Category: Security

US Navy comes up with Kill Web technology

USS_Corondelet_1The US Navy is creating an offensive anti-surface network that will tie targeting information from satellites, aircraft, ships, submarines and the weapons to form a lethal “kill web”.

The name kill web was chosen because Sky Net was already taken and death cloud sounded too much like a toxic fart.

Kill web uses sensors in a so-called tactical cloud that will allow aircraft and ships to access a range of targeting information to launch weapons against surface targets.

Rear Adm. Mark Darrah, who works admiring rears at the Strike Weapons and Unmanned Aviation at the Naval Air Systems Command (NAVAIR), used lots of buzz words to describe how it worked.

“The All Domain Offensive Surface Warfare Capability is “integrated fires, leveraging all domains, the ability for us to utilize air-launched capabilities, surface launched capabilities and subsurface launched capabilities that are tied together with an all domain [information network],” he said.

“Specifically their ability to take all of their sensors and nets them together to project their ability to see me faster and farther away and [now] my sanctuary been decreased,” Darrah said.

“It’s about their ability to reduce the amount of space I have to operate in by tying their capability together and force me to operate from a farther distance from a threat.”

The scheme will allow the Navy to increase the effective ranges of their own weapons against surface targets.

SAP “patched” bug still has holes

bugThe expensive esoteric management software company which no-one is really sure what it does, SAP, is the subject of a US security alert over a vulnerability the firm disabled six years ago.

Apparently the hole still gives outside attackers remote control over older SAP systems if the software is not properly patched.

SAP fixed the problem, but left the decision over whether to switch off an easy access setting up to its customers.

The U.S. Department of Homeland Security’s Computer Emergency Response Team (US-CERT) issued an alert to the security industry warning SAP customers what they need to do to plug the holes.

Onapsis, a firm that specialises in securing business applications from SAP and  Oracle said that dozens of companies have been exposed to these security gaps in recent years, and a far larger number of SAP customers remain vulnerable.

Onapsis chief executive Mariano Nunez said that most SAP customers are unaware that this is going on.

SAP, whose software acts as the corporate plumbing for many multinationals and which claims 87 percent of the top 2000 global companies as customers, disclosed the vulnerability in 2010 and has offered software patches to fix the flaw.

SAP issued a statement that the vulnerable feature was fixed when the company introduced the software update six years ago. All SAP applications released since then are free of this vulnerability.

However, SAP acknowledged that these changes were known to break customised software developments that many customers had implemented using older versions of SAP’s programming language.

The problem continues because a sizeable number of big SAP customers are known to depend on these older versions of the software that in many cases date back years, or in extreme examples, even decades.


Ransomeware writers quickly adapt

maxresdefaultRansomware writers have already adapted to a decryption tool offered by Kaspersky.

The CryptXXX family encrypts files on the victim’s computer and network shares and then immediately demand $500 Bitcoin to reverse the encryption. Kaspersky came up with a fix which would decrypt the files last week.

Researchers at Proofpoint, who first discovered CryptXXX a few weeks ago, have detected a new variant in the wild which gets around Kaspersky’s fix.e.

After that tool became public, the authors of CryptXXX released a new version of the Ransomware, one that defeats Kaspersky’s offering and applies some cosmetic enhancements.

In addition to countering Kaspersky’s tool, version 2.006 of CryptXXX locks the screen and renders the infected unusable.

Writing in their bog,  Proofpoint said that initially it thought that the new lock screen was a quick and dirty way to make it more difficult for the victim to use the Kaspersky decryption tool.

“But upon further inspection, we found that the authors discovered a way to bypass the latest version of the decryption tool.”

Exactly how CryptXXX is defeating Kaspersky isn’t clear, but Proofpoint speculates that it has something to do with how zlib 1.2.2 is being embedded.

CryptXXX is rapidly emerging as one of the top ransomware families in the wild, especially among those working primarily via exploit kits.

“With the introduction of version 2.006, CryptXXX authors have, for now, rendered the existing free decryption tool ineffective. While new decryption tools may emerge, CryptXXX’s active development and rapid evolution suggest that this new ransomware will continue to compete strongly in malware ecosystems,” Proofpoint  said.

Boffins create disposable lasers

White laserFrench Researchers have worked out a way of creating cheap lasers with an inkjet printer which can be thrown away after it’s been used once.

Sébastien Sanaur, an associate professor in the Center of Microelectronics in Provence at the Ecole Nationale Supérieure des Mines de Saint-Étienne in France said that the low cost and easiness of laser chip fabrication are the most significant aspects of his teams results.

