Wednesday, 11 March 2015

UNT center for information and cyber security to host workshop

 
The University of North Texas Center for Information and Cyber Security will host a Hot Topics in Network and Security workshop from 9 a.m. to 5 p.m. March 27 in the Austin Conference Room of the Ericsson Inc. campus, 6300 Legacy Drive in Plano.
Registration is free and lunch will be provided. Officials from the University of North Texas, National Science Foundation, Federal Communications Commission, Verizon, AT&T, Sprint, IBM, Cisco, Ericsson and Huawei Technologies will speak and host information sessions at the event.
The steering committee for the workshop includes Ram Dantu, UNT professor of computer science and engineering and director of the UNT Center for Information and Computer Security, as well as David Keathly and Mark Thompson, lecturers in the UNT department of computer science and engineering.

Ethiopia is Hacking US Journalists in Virginia Using Spyware

Italy’s security firm Hacking Team is providing Ethiopia with off-the-shelf spyware, and have been expanding their repressive reach far overseas in the United States.
A report from Citizen Lab, published February 12th, state that numerous journalists working for the Ethiopian Satellite Television Service (ESAT), were targeted by a member of Ethiopia’s internal information security apparatus: the Information Network Security Agency (INSA).
ESAT is a network of independent Ethiopian expat journalists operating out of Alexandria, Virginia.
ethiopia-is-hacking-us-journalists-in-virginia-using-spyware
Both attacks appear to have been carried out using Hacking Team’s Remote Control System (RCS) spyware. According to the Hacking Team product website, this software “is a solution designed to evade encryption by means of an agent directly installed on the device to monitor. Evidence collection on monitored devices is stealth and transmission of collected data from the device to the RCS server is encrypted and untraceable.”
What is most disturbing is that this sort of abuse should not even be possible using RCS because the Hacking Team’s Customer Policy clearly states that:
“We monitor the international geopolitical situation and we review potential customers before a sale to determine whether or not there is objective evidence or credible concerns that Hacking Team technology provided to the customer will be used to facilitate human rights violations.”
Ethiopia’s government is among the most oppressive political regimes on the African continent, only trailing Eritrea in its population of incarcerated journalists
Computers to be infected:
Using RCS, the INSA could, in theory, be used to spy on the activities of ESAT journalists and lead authorities back to the journalist’s local sources. The target’s computer would of course first have to be infected with the RCS spyware. In this case, it came in the form of a bogus Word attachment sent to Managing Director of ESAT, Neamin Zeleke, in December of last year.
Citizen Lab’s report suggests that not only did Hacking Team not suspend its service to Ethiopia’s government following a similar attack back in 2013. The Italian firm may have even provided the INSA with software updates in the year since. This despite published accusations against the government agency by targeted journalists and the government’s long history of political repression. That’s a clear violation of the company’s internal policing policy.
This latest attack against US-based journalists might lead to some meaningful changes in the Italian company’s policy, but it remains to be seen.

New York private investigator pleads guilty to computer hacking charge

A New York City-based private investigator has pled guilty to one charge of conspiracy to commit computer hacking, which carries a maximum sentence of five years.

Eric Saldarriaga allegedly hired hackers to access the email accounts of various victims, a Federal Bureau of Investigation (FBI) press release states. Saldarriaga allegedly had the hackers hand over login credentials, so he could access victims' accounts and review their communications.

Manhattan U.S. Attorney Preet Bharara said in the release: “Eric Saldarriaga crossed the line as a private investigator by hiring hackers to unlawfully and secretly access over 60 e-mail accounts, including accounts belonging to people he was investigating.”

Saldarriaga's victims allegedly included both people in whom his clients were interested as well as individuals in whom he had a personal interest.

