Tuesday, 25 June 2013

China and U.S. war over Snowden

China rebuked the United States on Tuesday for accusing it of facilitating the flight of fugitive U.S. spy agency contractor Edward Snowden, and said suggestions that it had done so were "baseless and unacceptable".
The remarks from the Chinese foreign ministry and earlier comments from state media have underscored the strain in ties between the two countries since Snowden, who is wanted by the U.S. government on charges of espionage, fled Hong Kong on Sunday.
The White House said the decision by the Chinese territory to allow Snowden to leave was "a deliberate choice by the government to release a fugitive despite a valid arrest warrant, and that decision unquestionably has a negative impact on the U.S.-China relationship.
China rejected the accusation.
"The U.S side has no reason to call into question the Hong Kong government's handling of affairs according to law," Foreign Ministry spokeswoman Hua Chunying said at a regular briefing. "The United States' criticism of China's central government is baseless. China absolutely cannot accept it."
Hua also defended the Hong Kong government's decision to let Snowden go, saying it "handled the relevant case completely according to law.
"This is beyond dispute. All parties should respect this."
Experts on both sides however said the tirade should quickly blow over, and that neither country would be keen to let ties deteriorate permanently just weeks after a successful summit meeting between President Barack Obama and President Xi Jinping.
"China does not want this to affect the overall situation, the central government has always maintained a relatively calm and restrained attitude because Sino-U.S. relations are important," said Zhao Kejing, a professor of international relations at China's elite Tsinghua University.
"The United States has no reason to exert greater pressure, otherwise it would lose moral support."
Kenneth Lieberthal, a China expert at the Brookings Institution who was an Asia adviser in Bill Clinton's White House, said sanctioning Beijing was "inconceivable" and linking Snowden to other issues would undo careful policy aimed at handling issues in separate lanes to avoid big ruptures in ties.
"Over the years, we've sought to prevent any serious disagreement in one issue area from spilling over and degrading the entire relationship," he said.
At the summit earlier this month, Obama confronted Xi over allegations of cyber-theft. Xi earlier told a news conference with Obama that China itself was a victim of cyber attacks but that the two sides should work together to develop a common approach.
Snowden's revelations of widespread snooping by the U.S. National Security Agency in China and Hong Kong have given Beijing considerable ammunition in the tit-for-tat exchange.
"In a sense, the United States has gone from a 'model of human rights' to 'an eavesdropper on personal privacy', the 'manipulator' of the centralised power over the international Internet, and the mad 'invader' of other countries' networks," said the overseas edition of China's People's Daily, which can reflect the government's thinking.
"The world will remember Edward Snowden," the newspaper said. "It was his fearlessness that tore off Washington's sanctimonious mask."
Beijing was torn about keeping Snowden or letting him go, but decided that allowing him to leave was "the lesser of three evils", a source with ties to China's leadership told Reuters, requesting anonymity to avoid repercussions for speaking to a foreign reporter.
"If Snowden was handed over to the United States, China would be perceived to be a running dog of the United States and be criticised by (Chinese and foreign) Internet users sympathetic to Snowden," the source said.
"Allowing Snowden to continue to stay in Hong Kong or come to the mainland would cause more trouble and headache," the source said. "Allowing Snowden to leave was the only option".
The Chinese government has said it was gravely concerned by Snowden's allegations that the United States had hacked into many networks in Hong and China, including Tsinghua University, which hosts one of the country's Internet hubs, and Chinese mobile network companies. It has said it had taken the issue up with Washington.
"Not only did the U.S. authorities not give us an explanation and apology, it instead expressed dissatisfaction at the Hong Kong Special Administrative Region for handling things in accordance with law," wrote Wang Xinjun, a researcher at the Academy of Military Science, in the People's Daily commentary.
State news agency Xinhua was more conciliatory in its tone.
"Both Beijing and Washington fully know that an isolated case should not be allowed to hurt one of the most critical relationships in the world," Xinhua said in a commentary. "It is in the interest of both countries to keep the positive momentum in bilateral relations."
Still, China's academics and state media have been loud in their calls for the Obama administration to apologise to Beijing.
"The United States should not shift the real focus," said Liu Feitao, the deputy chief of U.S. studies at the China Institute of International Studies, a think-tank affiliated with China's foreign ministry.
"This thing has nothing to do with China, except that America owes China an explanation on the cyber attack leaks by Snowden.

