Tuesday, 7 May 2013

Chinese Hackers Steal Info from top secret U.S military data

A QinetiQ Group PLC operator controls a Dragon Runner robot. The People's Liberation Army unveiled a bomb disposal robot in April 2012 similar to QinetiQ's Dragon Runner. 
Military secrets such as plans for advanced robotics and future weaponry have been stollen.
 Among defense contractors, QinetiQ North America (QQ/) is known for spy-world connections and an eye- popping product line. Its contributions to national security include secret satellites, drones, and software used by U.S. special forces in Afghanistan and the Middle East.
Specifically, the software embedded in military microchips used to power military robots has been stolen. This could help China's own military robotics program, and ultimately, teach the Chinese how to dismantle our own robots and drones in the field.
Former CIA Director George Tenet was a director of the company from 2006 to 2008 and former Pentagon spy chief Stephen Cambone headed a major division. Its U.K. parent was created as a spinoff of a government weapons laboratory that inspired Q’s lab in Ian Fleming’s James Bond thrillers, a connection QinetiQ (pronounced kin-EH-tic) still touts.

QinetiQ’s espionage expertise didn’t keep Chinese cyber- spies from outwitting the company. In a three-year operation, hackers linked to China’s military infiltrated QinetiQ’s computers and compromised most if not all of the company’s research. At one point, they logged into the company’s network by taking advantage of a security flaw identified months earlier and never fixed.
Graphic: Hackers in China Compromise U.S. Defense Secrets
“We found traces of the intruders in many of their divisions and across most of their product lines,” said Christopher Day, until February a senior vice president for Verizon Communications Inc. (VZ)’s Terremark security division, which was hired twice by QinetiQ to investigate the break-ins. “There was virtually no place we looked where we didn’t find them.”


QinetiQ was only one target in a broader cyberpillage. Beginning at least as early as 2007, Chinese computer spies raided the databanks of almost every major U.S. defense contractor and made off with some of the country’s most closely guarded technological secrets, according to two former Pentagon officials who asked not to be named because damage assessments of the incidents remain classified.
As the White House moves to confront China over its theft of U.S. technology through hacking, policy makers are faced with the question of how much damage has already been done. During their multiyear assault on defense contractors, the spies stole several terabytes -- equal to hundreds of millions of pages --of documents and data on weapons programs, dwarfing in sheer quantity any theft of Cold War secrets. The QinetiQ hack may have compromised information vital to national security, such as the deployment and capabilities of the combat helicopter fleet.
“The line forms to the left when it comes to defense contractors that have been hacked,” said James Lewis, a senior fellow in cybersecurity at the Center for Strategic and International Studies in Washington. “The damage has been significant.”

Systems Hacked

A few of the attacks have become public, including the 2007 theft from Lockheed Martin Corp. (LMT) of technology related to the F- 35, the most advanced U.S. fighter jet. Intelligence officials say the damage is far more extensive than the limited public accounting suggests, and that China-based hackers have acquired data on a large number of major weapons systems and many minor ones. One former intelligence official described internal Pentagon discussions over whether another Lockheed Martin fighter jet, the F-22 Raptor, could safely be deployed in combat, because several subcontractors had been hacked.
Slideshow: Top Ten Hacking Countries
In 2007-2008, the Pentagon gave secret briefings to about 30 defense companies alerting them to the aggressive spying effort and providing data to help defend against it, according to a person familiar with the process. The person did not know whether QinetiQ received the classified intelligence.

141 Attacks

Investigators eventually identified the Shanghai-based hackers that broke into QinetiQ as a crack team, nicknamed the Comment Crew by security experts, which has also hit major corporations and political figures, including the 2008 presidential campaigns of Barack Obama and John McCain. At least one other Chinese hacking team also may have been involved, according to a person familiar with the investigation.
In a Feb. 18 report, Mandiant, an Alexandria, Virginia- based security firm, attributed 141 major cyberattacks to the Comment Crew without naming the targets. Mandiant identified the Comment Crew as the People’s Liberation Army Unit 61398, which is similar in some respects to the U.S. National Security Agency. Mandiant’s report prompted Tom Donilon, President Obama’s national security adviser, to call on China to stop the hacking of U.S. companies.
The spying on QinetiQ and other defense contractors appears aimed at helping China leapfrog the U.S.’s technologically- advanced military, foregoing years of research and development that would have cost billions of dollars, according to Michael Hayden, former director of the CIA.
China’s military may also have stolen programming code and design details that it could use to disable some of the most sophisticated U.S. weaponry.

