Tuesday, 14 May 2013

Sky News says Colin tweet was disaster recovery test, not hack

Sky News has revealed the rogue tweet sent earlier from Colin on its Twitter account was not the result of a hack, as it first thought, but was actually a disaster recovery test message posted in error.

Earlier today, it seemed that Sky News had become the latest organisation to suffer a Twitter security breach, after someone managed to access its social media account to tweet a message.

However, later on Tuesday afternoon Sky News posted an update to the incident: "Further investigation uncovered, to our relief, that Colin was in fact a ‘disaster recovery’ test message which accidentally went live. Apologies.
......no Colin was harmed in the making of this message."
The tweet was short and innocuous, and is unlikely to have had any negative implications for the news outfit, aside from slightly red faces over lax social security procedures. Posted at 11.52am on Tuesday, it simply read: "Colin was here."


The message was greeted warmly by the Twittersphere, getting retweeted more than 6,000 times and favourited almost 2,000 times in its short lifespan. Sky News deleted the tweet, and posted its own response confirming that all was well and good again, and that Colin had been located, although it did take the firm 85 minutes to react.
Sky News initially thought the tweet was the result of a security breach: "Earlier today the @skynewsbreak twitter feed was hacked and a single message sent. Action was swiftly taken and we are working with Twitter and our in-house security to ensure this cannot happen again," the firm said.

The incident is one of several to have occurred recently, highlighting the need for companies to improve their social media security measures. When bigwigs at HMV were making redundancies, the person with the logins to its Twitter account took to the social site to spill the beans on the layoffs.

Other news sites such as the Associated Press and The Onion have both recently fallen prey to Twitter hacks from phishing operations, while writer Candace Bushnell had her account breached by Guccifer, the same hacker who famously breached the account of former President George W Bush. In the case of Bushnell, the attack also led to a costly data breach as the first 50 pages of the Sex and the City author's new novel were leaked

AhnLab brings anti-North Korean hacker APT services to UK

North Korean flag
Korean security vendor AhnLab has announced plans to spearhead its expansion into the Western market with a new UK office.
The firm told V3 about its plans to open the office on Monday, saying that its track record of mitigating advanced persistent threats (APTs) will allow AhnLab to become one of the biggests players in Europe's security community.
AhnLab is currently South Korea's largest security company. The firm garnered widespread attention for its involvement in mitigating an attack, believed to stem from North Korea, that targeted several of banks and broadcasters.
AhnLab EMEA manager Simon Edwards told V3 that he planned to carve a share of the European market by offering businesses the unique expertise it has acquired by combating more evolved attacks stemming from the Far East.
"There are two major selling points for AhnLab in the UK. One is the technology. Korea is the most connected country in the world in terms of the number of devices connected to the internet, the proliferation of where the internet is. As a result of that they get attacked a lot," he said. "Even before you look at what's going on north of their borders they're being attacked a lot and as a result of that they are seeing a lot more nasty stuff hitting their centres than people are elsewhere in the world."
The technology will help European businesses counteract the influx of new Russian attacks, influenced by more sophisticated Asian actors, says Edwards.
"The key to it is whether you can detect an attack, and attacks are changing. We do tend to see attacks coming in from Russia more than we would in Korea, but they're similar, for example the move away from basic things like flash-based attacks into non-process executable files, so things like PDFs, Word documents, Excel files, those sorts of things," claimed Edwards.
"So although the threat actors are different, the way they're attacking is very similar and we're still seeing multiple zero-day attacks being moulded into a piece of malware. That's where you need a technology that's capable of seeing things very quickly and understanding what they're doing."
Edwards said AhnLab will also target the enterprise space using a distinctive selling model that won't require the firm to invest vast sums of money up front.
"From a commercial perspective we have a unique offer as well. Where FireEye and most traditional security vendors are going to charge you a lot of money up front for the appliance, we're doing it as a purely subscription-based service," said Edwards. "This means you pay an annual subscription as part of your operating expenditure and you get your clients, you get the service, you get everything. This means there is no capital expenditure required."
The AhnLab manager told V3 the firm expected the model to also appeal to the UK government. "Our core market is enterprise, but I also think we'll prove a hit in government because of the lack of capital expenditure. Obviously government projects at the moment have got horrific problems, not having any budget to spend on new kit and that sort of thing, but they do have operating expenditure, so I think our offer will prove a good thing for government as well," said Edwards.
The office's opening comes during a wider push by the UK government to make the country a leader in the cyber security industry. The move started in 2011, when the government announced its new cyber strategy, pledging to invest £650m to improve the nation's cyber defences. Edwards said the move has made the UK one of the most desirable security markets in Europe and an ideal launch point for AhnLab's expansion.
"The UK is the most developed market within Europe. There are a number of advantages to setting up in the UK, predominantly there's the language, it helps you deal with Americans and English tends to be spoken in most places, but there's also the fact that it is a much more mature market in terms of the partners available, the knowledge that's here the intelligence of the customers," he explained.

