Wednesday, 12 June 2013

Think about it --- Cyber war

Cyber weapons versus physical weapons - which one will win? The cyber weapons will be able to sabotage an specific environment to do exactly what the cyber weapon is build for. This is the same for autonomous cyber weapons that are being used. But then you will have to think about the following;
 How will an cyber commander be able to change the agenda of an autonomous cyber weapon once there has been a change in strategies?
He simply won't be able to do so. That is why when in an time of conflict the weapons that will be used will be a mixture of cyber weapons and physical weapons.  The war will only be won when there is an army with physical weapons. Cyber will not be enough to win a war.
1. What will happen when a autonomous cyber weapon falls in the hands of the enemy?
2. Stuxnet won a battle?
3. Retaliation in cyber conflict, how do you see this?
If you want to win a war, you will need the human aspect. 

Mozilla and World Wide Web Foundation petition US government over NSA PRISM spying

capitol hill
A public petition has surfaced, calling on the US Congress to investigate and disclose the full extent of National Security Agency (NSA) surveillance activities online.
The Stop Watching Us petition and open letter asks Congress to issue a public report on domestic surveillance activity and enact legislation to prevent authorities from performing wide-scale surveillance and monitoring of user activity and activity logs. Backers of the group include civil rights and user privacy groups as well as the World Wide Web Foundation and Mozilla.
The petition cites the recent high-profile data disclosures on NSA activities. A first leak reported on the existence of PRISM, a massive data archive that logged activity from multiple service providers including Google, Apple, Microsoft and Yahoo.
“This type of blanket data collection by the government strikes at bedrock American values of freedom and privacy,” the group said in its letter. “This dragnet surveillance violates the First and Fourth Amendments of the US Constitution, which protect citizens' right to speak and associate anonymously and guard against unreasonable searches and seizures that protect their right to privacy.”
Subsequent reports also found that the UK Government Communications Headquarters (GCHQ) was accessing data from PRISM in its own domestic investigations. The source of the leak was later found to be a former NSA contractor who had fled to Hong Kong shortly before releasing the data.
After word broke of PRISM, a second leak brought the release of a presidential order asking government groups to assemble a list of possible foreign targets for cyber warfare.
Fallout from the reports has spurred some of the companies named in the programme to deny knowingly contributing to PRISM. Google executives have claimed that the company had only learned of its part in the programme after the public reports surfaced.

Ex-FBI hacker tracker warns of havoc from data destorying crooks

Businesses need to improve threat alert systems to deal with the next wave of state and lone-wolf data-destroyer hackers, according to ex-FBI agent and current Kroll Cyber Investigations managing director, Timothy Ryan.
Ryan told V3 that during his tenure at the FBI and current role at Kroll he has seen an alarming spike in the number of hackers only interested in causing harm.
"Thirty years ago hackers would make your computer do funny things, just to prove they could. Then we had a group that wanted to monetise hacking, stealing money from banks. Somewhere in between there's also always been national security-level espionage going on," he said.
"But lately we're seeing individuals not interested in data for money, but those who are more ideologically focused and in some case only want to destroy the company or the organisation. To do this, they'll do everything from DDoS [distributed denial of service] to data destruction and wiping servers."
The Kroll director said that the new wave of hackers are likely come from a range of backgrounds, which makes it difficult to effectively track them or know their exact motivations. "I think some of the ideologically motivated data destroyers are lone wolf, but some are also state sponsored. They're attacking dissident groups, they attack rival political parties, or they're trying to hurt other countries by doing things like destroying the data of their banks. I think the emergence of these data destroyers is our most pressing threat right now."
The ex-FBI agent's comments follow discovery of several hyper-sophisticated espionage-focused cyber campaigns, like Flame, Operation Red October and Operation NetTraveler. Ryan said data destroyers' overt intention to only cause harm makes them markedly more dangerous than most of the hyper-sophisticated espionage-focused attacks currently being reported in the news.
"It's unclear to me, both from my experience at the FBI and with Kroll, if some of the data stolen by nation states is actually used by nation states. Sometimes I think there's so much data they're collecting in a language that's foreign to them, they may have a problem utilising all of it. When we're talking about other things, like insider threats, the harm is more manifest. You can very easily see the harm to the company," he said.
"But if some nation state steals the CEO's email, the immediate harm facing the company is unclear. No one wants the CEO's email getting out but it's unclear if that emails getting out will cause harm, especially if that nation state isn't going to publicise it to the world."
Ryan said the data destroyer attacks are also, generally, fairly unsophisticated and only succeed due to ongoing issues in most businesses' threat alert systems. "I think that while we've seen some pretty advanced malwares, the vast majority don't reach that level of sophistication. I think it's just most IT workers are being overloaded with the amount of information they're seeing every day. There's this constant white noise of threats. It's very difficult for IT departments to know what the most pressing thing they need to do that day is."
He added that businesses will need help from the government to solve the security issues, calling for increased efforts to create a more centralised threat alert and information-sharing security service that crosses the public and private sphere. The creation of such a solution has been top of many countries' agendas.
Within the UK the government recently implemented a slew of reforms and initiatives designed to increase information-sharing between government agencies and the private sector about cyber threats. Most recently, the government launched its Cyber Security Information Sharing Partnership (CISP) in May.