‘Major Embarrassment’

The lengthy spying operation on QinetiQ jeopardized the company’s sensitive technology involving drones, satellites, the U.S. Army’s combat helicopter fleet, and military robotics, both already-deployed systems and those still in development, according to internal investigations. Jennifer Pickett, a spokesman for QinetiQ, declined to comment as part of a general policy not to discuss security measures.
“God forbid we get into a conflict with China but if we did we could face a major embarrassment, where we try out all these sophisticated weapons systems and they don’t work,” said Richard Clarke, former special adviser to President George W. Bush on cybersecurity.
The spies’ trail at QinetiQ begins in late 2007, and so do the company’s mistakes. QinetiQ’s travails are documented in hundreds of unvarnished e-mails and dozens of reports that were never meant to be public, part of a cache that was leaked in 2011 by the group Anonymous after it hacked HBGary Inc., a Sacramento-based computer security firm hired by QinetiQ the previous year.

Team Outmaneuvered

The e-mails and reports are authentic, according to former HBGary executives and Day. Day agreed to an interview limited to the investigation’s findings because the documents had already become public.
By reviewing the documents with security experts and interviewing more than a dozen people familiar with the QinetiQ breaches, Bloomberg News reconstructed how the hackers outmaneuvered QinetiQ’s internal security team and at least five companies brought in to help salvage the situation.
Headquartered in a glass-and-steel office tower in McLean, Virginia, QinetiQ’s U.S. subsidiary is a boutique arms maker, less than one-tenth the size of industry giants like Lockheed or Northrop Grumman Corp. (NOC) It has specialized in fields expected to grow as the rest of the Pentagon budget shrinks, including drones, robotics, software and high-speed computing. A 2012 want ad for QinetiQ’s Albuquerque facility solicited a programmer to work on a “satellite-based global monitoring system” and limited candidates to those with top secret clearances only.

Stolen Data

In December 2007, an agent from the Naval Criminal Investigative Service contacted the company’s small security team and notified them that two people working in McLean were losing confidential data from their laptop computers, according to an internal report. The agency had stumbled upon the stolen data as part of another investigation and the alert was a courtesy.
The San Diego-based agent didn’t provide the identity of the hackers, who had been tracked by U.S. intelligence since at least 2002, or the crucial -- but classified -- fact that they were hitting other defense contractors. The company wouldn’t find out who its attackers were for two more years.
QinetiQ put strict limits on the investigation.
“They just felt like it was this limited little thing, like they’d picked up some virus,” said Brian Dykstra, a forensics expert based in Columbia, Maryland, which QinetiQ hired to conduct the investigation.

Four Days

Dykstra was given only four days to complete his work. He said the company didn’t give him the time or data necessary to determine whether more employees had been successfully targeted, a standard precaution. In his final report, Dykstra warned that QinetiQ “is likely not seeing the full extent” of the intrusion.
Evidence surfaced almost immediately that he was right, as the attacks continued. On Jan. 7, 2008, NASA alerted the company that hackers had tried to infiltrate the space agency from one of QinetiQ’s computers.
QinetiQ treated a series of attacks over the next several months as isolated incidents. The hackers followed a more meticulous strategy: In the first 2 1/2 years, they gathered more than 13,000 internal passwords and raided servers that could give them detailed information about the company and how it was organized -- data they would use to devastating effect.

