Cyber-ketju: verkkovakoilu,kännyköiden ja wlanien seuranta, hakkerointi, virukset, DoS etc

[ctg]

Still, it means the spy agency has a stockpile of vulnerabilities in hardware and software for a future exploitation, and it is unlikely to share details of these bugs with vendors in case the programming flaws are patched, according to security watchers.

Mikko Hypponen, chief research officer of security software firm F-Secure, commented: "In countries like the US, the intelligence agencies' mission is to keep the citizens of their country safe. The Vault7 leak proves that the CIA had knowledge of iPhone vulnerabilities."

"However, instead of informing Apple, the CIA decided to keep it secret. So the leak tells us a bit about how the CIA decided to use its knowledge: it considered it more important to keep everybody insecure than protecting its citizens from the vulnerability, and maybe use the vulnerability for its own purposes or counter terrorism purposes."

Slawek Ligier, VP of security engineering at Barracuda, argued CIA hacking could be working against its wider national interest.

"If the CIA knows of the specific exploit, chances are that the MI6, FSB, MSS, and Mossad are aware of it as well," Ligier said. "Not working on closing the gap and hoping that we will be the only ones able to exploit it puts all of us at risk. And frankly, the United States has much more to lose through potential industrial espionage than other countries."

http://www.theregister.co.uk/2017/03/08/cia_hacking_tool_dump_vuln_disclosure_debate/

 

[Umkhonto]

Asiantuntijat CIA-vuodosta: Tietokoneen nettikamera kannattaa peittää
Wikileaks-vuodon mukaan Yhdysvaltain keskustiedustelupalvelu on jo muutaman vuoden ajan kehittänyt keinoja tunkeutua autojen hallintajärjestelmiin.

9.3.2017 klo 12:46 päivitetty 9.3.2017 klo 13:33

Laura Tolonen / Yle
669
Vuotosivusto Wikileaks paljasti tällä viikolla Yhdysvaltain keskustiedustelupalvelu CIA:n asiakirjoiksi sanottuja arkaluontoisia dokumentteja. Vuotojen perusteella CIA pystyy vakoilemaan ihmisiä älylaitteiden avulla.

haastattelussa Wikileaks-vuodon merkitystä arvioivat Aalto-yliopiston tietotekniikan professori Tuomas Aura ja F-Securen tietoturva-asiantuntija Mikael Albrecht.

F-Securen tietoturva-asiantuntija Mikael AlbrechtAxel Nurmio / Yle
Albrechtin mukaan CIA-vuoto on laajuudessaan ainutlaatuinen ja se paljastaa, millainen työkalupakki keskustiedustelupalvelulla on käytössään.

Auran mielestä vuodetuissa asiakirjoissa merkittävää on se, että ne käsittelevät pelkästään kohdennettuja hyökkäyksiä käyttäjien laitteisiin.

Aiemmat paljastukset amerikkalaistiedustelun, kuten esimerkiksi Kansallisen turvallisuusviraston NSA:n, kyvyistä ovat liittyneet suurten tietomassojen keräämiseen ja tietoverkkojen vakoiluun.

Televisio katsoo sohvaperunaa
Vuodon mukaan CIA pystyy asentamaan salaa urkintaohjelmansa esimerkiksi älytelevisioihin. Siten CIA voi salakuunnella kohteena olevaa ihmistä tämän kotona myös silloin, kun televisio näyttäisi olevan pois päältä.

Albrecht pitää mahdollisena, että haittaohjelmalla varustetun älytelevision tai muun älylaitteen avulla hyökkääjä pystyy käyttämään laitteen kameraa salakatseluun.

– Jos saa haittakoodia ujutettua siihen laitteeseen, niin silloin laite on hyökkääjän hallussa. Silloin voidaan aktivoida ihan kaikki ominaisuudet siinä televisiossa, tietokoneessa, luurissa tai missä vain. Jos siinä on kamera, niin katselu on mahdollista, Albrecht sanoi.

Elisa Kinnunen / Yle
Molemmat asiantuntijat kertoivat peittävänsä omien tietokoneidensa nettikamerat salakatselun torjumiseksi. Heidän mukaansa tavallisen ihmisen joutuminen CIA:n salakatselun kohteeksi on kuitenkin äärimmäisen pieni.

Tiedustelupalvelun kiinnostuksen todelliset kohteet, esimerkiksi mahdollisesti vaaralliset henkilöt, ovat hyvin pieni ryhmä.