PRISM creates concern in Europe as William Hague urges calm

Big data
European disquiet over how the US's PRISM snooping campaign has affected citizens on this side of the Atlantic is growing, despite repeated attempts from some officials to draw a line under the affair.
According to the leaked documents about the US National Security Agency (NSA), officials at the UK's Government Communications Headquarters (GCHQ) spy centre received 197 intelligence reports from the PRISM system in the past year.
But William Hague, the foreign secretary told Parliament that GCHQ and the British intelligence agencies operated within the rule of law.
“To intercept the content of any individual’s communications in the UK requires a warrant signed personally by me, the home secretary, or by another secretary of state,” said Hague. “This is no casual process. Every decision is based on extensive legal and policy advice. Warrants are legally required to be necessary, proportionate and carefully targeted, and we judge them on that basis.”
But members of the European Parliament are also concerned that the US has overstepped the mark with its systematic cyber snooping campaign.
Tonio Borg the European commissioner for consumer policy told an emergency debate on PRISM that the Commission would seek clarification from the US about the extent of monitoring of European citizens.
“The Commission is asking for clear commitments from the US to respect the fundamental rights of EU citizens to data protection and to access to judicial redress in the same way as it is afforded to US residents,” he said.
Meanwhile, European politicians, including German leader Angela Merkel have promised to raise the issue with US president Obama, when he heads to Europe next week for a G8 meeting.
The revelations about the extent of US snooping on internet communications first emerged late last week. Yesterday, the whistleblower broke cover, revealing himself as Edward Snowden, a former IT contractor for the NSA.
Meanwhile, privacy campaigning group, the Electronic Frontier Foundation called on international users to boycott internet firms that co-operated with the NSA spying programme. Firms such as Facebook, Google, Apple and Microsoft have been implicated in the PRISM scandal, although all have denied knowledge of the programme.

PRISM: Twitter backs Google, Facebook and Microsoft on right to reveal government data requests

