Saturday, 14 September 2013

Tibet-targeting Mac OS malware rears its head again

A new variant on a family of Mac OS X malware which targets Tibetan activists has been found in the wild and shared on the Virus Total website, where security researchers show off new “finds”.
The malware is distributed by a poisoned Java applet on websites which have been compromised – known as a “watering hole attack”. It’s part of a family of malware which has targeted Tibetan activists. The last new version was found a year ago, according to Intego.
An ESET report on previous malware targeting Tibetan activists can be found here.
ESET Senior Research Fellow David Harley says, in a post on Mac Virus, “ I suspect that Apple will slipstream detection for it into XProtect.plist sooner rather than later. In any case, its actual spread is almost certainly as light as you’d expect from targeted malware. It seems to have crossed the AV radar because of a sample sent to VirusTotal, not as a result of user reports.”
In a detailed blog post exploring the myths around Mac malware, ESET Senior Researcher Stephen Cobb says, “Many people have repeated the statement that Macs can’t catch viruses. There may be a qualified sense in which that is true, but it obscures the wider reality that Macs can, and do, get hit with other forms of malicious software.”
“Things have been relatively quiet lately from the authors of the Tibet family of malware, but another variant was found last night on the Virus Total website, which is a site used by security researchers to share malware samples,” Intego said.
“This time, the attack arrives via a Java applet on a web site. This drops a Java archive with the backdoor and launches it without user interaction, by way of a Java vulnerability. When installed, it creates a backdoor to the affected computer, which allows an attacker to view and access files on the computer as well as running commands.”
 Independent security researcher Graham Cluley says that previous attacks in the same “family” have targeted the Tibetan government and supporters of the Dalai Lama, and says, “If I were a betting man, I would put money on those responsible for previous attacks as being likely to be behind OSX/Tibet.C as well.”
Intego has identified the malware as OSX/Tibet.D. It relies on Java vulnerabilities, so users with out-of-date software are advised to udpate now.

Companies that allow home working “ignore security risks”, report claims

Working from home is increasingly common – but few firms address the risks to corporate data, according to new research from storage company Iron Mountain.
Iron Mountain claims that up to two-thirds of employees work from home in Europe at least part of the time – but a mere 18% of firms offer guidance on how to protect information outside the office, or even of what electronic data should not leave the office, according to a survey of 2,000 workers.
Just 17% of films have a formal policy regarding working from home – and more than two thirds (67%) failed to provide secure access to company intranets, according to CBR Online’s report. One in four provide no equipment or training for home workers.
Dealing with sensitive data from home on unsecured machines carries many of the same risks as employees “bringing their own devices” to the workplace – known as BYOD. A recent report found that one in four employees used no security measures whatsoever on “BYOD” devices
ESET Senior Security Researcher Stephen Cobb said, in a detailed blog post describing the risks of BYOD, “The phenomenon of organizations allowing or encouraging their employees to use their own computing devices for work–known as Bring Your Own Device, or BYOD–is now widespread in many countries, bringing with it some serious risks to company networks and data.”
One in 10 users also admitted to working from unsecured public Wi-Fi networks – and 7% admitted to sending and receiving work documents over public networks.
ESET Distinguished Researcher Aryeh Gorestky says, “It is possible that someone might be monitoring and capturing network traffic going through the “free” Wi-Fi connection, for reasons ranging from questionable to illegal, (depending upon your jurisdiction, such as (injecting targeted advertising into web pages to the outright malevolent, such as stealing credentials for email, financial institutions and so forth.”
Christian Toon, risk and security, Iron Mountain said: “Firms are allowing their most precious business asset – their information – to leave the workplace for a non-secure environment. “It is vital that companies broaden their secure information management processes to account for home offices and remote working.”