– On esiintynyt tavalliseen kuluttajaan kohdistuvia huijauksia, joissa nauhoitetaan salaa kameralla jotain intiimiä ja sitten kiristetään uhria tällä aineistolla. Tämä on ihan todellinen uhkakuva, joten se kannattaa ottaa vakavasti, Albrecht sanoi.

Aura arvioi, että tavallisten ihmisten laitteiden kameroilla salakuvattu materiaali ei kuitenkaan ole yleensä kovin kiinnostavaa.

– Se on oikeastaan ainoa selitys, jonka olen keksinyt sille, miksi isoja vuotoja esimerkiksi ihmisten kotoa nauhoitetuista videoista ei ole ilmestynyt minnekään, Aura totesi.

Älylaitteista aiheutuu tietoturvapommi
Wikileaksin asiakirjojen mukaan CIA pystyy salakuuntelemaan kohteitaan yleisimpien älypuhelinten ja muiden älylaitteiden avulla.

F-Securen tietoturva-asiantuntija Albrect pitää tätä tietoa erittäin hyvänä herätyskellona niin sanotun asioiden internetin aiheuttaman tietoturvariskin suhteen.

Tiina Jutila / Yle
– Tämä niin sanottu IOT-maailma (internet of things eli asioiden internet), missä ujutetaan tietotekniikka tavallisiin kulutuslaitteisiin, niin se on aikamoinen tietoturvapommi, Albrecht sanoi.

Hänen mukaansa tietokoneisiin asennetaan jatkuvasti päivityksiä ja siten niiden tietoturvaa pidetään yllä. Tietotekniikkaa sisältävän kodinlaitteen elinkaarimalli puolestaan on täysin erilainen.

– Sitä ei ylläpidetä. Laite ostetaan kerran, sitä käytetään vähän aikaa ja lopulta heitetään pois. Laitteeseen jää tietoturvaongelmia hyvin pitkäksi ajaksi. Niitä ei korjata.

Autojen hakkerointi mahdollista
CIA-vuodon mukaan keskustiedustelupalvelu on jo muutaman vuoden ajan kehittänyt keinoja tunkeutua autojen hallintajärjestelmiin.

Albrechtin mukaan tietoturvatutkijat ovat jo todistaneet, että autojen hallintalaitteita voi kaapata siten, että hyökkääjä voi kontrolloida auton toimintoja ajon aikana.

Ville Välimäki / Yle
Hänen mukaansa autojen hakkerointi ei kuitenkaan ole kovin houkuttelevaa kyberrikollisille, koska heidän pitäisi ensin löytää bisnesmalli, jonka avulla he voisivat tienata rahaa tällä menetelmällä.

Albrecht arvioi, että autojen sisällä käytyjen keskustelujen salakuuntelu luultavasti kiinnostaa erittäin paljon CIA:ta. Sen voisi toteuttaa asentamalla haittaohjelman esimerkiksi auton äänijärjestelmään, jolloin handsfree-laitteiden mikrofonin voisi kytkeä päälle.

Professori Auran mukaan autojen tietojärjestelmien turvallisuutta on tutkittu paljon. Järjestelmistä löytyy jatkuvasti vikoja.

Aura arvioi, että autoihin kohdistetut kyberhyökkäykset, joissa esimerkiksi kytkettäisiin jarrut pois päältä, ovat agenttitarinoita.

– CIA voi tehdä tämän varmaankin kerran kymmenessä vuodessa jossain päin maailmaa. Mutta ei se onneksi koske tavallisia kansalaisia, Aura sanoi.

Yhdysvalloilla suuri kyberkykyjen kehitysorganisaatio
Aura arvioi, että Yhdysvallat on kärjessä kyberhyökkäysten kehittämisessä. Hänen mukaansa vuodetuista dokumenteista ilmenee, että Yhdysvalloilla on CIA:n sisällä laaja tuotekehitysorganisaatio, joka kehittää komponenttiteknologioita.

– Toinen osa CIA:ta käyttää näitä varsinaisiin hyökkäyksiin. Pienellä maalla kuten Suomella ei tietysti olisi tällaisia resursseja tuotekehitykseen. Jo se ihmisten määrä, joka siihen pitäisi palkata, niin kysymys on isosta ohjelmistoyrityksestä, Aura sanoi.