Symantec and McAfee warn firms to assess risk of cyber war threats like Stuxnet and Flame

McAfee and Symantec talk security at Trustmarque
Businesses need to reassess how threats like Stuxnet and Flame relate to them when updating their cyber defences, according to McAfee and Symantec.
McAfee vice president, Ross Allen, said the appearance of threats like Stuxnet should act as a wake-up call to all businesses related to critical infrastructure.
"We've seen attacks on critical infrastructure already with things like Stuxnet, malware designed to bring down the centrifuges of a power plant with a viral malware inside of a process control environment," said Allen, speaking during a debate at the Trustmarque summit in London (pictured above).
"By taking down a utility grid, or a pipeline, or an ATM network you block access to funds, to water, to electricity. It's the Blitzkrieg of 1939 in 2013.
"Because of this, at McAfee we're very focused not just on how we work with government, but also how we work with the private sector. This is because the attacks aren't just going to be on governments, it's going to be on the infrastructure that lays down and facilitates the movement of information within the country."
Allen said that even with the risk, firms must avoid taking overly rash measures when developing new strategies to counteract the threats.
"It's important we do this without scaring too many folks. Our industry is already too governed by scare tactics and I'd rather have it that we just helped people with preparedness. I'd like it to be like Y2K - we got through that just by being prepared and no lights went out. Preparedness and readiness can remove fear," he said.
However, Symantec chief technology officer Darren Thomson said many firms have already taken a misguided approach when reacting to such threats, looking for simple technological answers.
"Given the threats we've been describing, I think I'd agree with the idea that it's about preparedness. We've seen a lot of organisations in both the private and public sector make an attempt to prepare but I see a lot preparation in the technology aspect space of the infrastructure. There's certainly some merit to that, that's one piece of the jigsaw, but at Symantec we think you have to think a little more comprehensively about preparedness," said Thomson.
"We're seeing a lot of people preparing but, in many ways, nine out of 10 of them are preparing for the wrong thing. Preparedness doesn't just mean buying up McAfee, Symantec or whoever else's technology tomorrow, it means becoming prepared, making a plan."
The Symantec chief added that firms must consider how the threats relate to them and their individual assets when combating cyber threats.
"I think it's important organisations in the private or public sector don't get too obsessed with all the bad stuff that's going on in the world and think a little bit more about what it means to them; they need to contextualise it. That's good old-fashioned risk management," said Thomson.
"For a bank, the threats will be very different to those for a Formula One team and those again would be very different to a local government. You need to think what the assets of a company are that have to be protected. Assets for me are becoming less and less about infrastructure and more about data and information. "
The McAfee vice president mirrored Thomson's attitude, saying that threats like Stuxnet are a government issue that many states are already dealing with. "A while ago the electrical grid went down in the southeast US and the belief of the US government was that it was a Trojan that had been executed," said Allen
"Theoretically you could declare that an act of war, which is why president Obama has changed what constitutes the declaration of war. He changed it because the activity with the Chinese – bringing down an electrical grid, redirecting traffic at the Department of Defense – could be viewed that way."
The two security experts' comments come during a wider push by the UK government to improve the nation's cyber defences. The push began in 2011 when the government pledged to invest £650m to help protect businesses operating in the country from cyber threats as a part of its wider cyber strategy.
The strategy has seen the launch of numerous initiatives, including the creation of two new cyber security higher education centres at Oxford and Royal Holloway London university, announced late last week

SAP enters iOS and Android security space with launch of Mobile Secure

SAP building
SAP has jumped into the mobile security space with the launch of Mobile Secure software, designed to secure customers accessing their business applications from mobile devices.
Mobile Secure will also be offered as a software as a service (SaaS) edition, which will be integrated with the firm's mobile device management cloud software Afaria to help businesses manage multiple mobile devices. The most recent cloud edition of Afaria is bundled with analytic dashboards from SAP's business intelligence Business Objects portfolio to give customers insight into device compliance usage.
SAP said Mobile Secure will work on today's most popular devices including iOS, Windows and Android operating systems.
SAP president of technology solutions and the mobile division Sanjay Poonen said the increasing number of mobile operating systems and the influx of bring-your-own device (BYOD) programmes for employees has meant enterprise-level security is a priority for many companies.
"With SAP Mobile Secure, we want to make it easy for CIOs to bring comprehensive mobile security to all layers of their mobile infrastructure at the lowest total cost of ownership (TCO) possible," he said. "The SAP Mobile Secure solution portfolio is integrated with the SAP Mobile Platform, allowing developers to build in security at the right time. SAP Mobile Secure is designed to scale to millions of devices."
The Mobile Secure software will allow customers to quickly add security and usage policies to iOS and Android apps without having to write any code. Such capabilities are due to a partnership SAP has secured with mobile security firm Mocana, which will see the firm resell Mocana's Mobile App Protection software as part of the SAP Mobile Secure offering.

SAP has had recent success with its mobile offering, inking a deal with CA Technologies for the software management firm to licence Afaria for mobile device management.
SAP is this week holding its annual Sapphire US event in Orlando, which V3 will be attending.
Last week SAP made a bold move in both its big data and strategy, announcing that its HANA database platform would be offered as an enterprise cloud service. The HANA Enterprise Cloud will allow users to analyse data from SAP Business Suite applications in the cloud. SAP said that the HANA as a cloud service will reduce the cost for customers wanting to perform big data analytics, as well as offering them increased flexibility.

