Cyber-ketju: verkkovakoilu,kännyköiden ja wlanien seuranta, hakkerointi, virukset, DoS etc

[Huhta]

Viestikoelaitoksen diaesitykset alkavat usein muistutuksella siitä, että nyt ollaan salaisessa paikassa ja jokainen kännykkä voi olla mikrofoni:

ERITTÄIN SALAINEN​

– ei muistiinpanoja​

– sulkekaa gsm-puhelimet​

Toivottavasti puhelimia koskevia käytäntöjä on kiristetty myöhemmin ja HS antaa vanhaa tietoa. Etenkin tärkeiden henkilöiden puhelimiin koetetaan jatkuvasti ujuttaa kaikenlaista, joten en luottaisi suljetun puhelimen olevan suljettu. Minimissään otetaan akku irti tai sitten kapula jätetään kokonaan toiseen tilaan, jossa ei ole mitään salakuunneltavaa.

 

[Sardaukar]

Toivottavasti puhelimia koskevia käytäntöjä on kiristetty myöhemmin ja HS antaa vanhaa tietoa. Etenkin tärkeiden henkilöiden puhelimiin koetetaan jatkuvasti ujuttaa kaikenlaista, joten en luottaisi suljetun puhelimen olevan suljettu. Minimissään otetaan akku irti tai sitten kapula jätetään kokonaan toiseen tilaan, jossa ei ole mitään salakuunneltavaa.

Aika monessa ns. Turvatilassa kännykät jätetään ulkopuolelle telineeseen.

https://en.wikipedia.org/wiki/Sensitive_Compartmented_Information_Facility

Tätä systeemiä eivä käytä yksin jenkit vaan ihan monet yksityiset yrityksetkin, mm. sellaiset joille olen tehnyt duuniakin.

 

[Ab Surd Oy]

Kännyköiden osalta käytännöt PV:ssa ainakin omien kertausharjoitusten perusteella ovat nykyisin aika selvät. Puhelimet jätetään sen huoneen ulkopuolelle, jossa salaisia asioita käsitellään. Dokumentteja ei jaeta sähköisenä ja paperitulosteet kerätään pois. Omat muistiinpanotkin kerätään pois. Jos joku ulkopuolinen haluaa tiedustella, niin sitten vaaditaan henkilökohtaista lähestymistä perinteiseen malliin, eli elektronisia oikoteitä ei ole. Enkä puhu mistään erityisen tärkeistä henkilöistä vaan ihan riviressukoista sikäli kuin tehtävänkuvassa on operatiivisia kuvioita.

 

[ctg]

Would you like to join the merry band of researchers breaking machine learning models? A trio of German researchers has published a tool designed to make it easier to craft adversarial models when you're attacking a “black box”.

Unlike adversarial models that attack AIs “from the inside”, attacks developed for black boxes could be used against closed system like autonomous cars, security (facial recognition, for example), or speech recognition (Alexa or Cortana).

The tool, called Foolbox, is currently under review for presentation at next year's International Conference on Learning Representations (kicking off at the end of April).

Wieland Brendel, Jonas Rauber and Matthias Bethge of the Eberhard Karls University Tubingen, Germany explained at arXiv that Foolbox is a “decision-based” attack called a boundary attack which “starts from a large adversarial perturbation and then seeks to reduce the perturbation while staying adversarial”.

http://www.theregister.co.uk/2017/12/18/black_box_ai_attack/

Nostaa sarvia päähän kun ajattelee miten paljon hallaa tällä saa aikaiseksi teoriassa. Ihmiset luottavat entistä enemmän koneisiin, ja tulevaisuudessa tämä ei varmaankaan muutu, mutta mitä tapahtuu kun tätä käytetään laajasti peittämään esimerkiksi salamurha taikka vallankaappaus?

 

[ctg]

2016 saw a significant drop-off in cyber-espionage by China in the wake of a 2015 agreement between US President Barack Obama and Chinese Premier Xi Jingping. But over the course of 2017, espionage-focused breach attempts by Chinese hackers have once again been on the rise, according to researchers at CrowdStrike. Those attempts were capped off by a series of attacks in October and November on organizations involved in research on Chinese economic policy, US-China relations, defense, and international finance. The attackers were likely companies contracted by the Chinese military, according to Adam Meyers, vice president of intelligence at CrowdStrike.

