Cyber-ketju: verkkovakoilu,kännyköiden ja wlanien seuranta, hakkerointi, virukset, DoS etc


Stoltenberg: "Me tehdään enemmään cyberturvallisuuden takaamisen kysymyksessä, koska meidän pitää ymmärttää että cyberhyökkäykset voivat olla yhtä vaarallisia ja vakavia kuten sotilalliset hyökkäykset"
NATO maihin cyberhyökkäyksen tapauksessa NATO voi käyttää 5 pykälää, joka käsittää joukkopuolustusta ja vastausta aljansilta kuten perinteisessä hyökköyksessä.


Yesterday, the Army said it received more than 400 bug reports, 118 of which were unique and actionable. Participants who found and reported unique bugs that were fixed were paid upwards of $100,000. The Army added that 371 people were invited to take part, 25 of which were government employees including 17 from the military.

The Army also shared high-level details on one issue that was uncovered through the bounty by a researcher who discovered that two vulnerabilities on the website could be chained together to access, without authentication, an internal Department of Defense website.

“They got there through an open proxy, meaning the routing wasn’t shut down the way it should have been, and the researcher, without even knowing it, was able to get to this internal network, because there was a vulnerability with the proxy, and with the actual system,” said a post published on HackerOne, which managed the two bounty programs on its platform. “On its own, neither vulnerability is particularly interesting, but when you pair them together, it’s actually very serious.”

The post goes on to tout the importance of skilled people looking for security issues rather than relying solely on automated systems to root out vulnerabilities. The Army, meanwhile, said it addressed the two vulnerabilities, which can no longer be used in concert to attack the site and the internal DoD site.

The Hack the Army bounty was open to private sector researchers, as well as to researchers from the military and government. It was launched on the success of Hack the Pentagon, which ran for 24 days in April, resulted in 138 vulnerabilities being patched, and paid researchers from a pool of $150,000.

“We recognize we cannot continue to do business the way that we are, and that we’re not agile enough to keep up with things that are happening in the tech world,” Fanning said in November. “There are people all over the world trying to get access to our sites, our data, our information. We have very well trained, capable teams in the military and the Department of Defense, but it’s not enough.”


The world was a different place when, in October 2015, the Court of Justice of the European Union (CJEU) struck down the “Safe Harbour” data-sharing agreement that allowed the transfer of European citizens’ data to the US. The Court’s decision concluded that the indiscriminate nature of the surveillance programs carried out by U.S. intelligence agencies, exposed two years earlier by NSA-contractor-turned-whistleblower Edward Snowden, had made it impossible to ensure that the personal data of E.U. citizens would be adequately protected when shared with American companies. The ruling thus served to further solidify the long-standing conventional wisdom that Continental Europe is better at protecting privacy than America.

However, Europe’s ability to continue to take this moral high ground is rapidly declining. In recent months, and in the wake of a series of terrorist attacks across Europe, Germany, France and the United Kingdom — Europe’s biggest superpowers — have passed laws granting their surveillance agencies virtually unfettered power to conduct bulk interception of communications across Europe and beyond, with limited to no effective oversight or procedural safeguards from abuse.

The same political leaders and legislators that once rebuked the NSA on the ethics of its mass surveillance practices, seem to now be taking a page out of the NSA’s playbook. This post surveys these three national legal frameworks, highlighting their troubling similarities, with the aim of showing how legislators from these countries are treading a dangerous line of surveillance expansion and overreach, paving the way for more European countries to follow in their footsteps. Indeed, European countries are increasingly chiming in to an ever-growing chorus of supporters for wholesale global surveillance in the name of perceived security. This rhetoric finds especially fertile ground in modern-day Europe, which has been engulfed by populist messaging surrounding the refugee crisis, immigration and heightened security threats. However, rushed and vague mass surveillance laws, while they might increase public approval ratings in the short term, are not a true panacea to the fundamental flaws in European intelligence cooperation that were exposed by the recent attacks.

Moreover, such laws may not only fail to solve the problems they seek to address, but rather they could help foster new problems.


Beads of sweat must have surely run down the face of one hacker who, while trying to score a bug bounty, inadvertently infiltrated an "internal US Department of Defence website that requires special credentials to access."

