Thursday, 24 October 2013

Dropbox hits back at Zeus phishers

Dropbox has hit back at the hackers behind a recent phishing campaign designed to infect its users with a Zeus-family malware by trying to disrupt their campaign.
The new Zeus campaign was uncovered by cloud security provider Appriver, which reported discovering a bogus password reset email targeting Dropbox customers. The email messages contained a malicious link to a Dropbox file that, when clicked, infects the victim's machine with a Zeus-family malware.
Following its discovery, a Dropbox spokesperson told V3 that the company is aware of the scam and has already investigated and taken action to disrupt the attack.
"This is similar to other email spam campaigns that have spoofed well-known brands to distribute malware. We've investigated and taken action to disrupt this campaign," read the statement.
The spokesperson said users should remain extra vigilant and double check the origin of any email claiming to be from Dropbox before opening it.
"In addition, we urge people to exercise caution with unexpected emails. For example, check the destination of links in emails before clicking on them, verify the email directly with the sender's actual website or support channels, and use up-to-date antivirus software."
At the time of publishing Dropbox had not responded to V3's request for more detail on the specific action it has taken to combat the phishing campaign.
F-Secure security analyst Sean Sullivan said Dropbox was probably trying to flush the malicious files from its systems. "The phishing campaign emails point to Dropbox files, hosted on compromised accounts - or else to accounts set up deliberately by the spammers. I'm sure the Dropbox folks are analysing the IP addresses associated with logins, and are killing other fake accounts set up from the same sources," he said.
"If it looks like the accounts were compromised, their network guys are probably trying to develop some pattern ‘signatures' that would alert them to new phishing-like activity, which would then trigger an account suspension. Outside of that it's a game of whack-a-mole. They could report the phishers' IP addresses to local CERT teams - but there would be little to follow up on as they are almost certainly proxies."
Trend Micro security research vice president Rik Ferguson added that the ability to stop phishing in the first place is almost impossible and that major online firms have to just react as best they can.

"It seems this is just them [Dropbox] saying ‘we've heard that some spam is doing the rounds, abusing the Dropbox brand, distributing malware, don't click it'. To be honest, any company is a victim or a potential victim of this kind of abuse - it's the price of fame," he told V3.
Security firm Kaspersky Lab estimates hackers are hitting the UK with an average of 3,000 phishing messages every day. UK law enforcement has mounted a series of ongoing anti-cyber crime campaigns to help combat the scams. Earlier in October an investigation led by the UK's National Crime Agency resulted in the arrest of a cyber criminal responsible for a £750,000 plot to defraud the financial sector.

Google opens anti-DDoS Project Shield service for testing

Google logo
Google has begun testing a new distributed denial of service (DDoS) protection service, codenamed Project Shield, to help fight back against this growing cyber threat facing digital businesses.
Google confirmed Project Shield is currently running on a trial basis and is open for use on an invite-only basis. "Project Shield is an initiative to expand Google's own distributed denial of service (DDoS) mitigation capabilities to protect free expression online," read the post.
"The service is currently invite-only. We are accepting applications from websites serving news, human rights or elections-related content."
The service works using a variety of existing Google technologies, the firm explained: "Project Shield is a service that currently combines Google's DDoS mitigation technologies and Page Speed Service (PSS) to allow individuals and organisations to better protect their websites by serving their content through Google's own infrastructure, without having to move their hosting locations."
Google said it expects Project Shield to evolve and develop throughout the testing process and confirmed it may begin charging for it come its full release. "Project Shield relies on Page Speed Service, currently offered free of charge," read the announcement.
"Future pricing of Page Speed Service may apply to Project Shield users, but all users will be given 30-day notice. We're hoping to offer the service to charities and non-profits at a reduced fee or at no cost in the future, but this is still under development."
Google announced a new DDoS mapping project alongside Project Shield. The project will see the Google Ideas think-tank partner with security firm Arbor Networks to create a data visualisation service to map DDoS attacks.

The map will reportedly use anonymised data from Arbor Networks' Atlas global threat monitoring system to build a daily update on current DDoS attack activity. Arbor Networks claims the initiative will let users spot and explore DDoS attack trends and better prepare and protect themselves.

