Tag: security

Snowden knows that Trump was given a hand by Putin

NSA whistleblower Edward Snowden, an analyst with a U.S. defence contractor, is pictured during an interview with the Guardian in his hotel room in Hong KongWhile the FBI, CIA and President Barack Obama all agree that Russia hacked the DNC and asserted its will on the US presidential election they seem to be having difficulty convincing the world.

If you post news about the hack anywhere online you will normally get otherwise sane people parroting the mantra that “there is no proof.”

So far most of the proof has come from private security companies who normally would be accepted without question, but for some reason no one is believing them this time. Official comments from the spooks are short on anything that people call proof.

Donald (Prince of Orange) Trump has done his best to claim that it was not his good chum President Putin. He claims that hacking is hard to prove.
Only it really isn’t. According to a new document leaked by Edward Snowden, the NSA has successfully traced a hack back to Russian intelligence at least once before.

A classified excerpt from page from the NSA’s internal wiki shows that the NSA once verified that Russian journalist Anna Politkovskaya’s email account had been targeted by Russian Federal Intelligence Services a year before her 2006 murder.

The information is classified as “Top Secret Signals Intelligence” which means that the NSA knows Politkovskaya’s email was hacked by Russian operatives because they were able to trace the hack back to Russian intelligence.

The entry itself doesn’t specifically say how this trace was accomplished or provide the evidence — but the existence of the entry shows that the NSA is wholly capable of tracing such hacks back to their source.

While it does not prove that the Russia gamed the US election, it shows that the US intelligence agencies can gather the proof. It also shows that when the proof is found it is classified. The US does not want to risk showing its hand to foreign operators.

This would lead to a strange situation where President Obama, all the spooks and the White House dog all know that Russia gamed the election and can take action against Russia, but the rest of the world will not know why.

When Trump takes office in a couple of weeks he will know too, but it is unlikely he will say anything. After all he owes Putin’s Oligarch mates rather a lot of money.

White House rushes to lock out Russian hackers

Vladimir Putin - Wikimedia CommonsThe White House is rushing to stop Russian hackers from gaming future US elections before Donald (Prince of Orange) Trump takes over and lets them get away with it.

President Obama wants to implement measures to penalise Russia for allegedly interfering in the US presidential elections. In 2015, the White House announced new economic sanctions, which authorised the Obama administration to punish and prevent foreign hackers who attack US national security and economy.

The National Security Council, the sanctions fall short of providing the current administration enough power to punish the biggest and most controversial cyberattack that hit the Democratic National Committee so now it is trying to work out how to tailor the sanctions to punish the Russian election hackers.

According to reports, one way of striking back at the Russian election hackers would be to declare electoral systems as critical infrastructure and what the Russians did actually harmed it,

The White House is seeking to employ measures that not only provide authority to penalise hackers who harm national security, but also prevent such attacks in the future.

US authorities blame Russian state-sponsored hackers for targeting political parties in efforts to interfere in the elections and help Trump secure a victory. The White House’s allegations were bolstered by US intelligence and the FBI’s analysis of the attacks, which also hold Russia responsible for its interference in the elections.

The worry is that if the Russians think “that worked pretty well” they will try to do it every-time the US has an election until they get the sort of government they want. The fear is that when Trump enters the White House he will abandon any moves to shore up the defenses against Russia because he owes them rather a lot of money.  If the rules are in place before he takes over, it might be more difficult for him to bin them.

Yahoo hacked again

13.-Hacker-1-696x464Yahoo has said that it was hacked again and data from more than a billion user accounts was nicked.

Apparently the attack happened in August 2013, making it the largest breach in history and we just found out about it.

The number of affected accounts was double the number implicated in a 2014 breach that the internet company disclosed in September and blamed on hackers working on behalf of a government. News of that attack, which affected at least 500 million accounts, prompted Verizon Communication Inc to say in October that it might withdraw from an agreement to buy Yahoo’s core internet business for $4.83 billion.

Verizon said about the latest attack that it would be reviewing the impact of this new development before reaching any final conclusions.

A Yahoo spokesman said the company has been in communication with Verizon during its investigation into the breach and that it is confident the incident will not affect the pending acquisition.

A spokesYahoo added it believes hackers responsible for the previous breach had also accessed the company’s proprietary code to learn how to forge “cookies” that would allow hackers to access an account without a password.

However some analysts have said that the company has screwed up and was found not to have been taking security seriously enough.

Yahoo said it had not yet identified the intrusion that led to the massive data theft and noted that payment-card data and bank account information were not stored in the system the company believes was affected.

