The hackers, according to Kaspersky, were likely backed by a nation state and used techniques and tools similar to ones employed in two other high-profile cyber espionage operations that Western intelligence sources have linked to the Russian government.
Kaspersky, a Moscow-based security software maker that also sells cyber intelligence reports, declined to say if it believed Russia was behind the espionage campaign.
Dubbed “Epic Turla,” the operation stole vast quantities of data, including word processing documents, spreadsheets and emails, Kaspersky said, adding that the malware searched for documents with terms such as “NATO,” “EU energy dialogue” and “Budapest.” Continue reading
There’s still much that’s unclear about Tuesday’s revelation that a small group of hackers in Russia have amassed a database of 1.2 billion stolen user IDs and passwords. The company that disclosed the incident, Hold Security, didn’t offer any fresh information Wednesday, but here are five questions we’d like to see answered (and a bonus one that we already know the answer to).
What are the hackers going to do with them?
The answer to this depends partly on the previous two questions. If they are fresh credentials for important services like online banking, they are ripe to be used to siphon money from online accounts. If they are older or from little-used services, they might be used to send spam by email or post it in online forums. Continue reading
A Russian crime ring has amassed the largest known collection of stolen internet credentials, including 1.2 billion username and password combinations and more than 500 million email addresses, security researchers say.
The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, ranging from household names to small internet sites. Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems.
“Hackers did not just target US companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” said Alex Holden, the founder and chief information security officer of Hold Security. “And most of these sites are still vulnerable.” Continue reading
Upcoming hacking conferences shine a light on the state of cybersecurity. Researchers will present hacking risks with USB drives and fitness trackers, and aircraft systems via in-flight Wi-Fi. Continue reading
China-based hackers stole plans for Israel’s Iron Dome missile defense system in 2011 and 2012, according to an investigation by a Maryland-based cyber security firm first reported by independent journalist Brian Krebs.
The hackers also stole plans related to other missile interceptors, including the Arrow 3, which was designed by Boeing and other U.S.-based companies.
According to Krebs, “the attacks bore all of the hallmarks of the ‘Comment Crew,’ a prolific and state-sponsored hacking group associated with the Chinese People’s Liberation Army (PLA) and credited with stealing terabytes of data from defense contractors and U.S. corporations.” The hackers gained access to the systems of three Israeli companies working on missile defense. Maryland-based Cyber Engineering Services could prove that 700 documents were stolen in the breach although it’s likely that the actual number is higher. Continue reading
A decade after releasing its report on U.S. unpreparedness ahead of the Sept. 11, 2001 attacks, the 9/11 Commission has released a new assessment on the growing threat of cyber-terrorism.
“One lesson of the 9/11 story is that, as a nation, Americans did not awaken to the gravity of the terrorist threat until it was too late,” the commission wrote in a new report on the 10th anniversary of the original, which revealed the intelligence failures that led to the hijacking of four planes by Osama bin Laden’s al Qaeda terrorist organization. Continue reading
A giant U.S.-led naval exercise with 22 nations from around the world got an unexpected visitor on Sunday — a Chinese spy ship perched in international waters.
The 24th Rim of the Pacific exercises (RIMPAC) in and around the Hawaiian Islands features more than 200 aircraft and 25,000 personnel. China is part of a host of nations taking part, which also includes Australia, Canada, France, Japan, the Republic of Korea, the Republic of the Philippines, the United Kingdom and others. Continue reading
In October 2010, a Federal Bureau of Investigation system monitoring U.S. Internet traffic picked up an alert. The signal was coming from Nasdaq (NDAQ). It looked like malware had snuck into the company’s central servers. There were indications that the intruder was not a kid somewhere, but the intelligence agency of another country. More troubling still: When the U.S. experts got a better look at the malware, they realized it was attack code, designed to cause damage.
As much as hacking has become a daily irritant, much more of it crosses watch-center monitors out of sight from the public. The Chinese, the French, the Israelis—and many less well known or understood players—all hack in one way or another. They steal missile plans, chemical formulas, power-plant pipeline schematics, and economic data. That’s espionage; attack code is a military strike. There are only a few recorded deployments, the most famous being the Stuxnet worm. Widely believed to be a joint project of the U.S. and Israel, Stuxnet temporarily disabled Iran’s uranium-processing facility at Natanz in 2010. It switched off safety mechanisms, causing the centrifuges at the heart of a refinery to spin out of control. Two years later, Iran destroyed two-thirds of Saudi Aramco’s computer network with a relatively unsophisticated but fast-spreading “wiper” virus. One veteran U.S. official says that when it came to a digital weapon planted in a critical system inside the U.S., he’s seen it only once—in Nasdaq.