Organic lasers are not as common as inorganic lasers, like those found in laser pointers, DVD players, and optical mice, but they offer benefits such as high-yield photonic conversion, easy fabrication, low-cost and a wide range of wavelengths.

One obstacle that has held back organic lasers they degrade quickly – but that hurdle might be less daunting if the lasers are so cheap they could be thrown out when they fail.

The researchers used two different types of dyes to produce laser emission ranging from yellow to deep red. The ink was printed in small square shapes onto a quartz slide.

The dyed ink acted as the core of the laser, called a gain medium.  A gain medium amplifies light and produces the characteristically narrow, single-colour laser beam.

A laser also requires mirrors to reflect light back and forth through the gain medium and an energy source, called a pump, to keep the light amplification going. The disposable part of the new laser is the printed gain medium, which the researchers call the ‘lasing capsule.’

The researches could build one for only a few cents.  The lasing capsule could be easily swapped out when it deteriorates.

Facebook likes 10 year old’s bug hack

bugSocial Notworking giant Facebook has paid a $10,000 reward to a 10-year-old Finnish boy for finding a glitch in its picture sharing app Instagram.

Jani, whose last name was not released for privacy reasons, is the youngest ever recipient of Facebook’s “bug bounty.”

“I wanted to see if Instagram’s comment field could stand malicious code. Turns out it couldn’t,” Jani told Finland’s Iltalehti newspaper.

Facebook said the glitch was fixed in February and the reward was paid in March.

Jani is too young to have a Facebook or Instagram account of his own, said he learned coding from Youtube videos and found a way to delete user comments from Instagram accounts.

“I could have deleted anyone’s comments from there. Even Justin Bieber’s,” he told Iltalehti. If he had done that he might have also won a Nobel Prize for raising the standards of the world.

Jani is thinking about a career in data security, but for now his plans include buying a new bike and a football with the reward money.

Malware writer told to pay $6.9 million damages

top-10-hacker-arrests-in-2013_NikitaA Russian man who spent about three years behind bars in the United States for creating the computer malware known as Gozi has been told to pay $6.9 million to cover losses to bank customers.

Nikita Kuzmin, 28, could have received more prison time but was sentenced to time served at a hearing in Manhattan federal court. He was jailed in August 2011 and held for 37 months before authorities released him.

Apparently he got a lot of time off for helping coppers with their inquiries.  Kuzmin’s attorney, Alan Futerfas, confirmed the sentence and said Kuzmin was glad to put the episode behind him and move on to the next stage of his life. He declined to say what Kuzmin’s plans were.

It is not clear if Kuzmin had a spare $6.9 million lying around, but at the time Prosecutors described Kuzmin as an innovator in online crime, saying he not only created Gozi but rented it out to criminals who used it to steal tens of millions of dollars from bank accounts.

Kuzmin was arrested in 2010 after he travelled to a conference in the United States. He pleaded guilty in May 2011 in a cooperation agreement with US prosecutors.

Tor developer helps spooks hack Tor

tor-sheepA former Tor Project developer is making a living creating malware for the Federal Bureau of Investigation that allows agents to unmask users of the anonymity software.

Matt Edman is a cybersecurity expert who worked as a part-time employee at Tor Project, the non-profit that builds Tor software and maintains the network, almost a decade ago.

Apparently he has developed some killer malware which is being used by the Untouchables to unmask Tor users. It’s been wielded in multiple investigations by federal law-enforcement and U.S. intelligence agencies in several high-profile cases.

The Tor Project has announced that it came to its attention that Matt Edman, who worked with the Tor Project until 2009, subsequently was employed by a defence contractor working for the FBI to develop anti-Tor malware.

Edman was only with Tor for a year. In 2008 he joined and worked on Vidalia, a piece of software meant to make Tor easier for normal users by implementing a simple user interface. He was a graduate student then, pursuing a Ph.D. in computer science that he would obtain in 2011 from Rensselaer Polytechnic Institute.

Of course there was a few fears that had Edman been considering his future he could have been installing backdoors into Tor. However Vidalia was the only Tor software to which Edman was able to commit changes and that software was dropped in 2013.

By 2012, Edman was working at Mitre as a senior cybersecurity engineer assigned to the FBI’s Remote Operations Unit, the bureau’s little-known internal team tapped to build or buy custom hacks and malware for spying on potential criminals. Edman became an FBI contractor tasked with hacking Tor as part of Operation Torpedo, a sting against three Dark Net child pornography sites that used Tor to cloak their owners and patrons.