How to protect your car against hackers

In 2010, the world saw the biggest case ever of a car recall when Japanese manufacturer Toyota admitted that almost all of its Prius hybrid cars are prone to a software bug that can affect braking behavior in different situations. The fix was a simple software upgrade done at every licensed garage, but that merely made everyone suspicious: If a car’sbreaking system can be influenced by software, is it also possible to monitor and control it remotely by hacking into it?
That’s exactly the idea that passed Gili Litichever’s mind back in 2010. While driving a car, he suddenly noticed that the same screen showed information from the car’s radio system and from its engine. He realized that it is possible to hack an entire car just by embedding hidden data in FM Radio transmissions, or any other wireless or wired data transfer protocol supported by many modern cars. This way, a perpetrator can control a car’s speed, steering, fuel consumption, locks, alarm etc.
To try and address this issue, Litichover founded a company named Arilou, started in 2010 and officially launched in 2012, with two partners – Ron Barly (Chairman), Gil Litichever (CEO) and Ziv Levi (CTO). All three have background experience in the field of security and Cyber-security, both from serving in communication units in the IDF and working at commercial companies in the field.
Arilou pawn
The company basically develops a chip that can separate between a car’s various computer systems. Today, every computer in the car – including the engine, suspension and multimedia system – uses the same CAN (Control Area Network) protocol to communicate, opening the doors to data that is injected into one of the systems (e.gusing a cell-phone connected to the car’s speakers via Bluetooth to control the gear).
The company claims its chip can defend a car’s systemswithout making all component makers and technicians to apply certain encryption protocols to each part of the car. In the last few months it has been in talks to embed the chip in cars made by some of the world biggest manufacturers.

Network-connected devices used as bots in DDoS attacks

"computerworlduk", printers, routers, IP cameras, sensors and other Internet-connected devices are increasingly used to launch large distributed denial of service attacks, security firm Prolexic warned in a report this week.
Attackers are taking advantage of inherent vulnerabilities in some common network protocols used by these devices to turn them into malicious bots, Prolexic said.
The report identifies three vulnerabilities in particular that are being used in DDoS attacks: Simple Network Management Protocol (SNMP), Network Time Protocol (NTP) and Character Generator Protocol (CHARGEN).
All three protocols are ubiquitous across the Internet and in out-of-the-box devices and system configurations, said Terrence Gareau, principal security architect for Prolexic.
According to Prolexic, there are several security problems with SNMP. Some versions of the protocol transmit data in human readable form and are therefore vulnerable to interception and data modification attacks.
The protocol is also vulnerable to IP spoofing because the origin of transmission of an SNMP request cannot be verified. All versions of SNMP are also vulnerable to "brute force" attacks, the company said.
Attackers can take advantage of such flaws to take control of network-attached devices and use them to launch denial of service attacks, Gareau said. As a result, attackers can generate huge volumes of DDoS traffic with relatively small SNMP requests, Gareau said.
Organizations that want to reduce the risk of their devices being used to launch DDoS attacks should disable SNMP if it is not needed, restrict SNMP access via access control lists, and disable read and write SNMP access unless it is absolutely needed, Prolexic said in its report. Companies should also consider stronger authentication measures to control access to SNMP devices.
Similarly, problems with the Network Time Protocol can result in systems that are co-opted into a DDoS attack, the company said. NTP is used to synchronize network clocks and for timestamp messages. As with SNMP, attackers can launch multiple requests for NTP updates from multiple hosts and direct all the responses to a target computer.
Meanwhile, vulnerabilities in the CHARGEN protocol, which is found in remote debugging and measurement tools, allows attackers to craft malicious packets and have them directed to a target. Companies that use this protocol should review its use and eliminate it if it isn't needed, according to Prolexic.

Sophisticated social engineering campaign hits French company

Social Engineering hackers have used an sophisticated attack on French-speaking accounting and finance department employees. The victims were called and asked in French if they were able to process an invoice sent by e-mail.
The style of attack, known as "spear phishing," has been used against French organizations, including subsidiaries in Romania and Luxembourg.
"There is evidence to suggest that these attacks began as early as February 2013, however, it was only more recently in April that phone calls were being placed prior to sending the victim the phishing email," Symantec wrote on its blog
The company said the attackers may have just limited information on their targets and recommended those receiving a call ask additional questions to verify the caller is legitimate. Sensitive information should also be encrypted