The unnamed hacker used exploited a pair of vulnerabilities to gain access to the US Army network via an unpatched website and a misconfigured proxy. The starting point,, paved the way to an open proxy and into the normally access-controlled internal DoD server.

Uncle Sam's techies quickly shored up their defenses after the security shortcomings were reported via the Hack the Army bug bounty that ran from November to December 21, 2016, we're told.

"They got there through an open proxy, meaning the routing wasn’t shut down the way it should have been, and the researcher, without even knowing it, was able to get to this internal network, because there was a vulnerability with the proxy, and with the actual system," Hack the Army staffers explained.

"On its own, neither vulnerability is particularly interesting, but when you pair them together, it's actually very serious."

The Army remediation team and the Army Cyber Protection Brigade patched the bugs breaking the attack chain and preventing exploits. We're told that the first bug submitted to the HackerOne-run-bounty – one of 118 exploited vulnerabilities reported in all – was discovered five minutes after the program was launched. The agency paid out $100,000 in bug bounty rewards.

Of the 371 participants, 25 were government employees, including 17 military bods. The US Army indicated it may be launching another bounty or similar service due to the success of its November venture.

There is no word on whether the chained vector was used to breach the army previously. We've asked the Pentagon for comment.
E-postin suojeluun tulisi panostaa vahvasti radikaaleja parannuksia hakien. Suomessa olisi tilaa kokeilla sotilaspuolellakin ja tehdä uutta teknologiaa tällä alueella.
Motivaatiota e-postisuojan parantamiselle kaikille e-postin käyttäjille valtiollisia toimijoita vastaan ei toivottavasti tarvitse kenellekään täällä selostaa.

Kannattaa tutustua uuteen Lavabitin julkaisemaan Dark Internet Mail Environment (DIME), jonka avulla e-postin metadata pimenee ja jossa on mieleinkiintoisia moodeja (mm. paranoidinen). Joiden tehtävä on viestisuojan parannus, tuossa on nyt ilmeinen esimerkki kv. ehkä merkittävästä kehityskulusta. Snowden käytti Lavabittiä ennen kuin se suljettiin liittovaltion toimesta "liian turvallisena" kun omistaja ei suostunut antamaan avaimia USA:n tiedusteluorgaaneille. Referenssikooditkin on julkaistu.


Onko kellään tallessa se kybervarusmiesten esiseulontakoe?

vanhat kuukkelilla löytyvät lenkit eivät enää toimi pv:n uusilla sivuilla.

Tai vaihtoehtoisesti linkkiä paikkaan jossa se löytyisi..


Tv1:stä tuli juuri tämä Stuxnet-dokumentti "Dokumenttiprojekti: sota tietoverkossa".
Salaisen operaation tarinana sinänsä ihan hyvä, Clancymaisia mutkia. Mutta tumnustan kerrankin että asiassa päästiin paljon syvemmälle: vielä yhtä tai kolmea kyberhyökkäystä merkittävämpiä asioita ovat seuraavat joita passaa maistella
a) kyberhyökkäys on uusi normi. Sitä "saa" käyttää. Ja sen käyttämisestä "saa kostaa".
b) hyökkäysase ja keinot on nyt "kaikkien käytössä" ja eri valtiollisten toimijoiden matoja on verkko pullollaan
c) asiassa (kyberhyökkäyksessä) ei ole tabuja tai eettistä koodistoa ja
d) tällaisten aseiden ja kykyjen valvonta ja tarkastaminen ei ole mahdollista, ainakaan ennenkuin niistä keskustelu ja niiden käytön tunnustaminen alkaa. Yhden haastateltavan mukaan esim kem/bio-aseiden normistoon tai sopimuksiin meni 20v. Sitkeyttä ja malttia!


Stuxnet on jotakuinkin selvitetty ja seuraavaksi odotellaan dokumenttia Nitro Zeus aiheuttamista haitoista.
Onhan melkoista menoa militaarisessa bittiavaruudessa. Tässä ihan pulttilukkoisen käpistelijää alkaa nolottamaan......


The issue of hacking as a political tool is timely, especially in the run-up to what promises to be fiercely contested elections in France and Germany later this year.