Albrechtin mukaan esimerkiksi Venäjä ja Kiina luultavasti harrastavat samanlaisia menetelmiä. Näistä maissa ei ole ainakaan vielä tapahtunut tietovuotoja, jotka paljastaisivat maiden kyberkykyjä.

CIA:n salaiseksi kyberyksiköksi väitetty Yhdysvaltojen Frankfurtin konsulaatti.Boris Roessler / EPA
– Sieltä ei ole löytynyt snowdeneita vielä. Olisi erittäin mielenkiintoista saada samanlainen näkymä heidän kykyihinsä, Albrecht totesi.

Vuodettujen asiakirjojen mukaan CIA pitää F-Securea alemman tason tuotteena. Albrechtin mielestä väite on mielenkiintoinen, mutta sille ei esitetty perusteluja dokumenteissa.

Hän pitää mahdollisena, että väite tarkoittaa sitä, että F-Securen markkinaosuus on maailmanlaajuisesti pienempi kuin isojen pelureiden, jonka takia yhtiöstä on vähemmän ongelmaa CIA:lle.

– Muualla tässä vuodossa todetaan, että toisaalta me olemme "annoying troublemaker" (eli ärsyttävä rettelöitsijä). Siitä olen ylpeä, Albrecht sanoi.

http://yle.fi/uutiset/3-9499487

 

[ctg]

A new study from RAND Corporation concluded that zero-day vulnerabilities – security flaws that developers haven't got around to patching or aren't aware of – have an average life expectancy of 6.9 years.

The research, based on rare access to a dataset of more than 200 such vulnerabilities, also looked at how frequently the same holes are found by different groups. The rarity of independent discovery and the long half-life of defects means it can make sense for some organisations with a dual offensive and defensive role (intel agencies) to stockpile vulnerabilities, the researchers argue.

The long timeline plus low collision rates – the likelihood of two people finding the same vulnerability (approximately 5.7 per cent per year) –means the level of protection afforded by disclosing a vulnerability may be modest and that keeping quiet about – or "stockpiling" – vulnerabilities may be a reasonable option for those entities looking to both defend their own systems and potentially exploit vulnerabilities in others.

"Typical 'white hat' researchers have more incentive to notify software vendors of a zero-day vulnerability as soon as they discover it," said Lillian Ablon, lead author of the study and an information scientist with RAND, a nonprofit research organisation. "Others, like system-security-penetration testing firms and 'grey hat' entities, have incentive to stockpile them. But deciding whether to stockpile or publicly disclose a zero-day vulnerability – or its corresponding exploit – is a game of tradeoffs, particularly for governments."

Of the more than 200 real-world zero-day vulnerabilities and the exploits that take advantage of them analysed by RAND, almost 40 per cent are still publicly unknown.

The study is one of the most comprehensive of its type and its release, just two days after revelations about the CIA's cyber arsenal of hacking tools, is timely. Security pundits were quick to point out that issues such as weak password security, phishing and failure to apply available patches are all far more important risk factors than the "sexy" but somewhat hyped field of zero-day vulnerabilities.

Javvad Malik, security advocate at security dashboard firm AlienVault, commented: "Zero-days aren't so much a concern for average users. Cybercriminals tend to go for tried and tested methods to attack users and have built pretty efficient processes around it, e.g. phishing or ransomware. Larger enterprises such as financial services, critical national infrastructure, and governments are usually the ones that need to factor in zero-days and targeted attacks in their threat model."

Craig Young, security researcher at security tools firm Tripwire, questioned the study's methodology. "This study from RAND is very unscientific for several reasons," he said. "First, they are looking at only 200 vulnerabilities which is a small percentage of the number of vulnerabilities being discovered each year."

The CVE project, which documents just a portion of publicly disclosed vulnerabilities, had 6,435 identifiers released in 2016 plus as many as 3,500 additional identifiers that were assigned but have not yet been revealed publicly. This is in addition to an unknown number of vulnerabilities discovered by hackers with no intention of disclosing them.

"Another big problem with the study is that statistics such as the median time of 22 days to develop an exploit are incredibly misleading because vulnerabilities can be drastically different in terms of exploitation complexity," Young added.

http://www.theregister.co.uk/2017/03/09/oday_vuln_study_rand/

 

[ctg]

Vakoilu kulttuuri on yleistymässä testaajien keskuudessa. Laite on kuitenkin kohlon oloinen mutta kuitenkin todiste siitä että nämä tulevat yleistymään tulevaisuudessa.