Chinese university lab linked to PLA cyber attacks

A computer science laboratory at China’s Wuhan University has been linked by U.S. intelligence agencies to Chinese military cyber attacks on the West.
According to U.S. officials, the Key Laboratory of Aerospace Information Security and Trusted Computing at Wuhan’s Computer Science School in central China’s Hubei Province is the latest cyber warfare research and attack center to be identified from within China’s secret cyber warfare program.
The Pentagon’s latest annual report on China’s military, made public last week, for the first time confirmed that Chinese cyber attacks on the U.S. government appeared “attributable directly to the Chinese government and military.”
A report by the private cyber security firm Mandiant in February identified China’s main military cyber espionage group near Shanghai as Unit 61398, part of the People’s Liberation Army’s 2nd Bureau of the General Staff Department’s 3rd Department, known as 3PLA.
The Project 2049 Institute, a Virginia-based think tank, revealed a separate Chinese military cyberwarfare unit called the Beijing North Computing Center, also part of the 3PLA, four months before publication of the Mandiant report.
According to U.S. officials, the Key Laboratory, located about 425 miles west of the Chinese port city of Shanghai, is one of three computer science laboratories at the university. It was set up in 2008 and is considered one of the premier information security and cyber warfare centers at the university.
Wuhan’s Computer Science School has trained more than 760 people who currently are in the Chinese military and government over the past decade.
The lab received funding from several Chinese military elements, including 3PLA.
Another Wuhan University computer science laboratory was identified by the officials as the Information Network Attack and Defense Research Center.
The Key Lab is noted for its development of unique computer warfare software platform called the SimpleISES Information Security Experiment System that is used in training and conducting cyber attacks.
The system can be used by 20 students at a time to conduct cyber attacks on networks. SimpleISES was developed by Beijing Simpleware Technology Co., Ltd. and is used at more than 30 universities throughout China.
Experts say the system is believed to be a key element in the massive Chinese-military related cyber attacks against the Pentagon and the U.S. government, as well as China cyber attacks in other nations.
Mark Stokes, a former Air Force officer and Pentagon specialist on China now with the Project 2049 Institute, said he was not familiar with the Key Lab. Stokes coauthored a 2011 report that revealed one of 12 3PLA operational bureaus is located in Wuhan.
“There are several of these kinds of state and defense labs,” Stokes said in an email.
A computer security expert who asked not to be identified by name said Simple ISES “seems to be basically a teaching system for training hackers.”
“If Wuhan is involved, then they are using the system to train next generation university students to be hackers,” the expert said. “It seems that it is a modular to assist in the development and testing of new attacks.”
The Pentagon’s annual report, which was dismissed by Chinese government spokesmen as “groundless,” stated that in 2012 “numerous computer systems around the world, including those owned by the U.S. government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military.”
“These intrusions were focused on exfiltrating information,” the report said. “China is using its computer network exploitation (CNE) capability to support intelligence collection against the U.S. diplomatic, economic, and defense industrial base sectors that support U.S. national defense programs.”
According to the Pentagon report, cyber attacks are aimed at information that could benefit China’s defense and high-technology industry, as well as “policymaker interest in U.S. leadership thinking on key China issues, and military planners building a picture of U.S. network defense networks, logistics, and related military capabilities that could be exploited during a crisis.”
“Although this alone is a serious concern, the accesses and skills required for these intrusions are similar to those necessary to conduct computer network attacks,” the report said.
China plans to use cyber warfare capabilities in future wars by primarily gathering data for intelligence and computer network attacks.
Additionally, cyber warfare attacks will be employed to limit enemy action or slow military responses “by targeting network-based logistics, communications, and commercial activities,” the report said.
Cyber warriors also will be coupled with conventional military attacks as a “force multiplier” during war or crises, the report said.
The Pentagon report said Chinese military writings contain extensive reports on cyber warfare doctrine. Two key writings were identified as “Science of Strategy,” and “Science of Campaigns,” which outlined how to achieve “information superiority” in warfare that would allow a weaker power to defeat a stronger foe.
“China’s military continues to explore the role of military operations in cyberspace as a feature of modern warfare and continues to develop doctrine, training and exercises which emphasize information technology and operations,” David Helvey, deputy assistant defense secretary for East Asia, told reporters in releasing the report May 6.
Zhang Huanguo, an official involved in the laboratory, did not return emails seeking comment.
In addition to Zhang, other Chinese who are part of the Key Lab include Lina Wang, who heads the unit, Du Ruiying, and Fu Jianming, who is known to be involved in information attack and defense activities.
Zhang is considered the liaison with the People’s Liberation Army (PLA). The Key Lab in the past received funding from the PLA Information Engineering University, the General Staff Department Confidential Bureau, and the 3PLA.
The PLA Unit 61478, a secret cyber warfare unit, provided other funding for the lab.