The interference of countries in the elections of other countries dates back many years. Only the cyber element is new and incidents like the compromise of Angela Merkel's smartphone and the DNC hack last year have had the incidental effect of raising awareness.

Oren Falkowitz, a former director at the US Cyber Command turned chief exec of security start-up Area 1 Security, told El Reg: "Technically not much has changed recently but there's a greater awareness of security threats among business leaders and senior politicians."

The reasons for cyber-espionage parallel those of conventional spying, namely economic, political and financial. "It's not just Russia. Everyone is engaged in this all the time," according to Falkowitz, "The focus on attribution is wrong. This is a technical problem," he added.

Security tech has achieved disappointing results because it is treating the symptoms rather than the root cause of infosec problems, according to Falkowitz. Although cyber-threats are best combated through technology, political agreements between countries might help in reducing tensions, he added.

"Cyber conventions could be treated like arms reduction talks," Falkowitz explained. "You need to establish norms before making treaties," he added.



Hyvä luku tästä aiheesta.

It is incredibly interesting how many parts of a computer system are capable of leaking data in ways that is hard to imagine. Part of securing highly sensitive locations involves securing the computers and networks used in those facilities in order to prevent this. These IT security policies and practices have been evolving and tightening through the years, as malicious actors increasingly target vital infrastructure.

Sometimes, when implementing strong security measures on a vital computer system, a technique called air-gapping is used. Air-gapping is a measure or set of measures to ensure a secure computer is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network. Sometimes it’s just ensuring the computer is off the Internet. But it may mean completely isolating for the computer: removing WiFi cards, cameras, microphones, speakers, CD-ROM drives, USB ports, or whatever can be used to exchange data. In this article I will dive into air-gapped computers, air-gap covert channels, and how attackers might be able to exfiltrate information from such isolated systems.


Hyvä, hyvä, hyvä :D Toivottavasti nämä parannukset siirtyvät meidänkin laitteisiin.

Launchbury also detailed some of the other security research areas DARPA is investing in, including: hardening systems against attack, managing insecurity, and planning for and acting against threats.

It has eight programs in each area, and he went through the details on a few, saying that early results had been promising, particularly in retrofitting security. He detailed how 18 months ago DARPA had significant success in doing just that with a military helicopter.

The chopper had multiple points of vulnerability, Launchbury said, with old software and numerous patches. It was getting continually updated from ground systems, so the DARPA team went to work.

“We took the mission computer, we jacked it up and put a formally verified microkernel underneath it, put verified communications software on it, and then reattached the original piece of software,” he said.

They included a camera that connected to the outside world via Wi-Fi and then asked its red team to try to break into the system. They couldn’t – even when they gave the penetration testing team root access to the camera’s Linux subsystem.

Internet palveluntarjoaja sulki edustamani Palloseuran erään työntekijän laajakaistaliittymän.

Palveluntarjoaja ilmoitti syyksi tämän:
”Laitteisto on skannannut vieraiden tietokoneiden porttia 23 (telnet).
Tämä yleensä tarkoittaa haavoittuvuuksien etsimistä ja osoittaa että tietokoneella TAI modeemissa/tukiasemassa/reitittimessä tms. on jokin kauko-ohjattava virus. ”

Alan miesten tutkimusten jälkeen syylliseksi paljastui uudehko tunnetun valmistajan äly-TV, jonka firmwarea oli verkon kautta peukaloitu. Valmistaja tutkii asiaa.

Ei minulla muuta tähän asiaan.


Useita suomalaissivustoja hakkeroitu – joukossa Satakunnan Kansa, Warkauden Lehti, Iisalmen Sanomat...

Kuvankaappaus Satakunnan Kansan sivuilta, pienempi kuja jujutsuseuran sivulta.
Julkaistu: 5.2. 10:27

Kurdiksi esittäytyvä henkilö on hakkeroinut useita suomalaisia ja ulkomaisia sivustoja. Sivuilla hän solvaa terrorijärjestö Isisiä.
Useita suomalaissivustoja on joutunut hakkeroinnin kohteeksi. Uhreiksi ovat joutuneet ainakin Satakunnan Kansa, Warkauden Lehti ja Iisalmen sanomat.

Lisäksi joukossa on muun muassa helsinkiläinen jujutsuseura ja antropologien yhdistys.