Carberp Trojan $40K Source Code Leaked

The source code for the Carberp Trojan, which typically sells for $40,000 on the underground, has been leaked and is now available to anyone who wants it. The leak has echoes of the release of the Zeus crimeware source code a couple of years ago and has security researchers concerned that it may lead to a similar crop of new Trojans and crimeware kits.
The Carberp source code appeared online last week, but researchers quickly discovered that the compressed archive containing the source code was password protected. But then on Monday the password was published as well, giving researchers–and anyone else who could find it–access to the source code. For much of its life, Carberp was a private crimeware kit used by a crew in Russia. Several members of the alleged crew were arrested in Russia in 2012 and several months later a commercial version of the Carberp Trojan appeared on the market,going for the lofty price of $40,000.
That high price may have kept some buyers away, restricting sales to the high end of the attacker pyramid. However, now that the source code is freely available, that may change quickly. Carberp is a powerful crimeware kit designed to give attackers the ability to steal large amounts of sensitive data from infected PCs. It has a set of plugins that can disable antimalware applications and also can find and kill other pieces of malware on a machine. Newer versions of the Carberp Trojan also include a bootkit, a set of functions that infect PCs at the lowest level and maintain persistence.
Security researchers who have seen the leaked source code for Carberp say that it includes the bootkit code, along with code for what appear to be several other well-known pieces of malware.
“The package also include the Carberp bootkit along with other source codes for what seems to be e.g. Stone bootkit, Citadel, Ursnif etc. The package is currently undergoing deeper analysis. We also found several text files containing apparently private chats and various usernames and passwords for several FTP servers. This also needs to be investigated further,” Peter Kruse of CSIS Security in Denmark wrote in an analysis of the source code leak.
“As with the leakage of the ZeuS source code, back in May 2011, this means that it-criminals have every chance to modify and even add new features to the kit. The very same thing we predicted in 2011 and which fueled new commercial crimekits still being used in attacks today such as IceIX and Citadel.”
Whether the same kind of phenomenon occurs in the wake of the Carberp cource code leak remains to be seen, but its release is not good news for consumers. It potentially puts the crimeware in the hands of a much larger group of attackers, putting more users at risk. However, it also enables security researchers to take a deep look at the malware and its inner workings, which will help them get a handle on how to defend against it.
Kruse said via email that as best he ca tell, the Carberp source code that’s been posted is the genuine article, but he hasn’t had a chance to dig through every bit of it yet.
“It looks like the complete source code but there is no way to tell if there is a newer version or if it has been backdoored. It takes time to go through all this code. However the code we have tested compiles fine and works but due to the size and complexity it takes time – even for a skilled code reviewer – to go through all this source code,” he said.

Swiss court blocks Credit Suisse data transfer to U.S

A Swiss court has ordered an injunction halting the transfer of a former Credit Suisse employee's data to U.S. authorities as part of the bank's attempt to settle a tax investigation, a lawyer involved in the case said on Tuesday.
Douglas Hornung, a Geneva-based lawyer acting for the former Credit Suisse employee, said the ruling was made on June 21, confirming a preliminary decision in January.
The judgment could render it more difficult for banks to reach individual settlements with U.S. authorities in a long-standing row over tax evasion.
Credit Suisse spokesman Marc Dosch declined to comment.
The court ruling comes only days after Swiss lawmakers threw out a draft law aimed at providing a legal basis for banks to hand over this kind of data to U.S. authorities in an attempt to avoid prosecution.
The government plans an executive order to allow banks to hand over data but its efforts could be stymied by more legal action by bank staff fearful of U.S. extradition if they leave the country.
"It will set a precedent and could be repeated for other employees who had access to U.S. clients," Hornung, who also represents other former bankers, told Reuters on Tuesday.
Credit Suisse, like other Swiss banks subject to U.S. investigations, has already made several transfers of data on employees linked to accounts of its U.S. customers in an attempt to avoid indictment and minimize fines.
The last transfer was in June.
Switzerland's biggest bank, UBS, was forced to pay a $780 million fine in 2009 and deliver the names of more than 4,000 clients to avoid indictment.
However, a U.S. indictment felled Wegelin & Co this year. Switzerland's oldest private bank paid a $58 million fine and closed its doors for good after pleading guilty to helping Americans to evade taxes through secret accounts

South Africa government Knew British Agents were spying

South Africa was well aware British agents were spying on foreign delegates during the 2009 G20 summit, but chose to deal with the matter privately to avoid being embarrassed, reports the Mail & Guardian (M&G).
According to the newspaper, a source in the Department of International Relations and Co-Operation (DIRCO) revealed SA strengthened its cyber security measures as soon as it became aware of the surveillance by the UK’s Government Communications Headquarters.
As part of the strengthened security measures, SA’s government ministers are reportedly not allowed to use any host country's communication tools when visiting other countries.
A recent report by the UK Guardian newspaper revealing South African delegates’ communications were intercepted, so that the UK government could find out more about the negotiating position of SA, apparently comes as no surprise to government. "What was carried in that Guardian article is something we already knew,” the international relations source is quoted as saying.
DIRCO spokesperson Clayson Monyela this morning declined to comment on the M&G report, saying “no country anywhere in the world will be willing to discuss security issues”.
DIRCO last week called on the UK government to probe the spy allegations and take action against those involved. “We do not yet have the full benefit of details reported on, but – in principle – we would condemn the abuse of privacy and basic human rights, particularly if it emanates from those who claim to be democrats,” said the department.
Matter of national security
Professor Jane Duncan, Highway Africa chair of Media and Information Society at Rhodes University, recently noted the problem of cyber breaching has already been escalated to a national security threat. The government’s cyber security policy framework has been transferred from the Department of Communications to that of state security.
ITWeb reported earlier this month that the so-called Spy Bill has been signed off by the National Council of Provinces and is now only awaiting president Jacob Zuma’s signature before being passed into law. The Bill will allow state security agencies carte blanche to intercept foreign electronic communication signals.
The General Intelligence Laws Amendment Bill deals with state security agencies’ ability to monitor and intercept signals, but the final version has omitted the previous reference to foreign signals, creating concern that there are no rules in place as to how the government can monitor and intercept communications passing through foreign servers.
In an article published by M&G, Duncan says the main cyber security threats in SA are not related to national security, but related to crime and, more specifically, fraud. “While there is no denying that cyber crime is a terribly serious issue, there are unexamined implications for users' Internet rights if we simply accept this criminal matter is so grave that it should be escalated to the level of a threat to national security, and that therefore the Department of State Security should become the lead agency on cyber security matters,” said Duncan.
On the run
Meanwhile, former US spy Edward Snowden, who leaked the information to the Guardian and is now sought by US authorities on espionage charges, has applied for asylum in Ecuador.
Snowden reportedly left Hong Kong early yesterday morning on a flight headed for Moscow.
The Guardian reports Snowden has officially been charged with theft of government property, unauthorised communication of national defence information, and wilful communication of classified communications intelligence information to an unauthorised person.
Ecuador's foreign minister, Ricardo Patino, said earlier today that his nation has received Snowden's request for political asylum, but no decision has been taken. "We will make a decision on this; we are analysing this with a lot of responsibility."