Afgan Cyber Army Hacked 300 U.S. Websites

The Afghan Cyber Army , has even claimed on Facebook to have leaked the details of 1.1 million Facebook accounts belonging to US citizens.
A total of 305 websites were hacked lately by members of the hacking group Afghan Cyber Army.This was done to show their active participation in an operation launched sometimes back called '#Op USA'. The same deface page was uploaded on all the websites.
Message to the citizens of the United States of America from Afgan Cyber Army on defaced pages;
It's time for you to wake up America. You have been sleeping for far too long. You feel it prickling under your skin, you sense it deep in your gut. Change is coming, whether you like it or not. So, either you stand up to the corruption that is your government, or you continue to live as hollow robotic shells, doing the same things day in and day out, expecting different results; While your rights are endlessly stripped away and a dictatorship and military police state rises....what will you do? This defines insanity, does it not? Your silence is not saving anyone, you government has failed you. The only system you have ever known is crumbling and they are desperately trying every crooked avenue to control their messes and to control you MORE, at any cost. Deep down you know these things. You see things things. Will you remain silent? While the world is dying at the hands of the corrupt? Do the atrocities need to be in your own backyards before you act and use your voices? Will you wait until the very last minute before you step outside of your comfort zone and actually do something about it? What are you willing to risk? What lengths are you willing to go to for TRUE freedom from a parasitical government? Do not wait until the last moments, regretting what you didn't do when it really mattered. The time is now. Wake Up. The way things are going, doom is inevitable. If you want something different, then do something different. Afghan Cyber Army is going to be an alarm clock to the United States Government. Please, citizens of the United States of America, do not push snooze anymore. It's time to wake up....wake up....wake up.

Alert Trojan horse : Your Order Details with Amazon.zip

In a widespread malicious emails attack have been spammed out by online criminals, disguised as legitimate communications from the UK branch of online retail giant Amazon.Report Naked Security
The danger arrives in the file attached to the emails. The emails carry an attached file called "Your Order Details with Amazon.zip" which contains a Trojan horse.
It's understandable that some computer users would be fooled into opening the attachment, as they might be wondering what on earth they have ordered from Amazon.
It should go without saying that Amazon UK is a completely innocent party. They didn't send out the emails (despite what the forged "from" address used in the attack might suggest), and are having their brand tarnished by the cybercriminals behind this attack.

U.S. bank executives join FBI classified video conference on who was behind the keyboards

The FBI last month gave temporary security clearances to scores of U.S. bank executives to brief them on the investigation into the cyber attacks that have repeatedly disrupted online banking websites for most of a year.
Bank security officers and others were brought to more than 40 field offices around the country to join a classified video conference on "who was behind the keyboards," Federal Bureau of Investigation Executive Assistant Director Richard McFeely told the Reuters Cybersecurity Summit on Monday.
The extraordinary clearances, from an agency famed for being close-mouthed even among other law enforcement agencies, reflect some action after years of talk about the need for increased cooperation between the public and private sectors on cybersecurity.
The attacks, which have been ascribed by U.S. intelligence officials to Iran, are seen as among the most serious against U.S. entities in recent years. McFeely declined to discuss details of the investigation, including what the banks had been told and whether Iran was behind the attacks.
Banks have spent millions of dollars to get back online and make sure they can stay online. JP Morgan Chase & Co, Bank of America, Wells Fargo, Citigroup and others have been affected.
McFeely said the one-day secrecy clearances are part of a broader effort by the FBI to communicate more with victims of cybercrime, some of whom feel that cooperating with federal authorities carries too much risk of exposure to investor and media scrutiny.
A February executive order from President Barack Obama called for expedited security clearances.
McFeely, who began overseeing FBI cyber and criminal cases last year, said the agency was changing its approach after being "terrible" in the past about keeping targeted companies informed of progress in investigations.
"That's 180 degrees from where we are now," McFeely said at the summit, held at the Reuters office in Washington.
The FBI is working harder at securing international help in combating cybercrime and sabotage, but also needs dramatic gestures, such as espionage arrests of hackers from rival countries, to convince U.S. companies to be more open about their losses, he said.
On the international front, the FBI and Department of Homeland Security have notified 129 other countries about 130,000 Internet protocol addresses that have been used in the banking attacks.
Many of the computers involved in the attacks were infected by viruses before being directed to attack banking websites, and the bulletins have helped other countries to clean some of the computers, FBI officials said.
National Security Agency Director Keith Alexander and other officials have said that the massive theft of intellectual property by China and other countries amounts to the largest transfer of wealth in history. Individual companies, however, have rarely admitted material losses.
McFeely said that part of the problem was that companies have been frustrated at the extreme rarity of overseas arrests or other signs of tangible progress in nascent international talks over the issue. Even some defense contractors contacted by the FBI after breaches are reluctant to share information with agents, he said.
But McFeely said that some indictments have been issued under seal and that arrests would follow, perhaps when hackers identified by name travel outside their home countries.
"The first time we bring someone in from out of the country in handcuffs, that's going to be a big deal," McFeely said.

Febipos Malware in the wild that steals your Facebook profile

Microsoft has discovered a trojan which hijacks Facebook accounts. The malware penetrates through a Chrome extension or Firefox add-on. Safari and Internet Explorer seem to be safe.
Microsoft warns that the malware takes over the Facebook account and then performs various unwanted actions. The malware - now known as Febipos was first found in Brazil.