Satakunnan Kansan sunnuntain vetovihjeartikkelin sisältö on muutettu kurdihakkeriksi esittäytyvän henkilön mieleiseksi. Sivulla liehuu Kurdistanin lippu, jonka lisäksi siellä solvataan terrorijärjestö Isistä.

Ilta-Sanomat tavoitti Satakunnan Kansan vastaavan päätoimittajan Tomi Lähdeniemen. Hakkerointi tuli hänelle täytenä yllätyksenä.

– Ei tällaista ole tapahtunut koskaan aiemmin, ei ainakaan minun aikanani, Lähdeniemi sanoo.

Lähdeniemi ei osannut sanoa, miksi juuri Satakunnan Kansa joutui hakkeroinnin kohteeksi. Hakkeri ei ole esittänyt minkäänlaisia vaatimuksia lehteä kohtaan.

Lehti aloitti välittömästi tietoturva-aukon korjaamisen.

Suomalaissivustojen lisäksi samanlaista hakkerointia on ilmestynyt myös useille ulkomaalaisille nettisivustoille.

Lisää aiheesta hetken kuluttua.


Alan miesten tutkimusten jälkeen syylliseksi paljastui uudehko tunnetun valmistajan äly-TV, jonka firmwarea oli verkon kautta peukaloitu. Valmistaja tutkii asiaa.
Internet-of-things ... kukaan ei halua vääntää näille turvatuotteita taikka näpelöidä koodia. Ihan turhaa hommaa mistä kukaan ei välitä mitään. Valitan kokemustasi.

Useita suomalaissivustoja hakkeroitu – joukossa Satakunnan Kansa, Warkauden Lehti, Iisalmen Sanomat...
Kas syyrian hakkerit ovat käväisseet. :p


Virtuaalikoneilla on iso muistiongelma. Ja Automaattinen Päivitys vuotaa kuten perinteisesti.

The CAIN attack allows the attacker to figure out what address a given memory page has in a neighboring VM. Think, for instance, of a Windows DLL. The basic idea is as explained above, but figuring out the offset of the code within a memory page is hard, but they brute-force it by writing the same code fragment at all offsets, and figuring out which one matches. This attack so far just leaks the memory location of programs running on another virtual machine, but think of it as a stepping-stone.

The second attack adds a hardware bug, the Rowhammer attack, to exploit a process running on the same machine. In particular, they’re running Javascript code to exploit Microsoft’s “secure” Edge browser. They get the address of a code and heap pointer using their memory de-duplication attack, create a code object, and use Rowhammer to turn the address of the object into a pointer and run it. All thanks to memory de-duplication.

Finally, “Flip Feng Shui” writes new data into the victim VM by corrupting a local copy of shared memory that then gets mirrored back to the victim. Because a bit flipped in Rowhammer is unpredictable but repeatable, the first stage is to figure out where bits are going to flip, and then align a copy of the data you want changed on the victim’s VM in memory. Then the memory is Rowhammered, and because it hasn’t been written to explicitly, after a while it can percolate back to the victim.

The demonstration includes flipping a few bits in a victim’s SSH public key to turn it into a key that’s easily factorable, and then logging in. In a second attack, they combine the key bit flip with possession of the web domain “” to install arbitrary software on the victim’s VM using its automatic upgrade mechanism. Holy cow.
Jep, tämä "Air-Gap" on juuri se tekniikka jolle US-dokumentissa NSA:n operaattorit naureskelivat. Käytännössä mahdotonta koska mitään ohjelmistoja ei pystyttäisi päivittämään kuin siirtämällä dataa jollain tavoilla avoimien verkkojen ja suljetun verkon välillä. Dataa voidaan toki suodattaa ja tarkistaa mutta silti mikään ei ole varmaa tässäkään maailmassa.
Stuxnet on jotakuinkin selvitetty ja seuraavaksi odotellaan dokumenttia Nitro Zeus aiheuttamista haitoista.
Onhan melkoista menoa militaarisessa bittiavaruudessa. Tässä ihan pulttilukkoisen käpistelijää alkaa nolottamaan......
NY Times on mm. julkaissut asiallisen artikkelin aiheesta vaikka se vain pintaa raapaiseekin:

"Nitro Zeus quickly emerged as one possible response for Mr. Obama, a way to turn off critical elements of the Iranian infrastructure without firing a shot. While cyberoperations have long been contemplated in other war scenarios, Nitro Zeus “took it to a new level,” one participant said. Yet the planners warned that depending on how the conflict unfolded, there could be significant effects on civilians, particularly if the United States had to cut vast swaths of the country’s electrical grid and communications networks.