Mafia uses Skype and Whatsapp to run cyber rackets

Law enforcement agency Europol has detected an alarming increase in the number of cyber scams being run by Italian Mafia groups.
Europol issued the warning in its 2013 Threat Assessment of Italian Organised Crime, confirming that it has seen a marked increase in Mafia groups' use of internet tools and services as both a means to streamline their real-world operations and to mount money-making cyber scams. The agency highlighted criminals' use of free services, such as Skype, as a particular issue.
"Overall the phenomenal growth of the internet has brought positive developments in everyday life. It offers a wide range of opportunities to business and public alike, including facilitating an unprecedented reach to the wider public and providing secure information exchange (including the use of popular encrypted messaging services such as Skype, Viber, Whatsapp)," said the report.
"These opportunities apply equally for organised crime, enabling it to engage in highly profitable quasi-legal or illegal services or activities and any effective strategy to counter organised crime will have to take this key enabler into consideration."
Europol said it has only detected the tip of the cyber iceberg and is yet to ascertain the true level and scale of the Mafia cyber threat, though it is undoubtedly a big one.
"Easy profits, low regulatory scrutiny, and possibilities to operate anonymously are an inevitable attraction to Italian organised crime groups, which – though the nature and scale of the threat is not yet clear – are likely to increase their engagement in this field in the near future," it said.
"Cyber crime in the wider sense is the new frontier, and the Mafias have a pioneering attitude to new markets."
The Italian Mafia is one of many criminal groups entering into the cyber space. Europol reported seeing a similar trend in numerous other European regions in its Serious Organised Crime Threat Assessment report earlier this year.
Despite the rapid increase in cyber crime levels Europol has mounted several successful raids on cyber criminal gangs. Most recently Europol reported taking down an Asian criminal network believed to have stolen around 15,000 credit card numbers.

Google must delete Street View WiFi data by late July

Google Street View car
Google must delete all the remaining WiFi data gathered by its Street View cars by 25 July, or face a possible contempt of court action. However, the firm has avoided a fine from the Information Commissioner’s Office (ICO) in the latest twist in the long-running saga.
ICO head of enforcement Stephen Ecklersley said the action was designed to place a final warning on Google over its requirements under UK law.
“Today’s enforcement notice strengthens the action already taken by our office, placing a legal requirement on Google to delete the remaining payload data identified last year within the next 35 days,” he said.
“[It must also] immediately inform the ICO if any further disks are found. Failure to abide by the notice will be considered as contempt of court, which is a criminal offence.”
The ICO confirmed to V3 the data must be deleted by 25 July.
Google admitted some data had not been deleted and remained on its disks last July while new evidence came to light from the Federal Communications Commission (FCC) that the search giant knew more about the collection of data by its Street View cars than it had originally claimed. This prompted the ICO to reopen its investigation.
Reporting its latest findings, the ICO said its investigation found “the collection of payload data by the company was the result of procedural failings and a serious lack of management oversight including checks on the code”.
However, it also concluded there had no been deliberate intention to collect the data at any senior level. The ICO also said that because the data gathered had not been at risk of being accessible at any time there was no scope for a fine.
Ecklersley chided Google over the whole incident, though, highlighting the matter as an example of the sorts of things that can go wrong when firms do not consider data protection concerns.
“The early days of Google Street View should be seen as an example of what can go wrong if technology companies fail to understand how their products are using personal information,” he said. “The punishment for this breach would have been far worse, if this payload data had not been contained.”
Google reiterated its stance that the data gathered was never used and said it accepted the ICO’s findings.

"We work hard to get privacy right at Google. But in this case we didn't, which is why we quickly tightened up our systems to address the issue. The project leaders never wanted this data, and didn't use it or even look at it.

“We cooperated fully with the ICO throughout its investigation, and having received its order this morning we are proceeding with our plan to delete the data."
The head of communication, media and technology law at CMS, Chris Watson, said that the lack of a fine for Google undermined the ICO’s authority.

“The regulator has teeth but it doesn’t look as if he is prepared to use them,” he said.

“This is worrying because requiring proof of damage before imposing penalties goes against the whole spirit of effective enforcement of these rules.”
The action taken by the ICO is notably lighter than in other nations such as Germany where Google was fined £124,000 for its data gathering from the Street View cars.

EU rules Google does not have to delete personal data from search index

google logo search engine seo
Google does not have to delete data that appears in its search index on citizens, according to a ruling at the European Court of Justice, which could have notable ramifications for the 'right to be forgotten'.

The EU ruling was made as a recommendation to the Court of Justice by advocate general Niilo Jääskinen as part of a case brought against Google by a Spanish citizen who wants potential harmful search results on his name removed from its index.

In the ruling Jääskinen said Google and other search engines are not subject to privacy requirements under current European data protection law.

"Search engine service providers are not responsible, on the basis of the Data Protection Directive, for personal data appearing on web pages they process," he said in his official ruling, published by the court.

He went on to explain that based on current laws citizens do not have a right to be removed from search indexes within the framework of the Data Protection Directive.