Chat it up

The malware can chat, share content, post messages to other profiles, comment on posts, like pages and join Facebook groups.
In the warning report Microsoft concludes that the malware presumably has more in his march
Microsoft recommends to keep all security products up-to-date and download  Extensions and add-ons only from reputable places like the Chrome Web Store and Firefox Add-ons

CERT Taiwan has asked Facebook to delete Anonymous accounts

The Taiwan National Computer Emergency Response Team has asked Facebook to delete hackers’ accounts and requested its counterpart in the Philippines to help deal with the hackers.
The Taiwanes Presidential Office, Ministry of Foreign Affairs, Ministry of National Defense and Coast Guard Administration were subject to DDOS attacks over the weekend.
The Cabinet Office of Information and Communication Security said May 12 that it is taking measures to deal with anonymous Philippines-based cyberattacks on government and private sector websites.
Based on the timing of the events, these attacks may be related to the May 9 fatal attack on an ROC fishing boat by the Philippines coast guard and retaliation against their government’s websites by Taiwan netizens,” ROC Cabinet spokeswoman Cheng Li-wun said.
As of May 12, “central and local government web pages have been defaced or subject to distributed denial of service attacks, with the latter activity most common,” Cheng added.
The OICS has announced a series of measures to deal with the attacks. Details of Internet Protocol addresses of attackers are being passed to all government departments, who have been asked to exercise heightened vigilance.

Banned 3D Gun now serving malware after US gov demanded removal

The 3D printable gun named Liberator is being banned from the internet after the US government demanded the removal of the 3D-gun on the internet. As the government said do not download this - a lot of people started downloading the file from various resources. The most well known download location for this file is The Piratebay - now it would not be crazy if hackers would exploit this situation.


Everyone that is interested in the 3D printing world was waiting for the file to be released on the internet as it would give the people an interesting project to build. The government said that it has to be taken offline - so now a lot of sites are following up on that command. Of course the file will be online at the internet because it is impossible to remove something from the internet that has been shared already.

I am still going to download it

So now there are still people that would like to download the 3D gun but now they will not find an legit resource for their download. This is where the hackers come in. The hackers will create files likes Torrents - that will trick the user into believing that they are downloading an 3D Gun. The unknowing computer user will then execute an virus once it opens the file.

Explosive f​orce

Mr Wilson said that Defense Distributed had complied with the International Traffic in Arms Regulations (ITAR) rules. He said the rules were pretty convoluted, but he believed his project was exempt as Defense Distributed had been set up specifically to meet requirements that exempted it from ITAR.
"Our gun operations were registered with ITAR."
He said the letter was unclear in that the Office was conducting a "review" yet at the same time he had to remove the files.
"They are stalling, they are going to make this review last as long as they can," he said. "They are getting a lot of political pressure." He added that he had taken legal advice about what to do next.
"We've also had offers of help from lawyers from all around the country," he said.
He welcomed the US government's intervention, saying it would highlight the issue of whether it was possible to stop the spread of 3D-printed weapons.
Unlike conventional weapons, the printed gun - called the Liberator by its creators - is made out of plastic on a printer. Many engineering firms and manufacturers use these machines to test prototypes before starting large-scale production.
While desktop 3D printers are becoming more popular, Defense Distributed used an industrial 3D printer that cost more than £5,000 to produce its gun. This was able to use high-density plastic that could withstand and channel the explosive force involved in firing a bullet.
Before making the Liberator, Mr Wilson got a licence to manufacture and sell the weapon from the US Bureau of Alcohol, Tobacco, Firearms and Explosives.
The Bureau told the BBC that any American could make a gun for their own use, even on a 3D printer, but selling it required a licence.
Mr Wilson, who describes himself as a crypto-anarchist, said the project to create a printed gun and make it widely available was all "about liberty".

