Pentagon to recruit Russian hackers

An adviser to U.S. President Barack Obama said that the U.S. has a new plan to combat cyberwarfare.

The U.S. government has a plan to put the skills of the best hackers in the world to work fighting terrorism and designing security systems for government agencies. John Arquilla, an adviser to U.S. President Barack Obama’s and the man who coined the term“cyberwarfare” told the UK’s Guardian newspaper that the U.S. Defense Department plans to hire about 100 hackers, primarily Russians for the initiative.

Arquilla accused the Pentagon of wasting billions of dollars on “pointless aircraft carriers, tanks and planes at the expense of nimbler, leaner strategy” of spending on experts. He said that as a result the U.S. has fallen behind other superpowers in the global cyber race.

“We intend to set up something like the English Bletchley Park (where the UK ran decryption operations during World War II),” said Arquilla. “We will hire Russians and Asians. They are definitely the best code crackers in the world. I have already established contact with several very influential hackers. I even brought one to meet the CEO of a major company to evaluate the vulnerability of his information systems. He managed to break into the system in just a few minutes.”

Russian hackers do not rule out the possibility of cooperating with the U.S. government, provided it observes a number of crucial factors.

Said one hacker known as Zeus: “I’ll agree if they offer me a fair salary and good living accommodations. Another important thing is that my activities mustn’t be aimed at Russia. I don’t want to be a traitor. There’s a great deal of advantages in working in the U.S. like opportunities to realize my potential, high living standards and an evolved society.”

Another hacker said that working for the U.S. government is, on the one hand, fairly risky, but on the other hand, a very lucrative and stable business.

“Our task is to make sure those who agree to work for us have all they need. America has always lavishly spent money on the best specialists in the world. That’s why I’m sure we’ll persuade them to cooperate,” Arquilla said.

Source: Izvestia Ru

Hackers expose login details of 450,000 Yahoo! users

The security details of almost half a million internet users have been compromised, after hackers posted what appear to be login credentials to online accounts. Yahoo has confirmed the security breach.

The material was posted by a hacking collective known as D33Ds Company, according to Ars Technica. The group said in a statement at the bottom of the data that they used a technique known as a union-based SQL injection, which preys on poorly-secured web applications.

The hackers claim the information was gathered from a service on the Yahoo network.

The subdomain may to belong to Yahoo Voices, a contribution service which allows user-generated content to be published online, according to security firm Trusted Sec.

The method attacks sites that do not properly examine text which is entered into search boxes and other input fields. Hackers then inject database commands which trick servers into sharing large amounts of sensitive information.

Experts say the passwords were not encrypted – making them vulnerable for any hacker to immediately gain access to online accounts.

Members of D33Ds say they intend the hack to be used as a “wake-up call.”

“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” the hackers said in their statement. “There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly.”

The latest entries in the information appear to be from accounts created in 2006, which may imply the data is old, or no longer in use.

Android Forums and Formspring were attacked at the same time. They encrypted the passwords that they stored, although there is still a possibility that they could be cracked.

Users are being encouraged to change their passwords immediately, and to check whether they used the same login details for other online services.

It is not yet known whether the three attacks are linked.

Source: RT and Agencies

Cyber Arms Race Could Change the World Around Us

Source: RIA Novosti commentator Konstantin Bogdanov

The world is getting ready for a new arms race – this time in cyber weapons. What was previously considered to be the domain of semi-criminal marginal groups or a cheap way of expressing sociopathy is now attracting the interest of governments, who are considering producing weaponized software on an industrial scale.

Whereas before it was unclear what the endless “army cyber commands” and other sinecures were up to, the last two or three years have seen the appearance of very unpleasant evidence of serious work potentially capable of changing the image of the world as we know it.

We’ve seen nothing like this before

This was the initial reaction of Symantec analysts when they started looking into an incomprehensible computer worm nicknamed Stuxnet. Two major waves of spreading the worm were noted: the first version in summer 2009 and the second in spring 2010.

