Category: Security

German hackers are revolting

Germany is facing a huge increase in the numbers of hacking cases.

The German government registered 82,649 cases of computer fraud, espionage and other cyber crimes in 2016, an increase of just over 80 percent from 2015.

German Interior Minister Thomas de Maiziere is due to release the new statistics, part of the government’s annual crime report, on Monday, according to Die Welt.

In addition to cybercrime, German police also registered 253,290 cases of crimes carried out with the help of the internet, an increase of 3.6 percent from 2015, the newspaper reported.

While it is possible that there is a sudden rise in the numbers of disaffected youth who want to stick it to the man, it is more likely the figure represents a move by organised crime to lift cash from companies.

The rise coincides  with a move by Eastern German and Russian mafia types to switch to internet extortion which is easier than hitting people with lead pipes and less noisy than shooting them.

“That is a very pretty server you have there Hans, it would be a pity if anything happened to it.”

 

Russian super-hacker gets 27 years

The US Justice Department has announced that a 32-year-old Russian “superhacker” has been sentenced to 27 years in prison for stealing and selling millions of credit-card numbers.

Roman Valeryevich Seleznev, 32, aka Track2, son of a prominent Russian politician, caused more than $169 million worth of damage to business and financial institutions in his hacks, the DoJ claims.

He was convicted last year on 38 counts of computer intrusion and credit card fraud.

Acting Assistant Attorney General Kenneth Blanco said that his investigation, conviction, and sentence demonstrates that the United States will bring the full force of the American justice system upon cybercriminals like Seleznev who victimize US citizens and companies from afar.

“And we will not tolerate the existence of safe havens for these crimes – we will identify cybercriminals from the dark corners of the internet and bring them to justice.”

 

Microsoft retires security bulletins

Microsoft retired the security bulletins making many security experts lives rather difficult.

Vole announced the demise of bulletins in November, saying then that the last would be posted with January’s Patch Tuesday, and that the new process would debut 14 February.

A searchable database of support documents would replace the bulletins. Accessed through the “Security Updates Guide” (SUG) portal, the database’s content can be sorted and filtered by the affected software, the patch’s release date, its CVE (Common Vulnerabilities and Exposures) identifier, and the numerical label of the KB, or “knowledge base” support document.

SUG’s forerunners were the web-based bulletins that have been part of Microsoft’s patch disclosure policies since at least 1998.

Vole did such a good job turning out those bulletins that they were considered the aspirational benchmark for all software vendors, so getting rid of them seemed so strange.

In February Microsoft cancelled that month’s Patch Tuesday just hours before the security updates were to reach customers, making the bulletins’ planned demise moot. Microsoft kept the bulletins the following month as well, saying it wanted to give users more time to prepare for the change to SUG.

Finally, when Microsoft yesterday shipped cumulative security updates for Windows, Internet Explorer, Office and other products, it omitted the usual bulletins.

SUG is not so popular, even if analysts say it has great potential.  Many are undecided whether it would be able to deliver the same quantity and quality of information as the bulletins, without burdening administrators with more work.

Most of the information packed into the earlier bulletins remained available through SUG by digging into the numerous online documents, it is not as accessible.

Russian hackers might have gamed Brexit

A website which allowed Britons to register to vote in last year’s European Union referendum might have been targeted by Russian hackers who crashed it before the deadline.

A committee of British MPs said that more than a million potential voters applied to register online in the run up to the deadline two weeks before last June’s vote and the government extended the cut-off point after the website crashed, blaming it on a late rush by mainly young citizens.

But parliament’s Public Administration and Constitutional Affairs Committee (PACAC) said it did not rule out the possibility that the crash was caused by a Distributed Denial of Service (DDoS) cyber attack.

“PACAC is deeply concerned about these allegations about foreign interference,” said the report.

The committee said that the interference would not have changed the outcome, but it was rather disconcerting anyway.

Russia has been accused of trying to influence the 2016 U.S. election and the committee said the government needed to ensure future elections and referendums were monitored with plans in pace to respond to and contain any cyber-attacks.

