Thursday, 4 July 2013

PRISM: EU demands answers from William Hague over ‘deeply disturbing’ GCHQ spying claims


Foreign secretary William Hague
The vice president of the European Commission has written to the UK's foreign secretary William Hague in an effort to uncover the full extent of the alleged ‘Tempora' surveillance programme. The GCHQ-based operation is said to have tapped transatlantic internet cables in order to log hundreds of millions of phone calls and emails.
Viviane Reding, who is also the EU commissioner for justice, said in a speech in Strasbourg that national security does not excuse potential violation of rights of EU citizens:
"The news over the past weeks and days has been deeply disturbing," she said. "The fact that the programmes are said to relate to national security does not mean that anything goes. A balance needs to be struck between the policy objective pursued and the impact on fundamental rights, in particular the right to privacy. It is a question of proportionality."
Reding went on to say that she has written to William Hague in order to clarify the "scope of the programme, its proportionality and the extent of judicial oversight that applies." She also said she has written to the US attorney-general Eric Holder to find out the full extent of the surveillance programme PRISM.
"I raised our concerns regarding the impact of Verizon and PRISM on the fundamental rights of EU citizens," she explained. "And I asked about the conflict companies can find themselves in when they are faced with competing obligations under US and EU law."
The demands from the EC come after Germany also asked the UK government to provide information on the extent of the Tempora spying capabilities.
Yesterday, the European Commission responded to allegations that the NSA had been spying on EU-occupied buildings, with phone calls and emails being tapped. The EC demanded answers, saying "clarity and transparency is what we expect from partners and allies, and this is what we expect from the US".
Meanwhile, the former NSA contractor, Edward Snowden, who leaked the information regarding PRISM and Tempora, is still believed to be trapped airside at Moscow's Sheremetyevo airport, having not technically entered the country.

Apple posts update for OS X security issues

Apple logo
Apple has released an update to address a trio of security flaws in its OS X desktop platform.
The company said that the update will address vulnerabilities, which, if exploited, could allow an attacker to remotely execute code on a targeted OS X system or server. The company did not report any active attacks on the flaws in the wild.
The first of the three flaws lies within the handling of Sorenson movie files. If a user were to open a specially crafted movie, an attacker could cause a crash and would be able to remotely execute code on the targeted system.
The second vulnerability is a remote code execution flaw in the way OS X handles H.264 movie files. Like the Sorenson flaw, the H.264 vulnerability could be launched from a specially crafted movie file and, when executed, would allow for a remote malware infection.
The third fix addresses a buffer overflow in the handling of mvhd data and would prevent similar attacks using movie files.
Apple is advising all users running OS X Snow Leopard and later, including OS X Mountain Lion and Lion Server users, to update their systems in order to guard against any possible attacks that would target the flaws.
The patch comes ahead of Apple's planned release of the next version of OS X. Dubbed Mavericks, the update will bring optimisations to improve performance and enhance the battery life of notebook computers.

PRISM: Mozilla, Reddit and WordPress use Independence Day to protest NSA surveillance


Digital security padlock red image
Many high-profile websites have used US Independence Day to take part in an online protest against the NSA's surveillance of internet use, including email and web browsing history.
Organisations such as Mozilla, WordPress and the Electronic Frontier Foundation (EFF), as well as websites such as 4chan, Reddit and the Cheezburger network will be prominently featuring Fourth Amendment imagery throughout their pages. The US's Fourth Amendment protects against "unreasonable searches and seizures".
The protest, which has been organised by the Internet Defense League, will include pop-up banners promoting the Fourth Amendment as well as blog posts from many of the sites involved.
The banners will redirect visitors to pages that encourage them to write to congress, add their own banners and make donations to the campaign. Related movement StopWatching.Us has collected over 500,000 signatures demanding that US Congress to find and reveal the full extent of the PRISM operation.
The Internet Defense League's campaign encourages visitors to sign a petition to be sent to US Congress
Mark Rumold, a staff attorney at the EFF said that action needs to be taken as soon as possible. "Now is the time for Congress to act. We don't need a narrow fix to one part of the Patriot Act; we need a full public accounting of how the US is turning sophisticated spying technology on its own citizens, we need accountability from public officials, and we need an overhaul of the laws to ensure these abuses can never happen again," he said.
Edward Snowden, the NSA contractor who blew the whistle on the PRISM campaign, is currently seeking asylum in several countries, but is believed to be trapped airside at a Russian airport.

BT reveals over 200 million hack attempts on London Olympics 2012 website

The London2012 website had almost 40 billion page requests BT revealed
The London 2012 website was subjected to over 200 million attacks during the two-week event, BT has revealed.