We’re not so much fans of James Bond as we are of Q, the hacker who supplies him with such wonderful things. There is a challenger to Q’s crown, [Naomi Wu] — code name [SexyCyborg] — built an epic gadget called the Pi Palette which hides a Linux laptop inside of a cosmetics case.

You can see the covert mode of the Pi Palette below. It resembles a clamshell cosmetics case with the makeup and applicator in the base and a mirror on the underside of the flip-up lid. The mirror hides an LCD screen in the portrait orientation, as well as a Raspberry Pi 3 running Kali Linux.

The base of the case includes a portable battery beneath the wireless keyboard/touchpad — both of which are revealed when the cosmetics tray is removed. An inductive charger is connected to the battery and [Naomi] built a base station which the Pi Palette sits in for wireless charging.

She envisions this as a covert penetration testing. For that, the Pi Palette needs the ability to put the WiFi dongle into promiscuous mode. She wired in a dual dip-switch package and really went the extra mile to design it into the case. The fit and finish of that switch is just one tiny detail the illustrates the care taken with the entire project. With such a beautiful final project it’s no wonder she took to the streets to show it off.

http://hackaday.com/2017/03/12/q-has-nothing-on-naomi-wu/

 

[ctg]

In light of the contrast between widely observed personal security routines such as locking the door at night and more carefree behavior online, Mozilla decided to interrogate its community to find out what people think about security, encryption, and privacy.

The advocacy-oriented maker of Firefox and other less-loved software chose to ask about 30,000 members of its community from Australia, Canada, France, Germany, the UK, and the US questions about how they rate their ability to protect themselves online.

The good news is that 8.9 per cent opted for the multiple choice answer, "I'm basically Mr Robot." These people consider themselves to be skilled technical experts. Spoiler alert: If you've actually seen the TV series Mr Robot, that comparison suggests you're deluding yourself.

Among the remainder, 11.5 per cent of respondents said they knew nothing and pleaded for help, 74.6 per cent said they knew a little but not enough, and 5 per cent suggested they were fine because they haven't been hacked so far.

In total, about 90 per cent lacked confidence in their abilities to protect themselves online.

In an email to The Register, Ashley Boyd, VP of advocacy at Mozilla, said the company launched the survey knowing that, even among the web-savvy, many people feel their privacy and security is eroding.

"What was surprising was the high percentage of people who identified as truly feeling defenseless," said Boyd. "Over 90 per cent of survey respondents said they don't know much about protecting themselves online. And nearly a third of respondents feel like they have no control at all over their personal information online."

Such sentiments, said Boyd, are why Mozilla is developing products that advance privacy and security and is creating media content that serves to educate and advocate.

http://www.theregister.co.uk/2017/03/13/mozilla_survey_about_protecting_yourself_online/

 

[ctg]

As the devices with which we surround ourselves become ever more connected to the rest of the world, a lot more thought is being given to their security with respect to the internet. It’s important to remember though that this is not the only possible attack vector through which they could be compromised. All devices that incorporate sensors or indicators have the potential to be exploited in some way, whether that is as simple as sniffing the data stream expressed through a flashing LED, or a more complex attack.

Researchers at the University of Michigan and the University of South Carolina have demonstrated a successful attack against MEMS accelerometers such as you might find in a smartphone. They are using carefully crafted sound waves, and can replicate at will any output the device should be capable of returning.

MEMS accelerometers have a microscopic sprung weight with protruding plates that form part of a set of capacitors. The displacement of the weight due to acceleration is measured by looking at the difference between the capacitance on either side of the plates.

The team describe their work in the video we’ve put below the break, though frustratingly they don’t go into quite enough detail other than mentioning anti-aliasing. We suspect that they vibrate the weight such that it matches the sampling frequency of the sensor, and constantly registers a reading at a point on its travel they can dial in through the phase of their applied sound. They demonstrate interference with a model car controlled by a smartphone, and spurious steps added to a Fitbit. The whole thing is enough for the New York Times to worry about hacking a phone with sound waves, which is rather a predictable overreaction that is not shared by the researchers themselves.

http://hackaday.com/2017/03/15/this-wav-file-can-confuse-your-fitbit/

http://www.theregister.co.uk/2017/03/15/boffins_rickroll_smartphone_by_tickling_its_accelerometer/

 

[ctg]

The challenge in building cybersecurity resilience is that it is not only about software and legal code, but also about people. This is where there is concern about the new administration’s planned cybersecurity executive order; the last drafts to circulate online lacked any strategic effort to solve looming workforce challenges.

