Cyber-ketju: verkkovakoilu,kännyköiden ja wlanien seuranta, hakkerointi, virukset, DoS etc

No, kannattaa puhua sellaisille firmoille, jotka pystyvat rakentamaan Byzantine (federated) Security -zydeemin, joka ei ole millaan lailla toimittajasta (MS tai mika vaan) riippuvainen
- taalla kun ei saa mainostaa, niin en sano enempaa:)
 
Three Chinese nationals went on a six-year hacking spree against American targets, siphoning financial reports and tech blueprints, US prosecutors allege.

Wu Yingzhuo, Dong Hao and Xia Lei, all thought to be residing in the city of Guangzhou, China, stand accused of eight counts of conspiracy to commit computer fraud and conspiracy to commit trade secret theft, conspiracy and identity theft in an indictment before a district court in western Pennsylvania. The court paperwork, filed in September, was unsealed on Monday.

"Defendants Wu, Dong and Xia launched coordinated and targeted cyber intrusions against businesses operating in the United States, including here in the Western District of Pennsylvania, in order to steal confidential business information," said acting US Attorney Soo Song.

The indictment states that Wu and Dong set up a security consultancy known as the Guangzhou Bo Yu Information Technology Company, or Boyusec, and they employed Xia as a consultant. But behind their legitimate exterior, the US government claimed, the trio, and unnamed coconspirators, were running a sophisticated hacking ring.

From 2011, the trio sent out a series of highly targeted emails containing malware dubbed exeproxy, according to court documents. The software nasty, thought to exploit a zero-day flaw in Internet Explorer to infect Windows PCs, proved very successful: it opens a backdoor to the machine, encrypting its communications between itself and the command-and-control server used by miscreants to orchestrate it.
https://www.theregister.co.uk/2017/11/28/chinese_security_consultants_gps_siemens_moodys/
 
giphy.gif


A trivial-to-exploit flaw in macOS High Sierra, aka macOS 10.13, allows users to gain admin rights, or log in as root, without a password.


The security bug can be triggered via the authentication dialog box in Apple’s operating system, which prompts you for an administrator’s username and password when you need to do stuff like configure privacy and network settings.

If you type in “root” as the username, leave the password box blank, hit “enter” and then click on unlock a few times, the prompt disappears and, congrats, you now have admin rights. You can do this from the user login screen, too.

The vulnerability effectively allows someone with physical access to the machine to log in, cause extra mischief, install malware, and so on. You should not leave your vulnerable Mac unattended, nor allow remote desktop access, until you can fix the problem.

And while obviously this situation is not the end of the world – it’s certainly far from a true remote hole or a disk decryption technique – it’s just really, really sad to see megabucks Apple drop the ball like this.
https://www.theregister.co.uk/2017/11/28/root_access_bypass_macos_high_sierra/
 
  • Tykkää
Reactions: krd
A Michigan man pleaded guilty last week to hacking the computer network of the Washtenaw County Jail, where he modified inmate records in an attempt to have an inmate released early.
The man, Konrads Voits, 27, of Ann Arbor, Michigan, was arrested earlier this year after an FBI investigation.

According to court documents obtained by Bleeping Computer, starting from approximately January 24, 2017, and until March 10, 2017, Voits used email spear-phishing and telephone social-engineering to trick Washtenaw County Jail employees into downloading and running malware on their computers.

Voits sent emails to jail staff posing as a man named "Daniel Greene" and asked for help with obtaining court records, and later also registered the domain "ewashtenavv.org," a look-alike of "ewashtenaw.org," the Washtenaw County's official portal.

Despite his efforts, the email spear-phishing campaigns were unsuccessful, and in mid-February, Voits switched to calling county jail employees.

During his calls, investigators said Voits posed as "T.L." and "A.B.," two actual Washtenaw County Jail, both working in the jail's IT department.

Voits called other jail employees and asked them to visit certain websites to download and install an executable that would "upgrade the County's jail system."