Security Holes

More investigations uncovered more security holes. In 2008, a security team found that QinetiQ’s internal corporate network could be accessed from a Waltham, Massachusetts, parking lot using an unsecured Wi-Fi connection. The same investigation discovered that Russian hackers had been stealing secrets from QinetiQ for more than 2 1/2 years through a secretary’s computer, which they had rigged to send the data directly to a server in the Russian Federation, according to an internal investigation.
QinetiQ’s executives in the meantime fretted about rising costs.
“You could spend all your resources chasing such things as this,” William Ribich, the former president of QinetiQ’s Technology Solutions Group, said in an interview in January. Ribich, who retired in November 2009, shortly after the discovery of a major data theft, said he needed to balance the uncertain risk that the hackers could use what they stole against a growing shopping list of security products and consulting fees.

‘Move On’

“You finally have to reach a point where you say ’let’s move on,’” he said.
China’s hackers in fact zeroed in first on Ribich’s division, based in Waltham, and specifically on QinetiQ’s drone and robotics technology. Internal reports leaked by Anonymous chronicle a breach at TSG in February 2008, followed by another attempt in March of that year. By 2009, the hackers had almost complete control over TSG’s computers, the documents show.
Over one stretch in 2009, the spies spent 251 days raiding at least 151 machines, including laptops and servers, cataloging TSG’s source code and engineering data. The hackers dribbled data out of the network in small packets to avoid detection, managing to get away with 20 gigabytes before they were finally stopped, according to an internal damage assessment.
The stolen cache included highly sensitive military technology and was equivalent in size to 1.3 million pages of documents or more than 3.3 million pages of Microsoft Excel spreadsheets.

Secrets ‘Gone’

“All their code and trade secrets are gone,” Phil Wallisch, senior security engineer at HBGary, wrote in an e-mail after being briefed on the loss by the company.
It was about to get much worse.
While QinetiQ’s team tripped from crisis to crisis, the hackers honed their skills. They were next spotted in March 2010, after signing on with the stolen password of a network administrator based in Albuquerque, New Mexico, Darren Back.
The hackers logged on through the company’s remote access system, just like any employee. It was a trick they were able to use only because QinetiQ didn’t employ two-factor authentication, a simple device that generates a unique code employees enter, along with their usual password, anytime they work from home.
The problem had been spotted months earlier in a security review. Mandiant, which worked on several TSG breaches and performed the test, recommended a relatively inexpensive fix. The advice was ignored, according to a person familiar with the report.

Digital Secrets

In four days of furious activity, the hackers rifled at least 14 servers, taking particular interest in the company’s Pittsburgh location, which specialized in advanced robotics design. The Comment Group also used Back’s password to raid the computer of QinetiQ’s Huntsville, Alabama-based technology control officer, which contained an inventory of highly sensitive weapons-systems technology and source code throughout the company. The spies had got their hands on a map to all of QinetiQ’s digital secrets.
They also had begun to broaden their attack. As evidence mounted that the hackers had moved to divisions beyond TSG, QinetiQ hired two outside firms in April 2010 -- Terremark (TMRK) and a relatively new start up called HBGary, headed by Greg Hoglund, a former hacker turned security expert.

Glitches Surfaced

HBGary installed specialized software on more than 1,900 computers, then scanned the machines for snippets of malicious code. Glitches surfaced almost immediately. The software wouldn’t load on at least a third of the computers, and even where it did, it missed some that the hackers’ spyware was known to have infected, according to internal HBGary e-mails.
Matthew Anglin, an information-security principal at QinetiQ, whose job was to coordinate the two investigations, fretted that he had no idea what was happening in his own network. He complained that the expensive outside experts didn’t seem to have a handle on what was going on, and wasted time tracing innocuous if unauthorized software.
The consultants also squabbled. HBGary complained in one report that Terremark was withholding vital information. Terremark countered that it appeared the hackers knew HBGary was hunting them and were using its technology to delete evidence of their presence on machines.
“They think we tipped off the attackers,” Wallisch, HBGary’s principal investigator on the project, wrote in an e- mail.