The drop in Chinese cyber-espionage may have been influenced by the 2015 agreement, reached as the US considered imposing sanctions against China. The US did so in the wake of the massive breach at the Office of Personnel Management —an operation attributed to China—and a vast economic espionage campaign in which Chinese hackers were alleged to have breached more than 600 organizations in the US over a five-year period.

But Meyers told Ars that the drop may also have been because of a reorganization of China's People's Liberation Army (PLA), in which "they did a rightsizing and reduced 300,000 positions out of the PLA," Myers said.

Linkki

 

[ctg]

Vietnam is deploying a 10,000-member military cyber warfare unit to combat what the government sees as a growing threat of “wrongful views” proliferating on the internet, according to local media.

Force 47 has worked pro-actively against distorted information, Tuoi Tre newspaper reported, citing Nguyen Trong Nghia, deputy head of the general politics department under the Vietnam People’s Military. The disclosure of the unit comes as the Communist government pressures YouTube Inc. and Facebook Inc. to remove videos and accounts seen damaging the reputations of leaders or promoting anti-party views.

Facebook this year removed 159 accounts at Vietnam’s behest, while YouTube took down 4,500 videos, or 90 percent of what the government requested, according to VietnamNet news, which cited Minister of Information and Communications Truong Minh Tuan last week. The National Assembly is debating a cybersecurity bill that would require technology companies to store certain data on servers in the country.

Linkki

 

[ctg]

Security flaws are unwittingly competing to outdo each other. The latest, called Meltdown and Spectre, have the potential to be some of the most widespread yet. It's likely they will impact all computer processors on the market and completely eradicating them will take a serious amount of time.

Both Spectre and Meltdown have the ability to be one of the biggest tech security vulnerabilities discovered. Easily ranking alongside Heartbleed, Krack and Shellshock. Here's what we know so far.

Linkki

En usko että tähän on helppoa ratkaisua koska raudan korjaaminen ei ole mahdollista. Joten luottakaa siihen että teidän softa rajapintanne on turvassa ja kukaan ei pääse fyysisesti koneelle.

 

[ctg]

FRANKFURT (Reuters) - Daniel Gruss didn’t sleep much the night he hacked his own computer and exposed a flaw in most of the chips made in the past two decades by hardware giant Intel Corp (INTC.O).

The 31-year-old information security researcher and post-doctoral fellow at Austria’s Graz Technical University had just breached the inner sanctum of his computer’s central processing unit (CPU) and stolen secrets from it.

Until that moment, Gruss and colleagues Moritz Lipp and Michael Schwarz had thought such an attack on the processor’s ‘kernel’ memory, which is meant to be inaccessible to users, was only theoretically possible.

Linkki

 

[ctg]

Horrible storage performance aside we consistently saw less than a 5% reduction in gaming performance, you’re looking at around a 3-4% drop for the most part when CPU limited, less when GPU limited. SSD performance doesn’t impact frame rates. We’ve seen this when comparing slow hard drives with ultra-snappy SSDs, so there’s really nothing to gain there. Where a drop in storage performance can hurt is with game load times.

Linkki

There are three main groups of companies responding to the Meltdown and Spectre pair: processor companies, operating system companies, and cloud providers. Their reactions have been quite varied.

Linkki

 

[ctg]

The Border Gateway Protocol (BGP) is one of the Internet's basic pieces of plumbing technologies, but it's also so old it was designed before the security needs of a multi-billion-user network were understood.

In particular, BGP is notorious for allowing sysadmins to “black-hole” huge swathes of traffic either by fat-fingering route advertisements, or in some suspected cases, maliciously advertising routes that send commercial rivals' traffic into dead zones that kill the user experience.

Which is why a group of researchers from Europe and America reckon they've created a framework that would let service providers neutralize a BGP hijack in minutes.

The researchers, from The Center for Applied Internet Data Analysis (CAIDA), Greek research institute ICS-FORTH, and Telecom ParisTech, outlined their work at arXiv.

Linkki

 

[ctg]

While the whole industry is scrambling on Spectre, Meltdown focused most of the spotlight on Intel and there is no shortage of outrage in Internet comments. Like many great discoveries, this one is obvious with the power of hindsight. So much so that the spectrum of reactions have spanned an extreme range. From “It’s so obvious, Intel engineers must be idiots” to “It’s so obvious, Intel engineers must have known! They kept it from us in a conspiracy with the NSA!”