Convicted hackers could join UK cyber defence ranks

The government has admitted that convicted hackers could join its cyber crime-fighting ranks as it looks to shore up the UK's digital defences.
The new National Crime Agency (NCA) announced yesterday that it is seeking to hire 400 new cyber defence personnel to help ensure the UK can protect itself from the growing threats in the digital world.
Speaking on BBC Newsnight Lieutenant Colonel Michael White said the importance of hiring skilled cyber experts outweighed the perceived issues with using former convicts.
“I think if they could get through the security process, then if they had that capability that we would like, then if the vetting authority was happy with that, why not?” he said.
"We're looking at capability development, rather than setting hard and fast rules about individual personality traits."
Defence secretary Philip Hammond, also speaking on the show, said that currently the armed forces do not discriminate on issues of past convictions, adding that cases are judged on an individual basis. He also gave some broad ideas on what a UK cyber attack could look like.
"You might be able to deny an enemy the use of certain weapons systems [...] you might be able interfere with the way they worked. You might be able to do, by cyber intervention, something that today would be done by a bombing or missile attack," he said.
David Emm, a senior security researcher at Kaspersky Lab, said the potential use of convicted hackers underlined the pressure the UK is under to ensure it can protect itself in cyber space.
“Those who have previously worked for the ‘dark side’ of the code-breaking fraternity are often motivated by money and misplaced ideals, and therefore expecting them to switch sides, and remain there, is unrealistic,” he said.
“However, this development does highlight the problem of a skills shortage and the lack of talent outside the criminal community to tackle serious cyber-attacks facing the country. This is why it is so important to encourage the next generation to study, and become expert on, security-related issues so they can be the ones to fight sophisticated cyber-threats in the future.”
The NCA recruitment drive is the latest in a long line of government initiatives designed to find cyber experts outside of the standard education channels. For example, earlier this year the GCHQ launched its "Can You Find It" challenge to find people with the necessary skills.

ICO fines Ministry of Justice £140,000 for Cardiff prison data breach

HM Prison sign
The Information Commissioner’s Office (ICO) has fined its parent department, the Ministry of Justice (MoJ), £140,000 after data on 1,000 prisoners at HMP Cardiff were leaked.
The breach saw details on 1,182 prisoners emailed to three families of inmates at the prison. The breach was discovered on 2 August, 2011, when one of the families told the prison they had received a spreadsheet of information.
The spreadsheet included details on names, addresses, sentence length, release dates and coded details of offences by all of the prisoners at HMP Cardiff. The ICO was informed of the issue on 8 September, 2011.
Once the issue was investigated it was discovered the same data had already been sent out to two other unintended recipients. Police and prison staff visited the homes of the recipients to ensure the data was deleted.
The ICO said the issue occurred because of a lack of relevant training and supervision of junior staff, with a clerk responsible having only two months experience in the role. It also found the prison used unencrypted floppy disks to transport prisoner data.
ICO deputy commissioner David Smith said it was lucky that the breach appeared to have no major consequences but it had brought to light very poor data handling practices at the prison.
“Disclosing this information not only had the potential to put the prisoners at risk, but also risked the welfare of their families through the release of their home addresses,” he said.
“We cannot ignore the fact that this breach was caused by a clear lack of management oversight of a relatively new member of staff. Furthermore the Prison Service failed to have procedures in place to spot the original mistakes.”
A statement from the MoJ said it acknowledged the severity of the incident and would be working to improve procedures across prisons.

"We treat the security of information very seriously and took immediate steps to recover the data as soon as the loss was reported to ensure that it went no further. These types of incidents are extremely rare but this does not mean that we are complacent," it said.

"A thorough investigation was held by the prison, which immediately altered its procedures, and further changes were implemented across the prison estate.”
The fine is just one of many handed out to government bodies over recent years but it is especially embarrassing for the government as the MoJ is the department responsible for the ICO and overseeing data protection issues.
The MoJ received the fine, rather than the prison itself, because the National Offender Management Service, responsible for commissioning and delivering prison and probation services in England and Wales, is an executive agency of the department.

NCA to hire 400 cyber crime fighters by end of 2014

Toy soldiers on keyboard representing cyber security
The UK National Crime Agency (NCA) has pledged to train 400 new cyber intelligence officers over the next year.
The agency said the recruits will receive a starting salary of £22,407, which will be increased to £24,717 once they finish two years of training. The newly trained officers will be based in the NCA's offices in Warrington and London.
The NCA's announcement comes as the UK grapples with a serious "cyber skills gap". Many UK security vendors and companies are reported to be struggling to recruit skilled cyber professionals. BT cyber security director Bob Nowill said the gap is largely due to teachers' and businesses' failure to make information security interesting to young people.
The NCA said it will recruit cyber intelligence officers based on their potential aptitude, rather than their formal educational qualifications in order to get around the skills shortage. The agency will accept applications from any 18-year-old regardless of education.
The application process will initially vet candidates using a security-focused online questionnaire. Candidates that pass the questionnaire will be required to complete numerical, verbal and logic reasoning tests online. Roughly 1,000 of the top scoring candidates will be invited to an assessment centre for the final tests at the start of December.
The NCA's deputy director general, Phil Gormley, said the strategy is an essential step in the agency's ongoing fight against cyber crime. "I want roles at the NCA to be the career of choice for people wanting a future in law enforcement. The agency will be vastly different to those that came before it and we need to build our crime-fighting capacity and capability," he said.

