Monday, 2 December 2013

Police urge online caution on Cyber Monday as cyber crime rockets

A tablet computer wrapped for Christmas
The Metropolitan Police has warned web users to be extra vigilant this Cyber Monday, reporting a 60 percent spike in cyber attacks over the past year.
The police also revealed that during the financial year 2012 to 2013 cyber and real-world fraud has cost the UK economy £81bn.
Police commissioner Sir Bernard Hogan-Howe said the increase is dangerous as it is far more difficult to track and arrest cyber criminals. "The web has provided consumers with an unprecedented opportunity to empty their wallets," he said.
"The unpalatable truth, however, is that as ever greater numbers of us have moved online to conduct our shopping, banking and an array of other financial activities, so fraudsters have identified an opportunity to empty people's wallets for them."
The Met statement urged web users to apply a set of basic cyber best practice policies when looking for deals online.
These include basic measures such as ensuring any machine used while deal-hunting is running up-to-date antivirus software, regularly installing new system patches, only shopping on a secure, as opposed to public, WiFi connections and only opening and clicking on links and messages sent from trusted sources.
The Met's Police Central e-crime Unit (PCeU) detective chief inspector Jason Tunn said: "These are simple tips to keep safe while you shop online for your gifts for friends and family. The last thing anyone needs is for their details to be compromised by cyber criminals and online fraudsters – especially during the Christmas period."
The Metropolitan Police is one of many government and law enforcement agencies to urge web users to be extra cautious this holiday season. The UK government issued its own warning on Black Friday, revealing that its Action Fraud hotline received more than 10,000 reports about active cyber scams last year.
Combating cybercrime has been an ongoing goal of the UK government and is a central tenet of its Cyber Security Strategy. The Cyber Security Strategy was launched in 2011 when the UK government pledged to invest £650m to help bolster the nation's cyber defences.

Israel and Saudi Arabia are plotting a cyber weapon worse than Stuxnet

Iranian report states that Israel and Saudi Arabia are plotting new computer cyber weapon to sabotage the Iranian nuclear program like happened with Stuxnet. Saudi spy agency, Mossad are collaborating in the design of malware worse than Stuxnet.

The Fars agency reported that Israel and Saudi Arabia have started a joint collaboration for the development of a new cyber weapon with the intent to spy on and destroy the Iranian nuclear program.
The Iranian agency explicitly referentied “an informed source” close to the Saudi secret service, the informant cited a meeting happened in Vienna on November 24th between  that Saudi spy chief Prince Bandar bin Sultan and the Mossad head Tamir Pardo. The meeting was arranged to discuss about the “‘two sides’ cooperation in intelligence and sabotage operations against Iran’s nuclear program.”
“One of the proposals raised in the meeting was the production of a malware worse than the Stuxnet to spy on and destroy the software structure of Iran’s nuclear program,” revealed the source to the Fars agency.
Just a week ago Arab media reported that Prince Bandar met in Tel Aviv the Prime Minister Benjamin Netanyahu and French President Francois Hollande to discuss on diplomatic relations between US and Iran.
Netanyahu appealed to American and French governments to oppose the proposed agreement with Iran, he considers Iran’s nuclear program a direct threat to Israel’s state.
A new cyber weapon similar to Stuxnet is the goal of the partnership, the popular malware was designed according various sources by Israeli in a joint collaboration with US to hit Iran’s uranium enrichment program and in particular it was used to infect SCADA within the nuclear facility at Natanz. Also Edward Snowden confirmed to Der Spiegel that the U.S. cooperated with Israel to design and deploy produce the Stuxnet virus.
cyber weapon against Iran Nuclear Program
Recently the Sunday Times reported of other secret dialogues between Israel and Saudi Arabia to arrange a possible attack against Iran in case of failure for the Geneva talks on Iranian nuclear program, the Saudis would allow Israel use of air space and provide drones, rescue helicopters and tanker planes to the allies to support the operations.
“Once the Geneva agreement is signed, the military option will be back on the table. The Saudis are furious and are willing to give Israel all the help it needs,” the Times quoted the source as saying.
Israel and Saudi Arabi consider Iran an enemy to destroy, the progress of Iranian nuclear program are not acceptable and represent for both governments a dangerous threat.
The creation of cyber weapons is no less dangerous of the Iranian nuclear program, the diffusion of such malware could cause serious damage to a critical infrastructure with unpredictable results, nor to exclude the possibility to directly hit innocent population.
Exactly as for nuclear program it is absolutely necessary the definition of a shared law framework that establish how to use a cyber weapon and which are the rules of engage, a cyber weapon could have effects similar to a nuclear bomb.

