Spy agencies hit in cyber espionage campaign: Kaspersky Lab

The hackers, according to Kaspersky, were likely backed by a nation state and used techniques and tools similar to ones employed in two other high-profile cyber espionage operations that Western intelligence sources have linked to the Russian government.

Kaspersky, a Moscow-based security software maker that also sells cyber intelligence reports, declined to say if it believed Russia was behind the espionage campaign.

Dubbed “Epic Turla,” the operation stole vast quantities of data, including word processing documents, spreadsheets and emails, Kaspersky said, adding that the malware searched for documents with terms such as “NATO,” “EU energy dialogue” and “Budapest.” Continue reading

Five unanswered questions about massive Russian hacker database

 There’s still much that’s unclear about Tuesday’s revelation that a small group of hackers in Russia have amassed a database of 1.2 billion stolen user IDs and passwords. The company that disclosed the incident, Hold Security, didn’t offer any fresh information Wednesday, but here are five questions we’d like to see answered (and a bonus one that we already know the answer to).

What are the hackers going to do with them?

The answer to this depends partly on the previous two questions. If they are fresh credentials for important services like online banking, they are ripe to be used to siphon money from online accounts. If they are older or from little-used services, they might be used to send spam by email or post it in online forums. Continue reading

Russian gang said to amass more than a billion stolen internet credentials

A Russian crime ring has amassed the largest known collection of stolen internet credentials, including 1.2 billion username and password combinations and more than 500 million email addresses, security researchers say.

The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, ranging from household names to small internet sites. Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems.

“Hackers did not just target US companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” said Alex Holden, the founder and chief information security officer of Hold Security. “And most of these sites are still vulnerable.” Continue reading

Hack an airplane? Researchers reveal new security concerns

Upcoming hacking conferences shine a light on the state of cybersecurity. Researchers will present hacking risks with USB drives and fitness trackers, and aircraft systems via in-flight Wi-Fi. Continue reading

Chinese Hackers Stole Plans For Israel’s Iron Dome

China-based hackers stole plans for Israel’s Iron Dome missile defense system in 2011 and 2012, according to an investigation by a Maryland-based cyber security firm first reported by independent journalist Brian Krebs.

The hackers also stole plans related to other missile interceptors, including the Arrow 3, which was designed by Boeing and other U.S.-based companies.

According to Krebs, “the attacks bore all of the hallmarks of the ‘Comment Crew,’ a prolific and state-sponsored hacking group associated with the Chinese People’s Liberation Army (PLA) and credited with stealing terabytes of data from defense contractors and U.S. corporations.” The hackers gained access to the systems of three Israeli companies working on missile defense. Maryland-based Cyber Engineering Services could prove that 700 documents were stolen in the breach although it’s likely that the actual number is higher. Continue reading

600 million Apple devices contain secret backdoors, researcher claims

A security researcher considered to be among the foremost experts in his field says that more than a half-billion mobile devices running Apple’s latest iOS operating system contain secret backdoors.

Jonathan Zdziarski, also known by his online alias “NerveGas,” told the audience attending his Friday morning presentation at the Hackers on Planet Earth conference in New York City that around 600 million Apple devices, including iPhones and tablets, contain hidden features that allow data to be surreptitiously slurped from those devices.

During Zdziarski’s HOPE presentation, “Identifying Backdoors, Attack Points and Surveillance Mechanisms in iOS Devices,” the researcher revealed that several undocumented forensic services are installed on every new iPhone and iPad, making it easier that ever for a third-party to pull data from those devices in order to compromise a target and take hold of their personal information, including pictures, text messages, voice recordings and more.

Among the hidden functions running on iOS devices, Zdziarski said, are programs called “pcapd,” “file_relay” and “file_relay.” If used properly, he added, those programs can allow anyone with the right means and methodology to pull staggering amounts of data from a targeted phone, even when the rightful owner suspects the device is sufficiently locked. Continue reading

As China Stalks Satellites, U.S. and Japan Prepare to Defend Them

 

 

In May 2013 the Chinese government conducted what it called a science space mission from the Xichang Satellite Launch Center in southwest China. Half a world away, Brian Weeden, a former U.S. Air Force officer, wasn’t buying it. The liftoff took place at night and employed a powerful rocket as well as a truck-based launch vehicle—all quite unusual for a science project, he says.

In a subsequent report for the Secure World Foundation, the space policy think tank where he works, Weeden concluded that the Chinese launch was more likely a test of a mobile rocket booster for an antisatellite (ASAT) weapon that could reach targets in geostationary orbit about 22,236 miles above the equator. That’s the stomping grounds of expensive U.S. spacecraft that monitor battlefield movements, detect heat from the early stages of missile launches, and help orchestrate drone fleets. “This is the stuff the U.S. really cares about,” Weeden says.

The Pentagon never commented in detail on last year’s launch—and the Chinese have stuck to their story. U.S. and Japanese analysts say China has the most aggressive satellite attack program in the world. It has staged at least six ASAT missile tests over the past nine years, including the destruction of a defunct Chinese weather satellite in 2007. “It’s part of a Chinese bid for hegemony, which is not just about controlling the oceans but airspace and, as an extension of that, outer space,” says Minoru Terada, deputy secretary-general of Japan’s ruling Liberal Democratic Party. Continue reading

How Russian Hackers Stole the Nasdaq

In October 2010, a Federal Bureau of Investigation system monitoring U.S. Internet traffic picked up an alert. The signal was coming from Nasdaq (NDAQ). It looked like malware had snuck into the company’s central servers. There were indications that the intruder was not a kid somewhere, but the intelligence agency of another country. More troubling still: When the U.S. experts got a better look at the malware, they realized it was attack code, designed to cause damage.