At Mitre, Edman worked closely with FBI Special Agent Steven A. Smith to customize, configure, test, and deploy malware he called “Cornhusker” to collect identifying information on Tor users. More widely, it’s been known as Torsploit.

Cornhusker used a Flash application to deliver a user’s real Internet Protocol (IP) address to an FBI server outside the Tor network. The malware targeted the Flash inside the Tor Browser. The Tor Project has long warned against using Flash as unsafe but many people enough people made security mistakes and Operation Torpedo netted 19 convictions.

According to court documents, Cornhusker is no longer in use. Since then, newer FBI-funded malware has targeted a far wider scope of Tor users in the course of investigations.

NSA snooping scares Wikipedia readers

spyInternet traffic to Wikipedia pages summarising knowledge about terror groups and their tools plunged nearly 30 percent after revelations of widespread Web monitoring by the US spooks.

A paper in the Berkeley Technology Law Journal analyses the fall in traffic saying  that it provides the most direct evidence to date of a so-called “chilling effect,” or negative impact on legal conduct, from the intelligence practices disclosed by fugitive former NSA contractor Edward Snowden.

Author Jonathon Penney, a fellow at the University of Toronto’s interdisciplinary Citizen Lab, looked at the monthly views of Wikipedia articles on 48 topics identified by the US Department of Homeland Security as subjects that they track on social media, including Al Qaeda, dirty bombs and jihad.

In the 16 months prior to the first major Snowden stories in June 2013, the articles drew a variable but an increasing audience, with a low point of about 2.2 million per month rising to 3.0 million just before disclosures of the NSA’s Internet spying programs.

Views of the sensitive pages rapidly fell back to 2.2 million a month in the next two months and later dipped under 2.0 million before stabilising below 2.5 million 14 months later, Penney found.

Penney’s results confirm other research which noted a five per cent drop in Google searches for sensitive terms immediately after June 2013. Other surveys have found sharply increased use of privacy-protecting Web browsers and communications tools.


German nuclear power plant infected with viruses

drupal-panicA nuclear power plant in Germany is packed with computer viruses, but since they don’t pose a threat to the facility’s operations they are all ignored.

The Gundremmingen plant, located about 120 km northwest of Munich, is run by the German utility RWE which is not too worried becasue the plant is not connected to the internet.

The viruses, which include “W32.Ramnit” and “Conficker”, were discovered at Gundremmingen’s B unit in a computer system retrofitted in 2008 with data visualization software associated with equipment for moving nuclear fuel rods, RWE said.

Malware was also found on 18 removable data drives, mainly USB sticks, in office computers maintained separately from the plant’s operating systems. RWE said it has increased cyber security measures.

W32.Ramnit is designed to steal files from infected computers and targets Windows . It is nearly six years old and is distributed through data sticks, among other methods, and is intended to give an attacker remote control over a system when it is connected to the Internet.

Conficker has been around since 2008. It is able to spread through networks and by copying itself onto removable data drives, Symantec said.

RWE said it has informed Germany’s Federal Office for Information Security (BSI), which is working with IT specialists at the group to look into the incident.

Tuesday was the 30th anniversary of the Chernobyl nuclear disaster – just saying.

Encryption going like the clappers, Clapper moans

UNITED STATES - APRIL 18: James Clapper, Director of National Intelligence, prepares to testify at a Senate Armed Services Committee hearing in Dirksen Building titled "Current and Future Worldwide Threats," featuring testimony by he and Army Lt. Gen. Michael Flynn, director of the Defense Intelligence Agency. (Photo By Tom Williams/CQ Roll Call)The US’s top spook James Clapper has moaned that Edward Snowden’s leaks have sped up the advance of user-friendly, widely available strong encryption.

Clapper said that onset of commercial encryption has accelerated by seven years.

Talking to a breakfast for journalists hosted by the Christian Science Monitor, this  shortened timeline has had “a profound effect on the NSA’s ability to collect, particularly against terrorists.

The number was based on the projected growth maturation and installation of commercially available encryption. What had been forecasted for seven years ahead, three years ago, was accelerated to now, because of the revelation of the leaks.

He did not think this was a good thing because it meant better protection for American consumers from the arms race of hackers constantly trying to penetrate software worldwide.

Clapper acknowledged that there is no such thing as unbreakable encryption from his perspective. “In the history of mankind, since we’ve been doing signals intelligence, there’s really no such thing, given proper time, and proper application of technology.”

Unfortunately for him, Snowden’s revelations that the NSA was spying on everyone made ordinary people just as paranoid as terrorists.