Yahoo said it discovered the breach while reviewing data provided to the company by law enforcement. FireEye Inc’s Mandiant unit and Aon Plc’s Stroz Friedberg are assisting in the investigation, the Yahoo spokesman told Reuters.


Oracle bug responsible for San Franciso hack

thCCYC72M0The attacker who infected servers and desktop computers at the San Francisco Metropolitan Transit Agency (SFMTA) with ransomware ogained access to the agency’s network by way of a known vulnerability in an Oracle WebLogic server.

That vulnerability is similar to the one used to hack a Maryland hospital network’s systems in April and infect multiple hospitals with crypto-ransomware. It appears that the hackers did not appear to have targeted SFMTA specifically.  It was just spotted with a vulnerablity scan.

SFMTA spokesperson Paul Rose said that the agency became aware of a problem on 25 November.  The ransomware encrypted some systems mainly affecting computer workstations.

The SFMTA network was not breached from the outside, nor did hackers gain entry through its firewalls. Muni operations and safety were not affected. Customer payment systems were not hacked and no data was nicked.

Based on communications uncovered from the ransomware operator behind the Muni attack published by security reporter Brian Krebs, an SFMTA Web-facing server was likely compromised by what is referred to as a “deserialization” attack after it was identified by a vulnerability scan.

Krebs said that it was possible to access to the mailbox used in the malware attack on the Russian e-mail and search provider Yandex by guessing its owner’s security question, and he provided details from the mailbox and another linked mailbox on Yandex.

Based on details found in e-mails for the accounts, the attacker ran a server loaded with open source vulnerability scanning tools to identify and compromise servers to use in spreading the ransomware, known as HDDCryptor and Mamba, within multiple organizations’ networks.

China brings in tough new cyber security law

ChinaThe glorious People’s Republic of China has bought in new tough new cybersecurity regulations on companies operating behind the bamboo curtain.

The proposed Cybersecurity Law features with data localisation, surveillance, and real-name requirements. It will require instant messaging services and other internet companies to require users to register with their real names and personal information, and to censor content that is “prohibited”.  Real name policies restrict anonymity and can encourage self-censorship for online communication.

There is also an element of data localisation, which would force “critical information infrastructure operators” to store data within China’s borders.

According to Human Rights Watch, an advocacy organisation that is opposing the legislation, the law does not include a clear definition of infrastructure operators, and many businesses could be lumped into the definition.

Sophie Richardson, Human Rights Watch’s China director said the new law will effectively put China’s Internet companies, and hundreds of millions of Internet users, under greater state control.

Many of the regulations are not new, most were informally carried out or specified in low-level law. However, implementing the measures on a broader level will lead to stricter enforcement.

Companies are required to report “network security incidents” to the government and inform consumers of breaches, but the law also states that companies must provide “technical support” to government agencies during investigations. “Technical support” is not clearly defined, but might mean providing encryption backdoors or other surveillance assistance to the government.

The Cybersecurity Law also criminalises several categories of content, including that which encourages “overthrowing the socialist system,” “fabricating or spreading false information to disturb economic order,” or “inciting separatism or damage national unity.”

Biggish Blue admits big blue down-under

IBM storage circa 1968IBM has confirmed it will compensate the Australian government for a “malicious” cyber-attack that shut down the national census, but has claimed that two ISPs were also responsible for the security lapse.

For five years IBM was the lead contractor for the five-yearly household survey by the Australian Bureau of Statistics (ABS). However the project went off-line on census day after four distributed denial of service (DDoS) attacks.

The breach put a spanner in the works of government plans to trial online elections on the basis of its privacy street cred.

IBM was helping a police investigation but declined to say who was behind the attack.IBM claims that the attacks were launched through a router in Singapore and blamed Australian ISP Vocus Communications, a subcontractor of Nextgen Networks, for failing to shut it down.

In a written submission to the inquiry, IBM said its preferred anti-DDoS measure, which it calls “Island Australia”, involves “geoblocking”, or getting the company’s ISPs to shut down offshore traffic coming into the country.

In a written submission to the inquiry, Nextgen said IBM told it about “Island Australia” six days before the census website went live in July, and that IBM declared a test of the strategy four days before the census a success.

It said Nextgen followed IBM’s instructions, but noted that IBM rejected Nextgen’s offer of additional anti-DDoS detection measures.

Vocus said in a submission that it told Nextgen the week before the census that it “did not provide geoblocking” and that “Vocus was in fact requested to disable its DDoS protection product covering the e-Census IP space”.


Feds catch another NSA leaker

spyAnother National Security Agency contractor who stole and possibly leaked highly classified computer codes has been arrested by the FBI.

Harold Thomas Martin, 52, was taken into custody by the FBI and charged with theft of government property and unauthorized removal and retention of classified materials by a government employee or contractor, authorities said.

