Category: Security

Brits arrest DT hacker

Britain’s National Crime Agency (NCA) has arrested someone for last year’s cyber-attack which infected nearly one million Deutsche Telekom routers.

The NCA fingered the collar of the 29 year old Brit at one of London’s airports, the coppers said in a statement.

The attack on Deutsche Telekom, Germany’s largest telecom company, took place in late November. Internet outages hit as many as 900,000 of its users, or about 4.5 percent of its fixed line customers.

German security experts thought the internet outages that have hit hundreds of thousands of Deutsche Telekom customers in Germany were part of a worldwide attempt to hijack routing devices.

Dirk Backofen, a senior Deutsche Telekom security executive said the attack was not an attack against Deutsche Telekom. “It was a global attack against all kinds of devices. How many other operators were affected, we don’t know,” he said.

Deutsche Telekom said the problems seemed to be connected to an attempt to make customers’ routers part of the Mirai botnet.

Gemalto teams up with Microsoft


Security outfit Gemalto i
s teaming up with Microsoft to release of its On Demand Connectivity and eSIM technology for Windows 10 devices.

Gemalto’s works with the release GSM Association (GSMA) new specifications and guidelines for remote SIM provisioning.

Based around a subscription system, Gemalto’s On-Demand Connectivity works with Windows 10 native eSIM support. It is designed to be remotely provisioned by mobile network operators with subscription information and is globally interoperable across all carriers, device makers and technology providers implementing the specification.

This technology will serve as the framework devices of all shapes and sizes use to connect to operator networks. The first wave of devices with this technology is expected to be available to consumers by Christmas.

Roanne Sones, General Manager, Strategy and Ecosystem for Windows and Devices, Microsoft said that eSIM technology remains an important investment for Microsoft as it looks to create even more mobile computing opportunities

“As a key component for the Always Connected Windows experience, we worked closely with Gemalto to develop a solution that meets the new GSMA guidelines.”

Rodrigo Serna, Senior Vice President of Mobile Services and IoT Americas at Gemalto said that Gemalto has created a complete range of subscription management software and services to manage the eSIM life cycle in mobile devices.

“We will continue to work closely with Microsoft and the GSMA to further these advances while protecting the security of end users, who rely on their mobile devices to make everyday life easier.”

FBI running three probes into Russian gaming of the US elections

The Untouchables have three separate probes into the Russian hacking of the US presidential elections.

For those who came in late, it is widely believed Tsar Vladimir Putin ordered his crack team of hackers to game the US presidential election to put a wealthy orange businessmen who owes him and his Russian chums rather a lot of cash in the top job.

Donald (Prince of Orange) and Tsar Putin have denied it, but then it is likely they would. Trumpets who support Donald Trump have been appearing all over the internet saying that “there is no proof” despite rather a lot of evidence that this sort of thing was going on.

The FBI’s Pittsburgh field office, which runs many cyber security investigations, is trying to identify the people behind breaches of the Democratic National Committee’s computer systems, the officials said.

Those breaches, in 2015 and the first half of 2016, exposed the internal communications of party officials as the Democratic nominating convention got underway and helped undermine support for Hillary Clinton.

The Pittsburgh case has progressed furthest, but Justice Department officials in Washington believe there is not enough clear evidence yet for an indictment, two of the sources said.

The bureau’s San Francisco office is trying to identify the people who called themselves “Guccifer 2” and posted emails stolen from Clinton campaign manager John Podesta’s account, the sources said.

Those emails contained details about fundraising by the Clinton Foundation and other topics.

Beyond the two FBI field offices, FBI counterintelligence agents based in Washington are pursuing leads from informants and foreign communications intercepts, two of the people said.

This counterintelligence inquiry includes but is not limited to examination of financial transactions by Russian individuals and companies who are believed to have links to Trump associates. The transactions under scrutiny involve investments by Russians in overseas entities that appear to have been undertaken through middlemen and front companies, two people briefed on the probe said.

Scott Smith, the FBI’s new assistant director for cybercrime, declined to comment this week on which FBI offices were doing what or how far they had progressed. It is hard to see him being enthusiastic to find a culprit as he might find himself having arrest the bloke who appointed him,

A White House spokesman pointed to a comment Trump made during the campaign, in which he said: “As far as hacking, I think it was Russia, but I think we also get hacked by other countries and other people.”

Trump claims he has no business connections to Russia and that reports in the New York Times that Americans with ties to Trump or his campaign had repeated contacts with current and former Russian intelligence officers before the November election were fake news.

EU watchdogs want privacy assurances from Trump

European Union data privacy watchdogs are demanding that a move by US President Donald (Prince of Orange) Trump to crack down on illegal immigration will not undermine a transatlantic pact protecting the privacy of Europeans’ data.

Trump wrote an executive order on January 25 aiming to toughen enforcement of US immigration law. It ordered US agencies to “exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.”

This basically killed off any agreement that the EU had on safe harbour data transfers. It means that if there is a US company running a cloud operation in the EU it has to turn over any data on anyone.