As much as hacking has become a daily irritant, much more of it crosses watch-center monitors out of sight from the public. The Chinese, the French, the Israelis—and many less well known or understood players—all hack in one way or another. They steal missile plans, chemical formulas, power-plant pipeline schematics, and economic data. That’s espionage; attack code is a military strike. There are only a few recorded deployments, the most famous being the Stuxnet worm. Widely believed to be a joint project of the U.S. and Israel, Stuxnet temporarily disabled Iran’s uranium-processing facility at Natanz in 2010. It switched off safety mechanisms, causing the centrifuges at the heart of a refinery to spin out of control. Two years later, Iran destroyed two-thirds of Saudi Aramco’s computer network with a relatively unsophisticated but fast-spreading “wiper” virus. One veteran U.S. official says that when it came to a digital weapon planted in a critical system inside the U.S., he’s seen it only once—in Nasdaq.

The October alert prompted the involvement of the National Security Agency, and just into 2011, the NSA concluded there was a significant danger. A crisis action team convened via secure videoconference in a briefing room in an 11-story office building in the Washington suburbs. Besides a fondue restaurant and a CrossFit gym, the building is home to the National Cybersecurity and Communications Integration Center (NCCIC), whose mission is to spot and coordinate the government’s response to digital attacks on the U.S. They reviewed the FBI data and additional information from the NSA, and quickly concluded they needed to escalate. Continue reading

FBI: Chinese hacker accessed gold mine of data on F-22, F-35 and 32 U.S. military projects

A Chinese hacker allegedly broke into the network of world’s largest aerospace company and other defense contractors to steal sensitive information on the United States’ F-22 and F-35 fighter jets, as well as Boeing’s C-17 cargo plane.

The FBI believes that Su Bin, formerly of the Chinese aviation firm Lode Technologies, and two Chinese-based co-conspirators accessed a gold mine of information from Boeing and other contractors in Europe. The plan was to gather enough information so that the communist nation might “stand easily on the giant’s shoulders,” The Register reported Monday. Continue reading

Australian Army plans for future high-tech combat in Asia’s mega-cities

The Australian Army has begun planning for high-tech combat in Asia’s mega-cities, including hotly contested cyber warfare, scientifically enhanced soldiers and killer robots, according to a new Defence Department study.

The Australian Army’s Directorate of Future Land Warfare has published a report that warns Australia’s future land wars will be very different from recent conflicts in the rural and remote terrain of Afghanistan and Iraq.

With the world’s population expected to reach 8 billion by 2030, the directorate sees Asia’s mega-cities as key potential future battlegrounds. Continue reading

Chinese cyberspies have hacked Middle East experts at major U.S. think tanks

Middle East experts at major U.S. think tanks were hacked by Chinese cyberspies in recent weeks as events in Iraq began to escalate, according to a cybersecurity firm that works with the institutions.

The group behind the breaches, called “DEEP PANDA” by security researchers, appears to be affiliated with the Chinese government, says Dmitri Alperovitch, chief technology officer of the firm CrowdStrike. The company, which works with a number of think tanks on a pro bono basis, declined to name which ones have been breached.

Alperovitch said the firm noticed a “radical” shift in DEEP PANDA’s focus on June 18, the same day witnesses reported that Sunni extremists seized Iraq’s largest oil refinery. The Chinese group has typically focused on senior individuals at think tanks who follow Asia, said Alperovitch. But last month, it suddenly began targeting people with ties to Iraq and Middle East issues. Continue reading

‘Dragonfly’ virus strikes U.S. power plants

WASHINGTON – U.S. and European energy companies have become the target of a “Dragonfly” virus out of Eastern Europe that goes after energy grids, major electricity generation firms, petroleum pipelines operators and energy industrial equipment providers.

Unearthed by the cyber security firm Symantec, Dragonfly has been in operation since at least 2011. Its malware software allows its operators to not only monitor in real time, but also disrupt and even sabotage wind turbines, gas pipelines and power plants – all with the click of a computer mouse.

The attacks have disrupted industrial control system equipment providers by installing the malware during downloaded updates for computers running the ICS equipment. Continue reading

‘Double 7′ strategy may give China more control over internet: Duowei

China is deploying what is referred to as its “double seven” strategy in an attempt to take more control in the global governance of the internet, reports Duowei News, an outlet run by overseas Chinese.

Representatives of China are currently among the 3,300 people from 130 countries in London to attend the 50th global conference of the Internet Corporation for Assigned Names and Numbers (ICANN), a nonprofit organization that coordinates the internet’s global domain name system.

The corporation established in California in 1998, helps keep internet protocols in order by ensuring that each web address is not assigned more than once. The organization also facilitates the addition of top-level domains, which are suffixes to web addresses like “.com”, “.org”, and “.gov”. Continue reading

Hedge Fund Hackers Expose Another Vulnerability

Six years ago, during that fateful summer of 2008 when everything began to unravel, we first raised issues of financial terrorism as a risk to the stock markets, our economy, and indeed our way of life. In hindsight, it should be obvious that an attack on our markets does indeed have the potential to attack the very heart of America. Our initial research, later confirmed in a formal Pentagon report, served as the basis for the 2012 bestseller, Secret Weapon; How Economic Terrorism Brought Down the U.S. Stock Market and Why It Could Happen Again.  Overall, we documented a variety of vulnerabilities that could be exploited through hidden market activity, cyber-manipulations, and other subversive efforts. As with any new concept, there was a considerable amount of skepticism. Since then, however, virtually every concept we described has been documented or validated. Continue reading