BT managed the official website for the Games, serving up over 40 billion page views during the event. Speaking almost a year after the event took place, the chief executive of BT Global Services, Luis Alvarez, revealed the extent of the threats the firm faced.

“During the Olympics we had more than 212 million malicious attempts to damage the website,” he said. No more information was given on the types of attack or when they occurred, but the figure underlines the scale of attacks made on major websites.

Alvarez made the comment as part of a wider discussion on the fact security has become one of the first issues the firm is talking with its customers about, as threats to their networks increase all the time.

“Security is the hottest topic this year. This is because people are reading more about it and because every single company is being attacked,” Alvarez explained.
He cited attacks on oil company Saudi Aramco and issues being seen by US banks as just some of the headline-grabbing incidents firms are seeing as evidence they need to boost their security measures.

After the Olympics last year, BT revealed that the London 2012 website was, at the time, the world's most popular sports website, with 38.3 billion views, peaking at some 98,871 per second. This equated to 1.2 petabytes of data being transferred during the two-week period.

Android master key leaves 99 percent of Google smartphone and tablet users open to attack

key-to-the-kingdom
A vulnerability in 99 percent of all Android devices could be used to hack into companies' networks, according to Bluebox security, in what appears to be one of the worst exploits of the open operating system seen in recent months.
Bluebox Security chief technology officer Jeff Forristal said, if exploited by hackers, the flaw could be used to turn legitimate applications on the device into defence-dodging Trojans.
"The Bluebox Security research team recently discovered a vulnerability in Android's security model that allows a hacker to modify APK code without breaking an application's cryptographic signature, to turn any legitimate application into a malicious Trojan, completely unnoticed by the app store, the phone, or the end user," he wrote.
The vulnerability has reportedly been around since Android 1.6 Jelly Bean and could be used to target any Google phone or tablet released in the last four years, including popular handsets like the HTC One and Samsung Galaxy S4.
Forristal said the vulnerability is particularly dangerous because of the way many big-name companies have granted Android devices running on their networks additional privileges.
"While the risk to the individual and the enterprise is great (a malicious app can access individual data, or gain entry into an enterprise), this risk is compounded when you consider applications developed by the device manufacturers (e.g. HTC, Samsung, Motorola, LG) or third-parties that work in co-operation with the device manufacturer (e.g. Cisco with AnyConnect VPN) that are granted special elevated privileges within Android – specifically System UID access," he wrote.
The Bluebox chief added that the vulnerability could also theoretically be used to set up an Android botnet, letting criminals use millions of Android devices to their ends. Were the event to occur, the network could cause havoc, letting criminals mount numerous denial-of-service attacks, or rake in billions of pounds via spam campaigns and the like.
At the time of publishing Google had not responded to V3's request for comment on Bluebox's research. F-Secure security expert Sean Sullivan told V3 while BlueBox's research looks legitimate, the potential for harm is limited and could be solved in a variety of ways. "The real question is how practical is it? That cannot be known until the details are disclosed at Black Hat," he said.

"From our reading of Bluebox's post, the issue is something that Google Play could be able to (or already does) mitigate. Interaction with Play would cause Google to recognise the altered apps. But there could be an issue with apps from third-party markets. All in all, it is difficult to determine if this vulnerability makes for something useful in terms of crimeware. So there's no way yet to say if consumers and/or businesses should be concerned."
In the interim before Black Hat, Forristal said business should rethink their bring your own device (BYOD) policies as regards Android. "Device owners should be extra cautious in identifying the publisher of the app they want to download. Enterprises with BYOD implementations should use this news to prompt all users to update their devices, and to highlight the importance of keeping their devices updated," he wrote.
"IT should see this vulnerability as another driver to move beyond just device management to focus on deep device integrity checking and securing corporate data."

Hacking tool caught harvesting industry-specific mobile phone numbers

Security researchers from Webroot have uncovered an underground black market tool that harvests specific mobile phone numbers for use in cyber scams.
Webroot's Dancho Danchev uncovered the service – which is designed to aid criminals' SMS spam tools – and warned that it is far more sophisticated than most underground tools as it allows hackers to tailor their attacks to harvest numbers from particular industries.
Search and harvesting criteria options include region, city, type of company, age, sex, interests and job title.
Danchev said the crooks behind the harvesting tool are also offering crooks several other services. "Next to the actual harvesting of mobile phone numbers on demand, the vendor is also ‘vertically integrating' within the marketplace by also offering phone number verification services as well as actual SMS spamming/SMS based TDoS (telephony denial of service attack) services," he wrote.
The discovery follows widespread warnings from the security industry that the threat facing smartphone users is increasing. Most recently, Russian security firm Kaspersky detected 23,000 new mobile threats in its Q1 2013 Threat Report.
Danchev added that Webroot expects to see more mobile harvesting tools appear. "We expect to continue observing an increase in vendors offering cybercrime-as-a-service solutions with vertical market integration in mind, in an attempt by the cyber criminals operating them to occupy an even bigger market share within the TDoS and the SMS spam market segments," he wrote.
Despite the troubling nature of the marketplace, SMS-based phishing scams are among the less sophisticated threats targeting mobile phone users, with experts recently uncovering a host of more complex attack tools. Symantec researchers found FakeDefender malware infecting Android smartphones by masquerading as a legitimate security application.