"This trainee programme shows that we are opening the NCA up to new people and new ideas, diversifying our workforce and modernising the workplace - while at the same time transferring expertise gained through years of experience."
The NCA recruitment drive is the latest in a long line of government initiatives designed to find cyber experts outside of the standard education channels. Earlier this year, the GCHQ launched its "Can You Find It" challenge, while in 2012 Bletchley Park announced apprenticeships to help find the next generation of cyber professionals.

IBM releases NFC two-factor authentication tool for Android devices

IBM logo
IBM has unveiled new smartcard security technology designed to let Android smartphone owners authenticate mobile payments by using their contactless cards.
The new mobile authentication security technology adds two-factor authentication to the firm's Worklight tool. It works by making the user hold their contactless card next to their mobile phone after entering their pin number when making an online payment.
Using the NFC connection the phone scans the card and uses it to generate a one-time authentication code that is then sent to the server by the mobile device, ensuring none of the data is hijacked or altered mid-transit. As an added layer of protection, IBM said the service features end-to-end encryption between the smartcard and the server, ensuring that, even if hijacked, criminal groups will not be able to use the data.
IBM Research mobile security scientist, Diego Ortiz-Yepes said he expects the advanced encryption of the service to be a key selling point for businesses. "Our two-factor authentication technology, based on the Advanced Encryption Standard, provides a robust security solution with no learning curve," he said.
IBM's two factor authentication solution is currently compatible with Android 4.0 and higher and is based on IBM's Worklight mobile application platform.
The solution comes amid widespread reports that criminals are targeting the Android platform with banking Trojans. The trend began in 2012 when security firm McAfee reported uncovering the notorious FakeTrojan Android malware. The malware stole vast sums of money by mimicking the signing-on process for numerous banking apps.
IBM is one of many companies trying to secure control of the growing mobile payments market. Prior to IBM, Barclays added new ‘mobile checkout' and ‘buy it' features to its Pingit payment services, hoping to make it quicker and easier for businesses to monopolise the growing mobile payments market.

Dropbox users hit with Zeus phishing Trojan

Dropbox logo
Criminals are targeting Dropbox users with a bogus password reset email that, when clicked, infects the victim's machine with a Zeus-family malware.
The new Zeus campaign was uncovered by cloud security provider Appriver. The Appriver researchers reported that the message attempts to stop users checking if their old password works, by listing it as "dangerous".
"A new campaign just started up involving some fake Dropbox password reset emails. The emails come in with a sad computer face claiming the recipient has requested a password reset and their old password is now ‘dangerous'," read the report.
"The email itself contains a link that, when clicked, leads the user to a page saying their browser is out of date and they need to update it. Clicking anything in the linked notification page downloads a file ieupdate.exe. The file is a Trojan that is part of the Zeus family."
Dropbox has since released a statement confirming it has taken action to try and deal with the scam. However, the use of Zeus remains troubling.
Zeus is a notorious banking Trojan family of malwares that has been plaguing the security community for years. The malwares are designed to steal their victims' financial information. The Zeus malwares are commonly used by criminal groups. In May, McAfee reported Zeus and its variants account for 57.9 percent of all botnet infections.
The Appriver researchers reported tracking the latest Zeus campaign to 54 unique domains, all of which were hosted at the web domain in Russia.
The attack is one of many to target Dropbox users. The propensity of the attacks has led numerous figures within the security and technology industry to list Dropbox as unfit for corporate use.
Aaron Levie, chief executive of enterprise cloud storage firm Box, told V3 that enterprise businesses will have to stop using services like Dropbox if they hope to regain control of their networks.
F-Secure web reputation service expert, Christine Bejerasco said the failure of online services such as Facebook, Twitter and Dropbox to adequately test their security before launching as a key reason for the current boom in cyber crime.