Anonymous hacktivist behind police cyber strikes gets three years' hard time

Anonymous video screenshot
A hacker with ties to the Anonymous hacking collective has been sentenced to serve three years in a federal prison for involvement in attacks on a number of police departments' websites.
The US District Court in Salt Lake city sentenced 22-year-old Ohio resident John Anthony Borell III after he pled guilty computer fraud in April. As well as the jail time, Borell will also be required to pay $227,000 in damages to computer servers affected by attacks.
Borell is believed to have participated in several Anonymous-backed "operations". In 2012 he is believed to have targeted websites associated with the New York police, Los Angeles County Police Canine Association and Salt Lake City police. The attack on the Salt Lake Police was particularly devastating, managing to knock it offline for four months, while coders redesigned it to be more secure.
The Associated Press reported that Borell's sentencing was diminished due to concerns over his mental well being. The AP reported Borell has been ordered to accept mental health treatment and refrain from drug use.
Borell is one of many ex-Anons to receive jail sentences for their involvement in cyber attacks on public and private sector companies and agencies. Prior to this, 21-year-old Arizona resident and former Lulzec member Raynaldo Rivera, known online as Neuron, was sentenced to serve 13 months of home detention, perform 1,000 hours of community service and pay $605,663 in restitution for his involvement in a 2011 cyber raid on Sony Pictures.
LulzSec was a sister group to the Anonymous hacktivist collective, more anarchic in character. Its primary focus was to instill comedic panic rather than punish perceived crimes, like the main Anonymous collective.
Within the UK, LulzSec member Ryan Ackroyd, 26, pleaded guilty to carrying out an unauthorised act to impair the operation of a computer, contrary to the Criminal Law Act 1977. Earlier still, Ryan Cleary and Jake Davis pleaded guilty to involvement in attacks on several high-profile agency and company websites in July 2012

Lockheed Martin recruits coder army for Nato and Ministry of Justice projects

Defence contractor Lockheed Martin has announced plans to recruit over 100 IT professionals after winning contracts with Nato and the Ministry of Justice.

Lockheed Martin announced the expansion just after securing a $100m (£63.2m) IT contract to design the network infrastructure for Nato's new headquarters in Brussels. Lockheed will maintain the Nato network for five years after completion.
Prior to Nato, Lockheed confirmed winning a new contract with three other government departments, including the Ministry of Justice. The contract tasks Lockheed to create and provide a range of IT services to boost the departments' efficiency and cyber security.

Lockheed confirmed plans to recruit 200 new cyber security professionals for its UK office to help it meet its contractual requirements. A Lockheed spokesperson confirmed to V3 that the majority of the new hires will be for cyber security, saying "over half" the jobs being advertised are IT-focused. The 200 new recruits will join the office's existing 2,000 staff.

The spokesperson told V3 that the company plans to recruit the majority of the new staff from the UK, but added that many of the roles will be for established professionals. The 200 new employees are the latest step in a wider expansion by the firm. Lockheed Martin also announced plans to expand its cyber professional workforce by acquiring Glasgow-based technology firm Amor Group for an undisclosed sum earlier this week.
The Lockheed spokesman said this acquisition, along with the recruitment drive, will increase its workforce to over 3,000 by the end of the year.
The announcement comes during a cyber skills crisis. Numerous security vendors and government agencies have warned that the UK is failing to recruit and train the next generation of cyber security experts. Fixing the ongoing skills gap has been an ongoing goal of the UK government's Cyber Strategy, which was announced in 2011 when the UK government pledged to invest £650m to help improve the nation's cyber defences.
Lockheed Martin has been a constant supporter of the initiatives, listing recruiting and training professionals directly from UK universities as a central part of its corporate strategy. The Lockheed spokesman told V3 the company currently hires and trains around 75 graduates per year.
The government's Cyber Strategy has seen the UK launch several initiatives designed to help government agencies and private businesses find skilled professionals during the current drought. Most recently GCHQ has launched a Can You Find It challenge designed to help the government agency find and recruit the next generation of cyber security code experts.

Africa needs to develope a Cyber Defense System

Africa ’s banking industry, tourism sector and plenty of other businesses are prone to cyber-related crime hence the urgent need to develop a defense system

A good number of stakeholders and Internet Service Providers in Africa warned for the last two years that Africa’s banking industry, tourism sector and plenty of other businesses are prone to cyber-related crime hence the urgent need for the African countries to develop a robust defense system. Last year, Ugandan internet users suffered twice due to the data connection after fiber optic cables were vandalized in the neighboring country of Kenya and the millions of Internet users in the pearl of Africa have since become highly prone to disruption, thus the need for data defense to be addressed urgently in Uganda and other landlocked countries in Africa. The highest percentage of data communication in Africa uses underwater fiber optics that runs across the continent, which is prone to all kinds of disturbances like terrorism and piracy as well as vandalism that could disconnect the entire system causing losses running into millions of dollars to bother African and world economies. Data from research conducted last year showed that most system users are small and medium enterprises, tourism and financial businesses. In Africa’s major cities like Lagos, Cairo, Johannesburg and Nairobi the rate of cyber-connected disturbances such as false financial transactions, rising cases of child kidnappings especially in Kenya through Internet communication has grown double fold in the last three years. 
In a cyber security research in Africa conducted a few months ago, the rising trend in cybercrime in the continent of 1 billion plus people has been blamed on the increasing number of Internet users.