Every Corner

The security teams found evidence that the hackers had burrowed into almost every corner of QinetiQ’s U.S. operations, including production facilities and engineering labs in St. Louis, Pittsburgh, Long Beach, Mississippi, Huntsville, Alabama and Albuquerque, New Mexico, where QinetiQ engineers work on satellite-based espionage, among other projects.
By the middle of June 2010, after weeks of intense work, the investigators believed they had cleaned QinetiQ’s networks and began wrapping up.
The calm lasted a little more than two months. In early September, the FBI called QinetiQ with evidence that the defense contractor was again losing data, according to e-mails and a person involved in the probe. Anglin messaged both HBGary and Terremark, asking how quickly their teams could return.
Within hours of their arrival, the investigators again began finding malicious software, or malware, in computers throughout the company’s North American divisions. Some of it had been there since 2009.

Software Deleted

It began to dawn on the security teams that the hackers had established a near permanent presence in the defense contractor’s computers, mining new information almost as soon as it was written onto hard drives. “Oh yeah...they are f’d,” Wallisch wrote to Hoglund in September.
Investigators also had to contend with frustrated QinetiQ employees. Upset about how much computer power the HBGary detection software was consuming, workers began deleting it from their computers with the approval of the company’s information technology staff.
As the hunt continued, more clues surfaced about what secrets the spies were after. The hunters’ digital footprints were found on the computers of QinetiQ’s chief operating officer, a division vice president and dozens of engineers and software architects, including several with classified clearances.

Military Robots

Among the victims was a specialist in the embedded software on microchips that control the company’s military robots, which would help in China’s own robot-building program, said Noel Sharkey, a drones and robotics expert at Britain’s Sheffield University. The PLA unveiled a bomb disposal robot in April 2012 similar to QinetiQ’s Dragon Runner.
The chip architecture could also help China test ways to take over or defeat U.S. robots or aerial drones, Sharkey said.
“You could set them up in a simulation board and hack into them,” he said. “That’s standard stuff.”
The spies also took an interest in engineers working on an innovative maintenance program for the Army’s combat helicopter fleet. They targeted at least 17 people working on what’s known as Condition Based Maintenance, which uses on-board sensors to collect data on Apache and Blackhawk helicopters deployed around the world, according to experts familiar with the program.
The CBM databases contain highly sensitive information including the aircrafts’ individual PIN numbers, and could have provided the hackers with a view of the deployment, performance, flight hours, durability and other critical information of every U.S. combat helicopter from Alaska to Afghanistan, according to Abdel Bayoumi, who heads the Condition Based Maintenance Center at the University of South Carolina.

Redstone Arsenal

The hackers also may have used QinetiQ to break into the Army’s Redstone Arsenal through a network shared with QinetiQ’s engineers in nearby Huntsville. A breach of the base, home of the Army’s Aviation and Missile Command, was linked by military investigators back to QinetiQ, according to a person familiar with the investigation.
It wasn’t the only time the hackers used the same back-door approach to federal computers. The same person said that as recently as last year, federal agents were looking into a breach at a QinetiQ cybersecurity unit, which they suspected Chinese hackers were using in attacks against government targets.
The security lapses at QinetiQ led to investigations by several federal agencies, including the FBI, Pentagon, and Naval Criminal Investigative Service, according to two people involved, who didn’t know the final outcome of the probes.

State Department

The State Department, which has the power to revoke QinetiQ’s charter to handle restricted military technology if it finds negligence, has yet to take any action against the company. Two former federal law enforcement officials said that, despite its authority, the State Department lacks the computer forensics expertise to evaluate the losses and neither could recall department involvement in several major data theft investigations.
“In this case it looks like years go by without seeing any learning curve and that’s what’s scary,” said Steven Aftergood, who directs the Project on Government Secrecy at the Federation of American Scientists. “The company is responsible for its own failures, but the government is responsible for the inadequacy of its response.”
QinetiQ’s U.S. operations are overseen by a proxy board that includes Riley Mixson, the Navy’s former air-warfare chief. The board was briefed several times about the hacking and the investigations. In a brief telephone interview, Mixson said that “everything was duly reported” and then hung up the phone. Tenet declined to comment.

