Category: Security

US secretary of state catches a bad case of the Hillaries

The US Secretary of State has been caught doing the sort of thing that cost Hillary Clinton the election.

According to New York attorney General Eric Schneiderman, Rex Tillerson used an email alias of “Wayne Tracker” to secretly communicate with other Exxon executives about climate change while serving as CEO of Exxon Mobil.

New York attorney General Eric Schneiderman has been leading an investigation of Exxon Mobil cased on whether the company misled investors by publicly arguing against the reality of climate change even though its executives knew the science was accurate.

The investigation was triggered by news reports describing climate research the company undertook in the 1970s and 1980s, which affirmed the work of other climate scientists and showed that greenhouse gas emissions were causing climate change.

Exxon buried that work and spent the next couple of decades claiming that the science was unclear, although it has recently publicly acknowledged reality,it said.

The e-mails that were provided allowed the Attorney General to figure out that Tillerson used the account between 2008 and 2015 at least, but it didn’t appear on Exxon’s list of accounts for which records were preserved.

The letter also mentions 34 other e-mail accounts “specifically assigned to top executives, board members, or assistants” that the Attorney General thinks should have been included.

An Exxon spinner said that the e-mail address, Wayne.Tracker@exxonmobil.com, is part of the company’s e-mail system and was “put in place for secure and expedited communications between select senior company officials and the former chairman for a broad range of business-related topics”.

The Office of the Attorney General claims that Exxon has continuously delayed and obstructed the production of documents from its top executives and board members, which are crucial to OAG’s investigation into Exxon’s touted risk-management practices regarding climate change.

SAP releases patches

The software maker which makes esoteric expensive business programmes which no one is really sure what they do, has patched vulnerabilities in its latest HANA software.

The holes had a high risk of giving hackers control over databases and business applications used to run big multinational firms.

Vulnerabilities in big business software are more lucrative to attackers as these tools store data and run transactions. The flaws were “zero day” vulnerabilities and were the most critical ever found in HANA.  For those who came in late, HANA runs SAP’s latest database, cloud and other more traditional business apps.

The holes were spotted by the insecurity outfit Onapsis which said that the vulnerabilities lay in a HANA component known as “User Self Service” (USS) which would allow malicious insiders or remote attackers to fully compromise vulnerable systems, without so much as valid usernames and passwords.

It reported 10 HANA vulnerabilities to SAP less than 60 days ago, which the German software maker fixed in near-record time.

The resulting patch issued by SAP on Tuesday was rated by it as 9.8 on a scale of 10, “very high” in terms of relative risk to its customers. SAP is releasing five HANA patches this week to fix a range of vulnerabilities uncovered in recent months.

Onapsis Chief Executive Mariano Nunez praised SAP for doing such a great job by releasing fixes much faster than in past situations.

 

FBI allow a “paedophile” to go free

The Untouchables do not want to be touched by a court demands that it explain how its Tor hack works.

The court wanted to know how the FBI located a child porn suspect, and federal prosecutors responded by dropping all charges against a man accused of accessing Playpen, a notorious and now-shuttered website.

The case is one of nearly 200 cases nationwide that have raised new questions about the appropriate limitations on the government’s ability to hack criminal suspects. Michaud marks just the second time that prosecutors have asked that case be dismissed.

Annette Hayes, a federal prosecutor, wrote in a court filing that the government had to choose between disclosure of classified information and dismissal of its indictment.

“Disclosure is not currently an option. Dismissal without prejudice leaves open the possibility that the government could bring new charges should there comes a time within the statute of limitations when and the government be able to provide the requested discovery.”

The Department of Justice is currently prosecuting over 135 people nationwide whom they believe accessed the illegal website.

To find those them, federal authorities seized and operated the site for 13 days before closing it down. During that period, the FBI deployed a Tor exploit that allowed them to find out those users’ real IP addresses.

