Category: Security

Russian cyber treason charges are ancient

Treason charges against two Russian state security officers and a cyber-security expert are based on allegations made by a Russian businessman seven years ago.

The arrests concern allegations that the suspects passed secrets to US firm Verisign and other unidentified American companies, which in turn shared them with the US spooks.

Ruslan Stoyanov, head of the computer incidents investigation team at Russian cyber-security firm Kaspersky Lab, was arrested and charged with treason in December along with two officers of Russia’s Federal Security Service (FSB), Sergei Mikhailov and Dmitry Dokuchayev.

The arrests were a result of accusations first made in 2010 by Pavel Vrublevsky, a Russian businessman and founder of ChronoPay, an online payments company. Vrublevsky has told the press that that the arrests were a response to his claim that Stoyanov and Mikhailov had passed secrets on to American firms.

Verisign denies that it received any secret information. The firm’s iDefense unit compiled dossiers on cybercrime for clients including private firms and government agencies that include U.S. intelligence services, but it says its research did not contain classified information.

However, it did know Stoyanov, a former Russian cybercrime copper who later had a career as a consultant.

But Kimberly Zenz, a former analyst at Verisign’s iDefense unit who knows Stoyanov said that nothing like the arrangement as described by Pavel Vrublevsky ever took place.

Verisign Vice President Joshua Ray said his company acquired information in unclassified ways and does not believe its reports to government agencies and other customers included state secrets.

Kaspersky is just pointing out the charges against Stoyanov related to a period before he joined the company in 2012.

What is weird about the story is that the the Russian authorities had taken no action over the allegations made by Vrublevsky against Stoyanov and Mikhailov for so long.

The only coincidence is that the arrests came shortly after the United States accused Russia of trying to influence its presidential election through computer hacking.

It is thought that Moscow intends the arrests as a signal, in response to the US hacking accusations, that it would now take action against forms of cooperation that it previously tolerated.

After Vrublevsky first made his allegations against Stoyanov and Mikhailov, he was arrested and convicted on charges of organizing a cyber-attack on a rival Internet payments firm that competed with ChronoPay. He is now free on parole and has always denied guilt.

 

Windows security cure is sorting out Admin rights


More than 94
percent of Windows vulnerabilities are mitigated by removing admin rights, according to a team of insecurity experts.

Avecto, which has issued its annual Microsoft Vulnerabilities report and found that there were 530 Microsoft vulnerabilities reported in 2016, and of these critical vulnerabilities,

All vulnerabilities impacting both Internet Explorer and Edge could be mitigated by removing admin rights, Avecto reported.

Mark Austin, co-founder and CEO of Avecto, said that privilege management and application control should be the cornerstone of your endpoint security strategy, building up from there to create ever stronger, multiple layers of defense.

“These measures can have a dramatic impact on your ability to mitigate today’s attacks. Times have changed; removing admin rights and controlling applications is no longer difficult to achieve,” he said.

Windows 10 was found to have the highest proportion of vulnerabilities of any OS (395), 46 per cent more than Windows 8 and Windows 8.1 (265 each).

Microsoft Office had 79 vulnerabilities in 2016, up from 62 in 2015 and just 20 in 2014. This data includes Office 2010, Office 2013, Office 2016 and the various applications. Removing admin rights would mitigate 99 per cent of the vulnerabilities in older versions and all of those vulnerabilities would be mitigated in Office 2016.

Avecto said this method of turning off admin privileges works alongside tools such as antivirus to proactively prevent malware from executing in the first place, rather than relying on detection and response after the event.

Cellbrite can unlock the iPhone 6 and 6S

Cellebrite has announced that it can unlock and extract the full file system from locked iPhones including the 6 and 6+ with their Advanced Investigative Service (CAIS) product.  Apparently Apple’s encryption is no object.

The Tame Apple Press is furious with the company for daring to prove that hacking an IPhone is a walk in the park and has been running conspiracy stories about how Cellbrite is really an agent of evil government forces who want to take away Apple users Coldplay  and Taylor Swift collections, or something like that.

“Companies like the Israel-based Cellebrite make a mint selling tools to local and federal law enforcement agencies in the United States as well as countries like Turkey, the United Arab Emirates and Russia.,” hissed Reuters.

Every version before the 6+ can also be unlocked by Cellebrite whose forensic researchers say they have successfully bypassed Apple’s so-called impossible to break security and encryption.

CAIS is the in-house product on sale from Cellebrite. They also offer products like the new version of the Universal Forensic Extraction Device (UFED) Physical Analyzer 6.0 for use in the field by their customers. The company has been increasingly advertising their newest product’s ability to easily extract and investigate data from encrypted secure messengers including Signal, Telegram, Threema and Surespot.

The company charges $1,500 to unlock an individual phone, while a yearly subscription to the service runs for $250,000, according to a report from the Intercept last year.

To top off the new offerings, Cellebrite’s also now targets Uber apps on Android and iOS, a potentially massive source of personal data that includes the user’s account and locations. That’s in addition to the ability to extract and analyze vast mountains of data from apps ranging from Chrome to Facebook to dating apps, all of which can contain extremely private information.