Probe Impact

The investigations didn’t affect the company’s ability to win government contracts, even to provide cyber-security services to federal agencies.
In May 2012, QinetiQ received a $4.7 million cybersecurity contract from the U.S. Transportation Department, which includes protection of the country’s critical transport infrastructure.
“When it comes to cyber security QinetiQ couldn’t grab their ass with both hands, so it cracks me up that they won,” Bob Slapnik, vice president at HBGary, wrote after QinetiQ received a grant from the Pentagon in 2010 to advise it on ways to counter cyberespionage.
In the fall of 2010, Terremark sent a report to Anglin concluding that QinetiQ had been targeted by the Comment Crew since 2007 and that the hackers had been operating continuously in their networks since at least 2009. The report was part of the trove of documents leaked by Anonymous.

Complete Control

In that time, the hackers had gained almost complete control over the company’s network. They had operated unhindered for months-long stretches and they had implanted multiple, hidden communications channels to extract data. Privately, the investigators concluded that the spies had gotten everything they wanted from QinetiQ’s computers.
“My feeling is that if an attacker has been in your environment for years, your data is gone,” Wallisch wrote in an e-mail to a colleague in December 2010, a few weeks before HBGary itself was hacked and the record stops.
“Everything about your business is known, cataloged, analyzed, by your enemy,” Wallisch wrote. “I don’t feel a sense of urgency anymore.”

RSA boss Coviello admits customers 'angry and confused' over security failings

Art Coviello is chief executive of RSA
Las Vegas: The head of RSA has issued a scathing assessment of the enterprise security state, which asserts that vendors are falling woefully short of securing their clients.
Speaking at parent company EMC's annual partner conference, Art Coviello said that the inability of traditional approaches to enterprise security were failing to stop emerging threats and leaving customers, in Coviello's own words, "angry and confused" about the threat landscape.
"We have to change the models," Coviello told convention-goers. "We have had a model where we had to be reactive and protect the perimeter. The perimeter does not exist any more."
The RSA chief executive said that rather than relying on traditional protections such as antivirus and intrusion prevention systems, firms need to take a more analytical approach, catching potential threats ahead of time rather than attempting to defend systems that attackers have already compromised.
Such calls for improved security have been sounded before. The 2013 RSA conference brought numerous proposals for the integration of big data fields into the security space as vendors laid out their vision for new analytics platforms.
As customers increasingly find themselves falling victim to malware attacks and advanced persistent threats, however, Coviello believes that analytics tools should be integrated as soon as possible to prevent attacks from reaching a reactive layer that is proving to be increasingly ineffective.
"We should never stop trying to educate people about risk, but more and more of security is going to be about protecting consumers from themselves. I have never seen our customers more angry and confused than they are now and it is a combination of the increase in attack surface as well as these threats," Coviello said.

Huawei executive John Suffolk slams the US government's cyber security strategy

UK government chief information officer John Suffolk
John Suffolk, Huawei's global head of cyber security, has criticised the US government for attempting to prevent American companies from buying foreign technology.
In a personal blog post, Suffolk questions the true motives of the government's protectionist agenda. The former chief information officer for the UK government suggests that US regulations are attempting to better implement military security in private enterprise systems.
Suffolk contends that by removing foreign technology from network infrastructure the US government can reduce cyber network access points by consolidating government and military defenses with private industry.
He theorises that in doing so the US can also collect citizen data from telecommunications networks.
"It's quite clever really. You have just reduced your threat landscape to probably less than 30 network points and you broadly have less than a handful of telcos," wrote Suffolk in his blog post.
"So put on those access points an array of sensors and other top secret gubbins that the USA has spent all of its defense budget on and low and behold you have created a veritable gold mine of information, and a lot of response options."
In his blog post, Suffolk also says that data sharing bills such as CISPA would legitimise government data collection from private industry.
"The kind of scenario I have detailed above has already created a law breaking situation and these new laws are there to legitimize what might have been happening already – not saying it has just might have been," continued Suffolk.
Suffolk's theory comes following repeated attempts for the US government to separate itself from Chinese technology companies.
Late last year, government officials launched a detailed investigation into whether Chinese firms such as Huawei were working with the Chinese government to spy on US private industry. No evidence of collusion was discovered following the investigation.
Huawei has since said that the investigation hurt its sales in the US. The company's marketing vice president said the investigation stopped Huawei's wireless network sales growth in the US.

