Posts Tagged ‘David Virgil Dafinoiu’

Threats to Mobile Devices Using the Android Operating System

Threats to mobile phonesAndroid is the world’s most widely used mobile operating system (OS) and continues to be a primary target for malware attacks due to its market share and open source architecture. Industry reporting indicates 44 percent of Android users are still using versions 2.3.3 through 2.3.7-known as Gingerbread-which were released in 2011 and have a number of security vulnerabilities that were fixed in later versions.

The growing use of mobile devices by federal, state, and local authorities makes it more important than ever to keep mobile OS patched and up-to-date. The following are some known security threats to mobile OS and mitigation steps:

Security Threat Description Mitigation Strategy
SMS (Text Message) Trojansrepresent nearly half of the malicious applications circulating today on older Android OS. Sends text messages to premium-rate numbers owned by criminal hackers without the user’s knowledge, potentially resulting in exorbitant charges for tile user. Install an Android security suite designed to combat these threats. These security suites can be purchased or downloaded free from the Internet.
Rootkits are malware that hide their existence from normal forms of detection. In late 2011, a software developer’s rootkit was discovered running on millions of mobile devices. Logs the user’s locations, keystrokes, and passwords without the user’s knowledge. Install the Carrier IQ Test–a free application that can detect and remove he malicious software.
Fake Google Play Domainsare sites created by cybercriminals. Google Play enables users to browse and download music, books, magazines, movies, television programs, and other applications. Tricks users into installing malicious applications that enable malicious actors to steal sensitive information, including financial data and log-in credentials. Install only approved applications and follow IT department procedures to update devices’ OS. Users should install and regularly update antivirus software for android devices to detect and remove any malicious applications.

The European Network and Information Security Agency (ENISA) recommends that honeypots be used to detect threats at an early stage

The European Network and Information Security Agency (ENISA) recommends that honeypots be used to detect threats at an early stage; the agency tested 30 current systems and came up with concrete recommendations.

Honeypots are digital traps used to analyse cyber attacks and their strategies and tools. In the study, ENISA tested honeypots for effectiveness and practicality, with a focus on open-source honeypots. The results are intended to help companies find the best digital traps for their particular situations and to promote further development in the area.

The evaluation system developed for the ENISA study places particular emphasis on user-friendliness. ENISA employees used the honeypot evaluation procedurePDF developed in 2006 by Christian Seifert, Ian Welch and Peter Komisarczuk as a basis for the system and added more “practical” categories. They also differentiated more between various types of honeypots; types tested include server-side honeypots, client-side honeypots, low-interaction honeypots, high-interaction honeypots, hybrid honeypots and sandboxes. Open source online honeypots for monitoring suspicious URLs were also evaluated.

As part of the study findings, ENISA recommends a number of digital traps, noting that dionaea, Glastopf, kippo and Honeyd are particularly easy to use. Among the client honeypots, Thug and Capture-HPC NG also received special mentions.

Read more here:

Rogue Microsoft Services Agreement Emails Lead to Latest Java Exploit

Hackers are distributing rogue email notifications about changes in Microsoft’s Services Agreement to trick people into visiting malicious pages that use a recently circulated Java exploit to infect their computers with malware. “We’re receiving multiple reports of a phishing campaign using the template from a legitimate Microsoft email regarding Important Changes to Microsoft Services Agreement and Communication Preferences…” The rogue email messages are copies of legitimate notifications that Microsoft sent out to users to announce changes to the company’s Services Agreement that will take effect in Oct.

However, in the malicious versions of the emails, the correct links have been replaced with links to compromised websites that host attack pages from the Blackhole exploit toolkit.  Read more here

Pentagon to recruit Russian hackers

An adviser to U.S. President Barack Obama said that the U.S. has a new plan to combat cyberwarfare.

The U.S. government has a plan to put the skills of the best hackers in the world to work fighting terrorism and designing security systems for government agencies. John Arquilla, an adviser to U.S. President Barack Obama’s and the man who coined the term“cyberwarfare” told the UK’s Guardian newspaper that the U.S. Defense Department plans to hire about 100 hackers, primarily Russians for the initiative.

Arquilla accused the Pentagon of wasting billions of dollars on “pointless aircraft carriers, tanks and planes at the expense of nimbler, leaner strategy” of spending on experts. He said that as a result the U.S. has fallen behind other superpowers in the global cyber race.

“We intend to set up something like the English Bletchley Park (where the UK ran decryption operations during World War II),” said Arquilla. “We will hire Russians and Asians. They are definitely the best code crackers in the world. I have already established contact with several very influential hackers. I even brought one to meet the CEO of a major company to evaluate the vulnerability of his information systems. He managed to break into the system in just a few minutes.”

Russian hackers do not rule out the possibility of cooperating with the U.S. government, provided it observes a number of crucial factors.

Said one hacker known as Zeus: “I’ll agree if they offer me a fair salary and good living accommodations. Another important thing is that my activities mustn’t be aimed at Russia. I don’t want to be a traitor. There’s a great deal of advantages in working in the U.S. like opportunities to realize my potential, high living standards and an evolved society.”