“The Directive does not establish a general 'right to be forgotten'. Such a right cannot therefore be invoked against search engine service providers on the basis of the Directive,” he said.
The decision was welcomed by Google head of free expression, Bill Echikson: “We’re glad to see it supports our long-held view that requiring search engines to suppress ‘legitimate and legal information’ would amount to censorship," he said.
The ruling is not binding but the opinion is given to the judges of the court, who now begin their deliberations in this case, and usually the decisions match the initial opinion. A final judgment will be given at a later date, likely at the end of the year.
Data protection lawyer Stewart Room from Field Fisher Waterhouse told V3 that the ruling threw up several interesting elements and would be warmly welcomed by the search community.

“The interest, for the lay person, is the opinion that there is no general right to be forgotten within the current Data Protection Directive, or the EU Charter on Fundamental Rights,” he said.

“Therefore, national data protection regulators can't order a search link to be disabled within a search engine's index, provided that the search engine didn't wrongly spider a website in the first place contrary to any no-robots coding.”

Hackers target 30,000 SME websites per day to spread malware

Digital security padlock red image
Small business websites have overtaken porn and gambling sites as cyber criminals' malware distribution tools of choice, according to Sophos director of technology James Lyne, who said the lack of skilled professionals to tackle this issue is leaving the UK wide open to attack.
James Lyne is the technology director at SophosLyne (pictured left) told V3 the number of hijacked SMB sites being unwillingly used by criminals to spread malware has risen exponentially in 2013. "Interestingly, we're seeing about 30,000 new infected websites per day," he said.
"What's interesting about those web-based infections is that over 80 percent of them are actually small businesses – not porn sites, not gambling sites or any of the scarier types – but legitimate small businesses' websites that have been hacked."
Lyne highlighted a recent Home Office report revealing that SMEs spend as little as £200 per year on cyber security as a key reason for the pandemic, claiming even basic security measures could stop hackers in their tracks. "A lot of the time its an SQL injection that comes about because of poor security coding practices," he said.
The Sophos director added that criminals' tenacity is already causing massive damage to the UK economy. "Undeniably, billions of pounds a year are being lost and the majority of that falls to cuts to small businesses," he said, and predicted that the situation would get worse. "We're hitting about 250,000 new pieces of malicious code a day, which is a lot. By the end of the year I expect we'll hit the 300,000 mark," he said.
Despite the scale of the issue, Lyne said throwing money at the problem is not the answer. "Yes you could increase spending to get more security technology in but I advocate a different path, which is raising skills and awareness. This is because, while technology is critical to good security, it's useless if you don't have people with the skills to deploy it and if you don't have staff members who know what they should and should not click on."
Lyne said to truly solve the problem the UK government needs to increase the importance of cyber security in education. "We need general awareness, like the health and safety or sex education campaigns in school. We need that basic societal understanding about how to be good net citizens and we are not doing a good enough job of that," he said.
He added that as well as teaching children cyber best practice tips, the government must also work to increase the number of young people training to become cyber security professionals.
"We need cyber security and the security profession to be recognised like English, maths or science. It's a big statement, but given the state of the gap and the importance of these skills to our society across the board and our economy I don't think it's unreasonable," he said.
Lyne highlighted the ongoing shortage of skilled cyber security professionals as proof of his claim. "We have a huge problem as if you actually go and search for Infosec roles, you'll find most of them demand a minimum of at least two-to-three years experience and many five plus. We have this chicken and egg problem where everyone's looking for experienced people, but there aren't experienced people, just plenty of people who would like to get into it and can't, so its a self-perpetuating cycle," he said.
The Sophos director is one of many to highlight the UK's cyber skills gap as a key problem facing the country. The UK government spending watchdog the National Audit Office (NAO) released a report claiming the skills gap would last 20 years and would cost the nation £27bn a year.

Facebook data breach: Security experts call for reforms

Image of Facebook logo and login screen
Security experts are calling for tighter controls on social networking sites following the discovery of a security flaw that has left the account information of millions of users vulnerable to harvest.
Packet Storm, the security firm that reported the vulnerability and worked with Facebook to address the data disclosure flaw, said that legislators must craft stricter laws on how social networking firms can manage data and how users can manage their information.
The company said: “There comes a time when a line in the sand must be drawn. We need clearly defined legislation that dictates when that line is crossed and what the repercussions should be. We need to clearly document what is considered sensitive information tied to a personal identity versus what should be considered public domain.”
The issue, disclosed by Facebook last week, is with the site's Download Your Information feature. The flaw improperly stores contact information on friends, allowing users to spot the email addresses and phone numbers of contacts who may not have otherwise been visible.
Mike Gross, director of professional services for security firm 41st Parameter, said that while the data may only be available to friends, an attacker could exploit the feature to target the friends and family of a compromised user.
“This makes phishers' jobs much easier, as they now potentially have access to an email address, as well as the individual's closest connections/relationships," Gross explained.
"So rather than getting a phishing e-mail with a link from Facebook or another site, a fraudster could make the phishing e-mail look as though it is originating from your close friend with a link that looks legitimate but sends the user to a site that downloads malware to their device."
Packet Storm noted that while Facebook has worked quickly to address this incident, the real danger lies in the way that social networking sites are allowed to manage user data. The company believes that government intervention may be needed to set a standard for how sites can manage and revoke access to user data.
Facebook reacted to the incident in a responsible manner in order to fix the leak. What is not fixed, is their policy,” the company said.
They will continue to maintain dossiers with your personal information without giving you any control over it. They simply claim it is not your data, it is your friend's.”

Cyberinfocts Hackers Forum

This forum is a place where people who are interested in IT Security come together and discuss about the latest threats and how they can tackle them. The interactive Professional  Forum is designed for professionals working in Information Security  and related fields to come to share ideas and experience.