We won’t try to sway those who choose to believe in a conspiracy that’s simultaneously secret and obvious to everyone. However, as evidence of non-obviousness, some very smart people got remarkably close to the Meltdown effect last summer, without getting it all the way. [Trammel Hudson] did some digging and found a paper from the early 1990s (PDF) that warns of the dangers of fetching info into the cache that might cross priviledge boundaries, but it wasn’t weaponized until recently. In short, these are old vulnerabilities, but exploiting them was hard enough that it took twenty years to do it.

Building a new CPU is the work of a large team over several years. But they weren’t all working on the same thing for all that time. Any single feature would have been the work of a small team of engineers over a period of months. During development they fixed many problems we’ll never see. But at the end of the day, they are only human. They can be 99.9% perfect and that won’t be good enough, because once hardware is released into the world: it is open season on that 0.1% the team missed.

The odds are stacked in the attacker’s favor.

Linkki

The development of AI adversaries continues apace: a paper by Nicholas Carlini and David Wagner of the University of California Berkeley has explained off a technique to trick speech recognition by changing the source waveform by 0.1 per cent.

The pair wrote at arXiv that their attack achieved a first: not merely an attack that made a speech recognition SR engine fail, but one that returned a result chosen by the attacker.

In other words, because the attack waveform is 99.9 per cent identical to the original, a human wouldn't notice what's wrong with a recording of “it was the best of times, it was the worst of times”, but an AI could be tricked into transcribing it as something else entirely: the authors say it could produce “it is a truth universally acknowledged that a single” from a slightly-altered sample.

Linkki

 

[Lunni]

CIA:n salaiset asiakirjat: Ukrainalaisia tietokoneita kesällä tuhonnut kyberisku ”NotPetya” oli Venäjän armeijan tekosia
Iskun tarkoituksena oli häiritä Ukrainan pankkijärjestelmää.

https://www.hs.fi/ulkomaat/art-2000005523689.html

 

[ctg]

The US House of Representatives this week approved a bill that, given further legislative and executive branch support, will require the American government to account for its handling of software and hardware vulnerabilities.

The "Cyber Vulnerability Disclosure Reporting Act," sponsored by Rep Sheila Jackson Lee (D-TX), requires the Department of Homeland Security to issue "a report that contains a description of the policies and procedures developed for coordinating cyber vulnerability disclosures."

The US government has not provided much detail about how it handles vulnerabilities that it becomes aware of, and advocacy organizations like the Electronic Frontier Foundation argue that more transparency is needed to debate the consequences of vulnerability research and disclosure.

"Perhaps the best thing about this short bill is that it is intended to provide some evidence for the government’s long-standing claims that it discloses a large number of vulnerabilities," said EFF attorneys Nate Cardozo and Andrew Crocker in a blog post on Friday.

The US National Security Agency has said it discloses most of the vulnerabilities it finds, more or less.

"Historically, the NSA has released more than 91 per cent of vulnerabilities discovered in products that have gone through our internal review process and are made or used in the United States," the agency said on its website in 2015, or so the Internet Archive's Wayback Machine would have us believe.

Linkki

The remainder, the NSA said, are either fixed by vendors before disclosure or are retained for national security reasons.

Tässä on pohdittavaa cyberosaston johtajalle, joko annat bugit valmistajille taikka sitten säilytät ne harjoituksiin ja tositoimintaan. Mikä on moraalisesti se oikein asia? Zerodayn kanssa pitkään oli että niistä ei hiiskuttu kenellekkään ellei sitä siten käytetty, ja jossain tapauksissa jos halusit sanoa jotakin niin paskaa tuli niskaan. Ajan kuluessa ehkä tämäkin asia sitten rukataan tiedustelulakiin. Nyt se on auki kuin sen kuuluisan ladon ovet.

 

[ctg]

Valtiollinen

Satori—the malware family that wrangles routers, security cameras, and other Internet-connected devices into potent botnets—is crashing the cryptocurrency party with a new variant that surreptitiously infects computers dedicated to the mining of digital coins.