The October alert prompted the involvement of the National Security Agency, and just into 2011, the NSA concluded there was a significant danger. A crisis action team convened via secure videoconference in a briefing room in an 11-story office building in the Washington suburbs. Besides a fondue restaurant and a CrossFit gym, the building is home to the National Cybersecurity and Communications Integration Center (NCCIC), whose mission is to spot and coordinate the government’s response to digital attacks on the U.S. They reviewed the FBI data and additional information from the NSA, and quickly concluded they needed to escalate. Continue reading
The Australian Army has begun planning for high-tech combat in Asia’s mega-cities, including hotly contested cyber warfare, scientifically enhanced soldiers and killer robots, according to a new Defence Department study.
The Australian Army’s Directorate of Future Land Warfare has published a report that warns Australia’s future land wars will be very different from recent conflicts in the rural and remote terrain of Afghanistan and Iraq.
With the world’s population expected to reach 8 billion by 2030, the directorate sees Asia’s mega-cities as key potential future battlegrounds. Continue reading
Middle East experts at major U.S. think tanks were hacked by Chinese cyberspies in recent weeks as events in Iraq began to escalate, according to a cybersecurity firm that works with the institutions.
The group behind the breaches, called “DEEP PANDA” by security researchers, appears to be affiliated with the Chinese government, says Dmitri Alperovitch, chief technology officer of the firm CrowdStrike. The company, which works with a number of think tanks on a pro bono basis, declined to name which ones have been breached.
Alperovitch said the firm noticed a “radical” shift in DEEP PANDA’s focus on June 18, the same day witnesses reported that Sunni extremists seized Iraq’s largest oil refinery. The Chinese group has typically focused on senior individuals at think tanks who follow Asia, said Alperovitch. But last month, it suddenly began targeting people with ties to Iraq and Middle East issues. Continue reading
WASHINGTON – U.S. and European energy companies have become the target of a “Dragonfly” virus out of Eastern Europe that goes after energy grids, major electricity generation firms, petroleum pipelines operators and energy industrial equipment providers.
Unearthed by the cyber security firm Symantec, Dragonfly has been in operation since at least 2011. Its malware software allows its operators to not only monitor in real time, but also disrupt and even sabotage wind turbines, gas pipelines and power plants – all with the click of a computer mouse.
The attacks have disrupted industrial control system equipment providers by installing the malware during downloaded updates for computers running the ICS equipment. Continue reading
China is deploying what is referred to as its “double seven” strategy in an attempt to take more control in the global governance of the internet, reports Duowei News, an outlet run by overseas Chinese.
Representatives of China are currently among the 3,300 people from 130 countries in London to attend the 50th global conference of the Internet Corporation for Assigned Names and Numbers (ICANN), a nonprofit organization that coordinates the internet’s global domain name system.
The corporation established in California in 1998, helps keep internet protocols in order by ensuring that each web address is not assigned more than once. The organization also facilitates the addition of top-level domains, which are suffixes to web addresses like “.com”, “.org”, and “.gov”. Continue reading
Six years ago, during that fateful summer of 2008 when everything began to unravel, we first raised issues of financial terrorism as a risk to the stock markets, our economy, and indeed our way of life. In hindsight, it should be obvious that an attack on our markets does indeed have the potential to attack the very heart of America. Our initial research, later confirmed in a formal Pentagon report, served as the basis for the 2012 bestseller, Secret Weapon; How Economic Terrorism Brought Down the U.S. Stock Market and Why It Could Happen Again. Overall, we documented a variety of vulnerabilities that could be exploited through hidden market activity, cyber-manipulations, and other subversive efforts. As with any new concept, there was a considerable amount of skepticism. Since then, however, virtually every concept we described has been documented or validated. Continue reading
Dubai: AnonGhost, a politically motivated group of hacktivists, is planning to launch cyber attacks on energy companies globally, including Adnoc and Enoc in the UAE, on Friday for using the dollar in oil trades.
This is according to a YouTube post link tweeted by the AnonGhost team.
“It is a follow-up from the #opPetrol operation in 2013. They [Anonymous] are serious about its political message and they will deliver it,” Nicolai Solling, director of technology services at Help AG, told ‘Gulf News’.