Africa China Russia Cybercrime
Statistics show that the number of Internet users in Africa is expected to reach 500 million in the next four years despite it currently stands at an estimated 200 million users up from 170 million last year. The increasing use of cyberspace in all aspects of life had further increased the threat to a level that could harm African country’s defense. Statistics from various indicate that Africa is very prone to cyber-related threats due to the high number of domains coupled with very weak protection. Although highly unlikely, any future cyberwar could cripple government operations and performance and it is therefore very important for the countries in Africa to develop a defense system against cyberwar. There are some big brothers with much developed cyber defense systems with whom they can learn from like Russia, United Kingdom, India and North Korea. There is a need for African countries to protect their important infrastructures and the fastest growing private sector, including electricity firms, banks and telecommunications which has been credited for lifting millions of Africans out of abject poverty over the past decade.

Anonymous Attack Cambodia Gov Websites #OpCambodiaFreedom

Anonymous Cambodia have launched distributed denial-of-service DDOS attacks against several local government websites in protest against the recent elections, which they call unfair.

Dropbox Has Been Opening Your Private Documents

When you post certain types of private documents to Dropbox and tell Dropbox to share them with no one, Dropbox itself will still open them up and take a look.
It does this in order to make a "preview" version of the document, the company says.
The fact that Dropbox is opening documents came to light when security expert who writes for WNC InfoSec Blog (and asked that we not use his real name), was playing with a new service called HoneyDocs. It tags a document and then privately tells you every time someone opens it.
The InfoSec blogger wanted to see if cloud storage documents were being viewed in ways he didn't know about. So he uploaded a bunch of files to his Dropbox account.
Lo and behold, Honeydocs told him that all of the documents with a ".doc" extension had been opened.
What's going on? Dropbox says it does this to be helpful.
"Dropbox allows people to open and preview files from their browser. This blog post relates to back end processes that automatically create these document previews, making it easier for people to view docs within their Dropbox," a spokesperson told us.
This news comes just two weeks after security researchers published a report showing how Dropbox can be hacked, if hackers could compromise a user's entire PC.
For many people, the convenience of seeing a preview is worth having a Dropbox bot opening files.
But for enterprises who worry that employees are using Dropbox to share sensitive data, this sort of thing is scary. It helps explain why Dropbox is the No. 1 app that enterprises ban, according to research by Fiberlink.

New NSA Leak Shows MITM Attacks Against Major Internet Services

The Brazilian television show "Fantastico" exposed an NSA training presentation that discusses how the agency runs man-in-the-middle attacks on the Internet. The point of the story was that the NSA engages in economic espionage against Petrobras, the Brazilian giant oil company, but I'm more interested in the tactical details.
The video on the webpage is long, and includes what I assume is a dramatization of an NSA classroom, but a few screen shots are important. The pages from the training presentation describe how the NSA's MITM attack works:
However, in some cases GCHQ and the NSA appear to have taken a more aggressive and controversial route -- on at least one occasion bypassing the need to approach Google directly by performing a man-in-the-middle attack to impersonate Google security certificates. One document published by Fantastico, apparently taken from an NSA presentation that also contains some GCHQ slides, describes “how the attack was done” to apparently snoop on SSL traffic. The document illustrates with a diagram how one of the agencies appears to have hacked into a target’s Internet router and covertly redirected targeted Google traffic using a fake security certificate so it could intercept the information in unencrypted format.
Documents from GCHQ’s "network exploitation" unit show that it operates a program called "FLYING PIG" that was started up in response to an increasing use of SSL encryption by email providers like Yahoo, Google, and Hotmail. The FLYING PIG system appears to allow it to identify information related to use of the anonymity browser Tor (it has the option to query "Tor events") and also allows spies to collect information about specific SSL encryption certificates.
It's that first link -- also here -- that shows the MITM attack against Google and its users.
Another screenshot implies is that the 2011 DigiNotar hack was either the work of the NSA, or exploited by the NSA.
Here's another story on this.