Twitter Logo
Twitter has added its voice to those of Google, Microsoft and Facebook in calling on the US government for the right to share more data with the public on how they handle information requests.
Twitter general council Alex Macgillivray said in a message on the site that he backed the calls as it would help improve transparency.
His comment came after an open letter was sent to the director of the FBI and the US attorney general Eric Holder by Google asking to be allowed to share more data on the information requests it receives from law enforcement.
Google wants permission to disclose the details of those requests through its Transparency Report programme. Currently, the report allows Google to tell the public limited statistics on how many government data requests the company receives and how many it grants.
Now, the company wants to also be able to tell the public how far those data requests reach and to what extent the requests are made through the Foreign Intelligence Surveillance Act (FISA).
Google legal chief David Drummond said in the letter: “Assertions in the press that our compliance with these requests gives the US government unfettered access to our users’ data are simply untrue.
“However, government non-disclosure obligations regarding the number of FISA national security requests that Google receives, as well as the number of accounts covered by those requests, fuel that speculation.”
Microsoft and Facebook have joined the calls for greater transparency, in the face of growing anger over US snooping.
Microsoft said in a statement: "Our recent report went as far as we legally could and the government should take action to allow companies to provide additional transparency."
Facebook also said in a statement that greater freedom to share details of data requests would enable it to provide users with "a complete picture of the government requests we receive, and how we respond."
The tech giants have been aggressively trying to distance themselves from the US government and its agencies ever since word broke that the companies were contributors to the controversial PRISM data archive.
All insisted they did not willingly participate in helping to build the system and were only made aware of PRISM when the first press reports surfaced. The release of the data by a whistleblower who worked on contract with the NSA has sparked an outcry from privacy and civil rights groups.

Linux kernel exploit targeting Android platform discovered

Google Android
Symantec has warned that a recently discovered kernel exploit for the Linux operating system, which allows attackers to gain complete control of infected devices, has been ported to the Android smartphone platform.
The Android malware is capable of bypassing the system's sandboxing capabilities, which are used to prevent programs from performing sensitive systems operations or interfering with other applications installed on the handset, according to Symantec.
Typically, these so-called privilege escalation exploits are used to access data from other applications, prevent users from uninstalling the malware, and make it possible for the attackers to send premium rate text messages from the handset.
“Until a patch is made available for all Android devices affected by this exploit, and to avoid becoming a victim of malicious applications, we recommend that you only use reputable marketplaces for downloading and installing applications,” Symantec researchers wrote on a company blog.
While the exploit was originally conceived for Linux, Android shares much of its source code with the open source operating system, making it easier for attackers to modify the malware for the hugely popular mobile system.
The spiralling volumes of Android malware have blighted the smartphone system's assault on the enterprise, with many IT buyers reluctant to put corporate data at risk. That has persuaded some handset makers, notably Samsung, to develop their own security systems.
Samsung introduced Knox, a security service, in some models of its Galaxy S4 handsets earlier this year, although the Korean giant got itself in tangles over the UK availability of the service.

HP offers enterprise Haven from cyber criminals' $4bn big data hacking rampage

HP Discover Big Data keynote
LAS VEGAS: HP has unveiled its new Haven platform, promising it will help businesses analyse and protect their big data reserves.
The software and hardware giant unveiled Haven at Discover in Las Vegas, claiming the platform will save businesses millions of pounds, letting them more easily create, or better use existing big data analytics applications and solutions.
The platform combines technologies from HP Autonomy, Vertica, ArcSight, and Hadoop. HP said Haven is designed to be as open as possible and already has 700 connectors for various virtualisation technologies and optimised hardwares. The firm said Haven's open architecture will ensure users are not locked in to any one vendor.
The firm has also created several of its own applications to help businesses get more out of the Haven platform. The most interesting of these is HP's Operations Analytics and Actionable Intelligence Solutions applications.
Operations Analytics is a feature designed to let businesses streamline their operations by offering information-monitoring services on a variety of IT systems. HP Actionable Intelligence Solutions is a service designed to help companies monitor and improve processes in key areas such as supply chain operations.
HP executive vice president George Kadifa said the improved analytics powers will help businesses spot vulnerabilities in their systems, making it easier for them to protect their big data reserves from cyber criminals.
"The last challenge is vulnerabilities and that's a very, very significant challenge for us. It's also a very costly challenge, our current analysis shows that cyber crime in big data is at least a $4bn cost to enterprises and frankly our belief is that figure is understated and it could be as much as 10 times bigger," he said.
"You need to be able to protect this vast lake of data that you are pooling, ensuring there are no vulnerabilities around it. How do you do that? That's where HP comes in with our Haven announcement, which is centred around creating a comprehensive and complete set of solutions. We are the only people with the right approach and portfolio to unleash the power of big data."
Haven is one of many announcements to come from HP's Discover Las Vegas event. HP also unveiled a host of new storage services and solutions as well as its new line of Elite and Pro business PCs.