The sessions are practical based with the latest tools, and approach.
The Next Forum Details
Date: 13th July 2013
Time: 10 am Prompt
Venue : No 2 Allen Avenue Buffallo Plaza Ikeja Lagos

Hacking Exposed by Adebayo Mofehintoluwa
 Bluetooth Hacking by Chidi Obum
Working with Wireshark by Chidi Obum
IT Compliance -- PCI DSS (Credit Card) by Adebayo Mofehintoluwa

Registration Fee: 500
To reserve your seat please call 07037288651 or visit   http://cyberinfocts-security.eventbrite.com

Security experts call for reforms in wake of Facebook data breach

Image of Facebook logo and login screen
Security experts are calling for tighter controls on social networking sites following the discovery of a security flaw that has left the account information of millions of users vulnerable to harvest.
Packet Storm, the security firm which reported the vulnerability and worked with Facebook to address the data disclosure flaw, said that legislators must craft stricter laws on how social networking firms can manage data and how users can manage their their information.
“There comes a time when a line in the sand must be drawn. We need clearly defined legislation that dictates when that line is crossed and what the repercussions should be,” the company said.
“We need to clearly document what is considered sensitive information tied to a personal identity versus what should be considered public domain.”
The issue, disclosed by Facebook last week, centres on the site's Download Your Information feature. The flaw improperly stores contact information on friends, allowing users to spot the email addresses and phone numbers of contacts which may not have otherwise been visible.
Mike Gross, director of professional services for security firm 41st Parameter, said that while the data may only be available to friends, an attacker could exploit the feature to target the friends and family members of a compromised user.
“This makes phishers' jobs much easier, as they now potentially have access to an email address, as well as the individual's closest connections/relationships," Gross explained.
"So rather than getting a phishing e-mail with a link from Facebook or another site, a fraudster could make the phishing e-mail look as though it is originating from your close friend with a link that looks legitimate but sends the user to a site that downloads malware to their device."
Packet Storm noted that while Facebook has worked quickly to address this incident, the real danger lies in the way that social networking sites are allowed to manage user data. The company believes that government intervention may be needed to set a standard for how sites can manage and revoke access to user data.
Facebook reacted to the incident in a responsible manner in order to fix the leak. What is not fixed, is their policy,” the company said.
They will continue to maintain dossiers with your personal information without giving you any control over it. They simply claim it is not your data, it is your friend's.”

Interpol anti-hacker agents to attend Trend Micro cyber boot camp

Toy soldiers standing on a laptop
Interpol has officially partnered with security firm Trend Micro to benefit from its tools and expertise in the ongoing war against cyber crime.
The partnership will see Interpol and Trend Micro establish a new Global Complex for Innovation (IGCI). The centre is planned to open in Singapore in 2014 and will work to increase international cooperation between the public and private sector. Trend Micro will oversee the centre and use it to run free training programs for Interpol, government agencies, police forces and major companies that manage basic infrastructure in participating countries. A Trend Micro spokeswoman confirmed to V3 the agreement is entirely voluntary and Trend is not being paid for its participation.
The training will teach the agencies and companies best practices to address emerging digital crime at the national and international level. The lessons will be taught as e-learning modules, classroom-based training sessions, workshops and grant professional certifications to those that pass.
The centre's launch is one of many initiatives designed to increase information sharing between the public and private sector. The European Commission listed cyber threat information as a key part of its ongoing Cyber Strategy. Within the UK, the government recently launched its own Cyber Security Information Sharing Partnership (CISP). The partnership is similarly designed to facilitate cyber threat information sharing between the public and private sector and already has at least 160 major companies participating in it.
Both centres are designed to help governments and industry deal with the increased cyber threat facing them and follow widespread warnings that cyber criminals are evolving new and more dangerous cyber attack tools and strategies. Most recently ex-FBI agent and current Kroll Cyber Investigations managing director Timothy Ryan told V3 businesses need to improve threat alert systems to deal with the next wave of state and lone-wolf data-destroyer hackers targeting them.

Android Fakedefender malware attacks Google smartphone and tablet users

Google Android Malware
New ransomware masquerading as a legitimate Android security app has been uncovered by Symantec researchers.
Symantec's Joji Hamada said the malicious app infects users' machines by pretending to be a legitimate free antivirus app. However, unlike a legitimate security app, rather than protecting the user from malware, it loads it onto the device.
"The scam has evolved over time and we are now seeing FakeAV threats making their way onto Android devices. One interesting variant we have come across, detected by Symantec as Android.Fakedefender, locks up the device just like Ransomware," wrote Hamada.
"Once the malicious app has been installed, user experience varies as the app has compatibility issues with various devices. However, many users will not have the capability to uninstall the malicious app as the malware will attempt to prevent other apps from being launched. The threat will also change the settings of the operating system."
Hamada said the malware is particularly nasty as it can in some cases block the device's hard reset command. "In some cases users may not even be able to perform a factory data reset on the device and will be forced to do a hard reset, which involves performing specific key combinations and/or connecting the device to a computer in order to perform a reset using software provided by the manufacturer," he wrote.
"If they are lucky, some users may be able to perform a simple uninstall due to the fact that the app may crash when executed because of compatibility issues."

FakeDefender is one of many targeting the Android operating system. Hamada said the high success rate of the attacks will lead criminals to increase the number of threats using the tactic, calling for Android users to install legitimate, trusted mobile security applications.
"We may soon see FakeAV on the Android platform increase to become a serious issue just like it did on computers. These threats may be difficult to get rid of once installed, so the key to staying protected against them is preventing them from getting onto your device in the first place," he wrote.
The ransomware is one of many new mobile threats uncovered this year. Russian security firm Kaspersky reported detecting 23,000 new mobile threats in its Q1 2013 Threat Report.

Designer of the AK-47 brought to the Hospital

The 93 year old Kalashnikov, the designer of the AK-47 has been escorted to the hospital because of health issues. He was picked up by a military helicopter.

Smart Whistleblower platform Adleaks being designed by German researchers

New Web-based technology might make leaking data easier and more secure in the future. Researchers in Germany are developing a platform based on Internet ads to help whistleblowers like Edward Snowden leak top-secret information without their activities being caught out online.
AdLeaks is a system that is being designed to minimize the footprint of leaking information online in order to avoid the gaze of wide-reaching, international monitoring systems — such as those that the US is reported to use to keep track of overseas and domestic Internet traffic.

what is it?

Corporate or official corruption and malfeasance can be difficult to uncover without information provided by insiders, so-called whistleblowers.
However, the proliferation of surveillance technology and the retention of Internet protocol data records has a chilling effect on potential whistleblowers. The mere act of connecting to an online whistleblowing Website may suffice to raise suspicion, leading to cautionary advice for potential whistleblowers.
The current best practice for online submissions is to use an SSL connection over an anonymizing network such as Tor. This hides the end points of the connection and it protects against malicious exit nodes and Internet Service Providers (ISPs) who may otherwise eavesdrop on or tamper with the connection. However, this does not protect against an adversary who can see most of the traffic in a network, such as national intelligence agencies with a global reach and view.
We suggest a novel type of submission system for online whistleblowing platforms that we call AdLeaks. The objective of the AdLeaks system is to make whistleblower submissions unobservable even if the adversary sees the entire network traffic. A crucial aspect of the AdLeaks design is that it eliminates any signal of intent that could be interpreted as the desire to contact an online whistleblowing platform.
For technical details, please take a look at our paper on arXiv.org. For the source code of our research prototype, please take a look at our GitHub repository.

how does it work?

We designed the AdLeaks system to work with partners who embed AdLeaks ads or AdLeaks bugs into their web pages. Our ads contain code that encrypts an empty message with the AdLeaks public key and sends the ciphertext back to AdLeaks. This happens on all users' web browsers. A whistleblower's browser substitutes the ciphertext with encrypted parts of a disclosure. The protocol ensures that an adversary who can eavesdrop on the network communication cannot distinguish between the transmissions of regular browsers and those of whistleblowers' browsers. AdLeaks ads are authenticated so that a whistleblower's browser can tell them apart from other code. Consequently, whistleblowers never have to navigate to any particular site to communicate with AdLeaks once our ads are sufficiently widespread.
When popular websites begin to support AdLeaks this produces increasing amounts of cover traffic. Nodes in the AdLeaks network reduce the resulting traffic by means of an aggregation process so that a small number of trusted nodes can recover whistleblowers' submissions efficiently. Since neither transmissions nor the network structure of AdLeaks bear information on who a whistleblower is, the AdLeaks submission system is immune to passive adversaries who have a complete view of the network.


AdLeaks is a research project and not a complete system. AdLeaks provides a submission frontend but it lacks the backend necessary to securely manage and distribute received disclosures. We hope to collaborate with other projects towards building a complete system. We will soon bring a research system online suitable to experiment with the submission process. Remember. Thou shalt not send us real disclosures!

what do I need to have and how do I use it?

Whistleblowers need a software to instrument their browsers and a tool that prepares disclosures for submission. Once installed, all a whistleblower does is surf the web as regular. The instrumentation will leak bits of the disclosure to AdLeaks as the whistleblower encounters AdLeaks ads. This process may take in the order weeks depending on the size of the disclosure and the number of ads encountered per day. AdLeaks is not suited for large disclosures but provides a high degree of security. Website operators who would like to support AdLeaks need a bit of JavaScript that they must embed in web pages.

for whistleblowers

We distribute the code you need to instrument your browser along with our ads. There is no need to download it. You only need a small bootstrapper script which extracts the code from your browser's cache or local storage. The script also verifies and installs the software for you. It is critical for your safety that you verify that the script you use is authentic, prior to using it! The best approach is to compare bootstrapper scripts taken from multiple sources. We publish authentic scripts at the following sources:
  • in the QR code below (make sure the connection is authentic)
  • in print media (none yet, if you represent a major newspaper, please contact us)

contact information

Volker Roth
Arbeitsgruppe Sichere Identität
Fachbereich Mathematik und Informatik
Freie Universität Berlin

AdLeaks team

Volker Roth
Benjamin Güldenring
Eleanor Rieffel
Sven Dietrich
Lars Ries

JUST IN: Snowden heading towards Havana

Miriam Elder is at the airport in Moscow about to get on what we hope is the same plane to Havana as Edward Snowden. She told me:
As far as we know he’s expected to get on this flight to Havana in two hours, around 2pm Moscow time. There is speculation that maybe all this information that he’ll be on it is a ruse, but there’s a whole lot of journalists here taking the chance that he’ll be on that flight.
I asked her what the reaction had been in Russia to Snowden’s sudden arrival in Moscow yesterday.
It’s obviously been huge. It’s been a really big story. The airport has been crawling both with international journalists and Russian journalists … We haven’t had any really huge statements from Russian officials; Putin hasn’t commented on it. The foreign ministry, last I checked, just said they were looking into what his plans are.
And you’ve had a lot of Russian MPs calling for him to stay here and all I can say, being at the airport until 1am last night, is that there were Russian undercover agents all over the terminal where we believed him to be. It was really clear that the Russians were in charge of the situation here. There were Ecuadorian diplomats milling around trying to get to talk to him but the Russians seemed to be controlling everything here.
Miriam reiterated that there had been no confirmation of American speculation that the countries allowing Snowden to visit were getting information from him in exchange, but she said: “I would expect that Russian officials would be very eager to talk to him. And not only to talk to him to get information from him, but I suspect maybe to try to get him to stay here. Again, there’s no confirmation of that at all.”
She added that Dmitry Peskov, the Kremlin spokesman, had repeated to her that Moscow would consider any asylum request from Snowden.
I talked to Peskov yesterday morning and he said yes. I said, ‘Would you consider an asylum request from him?’ and he said, ‘Yes, that’s just standard procedure. That’s what we do for every application that we get.’