Huawei argues against closed network approach to security after PRISM scandal

Huawei logo
Governments and businesses must avoid making protectionist, knee-jerk reactions to cyber security following the PRISM scandal, according to Huawei.
Huawei's UK chief cyber security officer David Francis made the claim during a press briefing attended by V3, arguing recent moves from companies like Deutsche Telekom to only move data on their network through European data centres could damage the digital economy.
Referring to Deutsche Telecom, he said: "Whether it's possible is going to be interesting due to the nature of the global network. How that's going to work in practice is also going to be interesting. There was also an announcement from Brazil that they want to build their own internet.
"All of this shows there is a danger we'll take a protectionist approach. This is bad as protectionism didn't work in the 1930s and it won't work now."
Francis said in order to truly benefit from the growing global digital economy businesses and governments must instead work to be more open and collaborate when combating cyber threats.
"The networks are now totally different; they no longer respect global boundaries. Our traffic no longer necessarily stays in one region's boundary. This means it is not about threats in the UK or the European Union, it's about threats on the global network," he said.
"We need to make sure we start to embrace the implementation of the network and work together. If we have to have a global network we need global standards. We need to make sure in a global supply chain that the whole network is secured, not just our small part of it."
Francis said businesses must adopt the new open strategy sooner, rather than later if they hope to protect themselves from next-generation cyber threats.
"The landscape has changed in the last 10 years. If you go back to 2002 the people trying to exploit the industry were closet groups – small groups, script kiddies trying to do things like get into the Duke of Edinburgh's account. Things changed in 2003 when people began targeting industrial processes. Then it became a billion-dollar industry," he said.
"In 2003 we saw the industrialisation of threats, and since then the sophistication of threats has grown. Then we reached a point where the bad guys could just buy the tools they need. We've seen the threats move from curiosity to personal gain. Make no mistake this is a billion-dollar business.
"For example, when the UK government announced it was going put the benefit system online. We knew the investment protecting it would be matched or even dwarfed by the gangs trying to game it. We're in an arms race with the bad guys. We know the bad guys collaborate and sell information with each other. It's up to us to do something about this."
He added that the news is troubling as many businesses still view security as a hassle. "Today we're in a very different landscape but a lot of our thought processes are still in the 1980s. In the modern world where people are running to consumer products and apps, security is still bolted on," he said.
Francis is one of many security heads to call for technology firms to design their products with security in mind from the start. Intel president Renee James argued that high-tech companies must begin designing products with fully integrated security from the start, during a keynote speech at the McAfee 2013 trade show in Las Vegas.
Increasing data-sharing between the public and private sector has been an ongoing goal of the UK Government's Cyber Strategy. The Strategy has seen the government launch several data-sharing initiatives, including the creation of the Cyber Security Information Sharing Partnership (CISP), since it began in 2011.

EU wants €100m fines for data breaches, backs ‘right to erasure’ law

European Parliament
Businesses face the potential of fines as high as €100m under new amendments put forward by MEPs on Monday night as plans to overhaul the data protection laws in Europe took another step forward
The Committee for Civil Liberties, Justice and Home Affairs backed the proposed Regulation by 49 to one, with three abstentions. The negotiations included a number of new proposals, some in response to recent spying revelations.
Notably, the MEPs agreed to a new ‘right to erasure’ that would entitle anyone to contact an internet firm and have it delete personal data from their services. The firm contacted would also have to ensure third-parties hosting that same data removed it too.
Another amendment would require firms with data hosted in Europe to obtain authorisation from the relevant national data protection organisation before complying with a request to hand over data to a non-EU country. Citizens would also have to be informed the data was being requested.
MEPs also pushed for fines of up to €100m or five percent of annual worldwide turnover, whichever is greater, if a firm breaks any sanctions under the new laws, including losing sensitive data. This is significantly higher than the Commission's proposal of €1m or two percent of worldwide turnover.
Justice commissioner Viviane Reding said that the vote and the new amendments underlined the importance those in the European Parliament place on privacy and civil liberties.
"The vote by the European Parliament's leading committee is a strong signal for Europe. It paves the way for a uniform and strong European data protection law that will cut costs for business and strengthen the protection of our citizens: one continent, one law," she said.
"The European Parliament has proven that excessive lobbying can be counter-productive. It has not only defended but strengthened the right to be forgotten for citizens – one of the central elements of the EU data protection reform.”
Bridget Treacy, managing partner and head of UK Privacy and Cyber Security Practice at law firm Hunton & Williams, said if implemented these changes would prove a headache for UK firms.
“The biggest issue for businesses will be implementing the changes required by the Regulation.  The requirements seek to address the challenges of changing technology, and to harmonise data protection across the EU – no mean feat,” she said.
“Businesses in the UK are more likely to be affected by the Regulation; they will have to implement tougher measures than currently enforced, with significant cost implications.”

The new proposals may not be welcomed by the government, which is on record as favouring light-touch regulation, fearing any tougher measures could impact UK business and damage the economy.
Responding to the latest round of amendments Information Commissioner's Office (ICO) said in a statement: "We don’t necessarily embrace all the Parliament’s changes with open arms and there’s still some way to go."
The Parliament will now take on the draft proposals for further debate. The aim is to have the new laws agreed and passed by May 2014.