A version of Satori that appeared on January 8 exploits one or more weaknesses in the Claymore Miner, researchers from China-based Netlab 360 said in a report published Wednesday. After gaining control of the coin-mining software, the malware replaces the wallet address the computer owner uses to collect newly minted currency with an address controlled by the attacker. From then on, the attacker receives all coins generated, and owners are none the wiser unless they take time to manually inspect their software configuration.

Records show that the attacker-controlled wallet has already cashed out slightly more than 1 Etherium coin. The coin was valued at as much as $1,300 when the transaction was made. At the time this post was being prepared, the records also showed that the attacker had a current balance of slightly more than 1 Etherium coin and was actively mining more, with a calculation power of about 2,100 million hashes per second. That's roughly equivalent to the output of 85 computers each running a Radeon Rx 480 graphics card or 1,135 computers running a GeForce GTX 560M, based on figures provided here.

Assuming the wallet address continues to generate coins at the same rate, the proceeds after a few months could be well worth the effort, assuming the massive cryptocoin sell-off—which has caused Etherium's value to drop by 42 percent in the past four days—doesn't continue.

Linkki

 

[ctg]

An investigation by the Electronic Frontier Foundation and security biz Lookout has uncovered Dark Caracal, a surveillance-toolkit-for-hire that has been used to suck huge amounts of data from Android mobiles and Windows desktop PCs around the world.

Dark Caracal [PDF] appears to be controlled from the Lebanon General Directorate of General Security in Beirut – an intelligence agency – and has slurped hundreds of gigabytes of information from devices. It shares its backend infrastructure with another state-sponsored surveillance campaign, Operation Manul, which the EFF claims was operated by the Kazakhstan government last year.

Crucially, it appears someone is renting out the Dark Caracal spyware platform to nation-state snoops.

"This is definitely one group using the same infrastructure," Eva Galperin, the EFF's director of cybersecurity, told The Register on Wednesday. "We think there's a third party selling this to governments."

Dark Caracal has, we're told, been used to siphon off information from thousands of targets in over 21 countries – from private documents, call records, audio recordings, and text messages to contact information, and photos from military, government, and business targets, as well as activists and journalists.

Linkki

 

[ctg]

Britain’s defence chief of general staff, Sir Nick Carter, is to warn that the UK is trailing Russia in terms of defence spending and capability.

Carter is to use a speech in London to enter publicly into the debate over defence spending, which military chiefs and Conservative MPs claim has dropped to dangerously low levels.

Failure to keep up with Russia will leave the UK exposed, particularly to unorthodox, hybrid warfare of the kind practised by Russia and other potentially hostile states, according to Carter. One of the biggest threats posed is from cyber-attacks that target both the military and civilian life.

According to excerpts from the speech, Carter will say: “Our ability to pre-empt or respond to threats will be eroded if we don’t keep up with our adversaries.”

The Ministry of Defence is pressing the Treasury for a significant increase in spending on the army, navy and air force.

Hostile states, Carter will say, are being more creative in how they exploit the seams between peace and war. “We must take notice of what is going on around us or our ability to take action will be massively constrained. Speed of decision making, speed of deployment and modern capability are essential if we wish to provide realistic deterrence. The time to address these threats is now – we cannot afford to sit back.”

As well as Russia, North Korea, Iran and China have been blamed for cyber-attacks on the US and Europe.

Linkki

 

[ctg]

These and other classified documents provided by former NSA contractor Edward Snowden reveal that the NSA has developed technology not just to record and transcribe private conversations but to automatically identify the speakers.

Americans most regularly encounter this technology, known as speaker recognition, or speaker identification, when they wake up Amazon’s Alexa or call their bank. But a decade before voice commands like “Hello Siri” and “OK Google” became common household phrases, the NSA was using speaker recognition to monitor terrorists, politicians, drug lords, spies, and even agency employees.
The technology works by analyzing the physical and behavioral features that make each person’s voice distinctive, such as the pitch, shape of the mouth, and length of the larynx. An algorithm then creates a dynamic computer model of the individual’s vocal characteristics. This is what’s popularly referred to as a “voiceprint.” The entire process — capturing a few spoken words, turning those words into a voiceprint, and comparing that representation to other “voiceprints” already stored in the database — can happen almost instantaneously. Although the NSA is known to rely on finger and face prints to identify targets, voiceprints, according to a 2008 agency document, are “where NSA reigns supreme.”

It’s not difficult to see why. By intercepting and recording millions of overseas telephone conversations, video teleconferences, and internet calls — in addition to capturing, with or without warrants, the domestic conversations of Americans — the NSA has built an unrivaled collection of distinct voices. Documents from the Snowden archive reveal that analysts fed some of these recordings to speaker recognition algorithms that could connect individuals to their past utterances, even when they had used unknown phone numbers, secret code words, or multiple languages.

Linkki

A protest against the joint participation of South Korean and North Korean athletes in the forthcoming Olympic Games was held in Seoul.

According to South Korean President Moon Jae-in, the Olympic Games in Pyeongchang provide an opportunity to improve relations amid ongoing tension between the two Koreas.

Anti-Pyongyang activists, however, believe the upcoming Olympic Games have been hijacked by North Korea. In a recent rally in Seoul they ripped up photos of the DPRK's Supreme Leader Kim Jong-un.

"This is the uniform will of the 32,000 North Korean defectors who have put their lives on the line in their journey to South Korea," North Korean-born activist Park Sang-hak shouted while protesting against the Olympic Games, as quoted by AP

Linkki

 

[ctg]

Alphabet—the parent company of Google, Nest, Waymo, and a million other companies—is launching a new company under the Alphabet umbrella. It's called "Chronicle," and the new company wants to apply the usual Google tenets of machine learning and cloud computing to cybersecurity.

The company is already up and running with an absolutely awesome URL, "chronicle.security," along with two introductory blog posts (1, 2), a logo, a Twitter account, and a vague sales pitch for some kind of security analysis product. The Chronicle team started in February 2016 under Alphabet's "Moonshot factory" X group and, before now, had been in stealth mode.

According to the website, the company is building a "cybersecurity intelligence platform" that can help organizations better manage and understand their own data.

Linkki

 

[ctg]

It's long been known that shipping giant Maersk suffered very badly from 2017's NotPetya attack.

Now the company's chair has detailed just how many systems went down: basically all of them.

Speaking on a panel at the World Economic Forum, Møller-Maersk chair Jim Hagemann Snabe detailed the awful toll of the attack as necessitating the reinstall “4,000 new servers, 45,000 new PCs, and 2,500 applications”. Or as Snabed described it: "a complete infrastructure."

"And that was done in a heroic effort over ten days," he said.

"Normally - I come from the IT industry - you would say that would take six months. I can only thank the employees and partners we had doing that."

Linkki

He noted that Maersk was “probably collateral damage” in an attack designed by and for a state (the Ukraine was the target: the malware was put in a malicious update to MeDoc, the country's most popular accounting software).

 

[Ottoville]

Yhdysvaltain sotilaiden GPS-tallennetut juoksulenkit paljastavat arkaluonteista tietoa Lähi-Idästä – ”Tukikohdat ovat kartalla selkeästi tunnistettavissa”
20-vuotias australialaisopiskelija havaitsi, että Yhdysvaltain armeijan sotilastukikohtien päätteleminen fitness-sovelluksen kartalta ei ole kovin vaikeaa.

https://www.hs.fi/ulkomaat/art-2000005543571.html

Yhdysvaltalaissotilaiden lenkkeilyreitit paljastavat Yhdysvaltojen salaisten sotilastukikohtien paikat. Stravan kartta on Afganistanista Helmlandin maakunnasta, jossa juoksulenkit ovat vaikuttaneet olevan yksinomaan ulkomaalaisten sotilaiden. (KUVA: STRAVA)

LENKKEILIJÖIDEN suosima Strava-sovellus julkaisi yli kolme triljoonaa datapistettä, joiden kautta käyttäjien juoksu- tai pyöräilylenkit ovat kulkeneet ympäri maailmaa. Asiasta on huolestunut eritoten Yhdysvaltain armeija.

Yhdysvaltain armeijalle julkiset tiedot ovat erittäin kiusallisia, sillä kartta näyttää paljastavan yksityiskohtaista tietoa maan sotilastukikohdista. Kartasta pystyy mahdollisesti päättelemään esimerkiksi Syyrian, Irakin ja Afganistanin tukikohtien sijainteja.

Näyttää siltä, että monet sotilaat ovat lenkkeilleet tukikohtien ympärillä siten, että heidän sijaintitietonsa ovat olleet julkisia ja ne ovat tallentuneet kaikkien nähtäville Stravan karttaan.

Strava on älypuhelimessa toimiva sovellus, joka helpottaa käyttäjän liikunnan seuraamista tallentamalla tietoja lenkeistä internetiin. Esimerkiksi lenkkien reitit piirtyvät kartalle. Sovelluksessa on mahdollista jakaa tiedot myös kavereille tai jopa maailmanlaajuiselle yleisölle.

Asiasta ovat kertoneet esimerkiksi The Guardian, BBC, The Washington Postja uutistoimisto AFP.

20-VUOTIAS australialaisopiskelija Nathan Ruserhuomasi ensimmäisten joukossa, miten kartalta erottuu salaisia tietoja.

”Yhdysvaltojen tukikohdat ovat kartalla selvästi tunnistettavissa ja kartoitettavissa”, Ruser sanoi The Guardianille.

Ruser kuvailee, että lämpökartalta suorastaan loistavat Yhdysvaltain sotilastukikohtien ympäristöt.

”Jos sotilaat käyttävät sovellusta kuten tavalliset ihmiset, se on erityisen vaarallista”, Ruser totesi.

Nathan Ruser@Nrg8000​

Strava released their global heatmap. 13 trillion GPS points from their users (turning off data sharing is an option). https://medium.com/strava-engineering/the-global-heatmap-now-6x-hotter-23fc01d301de … … It looks very pretty, but not amazing for Op-Sec. US Bases are clearly identifiable and mappable​

20.24 - 27. tammikuuta 2018​

• 7171 vastausta
• 1 6471 647 uudelleentwiittausta
• 1 8441 844 tykkäystä

Yhdysvaltain keskushallinnon tiedottaja John Thomas kertoi The Washington Postille, että maan armeija alkaa tutkia kartan julkaisun vaikutuksia. Samoin tiedotti Yhdysvaltain puolustusministeriö.

USEISSA kartalla näkyvissä paikoissa on ongelmana se, ettei alueella ole juurikaan GPS-tallennettuja reittejä, joten sotilaiden lenkkeilyt tietyillä alueilla erottuvat selvästi. Strava-juoksusovellus julkaisi vain julkiseksi asetettuja tietoja, mutta vaikuttaa siltä, että suuri osa sotilaista on pitänyt asetuksensa julkisina.

Päätelmiä sotilastukikohtien sijainneista vahvistaa se, että tietyillä alueilla näkyvistä henkilöistä huomattava määrä näyttää olevan sotilashenkilöitä.

Tällainen paikka löytyy esimerkiksi Afganistanista Helmlandin maakunnasta, jossa lenkkeilijät vaikuttavat olevan yksinomaan ulkomaalaisia sotilaita.

Uusin versio kartasta julkaistiin jo marraskuussa 2017, mutta sen vaikutuksia on nostettu esille vasta nyt. Karttaa pääsee katsomaan kuka tahansa Stravan verkkosivuilta.

Yhdysvaltain keskushallinnon tiedottaja John Thomas kertoi The Washington Postille, että maan armeija alkaa tutkia kartan julkaisun vaikutuksia. Samoin tiedotti Yhdysvaltain puolustusministeriö.

USEISSA kartalla näkyvissä paikoissa on ongelmana se, ettei alueella ole juurikaan GPS-tallennettuja reittejä, joten sotilaiden lenkkeilyt tietyillä alueilla erottuvat selvästi. Strava-juoksusovellus julkaisi vain julkiseksi asetettuja tietoja, mutta vaikuttaa siltä, että suuri osa sotilaista on pitänyt asetuksensa julkisina.

Päätelmiä sotilastukikohtien sijainneista vahvistaa se, että tietyillä alueilla näkyvistä henkilöistä huomattava määrä näyttää olevan sotilashenkilöitä.

Tällainen paikka löytyy esimerkiksi Afganistanista Helmlandin maakunnasta, jossa lenkkeilijät vaikuttavat olevan yksinomaan ulkomaalaisia sotilaita.

Uusin versio kartasta julkaistiin jo marraskuussa 2017, mutta sen vaikutuksia on nostettu esille vasta nyt.
Karttaa pääsee katsomaan kuka tahansa Stravan verkkosivuilta.