The DOJ has called this exploit a “network investigative technique,” (NIT) while many security experts have dubbed it as “malware.” Defense attorneys want the NIT’s source code as part of the criminal discovery process.

Last year, US District Judge Robert Bryan ordered the government to hand over the NIT’s source code in Michaud. Since that May 2016 order, the government has classified the source code itself, thwarting efforts for criminal discovery in more than 100 Playpen-related cases that remain pending.

On the plus side many of the Playpen defendants have pleaded guilty, and only a few have had charges dropped altogether.

Blockchain gains as software giants form alliance

PMorgan Chase, Microsoft,  Intel and more than two dozen other companies have teamed up to develop standards and technology to make it easier for enterprises to use blockchain code Ethereum.

The move is seen as the latest push by large firms to move toward distributed ledger systems and a considerable move forward for the bitcoin based tech.

The Enterprise Ethereum Alliance (EEA) will work to enhance the privacy, security and scalability of the Ethereum blockchain, making it better suited to business applications, according to the founding companies.

Members of the 30-strong group also include Accenture, Banco Santander, Credit Suisse Group  and shedloads of other bankers and financial groups. The EEA joins a growing list of joint initiatives by large companies aiming to take advantage of blockchain, a shared digital record of transactions that is maintained by a network of computers rather than a centralised authority.

Companies in a wide range of industries are hoping that it can help them streamline some of their processes, such as the clearing and settling of financial securities.

Ethereum, a type of blockchain that can be used to develop decentralised applications, was invented by 23-year-old programer Vitalik Buterin. Several banks have already adapted Ethereum to develop and test blockchain trading applications.

Alex Batlin, global blockchain lead at BNY Mellon, one of the companies on the EEA board, said over the past few years banks and other enterprises have increased collaboration with the Ethereum development community, facilitating the creation of the EEA.

SThe EEA will collaborate with the non-profit foundation that promotes the development of Ethereum, the companies said.

Russian cyber treason charges are ancient

Treason charges against two Russian state security officers and a cyber-security expert are based on allegations made by a Russian businessman seven years ago.

The arrests concern allegations that the suspects passed secrets to US firm Verisign and other unidentified American companies, which in turn shared them with the US spooks.

Ruslan Stoyanov, head of the computer incidents investigation team at Russian cyber-security firm Kaspersky Lab, was arrested and charged with treason in December along with two officers of Russia’s Federal Security Service (FSB), Sergei Mikhailov and Dmitry Dokuchayev.

The arrests were a result of accusations first made in 2010 by Pavel Vrublevsky, a Russian businessman and founder of ChronoPay, an online payments company. Vrublevsky has told the press that that the arrests were a response to his claim that Stoyanov and Mikhailov had passed secrets on to American firms.

Verisign denies that it received any secret information. The firm’s iDefense unit compiled dossiers on cybercrime for clients including private firms and government agencies that include U.S. intelligence services, but it says its research did not contain classified information.

However, it did know Stoyanov, a former Russian cybercrime copper who later had a career as a consultant.

But Kimberly Zenz, a former analyst at Verisign’s iDefense unit who knows Stoyanov said that nothing like the arrangement as described by Pavel Vrublevsky ever took place.

Verisign Vice President Joshua Ray said his company acquired information in unclassified ways and does not believe its reports to government agencies and other customers included state secrets.

Kaspersky is just pointing out the charges against Stoyanov related to a period before he joined the company in 2012.

What is weird about the story is that the the Russian authorities had taken no action over the allegations made by Vrublevsky against Stoyanov and Mikhailov for so long.

The only coincidence is that the arrests came shortly after the United States accused Russia of trying to influence its presidential election through computer hacking.

It is thought that Moscow intends the arrests as a signal, in response to the US hacking accusations, that it would now take action against forms of cooperation that it previously tolerated.

After Vrublevsky first made his allegations against Stoyanov and Mikhailov, he was arrested and convicted on charges of organizing a cyber-attack on a rival Internet payments firm that competed with ChronoPay. He is now free on parole and has always denied guilt.