NSA Alleged Villa in Vienna, Austria becomes State Affair

A stately villa in a leafy district of the Austrian capital is at the center of ruckus over whether the NSA is snooping on the city's residents, with allegations flying that the building serves as a sophisticated a U.S. intelligence listening post.

Both the U.S. and Austrian governments deny reports claiming to expose a major surveillance operation by the National Security Agency from within the towers of the sprawling manor. They say the building is nothing more than an "Open Source Center" evaluating information freely available in newspapers and the Internet — albeit one run by the CIA.

Many are skeptical in a country shocked by revelations by NSA leaker Edward Snowden that the organization has been able to spy on the online activities of millions around the world. The Viennese are also mindful of the city's Cold War reputation as the spying capital of the world — an outpost for eavesdropping by both sides of the divide.

With passions high over the NSA, Austrians question the need for any kind of U.S. intelligence gathering in their capital, including open source centers.

"Whatever it is, it's confirmation of intelligence agency activity in Vienna," said activist Rudolf Fussi, whose recently organized demonstration in front of the building drew over 200 people.

He said the government is guilty of cooperating with a foreign intelligence service, a crime punishable by a prison term, by allowing such activities and protecting the building with police.

Austria's Kurier newspaper reported this week that the U.S. government had decided to end operations at the site within a year or two — and suggested that was because its cover was blown. CIA spokesman Edward Price refused comment in an email to The Associated Press Thursday.

Meanwhile, the allegations have turned into an Austrian affair of state.

Green party member Peter Pilz says Austria's National Security Council will convene in the next few weeks to discuss what went on inside the building after opposition parties and even some government coalition members called for such a meeting.

The affair is also straining the government coalition, comprised of center-right and center-left forces. The conservative-run Interior Ministry denies cooperation with the NSA and suggests that — if there is any such collaboration — it must come from the Defense Ministry, run by the rival party.

Defense Minister Gerhard Klug has yet to comment on the allegations. But Pilz, who sits on Parliament's security and intelligence committee, asserts that intelligence services run by both ministries work with and protect the NSA.

The villa is "clearly a U.S. intelligence center and according to our information NSA," he says, citing unnamed Austrian government officials as his source

Cyber Attack on Jewish school’s website, defaced with Anti Israel cartoon

The Kehila Jewish Community Day School has been the target of what appears to be a hate crime.

When the school's webmaster went on the site Thursday morning to look up information, she was shocked to find an "anti-Israel" cartoon posted on the home page.

The site was hacked Wednesday night, Sept. 11 — which principal Peter Greenberg says cannot be a coincidence. The police hate crime unit is investigating the incident, says Constable Debbie McGreal-Dinning.

"(The) investigation is at the preliminary stages at this time," she said.

Greenberg described the cartoon as including a woman wearing a hijab holding onto a very young child who appeared to be in a coffin. On the side, he said, it read "the shells are coming from Israel."

Next to the cartoon, Greenberg says, was a comment that said "It won't stop until…."

"Its kind of disappointing that this is happening. … It wasn't as if there were swastikas painted on the door, it wasn't anything like that. … But still, these cyber attacks you keep hearing about, they're happening all over the world, and unfortunately we experienced it."

Greenberg said that despite tight security on site — like all schools — the online nature of the attack is alarming.

A letter was sent home with students Thursday evening.

"I'm sure some of the kids will come in (Friday) having heard the discussion at home and be full of questions. … And we will say this was some lunatic fringe and we won't allow ourselves to be bullied by it," Greenberg said.

He has been in touch with both IT experts and Hamilton Police who he expects to visit the school Monday.

In the meantime, he said, "we will carry on. Its not like we've been beaten up. … It was just shocking to open up our website and see this trash."

Kleissner found Russian CyberSpionage campaign in Austrian Banks,GE,HP,Xerox...

The internationally renowned Vienna hacker Peter Kleissner will have uncovered a global spying campaign from Russia, said to have been affected by the next few conglomerates and the local Bank Austria. "They used a Trojan and stolen data," said Kleissner to APA.

What, only those affected could find. Bank Austria is kalmiert. Only one computer was infected with a malware that was discovered and removed from the in-house IT immediately. Subsequent analysis revealed that there was no spyware on the computer. "Also, no data could be stolen and there was no access to customer or other sensitive data possible," said bank spokesman Martin Halama. Of an espionage campaign so could be no question. Unlike portrays the Kleissner.