Some jail employees fell for Voits' scheme and installed malware on their computers.

"Through the installation and use of this malware, Voits was able to gain full access to the County network, including access to sensitive County records such as the XJail system (the computer program used to monitor and track inmates in the County Jail), search warrant affidavits, internal discipline records, and County employee personal information," the plea agreement reads.

The FBI says Voits was able to obtain information, including passwords, usernames, emails, and other personal information of over 1,600 County employees.

Once Voits had access to this data, investigators said he accessed the XJail system, searched and accessed the records of several inmates, and modified at least one entry "in an effort to get that inmate released early."

Jail employees noticed the modification right away and alerted the FBI soon after, realizing what happened. The Washtenaw County Jail also hired a security company specialized in incident response to clean its IT network.

Jail officials said they paid $235,488 "to determine the full extent of the breach, to reimage numerous compromised County hard drives, to verify the accuracy of the electronic records of nearly every then current County Jail inmate, and to attempt to reassure the 1,600 County employees whose personal data had been compromised by purchasing an identity theft program for County employees."

After pleading guilty last week, Voits now faces up to ten years in prison and a fine of up to $250,000. Voits also had to forfeit all the electronics equipment he used to carry out his attacks — a laptop, four phones, one circuit board, and an undisclosed amount of Bitcoin.

Voits remains in custody. A judge scheduled his sentencing hearing for April 5, 2018.
https://www.bleepingcomputer.com/ne...omputer-network-to-get-friend-released-early/
 
Hackers are testing a new variation of the Ursnif Trojan aimed at Australian bank customers that utilizes novel code injection techniques.

Since the summer of 2017, IBM X-Force researchers report that Ursnif (or Gozi) samples have been tested in wild by a new malware developer. The samples are a noteworthy upgrade from previous versions.
https://threatpost.com/ursnif-trojan-adopts-new-code-injection-technique/129072/

“In a redirection attack, the victim is diverted to a fake website hosted on an attacker-controlled server. The malware maintains a live connection with the bank’s legitimate webpage to ensure that its genuine URL and digital certificate appear in the victim’s address bar. At that point, the malicious actors can use web injections to steal login credentials, authentication codes and other personally identifiable information without tripping the bank’s fraud detection mechanisms,” she wrote.
 
Minulle tuli outo tilanne pari päivä sitten,oli aika myöhää, surfasin kuten tavallisesti sivujen välistä ja youtuben ja en todellakaan tietä mitä painoin, omasta mielestä en mitään, mitä en paina tavallisesti, mutta yhtäkkiä koko näyttö olikin kuvani kamerassa ja ihmellisesti ruudullisena. Kamera ei ollut päällä, se on 100%, enkä tälläiseen törmännyt aikaisemmin.

Mikä ihmettä tuo oli? Vakoillaanko konetta?
 
Mikä ihmettä tuo oli? Vakoillaanko konetta?

Ehkä joku lähetti sulle varoituksen. Omalla henkilökohtaisella kokemuksella mua on näpäytetty samalla tavalla valtiollisten toimesta, mutta niillä kerroilla olin tutkimassa aineistoa mikä oli arkaluonteista.
 
Minulle tuli outo tilanne pari päivä sitten,oli aika myöhää, surfasin kuten tavallisesti sivujen välistä ja youtuben ja en todellakaan tietä mitä painoin, omasta mielestä en mitään, mitä en paina tavallisesti, mutta yhtäkkiä koko näyttö olikin kuvani kamerassa ja ihmellisesti ruudullisena. Kamera ei ollut päällä, se on 100%, enkä tälläiseen törmännyt aikaisemmin.

Mikä ihmettä tuo oli? Vakoillaanko konetta?


Kannattaa aina kun kameraa ei käytä peittää se joko nyt vaikka teipin palalla tai sit jos sattuu olemaan kamera mallia et se on piuhalla kiinni ni ihan irroittaa kokonaan silloin kuin ei itse sitä käytä. Todella helppoa on noiden kautta ihmisiä seurata ja sitä tehdään yllättävän paljon.


edit: versio muutettu malliksi.
 
