Wednesday, 5 June 2013

NATO pledges to create hacker-busting cyber defence teams

Military personnel in a discussion
NATO has confirmed plans to create new elite cyber defence teams designed to deal with hyper-sophisticated threats.
NATO secretary general Anders Fogh Rasmussen announced the plan at a keynote in Brussels on Wednesday, confirming that the alliance will form quick-reaction cyber defence teams to protect its networks, while also aiding allies being hit by cyber attacks. The teams' services are planned to be made available to all NATO member states by October.
Rasmussen said the cyber teams' creation is an essential step that will help member states deal with an increased cyber threat, warning that no nation is currently equipped to deal with problem alone.
"Cyber attacks do not stop at national borders. Our defenses should not, either," he said. "We are all closely connected. An attack on one ally, if not dealt with quickly and effectively, can affect us all. Cyber defense is only as effective as the weakest link in the chain. By working together, we strengthen the chain."
Rasmussen cited the 2,500 significant attempts on NATO's networks over the last year as proof of the increased threat, but added that, despite the rise, the alliance is yet to suffer a serious security breach.
NATO is one of many bodies to attempt to address the growing cyber threat facing Europe. The European Commission has similarly cited improving the region's defences as a key part of its Digital Agenda and Cyber Security Strategy.
Within the UK the government has launched a slew of new initiatives to help train a new generation of security experts and increase information sharing between the public and private sector.
Most recently these have included the creation of two new cyber security higher education centres at Oxford University and Royal Holloway University London and the formulation of the Cyber Security Information Sharing Partnership (CISP).

China says US hackers attacked 2.9 million computer mainframes

China has claimed to have 'mountains' of evidence linking the US to extensive cyber hacks on the nation, and said the US government should stop making hacking accusations against the Chinese when it is just as guilty.
Director of the National Computer Network Emergency Response Technical Team Center of China (CNCERT), Huang Chengqing, reported having the data on Wednesday, according to Reuters.
He said CNCERT data links 4,062 US-based computer servers to an attack that successfully hijacked 2.91 million mainframe computers in China. Despite the severity of the attack Chengqing said it would be irresponsible to jump to the conclusion the US government was behind the attack.
"We have mountains of data if we wanted to accuse the US, but it's not helpful in solving the problem. They advocated cases that they never let us know about. Some cases could be addressed if they had talked to us, why not let us know?" he said.
The exact details of the attack reported by Huang remain vague and it is unclear which industries or individuals were targeted. At the time of publishing CNCERT had not responded to V3's request for comment on the attack.
Huang's comments come just before a scheduled meeting between president Barack Obama and Chinese president Xi Jinping. The two leaders are scheduled to meet in California on Thursday and Friday, and cyber security is expected to be a key topic on the agenda.
The two countries have been engaged in an ongoing war of words for several years now, with the US accusing the Chinese government of mounting attacks on its networks. Tensions between the two nations reached new heights earlier this year when security firm Mandiant published evidence linking an advanced persistent threat (APT) cyber campaign to a Chinese military unit.