Developers found a rootkit (a set of malicious software programs that integrate into the system without being detected) which was a cyber-weapon masterpiece. According to experts, half a million euros might have been spent on developing this sophisticated piece of software. The worm was unique in every respect – it simultaneously used four earlier unknown Windows bugs and two genuine security certificates. At the same time Stuxnet carried out its main task (introduction, analysis of the environment and further expansion) in a very slow and unobtrusive manner.

The worm targeted industrial control systems, in particular a specific brand of Siemens industrial controllers. At the same time, the rootkit included control procedures for variable frequency drive converters of two specific brands (of Finnish and Iranian roots).

Moreover, experts said the worm was not rushing into these converters but gradually penetrated the industrial network, gathering information about its modes and fully establishing control over the computer monitoring system. Only once it had done this did the virus begin to gently “manipulate” parameter settings. It would take them out of action for a short time in order to disrupt the operation of the equipment.

Based on the distribution of the worm, experts established a potential target of attack: software-controlled centrifuges at the uranium-enrichment facility at Natanz, Iran.

In late November 2010, Iranian President Mahmoud Ahmadinejad said on the record that cyber attacks created “problems” in what he called a “limited” number of centrifuges. Naturally enough, this report evoked an instant response from the public and the media, crediting Stuxnet with the successful termination of Iran’s enrichment efforts.

Your hard work is not your achievement but their failing

There is, however, considerable doubt that the worm attack took place (or at least that it caused any noticeable results). Experts on computer and industrial security sounded the alarm but nuclear workers remained calm.

At any rate, IAEA experts who were directly in charge of monitoring the Natanz facility bluntly rejected any allegations that any disruptions in the work of the plant took place. Nonetheless, they admitted that the worm could in theory penetrate the facility’s computer network.

Their conclusions are understandable – there was no evidence of a drop in production at the uranium enrichment facility in Natanz, the supposed target of the attack. The rate of breakdown of centrifuges accelerated somewhat between November 2009 and January 2010, but that could be explained by the mass replacement of worn-out or low-quality Iranian-produced equipment. No evidence of any emergency at the plant was recorded.

Moreover, it seems that the worm’s developers may have outsmarted themselves. In working with frequency drive converters, they used the parameters that had been supplied by Iran through the IAEA. It is not clear whether this was a Tehran-inspired leak or whether these “brainiacs” simply used the first information that seemed authentic to them and did not bother checking it. In other words, anti-nuclear hackers were let down by the ignorance of the hardware they were planning to take over. Moreover, it is possible that the equipment at Natanz was not the intended target of the worm.

However, you could say the Iranians were lucky. The virus in the network was discovered very fast and adverse consequences were avoided. This is probably why no meaningful traces of the attack were found: the worm’s impact on Iran’s centrifuges was designed to be very subtle, causing increased wear and tear over a long period of time.

Smile you’re on camera

In the meantime, the “anonymous well-wisher” of the Iranian nuclear program has continued working. Stuxnet was followed by two most interesting rootkits: Duqu, which was discovered in September 2011, and Flame, which was intercepted in late May 2012.

Unlike the mischievous Stuxnet, which was targeted at industrial control systems, these viruses were more conventional, though no less dangerous.

Both rootkits could be described as comprehensive tracking systems that collected information from infected computers. They intercepted passwords, tracked key presses, recorded sound from an in-built microphone, took screenshots, gathered information on processed files and analyzed network traffic. This information was then encrypted and downloaded to an external master server.

Analysts believe that the approaches to the development of Stuxnet and Duqu are so similar that they may have a common platform. In any event, both rootkits are likely to have been created by the same team.

Flame is considered to be a separate product, but some of the solutions typical for it can be traced back to the first 2009 version of Stuxnet. This suggests that at least two groups of developers, who partially relied on each other’s work, might have been involved in this project.