Kannattaa aina kun kameraa ei käytä peittää se joko nyt vaikka teipin palalla tai sit jos sattuu olemaan kamera mallia et se on piuhalla kiinni ni ihan irroittaa kokonaan silloin kuin ei itse sitä käytä. Todella helppoa on noiden kautta ihmisiä seurata ja sitä tehdään yllättävän paljon.


edit: versio muutettu malliksi.
Myös Ipadissa?
 
A new piece of malware designed to target industrial control systems (ICS) has been used in an attack aimed at a critical infrastructure organization, FireEye reported on Thursday. Experts believe the attack was launched by a state-sponsored actor whose goal may have been to cause physical damage.

Few have been provided about the targeted organization, and FireEye has not linked the attack to any known group, but believes with moderate confidence that it’s a nation state actor. This assumption is based on the apparent lack of financial motivation and the amount of resources necessary to pull off such an attack.

The activity observed by FireEye may have been conducted during the reconnaissance phase of a campaign, and it’s consistent with attacks previously attributed to Russian, Iranian, U.S., North Korean and Israeli nation-state actors.

The malware, which FireEye has dubbed “Triton,” is designed to target Schneider Electric’s Triconex Safety Instrumented System (SIS) controllers, which are used to monitor the state of a process and restore it to a safe state or safely shut it down if parameters indicate a potentially hazardous situation.
http://www.securityweek.com/new-ics-malware-triton-used-critical-infrastructure-attack

https://dragos.com/blog/trisis/TRISIS-01.pdf
 
Internet traffic for some of the world’s largest tech firms was briefly rerouted to Russia earlier this week in what appeared to be a Border Gateway Protocol (BGP) attack.
OpenDNS-owned Internet monitoring service BGPmon reported the incident on Tuesday. BGPmon noticed that 80 IP prefixes for organizations such as Google, Microsoft, Apple, Facebook, NTT Communications, Twitch and Riot Games had been announced by a Russian Autonomous System (AS).

It happened twice on Tuesday and each time it only lasted for roughly three minutes. The first event took place between 04:43 and 04:46 UTC, and the second between 07:07 and 07:10 UTC.
Despite being short-lived, BGPmon said the incidents were significant, including due to the fact that the announcements were picked up by several peers and some large ISPs, such as Hurricane Electric and Zayo in the U.S., Telstra in Australia, and NORDUnet, which is a joint project of several Nordic countries.

Another interesting aspect was that all the targeted traffic was associated with high-profile organizations. Experts also pointed out that the Russian AS (AS39523) had not been seen making announcements for several years before this incident.

“What makes this incident suspicious is the prefixes that were affected are all high profile destinations, as well as several more specific prefixes that aren’t normally seen on the Internet. This means that this isn’t a simple leak, but someone is intentionally inserting these more specific prefixes, possibly with the intent the attract traffic,” BGPmon said in a blog post.

“Whatever caused the incident today, it’s another clear example of how easy it is to re-route traffic for 3rd parties, intentionally or by accident. It also is a good reminder for every major ISP to filter customers,” the company added.

Robert Hamilton, director of product marketing at Imperva, said it’s hard to say what the goal was in this specific case considering that the attack was short-lived, but he noted that these types of attacks can be used for various things, “like spoofing websites in order to get visitors to download malicious content or to give up personal details or financial information.”

Chris Morales, head of security analytics at Vectra, a California-based provider of automated threat management solutions, pointed out that users accessing online resources of Google, Apple, Facebook, Microsoft and the other impacted companies trust that their communications are secure because of the use of HTTPS. However, entities that are capable of manipulating the BGP routing protocol to perform man-in-the-middle (MitM) attacks can also manipulate the TLS/SSL encryption and eavesdrop on users.
http://www.securityweek.com/traffic-major-tech-firms-rerouted-russia
 
Huoli heräsi: Venäjä voi katkaista internetin Nato-maiden välillä – ”Elämäntapamme on uhattuna”
https://tekniikanmaailma.fi/huoli-h...ntapamme-uhattuna/?shared=811618-a3dda946-700
Nykyään on helppo ajatella, että sähkö tulee töpselistä ja internet wlan-tukiasemasta.

