukutti liikaa), joten en tiedä kuinka paljon tämä asia on saanut Suomessa huomiota - millainen on ollut vastaanotto.

Ylellä on lyhyt uutinen asiasta, joka nyt ei kerro oikeastaan mitään muuta kuin sen, että tällainen hyökkäys tapahtui (ei kuka takana tms.)

http://yle.fi/uutiset/3-9246146

Mikäli tämä on kuva kaikkialla medioissa, tuntuu siltä, että Suomessa ei ehkäpä ihan ole ymmärretty sitä mikä tämän tarkoitus on ollut. Ehkäpä siellä hämää se, että joukossa on NetFlixiä, Amazonia tms. Koko kuvio jää ymmärtämättä medioissa - ammattilaiset ovat sitten toinen juttu. Onko heitä kuultu?

vlad
 
RFRL:llä hiukan tästä massiivisesta hyökkäyksestä - jäljet johtavat Venäjälle ja Kiinaan.

"Hacking Group From Russia, China Claims Credit For Massive Cyberattack

A hacker group from China and Russia claimed responsibility for a massive cyberattack that caused outages on popular websites from the U.S. east coast to Europe and Asia on October 21.

New World Hackers claimed responsibility for the attack via Twitter, though U.S. authorities said they could not verify the claim. They said they organized networks of "zombie" computers to throw 1.2 terabits per second of data at servers managed by Dyn Inc.

"We didn't do this to attract federal agents, only test power," two group members who identified themselves as "Prophet" and "Zain" told AP via Twitter. They said more than 10 members participated in the attack.

The two told AP that 30 people have access to the @NewWorldHacking Twitter account that claimed responsibility for the attack. They said 20 are in Russia and 10 in China.

Dyn, which serves some of the biggest names on the web including Twitter, Netflix, Spotify, and PayPal, said it does not know who was behind the attacks. The FBI said it is investigating the matter.

The hacking group has in the past claimed responsibility for similar attacks against sites including ESPN and the BBC. It has also claimed responsibility for cyberattacks against Islamic State
." (linkki: http://www.rferl.org/a/hacking-grou...witter-massive-cyberattack-dyn-/28068649.html )

Aamulla jäi Aamu-tv sun muut katsomatta (nukutti liikaa), joten en tiedä kuinka paljon tämä asia on saanut Suomessa huomiota - millainen on ollut vastaanotto.

Ylellä on lyhyt uutinen asiasta, joka nyt ei kerro oikeastaan mitään muuta kuin sen, että tällainen hyökkäys tapahtui (ei kuka takana tms.)

http://yle.fi/uutiset/3-9246146

Mikäli tämä on kuva kaikkialla medioissa, tuntuu siltä, että Suomessa ei ehkäpä ihan ole ymmärretty sitä mikä tämän tarkoitus on ollut. Ehkäpä siellä hämää se, että joukossa on NetFlixiä, Amazonia tms. Koko kuvio jää ymmärtämättä medioissa - ammattilaiset ovat sitten toinen juttu. Onko heitä kuultu?

vlad

Venäläiset ja kiinalaiset hakkerit yhteistyössä.
 
En muuta halua sanoa kuin että ei ollut ensimmäinen kerta kun rootserveritä taikka nimipalveluita ajetaan alas. Muutama sivu sitten sanottiin että palvelunesto (DoS) ei ole työkalu valtiollisten pakissa, mutta mielestäni on edelleenkin että se on yksi perusvälineistä.

A raft of security experts have jumped on the issue, with most warning that the DNS itself has very little to protect itself against such an attack.

Richard Meeus, VP of technology at NSFOCUS, which specializes in handling DDoS attacks noted: "DNS has often been neglected in terms of its security and availability from an enterprise perspective – it is treated as if it will always be there in the same way that water comes out of the tap and electricity is there when you switch it on.

"This attack highlights how critical DNS is to maintaining a stable and secure internet presence, and that the DDOS mitigation processes businesses have in place are just as relevant to their DNS service as it is to the web servers and datacentres."

Lee Munson, a security researcher at Comparitech.com, noted the irony of Dyn going down: "Any company running its own website may well have its own technology in place to mitigate DDoS attacks, but it’s all for nought if the DNS provider itself is not applying a sufficient enough level of protection to its own servers and data centres."

David Gibson, VP of strategy at Varonis, noted: "Like many of our aging technologies, DNS wasn’t built with security in mind… DNS is one of the aging technologies the industry is struggling to update, along with one-factor authentication and unencrypted web connections – the list is very long, and the stakes have never been higher."

Craig Young, a security researcher at Tripwire, added to the general concern: "As with most software designs from the 1980s, security was generally not considered when creating DNS. Because the web is so dependent on this system, it becomes a very visible point of failure as is the case today with service provider Dyn."

And Paul Calatayud, CTO of FireMon, reflected briefly on what this meant for Dyn itself: "What causes me to pause and reflect most in regards to this breaking news is that Dyn DNS is a DNS SaaS provider. Its core job is to host and manage DNS services for its clients. The impact and harm has a ripple effect attributed to the various clients Dyn services. As attackers evaluate their targets, and organisations run to the proverbial cloud for various reasons, it introduces interesting targets for the bad guys."

While we don't know exactly what is going on behind the scenes, two things are for certain: first, this is a game-changer and will be reviewed and talked about for some time; and second, Dyn has suffered a huge loss in reputation; one that will only get worse the longer it stays offline.
http://www.theregister.co.uk/2016/10/21/dns_devastation_as_dyn_dies_under_denialofservice_attack/
 
Back
Top