Another hacker said that working for the U.S. government is, on the one hand, fairly risky, but on the other hand, a very lucrative and stable business.

“Our task is to make sure those who agree to work for us have all they need. America has always lavishly spent money on the best specialists in the world. That’s why I’m sure we’ll persuade them to cooperate,” Arquilla said.

Source: Izvestia Ru

Cyber Arms Race Could Change the World Around Us

Source: RIA Novosti commentator Konstantin Bogdanov

The world is getting ready for a new arms race – this time in cyber weapons. What was previously considered to be the domain of semi-criminal marginal groups or a cheap way of expressing sociopathy is now attracting the interest of governments, who are considering producing weaponized software on an industrial scale.

Whereas before it was unclear what the endless “army cyber commands” and other sinecures were up to, the last two or three years have seen the appearance of very unpleasant evidence of serious work potentially capable of changing the image of the world as we know it.

We’ve seen nothing like this before

This was the initial reaction of Symantec analysts when they started looking into an incomprehensible computer worm nicknamed Stuxnet. Two major waves of spreading the worm were noted: the first version in summer 2009 and the second in spring 2010.

Developers found a rootkit (a set of malicious software programs that integrate into the system without being detected) which was a cyber-weapon masterpiece. According to experts, half a million euros might have been spent on developing this sophisticated piece of software. The worm was unique in every respect – it simultaneously used four earlier unknown Windows bugs and two genuine security certificates. At the same time Stuxnet carried out its main task (introduction, analysis of the environment and further expansion) in a very slow and unobtrusive manner.

The worm targeted industrial control systems, in particular a specific brand of Siemens industrial controllers. At the same time, the rootkit included control procedures for variable frequency drive converters of two specific brands (of Finnish and Iranian roots).

Moreover, experts said the worm was not rushing into these converters but gradually penetrated the industrial network, gathering information about its modes and fully establishing control over the computer monitoring system. Only once it had done this did the virus begin to gently “manipulate” parameter settings. It would take them out of action for a short time in order to disrupt the operation of the equipment.

Based on the distribution of the worm, experts established a potential target of attack: software-controlled centrifuges at the uranium-enrichment facility at Natanz, Iran.

In late November 2010, Iranian President Mahmoud Ahmadinejad said on the record that cyber attacks created “problems” in what he called a “limited” number of centrifuges. Naturally enough, this report evoked an instant response from the public and the media, crediting Stuxnet with the successful termination of Iran’s enrichment efforts.

Your hard work is not your achievement but their failing

There is, however, considerable doubt that the worm attack took place (or at least that it caused any noticeable results). Experts on computer and industrial security sounded the alarm but nuclear workers remained calm.

At any rate, IAEA experts who were directly in charge of monitoring the Natanz facility bluntly rejected any allegations that any disruptions in the work of the plant took place. Nonetheless, they admitted that the worm could in theory penetrate the facility’s computer network.

Their conclusions are understandable – there was no evidence of a drop in production at the uranium enrichment facility in Natanz, the supposed target of the attack. The rate of breakdown of centrifuges accelerated somewhat between November 2009 and January 2010, but that could be explained by the mass replacement of worn-out or low-quality Iranian-produced equipment. No evidence of any emergency at the plant was recorded.

Moreover, it seems that the worm’s developers may have outsmarted themselves. In working with frequency drive converters, they used the parameters that had been supplied by Iran through the IAEA. It is not clear whether this was a Tehran-inspired leak or whether these “brainiacs” simply used the first information that seemed authentic to them and did not bother checking it. In other words, anti-nuclear hackers were let down by the ignorance of the hardware they were planning to take over. Moreover, it is possible that the equipment at Natanz was not the intended target of the worm.

However, you could say the Iranians were lucky. The virus in the network was discovered very fast and adverse consequences were avoided. This is probably why no meaningful traces of the attack were found: the worm’s impact on Iran’s centrifuges was designed to be very subtle, causing increased wear and tear over a long period of time.

Smile you’re on camera

In the meantime, the “anonymous well-wisher” of the Iranian nuclear program has continued working. Stuxnet was followed by two most interesting rootkits: Duqu, which was discovered in September 2011, and Flame, which was intercepted in late May 2012.

Unlike the mischievous Stuxnet, which was targeted at industrial control systems, these viruses were more conventional, though no less dangerous.

Both rootkits could be described as comprehensive tracking systems that collected information from infected computers. They intercepted passwords, tracked key presses, recorded sound from an in-built microphone, took screenshots, gathered information on processed files and analyzed network traffic. This information was then encrypted and downloaded to an external master server.

Analysts believe that the approaches to the development of Stuxnet and Duqu are so similar that they may have a common platform. In any event, both rootkits are likely to have been created by the same team.

Flame is considered to be a separate product, but some of the solutions typical for it can be traced back to the first 2009 version of Stuxnet. This suggests that at least two groups of developers, who partially relied on each other’s work, might have been involved in this project.

“Olympic Games” for Iran

The intuitively obvious guess about who was behind these efforts was confirmed not long ago. In June 2012, The New York Times bluntly reported that Stuxnet and Flame were developed during the operation Olympic Games, a joint effort between two electronic intelligence agencies, the U.S. National Security Agency and Israel’s Unit 8200.