IBM teams with Akamai to launch DDoS protection in the cloud

IBM logo
IBM has teamed up with security firm Akamai to offer customers next-generation cloud analytics and defence tools against distributed denial of service (DDoS) attacks.
The new DDoS defence tool combines Akamai's Kona Site Defender cloud-based web security  offering with IBM's Cloud Security Services portfolio. IBM says the combined offering will help businesses prepare, mitigate, monitor, respond and gather evidence on the source of DDoS attacks. The initiative will also see the companies share security intelligence insights to help spot and mitigate emerging threats.
Kris Lovejoy, general manager, IBM Security Services, said the service was created to help deal with the current boom in DDoS attacks targeting business. IBM currently detects around 1,400 DDoS attacks against its customers every week.
"Our clients tell us there is a need to strengthen cloud security," said Lovejoy. "The partnership with Akamai combines a world-class security team and an intelligent network platform to strengthen cloud security. Together with Akamai, IBM can provide both proactive and reactive DDoS protection from the increasing frequency, scale and sophistication of these attacks."
Akamai security division senior vice president and general manager, Ronni Zehavi, added the need for defence tools, like the new cloud service, are essential as the complexity and sophistication of DDoS attacks is increasing.
"DDoS mitigation and prevention can be incredibly complex and resource intensive, and organisations often find they simply don't have the right resources in place to be as effective as they need to be to meet the web security challenges they face," explained Zehavi. "Together, IBM and Akamai can offer the right mix of technology and expertise to give our customers the peace of mind that their DDoS mitigation efforts are in the right hands."
DDoS attacks are a common tactic used by cyber criminal and hacktivist groups. They work by overloading websites or cloud applications with requests until they are knocked offline.
The attack strategy has been used by a variety of groups, including the Anonymous collective and The Syrian Electronic Army. The Syrian Electronic Army famously used the tactic in August to knock a number of US publications' websites, including The New York Times, offline.

US Department of Defense to arm 50,000 troops with Google Apps

The US Department of Defense (DoD) has confirmed plans to equip 50,000 army soldiers with Google applications, in a bid to cut the force's operational costs and boost efficiency.
Google Enterprise head of defense and intelligence Shannon Sullivan revealed the news in a blog post, explaining the initial rollout will see soldiers use its core Drive, Docs and Hangouts applications. He said the move is primarily intended to help increase mobility within the armed service.
"Mobile technology not only makes the army more nimble, it is imperative for efficiency while personnel are in the field," said Sullivan. "Tablets are used by the army for education and distance learning because they equip personnel with access to training materials anytime, anywhere.
"A soldier can review a lesson in Google Drive, complete an assignment with teammates in Google Docs, or attend a class via video Hangout, all from their tablet, smartphone or desktop. In addition, army organisations can set up their own Google Play Private Channel for distributing mobile apps internally."
The Google head added that he expects the app rollout to help reduce the army's operational costs: "Bringing modern commercial cloud capabilities such as Google Apps helps the army reduce IT costs, while giving troops access to always up-to-date web tools for productivity, collaboration, and communication."
Sullivan said Google has worked with the DoD to ensure its applications are secure for military use: "Google's completion of FISMA [Federal Information Security Management Act] certification and accreditation gave the government a complete understanding of the security controls Google Apps has in place and how they meet the army's stringent criteria."
Sullivan highlighted Google apps' ability to work on multiple operating systems and devices as another key reason the DoD chose the company above competitors such as Apple. "Google Apps runs on multiple operating systems and browsers providing more device options, plus works with existing army security policies and DoD directory and authentication services," he said.
Sullivan is one of many to tout Google's open, cross-platform nature as a key selling point. Previously, AVG chief executive Gary Kovacs highlighted Android's open nature as a key reason Google will eventually overtake Apple in the tablet and smartphone markets.

China concerns force Huawei to raise the bar on cyber security credentials

Scott Sykes Huawei
HONG KONG: Lack of trust in China and US trade "protectionism" has given telecoms company Huawei more business because it must work harder to assure that its networks are secure, the firm has said.
During a briefing attended by V3, head of international media affairs Scott Sykes, shown left, discussed PRISM and the firm's relationship with the rest of the world, saying security concerns were actually proving beneficial for the firm.
Sykes said: "Because of our heritage and because of where we're headquartered, we've been challenged. The lack of trust broadly is about China, it's not specifically about Huawei but we get painted by that brush sometimes, so we accept it and we know that the bar is higher for us.
"But it's an interesting phenomenon that we have very detailed conversations with customers about cyber security and cyber security assurance. We understand their business challenges, they understand all the lengths that we go to, to assure security. On the back of that we're getting more business; they've raised the bar for us. And they're impressed by how high we've raised it, we get a closer relationship, we're getting more business on the back of this."
Sykes pitted Huawei as leading the way in terms of security assurance, adding that he hoped it ensure other companies would meet a similar standard of openness. "No matter what the rules, they should apply to every company," he said.
Huawei, which began its expansion into international markets in 1997, and has had US presence since 2001, expects a net profit margin of seven to eight percent for 2013, compared with seven percent in 2012.
Sykes also criticised the US for its rejection of Huawei products over security concerns, saying that the nation's fear of China should not have affected its attitude towards particular firms and that the US's own networks are no better.
"It's short-sighted and myopic thinking to say that even if China is the problem, let's block Huawei and that'll take care of everything. Networks in the US are no more secure.
"What we take issue with is that when different rules and standards are applied to different companies based on where the headquarters is located. That's what we don't agree with. That's trade protectionism."
However, he praised the UK government's collaboration with the brand, and insisted that its work in the UK was open and secure. He told V3: "The UK government has been very progressive in terms of how it adopts technology. We've created this cyber security assurance centre in Banbury.
"Inside that centre UK security-cleared personnel can look inside the source code of our equipment, and by the way we do that at great risk to our company, we're sharing the source code of our equipment."
However, some issues have been raised with the way Huawei has run its testing centre in the UK, with calls for a review of the setup that sees Huawei staff vet their own products.