While Cyber Command would have executed Nitro Zeus, the National Security Agency’s Tailored Access Operations unit was responsible for penetrating adversary networks, which would have required piercing and maintaining a presence in a vast number of Iranian networks, including the country’s air defenses and its transportation and command control centers."

Pistää miettimään mitä kykyjä suurvalloilla on ja mitä meillä on. Jos USA on vuosia kehitellyt näitä ohjelmia ja Malwareja, niin on Venäjä ja Kiinakin. Pelottava ajatus jos meille voitaisiin tehdä sama mitä Nitro-Zeus oli tarkoitus aiheuttaa Iranille, Ilmatorjunta, johto, sähköt, telekommunikaatio, voimalaitokset ym ym. kaikki kaput. ZeroDays-dokkarissa NSA:n työntekijöiden viesti oli että NZ oli jo saastuttanut Iranin tietojärjestelmät ja odotti vain käskyä aktivointiin eikä Iran ilmeisesti ollut huomannut mitään. Miettikää jos Venäjä on tehnyt saman meille tai Baltian maille.

Tulee mieleen myös Israelin 2007 ja 2011 tekemät ilma-iskut Syyriaan joita ei virallisesti koskaan ollutkaan. Sensijaan epävirallisesti ne tehtiin eikä Syyria ole edelleenkään maininnut asiasta sanaakaan. Jos ne tehtiin niin miten Syyrian Made in Russia- ilmapuolustus vietiin täysin kahville? Kybersodankäynnillä on oltava osuutta asiaan. Ehkä Syyrian tietoverkoissa on ollut mato?

Kyllä Kybersodankäynti ja sen kehittäminen on top-priority meille ja toivottavasti siihen santsataan rahaa ja resursseja..tietoverkoissa lymyää uhka.
Tykkäykset: ctg


"Air-Gap" on juuri se tekniikka
Kun aikanaan lueskelin Tempest dokumentteja työn ja huvin puolesta, niin ymmärsin äkkiä ettei mikään ollut salaista. Enkä tuossa vaiheessa tiennyt hölkäisen pöläystä esim mitä Enigmalle oli käynyt taikka kuinka kauan se oli ollut myynnissä. Tekniikat on modernisoituneet vuosikymmenien varrella huimasta, mutta taktiikat pysyvät kiinteästi melko samanlaisena. Ja useimmat näistä taktiikoista oli kehitetty jo ennenkuin olin syntynyt. Silti, ota normaali ihminen ja Tempest lentää suoraan yli otsaluun, mutta ota phreak tai moderni infosoturi ja he rupeavat ymmärtämään missä ja miten näitä vakoiluoperaatioita voidaan järjestää. Olen monelle asiakkaalle sanonut että "jos mä pääsen konsolille käsiksi niin game over," mutta etänä homma on aivan erinlainen.

Irani yritti järjestää airgapin koneilleen, silti valtiollisen mato löysi tiensä sinne ja kaikki data mitä operaatioon tarvittiin oli jo olemassa. Monta muuta on aivan samanlaisessa asemassa, ja vaikka kaikki pistettäisiin suojauksien taakse niin aina on keino jolla vaikuttaa. Mitnikille se avain oli ihminen eikä tempest suojaukset olisi auttaneet yhtään mitään. "Air Gap" on mielenkiintoinen teoriassa mutta todellisuudessa se on helvitin kallis ja tekee asioita todella monimutkaisia. Sukellusvene on lähin sotilasvehje missä nämä asiat tulevat esille todellisuussa. Sen jälkeen järjestäen kaikki menee järjestäen viranomaisten tietojen varmistamiseen laitosten sisällä.