Microsoft delivers critical Internet Explorer update in Patch Tuesday release

Microsoft logo
Microsoft has released its monthly security update with protection for security flaws in Windows, Internet Explorer and Office.
The company said that the June Patch Tuesday release will include one bulletin rated by the company as critical as well as four bulletins that were given lower 'important' security ratings.
The critical flaw addresses a collection of 18 security flaws in various versions of Internet Explorer. If targeted, the flaws could be exploited by an attacker to remotely execute code on a targeted system. Microsoft has listed the fix as the top priority for users and administrators.
Also released in the June bulletin is a fix for a remote code execution flaw in Office and Office for Mac. The company said that it has been receiving reports of attacks in the wild actively targeting the flaw, though because a user has to manually open the file or preview it in an email to launch the attack, the flaw is not being considered to be a critical risk.
The remaining three bulletins address errors in the Windows kernel, kernel-mode and print spooler components. Possible risks from the flaws include denial-of-service errors and possible elevation of privilege attacks.
Microsoft is also releasing an update to help expand encryption protections for Windows system. The company said it would be expanding encryption features from Windows 8 to systems running Windows Vista and Windows 7. It hopes that the update will allow administrators to better manage and utilise encryption keys through the Certificate Trust List platform.

Another advanced hacking crew from China is revealed

In the spirit of last February’s report by Mandiant detailing the exploits of a Chinese-government-linked hacker group, Russian IT security giant Kaspersky Lab today released a report on another sophisticated Chinese cyber-espionage outfit, dubbed the Red Star APT (Advanced Persistent Threat) by the lab.

According to the lab, this advanced hacker group of about 50 people has been active since at least 2005, possibly 2004, and has invaded the networks of more than 350 “high profile” victims ranging from Tibetan and Uyghur freedom activists to government agencies, embassies, universities, defense contractors, and oil companies in 40 countries using “covert surveillance” and espionage software called NetTraveler. (The name sounds so innocent, doesn’t it?)
Specifically, NetTraveler is delivered via a malicious Microsoft Office file inside a spearphishing email. Once installed on a machine, it steals sensitive data from victims’ machines, records victims’ keystrokes, and “retrieves” Microsoft Office files or PDF documents, according to Kaspersky. The malware is often used in conjunction with other cyberspy tools.
One of the best details about NetTraveler that Kaspersky listed in its report is the fact that it takes advantage of an old flaw in Microsoft Office, one the Seattle-based company issued a patch for a while ago. Nevertheless, poor network hygiene allowed the malware into victims’ networks.
“It is therefore surprising to observe that such unsophisticated attacks can still be successful with high-profile targets,” notes the lab’s report on Red Star, pointing out that, by not updating their software, the victims basically did some of the attackers’ work for them — they left the digital gate unlocked. Six of the victims were even infected by the Red October malware we told you about last fall.
“It’s kind of shocking that government institutions, diplomatic institutions that have been warned they were infected, they don’t do anything about it,” said Costin Raiu, director of the lab’s global research and analysis team, today during a cybersecurity forum in Washington that his company sponsored.