PRISM: Germany accuses US of bugging chancellor Merkel's mobile phone

The German government has asked for clarification following reports that US spy agencies may have tapped the phone of chancellor Angela Merkel.
German news magazine Spiegel claims that following its own research, it brought the matter to the attention of Germany's Federal Intelligence Service (BND) and the Federal Office for Information Security.
The paper reports Merkel made a phone call to US President Barack Obama to discuss her intelligence services' suspicions. Merkel was said to "unequivocally disapprove" of the actions, should they turn out to be true. Her spokesman Steffen Seibert added that Merkel found such methods "totally unacceptable" and a "breach of trust". "Such practices must immediately be put to a stop," the statement said.
"As a close ally of the United States of America, the German government expects a clear contractual agreement on the activities of the agencies and their cooperation," Seibert added.
A spokeswoman for the US National Security Council told Spiegel: "The President assured the Chancellor that the United States is not monitoring and will not monitor the communications of Chancellor Merkel."
The paper highlights that the spokeswoman did not specify whether the statement also applied to the past.
The long and twisting tale of the PRISM scandal has cooled diplomatic relations between the EU and the US in recent months, with previous allegations including the bugging of European Union buildings and the tapping of EU telephones.
The PRISM scandal - sparked by NSA whistle blower Edward Snowden - has also sent shockwaves across the technology industry, with major tech corporations implicated in the wholesale scanning of internet traffic and social network activity.

Verizon Wireless – how a simple bug could cause a disaster

A researcher discovered a serious vulnerability in Verizon Wireless’s Web-based customer portal that enabled anyone to download user’s SMS message history.

A security researcher found a simple flaw that exposed Verizon Wireless users’ SMS history, the critical flaw allows an attacker to access the list of SMS history viewing all the numbers of users that communicated with the victim. The exploitation of the critical bug is very simple, the attacker only needs to modify the subscriber’s phone number in the URL to access to the SMS history of the victim’s account on Verizon Wireless’s Web-based customer portal . Within the URL is recognizable the variable ‘Mtn’ associated with the mobile number, the attacker could manipulate it to target a specific user.
Message details consist of: Date, Time, To, From, and Direction an SMS or MMS took place. With no user interaction, all that was required was a subscriber’s phone number.” the researcher explained.
The possible exploitation of the flaw has serious repercussion on the Verizon Wireless user’s privacy, any individual could download the spreadsheet containing the private information of any number, accessing to the contact lists and texting habits.
verizon wireless
It is not first time that Verizon user’s privacy is threatened by a security issue, back in August, researcher ‘Cody Collier’ found that a simple URL exploit could allow any subscriber to extract data using ‘Download to SpreadSheet’ function.
At the moment Verizon’s site doesn’t offer any detailed analysis of the vulnerabilities neither provide info on the misuse of the flaw. Now Verizon has created a dedicated email contact,, to field these security issues.
Just for curiosity the vulnerability presents some  similarities to the one that was discovered and exploited on AT&T’s site in 2010 that caused a serious data breach. It was exposed personal information belonging to more than 100,000 iPad owners and the hacker Andrew Auernheimer, aka Weev, who gave the data to the media site was convicted of identity fraud.
Fortunately Collier reported the bug to the Verizon and waited for its disclosure that the company fixed it.
“This was reported in responsible disclosure, so I don’t see how this is being compared to Weev who had malicious intent,” Collier said.
Lesson learned:
Although a multinational company like Verizon has always been attentive to the problems of security, what happened is an indication of serious security issues. The development of the portal was clearly lacking input validation, but more serious is that have not been tested for functionality potentially accessible from the outside and that can have a serious impact on the privacy of users.
Security is an obligation, not a cost!