Global Threatscape Report mid-year 2013 Download

AppRiver published its first half of 2013 edition of its Global Threatscape Report.
AppRiver reports primarily shows the same things getting worse. Spam, which dipped during 2012, is increasing again,spam traffic has nearly doubled over the total number of spam messages seen in January and is at the highest levels we have seen since November 2011." Europe is the most common source for spam, "driven in large part by the colossal spike in traffic from Belarus."
We've also moved on from the whispers and suspicions of cyber espionage to governments openly discussing the fact that these are a common tactic for a new world. All sides, mostly, admit to either foraging for big data to help gain governmental or business advantages, or to directly attacking systems, or to pilfering through critical infrastructures.
The fact is, is that the Internet has far evolved past a simple means to share information; it is now a tool to be used for nearly anything, good or bad.

France intelligence agency spies on French public's phone calls, emails ...

France's external intelligence agency spies on the French public's phone calls, emails and social media activity in France and abroad, the daily Le Monde said on Thursday.
It said the DGSE intercepted signals from computers and telephones in France, and between France and other countries, although not the content of phone calls, to create a map of "who is talking to whom". It said the activity was illegal.
"All of our communications are spied on," wrote Le Monde, which based its report on unnamed intelligence sources as well as remarks made publicly by intelligence officials.
"Emails, text messages, telephone records, access to Facebook and Twitter are then stored for years," it said.
The activities described are similar to those carried out by the U.S. National Security Agency, as described in documents leaked by former NSA contractor Edward Snowden.
The documents revealed that the NSA has access to vast amounts of Internet data such as emails, chat rooms and video from large companies such as Facebook and Google, under a program known as Prism.
They also showed that the U.S. government had gathered so-called metadata - such as the time, duration and numbers called - on all telephone calls carried by service providers such as Verizon.
France's DGSE was not immediately available for comment.
Le Monde said the French national security commission whose job it is to authorize targeted spying, and the parliamentary intelligence committee, had challenged the paper's report and said it worked in accordance with the law. It said the only body that collected communications information was a government agency controlled by the prime minister's office that monitors for security breaches.
Le Monde's report comes amid a storm over media allegations that Washington regularly spies on European citizens and embassies. The allegations, made in the German magazine Der Spiegel, sparked concern from data protection watchdogs and irked European governments just as major transatlantic trade talks are about to start.
Le Monde said France's DGSE was more interested in finding out who was speaking to whom than in combing through the content of private communications. It said the DGSE stored a mass of such metadata in the basement of its Paris headquarters.
France's seven other intelligence services, including domestic secret services and customs and money-laundering watchdogs, have access to the data and can tap into it freely as a means to spot people whose communications seem suspicious, whom they can then track with more intrusive techniques such as phone-tapping, Le Monde wrote.
The Guardian newspaper reported last month that Britain had a similar spying program on international phone and Internet traffic and was sharing vast quantities of personal information with the American NSA

Turkish Agent Hacked US Air Force Culture & Language Center Website

The official website of US Air Force Culture & Language Center (http://www.culture.af.mil) has been hacked, as a result highly sensitive personal details of military officials have been leaked online by Turkish Ajan Hackers.Reported hackread
One of the member of Turkish Ajan going with the handle of Maxney contacted me on Twitter, claiming the hack which shows hackers were able to edit and replace some of site content with the choice of their own, such as:

The leaked data was uploaded on SandSpace that consist of 236.05 KB rar file, distributed in 7 xls files which shows registration details, usernames, official and unofficial emails, computer names, ranks, experience details, spouse names, official and unofficial phone numbers, given assignments, experience and specialty details along with date of births of several US Air Force and other military officials such as LT Cols, Majors and Captains.
Another leaked file shows Doctrine details with 652 emails including @osan.af.mil ones with their encrypted passwords and IP addresses.
Link of targeted site with its zone-h mirror and leaked data are given below:
http://www.culture.af.mil/repository/index.aspx
http://www.zone-h.org/mirror/id/20188185
http://www.sendspace.com/file/mznw0i
After analyzing the data I have found it legit and never been leaked before, however it has full potential to put the US air force Culture & Language Center officials in trouble.
At the time of publishing this article, the website of US Air Force Culture & Language Center was down.