 

Windows security cure is sorting out Admin rights


More than 94
percent of Windows vulnerabilities are mitigated by removing admin rights, according to a team of insecurity experts.

Avecto, which has issued its annual Microsoft Vulnerabilities report and found that there were 530 Microsoft vulnerabilities reported in 2016, and of these critical vulnerabilities,

All vulnerabilities impacting both Internet Explorer and Edge could be mitigated by removing admin rights, Avecto reported.

Mark Austin, co-founder and CEO of Avecto, said that privilege management and application control should be the cornerstone of your endpoint security strategy, building up from there to create ever stronger, multiple layers of defense.

“These measures can have a dramatic impact on your ability to mitigate today’s attacks. Times have changed; removing admin rights and controlling applications is no longer difficult to achieve,” he said.

Windows 10 was found to have the highest proportion of vulnerabilities of any OS (395), 46 per cent more than Windows 8 and Windows 8.1 (265 each).

Microsoft Office had 79 vulnerabilities in 2016, up from 62 in 2015 and just 20 in 2014. This data includes Office 2010, Office 2013, Office 2016 and the various applications. Removing admin rights would mitigate 99 per cent of the vulnerabilities in older versions and all of those vulnerabilities would be mitigated in Office 2016.

Avecto said this method of turning off admin privileges works alongside tools such as antivirus to proactively prevent malware from executing in the first place, rather than relying on detection and response after the event.

Cellbrite can unlock the iPhone 6 and 6S

Cellebrite has announced that it can unlock and extract the full file system from locked iPhones including the 6 and 6+ with their Advanced Investigative Service (CAIS) product.  Apparently Apple’s encryption is no object.

The Tame Apple Press is furious with the company for daring to prove that hacking an IPhone is a walk in the park and has been running conspiracy stories about how Cellbrite is really an agent of evil government forces who want to take away Apple users Coldplay  and Taylor Swift collections, or something like that.

“Companies like the Israel-based Cellebrite make a mint selling tools to local and federal law enforcement agencies in the United States as well as countries like Turkey, the United Arab Emirates and Russia.,” hissed Reuters.

Every version before the 6+ can also be unlocked by Cellebrite whose forensic researchers say they have successfully bypassed Apple’s so-called impossible to break security and encryption.

CAIS is the in-house product on sale from Cellebrite. They also offer products like the new version of the Universal Forensic Extraction Device (UFED) Physical Analyzer 6.0 for use in the field by their customers. The company has been increasingly advertising their newest product’s ability to easily extract and investigate data from encrypted secure messengers including Signal, Telegram, Threema and Surespot.

The company charges $1,500 to unlock an individual phone, while a yearly subscription to the service runs for $250,000, according to a report from the Intercept last year.

To top off the new offerings, Cellebrite’s also now targets Uber apps on Android and iOS, a potentially massive source of personal data that includes the user’s account and locations. That’s in addition to the ability to extract and analyze vast mountains of data from apps ranging from Chrome to Facebook to dating apps, all of which can contain extremely private information.

“In most devices, Cellebrite’s proprietary boot loader can bypass all security mechanisms, even if the device is locked, without jailbreaking, rooting or flashing the device,” according to the company.

Brits arrest DT hacker

Britain’s National Crime Agency (NCA) has arrested someone for last year’s cyber-attack which infected nearly one million Deutsche Telekom routers.

The NCA fingered the collar of the 29 year old Brit at one of London’s airports, the coppers said in a statement.

The attack on Deutsche Telekom, Germany’s largest telecom company, took place in late November. Internet outages hit as many as 900,000 of its users, or about 4.5 percent of its fixed line customers.

German security experts thought the internet outages that have hit hundreds of thousands of Deutsche Telekom customers in Germany were part of a worldwide attempt to hijack routing devices.