The report said that Russia and China use a cognitive approach based on understanding of mass psychology and of how to exploit individuals.

“The implications of this different understanding of cyber-attack, as purely technical or as reaching beyond the digital to influence public opinion, for the interference in elections and referendums are clear.”

The committee was also critical of the government’s failure to prepare for a vote for Brexit and former Prime Minister David Cameron’s motives for calling the referendum in the first place, saying using plebiscites as a “bluff call” to close “unwelcome debate” was questionable.

“There was no proper planning for a Leave vote so the EU referendum opened up much new controversy and left the prime minister’s credibility destroyed,” the report said.

Canadians refuse bail for “Yahoo hacker”

A Canadian judge denied bail to a 22-year-old man whom the United States wants to extradite to face charges of involvement in a massive hack of Yahoo email accounts.

Karim Baratov, a Canadian citizen who was born in Kazakhstan, was considered a flight risk by Justice Alan Whitten, who remanded Baratov in custody until May 26.

The United States claims that Baratov worked with Russian intelligence agents who paid him to break into at least 80 email accounts, including those of specific targets with non-Yahoo accounts.

The judge said that Baratov had no reason to stick around as he could continue his wealth-generating activities anywhere in the world.

Baratov faces US charges including conspiracy to commit computer fraud, conspiracy to commit wire fraud and identify theft, and could face decades in a US jail if found guilty on all charges.

His lawyer Amedeo DiCarlo says that it was not him, and he would consider appealing the bail decision if the court is unable to schedule a expeditious extradition hearing.

Federal prosecutor Heather Graham told the court that the attorney general of Canada will be ready to proceed with an extradition hearing by June 12, according to media reports.

The United States last month charged two Russian intelligence agents, Baratov and another alleged hacker over the 2014 theft of 500 million Yahoo accounts, the first time the US government had criminally charged Russian spies for cyber offenses.

The other alleged hacker is Alexsey Belan, one of the FBI’s most-wanted cyber criminals, who was arrested in Europe in June 2013 but escaped to Russia before he could be extradited to the United States, according to the US Justice Department.

Russian “spammer” and Trump suspect finds pain in Spain

Inspector Knacker of the Barcelona yard has fingered the collar of a Russian programmer following US allegations of large-scale hacking.

Pyotr Levashov was held in Barcelona and has been remanded in custody.

Spanish coppers claim Levashov controlled a botnet called Kelihos, hacking information and installing malicious software in hundreds of thousands of computers.

The arrest was part of a “complex inquiry carried out in collaboration with the FBI”, police said.

Levashov is subject to a US international arrest warrant and a Spanish court will hear whether he can be extradited.

Much of his activity involved ransomware – blocking a computer’s access to certain information and demanding a ransom for its release.

Levashov’s wife Maria told Russian broadcaster RT that the arrest had been made in connection with allegations that Russians had hacked the US presidential election.

She claimed that Spanish coppers had told her that it was all about a “a virus which appears to have been created by my husband and is linked to [Donald] Trump’s victory”.

Agence France-Presse  quoted a source close to the matter in Washington as saying that Levashov’s detention was “not tied to anything involving allegations of Russian interference with the US election”.

Several cybersecurity experts, including Brian Krebs, have also linked Levashov to a Russian spam kingpin, who uses the alias Peter Severa.

Android phones vulnerable to booby trapped wi-fi signals

 Android phones are vulnerable to attacks that use booby trapped wi-fi signals to achieve full device takeover, a researcher has demonstrated.

The vulnerability resides in a widely used wi-fi chipset manufactured by Broadcom and used in both iOS and Android devices. Before anyone claims it was poor Android programming, the Fruity Cargo-Cult Apple was also vulnerable to the hack but patched the vulnerability with Monday’s release of iOS 10.3.1.

The Google Project Zero researcher Gal Beniamini who discovered the flaw said that an attacker within range may be able to execute arbitrary code on the wi-fi chip.

In a highly detailed blog post Apple said that the flaw  allowed the execution of malicious code on a fully updated 6P “by wi-fi proximity alone, requiring no user interaction”.