Microsoft confirms IE 8 zero day exploit

Microsoft has confirmed that there is a zero day exploit in Internet Explorer 8 that lead to hacks on the US Department of Labour (DOL) and the Department of Energy (DOE) websites.
The exploits discovery came from research uncovered by AlienVault Labs. According to the security research firm, the hack led website traffic to be redirected to malicious code. Following the disclosure Microsoft has said it is working to patch the exploit.
"This is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated," wrote Microsoft in a security advisory on the exploit.
"The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website."
Redmond says that the exploit is currently being examined and a patch should be expected to come as part of the impending Patch Tuesday release. Until the patch is released, Microsoft recommends users implement basic security protections.
According to AlienVault, the exploit was used by Chinese hackers to grab hold of government data. The exploit reportedly led to files being downloaded onto hacker's servers.
The exploit was originally considered to be focused on gathering intelligence from the DOL to better understand their sites security defensives. However, research firm Invincea later discovered that the hack was intended to serve as a water hole attack.
According to Invincea, the hack was aimed at collecting data from DOE employees who worked with the DOL website. The research firm says that the goal of the hack was to uncover information from DOE workers that handled nuclear-related illness related to DOE facilities.

China's cyber spying targets US govt: Pentagon

China has engaged in widespread cyber espionage in a bid to extract information about the US government's foreign policy and military plans, said a Pentagon report issued Monday.
China kept up a steady campaign of hacking in 2012 that included attempts to target US government
computer networks, which could provide Beijing a better insight into America's policy deliberations and military capabilities, according to the Pentagon's annual assessment of China's military.
China is using its computer network exploitation (CNE) capability to support intelligence collection against the US diplomatic, economic, and defense industrial base sectors that support US national defense programs," said the report to Congress.
"In 2012, numerous computer systems around the world, including those owned by the US government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military," it said.
The report marked the most explicit statement yet from the United States that it believes China's cyber spying is focused on the US government, as well as American corporations.
Though President Barack Obama's administration has demanded China stop widespread cyber theft, officials have tended to focus their public comments on the hacking of private business networks and not US government agencies.
The information targeted by the cyber spying could possibly benefit China's arms and technology sectors and policymakers interested in US leaders' thinking on China-related issues, the report said.
The cyber spying also could assist Chinese military planners in "building a picture of US network defense networks, logistics, and related military capabilities that could be exploited during a crisis," it said.
US officials have grown alarmed over what they call increasingly brazen hacking from China that has penetrated defense contractors including Lockheed Martin and a host of other organizations and agencies.
The digital espionage was part of a broader industrial espionage effort that seeks to secure military-related US and Western technology, allowing Beijing to scale back its reliance on foreign arms manufacturers, the report said.
Apart from describing the Chinese military's focus on cyber warfare, the Pentagon report portrayed a steady build-up of Beijing's armed forces, with investments in anti-ship missiles, space satellites, a new aircraft carrier and stealth fighter jets.
China in March announced a 10.7 percent increase in its annual defense spending, with a budget of $114 billion.
But the report estimated China's total military spending for 2012 was much higher, between $135 billion and $215 billion.
Beijing, however, still spent more on "internal security" forces than on its military, it said.
Although China's top strategic concern remained Taiwan, its "military modernization has begun to focus to an increasing extent on capabilities and mission sets that extend beyond immediate territorial concerns," David Helvey, deputy assistant secretary of defense for East Asia, told reporters.
The report said much of China's investment is concentrated on missiles and other weaponry to attack "military forces that might deploy or operate within the western Pacific," where Beijing stakes territorial claim to an arc of disputed islands.
The Pentagon has been particularly concerned about the DF-21D anti-ship ballistic missile, as well as air defenses and other weapons that could hit destroyers or aircraft carriers from a long distance.
"Obviously, something that can hold at risk large surface ships, including aircraft carriers, is something we pay attention to," Helvey said.
But the report stressed "positive momentum" in military relations between the United States and China, citing more high-level contacts and a joint counter-piracy exercise in the Gulf of Aden last year.
The 92-page report did not convey any shift in the US view of China's military and was "even-handed" in its tone, said Andrew Scobell of the RAND Corporation think tank.
While US officials track China's military build-up closely, the People's Liberation Army is still often pre-occupied with domestic concerns and dissent, he said. "There's a domestic drag on China's military.