Across government and industry, the growing need for cybersecurity professionals is outstripping the supply. At last report, 40 percent of the cybersecurity positions at the FBI remained unfilled, leaving many field offices without expertise. The consultancy Frost and Sullivan estimates that, worldwide by 2020, there will be 1.5 million more security jobs than skilled people to fill them.

Diversity is also a problem. Some 11 percent of cybersecurity professionals are women, lower than the already dismal rates in the broader IT world. Even worse, they are on average paid lower wages than men at every single level of the field. How can we fill key gaps if we are only recruiting from less than half the population?

So what can Congress do—and with an executive branch that has been, shall we say, unsteady so far on cybersecurity issues?

http://www.defenseone.com/ideas/201...solve-our-people-problem/136296/?oref=d-river

 

[Lepukki]

PV:n sivut taas alhaalla? Klo 9:35:

 

[Lepukki]

Toimii taas.

 

[ctg]

PV:n sivut taas alhaalla? Klo 9:35:

404 ilmoitus pysyvästi yli muutaman päivän voi aiheuttaa pikku paniikkia.

 

[ctg]

The police watchdog is investigating allegations that a secretive Scotland Yard unit used hackers to illegally access the private emails of hundreds of political campaigners and journalists.

The allegations were made by an anonymous individual who says the unit worked with Indian police, who in turn used hackers to illegally obtain the passwords of the email accounts of the campaigners, and some reporters and press photographers.

https://www.theguardian.com/uk-news...hackers-to-read-protesters-emails-jenny-jones

 

[TomTom]

sa-kuva.fi sivut on ilmeisesti "hakkeroitu", EDIT: tai siis oli, näyttää taas toimivan:

 

[ctg]

telnet kun ciscoa opiskelin niin takaraivossa kutitti ajatus miksi telnet. Ei tartte miettiä enään.

Cisco Systems said that more than 300 models of switches it sells contain a critical vulnerability that allows the CIA to use a simple command to remotely execute malicious code that takes full control of the devices. There currently is no fix.


Cisco researchers said they discovered the vulnerability as they analyzed a cache of documents that are believed to have been stolen from the CIA and published by WikiLeaks two weeks ago. The flaw, found in at least 318 switches, allows remote attackers to execute code that runs with elevated privileges, Cisco warned in an advisory published Friday. The bug resides in the Cisco Cluster Management Protocol (CMP), which uses the telnet protocol to deliver signals and commands on internal networks. It stems from a failure to restrict telnet options to local communications and the incorrect processing of malformed CMP-only telnet options.

“An attacker could exploit this vulnerability by sending malformed CMP-specific telnet options while establishing a telnet session with an affected Cisco device configured to accept telnet connections,” the advisory stated. “An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device.”

Compounding the risk, vulnerable switches will process CMP-specific telnet options by default, “even if no cluster configuration commands are present on the device configuration,” the advisory warned. The vulnerability mostly affects Cisco Catalyst switches but is also found in Industrial Ethernet switches and embedded services. Cisco plans to release a fix at an unspecified date.

While Friday’s advisory said there are “no workaround that address this vulnerability,” it did say the vulnerability was active only when buggy devices were configured to accept incoming telnet connections. Disabling telnet as a means for receiving incoming connections eliminates the threat, and Cisco has provided instructions for disabling telnet. Cisco switch users who aren’t willing to disable telnet can lower the risk of exploits by using an access control list to restrict the devices that are permitted to send and receive telnet commands.

https://arstechnica.com/security/20...a-to-commandeer-318-models-of-cisco-switches/

 

[ctg]

On the morning of December 30, the day after Barack Obama imposed sanctions on Russia for interfering in the 2016 US election, Tillmann Werner was sitting down to breakfast in Bonn, Germany. He spread some jam on a slice of rye bread, poured himself a cup of coffee, and settled in to check Twitter at his dining room table.

The news about the sanctions had broken overnight, so Werner, a researcher with the cybersecurity firm CrowdStrike, was still catching up on details. Following a link to an official statement, Werner saw that the White House had targeted a short parade’s worth of Russian names and institutions—two intelligence agencies, four senior intelligence officials, 35 diplomats, three tech companies, two hackers. Most of the details were a blur. Then Werner stopped scrolling. His eyes locked on one name buried among the targets: Evgeniy Mikhailovich Bogachev.