The EU’s data protection authorities said they would write to U.S. authorities “pointing out concerns and asking for clarifications on the possible impact of the Executive Order” on that framework, known as the Privacy Shield, as well as on another agreement protecting law enforcement data shared between the United States and the EU.

The EU-US Privacy Shield is used by almost 2,000 companies including Google, Facebook and Microsoft to store data about EU citizens on US servers and makes possible about $260 billion of trade in digital services.

It replaced a previous system thrown out by the top EU court on the grounds it allowed US spies unfettered access to data stored on US servers.

The European Commission press office has played down concerns over any threat to the privacy of Europeans’ data, saying the US Privacy Act had never protected Europeans’ data and so any changes to it would not affect EU-US data transfer agreements.

But it might be that the European court might see things differently.

Simple Javascript hack breaks most chip protection

Five researchers from the Vrije University in the Netherlands have put together an attack that can be carried out via JavaScript code and break ASLR protection on at least 22 microprocessor architectures.

This includes hardware from Intel, AMD, ARM, Allwinner, Nvidia and all the other names in the industry.

Dubbed ASLRCache, or AnC, the attack focuses on the memory management unit (MMU), a lesser known component of many CPU architectures which improves performance for cache management operations.

The researchers worked out that this component shares some of its cache with untrusted applications, including browsers.

All it took was a bit of malicious JavaScript that specifically targeted this shared memory space and attempted to read its content.

Basically the AnC attack can break ASLR and allow the attacker to read portions of the computer’s memory. From there it is possible to launch more complex exploits and escalate access to the entire OS.

Russian hackers seek to game Euro elections

After their success in helping get Donald (Prince of Orange) Trump elected in the US, Tsar Putin has set his Russian hackers gaming the EU elections, a US DoJ bloke has warned.

A former Justice Department official who served in the Obama administration said European countries must be willing to respond forcefully to efforts by Russia or others to use cyber-attacks to meddle in their elections.

While the US was also aware that attacks were taking place they didn’t manage to stop Putin getting a bloke who owes him and his chums money from getting elected.

Former Assistant Attorney General John Carlin, who ran the national security division at the Justice Department and oversaw the pursuit of cyber criminals, said the United States did not do enough to deter the hacking and leaking of Democratic Party emails during the 2016 presidential campaign.

“What we did was too late. We weren’t bringing deterrence at all to the table.”

Carlin warned that countries with upcoming elections should be prepared to offer forceful and timely responses to cyber-attacks.

“Pre-election, it’s vital that not just the United States but partners like Germany, like France make it clear what the red line is, that there’s going to be strong deterrence and that in terms of deterrence, our policy has got to be we are going to take action until the action stops,” Carlin said.

Elections are set this year in European countries including France, Germany and the Netherlands.

Digital “Geneva Convention” is Smith’s dream

Software king of the world Microsoft has called for a digital Geneva Convention which would see tech companies remaining neutral if any country goes to war in cyberspace.

Microsoft president Brad Smith is alarmed at the rising tide of nationalism and said tech companies must declare themselves neutral when nations go up against nations in cyberspace.

Talking to the RSA computer security conference, Smith said cyberspace is the new battlefield and Tech must be committed to “100% defence and zero percent offense.”

Smith called for a “digital Geneva Convention,” like the one created in the aftermath of World War II which set ground rules for how conduct during wartime, defining basic rights for civilians caught up armed conflicts.

The speech was echoed in a blog post on Microsoft’s site that went up yesterday.

The world’s governments need to pledge that “they will not engage in cyberattacks that target civilian infrastructure, whether it’s the electric grid or the political system,” Smith said.

The  digital Geneva Convention would establish protocols, norms and international processes for how tech companies would deal with cyber aggression and attacks of nations aimed at civilian targets, which appears to effectively mean anything but military servers.

Smith listed a string of increasingly threatening cross-border cyber incidents, beginning with the North Korean attack on Sony Pictures Entertainment in 2014 to thefts of intellectual property by China in 2015, ending with last year’s Russian involvement in the U.S. presidential election.

“We suddenly find ourselves living in a world where nothing seems off limits to nation-state attacks,” Smith said.

Technology companies, not armies, are the first responders when cyber-attacks occur, he noted. But they cannot and must not, respond in kind, or aid governments in going on the offensive, Smith said.

Smith wants an autonomous organisation, something like the International Atomic Energy Agency that polices nuclear non-proliferation.

“Even in a world of growing nationalism, when it comes to cybersecurity the global tech sector needs to operate as a neutral Digital Switzerland,” Smith said.

“We will not aid in attacking customers anywhere. We need to retain the world’s trust.”

This would mean that tech companies should refuse to aid governments, even the government of the country they are based in, in attacking other nations. That could mean not building backdoors into programs sold in other countries and not taking part in work to create cyberweapons.

Big Content Blames Canada

Big content pressure groups the MPAA and RIAA have waded into Canada, claiming that it is a “safe haven” for copyright infringers and pirate sites.