Dirk Backofen, a senior Deutsche Telekom security executive said the attack was not an attack against Deutsche Telekom. “It was a global attack against all kinds of devices. How many other operators were affected, we don’t know,” he said.

Deutsche Telekom said the problems seemed to be connected to an attempt to make customers’ routers part of the Mirai botnet.

Gemalto teams up with Microsoft


Security outfit Gemalto i
s teaming up with Microsoft to release of its On Demand Connectivity and eSIM technology for Windows 10 devices.

Gemalto’s works with the release GSM Association (GSMA) new specifications and guidelines for remote SIM provisioning.

Based around a subscription system, Gemalto’s On-Demand Connectivity works with Windows 10 native eSIM support. It is designed to be remotely provisioned by mobile network operators with subscription information and is globally interoperable across all carriers, device makers and technology providers implementing the specification.

This technology will serve as the framework devices of all shapes and sizes use to connect to operator networks. The first wave of devices with this technology is expected to be available to consumers by Christmas.

Roanne Sones, General Manager, Strategy and Ecosystem for Windows and Devices, Microsoft said that eSIM technology remains an important investment for Microsoft as it looks to create even more mobile computing opportunities

“As a key component for the Always Connected Windows experience, we worked closely with Gemalto to develop a solution that meets the new GSMA guidelines.”

Rodrigo Serna, Senior Vice President of Mobile Services and IoT Americas at Gemalto said that Gemalto has created a complete range of subscription management software and services to manage the eSIM life cycle in mobile devices.

“We will continue to work closely with Microsoft and the GSMA to further these advances while protecting the security of end users, who rely on their mobile devices to make everyday life easier.”

FBI running three probes into Russian gaming of the US elections

The Untouchables have three separate probes into the Russian hacking of the US presidential elections.

For those who came in late, it is widely believed Tsar Vladimir Putin ordered his crack team of hackers to game the US presidential election to put a wealthy orange businessmen who owes him and his Russian chums rather a lot of cash in the top job.

Donald (Prince of Orange) and Tsar Putin have denied it, but then it is likely they would. Trumpets who support Donald Trump have been appearing all over the internet saying that “there is no proof” despite rather a lot of evidence that this sort of thing was going on.

The FBI’s Pittsburgh field office, which runs many cyber security investigations, is trying to identify the people behind breaches of the Democratic National Committee’s computer systems, the officials said.

Those breaches, in 2015 and the first half of 2016, exposed the internal communications of party officials as the Democratic nominating convention got underway and helped undermine support for Hillary Clinton.

The Pittsburgh case has progressed furthest, but Justice Department officials in Washington believe there is not enough clear evidence yet for an indictment, two of the sources said.

The bureau’s San Francisco office is trying to identify the people who called themselves “Guccifer 2” and posted emails stolen from Clinton campaign manager John Podesta’s account, the sources said.

Those emails contained details about fundraising by the Clinton Foundation and other topics.

Beyond the two FBI field offices, FBI counterintelligence agents based in Washington are pursuing leads from informants and foreign communications intercepts, two of the people said.

This counterintelligence inquiry includes but is not limited to examination of financial transactions by Russian individuals and companies who are believed to have links to Trump associates. The transactions under scrutiny involve investments by Russians in overseas entities that appear to have been undertaken through middlemen and front companies, two people briefed on the probe said.

Scott Smith, the FBI’s new assistant director for cybercrime, declined to comment this week on which FBI offices were doing what or how far they had progressed. It is hard to see him being enthusiastic to find a culprit as he might find himself having arrest the bloke who appointed him,

A White House spokesman pointed to a comment Trump made during the campaign, in which he said: “As far as hacking, I think it was Russia, but I think we also get hacked by other countries and other people.”

Trump claims he has no business connections to Russia and that reports in the New York Times that Americans with ties to Trump or his campaign had repeated contacts with current and former Russian intelligence officers before the November election were fake news.