“Olympic Games” for Iran

The intuitively obvious guess about who was behind these efforts was confirmed not long ago. In June 2012, The New York Times bluntly reported that Stuxnet and Flame were developed during the operation Olympic Games, a joint effort between two electronic intelligence agencies, the U.S. National Security Agency and Israel’s Unit 8200.

According to the newspaper’s sources, the operation was launched on the orders of George W. Bush. This is the estimated period for the development of Stuxnet and Flame. Having replaced Bush in the White House, Barack Obama ordered that this work be accelerated with a view to impeding Iran’s nuclear program. All efforts to this end were code-named Olympic Games.

On precisely the fifth day after the publication, The Wall Street Journal carried the official reaction to it: “The FBI has opened an investigation into who disclosed information about a classified U.S. cyber attack program aimed at Iran’s nuclear facilities…” No further comment is needed.

Don’t play with matches at a gas station

It does not matter whether Stuxnet’s “physical attack” on Iran’s centrifuges was a success or if it was introduced into the facility’s network but failed to do much damage.

This is a model of a cyber weapon which is aimed not so much against strictly “virtual” targets (such as private information or the proper functioning of information systems) as against the actual physical infrastructure.

Industrial control systems are widespread. They are the backbone of all automated modern production systems, including hazardous ones. Computer systems are used to run energy facilities, gas compressor stations and control traffic.

The development of an effective cyber weapon capable of putting such systems out of action could have disastrous consequences.

In this sense, we are at about the same stage as the world was between July 16 and August 6, 1945, after the United States tested its first nuclear device near Alamogordo but had not yet dropped any nuclear bombs on Japanese cities.

These new awkward cyber weapons, the development of which is sponsored by the leading powers, will be followed by others, more effective and more sophisticated. The problem is that such weapons can potentially do much more damage to advanced “critical infrastructures,” of which there is a higher number in the United States and Western Europe than in Asia. Those who have launched this race for cyber weapons are throwing stones while living in glass houses.

Chinese Spy Device in Hong Kong Cars: Apple Daily

Source: Daily Mail

Chinese authorities may be listening in on travelers’ conversations in Hong Kong, with a device that’s been installed on thousands of vehicles, according to Hong Kong’s Apple Daily newspaper.

Authorities in Shenzhen have been installing “inspection and quarantine cards” on dual-plate Chinese and Hong Kong vehicles since 2007. They’re apparently for tracking cars crossing the border. But Apple Daily says these devices are capable of much more. In fact, experts who examined the devices—taken apart by Apple Daily—say they can be used for eavesdropping, and can send signals up to 12 miles away.

Apple Daily says smugglers were the first to suspect these devices. They thought it was strange that border agents were able to precisely track down vehicles used for smuggling goods.

Shenzhen authorities denied the allegations, when Apple Daily approached them. But the claims have made travelers uneasy, especially those who discuss private business matters during their travels between Hong Kong and Mainland China.

LinkedIn’s Leaky Mobile App Has Access to Your Meeting Notes

LinkedIn mobile app subscribers may be surprised to learn that the calendar entries on their iPhones or iPads— which may include details about meeting locations, participants, dial-in information, passwords and sensitive meeting notes — are transmitted back to LinkedIn’s servers without their knowledge.

The researchers, Yair Amit and Adi Sharabani, discovered that LinkedIn’s mobile app for iOS, Apple’s mobile operating system, included an opt-in feature that allows users to view their iOS calendar entries within the app. Once users opt in to that feature, however, LinkedIn automatically transmits their calendar entries to its servers. LinkedIn grabs details for every calendar on the iOS device, which may include both personal and corporate calendar entries.

That practice, which is not communicated to users, may violate Apple’s privacy guidelines, which expressly prohibit any app from transmitting users’ data without their permission. A similar practice came to light earlier this year when a developer noticed that Path, the popular mobile social network, was uploading entire address books to its servers without users’ knowledge. That practice came under scrutiny by members of Congress. In response, Path said it would stop the practice and destroy the data it had collected.

More here: http://bits.blogs.nytimes.com/2012/06/05/linkedins-leaky-mobile-app-has-access-to-your-meeting-notes/

Iran targeted by ‘Flame’ espionage virus

Source: The Telegraph

Iranian computer networks have been targeted by a cyber espionage virus many   times more complicated than any malicious software ever seen before,   security experts have said.

The virus, named Flame or Skywiper, could only have been created by a state,   according to analysts who have investigated it and the pattern of infection.

The results of our technical analysis support the hypotheses that Skywiper was   developed by a government agency of a nation state with significant budget   and effort, and it may be related to cyber warfare activities,” said Crysys   Lab, a unit that investigates computer viruses at Budapest University.

The discover of the Flame/Skywiper, which may have been in circulation for   more than five years, offers further confirmation of the secret battle being   waged by intelligence agencies online.

Although its purpose is to steal information rather than cause physical   damage, Flame/Skywiper is said to be a much more complicated piece of   malicious software than Stuxnet, the groundbreaking virus designed to   cripple Iranian uranium enrichment.

“Information gathering from a large network of infected computers was   never crafted as carefully,” Crysys Lab said.

“It covers all major possibilities to gather intelligence, including   keyboard, screen, microphone, storage devices, network, WiFi, Bluetooth, USB   and system processes.”

In their preliminary   technical report, the investiagtors describe unprecedented layers of   software, designed to allow Flame/Skywiper to penetrate computer networks   undetected. The 20MB file, which infects Microsoft Windows computers, has   five encryption algorithms, exotic data storage formats and the ability to   steal documents, spy on computer users and more.

Various components of Flame/Skywiper enable those behind it, who use a network   of rapidly-shifting “command and control” servers to direct the virus, to   turn microphone into listening devices, siphon off documents and log   keystrokes.

Eugene Kaspersky, the founder of the Russian anti-virus firm Kaspersky Lab,   which has also analysed the virus, noted that “it took us 6 months to   analyze Stuxnet. [This] is 20 times more complicated”.

Iran’s Computer Emergency Response Team, Maher, today issued a statement   claiming Flame/Skywiper was “a close relation” of Stuxnet, which   has itself been linked to Duqu, another complicated information-stealing   virus is believed to be the work of state intelligence. Many experts suspect   Stuxnet was created by the United States and Israel.

Crysys Lab said the technical evidence for a link between Flame/Skywiper and   Stuxnet or Duqu was inconclusive, however. While they shared many common   components, the newly-discovered virus bears little resemblance; for   instance Flame/Skywiper does not spread itself automatically but only when   hidden controllers allow it.

In its statement, published online, Maher said selected organisations had been   given software to detect and remove the newly-discovered virus at the   beginning of May.

As well as Iran, Flame/Skywiper infections have been detected in the West   Bank, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.

FBI: Hundreds Of Thousands May Lose Internet In July

WASHINGTON (AP) — For computer users, a few mouse clicks could mean the difference between staying online and losing Internet connections this summer.

Unknown to most of them, their problem began when international hackers ran an online advertising scam to take control of infected computers around the world. In a highly unusual response, the FBI set up a safety net months ago using government computers to prevent Internet disruptions for those infected users. But that system is to be shut down.

The FBI is encouraging users to visit a website run by its security partner, http://www.dcwg.org , that will inform them whether they’re infected and explain how to fix the problem. After July 9, infected users won’t be able to connect to the Internet.

Most victims don’t even know their computers have been infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

Last November, the FBI and other authorities were preparing to take down a hacker ring that had been running an Internet ad scam on a massive network of infected computers.

“We started to realize that we might have a little bit of a problem on our hands because … if we just pulled the plug on their criminal infrastructure and threw everybody in jail, the victims of this were going to be without Internet service,” said Tom Grasso, an FBI supervisory special agent. “The average user would open up Internet Explorer and get ‘page not found’ and think the Internet is broken.”

On the night of the arrests, the agency brought in Paul Vixie, chairman and founder of Internet Systems Consortium, to install two Internet servers to take the place of the truckload of impounded rogue servers that infected computers were using. Federal officials planned to keep their servers online until March, giving everyone opportunity to clean their computers. But it wasn’t enough time. A federal judge in New York extended the deadline until July.

