Tag: backdoor

Dutch web developer back-doored his own websites

13.-Hacker-1-696x464A Dutch developer accessed the accounts of over 20,000 users after he collecting their login information via backdoors installed on the websites he built.

Inspector Knacker of the Dutch Yard said that he will be on the blower to the victims about the crook’s actions.

He was arrested on 11, 2016, in Zwolle, the Netherlands, and police proceeded to raid two houses the crook owned, in Leeuwarden and Sneek [surely sneak.ed].

Police say they received the first tips regarding the crook’s actions in November 2014, when a user complained about finding purchases someone else made on his behalf.

It looked like a cyber-fraud investigation but after two years of gathering data and expanding the investigation’s scope with the addition of digital forensics experts in the spring of 2016, realised what the crook was doing.

The 35-years-old suspect was hired to build e-commerce sites for various companies. After doing his job, the developer left backdoors in those websites, which he used to install various scripts that allowed him to collect information on the site’s users.

Police say that it’s impossible to determine the full breadth of his hacking campaign, but evidence found on his laptop revealed he gained access to over 20,000 email accounts.

The hacker used his access to these accounts to read people’s private email conversations, access their social media profiles, sign-up for gambling sites and access online shopping sites to make purchases for himself using the victim’s funds.

The suspect has been in jail since his arrest, and his pre-trial proceedings started last October.

 

Microsoft lifts its kimono for Brazilian conspiracy nuts

brazilSoftware king of the world Microsoft is going to show its source code to the Brazilian government to re-assure conspiracy nuts that it has no back doors which allow US spooks to spy on people.

Vole opened a centre in Brazil where officials can inspect its programming code, in an attempt to allay suspicions in the region that its software programs are vulnerable to spying.

It is the fourth ‘Transparency Centre’ that Vole has established and it is only a little bit transparent. It has reinforced walls and the sort of strict security settings a bank would be proud of.

Experts from Latin American and Caribbean governments can see the source code of its products.

To be fair, Edward Snowden revealed that the United States had been spying on Brazilian communications including those of former Brazilian President Dilma Rousseff.

Microsoft prevents anyone from copying the massive amount of coding on display – as much as 50 million lines for its email and server products. Viewers inspect copies of source code on computers connected only to local servers and cut off from the internet. The copies are later deleted.

Viewers can use software tools to examine the code, Microsoft said, but it was not immediately clear whether experts would be able to run deep code analysis necessary to uncover back doors or other bugs.

 

Microsoft blocks Linux installations

dead linuxSoftware king of the world Microsoft has blocked a flaw in Windows RT which  allowed the users to install non-Redmond approved operating systems on Windows RT tablets.

Microsoft has closed a backdoor left open in Windows RT even though the OS is pretty much dead in the water as Vole can’t be bothered with it any more.

This vulnerability in ARM-powered locked down Windows devices was left by Redmond programmers during the development process. Exploiting this flaw, a hacker could boot operating systems of his/her choice, including Android or GNU/Linux.

In fact the use of Linux on the tablets was pretty popular as Vole is killing the support for Surface RT tablets in 2017 and Windows RT 8.1 in 2018.  This means that if the tablet is going to be any use, users will have to run something different on them.

A spokesVole described the backdoor as a security vulnerablity and fixed it accordingly.  If you are planning to install some other operating system on your Windows RT tablet, avoid the lastest update. Of course chances are you are too late.

 

Russian into Putin backdoors into messaging

putin-buzz1While the US ums and ahs about installing security backdoors into nation’s messaging software, the Russian government under Tsar Putin has no difficulty worrying about it.

A new bill in the Russian Duma, the country’s lower legislative house, proposes to make cryptographic backdoors mandatory in all messaging apps in the country so the Federal Security Service—the successor to the KGB—can obtain special access to all communications within the country.

Apps like WhatsApp, Viber, and Telegram, all of which offer varying levels of encrypted security for messages, are specifically targeted in the “anti-terrorism” bill. Fines for offending companies could be about $15,000.

Russian Senator Yelena Mizulina argued that the new bill needed to become law because, because the kids of today are brainwashed in closed groups on the internet to murder police officers. Of course that is not as bad as having police officers murdering journalists who write bad things about Tsar Putin but Mizulina also wants to look at “pre-filtering” messages. We are not sure how she will do that, we guess that if a person sends a message it will be looked at by a government official (or an AI bot) before it is sent.

 

While government authorities around the world argue in favor of special access backdoors, a vast consensus of technologists argue such backdoors will undermine cybersecurity and create an internet more dangerous and volatile than ever before.