Asia ei tietenkään ole näin yksinkertainen. Meidän itsestäänselvyytenä pitämämme asiat vaativat toimiakseen massiivisen infrastruktuurin. Esimerkiksi maailman datakeskusten välillä merenpohjassa kulkee yli miljoona kilometriä kaapelia, mikä mahdollistaa sen, että voit pitää Facebookissa yhteyttä maapallon toisella puolella asustavaan ystävääsi.

Britannian kuninkaallisten ilmavoimien komentaja Marshall Peachvaroittaa, että kriisin sattuessa Venäjä voi yrittää katkoa näitä merenalaisia tietoliikenneyhteyksiä Nato-maiden välillä. Tällainen toiminta oli yksi Venäjän ensimmäisiä toimia Krimin kriisin alussa.

Alkuvuodesta 2017 merenalaisia datakaapeleita oli maailmanlaajuisesti noin 430. Niiden yhteispituus on noin 1,1 miljoonaa kilometriä. Datakaapelit ovat tyypillisesti noin puutarhaletkun paksuisia.

Peachin mukaan venäläisten alusten on toistuvasti nähty pyörivän esimerkiksi Atlantin valtameren pohjassa olevien datakaapeleiden yläpuolella.

”Vaurautemme ja elämäntapamme mahdollistavat merenalaiset kaapelit ovat uuden riskin alla. Niiden häiritseminen tai tuhoaminen vaurioittaisi välittömästi niin kansainvälistä kaupankäyntiä kuin internetiä kokonaisuudessaan”, Peach toteaa.

Tuoreen raportin mukaan 97 prosenttia maailmanlaajuisesta kommunikaatiosta kulkee näiden kaapeleiden välityksellä. Niiden välityksellä kulkee myös kymmenen miljardia dollaria päivässä.

The Guardian huomauttaa, että merenalaisten kaapelien yllä liikkuvat venäläisalukset saattavat harrastaa vain vakoilua pyrkimällä kaappaamaan kaapeleiden läpi kulkevaa informaatiota.

Peachin varoitus on vastareaktio suunnitelmille pienentää Britannian laivastoa. Hänen mukaansa Ison-Britannian ja Naton täytyy pystyä vastaamaan Venäjän merellisen sodankäynnin kaluston määrän kasvuun.

”Uusien alusten ja sukellusveneiden lisäksi Venäjä jatkaa epätavanomaisen ja informaatiosodankäynnin kehitystä. Tämän vuoksi myös Ison-Britannian ja sen liittolaisten täytyy kehittää merellisiä voimiaan.”

Suuret teknologiajätit ovat ottaneet viime vuosina yhä suurempaa roolia datakaapeleiden rakennusprojekteista. Facebookin ja Microsoftin Marea-yhteistyöprojektin 6 600 kilometriä pitkän kaapelin lasku valmistui syyskuussa 2017. Sen käyttöönoton on määrä tapahtua ensi vuoden ensimmäisellä neljänneksellä.

Marean kapasiteetiksi ilmoitetaan 160 terabittiä sekunnissa. Se mahdollistaa esimerkiksi 71 miljoonan full hd -elokuvan samanaikaisen suoratoiston.
Aiheesta kertoo The Guardian. Merenalaisista tietoliikenneyhteyksistä lisää TeleGeography-sivustolla.
 
Falangi ehti ensin, mutta laitan kuitenkin Guardianin alkuperäisen artikkelin tähän.
Russia could pose a major threat to the UK and other Nato nations by cutting underwater cables essential for international commerce and the internet, the chief of the British defence staff, Sir Stuart Peach, has warned.