Warning: ZertSecurity Android trojan hits German users

ZertSecurity is a banking trojan which masquerades as a certificate security application that asks the user to input their bank account number and PIN.
ZertSecurity was found in the Google Play store, although less than 100 copies had been downloaded in the 30 or so days that it was live. It has since been removed by Google.
All Lookout users are protected against this threat.
Lookout’s Take
In contrast to most other banking trojans, ZerSecurity is standalone with no corresponding desktop component as has normally been seen in banking threats like Zitmo/Citmo. This is because in this case, the attackers are able to collect everything they need with one simple form.
Since Postbank requires Account number and PIN for web access, by phishing for these details and then controlling all SMS sent to the user’s mobile, the people behind this attack are able to:
  • Access the web account
  • Review or make transactions
  • Intercept any two factor authentication messages sent over SMS.
In particular this means they would be able to authenticate transactions that they create, by hijacking the mTAN SMS.
How it works
Links to ZertSecurity’s installation website were pushed out as part of a phishing campaign that targeted users in Germany. All emails seen so far have masqueraded as emails from Postbank and contain messages along these lines:
  1. Following an account audit it has been identified that your information is out of date, and your account access has been limited. You need to click on the attached link in order to update your account and restore access.
  2. After a certain date, It will only be possible to use the Postbank mobile TAN service if you install the SSL certificate from this application. Use the attached link to install the SSL certificate on your smartphone right now now.
If the link is followed from anything other than an Android device, the installation website displays “Certificate was successfully installed”, and nothing further happens.
Following the link using an Android device takes the user to a website which invites them to install the fake security certificate application, and provides instructions to guide users through the installation process.

The Honolulu Police Department(HPD) Alerts database was accessed by an unauthorized person or persons

The Honolulu Police Department announced today that its "HPD Alerts" database was accessed by an unauthorized person or persons this weekend, and subscribers' names, phone numbers, and email addresses were compromised. HPD Alerts was a pilot program to provide breaking information to the public.  It was recently discontinued due to technical problems not associated with the cyberattack.
The HPD has since removed the database and implemented additional measures to protect the information.  At no time did the breach affect police services.HPD statement
A list of more than two dozen HPD personnel names, phone numbers, email addresses and log-in passwords popped up on several hacker-affiliated websites overnight.
The group taking credit for the website breach is "X-Blackerz Inc".  They posted a link to the leaked information on their Facebook page using the hashtag "#OpUSA", which according to their webpage is an on-going cyber-attack campaign coordinated through Twitter and sites like Pastebin.
According to an image that has been circulating online, #OpUSA is quote: "for the children of Iraq, Gaza, Pakistan, Afghanistan and all victims of American drone violence".
The photo, which features a skull and the American flag, goes on to say quote: "Hurt the only thing the American Government cares about money".  "X-Blackers" claims to have hacked into at least 100 other U.S. websites, though no other police department's appear to have been impacted at this time.
Local cyber security expert and former Honolulu Police detective, Chris Duque, says these hacks should be taken seriously.
"This puts everyone at risk.  Personal information is much more valuable these days than the actual money in your pocket, in your purse, or in the bank— information is the new commodity," said Duque.
"Everyone is vulnerable - everyone is vulnerable to some kind of cyber attack," Duque explained, before describing how difficult it can be to catch the people who are responsible.
"Unfortunately, it's a see-saw battle. Sometimes you win, sometimes you lose.  We're trying to keep up, but it's hard because of the limited resources the government has versus the bad guys.  The bad guys really have unlimited resources, because all their resources they steal," said Duque.