Hackers take half million Dollar from Hospital, Probably gone to Russia

Leavenworth’s hospital district stands to recover less than half of the $1.03 million stolen in a damaging online banking theft in April.
Chelan County Treasurer David Griffiths, whose office manages the ACH account for Chelan County Public Hospital District No. 1, said Cascade Medical Center has definitely lost at least $478,886 of the total theft.
“It’s gone,” Griffiths said Friday. “Probably gone to Russia.”
About $414,800 has been recouped through coordination with outside banks where the money was fraudulently transferred. Another $109,379 from the April 19 theft remains at issue, and may not be recoverable, Griffiths said.
“It’s not been easy, I’ll tell you that. We’re still struggling with it. It’s been a lot of long hours, and this goes for the hospital too.”
The theft, from county funds held with Bank of America, was initiated on April 19 but not discovered until April 22, a Monday. Griffiths’ office noted three unauthorized transaction files that shipped a total of $1.03 million to 96 separate accounts across the country.
From there, much of the lost money was likely funneled out through wire transfers and cash withdrawals. Brian Krebs, a cybersecurity journalist, attributed the crime to hacker organizations operated from Russia and Ukraine, which hired or subcontracted freelance “mules” through a wide-ranging set of work-from-home frauds.
“I don’t know for sure, but I would guess they had almost 100 money mules they used in that scam,” said Krebs, whose blog KrebsOnSecurity identified two U.S. men bamboozled into making money transfers for the gang from their home computers. “I’d bet they probably used four or five mule recruitment networks to get that many mules.”
Criminal hackers use a variety of methods to crack banking security, including installing malware on computers to track web browsers and log keystrokes. If they succeed, they must use other methods to launder the money through the banking system, such as hiring unwitting human mules to conduct the subsequent wire transfers — a few thousand dollars each.
Krebs said the attack fits the methods of a hacker network he’s studied for four years.
“It seems like this is an organization that’s got everything it needs to perpetrate these crimes. That said, it does appear that they rely on other mule recruitment gangs to help them cash out the stolen funds.”
Cascade Medical Center executive director Diane Blake couldn’t be reached for comment Monday. Supervisory Senior Resident Agent Frank Harrill, who oversees the Spokane FBI office, said his bureau is still investigating.
“I can’t talk about progress in the investigation, understanding that it is in a very preliminary phase,” Harrill said.
The recovered funds have been netted in part by Bank of America’s internal fraud division. Krebs said online banking users can best protect their accounts by using one computer dedicated to that purpose only, “preferably one that’s not running Microsoft Windows.”
“I’m not saying Macs are any more secure,” Krebs said. “They’re not. The point is they’re not attacking Macs at this point.”
“I think the process is a secure process, if it’s properly used,” said Griffiths, who oversees accounts for 55 Chelan County taxing districts, plus the county itself. “The way governments and businesses operate — this idea of electronic transactions, like it or not, it’s not going anywhere.

Russia kills Chinese cyber spy network

Specialists of Kaspersky Lab have detected another spy network that was engaged into public and industrial espionage on the Internet.

The network, dubbed NetTraveler, has attacked more than 350 computer systems in 40 countries in nearly ten years. Cyber criminals caused largest damage to Mongolia, India, Kazakhstan, Kyrgyzstan, China, Tajikistan, South Korea, Spain, Germany, and Russia.

NetTraveler, a cyberspy network, was launched in 2004, but the peak of its activity took place from 2010 to 2013. The hackers targeted public and private entities, including government agencies, embassies, research centers, military organizations, oil and gas companies.

Most recently, the hackers attacked such industries as space exploration, nano-technologies, energy, including nuclear, medicine and telecommunications, said.
The program would infect computers through e-mail, using vulnerabilities in Microsoft Office. The amount of stolen data on all NetTraveler's servers makes up more than 22 GB.
Interestingly, NetTraveler was found to have a well-defined national identity. Up to 50 people would take part in the organization of hacker attacks. The native language for most of those people was Chinese. Noteworthy, the system was discovered shortly before the meeting between U.S. President Barack Obama and President Xi Jinping in California, at which the Americans were going to raise the issue of Chinese cyber-espionage.

Security firm Secunia announces Peter Colsted as new CEO

Official Press release:Secunia, a leading provider of IT security solutions that enable businesses and private individuals to manage and control vulnerability threats, today announced that the board has appointed Senior Director EMEA Specialist Sales at Microsoft Peter Colsted as new CEO, effective July 1st, 2013.

Peter Colsted joins Secunia from Microsoft, where he has spent 4½ years leading the Incubation Organization in Europe, Middle East and Africa building and growing new businesses for Microsoft in the enterprise space.

Since it was founded in 2002, Secunia has grown to become a world-leading provider of vulnerability intelligence and patch management solutions. The company is a highly respected provider of IT security for enterprises and government agencies worldwide, and was recently chosen as provider of vulnerability intelligence for the US Financial Services Information Sharing and Analysis Center (FS-ISAC), the industry forum for sharing critical information concerning security threats facing the financial services industry.