“In most devices, Cellebrite’s proprietary boot loader can bypass all security mechanisms, even if the device is locked, without jailbreaking, rooting or flashing the device,” according to the company.

Brits arrest DT hacker

Britain’s National Crime Agency (NCA) has arrested someone for last year’s cyber-attack which infected nearly one million Deutsche Telekom routers.

The NCA fingered the collar of the 29 year old Brit at one of London’s airports, the coppers said in a statement.

The attack on Deutsche Telekom, Germany’s largest telecom company, took place in late November. Internet outages hit as many as 900,000 of its users, or about 4.5 percent of its fixed line customers.

German security experts thought the internet outages that have hit hundreds of thousands of Deutsche Telekom customers in Germany were part of a worldwide attempt to hijack routing devices.

Dirk Backofen, a senior Deutsche Telekom security executive said the attack was not an attack against Deutsche Telekom. “It was a global attack against all kinds of devices. How many other operators were affected, we don’t know,” he said.

Deutsche Telekom said the problems seemed to be connected to an attempt to make customers’ routers part of the Mirai botnet.

Gemalto teams up with Microsoft


Security outfit Gemalto i
s teaming up with Microsoft to release of its On Demand Connectivity and eSIM technology for Windows 10 devices.

Gemalto’s works with the release GSM Association (GSMA) new specifications and guidelines for remote SIM provisioning.

Based around a subscription system, Gemalto’s On-Demand Connectivity works with Windows 10 native eSIM support. It is designed to be remotely provisioned by mobile network operators with subscription information and is globally interoperable across all carriers, device makers and technology providers implementing the specification.

This technology will serve as the framework devices of all shapes and sizes use to connect to operator networks. The first wave of devices with this technology is expected to be available to consumers by Christmas.

Roanne Sones, General Manager, Strategy and Ecosystem for Windows and Devices, Microsoft said that eSIM technology remains an important investment for Microsoft as it looks to create even more mobile computing opportunities

“As a key component for the Always Connected Windows experience, we worked closely with Gemalto to develop a solution that meets the new GSMA guidelines.”

Rodrigo Serna, Senior Vice President of Mobile Services and IoT Americas at Gemalto said that Gemalto has created a complete range of subscription management software and services to manage the eSIM life cycle in mobile devices.

“We will continue to work closely with Microsoft and the GSMA to further these advances while protecting the security of end users, who rely on their mobile devices to make everyday life easier.”

FBI running three probes into Russian gaming of the US elections

The Untouchables have three separate probes into the Russian hacking of the US presidential elections.

For those who came in late, it is widely believed Tsar Vladimir Putin ordered his crack team of hackers to game the US presidential election to put a wealthy orange businessmen who owes him and his Russian chums rather a lot of cash in the top job.

Donald (Prince of Orange) and Tsar Putin have denied it, but then it is likely they would. Trumpets who support Donald Trump have been appearing all over the internet saying that “there is no proof” despite rather a lot of evidence that this sort of thing was going on.

The FBI’s Pittsburgh field office, which runs many cyber security investigations, is trying to identify the people behind breaches of the Democratic National Committee’s computer systems, the officials said.

Those breaches, in 2015 and the first half of 2016, exposed the internal communications of party officials as the Democratic nominating convention got underway and helped undermine support for Hillary Clinton.

The Pittsburgh case has progressed furthest, but Justice Department officials in Washington believe there is not enough clear evidence yet for an indictment, two of the sources said.

The bureau’s San Francisco office is trying to identify the people who called themselves “Guccifer 2” and posted emails stolen from Clinton campaign manager John Podesta’s account, the sources said.

Those emails contained details about fundraising by the Clinton Foundation and other topics.

Beyond the two FBI field offices, FBI counterintelligence agents based in Washington are pursuing leads from informants and foreign communications intercepts, two of the people said.

This counterintelligence inquiry includes but is not limited to examination of financial transactions by Russian individuals and companies who are believed to have links to Trump associates. The transactions under scrutiny involve investments by Russians in overseas entities that appear to have been undertaken through middlemen and front companies, two people briefed on the probe said.

Scott Smith, the FBI’s new assistant director for cybercrime, declined to comment this week on which FBI offices were doing what or how far they had progressed. It is hard to see him being enthusiastic to find a culprit as he might find himself having arrest the bloke who appointed him,

A White House spokesman pointed to a comment Trump made during the campaign, in which he said: “As far as hacking, I think it was Russia, but I think we also get hacked by other countries and other people.”

Trump claims he has no business connections to Russia and that reports in the New York Times that Americans with ties to Trump or his campaign had repeated contacts with current and former Russian intelligence officers before the November election were fake news.

EU watchdogs want privacy assurances from Trump

European Union data privacy watchdogs are demanding that a move by US President Donald (Prince of Orange) Trump to crack down on illegal immigration will not undermine a transatlantic pact protecting the privacy of Europeans’ data.