It moaned that the Canadians “notice and notice” system is ineffective at deterring pirates and that the broader legal copyright regime fails to deter piracy.

The International Intellectual Property Alliance (IIPA) has released its latest 301 ‘watch list’ submission to the US Government which is based on the numbers of complaints Big Content has against nation states.

Canada is discussed in detail with the recommendation to put it on the 2017 Special 301 ‘watch list.’

One of the main criticisms is that, despite having been called out repeatedly in the past, the country still offers a home to many pirate sites.

“For a number of years, extending well into the current decade, Canada had a well-deserved reputation as a safe haven for some of the most massive and flagrant Internet sites dedicated to the online theft of copyright material,” IIPA writes.

It all seems rather unfair given that the Canadians shut down the popular torrent site KickassTorrents, which was partly hosted there. The IIPA is worried about the emergence of stand-alone BitTorrent applications that allow users to stream content directly through an attractive and user-friendly interface. Basically, they are moaning about Popcorn Time.

The IIPA reports that several websites offering modified game console gear have also moved there to escape liability under US law.

The group specifically highlights R4cardmontreal.com, gamersection.ca and r4dscanada.com among the offenders, and notes that “This trend breathes new life into Canada’s problematic ‘safe haven’ reputation.”

Big Content claims Canada’s legal regime fails to deal with online piracy in a proper manner. This is also true for the “notice and notice” legislation that was adopted two years ago, which requires ISPs to forward copyright infringement notices to pirating subscribers.

But the main issue appears to be that there is no evidence that any of the anti-piracy crackdowns have worked. Big Content thinks that this is because there are no punishments involved for frequent offenders. Despite the failure of any measures to stop online piracy Big Content wants  to see crucifixions.

“…simply notifying ISP subscribers that their infringing activity has been detected is ineffective in deterring illegal activity, because receiving the notices lacks any meaningful consequences under the Canadian system,” IIPA writes.

It admits that the ‘notice-and-takedown’ remedy that most other modern copyright laws provide does not work but it does provide some incentives for cooperation, incentives that Canada’s laws simply lack,” Big Content muttered.

US rocket man held phone searched by airport security

A NASA rocket scientist was detained by US Customs and Border Patrol and pressured to turn over his phone and access PIN.

The move poses some serious security problems because US Customs and Border Patrol lacked the security clearance to hack Sidd Bikkannavar’s phone and since he worked for NASA’s Jet Propulsion Laboratory (JPL) this is a big deal.

Bikkannavar says his phone was issued by NASA and may have contained sensitive material that wasn’t supposed to be shared. Then there is the small matter that Bikkannavar is a US citizen and should not have been forced to give over his phone under the US constitution.

A CBP officer escorted Bikkannavar to a back room, and told him to wait for additional instructions. About 40 minutes later an officer took him to an interview room and sort of explains that I’m entering the country and they need to search my possessions to make sure I’m not bringing in anything dangerous.

The officer also presented Bikkannavar with a document titled “Inspection of Electronic Devices” and explained that CBP had authority to search his phone. Bikkannavar did not want to hand over the device, because it was given to him by JPL and is technically NASA property. He even showed the officer the JPL barcode on the back of phone. CBP asked for the phone and the access PIN despite Bikkannavar’s protests.

The officer insisted that he had a right to search the phone and did not allow him to leave until he handed over his PIN. This is also odd as Courts have ruled that travellers are not legally required to unlock their devices, although agents can detain them for significant periods of time if they do not.

When the phone  was returned Bikkannavar immediately turned it off because he knew he had to take it straight to the IT department at JPL. Once he arrived in Los Angeles, he went to NASA and told his superiors what had happened. The cybersecurity team at JPL was not happy about the breach. After all if Russia or China wanted US rocket plans all it would have to do was compromise the US Customs and Border Patrol which is not that difficult.

Republicans are destroying their emails

tumblr_m3cujpo5xc1qz4ar6o1_500US republicans are trying to avoid their embarrassing emails being found by hackers or foreign powers by using an app that destroys them after they have been read.

The messaging app is an encrypted, self-destructing messaging app called Confide and apparently it has been downloaded by “numerous senior GOP operatives and several members of the Trump administration”.

One operative told Axios that the app “provides some cover” for people in the party. He ties it to last year’s hack of the Democratic National Committee, which led to huge and damaging information dumps of DNC emails leading up to the 2016 election.

Confide makes it difficult to screenshot messages, because only a few words are shown at a time. That suggests that it’s useful not just for reducing paper trails, but for stopping insiders from leaking individual messages.

But the difficulty here is that it is probably illegal. As the Hillary Clinton scandal showed, messages have to be stored and monitored by government officials.

Encrypted message apps like Signal, Telegram, and WhatsApp apparently spiked in popularity after Trump’s election, and the Clinton campaign reportedly adopted Signal after the DNC hack was discovered.

Ironically the republicans say they want to clamp down on encryption and other similar security options so that they can spy on “terrorists.”