Google is in the process of releasing an update in its April security bulletin. The fix is available only to a select number of device models, and even then it can take two weeks or more to be available as an over the air update to those who are eligible.

Company representatives didn’t respond to an e-mail seeking comment for this post. The proof-of-concept exploit uses wi-fi frames that contain irregular values.

The values, in turn, cause the firmware running on Broadcom’s wireless system-on-a=chip to overflow its stack. By using the frames to target timers responsible for carrying out regularly occurring events such as performing scans for adjacent networks, Beniamini managed to overwrite specific regions of device memory with arbitrary shellcode.

Beniamini’s code does nothing more than write a benign value to a specific memory address. Attackers could obviously exploit the same series of flaws to surreptitiously execute malicious code on vulnerable devices within range of a rogue access point.

Mounties always get their LAN

Canadian coppers have admitted that they is spying on mobile phones throughout Canada because they are worried about illegal monitoring by criminals and foreign spies.

The RCMP held the briefing in the wake of a CBC News investigation that found evidence that devices known as IMSI catchers may be in use near government buildings in Ottawa for the purpose of illegal spying.

After hiding their own use of the technology in secrecy for years, the RCMP spoke out about the devices — also known as Stingrays or Mobile Device Identifiers (MDIs).

The RCMP says that MDIs – of which it owns 10 – have become “vital tools” deployed scores of times to identify and track mobile devices in 19 criminal investigations last year and another 24 in 2015.

RCMP Chief Supt. Jeff Adam said that in all cases but one in 2016, police got warrants. The one exception was an exigent circumstance — in other words, an emergency scenario “such as a kidnapping”.

Adam’s office tracks every instance where an MDI has been used by the RCMP. He says using an MDI requires senior police approval as well as getting a judge’s order.

And he says the technology provides only a first step in an investigation allowing officers to identify a device. He says only then can police apply for additional warrants to obtain a user’s “basic subscriber information” such as name and address connected to the phone.

Then, he says, only if the phone and suspect are targets of the investigation can police seek additional warrants to track the device or conduct a wiretap to capture communications. Adam says the RCMP currently has 24 technicians trained and authorized to deploy the devices across Canada. He knows other police forces own and use them too, but declined to name them.

General Motors connects its robots to StarNet

In living proof that not enough people go to sci-fi movies, General Moters connected a quarter of its 30,000 factory robots to the internet.

The largest US  automaker already is reaping the benefits of less down time by analyzing data they sent to external servers in the cloud.

Mark Franks, director of global automation, said connectivity is preventing assembly line interruptions and robot replacements that can take as long as eight hours. Internet monitoring allows GM to order parts when it detects they’re wearing out instead of having to store them at the factory.

He said that reduces inventory and saves cash.

Hooking robots to the internet for preventive maintenance is just the start of a spurt of new robotics technology, Franks said.

GM is using robots that can work safely alongside humans in the factory that produces the Chevrolet Volt plug-in hybrid, he said.

Of course putting stuff on the internet makes it less secure and if an AI collective consciousness develops among internet connected devices, then it could use all these robots to take over the world.

You will know this has happened when a GM robot starts to assemble a robot to look for Sara Conner. But in the meantime, GM will be saving a bob or two before that, so that is ok.

Intel finally gets rid of McAfee

After seven years and a lawsuit from its founder, Intel is finally getting rid of McAfee.

The chip maker has divested its majority holdings in McAfee to investment firm TPG for US$3.1 billion.

McAfee will become a standalone security company, but Intel will retain a minority 49 percent stake. Chipzilla is apparently only interested in internal operations on hardware-level security.

The selloff is a loss for Chipzilla, which spent $7.68 billion to acquire McAfee in 2010. Some analysts think it was the worst thing that Intel ever bought.

Although the idea was good. Intel wanted to add layers of security to hardware and components. It McAfee technology in firmware at the PC and server chip level, and developed security management tools. McAfee technology was used in hardware using real-time operating systems. But most of McAfee was software based and had little ties to Intel’s core hardware strategy.

To fix the problem, Intel ran a parallel hardware security strategy that had little to no ties to McAfee.