Sunday, 5 May 2013

Sensitive Army database of U.S. dams compromised; Chinese hackers suspected


The compromise of the U.S. Army Corps of Engineers’ National Inventory of Dams (NID) is raising new concerns that China is preparing to conduct a future cyber attack against the national electrical power grid, including the growing percentage of electricity produced by hydroelectric dams…
The database categorizes U.S. dams by the number of people that would be killed if a dam fails. They include “significant” and “high” hazard levels.
Michelle Van Cleave, the former National Counterintelligence Executive, a senior counterintelligence policymaker, said the database compromise highlights the danger posed by hackers who are targeting critical U.S. infrastructure for future attacks.
“In the wrong hands, the Army Corps of Engineers’ database could be a cyber attack roadmap for a hostile state or terrorist group to disrupt power grids or target dams in this country,” Van Cleave said in an email.

Hackers Turned Defense Contractor QinetiQ Into Intelligence Playground

For more than three years, hackers linked to China thoroughly compromised U.K.-based QinetiQ, a firm that bills itself as "a world leading defense technology and security company," to steal intellectual property and sensitive defense information, according to reports of the incident.
The long-running breach resulted in numerous visits from federal investigators from December 2007 until late 2010, according to Bloomberg News, which first reported the massive compromise. The incident, spelled out in emails leaked from security firm HBGary in 2011, resulted in large swaths of data on sensitive technologies--such as drones and military helicopters—getting transmitted overseas. "The scary part of this particular type of intrusion is you are no longer talking about business interests and intellectual property, but about national security, and that raises the stakes quite a bit," said Alex Cox, principal research analyst for RSA's FirstWatch incident response group. The report is the latest evidence linking compromises at defense and critical-infrastructure companies to a Chinese group known as the "Comment Crew." In February, incident response firm Mandiant released a report identifying the group as the source of more than 140 incidents of espionage investigated by the firm since 2006. The group is a part of the People's Liberation Army known as Unit 61398, Mandiant said.

The widespread attacks on sensitive corporate and government organizations had top U.S. cyber-officials ranking the threat above terrorism, in terms the threat posed to U.S. interests. In March, the director of National Intelligence and the head of the U.S. Cyber Command both warned of the danger of the ongoing espionage.
In the recently reported incident, QinetiQ suffered a number of attacks over three years. A July 2010 report, leaked from security firm HBGary by hacktivists linked to Anonymous, discussed two of the attacks that resulted in the compromise of at least 71 systems—about 3.5 percent of systems investigated. Among the tools used by the hackers to control compromised systems was a remote access Trojan (RAT) known as "lprinp.dll," the report stated. "It is a well known and used variety of malware that is customized and built from source code (that is, not an attack toolkit/generator)," the report stated. "HBGary believes this malware strain to be tightly coupled to a Chinese hacking group that targets the DoD and its contractors. HBGary has code-named this threat group as 'Soysauce.' This group is also known as 'Comment Crew' by some." The chain of compromises of QinetiQ’s network stretched back to December 2007, when the Naval Criminal Investigative Service contacted the company and notified them that two of their employees had lost information to hackers, according to the Bloomberg article. Over the next three year, the company called in a succession of security contractors but limited their investigations and failed to take adequate steps to stop the attacks, the report stated

U.S. Aims to Force Web Services to Compromise Message Encryption


Frustrated that email and social network users can encrypt their messages, law-enforcement agencies want the feds to enact punitive measures to force cooperation.

Even if it accomplished nothing else, the Middle Eastern governments’ crackdowns on communications during the Arab Spring movement two years ago demonstrated how much governments, in general, and repressive governments, in particular, hate encryption—particularly in the hands of private citizens. This is why governments from Egypt to Oman to India have tried to ban BlackBerry smartphones with their uncrackable encryption. Now, in the United States, the Federal Bureau of Investigation and the military and intelligence agencies are going after your encrypted communications on Google, Facebook and other Web communication services. Google, as you’ll likely recall, was hacked by the Chinese military who tried to get into the email accounts of dissidents who use Gmail for communicating their pro-freedom activities. The Chinese, a repressive regime if there ever was one, just hates dissidents. So the military hackers wanted to read their email to find out who they were and what they were up to. Google responded by encrypting its network from end to end. Facebook, after being attacked repeatedly, has done the same thing. Other networks that pride themselves on their security are also providing encrypted communications, including BlackBerry, which is widely used by the U.S. government precisely for this reason.
Of course those other repressive governments never actually banned BlackBerry devices because their own intelligence agencies also use them and needed the security more than they needed to read other people’s email.

So now we come to the FBI and other U.S. law-enforcement agencies that are trying to read the text messages, chats and the email of people they think are bad guys. The feds say that they’re doing this to fight crime and terrorism. And they say they have a right to get information if they have a legally obtained wiretap order. The problem is, as The Washington Post reported recently, that not all providers of communications services have the ability to comply with a federal wiretap order. Their systems are secure and they’re meant to stay that way. What the FBI is asking for is the ability to fine those companies that don’t comply with a wiretap order, even if they’re technically unable to do so within a time limit set by the FBI. In other words, if you can’t provide the feds with a back door to your system, the government will keep piling on fines until you go out of business. The idea, of course, is to compel companies that provide secure communications to also build in a means for the feds carry out get their wiretaps.