Students are being 'used' by the Dutch intelligence service AIVD to play a role as informants

Human intelligence is a puzzle piece that is needed in each puzzle that needs to be solved, and the Dutch secret intelligence service knows how to use this at their best. The AIVD uses students that are capable of gathering intelligence that can be used again by the AIVD.
The dutch newspaper published the story today with the title "The AIVD uses students as informants".
A survey shows that the students who were contacted, generally felt overwhelmed and intimidated. The students were approached by people that wanted information about China, Egypt, demonstrations or gatherings squatters.

Potentially Unwanted Programs secretly serve Bitcoin miner

Security experts at Malwarebytes discovered Potentially Unwanted Programs like Toolbars and Search Agents that installed Bitcoin miners on user’s PC

The value of the Bitcoin for a few days has passed the psychological threshold of one thousand dollars, confirming its growth trend, the attention in the virtual currency scheme is at the highest levels and cybercriminals are exploiting new ways to monetize the unprecedented surge.
Bitcoin USD value
Blackmarket is proposing new exploit kits, like Atrax, that could be used to infect victims with the purpose to steal Bitcoin wallets or to abuse of the computational resources of the victims for Bitcoin mining.
Recently security experts at Malwarebytes alerted the security community on the diffusion of Potentially Unwanted Programs (PUPs) including search agents and Toolbars, that are bundled with malware having mining capabilities.
“This time, however, we are taking a look at a PuP that installs a Bitcoin miner on the user system, not just for a quick buck but actually written into the software’s EULA. This type of system hijacking is just another way for advertising based software to exploit a user into getting even more cash.” states the blog post on Malwarebytes website.
The experts have discovered a malware instance that utilizes victims’ computing resources for Bitcoin mining, in particular it uses ‘jhProtominer’ a popular mining software that runs via the command line, to abuse the CPUs and GPUs of the infected machine.
On November  22th researchers at Malwarebytes received a request for assistance from users about an anomalous behavior of a file, titled “jh1d.exe” that was taking up 50% of the system resources. The file in reality was the Bitcoin Miner “jhProtominer”. The experts also discovered that jhProtominer wasn’t the miner recreating its own file and executing but a parent process known as “monitor.exe”, Monitor.exe was created by a company known as Mutual Public, which is also known as We Build Toolbars, LLC or WBT.
Upon further investigation Malwarebytes experts have found a link between WBT and Mutual Public thanks to an entry in the  Sarasota Business Observer.
Bitcoin mining
“monitor.exe” is a component of YourFreeProxy application, which “beacons out constantly, waiting for commands from a remote server, eventually downloading the miner and installing it on the system.”
Resuming the experts collected the proof that a PUP is installing Bitcoin miners on users systems, but the concerning issue is that they do it providing ambiguous information in the EULA proposed to the victims. The Eula in fact specifically covers a section on Computer Calculations describing a series of operations similar to the actions of a Bitcoin Miner.
COMPUTER CALCULATIONS, SECURITY: as part of downloading a Mutual Public, your computer may do mathematical calculations for our affiliated networks to confirm transactions and increase security. Any rewards or fees collected by WBT or our affiliates are the sole property of WBT and our affiliates.
Practically the user is advised that the company behind the PUP can and will install an application for Bitcoin mining keep the rewards for itself.
The increased popularity of Bitcoin will motivate the cybercrime industry to produce new and even more sophisticated miners and wallet stealers, it is highly recommended to install proper defense systems and to keep PC and applications updated.