Or of the activists had spied from December 2012 to July 2013 from Moscow several large corporations, in addition to the Bank Austria were as General Electric, Hewlett-Packard (HP), Xerox, Ford and Mercedes have been affected. "It may be, that have been paid by someone." It is noticeable next to the long period that several so-called high-profile companies emerge. "When you look at a single attack, you only see this, not the bigger picture," he told 22-year-old. "But there were several botnets, ie groups of infected computers." the goal of hackers is to probably get to data. "The are selling well." Whether the great effort was to assume "that the person has not made ​​fun and laughter," but that professionals put behind it.

How Kleissner or its 4-person firm Kleissner & Associates has come the activists on the ropes? "A domain company (based in the Seychelles, note) has helped us to enlightenment." Initially, the hackers will have a VPN connection - a kind of secure data tunnel - but worked, then you had once made ​​a mistake. "They have used their real IP address." And this is just one Moscow. Kleissner has therefore not be appealed to the authorities.

Especially in Russia hackers usually not much passing, as long as they do not foresee it to domestic firms. 've started all this because he wanted the Bank Austria as a customer. His company did namely developed a program with which you can determine who is infected with the Trojan, who is threatened. Into business but it is not come. Kleissner already made ​​a 18-year-old talked about when he said "Black Hat" at the computer security conference in Las Vegas - some refer to this as a hacker conference - a promising program presented. "So you could be on an encrypted disk draufspielen a Trojan without knowing the password," said Kleissner.

The students immediately got an internship offer from Microsoft. going back to Austria, he was his job at Icarus. Kleissner had worked alongside the school in the Austrian anti-virus specialist. The appearance in Las Vegas was his employer but too much. Icarus Kleissner sued because he allegedly part of a source code unlawfully used. It has even launched a criminal case, which also houses the Russian antivirus vendor Kaspersky has connected. The prosecution Wiener Neustadt determined partly because abuse of access, access to computer data and attempted extortion. "In December 2012, I was acquitted," said Kleissner.

There were no further complaints pending against him. Kleissner now operates from Prague. He founded there in February 2013 together with two other Austrians an "IT-Security-Star-up," as he calls it. The fourth member, a Portuguese, from Ireland to work. It was "good business", have already generated a turnover of 120,000 euros. Already 2009 by Kleissner launched a one-man company Insecurity INSEC system based in Wiener Neudorf was cleared in October 2011 from the Companies Register.

Kleissner as hackers, a graduate of the HTL Mödling would, incidentally, does not call itself. He sees himself as a programmer. In the scene we are divided: some celebrate Kleissner as a star, others accuse him to make his knowledge available to criminals. He had always denied. Not but that he is "Black Hat" on the way back from the Las Vegas, the computer system at Zurich Airport paralyzed to expose security vulnerabilities.

Super Hacker 19Y who Snoop $50,000 a month Arrested

Police in Argentina have arrested a 19-year-old man accused of heading a gang of hackers who targeted international money transfer and gambling websites.

Dubbed "the superhacker", the teenager was making $50,000 (£31,500) a month, working from his bedroom in Buenos Aires, police say.

The arrest operation shut down the power to the entire neighbourhood to prevent the deletion of sensitive data.

Police say it took them a year to close in on the teenager.

The young man lived with his father, a computer expert, in Buenos Aires.

In the teenager's room, officials found high-capacity computers.

The hackers allegedly used malware attacks to build up a network of thousands of zombie computers, which were then used to illegally divert money from accounts leaving virtually no trace behind.

The police operation included five raids in the capital and the city of Rosario, about 300km (190 miles) north.

The young man is being accused of three crimes, and if convicted of all, could be sentenced to more than 10 years in prison

Finn hacker steals 300 websites Personal Data

Helsinki Police say they detained a hacker last weekend suspected of accessing thousands of usernames and passwords of visitors to more than 300 websites. Police spokesman Jukkapekka Risu said officers arrested an unnamed local man, who allegedly acknowledged his actions. Officers are analyzing his confiscated computers. They declined to give more details.
The Finnish Communications Regulatory Authority warned Friday that the suspect might have accessed "usernames and passwords of hundreds of thousands of Finns," mostly from chat forums, adding that the attacks were not aimed at banks.
Erkki Mustonen from global computer security company F-Secure Corp. said it was one of the biggest hacker attacks in the Nordic country to date and could have been prompted by a desire for the hacker to demonstrate his skills