Suspected distributor of Spy Eye computer virus in federal custody in Atlanta

A man suspected of developing and distributing the Spy Eye computer virus to criminals across the world appeared for his arraignment in federal court Friday afternoon in downtown Atlanta.
24-year-old Hamza Bendelladj was apprehended in Thailand in January, after more than a year of evading authorities. The U.S. Attorney's office in Atlanta said Bendelladj is believed to have commanded and controlled the virus from a computer server in north Georgia and therefore faced his arraignment in Atlanta.
According to Paul Royal, a professor in the Georgia Tech Information Security Center, the virus only impacts PCs and not Macintosh operating systems. It can be contracted simply by visiting a trusted site which may have been infected with the virus.
"It makes it easy for the bad guy to defraud people of his or her money," said Royal. "It's basically a piece of malicious software that will take control of the victim's computer. And it is installed without their knowledge."
Once installed, the virus can reconfigure a trusted bank's website to require personal identification information upon login. Once that PIN is given, the person controlling the virus software can use the information to hijack money.
Even though Bendelladj has been apprehended, Royal said the virus is believed to have been sold to hundreds of criminals worldwide and is still in use.

Rajasthan Public Service Commission website hacked, Pak-based miscreants suspected

The official website of Rajasthan Public Service Commission (RPSC) was hacked, allegedly by hackers based in Pakistan. Police was intimated after it came to the notice of the RPSC authorities. Cyber experts were called to set things right. It was found that the main site of the Commission was hacked and in the news section there were two links of "Pakistan Zindabad." Even the official website of online application was hacked and it was not displayed rightly. The hackers had also written that it was high time Indian authorities admire the fact that Pakistan is the best.

Immediately after it was brought to the notice of the authorities the administration change the password of the website and also put both the main pages of the web on surveillance. "The only thing which can give us relief is that the main server on the data base is intact and the hackers could not hack it," said a senior officer with RPSC. The Commission has also reported the matter to information technology department of the Central government and is preparing to register a case under IT Act. Sources said that the Commission has three websites linked to each other on which there is an online application page, information and main data page. "We found that the online and information page was hacked on Saturday morning," said K K Pathak, secretary of RPSC.

The news section of the website had two links which showed a page created as "Pakistan Zindababd". "It is difficult to find out who hacked this portal. We have removed the disturbing links and changed the password. We also put the websites on surveillance and have reported to the IT ministry," added Pathak.

Justin Bieber Twitter Account hacked by Syrian Electronic Army!

Justin Bieber Twitter were suspended by midday Saturday.The hacked account read: "Breaking! Exclusive: Justin Bieber to E!online 'I'm a gay'" The Syrian Electronic Army was here.
Even Hollywood star Angelina Jolie has become the target of hackers. They would be to blame for the disastrous state of the Syrian refugees, it said in the tweets.
Syrian Electronic Army (SEA) claimed responsibility for a takeover of the Associated Press Twitter account.The SEA appears to use so-called “spear phishing” e-mails, in which targeted users are tricked into revealing sensitive information. Associated Press reporter Mike Baker tweeted that the hack came less than hour after some employees “received an impressively disguised phishing email.\

kids With Java UpgradeTake over school Network of 300 machines

A group of pupils at a middle school in Alaska took control of their classroom computers after phishing for administrator privileges.
Students were manipulating their machines, so the teachers thought they were installing an upgrade of Java for example, and in the background something else was running that the teacher was actually logging into as well. And it only took one time,” said Casey Robinson, Schoenbar’s principal.
He says he learned about the hacking on Friday, when some other students reported that something was going on.
The district’s technical supervisor, Jurgen Johansen, says he’s surprised this didn’t happen sooner. He says the technique is called social hacking, and it’s something his generation used.
After the students gained access to the system, Johansen says they added administrative accounts, which they used to “spy” on each other. They were able to tap into each other’s laptops, and control them remotely.
Robinson says he doubts any personal information was compromised by the hacking incident.
“I don’t believe any hardware issues were compromised,” he said. “No software issues were compromised. I don’t think there was any personal information compromised. Now that we have all the machines back in our control, nothing new can happen.”
That’s 300 machines, by the way, and district computer technicians will have to go through each one to see who participated in the scheme. Johansen says that after a lot of overtime, the IT department should know in about a week.
Once the investigation is complete, some kind of discipline is likely. To determine appropriate punishment, Robinson says the district will look at the student code of conduct, the computer-use agreement that each student and parent has to sign before getting a laptop, and district policy.
He added that protocols likely will change, too.
“How we do business is definitely going to have to change when it comes to updating programs and resources on the machines,” he said. “Yes, something new is going to have to happen.”