According to the newspaper’s sources, the operation was launched on the orders of George W. Bush. This is the estimated period for the development of Stuxnet and Flame. Having replaced Bush in the White House, Barack Obama ordered that this work be accelerated with a view to impeding Iran’s nuclear program. All efforts to this end were code-named Olympic Games.

On precisely the fifth day after the publication, The Wall Street Journal carried the official reaction to it: “The FBI has opened an investigation into who disclosed information about a classified U.S. cyber attack program aimed at Iran’s nuclear facilities…” No further comment is needed.

Don’t play with matches at a gas station

It does not matter whether Stuxnet’s “physical attack” on Iran’s centrifuges was a success or if it was introduced into the facility’s network but failed to do much damage.

This is a model of a cyber weapon which is aimed not so much against strictly “virtual” targets (such as private information or the proper functioning of information systems) as against the actual physical infrastructure.

Industrial control systems are widespread. They are the backbone of all automated modern production systems, including hazardous ones. Computer systems are used to run energy facilities, gas compressor stations and control traffic.

The development of an effective cyber weapon capable of putting such systems out of action could have disastrous consequences.

In this sense, we are at about the same stage as the world was between July 16 and August 6, 1945, after the United States tested its first nuclear device near Alamogordo but had not yet dropped any nuclear bombs on Japanese cities.

These new awkward cyber weapons, the development of which is sponsored by the leading powers, will be followed by others, more effective and more sophisticated. The problem is that such weapons can potentially do much more damage to advanced “critical infrastructures,” of which there is a higher number in the United States and Western Europe than in Asia. Those who have launched this race for cyber weapons are throwing stones while living in glass houses.

IARPA Wants to Build “Data Eye in the Sky” For Analyzing Internet Activity

Government Aims to Build a ‘Data Eye in the Sky’ (New York Times):

More than 60 years ago, in his “Foundation” series, the science fiction novelist Isaac Asimov invented a new science — psychohistory — that combined mathematics and psychology to predict the future.

Now social scientists are trying to mine the vast resources of the Internet — Web searches and Twitter messages, Facebook and blog posts, the digital location trails generated by billions of cellphones — to do the same thing.

The most optimistic researchers believe that these storehouses of “big data” will for the first time reveal sociological laws of human behavior — enabling them to predict political crises, revolutions and other forms of social and economic instability, just as physicists and chemists can predict natural phenomena.

“This is a significant step forward,” said Thomas Malone, the director of the Center for Collective Intelligence at the Massachusetts Institute of Technology. “We have vastly more detailed and richer kinds of data available as well as predictive algorithms to use, and that makes possible a kind of prediction that would have never been possible before.”

The government is showing interest in the idea. This summer a little-known intelligence agency began seeking ideas from academic social scientists and corporations for ways to automatically scan the Internet in 21 Latin American countries for “big data,” according to a research proposal being circulated by the agency. The three-year experiment, to begin in April, is being financed by the Intelligence Advanced Research Projects Activity, or Iarpa (pronounced eye-AR-puh), part of the office of the director of national intelligence.

The automated data collection system is to focus on patterns of communication, consumption and movement of populations. It will use publicly accessible data, including Web search queries, blog entries, Internet traffic flow, financial market indicators, traffic webcams and changes in Wikipedia entries.

It is intended to be an entirely automated system, a “data eye in the sky” without human intervention, according to the program proposal. The research would not be limited to political and economic events, but would also explore the ability to predict pandemics and other types of widespread contagion, something that has been pursued independently by civilian researchers and by companies like Google.

Some social scientists and advocates of privacy rights are deeply skeptical of the project, saying it evokes queasy memories of Total Information Awareness, a post-9/11 Pentagon program that proposed hunting for potential attackers by identifying patterns in vast collections of public and private data: telephone calling records, e-mail, travel data, visa and passport information, and credit card transactions.

“I have Total Information Awareness flashbacks when things like this happen,” said David Price, an anthropologist at St. Martin’s University in Lacey, Wash., who has written about cooperation between social scientists and intelligence agencies. “On the one hand it’s understandable for a nation-state to want to track things like the outbreak of a pandemic, but I have to wonder about the total automation of this and what productive will come of it.”

*IARPA – Intelligence Advanced Research Projects Activity

Department of Defense Strategy for Operating in Cyberspace

The Department of Defense released today the DoD Strategy for Operating in Cyberspace (DSOC). It is the first DoD unified strategy for cyberspace and officially encapsulates a new way forward for DoD’s military, intelligence and business operations.

The five primary pillars of the strategy are:
1st: DoD is treating cyberspace as an operational domain, like land, air, sea, and space.
2nd: DoD introducing new active cyber defenses. Active defenses use sensors, software and signatures to detect and stop malicious code; 3rd: Working with Department of Homeland Security and the private sector to protect critical infrastructure;
4th: DoD building collective cyber defenses with our allies and international partners; 5th: Enhance network security. A more secure and resilient internet is in everyone´s interest.

Dowload the document here: