Tuesday, 30 July 2013

“Car hackers” to show off how they can “control” vehicles with a laptop

Two researchers are to demonstrate a “hack” that allows control over automobile systems including brakes and steering in models by Ford and Toyota – overriding the commands sent by the driver.
The “hack” can’t be used to “remote control” a vehicle, but Charlie Miller and Chris Valasek claim that their software can override the Electronic Control Units (ECUs) in a Toyota Prius and Ford Escape, by plugging a MacBook into a diagnostics port used by mechanics.
“‘Imagine you’re driving down a highway at 80 ,’ Mr Valasek said in an interview with Forbes. ‘“You’re going into the car next to you or into oncoming traffic. That’s going to be bad times.”
The researchers stress that they have not created a mechanism for remote attacks, and say that their research aims to raise awareness of vulnerabilities in these systems.
“At the moment there are people who are in the know, there are nay-sayers who don’t believe it’s important, and there are others saying it’s common knowledge but right now there’s not much data out there,” said Mr Miller, in an interview with the BBC. “We would love for everyone to start having a discussion about this, and for manufacturers to listen and improve the security of cars.”
The hack will be shown off at DefCon 21 on Friday, August 2, in a presentation entitled  “Adventures in Automotive Networks and Control Units”
“These types of message are usually used by mechanics to diagnose problems within the automotive network, sensors, and actuators. Although meant for maintenance, we’ll show how some of these messages can be used to physically control the automobile under certain conditions.,” says Valasek.
“So there you have it. While we are NOT covering any remote attack vectors/exploits, we will be releasing documentation, code, tools, sample traffic from each vehicle, and more. At the very least you will be able to recreate our results, and with a little work should be able to start hacking your own car!”

Versatile and infectious: Win64/Expiro is a cross-platform file infector

Recently, our anti-virus laboratory discovered an interesting new modification of a file virus known as Expiro which targets 64-bit files for infection. File-infecting viruses are well known and have been studied comprehensively over the years, but malicious code of this type almost invariably aimed to modify 32-bit files. One such family of file viruses, called Expiro (Xpiro), was discovered a long time ago and it’s not surprising to see it today. However, the body of this versatile new modification is surprising because it’s fully cross-platform, able to infect 32-bit and 64-bit files (also, 64-bit files can be infected by an infected 32-bit file). According to our naming system the virus is called Win64/Expiro.A (aka W64.Xpiro or W64/Expiro-A). In the case of infected 32-bit files, this modification is detected as Win32/Expiro.NBF.
The virus aims to maximize profit and infects executable files on local, removable and network drives. As for the payload, this malware installs extensions for the Google Chrome and Mozilla Firefox browsers. The malware also steals stored certificates and passwords from Internet Explorer, Microsoft Outlook, and from the FTP client FileZilla. Browser extensions are used to redirect the user to a malicious URL, as well as to hijack confidential information, such as account credentials or information about online banking. The virus disables some services on the compromised computer, including Windows Defender and Security Center (Windows Security Center), and can also terminate processes. Our colleagues from Symantec have also written about the most recent Expiro modification. TrendMicro also reported attacks using this virus.

The Win64/Expiro infector

The body of the virus in a 64-bit infected file is added to the end of the new section of the executable file, called .vmp0 with a size of 512,000 bytes (on disk). To transfer control to the main body (.vmp0), the virus inserts 1,269 bytes of malicious startup code in place of the entry point. Before modifying the entry point code, the virus copies the original bytes to the beginning of the .vmp0 section. This startup code performs unpacking of the virus code into the .vmp0 section. In the screenshot below we show the template for the startup code to be written during infection to the entry point of the 64-bit file.
win64-expiro-p1 (1)
During the infection process, the virus will prepare this startup code for insertion into the specified file and some of these instructions will be overwritten, thus ensuring the uniqueness of the .vmp0 section contents (polymorphism). In this case, the following types of instruction are subject to change: add, mov, or lea (Load Effective Address), instructions that involve direct offsets (immediate). At the end of the code, the virus adds a jump instruction which leads to the code unpacked into the .vmp0 section. The screenshot below shows the startup code pattern (on the left) and startup code which was written into the infected file (on the right).
win64-expiro-p1 (2)Similar startup code for 32-bit files is also located in the section .vmp0 as presented below.
win64-expiro-p1 (3)
This code in x32 disassembler looks like usual code (infected file).
win64-expiro-p1 (4)
The size of the startup code in the case of a 64-bit file is equal to 1,269 bytes, and for an x32 file is 711 bytes.
The virus infects executable files, passing through the directories recursively, infecting executable file by creating a special .vir file in which the malicious code creates new file contents, and then writes it to the specified file in blocks of 64K. If the virus can’t open the file with read/write access, it tries to change the security descriptor of the file and information about its owner.
The virus also infects signed executable files. After infection files are no longer signed, as the virus writes its body after the last section, where the overlay with a digital signature is located. In addition, the virus adjusts the value of the field Security Directory in the Data Directory by setting the fields RVA and Size to 0. Accordingly, such a file can also be executed subsequently without reference to any information about digital signatures. The figure below shows the differences between the original/unmodified and the infected 64-bit file, where the original is equipped with a digital signature. On the left, in the modified version, we can see that the place where the overlay shown on the right was formerly located is now the beginning of section .vmp0.
win64-expiro-p1 (5)
From the point of view of process termination, Expiro is not innovative and uses an approach based on retrieving a list of processes, using API CreateToolhelp32Snapshot, and subsequent termination via OpenProcess / TerminateProcess. Expiro targets the following processes for termination: «MSASCui.exe», «msseces.exe» and «Tcpview.exe».
win64-expiro-p1 (6)
When first installed on a system, Expiro creates two mutexes named «gazavat».
win64-expiro-p1 (7)
In addition, the presence of the infector process can be identified in the system by the large numbers of I/O operations and high volumes of read/written bytes. Since the virus needs to see all files on the system, the infection process can take a long time, which is also a symptom of the presence of suspicious code in the system. The screenshot below shows the statistics relating to the infector process at work.
win64-expiro-p1 (8)The virus code uses obfuscation during the transfer of offsets and other variables into the API. For example, the following code uses arithmetic obfuscation while passing an argument SERVICE_CONTROL_STOP (0×1) to advapi32!ControlService, using it to disable the service.
win64-expiro-p1 (9)
With this code Expiro tries to disable the following services: wscsvc (Windows Security Center), windefend (Windows Defender Service), MsMpSvc (Microsoft Antimalware Service, part of Microsoft Security Essentials), and NisSrv (Network Inspection Service used by MSE).

Win64/Expiro payload

As the payload, the virus installs a browser extension for Google Chrome and Mozilla Firefox. The manifest file for the installed Chrome extension looks like this:
win64-expiro-p1 (10)
In the Chrome extensions directory, the directory with malicious content will be called dlddmedljhmbgdhapibnagaanenmajcm. The malicious extension uses two JavaScript scripts for it work: background.js and content.js. After deobfuscation, the code pattern of background.js looks like this.
win64-expiro-p1 (11)
The variable HID is used for storing the OS version string and Product ID. The variable SLST is used to store a list of domains that are used to redirect the user to malicious resources.
win64-expiro-p1 (12)
The manifest file for the Firefox extension looks like this:
win64-expiro-p1 (13)
In the screenshot below you can see part of the code of content.js which performs parsing of form-elements on the web-page. Such an operation will help malicious code to retrieve data that has been entered by the user into forms, and may include confidential information.
win64-expiro-p1 (14)
As a bot, the malware can perform the following actions:
  • change control server URLs;
  • execute a shell command – passes it as param to cmd.exe and returns result to server;
  • download and execute plugins from internet;
  • download a file from internet and save it as %commonapddata%\%variable%.exe;
  • implement a TCP flood DoS attack;
  • enumerate files matching mask \b*.dll in the %commonappdata% folder, loading each one as a library, calling export «I» from it, and loading exports «B» and «C» from it;
  • call plugin functions «B» and «C» from the loaded plugin;
  • start proxy server (SOCKS, HTTP);
  • set port forwarding for TCP on the local router (SOAP).
Expiro tries to steal FTP credentials from the FileZilla tool by loading info from %appdata%\FileZilla\sitemanager.xml. Internet Explorer is also affected by Expiro which uses a COM object to control and steal data. If a credit card form is present on a loaded web page, malware will try to steal data from it. The malicious code checks form input data for matches to «VISA» / «MasterCard» card number format and shows a fake window with message:
“Unable to authorize.\n %s processing center is unable to authorize your card %s.\nMake corrections and try again.”
This malware can also steal stored certificates with associated private keys (certificate store «MY»).

Implications of Win64/Expiro

Infecting executable files is a very efficient vector for the propagation of malicious code.
The Expiro modification described here represents a valid threat both to home users and to company employees. Because the virus infects files on local disks, removable devices and network drives, it may grow to similar proportions as the Conficker worm, which is still reported on daily basis. In the case of Expiro the situation is getting worse, because if a system is left with at least one infected file on it which is executed, the process of total reinfection of the entire disk will begin again.
In terms of delivery of the payload, the file infector is also an attractive option for cyber crime, because viral malicious code can spread very fast. And of course, a cross-platform infection mechanism makes the range of potential victims almost universal.
Big hat tip to Miroslav Babis for the additional analysis of this threat.

Thomson Reuters is latest victim of high-profile Twitter hacks

A Twitter account used by international news agency Thomson Reuters was compromised this week, by hackers affiliated to the Syrian Electronic Army.
The group has claimed responsibility for a series of high-profile hacks against media organizations and messaging apps over the past few months, with hacks targeting the Financial Times, CBS and chat apps such as Tango and Viber.
“Earlier today @thomsonreuters was hacked. In this time, unauthorized individuals have posted fabricated tweets of which Thomson Reuters is not the source,” a company spokesperson said. “The account has been suspended and is currently under investigation.”
The Tweets, including cartoons relating to the current conflict in Syria, were posted in a half-hour period before the account was closed down, according to a report by All Things D.
The group claimed responsibility for the attack on its official website saying, “The Syrian Electronic Army hacked today the official account of Thomson Reuters and published some truth about what is really happening in Syria…The account was suspended after less than an hour.”
Previous attacks have compromised company blog pages and app pages on Google Play, as well as leaking customer information and compromising official corporate Twitter feeds.
In the wake of attacks earlier this year, Twitter sent out an email to media groups saying, “We believe that these attacks will continue, and that news and media organizations will continue to be high value targets to hackers.”

Lost in space? NASA “fell short” on cloud security, report finds

NASA is no stranger to peering into nebulae in space – but the space agency found itself perplexed by the more Earthbound puzzle of cloud computing security, according to a report by the Office of the Inspector General.
“We found that weaknesses in NASA’s IT governance and risk management practices have impeded the Agency from fully realizing the benefits of cloud computing and potentially put NASA systems and data stored in the cloud at risk,” said the report, NASA’s Progress in Adopting Cloud-Computing Technologies.
“NASA spends about $1.5 billion annually on its portfolio of information technology (IT) assets – which includes more than 550 information systems that control spacecraft, collect and process scientific data, provide security for IT infrastructure, and enable Agency personnel to collaborate with colleagues around the world,” the report said.
The report found that NASA had put data at risk by moving it into public clouds without notifying security officers. In one incident, data was on a public cloud for two years without authorization or any security plan, according to a report by CNET.
More than 100 of NASA’s internal and external websites did not have proper security controls. NASA is seen as a pioneer in government use of cloud computing, according to a report by GovInfo Security.
The space agency launched its Nebula cloud computing project in 2008, described as, “an open-source cloud computing project and service developed to provide an alternative to the costly construction of additional data centers whenever NASA scientists or engineers require additional data processing.”
NASA shut Nebula in 2012 when it was discovered that public clouds, such as those offered by Amazon were more reliable and cost-effective.
The space agency has long been a target for hackers, with hackers in China reportedly breaking into Jet Propulsion Laboratory systems and gaining “full control” over them, according to a 2012 report by the Office of the Inspector General.
“As NASA expands its use of public cloud services, it is imperative that the Agency strengthen its governance and risk management practices to mitigate the chance that Agency operations may be disrupted, data lost, or public funds misused,” the report concluded.

How Not to Get Hacked at Black Hat and DefCon

How is that for irony? Going to Black Hat and getting hacked? Here are some tips from our friends at Websense Security Labs and Qualys on how to make it hard for the hackers to make a fool out of you. If you are at a security conference, you have to accept that there is someone probing the network for security vulnerabilities, sniffing network traffic to see who is sending sensitive data on the web without encrypting it, and pwning any attendees who didn't pick a strong password for their accounts. Some of the brightest minds in security are in attendance at Black Hat and DefCon. For the rest of us, it is in our best interests to be paranoid and exercise some caution.
Before You Even Get to Vegas
Security paranoia and best practices kick in long before you get to Las Vegas. First and foremost, make sure you have patched the operating system, browser, and installed software. Make sure your antivirus and security software are fully patched and up-to-date, too.
Go ahead and delete your cookies and clear the Web browser history and cache. Cookies contain a lot of information about you. If your notebook is stolen, the last thing you want is for the thief to be able to get access to information about you or your online activity.
If you don't already, encrypt sensitive files on your hard drive. If possible, go with full-disk encryption so that you don't miss an important piece of data.
Make a full backup of your computer and other devices and leave the backups at home (or if you trust the cloud, online). That way, if you accidentally lose your device, or if it gets stolen, you at least have your data waiting for you.
Black Hat 2013 Bug
When you get home, wipe your machine (in case you accidentally got hacked or infected) and revert back to this clean backup. While at the conference, consider saving to a cloud server or your own personal removable drive. Don't ask around for someone to give you a USB key at the conference; that's just asking to get an infected drive.
I actually just take a stripped down machine, with nothing on it from my normal usage. Just a patched OS, and whatever information I will need this week.
Just in General, Be Safe
While we are at it, while you are at Black Hat or DefCon, if you are prompted to install a patch or update, be really cautious. Odds are that it will be malicious.
We said it once, we will say it again. Do not accept storage devices, USBs or files from people you don't know. If you find a USB drive in your bag but you don't know how it got there, don't just pop it in to your laptop "to see what's on it."
Be careful about using ATMs, especially near Caesars Palace or Rio, where the conferences are. Anyone can install card skimmers. With Barnaby Jack's tragic death just last week, I am half-expecting someone to set up a fake ATM in his memory.
Device Security in Vegas
Keep an eye on all your devices. If you leave it behind, it may get stolen. It may also encourage someone to compromise it and leave behind a small present instead.
Turn off Bluetooth and Wi-Fi on all your devices. Make sure none of your applications can automatically turn them on. It may be best to leave any radio-frequency identification (RFID) enabled devices, such as your work badge, passport (some counties) or even some credit cards at home, or in your hotel room. If your phone has near-frequency-communications (NFC) chip, turn that off, too.
Do not charge phones, computers, or other devices in public charging stations. We've seen demonstrations at Black Hat where these stations can be hacked to link to your device and slurp data without your knowledge, or infect the device. An option is to invest in a portable battery pack that charges independently that you can use while on the go.
Network Security in Vegas
Be careful about connecting to wireless networks. It's not hard to set up a Wi-Fi Pineapple, a network access point that can sniff out your activity. "Be wary of the wireless networks throughout the venue, and your entire stay at Black Hat," Websense advises. In fact, when you can, stick to using a wired connection, especially in the hotel.
Use your VPN at all times! Connect to work servers over VPN, and if you don't have one, use any one of the VPN services we have looked at. We like VPNBook and Cyber Ghost VPN for free VPNs, although the ad-supported version of AnchorFree's HotSpot Shield is good, too.
Avoid sending sensitive data while onsite. "I avoid accessing data at all, but if you need to, use a VPN on a laptop to be safe," says Andrew Wild, CSO of Qualys.
"People think the cell phone is safe, but it's not. There are going to be two presentations this year where people are using a femtocell base station in a man-in-the-middle attack," says Wolfgang Kandek, CTO of Qualys. "Someone can put up a fake cell tower close to you, in the next room, so the air card would connect to it."
Consider sticking with 3G or 4G connectivity, if you can. I use my Android device as a portable hotspot, but that femtocell talk by iSec Partners this week may scare me off that option, too.
I grabbed a burner phone, because I didn't want to lose any information on my device. "If you are really paranoid, you can always leave your computer and devices at home (since hotel locks and even room safes can be hacked)," says Kandek.
But that's no fun. Black Hat and DefCon are full of great presentations and everyone is ready to share everything they know. Just be aware, think about security, and have a good time.

Security Vendors: Do No Harm, Heal Thyself

Security companies would do well to build their products around the physician’s code: “First, do no harm.” The corollary to that oath borrows from another medical mantra: “Security vendor, heal thyself. And don’t take forever to do it! ”
crackedsymOn Thursday, Symantec quietly released security updates to fix serious vulnerabilities in its Symantec Web Gateway, a popular line of security appliances designed to help “protect organizations against multiple types of Web-borne malware.” Symantec issued the updates more than five months after receiving notice of the flaws from Vienna, Austria based SEC Consult Vulnerability Lab, which said attackers could chain together several of the flaws to completely compromise the appliances.
“An attacker can get unauthorized access to the appliance and plant backdoors or access configuration files containing credentials for other systems (eg. Active Directory/LDAP credentials) which can be used in further attacks,” SEC Consult warned in an advisory published in coordination with the patches from Symantec. “Since all web traffic passes through the appliance, interception of HTTP as well as the plain text form of HTTPS traffic (if SSL Deep Inspection feature in use), including sensitive information like passwords and session cookies is possible.”
Big Yellow almost certainly dodged a bullet with this coordinated disclosure, and it should be glad that the bugs weren’t found by a researcher at NATO, for example; Earlier this month, security vendor McAfee disclosed multiple vulnerabilities in its ePolicy Orchestrator, a centralized security management product. The researcher in that case said he would disclose his findings within 30 days of notifying the company, and McAfee turned around an advisory in less than a week.
Interestingly, Google’s security team is backing a new seven-day security deadline that would allow researchers to make serious vulnerabilities public a week after notifying a company. Google says a week-long disclosure timeline is appropriate for critical vulnerabilities that are under active exploitation, and that its standing recommendation is that companies should fix critical vulnerabilities in 60 days, or, if a  fix is not possible, they should notify the public about the risk and offer workarounds.

It seems to me that we ought to hold companies that make security software and hardware to a higher standard, and expect from them a much more timely response. It’s true that products which are widely deployed require more thorough testing to ensure any patches don’t introduce additional problems. But to my mind, 30 days is more than plenty to address these vulnerabilities.
Johannes Greil, head of SEC Consult Vulnerability Lab, said security companies need to invest more in securing their own products.
“We only did a short crash test and found those critical vulnerabilities,” Greil said. “I don’t think that it is acceptable to take that long because users are unprotected for that time. I do understand though, that testing the patches is necessary and may take longer. At least they don’t take years as Oracle does sometimes.”

Don’t Get Sucker Pumped

Gas pump skimmers are getting craftier. A new scam out of Oklahoma that netted thieves $400,000 before they were caught is a reminder of why it’s usually best to pay with credit versus debit cards when filling up the tank.
The U.S. Attorney’s office in Muskogee, Okla. says two men indicted this month for skimming would rent a vehicle, check into a local hotel and place skimming devices on gas pumps at Murphy’s filling stations located in the parking lots of Wal-Mart retail stores. The fraud devices included a card skimmer and a fake PIN pad overlay designed to capture PINs from customers who paid at the pump with a debit card.
A PIN pad overlay device for gas pumps. Photo; NewsOn6.com
A PIN pad overlay device for gas pumps. Photo; NewsOn6.com
According to their indictment (PDF), defedants Kevin Konstantinov and Elvin Alisuretove would leave the skimming devices in place for between one and two months. Then they’d collect the skimmers and use the stolen data to create counterfeit cards, visiting multiple ATMs throughout the region and withdrawing large amounts of cash. Investigators say some of the card data stolen in the scheme showed up in fraudulent transactions in Eastern Europe and Russia.
As the Oklahoma case shows, gas pump skimmers have moved from analog, clunky things to the level of workmanship and attention to detail that is normally only seen in ATM skimmers. Investigators in Oklahoma told a local news station that the skimmer technology used in this case was way more sophisticated than anything they’ve seen previously.

Increasingly, pump skimmer scammers are turning to bluetooth-enabled devices that connect directly to the pump’s power source. These skimmers can run indefinitely, and allow thieves to retrieve stolen card data wirelessly while waiting in their car at the pump.
Below is one such card skimming device, pulled off a compromised gas station pump late last year in Rancho Cucamonga, Calif.
A new, unaltered generic gas pump card acceptance slot. The device on the right has a bluetooth skimming device attached.
A new, unaltered generic gas pump card acceptance slot. The device on the right has a bluetooth skimming device attached.
Pump skimmers can be fairly cheap to assemble. The generic gas pump card acceptance device pictured left in the image above (Panasonic ZU-1870MA6t2) can be purchased for about $74. The pump skimmer scammers must love this model: It almost looks like it’s designed to hold additional electronics.
Investigators say the individuals responsible for these pump scams are able to ply their trade because a great many pumps can be opened with a handful of master keys. In the end, it comes down to a cost decision by the filling station owners: This story from Fox News about a rash of pump skimmers discovered earlier this month in Minnesota says that it costs filling stations about $450 to re-key eight pumps.

Sophos to bring threat management to Amazon Web Services

Sophos logo on sign
Security firm Sophos has launched a new service which will allow users to better run run the company's Unified Threat Management (UTM) platform through the Amazon Web Services (AWS) Elastic Compute (EC2) computing cloud service.
The company said that it would be adding an hourly licence option to its threat management service on the Amazon Market. The option will be available for users to purchase on the AWS Marketplace.
Security services have long been a feature on Amazon's AWS Market since the company launched the feature in 2012. The market allows third-party vendors to integrate their products with AWS virtual machine instances.
Sophos believes that the new pricing model for the service will allow users to retain security on their servers when running AWS instances for short term projects or relying on the cloud platform's elasticity to help scale with customer demand during peak operating times.
As a long-standing security provider, we know about the many benefits that Amazon Web Services provides, especially to SMBs that have adopted the cloud,” said Sophos senior product manager Angelo Comazzetto.
We pride ourselves on developing complete security offerings that are simple to use, and with this offering, companies can better defend their cloud security resources with layers of security provided by Sophos UTM.”
The company said that the hourly fees will depend on the pricing and region of the AWS instance. Listed prices range from $.02 for a Standard Micro system to $3.10 for a High I/O 4XL EC2 instance.

Cyber Jihad Between Islamic Indonesia and Bangladesh Down hundreds of websites

A cyber-jihad has erupted between groups of rival Islamic hackers in Bangladesh and Indonesia, resulting in attacks on hundreds of sites.
The rival hackers have abandoned their normal pursuit of Israeli targets and have instead turned on each other. It is unclear which side started the war, although the Bangladeshi group have accused Indonesia of supporting Israel, even though relations between the two countries are frosty at best.
A group called Bangladesh Grey Hat Hackers claimed to have hacked around 900 Indonesian sites and threatened to expand their assault to include ecommerce and financial sites. The full list also includes pet food sites, foreign embassies, and government websites. At the time of writing, loading up many of the sites resulted in a 404 error.
On the group's Facebook page, a hacker called Rotating Rotor wrote an open letter to Indonesia, which we've rewritten slightly for the sake of clarity.
Earlier today, Rotor wrote: "Assalamu Alaikum. First of all take my greetings of Ramadan. As you all know we are in a cyber war with the hackers of your country. You guys only knew that we are defacing your countries sites.
"Now you can ask if we don't deface Muslim's sites then why we are attacking Indonesian sites? Believe me. We are forced to do so with your hacking teams, who wanted war with us several times before."
The group have some "simple demands" which they have not yet announced. If these are not met, the hacking will continue for another six months, the group threatened. It claimed that five groups of Indonesians had carried out small-scale cyber attacks in recent months, eventually provoking a full-scale retaliation, despite repeated calls for peace.
Rotor added: "We are getting thousands of requests from many Indonesian's to stop the attack. We feel hurt after seeing this. We decided to stop. But Indo Hackers defaced our sites again. Then we changed our mind and continue to attack.
"Right now we are just only defacing. If your Hackers don't stop we are going to inject malware and viruses to all of your e-commerce sites and destroy your e-commerce system.
"We already gain access to many of your servers, We just observing your Hackers activities.
"Believe me, I swear. We have the capabilities to continue this war for minimum 6 months. We got access to your unlimited servers."
On the page, there are also dozens of comments from people using the famous Anonymous Guy Fawkes mask as their profile picture.
One wrote: "The Zionists are laughing at us. Muslim vs Muslim. Better we all unite, not fight each other."
Indonesian hackers also released a list of the Bangladeshi sites they have attacked in turn, which include religious courts and government websites, including the Presidential page.
We visited some of the sites on the list, which show a message that said: "Stop attack my country. Don't touch my country Bangladesh. Fuck BD Gay Hay UR lamer. A little dog Murkho Manob was using message slander. Bitch dog really. YOUR MOTHER FUCKER!"
Murkho Manob is a Bangladeshi hacker who targets websites he claims support Israel. A quick Google search shows he has attacked the website of a British Thai boxing club and also a rather quaint-looking hotel, as well as Israeli websites.
We have written to both sides for comment, but they have not yet replied

Today’s Security Organizational Structure

There is no “one size fits all” for the structure of the information security department or assignment of the scope of the responsibilities. Where the security organization should report has also been evolving. In many organizations, the information systems security officer (ISSO) or chief information security officer (CISO) still reports to the chief information officer (CIO) or the individual responsible for the IT activities of the organization. This is due to the fact that many organizations still view the information security function as an IT problem and not a core business issue. Alternatively, the rationale for this may be the necessity to communicate in a technical language, which is understood by IT professionals and not typically well understood by business professionals. Regardless of the rationale for placement within the organization, locating the individual responsible for information security within the IT organization could represent a conflict of interest, as the IT department is motivated to deliver projects on time, within budget and at a high quality. Shortcuts may be taken on security requirements to meet these constraints if the security function is reporting to the individual making these operational decisions. The benefit of having the security function report to the CIO is that the security department is more likely to be engaged in the activities of the IT department and be aware of the upcoming initiatives and security challenges. A growing trend is for the security function to be treated as a risk-management function and as such, be located outside of the IT organization. This provides a greater degree of independence, as well as providing the focus on risk management vs. management of user IDs, password resets, and access authorization. Having the reporting relationship outside of the IT organization also introduces a different set of checks and balances for the security activities that are expected to be performed. The security function may report to the chief operating officer, CEO, general counsel, internal audit, legal, compliance, administrative services or some other function outside of IT. The function should report as high in the organization as possible, preferably to an executive-level individual. This reporting line ensures that the proper message about the importance of the function is conveyed to senior management, company employees see the authority of the department, and that funding decisions are made while considering the needs across the company.

Dotcom and US argue over seized evidence

Kim Dotcom and his co-accused should be able to scour all the evidence in the US government's internet piracy case against them, his lawyer argues.
But New Zealand's Solicitor-General Mike Heron says a local court doesn't have the power to order the US - a foreign state - to hand over anything in its case against the man it accuses of internet piracy.
"It is accepted appellants are entitled to a fair extradition hearing, but that does not give rights akin to some kind of criminal disclosure," he told the country's top judges, in the Supreme Court on Tuesday.
If New Zealand tried to order the US to hand over all the seized evidence against German-born Dotcom, it would be unprecedented, Mr Heron said.
He said New Zealand's extradition treaty with the US was to facilitate extradition and make it easier and more efficient.
The US is trying to extradite Dotcom, Mathias Ortmann, Fin Batato and Bram Van der Kolk to face copyright infringement, money laundering and racketeering charges, but the US government doesn't want to hand over the full case against them.
Instead it has provided a summary of evidence for the hearing, now expected to take place next year.
To extradite Dotcom and his co-accused the US must prove they have a internet piracy case against the quartet, arrested during a Hollywood-style raid on Dotcom's mansion at the beginning of 2012.
The FBI seized a huge number of files and emails, but needs passwords to get at encrypted files. It has offered to provide Dotcom with clones of the files in exchange for the passwords.
Dotcom's lawyer Paul Davison QC told the court the summary provided was inadequate, made propositions and didn't include any evidence showing criminal intent.
Supporting Mr Davison's arguments, Guyon Foley, the lawyer for Ortmann, Batato and Van der Kolk, told the court he could not properly advise his clients without access to actual documents.
"We don't wish to have a fight based on inferences, we wish to have a fair hearing," he said.
Mr Foley said two emails referred to in the US government's summary were actually sent as a joke, and wants access to all "five billion" emails sent between the group.
Among technical defences, the Crown, on behalf of the US, is arguing that the disclosure process will be lengthy and difficult.
The quartet say they are also disadvantaged because their personal computers and data have been seized by New Zealand authorities and not yet returned despite a High Court ruling.
Dotcom denies US allegations he acted criminally in setting up Megaupload, which the US claims netted more than $US175 million ($NZ218 million) in criminal proceeds.
The file-sharing website allowed users to share content, some of which was illegal, but Mr Davison says there is no evidence showing Dotcom had any criminal intent in setting it up.
The five Supreme Court justices reserved their decision.

Bradley Manning Not Guilty Of Aiding The Enemy

US soldier Bradley Manning has been found not guilty of aiding the enemy after leaking government secrets to WikiLeaks.
However, a military judge found the intelligence analyst guilty of 19 lesser charges following the two month trial in Fort Meade, Maryland.
These include five espionage and five theft charges, computer fraud and other military infractions, which could see him sentenced to prison for 136 years.
American blogger Xeni Jardin tweeted that Manning flashed a "faint smile" as he was cleared of the most serious accusation - that he knowingly helped enemies of the US, most notably Osama bin Laden and al Qaeda.
He had denied this offence, which carried a life sentence without parole.
Manning's lawyer David Coombs said outside court: "We won the battle, now we need to go win the war. Today is a good day, but Bradley is by no means out of the fire."
WikiLeaks described Manning's espionage convictions as "dangerous national security extremism from the Obama administration" on Twitter.
Manning's family said they were "disappointed in today's verdicts but happy that the judge agreed that Bradley never intended to help America's enemies", tweeted a Guardian journalist.
Manning will be sentenced on Wednesday.
The verdict was delivered by Army Colonel Denise Lindfollows after she deliberated for about 16 hours over three days.
The 25-year-old had admitted giving the anti-secrecy website some 700,000 documents, pleading guilty to 10 lesser charges, including espionage and computer fraud.
Supporters hailed Manning as a whistleblower while the government called him an anarchist computer hacker and attention-seeking traitor following the most voluminous release of classified material in US history.
Manning has said he leaked the material to expose the US military's "bloodlust" and disregard for human life, and what he considered American diplomatic deceit.
He said he chose information he believed would not the harm the US and he wanted to start a debate on military and foreign policy. He did not testify at his trial.
The material WikiLeaks began publishing in 2010 documented complaints of abuses against Iraqi detainees, a US tally of civilian deaths in Iraq and America's weak support for the government of Tunisia.
Manning supporters said the last disclosure helped trigger the Middle Eastern pro-democracy uprisings known as the Arab Spring.
The Obama administration said the release threatened to expose valuable military and diplomatic sources and strained America's relations with other governments.
Prosecutors said during the trial Manning relied on WikiLeaks and its founder Julian Assange for guidance on what secrets to "harvest" for the organisation.
Federal authorities are looking into whether Assange can be prosecuted.
He has been holed up in the Ecuadorian Embassy in London to avoid extradition to Sweden on sex-crimes allegations.
Glenn Greenwald, the journalist who first reported Edward Snowden's disclosure of US surveillance programmes said Manning's acquittal on the most serious charge, represented a "tiny sliver of justice".

Former Mozilla chief Gary Kovacs appointed AVG boss

AVG chief executive Gary Kovacs
Former Mozilla head Gary Kovacs (pictured right) has been named as security firm AVG's new chief executive officer, four months after the departure of former boss JR Smith.
AVG chairman of the supervisory board, Dale Fuller confirmed that Kovacs would take the role in a public statement, claiming his experience in helping Mozilla enter the mobile space with Firefox OS will be an invaluable aid to the company's own expansion plans.
"We welcome Gary to AVG and look forward to benefiting from his seasoned leadership skills as CEO. His past career successes are directly applicable to the opportunity and the future of AVG ­­– mobile, cloud, software and platforms – and we believe that his rare blend of experience, leadership and drive will take AVG to new levels," he said.
Kovacs mirrored Fuller's sentiment, announcing plans to mirror his strategy at Mozilla and target emerging markets.
"We know that there are over two and a half billion people online and we anticipate another two and a half billion people coming online in the next five years. With all these people online there is going to be an increasing urgency to secure them," he said.
"I have dedicated my last three years to that pursuit and with AVG building products that simplify and secure users' digital lives, it is a natural fit. I am really excited to be here and I am looking forward to helping AVG continue to grow its business."
The news comes four months after former AVG chief executive JR Smith unexpectedly stepped down from his role for unknown reasons. Before Kovacs' appointment, AVG chief operating officer John Giamatteo had overseen the day-to-day running of the company. Kovacs stepped down from his role at Mozilla in April having served as its chief for two and a half years.

Chomsky praises Snowden and condemns US hypocrisy

Typ­i­cally elo­quent Noam Chom­sky, speak­ing this week­end at the Geneva Press Club:
My own opin­ion is that Snow­den should be hon­ored. He was doing what every cit­i­zen ought to do, telling. [Ap­plause] He was telling Amer­i­cans what the gov­ern­ment was doing. That’s what’s sup­posed to hap­pen.
Gov­ern­ments as I men­tioned be­fore al­ways plead se­cu­rity no mat­ter what’s going on. The re­flex­ive de­fense is se­cu­rity. But any­one who’s looked at– first of all, you take a look at what he ex­posed. At least any­thing that’s been pub­lished, it’s not any kind of threat to se­cu­rity, with one ex­cep­tion, the se­cu­rity of the gov­ern­ment from its own pop­u­la­tion. And in fact if you look at any­one who’s spent any time por­ing through de­clas­si­fied records– I have, I’m sure many of you have– you find that over­whelm­ingly the se­cu­rity is the se­cu­rity of the state from its own pop­u­la­tion and that’s why things have to be kept se­cret.
There are some cases where there’s au­then­tic se­cu­rity con­cerns. But they’re pretty lim­ited.
The plea of the US gov­ern­ment in this case for the sur­veil­lance and so on, is that it’s se­cu­rity against ter­ror. But at the very same mo­ment the US pol­icy is de­signed in a way to in­crease ter­ror. The US it­self is car­ry­ing out the most awe­some in­ter­na­tional ter­ror­ist cam­paign, ever, I sup­pose– the drones and spe­cial forces cam­paign. That’s a major ter­ror­ist cam­paign, all over the world, and it’s also gen­er­at­ing ter­ror­ists. You can read that and hear that from the high­est sources, Gen­eral Mc­Chrys­tal and schol­ars and all, so on.
Of course the drone cam­paign is cre­at­ing po­ten­tial ter­ror­ists, and you can eas­ily un­der­stand why. I mean, if you were walk­ing through the streets of Geneva and you don’t know whether five min­utes from now there’s going to be an ex­plo­sion across the street that’s run a cou­ple thou­sand of miles away and it will blow away some peo­ple and who ever else hap­pens to be around– you’re ter­ror­ized. And you don’t like it. And you may de­cide to react. That’s hap­pen­ing all over the re­gions that are sub­jected to the Obama ter­ror cam­paign.
So you can’t se­ri­ously on the one hand be not only car­ry­ing out mas­sive ter­ror but even  gen­er­at­ing po­ten­tial ter­ror­ists against your­self and claim that we have to have mas­sive sur­veil­lance to pro­tect our­selves against ter­ror. That’s a joke. It should be head­lines.
Then comes the in­ter­est­ing ques­tion of ex­tra­di­tion. The US has just an­nounced again that they’re going to pun­ish any­body who re­fuses to ex­tra­dite Snow­den.
At the same time the US is one of the leaers in re­fus­ing ex­tra­di­tion. Bo­livia is an in­ter­est­ing case. The US has im­posed pres­sure at least… to try to block the Bo­li­vian plane be­cause they want Snow­den ex­tra­dited. For years Bo­livia has been try­ing to ex­tra­dite from the United States the for­mer pres­i­dent who’s al­ready in­dicted in Bo­livia for all sorts of crimes. The US re­fuses to ex­tra­dite him.
In fact it’s hap­pen­ing right in Eu­rope. Italy has been try­ing to ex­tra­dite 22 CIA agents who were in­volved and in fact in­dicted for par­tic­i­pat­ing in a kid­nap­ing in Milan. They kid­naped some­body, sent him off I think to Egypt to be tor­tured.  And agreed later he was innno­cent…
Ex­tra­dite the peo­ple in­volved, the US of course re­fuses. And there’s case after case like this… There are a lot of cases where the U.S. just re­fuses…
In fact one of the most strik­ing cases is Latin Amer­ica, again, not just Bo­livia. One of the world’s lead­ing ter­ror­ists is Luis Posada, who was in­volved in blow­ing up a Cubana air­liner which killed 73 peo­ple and lots of other ter­ror­ist acts. He’s sit­ting hap­pily in… Miami, and his col­league Rolando Bosch also a major ter­ror­ist… is hap­pily there…  Cuba and Venezuela are try­ing to ex­tra­dite them. But you know. Fat chance.
So for the U.S. to be call­ing for oth­ers to ex­tra­dite Snow­den is let’s say a lit­tle ironic. Again, these ought to be head­lines.

Russian Migration Official: Snowden May Be in Danger

Free Saudi Liberals Editor Sentenced to 7 years in prison & 600 lashes

Saudi Arabian social website Free Saudi Leberals editor has been sentenced to seven years in prison and 600 lashes for founding an Internet forum that violates Islamic values and propagates liberal thought, Saudi media reported on Tuesday.
Free Saudi Liberals website  discuss the role of religion in Saudi Arabia and is started by Raif Badawi who  has been held since June 2012 on charges of cyber crime and disobeying his father.
Al-Watan newspaper said the judge had also ordered the closure of the website.
France was concerned by the sentence and remained committed to "freedom of opinion and of expression", the foreign ministry said in a statement. Officials from the Saudi National Society for Human Rights could not be reached for comment.
Badawi's website included articles that were critical of senior religious figures such as the Grand Mufti, according to Human Rights Watch.
The watchdog said in December that Badawi faced a possible death sentence after a judge cited him for apostasy, but Al-Watan said the judge dropped the apostasy charges.
Apostasy, the act of changing religious affiliation, carries an automatic death sentence in Saudi Arabia, along with other crimes including blasphemy.
Badawi's wife denied her husband had expressed repentance before the judge on Monday at a court in the Red Sea city of Jeddah. "The judge asked Raif 'Are you a Muslim?' and he said 'Yes, and I don't accept anyone to cast doubt on (my belief)'," she wrote on Twitter.
The world's top oil exporter follows the strict Wahhabi school of Islam and applies Islamic law, or sharia.
Judges base their decisions on their own interpretation of religious law rather than on a written legal code or on precedent.
King Abdullah, Saudi Arabia's ruler, has pushed for reforms to the legal system, including improved training for judges and the introduction of precedent to standardise verdicts and make courts more transparent.
However, Saudi lawyers say that conservatives in the Justice Ministry and the judiciary have resisted implementing many of the changes announced in 2007.

Government calls for police cyber espionage response centre to help win e-crime war

UK police need a "state of the art espionage response centre" to help combat the growing tide of cyber attacks targeting British industry, MPs have warned.
The Home Affairs Select Committee has called for the creation of the centre after Committee Chair Keith Vaz said a 10 month review of police anti-e-crime efforts showed a need for drastic action.
"We are not winning the war on online criminal activity. We are being too complacent about these e-wars because the victims are hidden in cyberspace. The threat of a cyber attack to the UK is so serious it is marked as a higher threat than a nuclear attack," he said.
The report criticised budget cuts to specialist UK police units, announced by deputy assistant commissioner at the City of London Police, Adrian Leppard. The cuts will see up to a quarter of the UK's 800 specialist internet crime officers lose their jobs and a 10 percent reduction to the Child Exploitation and Online Protection Centre's (Ceop) budget.
The cuts come despite the revelation that around 1,300 criminal gangs specialising in fraud are actively targeting British industry.
Vaz said the cuts are unacceptable, citing them as proof of the need for the new specialised cyber espionage response centre. "We need to establish a state of the art espionage response centre. At the moment the law enforcement response to e-criminals is fractured and half of it is not even being put into the new National Crime Agency," he said.
Vaz said even with the e-crime strategy and new initiatives, police and government will need the help of technology companies to combat cyber crime. The MP reiterated prime minister David Cameron's call for internet service providers (ISPs), search engines and social media services to more diligently monitor what content is being posted on their networks.
"The Prime Minister was right this week to highlight the responsibility of the internet service providers, search engines and social media sites. They are far too laid back about what takes place on their watch and they need to do more to take inappropriate content down. If they do not act, the Government should legislate," he said.
The Home Office report also called for a review on sentencing guidance for e-criminals to ensure cyber criminals receive the same sentences as real-world crooks and the creation of a foundation focused on reporting and removing online terrorist content.
The national policing lead on e-crime deputy chief constable Peter Goodman addressed the Home Office's report, reiterating that law enforcement is working to combat the evolving threat with its new ACPO e-Crime strategy.
"The police service – like the other agencies that are working to combat e-crime – is continually adapting to meet the threat. There is absolutely more to do but we are committed to protecting victims and preventing this form of crime as well as targeting offenders," he said.
"The ACPO e-crime strategy will drive forward further improvements in this area including increasing the number of regional e-crime hubs. These hubs have been successful in improving our regional capability and response times as well as supporting the work of the Police Central e-Crime Unit."
Representatives of the security community have welcomed the Home Office's report, but added that the problem will not be solved with legislation alone. Performanta UK chief technology officer Lior Arbel said the problem is largely down to education, with most businesses' employees remaining woefully ignorant of cyber best practice.
"[We] must realise we are all in the data protection business and take responsibility for our actions. Businesses in particular must be proactive and deal with the threat of critical data loss right now at a technological level in order to protect themselves and their employees," he said.
Damballa global technical consultant, Adrian Culley, mirrored Arbel's sentiment, arguing that UK cyber skills levels need to be raised across the board.
"We all need to know how to be safe in our digital lives and a 'cyber proficiency' programme is now required to help empower people of all ages. The skill level must be raised across society, including for those officials tasked with responsibilities in these areas," he said.
The security consultants are two of many to criticise UK industry's cyber skills levels. Most recently Sophos director of technology James Lyne told V3 that a lack of security awareness among UK SMEs is letting hackers hijack up to 30,000 legitimate business websites per day, turning them into malware-spreading tools.

Lenovo PCs 'banned' by top spy agencies following security concerns

PCs produced by Chinese manufacturer Lenovo have been banned by intelligence services in five countries including the UK, US and Australia as a result of concerns that they are vulnerable to being hacked.
An investigation by the Australian Financial Review (AFR) found that the alleged ban had been enforced at some point in the mid-2000s following "intensive tests", which found "back-door hardware and firmware vulnerabilities".
The report cites security sources saying that tests carried out by UK security labs found "malicious modifications" to Lenovo's chips that could "allow people to remotely access devices without the users' knowledge".
However, the AFR also maintains that the company is still a significant supplier of computers for western governments' "unclassified" networks.
The Home Office told V3 that it was unable to comment on security issues and would neither confirm or deny a ban on Lenovo products.
A Lenovo statement said that the firm had not been aware of any ban on its products: "Lenovo continues to have a strong relationship with government customers, so the claims being made are new to us. We are looking into this situation closely and we'll be sure to share updates when available."
The AFR cites an Australian source saying that Lenovo – which bought out IBM's PC business in 2005 – had never sought accreditation to supply Australian defence and intelligence services.
This is the latest in a series of security controversies for Chinese hardware manufacturers, with Huawei recently criticised for "locking out" GCHQ security personnel from its Cyber Security Evaluation Centre, which was set up to address concerns over its supplying of hardware for BT networks.

Microsoft brings more firms into anti-hacker MAPP family

Microsoft logo
Microsoft has announced plans to expand the number of companies in its threat-sharing Microsoft Active Protections Program (MAPP).
Microsoft Trustworthy Computing (TwC) group manager Dustin Childs announced the expansion, confirming that the company will launch a new MAPP Scanner service. The scanner is designed to profile incoming threats as they appear. Childs said the cloud scanner is an essential tool required to combat the influx of advanced threats targeting businesses on a daily basis.
"MAPP Scanner is a cloud-based service that allows Office documents, PDF files, and URLs to be scanned for threats, which increases the likelihood of us learning about new attacks and attack vectors sooner rather than later," Childs wrote. " This service leverages our own product knowledge and is what we use internally to kick off new investigations. This service is currently in pilot with a limited number of partners."
The change will also split MAPP into separate sections for security vendors and responders. Childs said the for vendors section is a developed version of the traditional MAPP program and will continue to provide vendors with information about threats ahead of patch releases.
"MAPP for Security Vendors is our traditional MAPP program with some new enhancements. As part of our monthly security bulletin release process, we will engage certain members of the MAPP community to help validate our guidance prior to final release. Working with the community in this way helps to ensure our guidance works for the widest possible set of partners," he wrote.
"In addition, we will share detections earlier to select MAPP partners with a trusted history. These trusted partners will receive the information three business days before Update Tuesday to help them create better quality solutions for our common customers."
The Microsoft group manager said MAPP for responders is a new more aggressive partnership designed to more actively combat black hat hackers. "MAPP for Responders is a new way to share technical information and threat indicators to organisations focused on incident response and intrusion prevention," he wrote.
"Getting this information into the hands of those closest to the events can be invaluable in detecting and disrupting attacks. Many attackers share information among themselves, and defenders should share knowledge to help prevent and contain issues as they occur. MAPP for Responders will work to build a community for information exchange to counter the activities of those who wish to do harm."
Childs said the expanded program will help Microsoft fulfill its goal to "eliminate entire classes of attacks by working closely with partners to build up defences, making it increasingly difficult to target Microsoft's platform."
The MAPP expansion is one of many anti-hacker initiatives launched by Microsoft. In May the company's TwC division announced plans to offer firms real-time information on the threats facing them by loading its anti-botnet security intelligence systems into Windows Azure.

PRISM: Half of Americans are fine with the surveillance programme

They may not like the government putting up CCTV cameras in public or butting in over gun use, but it seems at least half of Americans are okay with letting big brother peer over their shoulder while they browse the web.
A study carried out in July by Pew Research Center found that 50 percent of those surveyed were okay with the NSA's internet surveillance programme. An additional 44 percent disapproved of the spying campaign, while the rest of the country had no opinion.
The numbers are a bit less disconcerting when broken down into more specific categories. Fifty-six percent of Americans do not believe that courts provide adequate limits on what data government agencies can collect, and 70 percent believe that the government is harvesting information for uses beyond fighting terrorism.
Even with this information, half of citizens don't seem to have much of a problem with letting the NSA continue its current activities.
That the nation would be split down the middle is not so surprising when you take the overall political picture of the country into account. Much like citizens, politicians have been largely split with many conservative groups approving of the plan and left-leaning groups opposing the surveillance.
Public opinion could play an interesting role in determining policy going forward. Certainly in the wake of the Snowden scandal the intelligence community will have to rethink its programmes, but if the public isn't so up in arms, they could keep much of the system, which is also shared with European agencies, intact.

Iran’s cyber warfare could hit public more than military

Iran’s limited cyber capabilities enable it to launch attacks against the U.S. that would do more damage to public perceptions than actual infrastructure, a new study said.
“Iran does not need the equivalent of a Ferrari to inflict damage on U.S. infrastructure: A Fiat may do,” states the study “Iran: How a Third Tier Cyber Power Can Still Threaten the United States.”
The study was published Monday by the Atlantic Council, a pro-NATO think tank in Washington.
Previous cyberattacks on nation-states, like the Russian-backed one against Estonia in 2007, were not destructive and “caused a political crisis, not a military one,” the study says. In the same way, “a significant Iranian cyberattack against the United States would take on outsized importance, regardless of its technical sophistication.”
An anonymous cyberattack that shuts down the New York Stock Exchange for a few hours or cuts electricity to a major U.S. city could color public public perceptions during a military confrontation with Iran, the report says.
The Atlantic Council’s Iran Task Force and its Cyber Statecraft Initiative worked together on the study an analysis of various cyber warfare options available to Tehran in the event of a confrontation with U.S. forces.
The study cites the U.S., some Western nations and Russia as “tier one” cyber powers. China is “a step behind them” at “tier two,” and Iran, which only recently has begun to develop an online warfare capability, is a “third tier” power.
Hackers widely believed to be backed by Tehran already have launched attacks over the past year that slowed or knocked offline the websites of major U.S. banks.
And North Korea has been blamed for a cyberattack using malicious software that paralyzed ATM networks and three TV broadcasters in South Korea in March.
“There is no reason to believe that Iran’s growing cyber army is any less capable than that of an isolated Asian rogue state with few IT graduates, limited Internet access, and a paucity of computers,” the study says.
Iran could easily hide its hand in any cyberattacks by mounting them via hackers-for-hire in other countries like Russia or Lebanon, the study says.
“Given Iran’s conventional weakness, cyber is an attractive alternative the ultimate asymmetric weapon,” states the study.

Chinese Cyber attack on NASA satellites ground Control

The cyber realm in general and cyber warfare in particular have gained a position of prominence in public-defense discourse in recent years. They are often linked to nearly every field of activity, whether a connection exists or whether such a connection is very feeble indeed. One of the fields regarding which this linkage is made often is space – where the connection between cyber terrorism threats and actual damage to space-borne assets is very direct.
In recent years, it has become clear to anyone involved in this field that space-borne assets can be damaged in various ways, including the option of inflicting damage on the computers that command the satellites, and not necessarily on the computers onboard the satellite. Cyber attacks may be staged against the ground station controlling the satellite and dictating its operation, thereby damaging the system located in space, hundreds or thousands of kilometers above the earth.
A system-wide vulnerability may be identified here, and the ground control stations may be damaged in various ways. At this point, and in all probability in the foreseeable future as well, only the superpowers possess the ability to inflict serious damage on satellites. So far, only three states have demonstrated the ability to physically damage satellites by intercepting them: Russia, the US and China.
In order to overcome cyber attacks against satellites – and the more satellites a country operates, the greater the potential damage an attack can inflict – it should be understood that the damage inflicted by a cyber attack is not confined to the results of information and data having been stolen. It can have a physical manifestation, namely the damage inflicted on the satellite can be real, up to complete destruction. A scenario may be described where a state or a non-state organization dominates a satellite control channel and causes the satellite to activate its maneuvering engines in a way that would cause it to lose altitude and burn off upon reaching the atmosphere.
The damage can also have an ‘awareness’ effect, namely someone gaining access to a satellite control channel and executing some harmless operations merely to demonstrate their ability (US spokespersons have attributed such incidents to the Chinese, who had staged a cyber attack against a Norwegian ground station out of which NASA satellites were controlled).
Every satellite operating in space relies on communication with the ground (or with a naval or aerial platform). This communication may also be disrupted in order to interrupt the normal functioning of the satellite. Using the cyber attack option, satellite operation may be interrupted by attacking the electrical power infrastructure supplying power to the ground section of space-borne systems.
Another way to attack satellites (as well as other products) is by inserting fake components into the system so that it will contain a hostile element, while the satellite operators remain unaware of this fact (this opens a ‘back door’ through which the perpetrator can access the system and perform various operations therein). In the US, the authorities found thousands of fake components (mainly chips) intended for installation in the next generation of US navigation satellites.
Attacks against satellites are lucrative to states and other players, as in many cases the source of the attack is very difficult to trace. On the other hand, the databases containing information about the orbits of communication satellites or satellites in even lower orbits are not classified, and any smartphone user can view the positions of those satellites on the display screen of his smartphone, with the display updated at 30-second intervals. As the locations of satellites and the frequency ranges they use cannot be concealed, a greater emphasis should be placed on the physical protection of ground control stations (and on concealing the backup stations), as well as on preventing the leakage of information from the satellite manufacturers.
In order to defend against cyber attacks on satellites, awareness must be heightened among members of the space community, developers and consumers. Furthermore, tests must be added for immunity to such attacks as an integral part of the tests satellites undergo during the manufacturing process, before being launched into space. The aforementioned measures should complement the introduction of diversified protective elements, on board the satellites as well as in the ground stations controlling them.
The employment of multiple satellites will enable redundancy in the event of a cyber attack. A costly but feasible recovery concept can include the use of launching by demand, using standby satellites and a launcher that may be readied for launching at short notice. This concept was theoretically developed in the US primarily, but it has not yet been implemented. Moreover, methods for managing the satellite layout intelligently and backup provided to the ground control stations will contribute to the reinforcement and strengthening of the satellite layout against various types of cyber threats.

Consistent Car Cyberattack Murdered NSA Journalist Michael Hastings ?

I think sometimes some journalists forget what their job is. If you’re choosing not to investigate something because you’re worried you might look silly, or be made fun of, you’re doing it wrong.
I have no idea what happened to Michael Hastings, and it’s certainly both possible and reasonable that his accident was solely due to his own error or a mechanical fault. In fact, that’s probably the most likely explanation.
However, there are a number of confounding facts that cast doubt upon that explanation, and demand further investigation. The fact that most journalists are afraid to even raise these very legitimate questions, for fear of being branded some sort of “conspiracy-nut” is a sad and terrifying testament to the state of journalism.
Let’s recap.
A journalist, with a history of taking down major figures and royally pissing off the powers that be, sends an email to his editors warning them that federal agents have been interviewing his associates and that he has to go off-radar to finish a big story.
What was the big story? For some reason the subject line of the email, which read “FBI investigation, re: NSA” has been persistently ignored. It certainly seems to suggest that his “big story” was related to the National Security Agency.
Shortly thereafter he dies in a fiery car crash. This crash is swiftly ruled an accident, however there are no skid marks to indicate braking, an eyewitness says he saw flames and sparks before the car left the road and video appears to show his car exploding into a fireball before it goes out of control and hits a tree.
Meanwhile former U.S. National Coordinator for Security, Infrastructure Protection, and Counter-terrorism Richard Clarke goes public with the assertion that what we know about Hastings’ crash is “consistent with a car cyber attack.”
“There is reason to believe that intelligence agencies for major powers,” including the U.S., can remotely seize control of a car.
“What has been revealed as a result of some research at universities is that it’s relatively easy to hack your way into the control system of a car, and to do such things as cause acceleration when the driver doesn’t want acceleration, to throw on the brakes when the driver doesn’t want the brakes on, to launch an air bag,” Clarke told The Huffington Post. “You can do some really highly destructive things now, through hacking a car, and it’s not that hard.”
“So if there were a cyber attack on the car — and I’m not saying there was, I think whoever did it would probably get away with it.”
In fact, Hastings’ model of car is sold with the advertised feature that it can be remotely disabled.
Could Hastings have been over-tired, drunk, stressed or otherwise incapacitated? Sure.
But this video appears to confirm the testimony of the eyewitness, and other witnesses who reported hearing the car explode BEFORE going off the road. Could that have been caused by a spectacular mechanical failure? Sure. But it would be a wildly rare fault, given that exploding into a fireball isn’t something that happens to cars often, if at all. In fact, cars are designed not to explode, even in cases of catastrophic collision, and contrary to what Hollywood would have us believe, the incidence of cars exploding in accidents is negligible.
It also bears mentioning that most of Hastings’ colleagues, friends and family have made clear, albeit some more explicitly than others, that they don’t believe the official explanation for his death and suspect foul play.
I could go on, but you get the point. Hastings death might have been an accident, but it also might have been murder. There is ample enough evidence to assert that he died in suspicious circumstances.
Clarke, who worked for the State Department under Reagan, ran counterterrorism activities for Presidents George H.W. Bush, Bill Clinton and George W. Bush and was also a special advisor to Dubya on issues of cyberterrorism, isn’t afraid to ask these questions.
“I’m not a conspiracy guy. In fact, I’ve spent most of my life knocking down conspiracy theories,” said Clarke, again to the Huffington Post. ”But my rule has always been you don’t knock down a conspiracy theory until you can prove it [wrong]. And in the case of Michael Hastings, what evidence is available publicly is consistent with a car cyber attack. And the problem with that is you can’t prove it. I think you’d probably need the very best of the U.S. government intelligence or law enforcement officials to discover it.”
So if the circumstances of his death are suspicious, don’t we owe it to Michael to ask those questions? Is anyone really suggesting that murdering a journalist is totally outside the realm of possibility? That no cover-up would ever go so far as to murder someone?
If you believe he couldn’t have been murdered, that it isn’t possible, then may I humbly suggest you need to revise your estimation of who precisely is living in fantasy land.
I never met Michael, but I wish I had. By all accounts he was a shooting star. But more than that, he was one of us. If a cop dies, his colleagues don’t rest until his death is satisfactorily explained, and any guilty parties apprehended. If a journalist dies, evidently, most journalists keep their mouths shut and don’t ask questions for fear of being branded a conspiracy-nut. Fan-fucking-tastic.
I don’t know if Michael Hastings was murdered. But I want to know, and I never will unless the media get their heads out of their collective asses and start asking these questions. Accusations of conspiracy-mongering be damned. Chase the story, find the truth. It’s what we do, or at least it’s supposed to be…
UPDATE: Props to self-described “Freedom of Information Act terrorists” Jason Leopold and Ryan Shapiro who are suing the FBI to force disclosure of any and all records they have on Hastings. As Leopold puts it: “Perhaps the FBI doesn’t have any records on Hastings. Regardless, I think Hastings would appreciate that Shapiro and I are trying to find out whether that is truly the case.”

Bradley Manning verdict to be announced Today

A military judge is set to issue a verdict in the court martial of the US soldier who disclosed reams of secret documents to the Wikileaks website
Manning has admitted to sharing massive tomes of classified data with the anti-secrecy website WikiLeaks. He was arrested while deployed to Iraq in 2010 and spent more than 1,100 days in pretrial detention before the court-martial began in June.
The prosecution hopes they’ve convinced Lind to convict Manning of aiding the enemy, a charge they’ve accused him of because the documents the soldier sent to WikiLeaks were published openly on the Web and eventually downloaded by al-Qaeda.

Anonymous New Zealand hits National websites

Anonymous New Zealand claims to have taken over websites linked to the National Party in protest against the GCSB Bill.
Anonymous New Zealand claims attacked Tangodown 13 websites.
Anonymous said Key "should have expected us. We announced our solidarity with the GCSB protesters around the country".