Yksityisillä Air Gap metodit tulevat hyvin harvoin vastaan. Pankit eivät välitä. Ainostaan jotkut täysin tekniikasta riippuvaiset finassitalot voivat mennä tälle tasolle mutta silti asiat vuotavat kuten perinteisesti. Joten missä on raja? Normaali ihmisillä tämä ei tule koskaan eteen, mutta valtiollisella tieto laitteiden sijainnista voi olla kullan arvoinen, saati edes vinkki siitä mitä laitteiden sisällä on. Noissa phrekkaus on harvinainen taitolaji mitä hyvin harvalta löytyy pakista. Taikka CVstä tietona.

Ainoa asia missä tätä suojausta pitäisi järjestää on RFID. Vieläkään tuosta keksinnöstä ei saa puhua julkisesti. Taikka siitä kuinka helvetin helppoa sitä on kloonata.


A former National Security Agency contractor was indicted on Wednesday by a federal grand jury on charges he willfully retained national defense information, in what U.S. officials have said may have been the largest heist of classified government information in history.

The indictment alleges that Harold Thomas Martin, 52, spent up to 20 years stealing highly sensitive government material from the U.S. intelligence community related to national defense, collecting a trove of secrets he hoarded at his home in Glen Burnie, Maryland.

The government has not said what, if anything, Martin did with the stolen data.

Martin faces 20 criminal counts, each punishable by up to 10 years in prison, the Justice Department said.

Former Booz Allen Hamilton contractor Harold Thomas Martin III allegedly stole secret and top-secret software and documents from American intelligence agencies for up to 20 years. That's according to a federal grand jury indictment revealed today.

The legal paperwork [PDF] lays out the US Department of Justice's case against Martin, 52, of Glen Burnie, Baltimore. During those two decades, he worked as a freelancer for seven private companies on various Department of Defense and US intelligence projects. One of those seven outfits was Booz Allen Hamilton, Edward Snowden's one-time employer.

In a statement, prosecutors said: “Martin held security clearances up to top secret and sensitive compartmented information (SCI) at various times, and worked on a number of highly classified, specialized projects where he had access to government computer systems, programs and information, including classified information.

"Over his many years of holding a security clearance, Martin received training regarding classified information and his duty to protect classified materials from unauthorized disclosure.

"The indictment alleges that beginning no earlier than 1996 and continuing through August 27, 2016, Martin stole and retained US government property, including documents that bore markings indicating that they were property of the US and contained highly classified information, including TOP SECRET/SCI. A Top Secret classification means that unauthorized disclosure reasonably could be expected to cause exceptionally grave damage to the national security of the US.

"Martin allegedly retained stolen documents containing classified information relating to the national defense at his residence and in his vehicle. Martin knew that the stolen documents contained classified information that related to national defense and that he was never authorized to retain these documents at his residence or in his vehicle."

The list of files Martin is alleged to have stolen and stashed at home is extensive: NSA organization plans from 2014; also from that year, documents detailing potential foreign cyber targets and foreign network hacking techniques; a 2009 US signals intelligence directive describing “specific methods, capabilities, techniques, processes, and procedures” for defending government computer systems; correspondence about NSA overseas projects from 2008; and so on and so forth.

The indictment also lists five US Cyber Command (CYBERCOM) documents, a CIA file, and a 2007 National Reconnaissance Office dossier discussing the launch of a spy satellite with an “unacknowledged ground station.”

Martin was collared and charged in October 2016.

Earlier this week, The Washington Post noted that Zachary Myers, an assistant US attorney with the District of Maryland, told a court last year Martin had 50TB of potentially secret and top-secret data at his home.

It is alleged Martin even copied penetration tools from the NSA's elite computer hacking squad, the Tailored Access Operations. Part of TAO's toolkit is believed to have leaked online via the mysterious Shadow Brokers crew of miscreants. Some in the media and infosec world have tried to link Martin to the Shadow Brokers' leak.

Martin's lawyers insisted their man wasn't another document-leaking Edward Snowden, but rather a compulsive hoarder who “loves his family and his country,” and that he simply took the secret files home with him with no ill intentions.

Martin, who is awaiting trial behind bars, is due to appear before US magistrate Judge A. David Copperthite in Baltimore on February 14. The ex-contractor faces up to 10 years in the cooler for each of the alleged 20 counts of willful retention of national defense information
Viimeksi muokattu: