Cyber-ketju: verkkovakoilu,kännyköiden ja wlanien seuranta, hakkerointi, virukset, DoS etc

[ctg]

The cyberattack demonstration “frying the machine” was done by targeting the machine’s APC embedded controller through a fake firmware update devised by CrowdStrike that spiked the CPU and turned off the fans.

The point, said Alperovitch, is this is a type of cyberattack that enterprises really can expect to see happen in the future, an attack that is not recoverable in terms of data or the machine itself.

“This is the next-generation permanent destruction,” warns Kurtz. It involves attacking hardware itself — and far more than just a Mac OS X can be manipulated this way — and this is “what we believe will happen in the real world.”

http://www.networkworld.com/news/2014/022614-rsa-apple-attack-279212.html

 

[ctg]

A surprising number of governments are now deploying their own custom malware – and the end result could be chaos for the rest of us, F-Secure's malware chief Mikko Hyppönen told the TrustyCon conference in San Francisco on Thursday.
"Governments writing viruses: today we sort of take that for granted but 10 years ago that would have been science fiction," he told the public conference. "If someone had come to me ten years ago and told me that by 2014 it will be commonplace for democratic Western governments to write viruses and actively deploy them against other governments, even friendly governments, I would have thought it was a movie plot. But that's exactly where we are today."


The US is leading the way in this, he said, having initiated the Stuxnet malware against Iran's nuclear enrichment facilities, although the actions against the Iranians were part of a much larger program, Operation Olympic Games, which was initiated by the then-President Bush and carried on by Obama.

Hyppönen said that he had investigated a Stuxnet sample to see if it could be modified to attack other targets and found that it could, up to a point. The specific control code to interfere with the industrial SCADA control systems used by the Iranians was very difficult to reshape, but the malware could be reconfigured to introduce random controls to be sent to an infected industrial plant that could cause havoc.

Later parts of Operation Olympic Games were even more worrying, he said, particularly the Flame malware which spread using a false Windows Update system. Normally the Windows operating system refuses updates from code that isn't properly cryptographically signed, but in this case the writers appeared to have used a large team of crackers and a supercomputer to spoof Microsoft's signing key.

But it's not just the Americans, he said. China has long been fingered as using state-sponsored malware, and last June US President Obama and the Chinese premier were due to have a White House summit on the issue. Unfortunately Edward Snowden started leaking the NSA's documents four days before the meeting and the crucial topic was abandoned.

In Europe, German police and customs officials have access to a bespoke computer Trojan called R2D2 which is used to track and collect data on targets. The Russians are also major players, and even the Swedes are in on the game; Hyppönen showed the audience leaked documents showed Swedish officials had had meetings with the NSA and were setting up their own malware program.

New state actors are also piling in. Hyppönen highlighted the birth of a new malware family, called Careto (Spanish for "the mask"), which popped up in February. That software nasty, which has cropped up in 31 countries, belongs to a yet unknown Spanish-speaking country and is spreading fast.

Hyppönen also wondered out loud whether some antivirus companies had overlooked government-crafted malware. A Dutch campaign group called Bits of Freedom sent a letter to all the major antivirus vendors asking them to confirm that they weren't being asked to whitelist some kinds of malware being produced by government.

"The question was answered by our CEO saying 'No, we haven't', we have never whitelisted any government malware since the source doesn’t come into play – we simply protect all our customers," he said. "We've had this policy for 13 years."

While ESET, F-Secure, Norman Shark, Kaspersky, Panda and Trend Micro replied to Bits of Information, Symantec and McAfee (among others) have not responded, Hyppönen claimed. ®

http://www.theregister.co.uk/2014/0...nning_out_of_control_fsecure_tells_trustycon/

 

[Einomies1]

Tuossa mielenkiintoinen sivusto NATO-maiden "Storm Crow" -ELSO harjoituksesta 2008 Belgiassa. Kuvissa näkyy meillekin tuttu IT-järjestelmä.
http://www.belgian-wings.be/Webpages/Navigator/News/Special Features/Strom Crow/Storm Crow.htm

 

[ctg]

Loistava interaktiivinen kartta merikaapeleista.

http://submarine-cable-map-2013.telegeography.com/

 

[ctg]

The National Security Agency has built a surveillance system capable of recording “100 percent” of a foreign country’s telephone calls, enabling the agency to rewind and review conversations as long as a month after they take place, according to people with direct knowledge of the effort and documents supplied by former contractor Edward Snowden.


A senior manager for the program compares it to a time machine — one that can replay the voices from any call without requiring that a person be identified in advance for surveillance.

The voice interception program, called MYSTIC, began in 2009. Its RETRO tool, short for “retrospective retrieval,” and related projects reached full capacity against the first target nation in 2011. Planning documents two years later anticipated similar operations elsewhere.

In the initial deployment, collection systems are recording “every single” conversation nationwide, storing billions of them in a 30-day rolling buffer that clears the oldest calls as new ones arrive, according to a classified summary.

The call buffer opens a door “into the past,” the summary says, enabling users to “retrieve audio of interest that was not tasked at the time of the original call.” Analysts listen to only a fraction of 1 percent of the calls, but the absolute numbers are high. Each month, they send millions of voice clippings, or “cuts,” for processing and long-term storage.

At the request of U.S. officials, The Washington Post is withholding details that could be used to identify the country where the system is being employed or other countries where its use was envisioned.

http://www.washingtonpost.com/world...6d2646-ade9-11e3-a49e-76adc9210f19_story.html

 

[miheikki]

^Sama
http://www.tietoviikko.fi/kaikki_uu...aassaquot++vakoilu+jarkyttavan+laajaa/a975570

NSA nauhoittaa kaikki puhelut "ainakin viidessä maassa" - vakoilu järkyttävän laajaa

Kuva: NSA:n esityskalvo / Edward Snowden



Edward Snowdenin vuotamien dokumenttien avulla tehty uusin paljastus kertoo järisyttävän laajasta vakoiluohjelmasta. Washington Post uutisoi eilen, että NSA nauhoittaa vähintään viiden maan kaikki puhelut.

Aiemmin presidentti Barack Obama on hyvin selvästi todennut, että Yhdysvallat ei vakoile tavallisten ihmisten tekemisiä. Joko vakoilun käsite nähdään hyvin kapeana tai Yhdysvaltain hallitus on valehdellut asiasta.

Washington Postin mukaan NSA:n järjestelmä kykenee nauhoittamaan 100 prosenttia kunkin maan puheluista ja analysoimaan niitä 30 päivän ajan. Tällä hetkellä tietojen säilyttämiselle on käytännössä ilmeisesti vain teknisiä tilarajoituksia, sillä puheluiden määrä on huima.

Vakoiluohjelman nimi on Mystic ja se alkoi vuonna 2009. Dokumenttien mukaan analyytikot kuuntelevat luonnollisesti vain murto-osan puheluista. Silti kuukausittain jatkotallennetaan miljoonia äänileikkeitä.

Washington Post tietää ilmeisesti ainakin yhden Yhdysvaltojen ulkopuolisen maan nimen, jossa ohjelmaa käytetään, mutta se ei rikossyytteiden pelossa paljasta sitä ainakaan vielä.

Dokumenttien perusteella tämän vuoden lokakuussa ohjelmaan liitettäisiin kuudes maa. Daily Techin arvioiden mukaan todennäköisiin tarkkailtaviin maihin kuuluisivat ainakin Ranska ja Saksa.

NSA rakentaa parhaillaan Utahin osavaltioon datakeskusta, joka pystyy käsittelemään jopa yottatavun verran dataa. Se tarkoittaa 10008 tavuaeli 1 000 000 000 000 000 000 000 000 tavua dataa. Saman verran tietoa säilöttynä 64 gigatavun muistikorteille muodostaisi Wikipedian mukaan Gizan pyramidin kokoisen kasan.

 

[sherlokki]

^Sama
http://www.tietoviikko.fi/kaikki_uutiset/nsa nauhoittaa kaikki puhelut quotainakin viidessa maassaquot vakoilu jarkyttavan laajaa/a975570

Hyvä näin, jos jotain sattuu niin tiedetään kenen kanssa jutellut. Fa*king EU

 

[ctg]

Yhdysvaltain turvallisuusvirasto NSA hankki tietoturva-aukko Heartbleedin avulla salasanoja ja muita tietoja ainakin kahden vuoden ajan, kertoo uutistoimisto Bloomberg. Samaan aikaan tavalliset netinkäyttäjät jäivät vaille suojaa tietomurtoja vastaan.

http://yle.fi/uutiset/bloomberg_nsa_kerasi_tietoja_heartbleedin_avulla_vuosien_ajan/7187766

Miksi tämä ei yllättä muuten kuin että Ylellä oli munaa laittaa uutinen ulos? Ehkä uutinen olisi yllättänyt enemmän jos NSA ei olisi käyttänyt bugia hyväkseen. Cloudfrare oli testannut Heartbleedia ja havainnut, että sitä on hemmetin hankala käyttää hyväkseen, joten onko tämä kenellekkään yllätys kun NSAn tuhannet matemaatikot on vuosikymmenniä painineet samojen asioiden ytimessä.

 

[ctg]

http://xkcd.com/1354/

 

[ctg]

Germany's aeronautics and space research centre has for months been the target of a suspected cyber attack by a foreign intelligence service, a German news weekly reported Sunday.

Der Spiegel said that several computers used by scientists and systems administrators at the Cologne-based DLR centre had been infiltrated by spy programmes.

"The government classes the attack as extremely serious because it, among other things, is aimed at armament and rocket technolgies," Spiegel said.

In some computers IT experts found traces of spy programmes that were set up to destroy themselves on discovery, while others only activated themselves after months of lying in wait.

Spiegel said the attacks were "coordinated and systematic" and all the centre's operation systems were affected.

IT forensic experts probing who could be behind the assault have turned up clues that seem to point to China, but Spiegel quoted an unidentifed "insider" as saying they could also simply be "camouflage".

Government sources said the case was being investigated but declined to confirm any details.

The German aeronautics and space research centre is active in the fields of aeronautics, space, energy, transport and security and is involved in international cooperative ventures, according to its website.

http://www.spacedaily.com/reports/G...centre_under_espionage_attack_report_999.html

 

[ctg]

Unbelivable. Obama väittää että NSAlla ei ollut sormia pelissä vaikka NSAn tuhannet matemaatikot sun muut kryptoanalyytikot ovat suoraan sidonnaisissa salaustuotteisiin ja niissä oleviin "bugeihin." Jos mulla oli jotain luottamusta obamaan, niin se on nyt viimeinkin mennyt.

After years of studied silence on the government’s secret and controversial use of security vulnerabilities, the White House has finally acknowledged that the NSA and other agencies exploit some of the software holes they uncover, rather than disclose them to vendors to be fixed.

The acknowledgement comes in a news report indicating that President Obama decided in January that from now on any time the NSA discovers a major flaw in software, it must disclose the vulnerability to vendors and others so that it can be patched, according to the New York Times.

But Obama included a major loophole in his decision, which falls far short of recommendations made by a presidential review board last December: According to Obama, any flaws that have “a clear national security or law enforcement” use can be kept secret and exploited.

This, of course, gives the government wide latitude to remain silent on critical flaws like the recent Heartbleed vulnerability if the NSA, FBI, or other government agencies can justify their exploitation.

A so-called zero-day vulnerability is one that’s unknown to the software vendor and for which no patch therefore exists. The U.S. has long wielded zero-day exploits for espionage and sabotage purposes, but has never publicly stated its policy on their use. Stuxnet, a digital weapon used by the U.S. and Israel to attack Iran’s uranium enrichment program, used five zero-day exploits to spread.

Last December, the President’s Review Group on Intelligence and Communications Technologies declared that only in rare instances should the U.S. government authorize the use of zero-day exploits for “high priority intelligence collection.” The review board, which was convened in response to reports of widespread NSA surveillance revealed in the Edward Snowden documents, also said that decisions about the use of zero-day attacks should only be made “following senior, interagency review involving all appropriate departments.”

“In almost all instances, for widely used code, it is in the national interest to eliminate software vulnerabilities rather than to use them for US intelligence collection,” the review board wrote in its lengthy report (.pdf). “Eliminating the vulnerabilities — ‘patching’ them — strengthens the security of US Government, critical infrastructure, and other computer systems.”

When the government does decide to use a zero-day hole for national security purposes, they noted, that decision should have an expiration date.

“We recommend that, when an urgent and significant national security priority can be addressed by the use of a Zero Day, an agency of the US Government may be authorized to use temporarily a Zero Day instead of immediately fixing the underlying vulnerability,” they wrote. “Before approving use of the Zero Day rather than patching a vulnerability, there should be a senior-level, interagency approval process that employs a risk management approach.”

But Obama appeared to ignore these recommendations when the report was released. A month later, when he announced a list of reforms based on the review board’s report, the issue of zero days went unaddressed.

Last week, however, after the Heartbleed vulnerability was exposed, and questions arose about whether the NSA had known about the vulnerability and kept silent about it, the White House and NSA emphatically denied that the spy agency had known about the flaw or exploited it before this year.

Following a now-disputed report from Bloomberg that the NSA had been exploiting the Heartbleed flaw for two years, the Office of the Director of National Intelligence issued a statement denying that the NSA had known about the vulnerability before it was publicly disclosed.

“If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL,” the statement said.

Intelligence authorities also revealed that in response to the presidential review board’s recommendations in December, the White House had recently reviewed and “reinvigorated an interagency process for deciding when to share” information about zero day vulnerabilities with vendors and others so that the security holes could be patched.

“When Federal agencies discover a new vulnerability in commercial and open source software … it is in the national interest to responsibly disclose the vulnerability rather than to hold it for an investigative or intelligence purpose,” the statement said.

The government process for deciding on whether or not to use a zero-day exploit is called the Vulnerabilities Equities Process, and the statement said that unless there is “a clear national security or law enforcement need,” the equities process is now “biased toward responsibly disclosing such vulnerabilities.”

This implies, of course, that the bias was aimed in favor of something else until now.

“If this is a change in policy, it kind of explicitly confirms that beforehand that was not the policy,” says Jason Healey, director of the Cyber Statecraft Initiative at the Atlantic Council and a former officer in the Air Force’s cyber division.

The government’s use of zero-day exploits has exploded over the last decade, feeding a lucrative market for defense contractors and others who uncover critical flaws in the software used in cell phones, computers, routers, and industrial control systems and sell information about these vulnerabilities to the government.

But the government’s use of zero days for exploitation purposes has long contradicted Obama’s stated policy claims that the security of the internet is a high priority for his administration.

http://www.wired.com/2014/04/obama-zero-day/

 

[Sardaukar]

Obama sanoi aikoinaan, että tiedustelutoiminnan "läpinäkyvyys" on iso juttu.

Kuinka moni uskoi?

 

[Sardaukar]

Lisäksi, kuinka moni uskoo tällä foorumilla, että heistä ei ole profiilia useiden tiedustelulaitosten tiedostoissa pelkästään siitä syystä, että postaan foorumille?

 

[TomTom]

Sotilastiedustelu on osa maanpuolustusta
Puolustusvoimien tiedustelupäällikkö, prikaatikenraali Harri Ohra-aho muistuttaa, että myös Suomea tiedustellaan jatkuvasti.
http://www.puolustusvoimat.fi/porta...9nQSEh/?pcid=2871040043aac188942bdf028affb6da


Taulukauppiaat kyberavaruudessa
Tämä ei ole sellaista, jota tavanomaisesti käsittelisin netissä, mutta tapa on arvioni mukaan paras ja nopein saada ihmiset heräämään ja ajattelemaan ja estämään toimijaa pääsemään käsiksi haluamaansa tietoon.
http://fmashiri.wordpress.com/2014/04/14/taulukauppiaat-kyberavaruudessa-reblog/

 

[Iso-Mursu]

Tuli muuten mieleen että mikäs tämä sivusto oikein on..

www.secmeter.com/

 

[Vonka]

Tuli muuten mieleen että mikäs tämä sivusto oikein on..

www.secmeter.com/

En usko, että kannattaa avata.

 

[ctg]

Way back in 2004, some guys at DefCon built a WiFi rifle. It was basically a gun stock with a big Yagi antenna on the end. They plugged it in to a laptop next to the rifle and could wreak 2.4 GHz havoc from the rooftops. Ten years later, technology has changed a lot. I thought it would be fun to rebuild the WiFi rifle to take advantage of that. I’m calling my version the Hack Rifle.

http://www.hscott.net/projects-2/hack-rifle/

 

[koponen]

Kohtuuvarovasti saattaisin käyttää tuota WiFi-pyssykkää alueilla joissa radioon kähisty "active shooter" antaa reilummanpuoleisesti toimivaltuuksia kärkimiehelle.

Tuli muuten mieleen, että kasvokkain verkon seurannasta keskustellessa toistuu usein sama teema:

- "minä" en ole kiinnostava kohde
- "minussa" l. verkkokäyttäytymisessäni ei ole mitään raskauttavaa
- "minä" en ole aikeissa hakea tehtävään / olla julkisuuden henkilö / xxx
-> JOTEN "minua" tuskin seurataan, "minuun" ei hukata resurssia

Noh. Koska nykytekniikka mahdollistaa käytännössä kaiken sähköisen liikenteen tallentamisen erittäin pienellä - käytännössä häviän pienellä - marginaalikustannuksella, mikään edellä mainituista ei ole relevanttia.

Tällä hetkellä otetaan enemmän tai vähemmän kaikki sähköinen liikenne talteen kaikkien tavoitettavissa olevien verkkojen osalta, tästä hamaan maailman tappiin.

Siispä, jos:

- "sinä" olet myöhemmin jollekin kiinnostava kohde
- "sinussa" l. verkkokäyttäytymisessäsi on myöhemmin vallitsevan lainsäädännön / moraalisten normien / muunmikä perusteella jotain tuomittavaa
- "sinä" et olekaan ikuisesti pyöristysvirhe
-> NIIN koko historiasi on käytettävissä sinua vastaan

Ja vieläpä niin automaattisesti, että verkostojesi toimet ja muutokset, indikaattorisignaalit ymv. voidaan käsitellä ja käsitelläänkin jo nyt siten että kenenkään ei tarvitse käyttää "tarkkailuresurssia" sinuun. Kun maailma on sillä mallilla, että sinut halutaan nostaa tikun nokkaan, niin se tapahtuu hurmaavan vaivattomasti.

Että terveisiä vain tulevaisuuteen. Katsotaan sitten minkä vuosien älynväläysten perusteella minutkin piiskataan aikanaan julkisesti.

 

[sherlokki]

Kohtuuvarovasti saattaisin käyttää tuota WiFi-pyssykkää alueilla joissa radioon kähisty "active shooter" antaa reilummanpuoleisesti toimivaltuuksia kärkimiehelle.

Tuli muuten mieleen, että kasvokkain verkon seurannasta keskustellessa toistuu usein sama teema:

- "minä" en ole kiinnostava kohde
- "minussa" l. verkkokäyttäytymisessäni ei ole mitään raskauttavaa
- "minä" en ole aikeissa hakea tehtävään / olla julkisuuden henkilö / xxx
-> JOTEN "minua" tuskin seurataan, "minuun" ei hukata resurssia

Noh. Koska nykytekniikka mahdollistaa käytännössä kaiken sähköisen liikenteen tallentamisen erittäin pienellä - käytännössä häviän pienellä - marginaalikustannuksella, mikään edellä mainituista ei ole relevanttia.

Tällä hetkellä otetaan enemmän tai vähemmän kaikki sähköinen liikenne talteen kaikkien tavoitettavissa olevien verkkojen osalta, tästä hamaan maailman tappiin.

Siispä, jos:

- "sinä" olet myöhemmin jollekin kiinnostava kohde
- "sinussa" l. verkkokäyttäytymisessäsi on myöhemmin vallitsevan lainsäädännön / moraalisten normien / muunmikä perusteella jotain tuomittavaa
- "sinä" et olekaan ikuisesti pyöristysvirhe
-> NIIN koko historiasi on käytettävissä sinua vastaan

Ja vieläpä niin automaattisesti, että verkostojesi toimet ja muutokset, indikaattorisignaalit ymv. voidaan käsitellä ja käsitelläänkin jo nyt siten että kenenkään ei tarvitse käyttää "tarkkailuresurssia" sinuun. Kun maailma on sillä mallilla, että sinut halutaan nostaa tikun nokkaan, niin se tapahtuu hurmaavan vaivattomasti.

Että terveisiä vain tulevaisuuteen. Katsotaan sitten minkä vuosien älynväläysten perusteella minutkin piiskataan aikanaan julkisesti.

Näin se menee.

 

[ctg]

INTERCEPT TELECOM
Over the last two years, the Kremlin has transformed Russia into a surveillance state—at a level that would have made the Soviet KGB (Committe for State Security) envious. Seven Russian investigative and security agencies have been granted the legal right to intercept phone calls and emails. But it’s the Federal Security Service (FSB), the successor to the KGB, that defines interception procedures, and they’ve done that in a very peculiar way.

In most Western nations, law enforcement or intelligence agencies must receive a court order before wiretapping. That warrant is sent to phone operators and Internet providers, which are then required by law to intercept the requested information and forward it to the respective government agencies. In Russia, FSB officers are also required to obtain a court order to eavesdrop, but once they have it, they are not required to present it to anybody except their superiors in the FSB. Telecom providers have no right to demand that the FSB show them the warrant. The providers are required to pay for the SORM equipment and its installation, but they are denied access to the surveillance boxes.

The FSB has control centers connected directly to operators’ computer servers. To monitor particular phone conversations or Internet communications, an FSB agent only has to enter a command into the control center located in the local FSB headquarters. This system is replicated across the country. In every Russian town, there are protected underground cables, which connect the local FSB bureau with all Internet Service Providers (ISPs) and telecom providers in the region. That system, or SORM, is a holdover from the country’s Soviet past and was developed by a KGB research institute in the mid-1980s. Recent technological advances have only updated the system. Now, the SORM-1 system captures telephone and mobile phone communications, SORM-2 intercepts Internet traffic, and SORM-3 collects information from all forms of communication, providing long-term storage of all information and data on subscribers, including actual recordings and locations.

Over the last six years, Russia’s use of SORM has skyrocketed. According to Russia’s Supreme Court, the number of intercepted telephone conversations and email messages has doubled in six years, from 265,937 in 2007 to 539,864 in 2012. These statistics do not include counterintelligence eavesdropping on Russian citizens and foreigners.

At the same time, Moscow is cracking down on ISPs that don’t adhere to their SORM obligations. We discovered Roskomnadzor (the Agency for the Supervision of Information Technology, Communications, and Mass Media) statistics covering the number of warnings issued to ISPs and telecoms providers. In 2010, there were 16 such warnings, and there were another 13 in 2011. The next year, that number jumped to 30 warnings. In most cases, when the local FSB or prosecutor’s office identified shortcomings, they sent the information to Roskomnadzor, which warned the ISP. Penalties for failure to meet their obligations are swift and sure. First, the ISP is fined, then if violations persist, its license may be revoked.

http://www.worldpolicy.org/journal/fall2013/Russia-surveillance