Blackberry security open to the cops since 2010

BlackberryWhile Blackberry has a reputation for being incredibly secure, it has actually provided a back-door to the Canadian coppers since 2010.

The information is in the middle of a stack of court documents that were made public after members of a Montreal crime syndicate pleaded guilty to their role in a 2011 gangland murder. Blackberry and telecommunications giant Rogers cooperated with the Royal Canadian Mounted Police.

The Mounties intercepted and decrypted roughly one million PIN-to-PIN BlackBerry messages in connection with the probe. The key was code that could break the encryption on virtually any BlackBerry message sent from one device to another.

Needless to say the Canadian government spent almost two years fighting in a Montreal courtroom to keep this information out of the public record.

BlackBerry has confirmed that it handed over the global encryption key, and fought against a judge’s order to release more information about their working relationship.

It does mean that coppers have had access to Canadians’ personal mobiles without the public being aware of it

China tells tech companies to swear allegiance

ChinaChina is demanding that some U.S. technology firms to directly pledge their commitment to contentious policies that could require them to turn user data and intellectual property over to the government.

Beijing has written to some US firms earlier this summer asking them to promise they would not harm China’s national security and would store Chinese user data within the country. It is not certain who China sent the note to.

The letter also asked the companies that their products be “secure and controllable” which means they need to build back doors that would allow Chinese spooks to enter at will.

The Cyberspace Administration of China denied that the government had sent the pledge documents to US firms, but said a document had been sent by a government body overseeing information security certification.

“As we understand, the so-called pledge documents were sent by the China Information Security Certification Center to foreign firms and were letters soliciting suggestions,” the cyberspace body said in emailed comments to Reuters, adding this was done according to Chinese law and international practice.

US put the backdoors in Huawei gear

When the US was complaining that the Chinese firm Huawei had security backdoors, it knew this fact because it had put them there.

Huawei was banned from competing against US companies because these backdoors were apparently able to be used by the Chinese government to spy.

However according to papers discovered by Spiegel, the backdoors had been placed by the NSA as part of a major intelligence offensive against China.

The NSA made a special effort to target Huawei on behalf of US companies who were finding it hard to compete against the Chinese outfit.

At the beginning of 2009, the NSA began an extensive operation, referred to internally as “Shotgiant,” against the company.

A special unit with the US intelligence agency succeeded in infiltrating Huwaei’s network and copied a list of 1,400 customers as well as internal documents providing training to engineers on the use of Huwaei products, among other things.

NSA workers accessed the email archive, but also the secret source code of individual Huawei products. Beginning in January 2009 the NSA snuffled messages from company CEO Ren Zhengfei and Chairwoman Sun Yafang.

The NSA had such good access and so much data that it did not know what to do with it, states one internal document.

An NSA document said the justification for attacking Huawei was that “many of our targets communicate over Huawei produced products; we want to make sure that we know how to exploit these products”.

It was also worried that “Huawei’s widespread infrastructure will provide the PRC (People’s Republic of China) with SIGINT capabilities”. SIGINT is agency jargon for signals intelligence. The documents do not state whether the agency found information indicating that to be the case.

However, the NSA also indicates that that the Chinese were working to make American and Western firms “less relevant”. That Chinese push is beginning to open up technology standards that were long determined by US companies, and China is controlling an increasing amount of the flow of information on the net.

The US was declaring that Huawei networks were unsafe while itself spying on the company.

In a statement, Huawei spokesman Bill Plummer criticised the spying measures saying that it was ironic that the US was “doing to us is what they have always charged that the Chinese are doing through us”.

He also said that the US spying efforts prove that the NSA knew that the company is independent and has no ties to any government. 

Replicants find back door to Android

Developers working on the Replicant OS which is a free and open-source spin of Google’s Android have found a backdoor into the device’s file-system.

The backdoor works on several Samsung Galaxy mobile devices using the stock Android image, but it was present in “most proprietary Android systems running on the affected Samsung Galaxy devices, including the ones that are shipped with the devices”.

This means that Samsung Galaxy devices running proprietary Android versions come with a back-door that provides remote access to the data stored on the device.

It can be found in the proprietary software that is in charge of handling the communications with the modem.

Using the Samsung IPC protocol, it implements a class of requests known as RFS commands that allows the modem to perform remote I/O operations on the phone’s storage.

When the modem is running proprietary software, it offers over-the-air remote control, that could then be used to issue the incriminated RFS messages and access the phone’s file system.

This means that anyone who knows about the backdoor can walk directly into the Nexus S, Galaxy S, Galaxy S2, Galaxy Note, Galaxy Tab 2, Galaxy S 3, and Galaxy Note 2. In fact the Galaxy S seems to be the least secure with the back-door program running as root.