Werner, as it happened, knew quite a bit about Evgeniy Bogachev. He knew in precise, technical detail how Bogachev had managed to loot and terrorize the world’s financial systems with impunity for years. He knew what it was like to do battle with him.

But Werner had no idea what role Bogachev might have played in the US election hack. Bogachev wasn’t like the other targets—he was a bank robber. Maybe the most prolific bank robber in the world. “What on earth is he doing on this list?” Werner wondered.

https://www.wired.com/2017/03/russian-hacker-spy-botnet/

 

[ctg]

Melko varmasti valtiollinen asialla.

Chinese phishing scum are deploying fake mobile base stations to spread malware in text messages that might otherwise get caught by carriers.

The Android scumware being spread isn’t new to China: known as the “Swearing Trojan” because of profanities in code comments, its authors are already under arrest. But the fake base station is a new vector, according to this research note from Check Point.

The base stations send SMS messages purport to be from China Telecom or China Unicom, offering a malicious URL apparently endorsed by a customer’s operator. Check Point says China’s Tencent has also seen a more conventional malware dropper in infected applications.

The trojan replaces the Android SMS application with its own, meaning it can steal message-based 2FA such as bank tokens; and it spreads from the infected user by sending phishing messages to victims’ contacts.

Check Point says it’s also seen Swearing use messages about work documents, photos/videos, app update notifications, and the perennial “nude celebrity” message.

Instead of command and control servers, the malware uses SMS to send information back to its masters, and since Tencent had reported arrests of people associated with Swearing, it looks like there are others associated with the campaign.

http://www.theregister.co.uk/2017/03/23/fake_base_stations_spreading_malware_in_china/

 

[ctg]

Valtiollinen ryöväämässä pankkeja ....

Researchers at British multinational defense, security and aerospace company BAE Systems believe they have found the pieces of malware used by cybercriminals to steal $81 million from Bangladesh’s central bank earlier this year.

In early February, after gaining access to the Bangladesh Bank’s systems, malicious actors transferred $101 million from the bank’s account at the Federal Reserve Bank of New York to accounts in Sri Lanka and the Philippines. The money sent to Sri Lanka was recovered, but $81 million sent to the Philippines is still missing. The attackers attempted to make fraudulent transactions totaling nearly $1 billion, but the full theft was prevented thanks to security systems and typos in some transfer requests.

http://www.securityweek.com/custom-malware-used-81-million-bangladesh-bank-heist

 

[ctg]

Startling leaked documents show the CIA could purchase Apple Macs and iPhones, install spyware onto them, and give them to targets.

The secret files, dumped online today, are the latest documents from WikiLeaks' Vault 7 series of classified CIA hacking tools and manuals. The files, dated 2008 to 2013, describe malware that could be smuggled onto Apple-designed computers and smartphones before they are handed over to specific targets.

The spying toolkit was made up of various components. One of them is NightSkies, a "beacon" for iPhones that was available shortly after the first generation of Apple's landmark smartphones went on sale. By periodically pinging a beacon signal to a listening-post system on the internet, the software let agents track an infected handheld.

The CIA wanted to port NightSkies to Apple MacBook Air laptops, calling the resulting software DarkSeaSkies, according to the leaked files. This port would include the NightSkies beacon emitter as well as a tool called DarkMatter to install the malware in the machine's EFI firmware, plus SeaPea to hide its processes and network and file system activities from sight.

DarkSeaSkies would also feature a backdoor so the computer can be remotely controlled, and the ability to download files and run executables. If the malware loses contact with its listening post, it should delete itself. The tool would be installed by agents on a MacBook Air before being shipped to a target.

Crucially, the CIA documents state agents had "the opportunity to gift a MacBook Air to a target that will be implanted with this tool." In other words, operatives were in a position to give an Apple laptop to someone in the field as a present – perhaps a wedding gift or as a bribe – and wanted to bug the computer to keep tabs on that person. That means the agents wanted to buy the equipment, infect it, and then pass it to the target as a freebie.

http://www.theregister.co.uk/2017/03/23/wikileaks_cia_darkmatter_vault_7/

Next in the dump, there's Sonic Screwdriver – a Doctor Who reference suggesting the design may have come from the UK's GCHQ spy nerds – that is stored in an Apple Thunderbolt-to-Ethernet adapter. When plugged into a powered-down Mac laptop's Thunderbolt port, on booting up the machine, Sonic Screwdriver bypasses the Mac's firmware password, if set, allowing the CIA operative sitting in front of the computer to begin installing surveillance malware onto the system.