Ransomware / Blockers – A New Approach to Fighting Them

Most of us can no longer imagine a world in which we aren’t digitally connected at all times, and cybercriminals are well aware of this.  With the growing importance of Internet usage in our lives has come the ever-expanding threat for cyber attacks. One of the most damaging attack methods, and one that has actually been around for quite a while, comes from the blocker/ransomware family. These blockers are hazardous not only because they can obstruct the standard operation of your system, but because they have the power to completely block your applications and sometimes, your entire computer. Luckily, Kaspersky Internet Security 2014 can protect you against this malware, but before we dive into how Kaspersky keeps you safe, let’s first understand what threats you’re up against.
You’re most likely already familiar with blockers, or may have even fallen victim to one at some point. They can often be extremely misleading, disguising themselves as FBI or Microsoft-developed software. All blocker behavior acts the same, preventing you from using your computer by locking out your keyboard and screen completely. Blockers can even falsely accuse you of using pirated software or watching illegal videos, displaying warning pop ups, trying to make you act quickly by saying they’ll only remove these warnings if you pay a fine, which typically range from $50 to $200. Depending on the region, payment methods can vary from credit cards to electronic money or even to premium SMS. The worst part is, modern blockers lack the unlock functionality and criminals will never send any kind of unlock code to you. However, as Eugene Kaspersky said in his blog, don’t pay these criminals.
In the past, once your ability to interact with your PC was lost there was not much you could do to overcome it. Traditionally, in order to get rid of the virus you’d have to use an uninfected computer to download an antivirus utility or create a boot disc in order to restore the parameters of your OS. Now, thanks to Kaspersky Internet Security 2014, you don’t have to worry about this.
For KIS 2014, we developed an anti-Blocker technology using our Secure Keyboard, a special software component that prevents third-party programs from controlling your keyboard. Initially developed to fight keyloggers as a component of Safe Money Technology, it turned out to be useful to fight blockers as well, because it makes it impossible for a ransomware to take over the keyboard.
Traditionally, in order to get rid of the virus you’d have to use an uninfected computer to download an antivirus utility or create a boot disc in order to restore the parameters of your OS. Now, thanks to Kaspersky Internet Security 2014, you don’t have to worry about this.
Upon infection, you can activate our technology by pressing the key combination Ctrl + Alt + Shift + F4 (the activation also occurs following multiple Ctrl + Alt + Del keystrokes). Kaspersky Internet Security will recognize your keystroke as evidence that a blocker is in operation, and will then immediately activate Anti-Blocker technology. This technology uses a heuristic set of algorithms that are able to identify the processes launched by the malicious program and roll back any changes it made to your OS, removing the blocker from your system.
Besides protecting you against sophisticated blockers, this technology also allows you to bypass using a CD or third party assistant to combat the infection, and lets you save any work you were doing on your computer before the blocker was launched. Hitting just four simple keys can save you from an attack, making sure ransomware doesn’t get the best of you.

Iran Carries out Drills to Detect Cyber Vulnerabilities

Iran’s Civil Defense Organization has planned several cyber drills to determine the weak points of the country’s major istitutions, such as the Central Bank, an official said.
Head of Iran’s Civil Defense Organization General Gholam Reza Jalali, speaking to Tasnim News Agency on Tuesday, said a series of specialized drills have been carried out in a number of key organizations, like the Central Bank, the Islamic Republic of Iran Broadcasting and a mobile phone operator to detect their vulnerabilities.
“They had many weak points, and we gave them the necessary warnings to remove the weaknesses,” he explained.
The Iranian official further pointed to the country’s high degree of preparedness to handle a range of contingencies, and said his organization has carried out plans to train people how to deal with nuclear threats in different provinces.
Describing Iran as a “nuclear country,” Jalali said 12 different provinces host nuclear facilities at the time being, and noted that the Civil Defense Organization has defined a structure, for instance, for alarming the residents in case of nuclear hazards or incidents.
“People should have the necessary preparedness and training in the nuclear issue, because Iran, however, is a nuclear country,” he pointed out.

Hackers in the service of cybercrime, a concerning trend

Hackers are becoming a precious category of professionals also for organized crime, their effort is creating even more problems for law enforcement.