Russian ships have been regularly spotted close to the Atlantic cables that carry communications between the US and Europe and elsewhere around the world.

Air Chief Marshall Peach, who in September was appointed chair of the Nato military committee, said Russia had continued to develop unconventional warfare. He added that threats such as those to underwater cables meant the UK and its allies had to match the Russian navy in terms of modernising its fleet.

“There is a new risk to our prosperity and way of life, to the cables that crisscross our sea beds, disruption to which through cable-cuts or destruction would immediately – and catastrophically – fracture both international trade and the internet,” he said.

The warning came a fortnight after the centre-right thinktank Policy Exchange issued a report saying 97% of global communications and $10tn in daily financial transactions were transmitted through such cables.

The report, written by Conservative MP Rishi Sunak, cited US intelligence officials speaking about Russian submarines “aggressively operating” near Atlantic cables. Sunak added that when Russia annexed Crimea in 2013, an early move was to cut the main cable connecting it to the rest of the world.

Despite the warnings from Peach and Sunak, the Russian ships could just be engaged in tapping into the cables to intercept communication to gather intelligence – as the Americans and British have long done – rather than an attempt to cut or disrupt communications.

Peach’s warning came against a background of proposed cutbacks to the UK’s armed forces, including a reduction in the number of marines from 7,000 to 6,000 and the scrapping of two amphibious landing ships as part of a Cabinet Office security review scheduled to be announced early next year. He described the cuts as speculation and spoke instead about reducing overlap between forces.

Peach, giving the annual chief of defence staff lecture at the Royal United Services Institute in London, said the risks to Nato from Russia continued to rise.

“In response to the threat posed by the modernisation of the Russian navy – both nuclear and conventional submarines and ships – the UK and other Atlantic Nato allies have had to prioritise missions and tasks in order to protect the sea lines of communication.

“In addition to new ships and submarines, Russia continues to perfect unconventional capabilities and information warfare. Therefore, we must continue to develop our maritime forces with our allies to match Russian fleet modernisation.”

The UK, the US and other Nato countries have been warning of the danger posed by Russia since the Crimea invasion. Although a full-scale invasion by Russia of the Baltic states or elsewhere in eastern Europe is unlikely, the Russian leader, Vladimir Putin, has steadily sought to reassert his country’s place in the world.

As well as conventional military involvement in Syria, Russia has been accused of engaging in hybrid warfare, including cyberwarfare, aimed at destabilising Nato.

Peach cited a battle in eastern Ukraine in 2014 that spooked Nato planners. He said Russian artillery, working with drones, had wiped out two brigades of the Ukrainian army within minutes.

He also cited how UK Typhoons had intercepted Russian aircraft operating close to UK airspace and how the UK had provided planes to support Romania and Estonia.

“This is what I mean by [the UK] playing a leading role in Nato and it is essential to our security that we sustain our posture as Russia modernises its forces and flexes its military muscles with a higher risk appetite to achieve its national interest,” Peach said.

https://www.theguardian.com/world/2...litary-chief-warns?CMP=twt_a-world_b-gdnworld
 
Kannattaa aina kun kameraa ei käytä peittää se joko nyt vaikka teipin palalla tai sit jos sattuu olemaan kamera mallia et se on piuhalla kiinni ni ihan irroittaa kokonaan silloin kuin ei itse sitä käytä. Todella helppoa on noiden kautta ihmisiä seurata ja sitä tehdään yllättävän paljon.


edit: versio muutettu malliksi.
Voin kuvitella. Meikämanne kattelemassa pornoa nukkumaanmennessä ja joku seuraa tapahtumaa kameran kautta. :)

Jos joku on tosiaan niin pervo että haluaa minua tirkistellä niin siitä vaan. Minä en peittele mitään.
 
Viimeksi muokattu:
Jutu poistettu.

Koska ei ole soveliastta foorumilla lukea samaa mitä puolessamiljonassa kodissa lauantai aamuna.
 
Viimeksi muokattu:
Back
Top