Yes, of course, it's possible the agency can get its spyware onto devices by slipping operatives into supply chains – just like the NSA does – but none of today's documents show that.

 

[ctg]

The Finnish Security Intelligence Service Supo is complaining that nation-state-level attackers aren’t even bothering to hide themselves from prying eyes.

That news comes in the agency’s review of intelligence activity in 2016, announced here.

The major trends in cyber-intelligence Supo highlights in the report are increasing attacks against Finland’s foreign and security infrastructure, espionage attempts, and actors abusing Finnish data networks “in espionage targetting third countries.”

On the other hand, attacks against critical infrastructure fell sharply in 2016.

Regarding attempts to compromise the country’s “foreign and security policy,” the report notes: “Most observations were related to an APT28/Sofacy attack in which no particular effort was made to conceal the activity ... It is justified to assume that also the number of cases which have not come to the authorities’ knowledge has increased.”

APT28 has been blamed for attacks on Georgia, Eastern Europe, NATO, the Organization for Security and Co-operation in Europe, and in 2014, FireEye went public linking the group to the Kremlin.

Other tags hung on the group are Sofacy, Pawn Storm and Fancy Bear.

Supo said it saw several cases of intelligence gathering attempts in data networks, focussed on what seems to be identity fraud against a small number of key personnel in government and business.

In such cases, the report says, “Finnish authorities do not have the competence to identify or counter such information gathering systematically” – so individuals and employers need to be vigilant.

http://www.theregister.co.uk/2017/03/30/kremlinbacked_apt28_doesnt_hide_its_attacks/

 

[ctg]

Lontoon verkko on ollut ihan saatana takkuinen viimeiset kaksi päivää.

A variant of the Mirai malware pummeled a U.S. college last month with a marathon 54-hour long attack. Researchers say this latest Mirai variant is a more potent version of the notorious Mirai malware that made headlines in October, targeting DNS provider Dyn and the Krebs on Security website.

The IoT botnet behind the DDoS attacks is flooding its targets with HTTP traffic in application layer attacks, according to a technical overview by security firm Imperva posted on Wednesday.

Researchers say attackers are leveraging 9,793 CCTV cameras, DVRs and routers, and are exploiting the same vulnerabilities as the original Mirai malware. “We are seeing the same attack patterns and the same vulnerabilities being exploited; right down to the telnet ports as with Mirai last year."

According to Berkerman the multi-day DDoS attack maintained a traffic flow of 30,000 requests per second, peaking at 37,000. “This is the most the most we’ve seen out of any Mirai botnet,” Berkerman said.

The Mirai malware, spotted in October, continuously scans the internet looking for connected devices such as routers, IP-connected cameras, DVRs and more. The malware exploits those devices that rely on default, weak, or hard-coded credentials, and forces them to join botnets used in DDoS attacks.

According to Berkerman, who analyzed the attack against the unnamed U.S. college, the new variant is nearly identical to the original except for the fact it contains 30 user-agent alternatives compared to just five used by the previous version. “The larger the range of user agents, the more this version of Mirai is going to be able to circumvent mitigation efforts,” he said.

Researchers say of the 9,793 IPs worldwide controlled by attackers 18 percent are located in the U.S., 11 percent in Israel and another 11 percent in Taiwan.

“Looking at the bigger picture, this variant of Mirai might be a symptom of the increased application layer DDoS attack activity we saw in the second half of 2016,” said Bekerman. “That said, with over 90 percent of all application layer assaults lasting under six hours, an attack of this duration stands in a league of its own.”

https://threatpost.com/new-mirai-variant-carries-out-54-hour-ddos-attacks/124660/

 

[Juna112Porojetsiin]

telnet kun ciscoa opiskelin niin takaraivossa kutitti ajatus miksi telnet. Ei tartte miettiä enään.

https://arstechnica.com/security/20...a-to-commandeer-318-models-of-cisco-switches/

Hahhaa ... tulee aika ambivalentti fiilis. Toimiiko Hanlon's razor tuossa -- vaiko ei