So, just what does the Red Star crew appear to be looking for? Sixty percent of its targets are government embassies, militaries, and other government agencies. The rest are predominantly research institutions, manufacturing firms, and aerospace businesses. The victims are also predominantly located in Asia, with Mongolia topping that list as the host of 29 percent of victims, followed by Russia (19 percent) India (11 percent), Kazakhstan (11 percent) and Kyrgyzstan (5 percent).
Among the information the Red Star gang is looking to steal is data on nanotechnology, lasers, aerospace technology, drilling gear, radio wave weapons, nuclear power, and communications tech, according to the lab.
Red Star recruits young hackers without a lot of technical expertise “who simply follow instructions” on how to develop and release NetTraveler on a set of targets they are given, Raiu said today. “They get a toolbox, they get instructions, they get the Trojans [malware] and they get a target — 20, 25, up to 30 different targets they need to attack. Just one single successfully completed project can actually pay their monthly expenses.”
The lab doesn’t come out and say that Red Star APT is affiliated with the Chinese government, only going so far as to say it is a “medium-sized threat actor group from China.” However, a number of factors suggest it might be. NetTraveler was developed by someone with native Chinese language skills, and IP addresses traced by Kaspersky are in China. What’s more, the victims are either businesses in sectors that China wants to excel in, political groups the Chinese government wants to keep tabs on, or government organizations. That being said, Red Star could just be “a non-government hacker group who steals IP and sells to whoever is buying,” Jeffrey Carr, CEO of cybersecurity firm TAIA Global noted on TWITTER last night.

Internet Gurus Fear Iranian Assassins

For two years now Iran has been more energetically getting into Information War. This includes defense (a special Internet censorship unit) and offense (a Cyber War operation that is being detected more frequently on networks outside Iran).
While the Cyber War attacks have the attention of thousands of Internet specialists world-wide, fighting the censorship campaign against Iranian Internet users depends on volunteers, especially Iranians living abroad. There are actually thousands of these, often just informally helping family and friends back in Iran. But there are some volunteers who are extremely annoying for the Iranian censors. The Revolutionary Guard in Iran has made it clear that it is very angry with these expatriate Iranians and there is some fear that they might resort to assassination to eliminate the most troublesome of these expatriate Internet experts. Such killings are rare these days.
But from 1980 to the late 1990s Iranian assassins killed over 110 Iranian exiles who had been marked for death by the new religious dictatorship in Iran. International outrage forced the Iranians to back off and that pushback turned into more and more sanctions against the religious fanatics running Iran. After September 11, 2001 it became even more difficult for Iran to carry out these murders, because Western nations were much alert to the presence of Iranian killers and Iranian agents in general. But these killing still take place, or at least they are planned. In the last few years several assassination operations have been discovered and shut down before anyone got killed. But the Iranians are still trying.
The Iranian government is having more success at cutting most Iranians off from the Internet. The primary effort is building an internal Internet just for those in Iran who cannot be trusted with the World Wide Web.
That means most Iranians are finding it more and more difficult to reach the international Internet. Late in 2012 Iran introduced a heavily censored local version of YouTube, as YouTube itself is banned in Iran. China is helping Iran, as well as a lot of other countries, to censor use of the Internet.
China is leading a worldwide tendency for police state governments to tightly control how their subjects use the Internet. While China is considered the most vigorous and effective censor of the Internet, many other nations are using the same techniques and equipment, often obtained from China. These include Cuba, Egypt, Iran, Myanmar, North Korea, Saudi Arabia, Syria, Turkmenistan, Uzbekistan and Vietnam. None of these nations are democracies.
All are police states or monarchies determined to keep their subjects from having free use of the Internet. In most cases, the real purpose is to prevent the people from overthrowing the rulers. But there are many other nations, most of them democracies, who are also striving to control the Internet to protect their citizens from unsavory material. These nations include Australia, Bahrain, Belarus, Eritrea, Malaysia, Russia, South Korea, Sri Lanka, Thailand, Turkey, and the United Arab Emirates. Most other nations are watching these efforts, as there are many people on the planet who see the Internet as more of a threat than an opportunity.
China leads the way in all this. But it isn't all about politics. Iran, for example, wants to block its citizens from seeing pornography, anything critical of Islam and most Western entertainment. China, has made a major effort to "protect" adult Internet users from pornography, and children on the Internet from, well, everything. The government does this via its Great Firewall of China (officially the "Golden Shield") system, that filters, and eavesdrops on, Internet traffic coming into, and leaving, China.  In fact, Golden Shield is more about controlling what is said by Internet users inside China, than in controlling what they have access to outside China.
The growing number of governments seeking to control Internet content is all concerned about how they have lost control of information flow because of the Internet. This control is a matter of life and death for a dictatorship, but can be very annoying for leaders (honest or otherwise) in a democracy. No leader (elected or not) likes to have contrary opinions popping up. Something must be done.
Iran, like North Korea, is trying to create its own Internet, and prevent most Iranians from having any access with the international Internet. This is only possible if your economy is not highly dependent on worldwide Internet access. That is the case in North Korea, but Iran has an economy that deals a lot with foreign suppliers and customers.
That is changing, because of the growing list of international economic sanctions placed on Iran because of their nuclear weapons program and support for terrorism. Iran also wants more control over Internet use inside Iran because it fears that foreign spies, saboteurs and assassins are using it to collect information about targets and carry out operations

TOP 3 Government Spyware tools: PRISM, FinSpy and BlueCoat

PRISM - the spyware tool that got it's attention that it deserved by the whistle blower Edward Snowden is one of the biggest topics in the world now.

History on PRISM

PRISM is a clandestine national security electronic surveillance program operated by the United States National Security Agency (NSA) since 2007. PRISM is a government codename for a data collection effort known officially as US-984XN.
Documents leaked by Edward Snowden in June 2013 describe the PRISM program as enabling in-depth surveillance on live communications and stored information. It provides for the targeting of any customers of participating corporations who live outside the United States, or American citizens whose communications include web content of people outside the United States. Data which the NSA is able to obtain with the PRISM program includes email, video and voice chat, videos, photos, voice over IP conversations, file transfers, login notifications and social networking details.

Q&A on PRISM by British resource

Q. What is Prism?
It is a previously unknown programme run in the United States by the National Security Agency (NSA) to access data held by the world’s major internet companies, including Facebook, Google, Microsoft, Apple, Yahoo and Skype.
Q. What data can it obtain?
Detailed information about online activity, crucially including the contents of emails and live chat.
Q. How long has this been going on?
It is said to have been established in 2007 under changes to US surveillance laws passed by President George Bush and renewed last year by Barack Obama.
Q. How has this emerged?
Through a secret NSA presentation to staff which talks of “collection directly from the servers” of internet providers.
Q. How have the companies responded?
They deny knowledge of the programme despite the detail of the NSA presentation.
Q. How does this affect Britain?
As the primary sites of all the world’s major internet companies are in the United States, it means every communication by a UK national can in theory be read by NSA agents.
Q. Is this legal?
This is not clear, and privacy campaigners in Britain are investigating whether there are grounds for a legal challenge. Experts say the legislation covering the issue  is sketchy.

Similar products that did not get the same attention :) 

It amazes me on how many cyber weapons are emerging that will allow the buyer to spy on each individual that it wishes to spy on.

Fin Fisher a.k.a FinSpy

FinFisher, also known as FinSpy, is surveillance software marketed by Gamma International, a software firm with a UK-based branch Gamma International Ltd in Andover, United Kingdom, and a Germany-based branch Gamma International GmbH in Munich which markets the spyware through law enforcement channels. Gamma International is a subsidiary of the Gamma Group, specializing in surveillance and monitoring, including equipment, software and training services, reportedly owned by William Louthean Nelson through a shell corporation in the British Virgin Islands.
Controversy has resulted from it having been marketed to government security officials who were told it could be covertly installed on suspects' computers through exploiting security lapses in the update procedures of non-suspect software.Egyptian dissidents who ransacked the offices of Egypt's secret police following the overthrow of Egyptian President Hosni Mubarak reported they discovered a contract with Gamma International for €287,000 for a license to run the FinFisher software

Blue Coat spyware

Blue Coat got in the news when the Hacktivist cluster Telecomix released a 54GB censorship log that had been found on the Syrian domain.  The data was collected from seven of 15 Bluecoat SG-9000 HTTP proxies used by Syrian government telco and ISP STE in #opSyria. This is not the first time that government tools end up in environments where the regime has the last word.
Citizinlab had a nice research done about the Blue Coat software that you can find here.