Edward Snowden: The cyber houdini

Edward Snowden has succesfully distracted the media and the government. He was supposed to be in a plane heading towards Cuba - but he was not in the Cuba plane. Woot! now the United States have revoked his passport and have demanded that he is deported to the U.S. - but they have one problem. No one knows where he is at the moment.
RT already said that he gained a new title: Houdini.

LulzSec Cyberattacks Force Officials To Shut Down Presidential Website

Hacker attacks forced Brazil to shut down its presidential website and other government sites temporarily on Thursday, one day after cyber attacks briefly disabled other government sites.
The Lulz Security group of hackers took credit for some of the attacks and said it had released what it said was personal data on President Dilma Rousseff and the mayor of Sao Paulo.
It was the latest in a global wave of cyber attacks on companies, organizations and governments.
The attack on the presidency website “generated a lot of traffic, designed to make the site unavailable. It wasn’t to steal information,” a government spokeswoman told Reuters.
The website posts presidential speeches, laws and other public information, another spokesperson said. The site was back on the air later in the day.
Several other government websites were taken off-line to bolster security following similar attacks, including the sports ministry site, which was still down in the early evening. A ministry spokeswoman said the attack did not affect data or compromise “the heart of the system.”
But the LulzSec group of hackers in Brazil claimed on Twitter to have copied protected data from the ministry site, showing what the group said was data on federal money sent to states that will host the 2014 soccer World Cup.
The group also released what it said was personal data on Rousseff and Sao Paulo Mayor Gilberto Kassab, including phone numbers for both. On Thursday afternoon the telephone numbers listed either did not work or were not attended.
Other government sites have been attacked recently. The sites for Brazil’s federal government, the presidency and the tax collection agency were inaccessible to the public for about two and a half hours earlier in the week.
LulzSec has made widely publicized assaults on Sony Corp, the CIA, News Corp’s Fox TV and other targets. The attacks have mostly resulted in temporary disruptions to websites and the release of user credentials.
LulzSec said on Monday in a Twitter message that it was seeking to hack government websites to leak “classified government information

Scenario: Snowden heads towards The Netherlands

Before everybody starts about how The Netherlands has an deportation treaty with the United States, I want to bring something different to your attention. There was a recent poll in The Netherlands which asked the Dutch population if they would mind if the government would be spying on them to provide them security. 73% of the people that were interviewed said that they would have no problem with it. On the other side the same people were extremely upset that the U.S. government has data about them too.
If Snowden would run towards The Netherlands; he would be openly accepted by the Dutch citizens - I am not sure what the government will do when this happens. The Dutch citizens already believe that the Dutch government is kissing the ass of the United States. If they would deport Snowden to The Netherlands it would just show that The Netherlands has no opinion in whatever.
If Snowden would go to jail in The Netherlands; the time he will spend in jail will be less then he would in the United States as The Netherlands has softer punishments and bigger, cozy jail rooms.
I would like to hear what you guys think that is the best place for him to run to and why.

Anonymous Cyberattacks shut down South Korean Presidential Office's website

On Tuesday the websites of South Korean President Park Geun-hye and another government agency was brought down from a cyberattack, Yonhap News Agency reports.
Unidentified hackers attacked the websites of South Korea's presidential office, another government agency and some media organizations on Tuesday, claiming they are part of the hacktivist group Anonymous.
The cyber attacks occurred around 9:30 a.m. at the home pages of Cheong Wa Dae and the Office of Government Policy Coordination. Both websites were shut down for repair.
Right after the hacking attack, the Cheong Wa Dae website showed messages in red, including one that read "Great leader Kim Jong-un," the North's top leader.
For 10 minutes from 10 a.m., it was posted along with the message, "We Are Anonymous. We Are Legion. We Do Not Forgive. We Do Not Forget. Expect Us," along with a photo of President Park Geun-hye.
It is unclear if North Korea was involved in the attacks.
Also unclear is whether the Anonymous hacktivist group was behind Tuesday's attacks. The group has said it will launch cyber attacks on dozens of North Korean websites on Tuesday, the anniversary of the outbreak of the 1950-53 Korean war.
The Cheong Wa Dae website is now showing a message that it has been temporarily suspended to check its system. The website of the Office of Government Policy Coordination is also displaying a similar message.
Websites of some media organizations, including the conservative mass daily Chosun Ilbo, and several homepages of the ruling Saenuri Party's local chapters were paralyzed early Tuesday by alleged hacking.
"It is verified that not only Cheong Wa Dae and the Prime Minister's office but also some media outlets were hacked," an official at the National Police Agency's cyber terror response team said. "It seems that a massive cyber attack has started."
Following the cyber attacks, the South Korean military upgraded its information surveillance status and increased the number of cyber security personnel to monitor any attempts to infiltrate into the military network system.
The Joint Chiefs of Staff (JCS) upgraded its the current status of Information Operation Condition (INFOCON) from Level 5 to Level 4. The five-tier threat level system has been used by the military to defend against a computer network attack.
"So far, there was no attempt of hacking into the military network," a JCS official said. "As the military separately operates Internet and Intranet, it is hard to break into the military's internal network system."

AnonGhost new operation #opBurma after #opPetrol success

If it was not damage what AnonGhost left in #opPetrol they sure did give the organisations an security awareness training. In The Netherlands multiple discussions started about the fact that The Netherlands is not responding to threats that could critical infrastructures. No matter where they come from.
#opPetrol used multiple web hives to launch attacks - the AnonGhost team defaced and hacked over 150 websites in one day.

Myanmar - #opBurma by AnonGhost

AnonGhost announced that they will initiate #opBurma in August but as it seems they already started attacking.






Alleged NSA snooping target is one of China's Internet hubs

China's Tsinghua University, revealed by an American spy agency contractor to be a target of U.S. surveillance programs, is home to the country's oldest Internet hub and routes traffic from tens of millions of users.
The alma mater of many of China's top leaders including President Xi Jinping and former President Hu Jintao, Tsinghua's campus in northwestern Beijing hosts the China Education and Research Network (CERNET), one of China's six major backbone networks, according to state media.
"Tsinghua is known as the 'MIT of China'," said Duncan Clark, chairman of Beijing-based technology consultancy BDA, referring to the premier U.S. university, the Massachusetts Institute of Technology.
"It has strong research and technical capabilities," Clark told Reuters in e-mailed comments. "It also produces a lot of the nation's future elite (in government and business). So it's not surprising, I guess, that it's a target."
The university did not respond to requests for comment.
But, in an interview with the Communist Party-backed Beijing Youth Daily, an unnamed official from Tsinghua's information department denied that it was the target of a U.S. cyber attack, saying that "reports that Tsinghua was hacked into are inaccurate".
On Saturday, Hong Kong's South China Morning Post newspaper said documents and statements from the contractor, Edward Snowden, indicated the NSA had hacked major Chinese telecoms companies to access text messages, attacked Tsinghua University, and hacked the Hong Kong headquarters of Pacnet, which has an extensive fiber optic submarine network.
Snowden, who is wanted by the United States government, fled Hong Kong on Sunday to Moscow. He has asked for asylum in Ecuador.
Set up in 1994, CERNET was designed to provide Internet services to China's educational institutions, according to its web site. It connects 160 cities in China and more than 2,000 of China's universities and research institutes, including Beijing's other top university, Peking University, and Shanghai's Jiaotong University.
CERNET, which is operated by China's ministry of education, says on its website that it is China's "largest non-profit computer network and hosts the world's largest national academic network".
Luo Ping, a professor of Internet security at Tsinghua, said he had warned in research papers about U.S. attacks on China's backbone networks about five to six years ago.
"Those of us who do network security have known very early on that the National Security Agency has entered the backbone networks in China," Luo said. He did not however specifically comment on Snowden's claims.
In 2007, local media reported that Tsinghua's network had sustained large-scale virus attacks in 2006 and again in 2007, affecting over 10,000 computers on campus. The university was forced to shut down many infected computers to contain the virus.
"I believe they've taken some measures, but are still relatively weak," Luo said.
China on Sunday expressed "grave concern" over Snowden's allegations that the United States has hacked into Tsinghua and Chinese mobile network companies, and said it had taken the issue up with Washington.
When asked why Tsinghua could have been targeted by the United States, foreign ministry spokeswoman Hua Chunying said at a regular briefing on Monday that she was "not in a position to answer this question".
"Ask the party who conducted the attacks," Hua said.
Both China and the United States accuse each other of cyber attacks and the issue was top of the agenda when President Barack Obama hosted Xi at their first summit earlier this month.
China later said it wanted cooperation rather than friction with the United States over cyber security.

Spy Marketing: CIA Rolls Out 'New and Improved Website'

The CIA prides itself on secrecy but the spy agency unveiled a revamped website Monday that promises a user-friendly layout and a "sleeker, more modern web experience."
Borrowing the jargon of corporate marketing, the Central Intelligence Agency touted its new online look for job-seekers or people interested in the spy service's origins.
"The new and improved website reflects CIA's strong commitment to educating and informing the American people about the Agency's history, mission, and organization," John Brennan, CIA director, said in a statement.
"I encourage the public to explore the website and learn more about an American institution dedicated to protecting our country's security," said Brennan, known as the mastermind behind secret drone strikes in Pakistan and Yemen.
The CIA, heavily criticized over its reluctance to discuss drone bombing raids abroad or the treatment of terror suspects, said the new site offered more interactive features and more information to the public.
"The new design provides users a sleeker, more modern web experience, while offering a more user-friendly layout for the site's extensive content," the agency said.
The site features a menu of less than exciting videos, including a nine-minute promotional clip that provides a quick history of the agency from its founding in 1947 to the present.
The video's production standards are not exactly Hollywood material but it does try to explain the different branches of the agency, using a brief clip from a James Bond film to highlight the role of technicians who create gadgets for spies in the field.
"Think Q in James Bond movies," says the narrator during a segment on the agency's science and technology office.
The site also appears aimed at recruiting a new generation of spies, with a "job fit tool" that allows prospective applicants to find the best match for their skills and a "job cart" that allows people to apply to up to four jobs at one time.
The CIA website also makes it easier to search through historical documents from the Cold War era that have been declassified, including official collections recounting a range of secret operations during the Vietnam War.
One book examines the story of Lima Site 85, a covert radar site in Laos "that allowed the United States to bomb North Vietnam."