Now, said Grasso, “the full court press is on to get people to address this problem.” And it’s up to computer users to check their PCs.

This is what happened:

Hackers infected a network of probably more than 570,000 computers worldwide. They took advantage of vulnerabilities in the Microsoft Windows operating system to install malicious software on the victim computers. This turned off antivirus updates and changed the way the computers reconcile website addresses behind the scenes on the Internet’s domain name system.

The DNS system is a network of servers that translates a web address — such as www.ap.org — into the numerical addresses that computers use. Victim computers were reprogrammed to use rogue DNS servers owned by the attackers. This allowed the attackers to redirect computers to fraudulent versions of any website.

The hackers earned profits from advertisements that appeared on websites that victims were tricked into visiting. The scam netted the hackers at least $14 million, according to the FBI. It also made thousands of computers reliant on the rogue servers for their Internet browsing.

When the FBI and others arrested six Estonians last November, the agency replaced the rogue servers with Vixie’s clean ones. Installing and running the two substitute servers for eight months is costing the federal government about $87,000.

The number of victims is hard to pinpoint, but the FBI believes that on the day of the arrests, at least 568,000 unique Internet addresses were using the rogue servers. Five months later, FBI estimates that the number is down to at least 360,000. The U.S. has the most, about 85,000, federal authorities said. Other countries with more than 20,000 each include Italy, India, England and Germany. Smaller numbers are online in Spain, France, Canada, China and Mexico.

Vixie said most of the victims are probably individual home users, rather than corporations that have technology staffs who routinely check the computers.

FBI officials said they organized an unusual system to avoid any appearance of government intrusion into the Internet or private computers. And while this is the first time the FBI used it, it won’t be the last.

“This is the future of what we will be doing,” said Eric Strom, a unit chief in the FBI’s Cyber Division. “Until there is a change in legal system, both inside and outside the United States, to get up to speed with the cyber problem, we will have to go down these paths, trail-blazing if you will, on these types of investigations.”

Now, he said, every time the agency gets near the end of a cyber case, “we get to the point where we say, how are we going to do this, how are we going to clean the system” without creating a bigger mess than before.

Stuxnet planted by Iranian double agent for Israel

By Kevin McCaney

An Iranian double agent working for Israel used a memory stick to plant the Stuxnet virus that disrupted Iran’s nuclear program, according to a published report quoting current and former U.S. intelligence officials.

Richard Sale, writing for ISSSource, said the agent, probably a member of an Iranian dissident group, used a corrupt memory stick.32 to implant the virus at the Natanz nuclear facility, according to the sources.

Iranian proxies, dissidents acting as double agents, also have been involved in assassinating Iran’s nuclear scientists, the sources reportedly told Sale.

Stuxnet, likely the first example of weaponized malware, was already known to have spread via memory sticks, or key drives. Introduced in late 2009, it spread quickly to systems around the world, although it was designed for only one purpose: to attack a specific version of a Siemens programmable logic controller (PLC) that was used in centrifuges for uranium enrichment at Iran’s nuclear facilities.

The worm, which used four zero-day exploits in its attacks, disrupted the rotational frequency of the centrifuges, and ultimately damaged Iran’s nuclear program, according to an International Atomic Energy Agency report.

Uranium enrichment at the Natanz plant was shut down for seven days in November 2010. Reuters reported in February that engineers had finally succeeded in scrubbing Stuxnet from their systems.

Because of its complexity and its specific target, Stuxnet has been thought to be the work of a nation-state, and the United States and Israel have often been mentioned as possibly being behind it. ISSSource — or Industrial Safety and Security Source, a site that reports on manufacturing security and safety issues — has reported that Stuxnet was part of a joint U.S.-Israeli effort aimed at Iran. (The sources who told Sale about the assassination of Iranian scientists said, however, that the United States was unaware of those operations.)

Stuxnet’s success in disrupting nuclear processing in Iran has raised fears about what similarly designed malware could do if it attacked facilities in the United States and elsewhere.

In January, Kaspersky Labs said its researchers determined that Stuxnet and Duqu, a close variant that has been found gathering information on industrial systems in Europe, are likely part of a much larger family of malware, and that future Stuxnet-style attacks are likely.

That type of malware could be used to attack power grids, water processing plants and other critical infrastructure facilities. The Homeland Security Department in November confirmed earlier research showing that prisons, which use PLCs to control doors, video systems, alarms and intercoms, are vulnerable to a Stuxnet-like worm.

The fact that much of the infrastructure in the United States in privately owned, rather than government-owned as in Iran, also could complicate the response to such attacks.

US military dating website hacked, 170,000 emails leaked

The hacking group LulzSec Reborn claims to have attacked a military dating website.

In its announcement on the pastebin.com website, the group said it has leaked 170,937 military emails from MilitarySingles.com website.

“There are emails such as @us.army.mil ; @carney.navy.mil ; @greatlakes.cnet.navy.mil ; @microsoft.com ; etc..,” the hackers said. They also provided links for downloading the data.

Militarysingles.com is a dating website aiming at connecting single soldiers. In response to the attack, the site has enacted a “series of security procedures”, the chief executive of the company said.

“Regardless of whether it was a true or false claim, we are treating it as though it is true just to be safe,” Robert Goebel told the LA Times. He added that the website has a total of 140,000 accounts against almost 171,000 claimed by the hackers. There are doubts the attack took place at all, he added.

At the same time, the group has reported a successful hack of the CSS Corp., a private global information and communications technology company financially backed by several private equity groups, including Goldman Sachs. LulzSec claims to have dumped the whole company’s database, including email addresses, names, usernames, passwords, and IDs. They posted part of the data to Pastebin with a link to download the rest.

LulzSec is an offshoot of the Anonymous hacker collective, suffered a major blow after several of its activists were arrested. The group’s members were implicated by Hector Xavier Monsegur, known by a nickname Sabu, who had cooperated with the FBI.

Despite FBI claiming it has “beheaded” the group, Anonymous announced that this would have no effect as LulzSec “had been dead a long-time.”

The head of Interpol: ‘Terrorists plan on email. And we can’t track them’

Ronald Noble: ‘Terrorists plan on email. And we can’t track them’

Source: (Independent.co.uk):

As a former head of the US Secret Service, Ronald Noble knows only too well how terrorism, drug-smuggling and people-trafficking cross borders which individual police forces cannot. He is now Secretary General of Interpol, and a specialist team from the organisation he has spent 11 years rebuilding will next summer help the Metropolitan Police combat those crimes and others, during the huge security operation protecting the 2012 Olympic Games.

Meeting The Independent before visiting Scotland Yard to discuss arrangements for the Games, Mr Noble said he recognised that some people are scared the event could bring an increased threat of violence to the UK.

“In terms of terrorist activity, there is talk, there is chatter, that follows any major event,” he says, but adds Interpol has “not seen or heard terrorists saying we’re going to target this event”.

“We try to think like terrorists would think,” he continues. “A smart terrorist would know that if the world’s attention is focused on something and they commit a terrorist act it will help them create the kind of fear that would make people want to leave London.

[…]

“My concern is that the people planning that attack – that nuclear attack, that bio-terrorist attack, that attack that should concern us all as a world – would be able to plan it more effectively because we don’t have a network in place for tracing the source of email messages on the internet,” he says.

“One of the things I want to do … is to create a cyber-fusion centre, where police around the world can go to one place quickly and find out the source of any kind of message or communication that’s come across the internet.”

That in itself may alarm some. But Mr Noble emphasises the centre will only target specific, suspicious emails, saying it simply could not track all the messages from billions of innocent people even if Interpol wanted it to.

Nevertheless, some civil liberties groups have questioned Interpol’s accountability and transparency.