Choosing to bring Peter Colsted on board as new CEO, signals Secunia’s intention to accelerate growth and international expansion:

“We are very excited to bring on a leader of Peter Colsted’s caliber. With his years of executive management and leadership experience in the international IT industry, I am confident that Peter is the right person to lead and define Secunia moving forward,” said Jesper Johansen, Chairman of the Board.

Peter Colsted will work to further strengthen Secunia’s international position.

“Secunia is a fantastic company with a great technology, and is renowned in the industry for the uncompromising quality of its research. The offerings of the company perfectly match the needs of the fast-growing, global vulnerability management market, and I look forward to lead and be part of the future success of Secunia,” said Peter Colsted.

For nine consecutive years, from 2002 to 2011, Secunia achieved hyper growth year-on-year. The company employs 130 people, and started 2013 by opening a US subsidiary in Minneapolis. Approximately 95 per cent of Secunia’s revenues come from sales in EMEA and North America, with Germany and the US representing the largest markets.

Turkish Ministry of Interior website hacked by Syrian Electronic Army

Syrian Electronic army appears to be taking part in ongoing operation against Turkey government website. The team has breached Turkish Ministry of Interior website(

The team is claimed to have compromised the emails and passwords. The also promised to leak the data in next few hours.

The team also defaced the website and placed their logo :

"Rise against the injustice of Erdogan's Tyranny. Rise against the policies of hypocrisy perpetrated by the Erdogan Regime." The defacment message reads.

"Syria and Turkey are one. We salute Turkey's brave protesters"

SEA leaked the email address and password list as they promised. The leak contains over 90 entries :

Ransomware, IRC Worm, Zeus, Botnets source codes shared in Germany Torrent

Malware Must Die Team found source codes of Botnets was being shared in Germany Torrent website. 

The team successfully grabbed all of the data from the torrent.  Shortly after they downloaded the files, the account that uploaded the files was closed and the file shared was deleted.

According to the team, the malware source codes are old one , mostly from three to four years ago. "most of them are bots/botnet clients source codes of various malicious implementation and some of them are still considered a 'useable' stuff." The blog post reads.

The screenshot provided by the team apparently shows they have the source codes of Zeus, Ransomware, IRC Worm, Sql Brutter Client and UNIX Bot (Client).

Today, one more member from the team found similar source code is being shared openly via HTTP in a website hosted in Sweden

Spammers hit Twitter account of famous novelist Salman Rushdie

Salman Rushdie, British Indian novelist and essayist, has become the latest victim of the celebrity twitter account hacks.

"Shed 20 lbs of weight off your belly in only 2 weeks hxxx:// ” The tweet posted by the spammers , after compromising his twitter account @SalmanRushdie .

The link leads to a Spam website "hxxx://" where the page title says "Miracle Weight Loss Proven to work". 

Salman has manged to recover his account and post the following tweet "Apologies. My twitter account was hacked. Have changed password so the Spam should stop."

Salman is not the only celebrity who fell victim to twitter account hijacks. Recently cybercriminals compromised the twitter accounts of Cher and Alec Baldwin posted a message about a diet brand.