A hacker illegally gained access to 60,000 servers worldwide and used them for large scam, the systems have been abused for online shopping with a stolen foreign credit card number. This time it is happening in the civil Finland, but similar crimes are daily committed all over the world, criminal gangs composed by young hackers that abandoned the myth of “romantic hacker” to aggregate them self into criminal gangs able to operate with a great efficiency in every part of the globe.
In a recent article I described the importance of the role of the hacker for IT community, on the other side there is a huge quantity of youngsters that are attracted by easy money, by the prospective to be rich committing cybercrimes … Yes because there is the wrong perception that cybercrime goes unpunished, and unfortunately this is partially true due different law framework in the world and the difficulty of “attribution” for the illegal acts.
Currently just a single man has been identified as responsible for the fraud, the hacker in fact has been arrested in Helsinki on charges of illegal accessing of 60,000 servers worldwide, data breach, means-of-payment offense and interference with data communications. It’s clear that this guy is not alone, probably he is part of an international hacking network confirming how is changing the figure of the hacker.
The computer security incident response team of Finland’s Communications Regulatory Authority has immediately analyzed many hacked servers. Law enforcement discovered 3000 foreign credit card info on the hacker’s computer used for online purchases.
The identification of the suspect has been possible thanks a joint investigation with the United States’ Federal Bureau of Investigation, these cyber alliances are the unique way to fight the cybercrime, the principal obstacle to the persecution of criminal activities in the cyberspace is non-uniformity of national law frameworks.
Another fresh news regarding criminal hacking has just been proposed by the security portal The Hacker News, a group named ‘TeamBerserk‘ claimed that, they have stolen $100,000 by leveraging user names and passwords taken from a California ISP Sebastian ( to access victims’ bank accounts.
The cybercriminals have published a video to demonstrate how they have used a SQL injection attack against the California ISP Sebastian to access their customers’ database. The attackers obtained e-mail addresses and user credentials reused to steal money from banking accounts of the customers.
Since now I have introduced purely cybercriminal activities, but another concerning trend is the collaboration of criminal organization with expert hackers. According a recent post on the BBC the
Head of Europe’s crime fighting agency has warned of the growing risk of organized crime groups using cyber-attacks to allow them to traffic drugs.
The director of Europol, Rob Wainwright confirmed the dangerous alliance, the internet is being used to facilitate the international drug trafficking business.
The investigation on a cyber-attack on the Belgian port of Antwerp allowed law enforcement to discover that drug traffickers recruited hackers to hack IT systems that controlled the movement and location of containers.
“Police carried out a series of raids in Belgium and Holland earlier this year, seizing computer-hacking equipment as well as large quantities of cocaine and heroin, guns and a suitcase full of cash. Fifteen people are currently awaiting trial in the two countries. Mr Wainwright says the alleged plot demonstrates how the internet is being used as a “freelance marketplace” in which drug trafficking groups recruit hackers to help them carry out cyber-attacks “to order”.  ”[The case] is an example of how organized crime is becoming more enterprising, especially online,” he says.
cybercrime hackers equipment
The Europol official confirmed that organized crime groups are paying for specialist hacking skills that they can acquire online, the attacks are the proof of a collaboration that started at least 2 years ago. Dutch-based trafficking group hid cocaine and heroin among legitimate cargoes, including timber and bananas shipped in containers from South America, the role of hackers based in Belgium was to infiltrate computer networks in at least two companies operating in the port of Antwerp to access secure data giving them the location and security details of containers.
meaning the traffickers could send in lorry drivers to steal the cargo before the legitimate owner arrived.”
The example provided are significant to understand how cyber experts could help crime in illegal activities, the only way to prevent their attacks is starting to think with the mind of a hacker, if crime became “cybercrime” also the police have to respond with “cyber cops”.

Cyber Threat summit 2013 – Modern online-banking cybercrime

“Modern online-banking cybercrime” -The presentation analyzes current context for cybersecurity in Banking focusing on cyber threats and countermeasures.

Today I presented at Cyber Threat Summit 2013 the topic “Modern online-banking cybercrime“, the presentation analyzes current context for cybersecurity in Banking focusing on cyber threats and countermeasures.
The agenda is:
Of course you are obligated to give a positive rate;-)
CYBER Threat Summit 2013 Modern Online-banking cybercrime

In the next weeks I’ll publish a detailed abstract on the cybercrime activities against On-line banking systems.
A special thanks to Paul C Dwyer for the opportunity to be part of the team also this year.
Pierluigi Paganini
(Security Affairs –  cybercrime, On-line banking)
The post Cyber Threat summit 2013 – Modern online-banking cybercrime appeared first on Security Affairs.

Code Names for NSA Exploit Tools

This is from a Snowden document released by Le Monde:
General Term Descriptions:
HIGHLANDS: Collection from Implants
VAGRANT: Collection of Computer Screens
MAGNETIC: Sensor Collection of Magnetic Emanations
MINERALIZE: Collection from LAN Implant
OCEAN: Optical Collection System for Raster-Based Computer Screens
LIFESAFER: Imaging of the Hard Drive
GENIE: Multi-stage operation: jumping the airgap etc.
BLACKHEART: Collection from an FBI Implant
DROPMIRE: Passive collection of emanations using antenna
CUSTOMS: Customs opportunities (not LIFESAVER)
DROPMIRE: Laser printer collection, purely proximal access (***NOT*** implanted)
DEWSWEEPER: USB (Universal Serial Bus) hardware host tap that provides COVERT link over US link into a target network. Operates w/RF relay subsystem to provide wireless Bridge into target network.
RADON: Bi-directional host tap that can inject Ethernet packets onto the same targets. Allows bi-directional exploitation of denied networks using standard on-net tools.
There's a lot of think about in this list. RADON and DEWSWEEPER seem particularly interesting.