Trump wrote an executive order on January 25 aiming to toughen enforcement of US immigration law. It ordered US agencies to “exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.”

This basically killed off any agreement that the EU had on safe harbour data transfers. It means that if there is a US company running a cloud operation in the EU it has to turn over any data on anyone.

The EU’s data protection authorities said they would write to U.S. authorities “pointing out concerns and asking for clarifications on the possible impact of the Executive Order” on that framework, known as the Privacy Shield, as well as on another agreement protecting law enforcement data shared between the United States and the EU.

The EU-US Privacy Shield is used by almost 2,000 companies including Google, Facebook and Microsoft to store data about EU citizens on US servers and makes possible about $260 billion of trade in digital services.

It replaced a previous system thrown out by the top EU court on the grounds it allowed US spies unfettered access to data stored on US servers.

The European Commission press office has played down concerns over any threat to the privacy of Europeans’ data, saying the US Privacy Act had never protected Europeans’ data and so any changes to it would not affect EU-US data transfer agreements.

But it might be that the European court might see things differently.

Simple Javascript hack breaks most chip protection

Five researchers from the Vrije University in the Netherlands have put together an attack that can be carried out via JavaScript code and break ASLR protection on at least 22 microprocessor architectures.

This includes hardware from Intel, AMD, ARM, Allwinner, Nvidia and all the other names in the industry.

Dubbed ASLRCache, or AnC, the attack focuses on the memory management unit (MMU), a lesser known component of many CPU architectures which improves performance for cache management operations.

The researchers worked out that this component shares some of its cache with untrusted applications, including browsers.

All it took was a bit of malicious JavaScript that specifically targeted this shared memory space and attempted to read its content.

Basically the AnC attack can break ASLR and allow the attacker to read portions of the computer’s memory. From there it is possible to launch more complex exploits and escalate access to the entire OS.

Russian hackers seek to game Euro elections

After their success in helping get Donald (Prince of Orange) Trump elected in the US, Tsar Putin has set his Russian hackers gaming the EU elections, a US DoJ bloke has warned.

A former Justice Department official who served in the Obama administration said European countries must be willing to respond forcefully to efforts by Russia or others to use cyber-attacks to meddle in their elections.

While the US was also aware that attacks were taking place they didn’t manage to stop Putin getting a bloke who owes him and his chums money from getting elected.

Former Assistant Attorney General John Carlin, who ran the national security division at the Justice Department and oversaw the pursuit of cyber criminals, said the United States did not do enough to deter the hacking and leaking of Democratic Party emails during the 2016 presidential campaign.

“What we did was too late. We weren’t bringing deterrence at all to the table.”

Carlin warned that countries with upcoming elections should be prepared to offer forceful and timely responses to cyber-attacks.

“Pre-election, it’s vital that not just the United States but partners like Germany, like France make it clear what the red line is, that there’s going to be strong deterrence and that in terms of deterrence, our policy has got to be we are going to take action until the action stops,” Carlin said.

Elections are set this year in European countries including France, Germany and the Netherlands.

Digital “Geneva Convention” is Smith’s dream

Software king of the world Microsoft has called for a digital Geneva Convention which would see tech companies remaining neutral if any country goes to war in cyberspace.

Microsoft president Brad Smith is alarmed at the rising tide of nationalism and said tech companies must declare themselves neutral when nations go up against nations in cyberspace.

Talking to the RSA computer security conference, Smith said cyberspace is the new battlefield and Tech must be committed to “100% defence and zero percent offense.”

Smith called for a “digital Geneva Convention,” like the one created in the aftermath of World War II which set ground rules for how conduct during wartime, defining basic rights for civilians caught up armed conflicts.

The speech was echoed in a blog post on Microsoft’s site that went up yesterday.

The world’s governments need to pledge that “they will not engage in cyberattacks that target civilian infrastructure, whether it’s the electric grid or the political system,” Smith said.

The  digital Geneva Convention would establish protocols, norms and international processes for how tech companies would deal with cyber aggression and attacks of nations aimed at civilian targets, which appears to effectively mean anything but military servers.

Smith listed a string of increasingly threatening cross-border cyber incidents, beginning with the North Korean attack on Sony Pictures Entertainment in 2014 to thefts of intellectual property by China in 2015, ending with last year’s Russian involvement in the U.S. presidential election.

“We suddenly find ourselves living in a world where nothing seems off limits to nation-state attacks,” Smith said.

Technology companies, not armies, are the first responders when cyber-attacks occur, he noted. But they cannot and must not, respond in kind, or aid governments in going on the offensive, Smith said.

Smith wants an autonomous organisation, something like the International Atomic Energy Agency that polices nuclear non-proliferation.

“Even in a world of growing nationalism, when it comes to cybersecurity the global tech sector needs to operate as a neutral Digital Switzerland,” Smith said.

“We will not aid in attacking customers anywhere. We need to retain the world’s trust.”

This would mean that tech companies should refuse to aid governments, even the government of the country they are based in, in attacking other nations. That could mean not building backdoors into programs sold in other countries and not taking part in work to create cyberweapons.