Sunday, 5 February 2017


Two of Moscow’s top cybersecurity officials are facing treason charges for cooperating with the CIA. The accusations further highlight intrigue to a mysterious scandal that has had the Moscow rumour mill working in overdrive for a past week now, and come not long after US intelligence accused Russia of interfering in the US election and hacking the Democratic party’s servers.

Sergei Mikhailov was deputy head of the FSB security agency’s Centre for Information Security. His arrest was reported in a series of leaks over the past week, along with that of his deputy and several civilians.

According to earlier reports in the Russian media, Mikhailov was arrested some time ago, in theatrical fashion, during a plenary session of the top FSB leadership: a bag was placed over his head and he was marched out of the room, accused of treason.

His deputy, Dokuchayev, is believed to be a well-known Russian hacker who went by the nickname Forb, and began working for the FSB some years ago to evade jail for his hacking activities. Together with the two FSB officers, Ruslan Stoyanov, the head of the computer incidents investigations unit at cybersecurity firm Kaspersky Lab, was also arrested several weeks ago.

Kaspersky confirmed last week that Stoyanov had been arrested and was being held in a Moscow prison, though it said the arrest was not linked to his work for the company. Interfax said four people had been arrested and a further eight were potential witnesses in the case.

On Tuesday, Life, an online news portal with close links to the security services, reported that FSB agents had searched Mikhailov’s home and dacha and found more than $12m (£10m) in cash stashed in various hiding places.

Two arrested in London over hacking of US cctv systems days before President Trump’s inauguration took place

Detectives have arrested two people in London on suspicion of hacking Washington's CCTV system ahead of President Donald Trump's inauguration.
The home of a British man, aged 50, and a Swedish woman, also 50, was raided in Streatham, south London on January 19.
It comes as storage devices which record data from police surveillance cameras in the American capital were allegedly compromised between January 12 and 15.
Hackers disabled 123 of 187 security cameras in Washington, starting a major security incident.
It is believed the first cyber attack could have been a dry run with another potentially planned during the presidential handover.Donald Trump

CCTV security was hacked days before the inauguration Credit: AP/AP
The National Crime Agency said: "Enquiries are ongoing and we are unable to provide further information at this time."
The couple have been bailed until April. Neighbours of the man and woman arrested said they keep themselves to themselves.
Police cars and officers raided the residential road at around 5.30pm. A woman who lives near the raided house, said: "My sister had just come back from work and saw a couple of police cars around 5.30pm.
"Then later more cars turned up and we could see the blue lights filling the whole house.
"They keep themselves to themselves.
"This is a quiet street and there never any trouble round here."
Another neighbour, who did not want to be named, said: "I saw a lot of police arrive a few weeks ago.
"I don't know what it was about, but I saw them go in the house.
"I've spoken to the guy a few times, he seems really nice and we often have a chat in the street."

Honeywell SCADA Controllers Exposed Passwords in Clear Text

A series of remotely exploitable vulnerabilities exist in a popular web-based SCADA system made by Honeywell that make it easy to expose passwords and in turn, give attackers a foothold into the vulnerable network.
The flaws exist in some versions of Honeywell’s XL Web II controllers, systems deployed across the critical infrastructure sector, including wastewater, energy, and manufacturing companies.
An advisory from the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) warned about the vulnerabilities Thursday.

According to ICS-CERT, specifically Honeywell’s XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior are vulnerable. The company has developed a fix, version, to address the issues but users have to call their local Honeywell Building Solutions branch to receive the update, according to the company.
The controllers suffer from five vulnerabilities in total but the scariest one might be the fact that passwords for the controllers are stored in clear text. Furthermore, if attackers wanted to, they could disclose that password simply by accessing a particular URL.
An attacker could also carry out a path traversal attack by accessing a specific URL, open and change some parameters by accessing a particular URL, or establish a new user session. The problem with starting a new user session is that the controllers didn’t invalidate any existing session identifier, something that could have made it easier for an attacker to steal any active authenticated sessions.
Maxim Rupp, an independent security researcher based in Germany, dug up the bugs and teased them on Twitter at the beginning of January. He described them in depth in a blog post earlier this week.

Rupp has identified bugs in Honeywell equipment before. Two years ago he discovered a pair of vulnerabilities in Tuxedo Touch, a home automation controller made by the company, that could have let an attacker unlock a house’s doors or modify its climate controls.
It’s unclear how widespread the usage of Honeywell’s XL Web II controllers is. While Honeywell is a US-based company, according to ICS-CERT’s advisory the majority of the affected products are used in Europe and the Middle East.