Replicant thinks it is possible that these were added for legitimate purposes, without the intent of doing harm by providing a back door.

What is a little strange is that the problem was reported on this Replicant Wiki page a few weeks ago but none appears to have noticed. 

Fallout of Apache backdoor spreads

It is starting to look like the existence of Linux/Cdorked.A could be a serious problem for the owners of web servers.

Linux/Cdorked.A is an advanced and stealthy Apache backdoor which can drive traffic from legitimate compromised sites to malicious websites carrying Blackhole exploit packs.

Now security experts at Eset have found that the backdoor also infects sites running the nginx and Lighttpd web servers.

While Apache is the bigger of the names, nginx has 15 percent of the webserver market and Eset has found 400 webservers infected with the backdoor, and 50 of them are among the world’s most popular and visited websites.

Those who use Internet Explorer or Firefox on Microsoft Windows XP, Vista or 7 are the only ones who get redirected to sites hosting Blackhole, but Apple iOS users are also in danger as they get redirected to adult content sites that might be hosting malware.

A spokesperson from Eset said that it looks like the Linux/Cdorked.A threat is more stealthy than first thought. For example it will not deliver malicious content if the victim’s IP address is in a very long list of blacklisted IP ranges. If the victim’s internet browser’s language is set to Japanese, Finnish, Russian and Ukrainian, Kazakh or Belarusian, then the malware will not run.

The aim of this is to keep the work of the malware beneath the radar of the authorities and hinder monitoring efforts.

Cdorked uses compromised DNS servers to resolve the IP addresses of redirected sites which also makes the source of the malware hard to find.

At the moment the Blackhole exploit kit is currently delivering a variant of the Glupteba Trojan to the unsuspecting victims. This pushes clickjacking contextual advertising onto users.

But there is a lot about the backdoor that the researchers have not worked out yet. It is not clear how the malicious software was installed on the web servers. The malware does not propagate by itself and it does not exploit vulnerabilities in specific software.

To help system administrators spot the existence of the backdoor on their web servers, Eset has released a script that detects a specific modified httpd binary on the hard drive that’s a definitive sign of infection. 

Security researchers square off against Microsemi

Last week we ran a story about an unnamed chipmaker which security experts claimed had shipped its products to the American defence industry with a backdoor.

At the time we did not name Microsemi or the fact that it was the ProASIC3 chips which were  alledged to have the backdoor, so we were somewhat surprised when the company wrote to us and told us that it didn’t.

It wrote that the ProASIC3 field-programmable gate array is a chip designed to be configured and programmed by customers according to their needs. It has no designed feature that would enable circumvention of the user security, Microsemi told us.

ProASIC3 chips are integrated into systems used in many industries, including the military, for various applications. The chip is marketed by Microsemi as having one of the highest levels of design security on the market.

That statement flies in the face of what the University of Cambridge Ph.D. candidate Sergei Skorobogatov and Christopher Woods, a hardware security researcher at U.K.-based research company Quo Vadis Labs (QVL), claimed.

The pair said they discovered an undocumented function in the ProASIC3 FPGA that can be used by an attacker with physical access to the chip to extract the intellectual property (IP) stored on it, despite such information being encrypted with a user-defined 128-bit AES key.

A draft version of the Skorobogatov and Woods paper leaked online and was used as a source for news stories last  week.

The researchers used a technique called Pipeline Emission Analysis (PEA), patented by QVL, to significantly increase the efficiency of differential power analysis (DPA) methods.

DPA attacks can be used to extract cryptographic keys from hardware devices by analysing fluctuations in their power consumption during normal operation.

Using the technique the AES key can be extracted from ProASCI3 chips in seconds instead of hours, and a separate user-defined passcode that protects their configuration settings can be extracted in hours instead of years.

Microsemi said that the function discovered by the researchers is a privileged internal test facility reserved for initial factory testing and failure analysis, but it is disabled in all shipped devices.

The function can only be accessed on a customer-programmed device only if that customer’s passcode is also supplied.

However the researchers hit back over the weekend saying that while customers have an option to program their chosen passcode to increase the security, however, Actel/Microsemi does not tell its customers that a special fuse must be programmed in order to get the backdoor protected with both the passcode and backdoor keys.

If a customer passcode is used to protect the backdoor function, that passcode can be recovered in hours with the PEA technique, the researchers said.

Microsemi claimed that it could not duplicate the researchers attack because it didn’t have access to the technology and hardware setup they claim to have used.

But the researchers said that the PEA technique is described in QVL’s patent.