CIA spies 'spying on iPhones'

US Military hacking team CIA brainiacs at least thought about, or experimented with, breaking the security of Apple's iPhones, iPads and OS X computers, it appears from leaked intelligence documents.
The intel agency wanted to crack the encrypted firmware stored on targeted iThings, and spy on selected users via poisoned apps, Snowden newsletter The Intercept reports, having obtained top-secret files on spook research. "Spies gonna spy," as one academic, Steven Bellovin, told the blog.
Team Greenwald reports that the CIA tried tampering with copies of ‪Apple‬'s ‪Xcode‬ – the iOS and OS X software development tool – to slip backdoors or key-loggers into selected applications. The crooked toolchain, inspired by Ken Thompson's description of a silently evil compiler, could also build iOS applications that secretly uploaded sensitive information from iPads and iPhones to a US government-controlled server.
CIA cyber-spies also wanted to find the decryption keys hidden in Apple's system-on-chip processors that unscramble the encrypted firmware in iPhones and iPads. Perhaps the spooks wanted to backdoor a copy of iOS, and encrypt it so that it could be secretly installed in an intercepted phone and still boot like a legit version.
These surveillance methods were presented at a secret conference known as the "Trusted Computing Base Jamboree", which takes place at a Lockheed Martin site in Northern Virginia each year since almost a decade ago. Attempts to crack Microsoft BitLocker disk encryption technology were also showcased at the confab.
The Intercept's 5,000-word story has attracted a degree of skepticism from independent security experts, partly because the techniques described have been discussed at Black Hat and other public conferences; there's no magic, here, in other words.
Crucially, though, the leaked documents demonstrate no evidence that the CIA's hacking efforts actually paid off. It's not confirmed whether the dodgy builds of Xcode were ever used by developers to unwittingly distribute backdoored apps to intelligence targets, for instance.
"There is nothing in the leaked information to suggest how successful the United States' intelligence agencies were in cracking Apple's encryption technology, nor how specific exploits might have been used," writes veteran security journalist Graham Cluley.
Previous Snowden leaks have documented how far spies have gone in achieving their objectives, something notably absent from the latest leaks. The report's authors Jeremy Scahill and Josh Begley acknowledge this in a paragraph buried some way through the story:
The documents do not address how successful the targeting of Apple’s encryption mechanisms have been, nor do they provide any detail about the specific use of such exploits by US intelligence.
Other experts claim that the Intercept's report is based on a misunderstanding of Apple's cryptography: the article (now corrected) incorrectly claimed the device group ID (GID) key is used to digitally sign apps as Apple to prove they are legit.
GID keys, built into Apple's processors, are instead used to decrypt a device's firmware so that it can be booted. This mechanism is supposed to stop people from running custom operating systems on iThings. According to The Intercept's sensitive documents, the CIA wanted to get hold of these GID keys.
"The GID [Group IDentification] key allows you to decrypt iDevice firmware files. It does not allow you to pretend to be Apple. For that you need to break RSA," according to iOS security guru Stefan Esser, who detailed his criticisms in a string of tweets.
"The abstract linked by The Intercept merely says that [the CIA] are working on extracting the GID key and that it is work in progress. Several [iOS] jailbreakers also tried hardware attacks to extract GID keys. Everybody with the capability did. So it's no surprise," he commented.
Crypto-boffin Thomas Ptacek added: "I don’t think The Intercept really groks hardware-embedded keys."
Rob Graham of Errata Security is dismissive of the newsworthiness of the CIA's attempted hacking and The Intercept's article.
"When CIA drones bomb a terrorist compound, iPhones will be found among the bodies. Or, when there is a terrorist suspect coming out of a dance club in Karachi, a CIA agent may punch them in the face and run away with their phone. However it happens, the CIA gets phones and wants to decrypt them," Graham added on his blog.
"Back in 2011 when this conference happened, the process of decrypting retrieved iPhones was time consuming (taking months), destructive, and didn't always work. The context of the presentation wasn't that they wanted to secretly spy on everyone's phones. The context was that they wanted to decrypt the phones they were getting."
He continued:
The CIA isn't modifying the Xcode that everyone uses; that would be impossible. If you have Xcode installed, no, you don't have to worry about the CIA. Nor is the CIA trying to sneak something into a popular app like Angry Birds. Instead, their goal is to target the hundred users of a hawala money transfer app used almost exclusively by legitimate targets.
Earlier this week it emerged that cyber-espionage will be a top priority for the CIA across all its departments and investigations, something that adds to the timeliness of The Intercept's report, at least.