The untouchables executed search warrants at Martin’s home in Maryland, as well as his vehicle and two storage sheds on the property. They found documents and digital information stored on various devices, many of which were marked “top secret” or otherwise highly classified.

The contractor allegedly took highly classified “source code” developed by the agency to break into computer systems of adversaries like Russia, China, Iran and North Korea.

Martin had top secret security clearance and worked for the same contractor as NSA leaker Edward Snowden – Booz Allen Hamilton

“Among the classified documents found in the search were six classified documents obtained from sensitive intelligence and produced by a government agency in 2014. Those documents were produced through sensitive government sources, methods and capabilities, which are critical to a wide variety of national security issues.The disclosure of the documents would reveal those sensitive sources, methods and capabilities,” the DoJ said.

This is second time in three years someone with access to secret data was able to nick damaging secret information from the NSA, if only there were a security agency which had over reaching powers to stop this sort of thing.

Investigators are also trying to determine Martin’s motive and whether he is linked to a group of hackers known as the Shadow Brokers, which is suspected in a series of leaks of NSA intercepts related to Japan, Germany and other countries that WikiLeaks has published.


Linux Lady looks for insecure Redis and humiliates them

dead linuxSecurity boffins have found a new self-propagating trojan targeting Linux systems.

Nicknamed Linux.Lady the malware uses unsecure Redis database servers to spread from system to system.

The malware was spotted by Russia-based antivirus maker Dr.Web and is one of the few weaponised Go-based malware families. In other worlds it is written in  Google’s Go programming language and mostly relies on open source Go libraries hosted on GitHub.

The trojan infects systems by connecting to misconfigured Redis database servers for which administrators have forgotten to set a password. Apparenlty there are 30,000 Redis servers available online without a password.

A smaller trojan called Linux.DownLoader.196, infects the computer and downloads the main payload after securing a foothold on the infected machine and letting in Linux.Lady.

Linux.Lady collects information about the infected system and sends it to a C&C server. It collects data like the computer’s current Linux version, the Linux OS family name, the number of CPUs, the number of running processes, and their names.

Linux.Lady she mines  for the Monero digital currency . Once the C&C server is informed of the creation of a new bot, it sends over a configuration file, which Linux.Lady uses to start a cryptocurrency mining programme that generates digital currency for the hacker’s account.


Google encrypts 97 per cent of YouTube traffic

encryptionSearch engine outfit Google has managed to shift 97 per cent of YouTube traffic to the encrypted https standard.

That is pretty quick, given that Google only seriously started to highlighted the use of HTTPS to encrypt connections between its users’ devices and its servers at the beginning of the year.

Google said that its Global Cache content delivery network is able to handle encrypted connections relatively easily, in large parts because hardware acceleration for AES, the algorithm at the core of the HTTPS protocol, is now ubiquitous.

It thinks that HTTPS connections has improved the user experience on YouTube.

“You watch YouTube videos on everything from flip phones to smart TVs. We A/B tested HTTPS on every device to ensure that users would not be negatively impacted. We found that HTTPS improved quality of experience on most clients: by ensuring content integrity, we virtually eliminated many types of streaming errors,” a SpokesGoogle said.

YouTube can’t hit 100 percent yet because it appears on so many different devices. Over time, though, Google will phase out insecure connections to YouTube, just like it has done with Gmail.

Guccifer lied about Clinton hack

pork-pie-croppedOne of the issues that made the case of Hillary Clinton’s private mail server so bad was that its security was so weak a Romanian hacker known as Guccifer turned it over during 2013.

Guccifer, AKA Marcel Lehel Lazar, bragged to Fox News and NBC News in May 2016 about his alleged hacking, so gaining his 15 minutes of fame. The news agencies were so desperate to run some Clinton dirt they overlooked the small fact that Lazar offered no proof at all.

He was a little more accurate when he was extradited to the US and questioned by the Untouchables. In fact, he just told them he was telling porkies. FBI Director James Comey testified under oath before Congress on Thursday that Guccifer never hacked into Clinton’s servers and in fact admitted that he lied.

That was not to say Lazar had not hacked some famous people in the past. Lazar is now in custody in Alexandria, Virginia, awaiting trial for hacking charges. He’s most famous for hacking former President George W. Bush and releasing Bush’s paintings.

But at the time the tech press and the security pendants thought the claims were pants but they were widely ignored.

This was because the Republicans, either believed, or were attempting to make the world believe that Clinton’s server was so insecure that it allowed state secrets to fall in the hands of hackers.  In fact there has been no proof that foreign governments even knew the server existed.

As far as the security was concerned, sophisticated hacking attempts against the server were made and they failed.