WTOP and Federal News Radio Websites Back After Cyber Attack

The news websites, WTOP.com and FederalNewsRadio.com, are accessible to all Internet users following resolution of a cyber attack against the websites. Users accessing the websites from all web browsers, including Internet Explorer, have full access to both websites.
"Getting the websites back up and running safely for all users has been our top priority," said Joel Oxley, Senior Vice President and General Manager of WTOP and Federal News Radio. "We take our users' privacy very seriously, and we have taken steps to prevent similar occurrences. We apologize to our user community for any inconvenience that this incident has caused."
WTOP.com and FederalNewsRadio.com were victims of cyber attacks last week. When the attacks were discovered, an investigation was launched immediately, the malicious code was removed, additional security measures were installed, and federal law enforcement officials were notified of the incident.
Access to the websites from Internet Explorer web browsers was blocked to allow for a careful examination of how site security was compromised and after the initial review, which suggested the hackers may have targeted Internet Explorer users.
Full access to the websites was restored on Saturday evening, May 11, 2013, after a review of site security and implementation of recommendations to fix the vulnerabilities the attacker exploited to gain access to the websites. The review was conducted and recommendations were made by Mandiant, an internationally recognized cybersecurity consulting firm.
"We have found and eliminated the vulnerabilities that were exploited," said John Spaulding, the Washington, D.C. Director of Information Systems for Hubbard Radio, the parent company of WTOP and Federal News Radio.
Computers infected with the malware may display a pop-up message indicating that the computer is infected with a virus. This pop-up message may be fake if it prompts the user to click on a link, which takes them to a website that is not recognized by the user. This fake website offers security software for sale and prompts users to provide personal information, including credit card numbers. Users should not provide information, if prompted to do so.
Computers with up-to-date anti-virus programs and security software should identify the malware and provide instructions on how to delete or quarantine it.
Out of an abundance of caution, WTOP.com and Federal News Radio users who accessed the websites from any web browser during the cyber attack, which occurred approximately from May 5 to May 7, are encouraged to update and run their security software and perform a malware scan on their computer. (See below for more information on how to run a malware scan.)
In addition, the passwords for all registered users and users who receive breaking news, daily headline or other emails from both websites have been reset. These users have been contacted directly, informed of the need to reset their passwords the next time they visit the websites, and encouraged to change their passwords on other websites where they use the same password.
"During the cyber attack, it is possible the database of WTOP.com and FederalNewsRadio.com email users may have been compromised. However, we have no evidence that any log-in information was actually acquired by the hackers," said Spaulding.
Neither WTOP.com nor FederalNewsRadio.com collect or store social security numbers or credit card information.
WTOP.com and FederalNewsRadio.com are reaching out to all users, via email messages and through social media, to make them aware of the situation. More information on how to detect malware on a computer can be found below.
How do I know if my computer was infected?
The malware attack targeted the Internet Explorer browser. If you accessed WTOP.com or FederalNewsRadio.com from Internet Explorer recently, you may have been infected. While other browsers may not have been directly infected, the malware still may have installed a cookie on your browser. We urge everyone to clear their cookies and browser cache no matter what browser they have been using to access WTOP.com or FederalNewsRadio.com, and to do a full virus scan on their machine (see instructions below).
An infected machine may exhibit some or all of the following behavior:
Active programs will be shut down.
Fake virus scanner, often labeled "Internet Security," will automatically open and run.
Inability to open or access any programs or applications. Attempting to do so may result in a fake virus warning.
Periodic pop-ups displaying a fake warning and/or prompting the user to purchase the full product.
The malware (often called amsecure.exe) resides in memory and adds itself to the list of startup programs.
An infected machine will likely open numerous windows with an error message such as:
"Amsecure.exe warning! Application cannot be executed. The file cmd.exe is infected. Please activate your antivirus software."
"Warning! Running Trial version!! The security of your computer has been compromised! Now running trial version of the software! Click here to purchase the full version of the software and get full protection for your PC!"
"Attention. Suspicious software activity is detected by Amsecure.exe on your computer. Please start system files scanning for details."
"Amsecure.exe detects application that seems to be a key-logger. System information security is at risk. It is recommended to enable the security mode and run total System scanning."
"Warning! Name: taskmgr.exe. Name: C:WINDOWStaskmgr.exe"
You may also see error messages when trying to access the Internet, such as the ones below:
Iexplore caused an Invalid Page Fault in module3 (the number at the end can vary)
The web page you requested is not available offline
Explorer caused an exception C06D007EH in module Sens.dll
What do I do if I was infected with malware?
If you don't already have an anti-virus program on your machine, download one. Some free possibilities are AVG or Avast. A removal tool, which may help, can be found here. The best practice for removing malware is to download the anti-virus program to a trusted, non- infected computer instead of the computer which you believe has the virus.
If you have access to a trusted, non-infected computer:
Download the anti-virus program and save it to a CD or flash drive.
Reboot the infected computer.
As soon as you see the screen come on, begin tapping the F8 key.
You should soon see a menu of options. Use the arrow keys to move up and down the options list (your mouse won't work) until the "Safe Mode" option is highlighted.
Press "Enter" to choose "Safe Mode".
After the computer is done booting into safe mode, insert the CD or flash drive that contains the anti-virus program you downloaded earlier. Navigate to the drive that contains the program. Run the anti-virus program by double clicking on it.
Run a full scan on the computer and have it remove any infected files.
Restart the computer into its regular state.
If you do not have access to a trusted, non-infected computer:
Reboot the infected computer.
As soon as you see the screen come on, begin tapping the F8 key.
You should soon see a menu of options. Use the arrow keys to move up and down the options list (your mouse won't work) until the "Safe Mode with Networking" option is highlighted.
Press "Enter" to choose "Safe Mode with Networking".
After the computer is done booting into safe mode, open a browser and download the removal tool from:
http://www.sophos.com/en-us/threat- center/threat-analyses/viruses-and-spyware/Troj~FakeAV-GOJ.aspx
Run a full scan on the computer and have it remove any infected files.
Restart the computer into its regular state.

Microsoft Security Intelligence Report 14 released

The Microsoft Security Intelligence Report (SIR) analyzes the threat landscape of exploits, vulnerabilities, and malware using data from Internet services and over 600 million computers worldwide. Threat awareness can help you protect your organization, software, and people.

Reporting period

This volume of the Microsoft Security Intelligence Report focuses on the third and fourth quarters of 2012, with trend data for the last several years presented on a quarterly basis. Because vulnerability disclosures can be highly inconsistent from quarter to quarter and often occur disproportionately at certain times of the year, statistics about vulnerability disclosures are presented on a half-yearly basis.
Throughout the report, half-yearly and quarterly time periods are referenced using the nHyy or nQyy formats, where yy indicates the calendar year and n indicates the half or quarter. For example, 1H12 represents the first half of 2012 (January 1 through June 30), and 4Q11 represents the fourth quarter of 2011 (October 1 through December 31). To avoid confusion, please note the reporting period or periods being referenced when considering the statistics in this report.

Increasing complexity of today

Amid the increasing complexity of today’s computing threat landscape and the growing sophistication of criminal attacks, enterprise organizations and governments are more focused than ever on protecting their computing environments so that they and their constituents are safer online. With more than a billion systems using its products and services worldwide, Microsoft collaborates with partners, industry, and governments to help create a safer, more trusted Internet.
Computers that did not have up-to-date real-time antimalware protection were 5.5 times more likely on average to report malware infections each month than computers that did have protection. The CCM for unprotected computers ranged from 11.6 to 13.6, and the CCM for protected computers ranged from 1.4 to 3.8.
Computers running Windows 8 had the highest rate of protection, with just 8.1 percent of computers running the 32-bit edition and 7.0 percent of computers running the 64-bit edition lacking up-to-date real-time protection. Windows 8 includes real-time antimalware and antispyware protection by default,2 which is likely a significant factor in the reduced number of Windows 8 computers not running security software; previous releases of Windows did not include real-time antimalware software by default. In addition, Windows 8 was only generally available for slightly more than two months of the half-year period, which provided less of an opportunity for real-time protection to expire or to be disabled by computer users or by malware.
Among supported releases of Windows, the lowest rate of protection was observed on computers running the RTM version of Windows 7, of which 32.3 percent of computers running the 32-bit edition and 28.2 percent of computers running the 64-bit edition lacked up-to-date real-time protection. Computers running Windows 7 SP1, the most recent service pack available for Windows 7, were significantly less likely to lack real-time protection than computers running the RTM version.

45 Million dollar hack: Mastermind shot dead, Dutch mother & son jailed

The German government published today that they have arrested two Dutch persons that have played a role in the 45 Million hack. The mastermind Alberto Yusi Lajud-Peña has been shot dead while he was playing a game of Domino's.

Mastermind killed 

Alberto Yusi Lajud-Peña, aka "Prime" or "Albertico," (25) was sitting at a table with two friends of 20 and 18 years old when two masked men stormed and fatally struck him with two bullets. The friends were shot in their legs.
The attackers that robbed Alberto Yusi Lajud-Peña disappeared with a large envelope filled with about 100 000 dollar. The attackers were armed with an M16 rifle, a 9mm Smith & Wesson revolver and ammunition stock. Reporting claim that the attackers were arrested.
Local media reported that the murder is related to a dispute between criminal groups over the distribution of 45 million dollar.

Mother and son arrested

Two Dutch civilians have been arrested in Germany because the authority thinks that they are involved with the 45 Million hack. The mother is 56 years old and the son is 34 years old. The reports says that the mother and son made multiple debit card transactions in a single night which  totaled in 1.8 Million EURO.

Card production hacked

Anonymous hackers, who are not summoned, infiltrated computer systems that create debit cards and credit cards. The systems were located in India and the United States.

Operation was successful in a few hours

The hackers achieved to steal 45 million dollar in a period of a couple of hours.

Summary South Korean Wiper Malware Attack & Defensive Measures

Reporting and technical details surrounding the malware used in the March 20, 2013, attack on South Korean assets have been varied and inconsistent. However, there are some commonalities reported across multiple organizations that provide some level of insight into the malware, dubbed DarkSeoul.
The common attributes of the attack campaign are the following:
  • The malicious file wipes the master boot record (MBR) and other files.
  •  The malware was hard coded with a specific execution date and time and searches machines for credentials with administrative/root access to servers.
  •  The malware is written to specifically target South Korean victims.
  •  The attack is effective on multiple operating systems.
  • The design is low sophistication – high damage.
When assessing the potential risk to U.S. Critical Infrastructure and Key Resources (CIKR), it is important to understand that DarkSeoul appears to have been coded for a specific target in this case and designed to evade typical South Korean antivirus processes. As this malware is currently packaged, it is a low risk to U.S. CIKR, however, the concepts underpinning this attack would likely succeed in many common enterprise environments. For this reason, U.S. CIKR owners and operators should continue the best standard security practices to avoid infection and propagation of a wiper or other type of malware that may impact their systems.
Defensive Measures
Based on the common attributes detailed above, US‐CERT reminds users and administrators of the importance of best practices to strengthen the security posture of their organization's systems.
CIKR owners and operators should work toward a resilient network model that assumes such an attack will occur against their enterprise. The goal is to minimize damage, and provide pathwaysfor restoration of critical business functions in the shortest amount of time possible.
  • Encourage users to transfer critical files to network shares, to allow for centralized backups. Leverage technical solutions to automate centralized storage where possible to reduce reliance on end-user voluntary compliance Execute daily backups of all critical systems, including offline and offsite copies of backup media.
  • Periodically execute a practice data restoration from backups, including key databases to ensure integrity of existing backups and processes.
  • Establish emergency communications plans should network resources become unavailable.
  • Isolate any critical networks (including operations networks) from business systems, and where possible segment the business networks.
  • Identify critical systems and evaluate the need to have on-hand spares to quickly restore service.
  • Recognize that without proper internal monitoring, an organization’s “Enterprise Trust