Faux ‪pro-IS Facebook‬ shot down within hours of launch

ISIS leader Shakir Wahiyib with Facebook thumbs-up
A pro-Islamic State social network was pulled offline hours after its launch.
The network, 5elafabook, was supposedly set up in the wake of a ramp-up in efforts by Twitter to quickly shut down accounts promoting violent jihad. Facebook has likewise applied the ban-hammer on accounts spouting pro-Caliphate propaganda.
5elafabook – pronounced Khelafabook and meaning “Caliphate book”, said it was independent and not sponsored by the Islamic State. Nevertheless it shared the same worldview and key philosophical tennets, including obedience to Sharia law, the supposed glory of martyrdom and a shared ambition for IS to expand.
The site was ostensibly established as a social network for IS supporters.
Oddly, www.5elafabook.com was hosted in, of all countries, the US, and on a shared limited-resource platform. In addition, the site made no use of encryption. It's altogether too amateurish even to serve as a honeytrap, security researcher Rickey Gevers argues. "For an intelligence agency, this set-up is even way, way, too obvious and wouldn't make sense at all," Gevers wrytes in a blog post. "In my opinion, this is just a set-up chosen by an amateurish ISIL supporter or funny prankster."
Others, such as patriot hacker The Jester, quickly noted some of the same incongruous elements in the whole set-up.
Amateurish or not, the site caught the attention of Anonymous, elements of which later claimed responsibility for taking down the site.
Anonymous has an ongoing campaign against pro-IS websites, dubbed ‪#OpISIS‬. "All ‪#ISIS‬ website assets will go offline. ‪http://5elafabook.com ‬ has already quit. More to come. ‪#OpISIS‬ ‪#Anonymous‬," one Anonymous-affiliated account Tweeted triumphantly.
5elafabook.com went live as a clearly unfinished pre-beta on Sunday, before going offline around a day later. A linked Twitter account has been shut down and 5elafabook.com itself replaced by a message saying that it had temporarily suspended operations to "protect the information and details of it's [sic] members and their safety".
The site was apparently put together using Socialkit, a platform for the development of do-it-yourself social networks. "The site was registered with webservices company GoDaddy.com on March 3 and cited its home address as IS-controlled Mosul in Iraq, but its home country as Egypt [and] with an apparently false phone number there," Stuff.co.nz reports.
Screenshots (via a story in French newspaper Le Figaro) show a site whose login page had the look and feel of a Facebook clone, albeit one whose home page featured liberal use of the Caliphate emblem and a different colour scheme, put together in black and blue.

PayPal pays $60m for Israeli predictive security start-up

Precog spookery merchants obviously knew it was coming

Cartoon of fist clutching dollars smashing out of smartphone PayPal has confirmed a $60m acquisition of security intelligence firm CyActive.
The online payments firm, soon to be spun off from eBay, accompanied the announcement of the deal with plans to open a research hub in Israel.
CyActive, founded by ex IDF intelligence unit cyberspies in 2013, specialises in trying to predict the course of future malware using a combination of bio-inspired algorithms and an understanding of the hacking process. This analysis is used to help its clients (mostly enterprises to date) to stay ahead of hacking attacks.
In a blog post confirming the deal, CyActive co-founders Liran Tancman and Shlomi Boutnaru write about how thrilled they are to be joining PayPal.
Which is nice.
PayPal has gone shopping in Israel before, picking up financial fraud detection provider FraudSciences for $169 million back in 2008.