CCTV code comes into force despite privacy concerns

The government's 12-point plan to regulate the use of surveillance cameras has come into force, despite widespread concern that it does too little to protect the public from unwarranted invasion of privacy.
The Surveillance Camera Code of Practice aims to balance the needs of law enforcement for CCTV footage with individuals' rights to privacy.
“Through this code – and with an independent commissioner – there will be a framework in place for the first time that helps police and local authorities in the fight against crime and anti-social behaviour, while reassuring the public that cameras in public places are used proportionately and effectively,” said Lord Taylor of Holbeach, minister for criminal information.
Under the code, CCTV operators are required to stipulate the purpose of the cameras and are expected to conduct annual reviews to ensure their use continues to be justified. The code also places restrictions of the storage of footage and demands access is tightly controlled.
Forensic science regulator Andrew Rennison became the UK's first surveillance camera commissioner last year and will work in conjunction with the information commissioner to encourage compliance with the code.
The code of practice was first published last year, with a consultation programme running between February and March this year.
According to the government's own figures, nearly a fifth of respondents said they would not support the implementation of the CCTV code of practice. Many of those expressed concern over the limited number of authorities that it would cover, and doubts that private sector firms would voluntarily adopt it.
Almost a quarter also said they did not think the code of conduct would create greater transparency from CCTV operators. The government said it would review whether more authorities needed to be covered by the code and whether further legislation was needed to cover the private sector by 2015.
There have been growing concerns over the proliferation of CCTV devices, many of which are connected to the internet. Last year, researchers discovered that many CCTV systems used by businesses and home owners could be easily compromised, allowing would-be snoopers free reign to use the devices to spy on properties.

Kaspersky uncovers advanced Operation NetTraveler malware attacking UK systems

Digital security padlock red image
Kaspersky Lab has uncovered a dangerous cyber espionage campaign stealing vast amounts of sensitive data from 350 unnamed ‘high profile' businesses and government agencies, some of whom are based in the UK.
The Russian security firm reported uncovering the campaign, codenamed Operation NetTraveler, on Tuesday, confirming it had detected it running in over 40 different countries. Known victims include the Uk and US as well as Canada, Russia and China.
The malware used has infected a wide variety of groups and agencies in both the public and private sector. These included government institutions, embassies research centers, military contractors and activists and several firms connected to areas of infrastructure like oil and gas industry. Kaspersky said the kit is designed for data theft and espionage purposes, but not sabotage like the infamous Stuxnet malware.
The Russian firm said that at least six of the known victims were also successfully infiltrated by the previously discovered Red October campaign, indicating there are several high-profile, well funded hacker groups active in the wild. Red October is a cyber espionage believed to be run by cyber criminals in Russia, uncovered by Kaspersky in January.
Kaspersky Operation NetTraveler
Kaspersky said initial analysis suggests the campaign's command and control servers are used to spread and install further malware, as well as forward stolen data, on infected machines. The malware focuses on collecting keyloggs as well as various types of files including PDFs, Excel sheets, Word documents and other files. Kaspersky estimates it has already successfully stolen at least 22GB of data from its known victims.
Worse still, the Russian security vendor reported seeing at least one example of the criminals using the malware as a backdoor, warning it could theoretically be customised to steal other types of sensitive information.
The campaign initially targets its victims using tailored spear-phishing emails infected with malicious Microsoft Office attachments. The malicious attachments target the CVE-2012-0158 and CVE-2010-3333 vulnerabilities. Both the vulnerabilities have been patched by Microsoft. Kaspersky Lab recommended all network administrators check their systems and ensure the patches are installed.
The campaign is one of many sophisticated threats uncovered by Kaspersky Lab in recent years. The firm also played a part uncovering the notorious Flame malware.

Apple posts security update for OS X and Safari flaws

Apple logo
Apple has posted updates to address major security vulnerabilities in its OS X Lion, Mountain Lion and Safari releases.
The company said that the update would include both fixes for its trademark desktop operating system and its browser which will patch a number of security vulnerabilities which can be remotely targeted by attackers.
Among the fixes include updates for remote code execution vulnerabilities as well as patches to address cross-site scripting and denial of service errors.
For OS X, the update includes remote code execution patches for issues ranging form the handling of network messages to movie files and a flaw which could allow for the FileVault security component to be remotely disabled. The update also includes fixes for the OpenSSL component and the QuckTime media player component.
For Safari, the update will include more than two dozen security updates to fix security holes in both the browser itself and its WebKit engine.
The company said that the browser update includes fixes for cross-site scripting attacks which could allow an attacker to remotely send users to a hostile web page as well as memory corruption issues which could allow an attacker to execute code on a targeted system.
Apple did not mention any reports of attacks on the vulnerabilities in the wild.
Users can obtain the update through Apple's Software Update utility on OS X systems or through the company's download site.