Tag Archives: internet

'disturbing' levels of cyber-raids

Top GCHQ spook warns of ‘disturbing’ levels of cyber-raids • The Register.

With a crunch conference on government cyber-security starting tomorrow, the director of government spook den GCHQ, Iain Lobban, said Britain had faced a “disturbing” number of digital attacks in recent months.

Attackers had targeted citizens’ data, credit card numbers and industry secrets, Lobban said.

“I can attest to attempts to steal British ideas and designs – in the IT, technology, defence, engineering and energy sectors as well as other industries – to gain commercial advantage or to profit from secret knowledge of contractual arrangements,” the eavesdropping boss added in his article for The Times.

According to Foreign Secretary William Hague there were more than 600 “malicious” attacks on government systems every day, while criminals could snap up Brits’ stolen card details online for just 70 pence a throw.

The statement was paired with the announcement of a £650m investment in cyber-security over the next four years, with both Hague and Lobbman arguing that industry and government need to work together to pull off a safe, resilient system.

Countries that could not protect their banking systems and intellectual property will be at a serious disadvantage in future, Hague told The Times.

The government could have its work cut out, though: security software maker Symantec today suggests that businesses are cutting back on cyber-security and are less aware of and engaged with the big threats than they were last year. Symantec was specifically staring at industries integral to national security.

It found that only 82 percent of them participated in government protection programmes, down 18 points since last year.

Symantec reckoned that reduced manpower meant companies had less time to focus on big structural threats.

“The findings of this survey are somewhat alarming, given recent attacks like Nitro and Duqu that have targeted critical infrastructure providers,” said Dean Turner, a director at Symantec.

“Having said that, limitations on manpower and resources as mentioned by respondents help explain why critical infrastructure providers have had to prioritise and focus their efforts on more day-to-day cyber threats.” ®

NATO site hacked

NATO site hacked • The Register.

Bookshop opened

Free whitepaper – Electrical Efficiency Measurement for Data Centers

NATO is warning subscribers to its e-Bookshop service that hackers have likely stolen its customer database.

The site is run as a separate service for distributing NATO information and does not contain any classified or secret information.

The bookshop has been closed and all members been warned by email to change their passwords if they are using them for other websites or services.

The email said: “Our examinations show a possible compromise of user information (username, password, address and email address) for people who have ordered publications from the e-Bookshop or subscribed to our email service.

“If you use the same email and password on other web platforms it is highly recommended that you change your passwords.”

NATO members were warned last month of increasing threats from hackivist group Anonymous. Looks like their advice was right.

The organisation is beginning to take cyber-threats more seriously – late last year it designated cyber-defence as a critical capability.

There is no clue so far as to who is behind the attack. The organisation has been hit before, and has no shortage of enemies.

Meanwhile LulzSec released a bunch of documents purloined from Arizona Police.

NATO’s data breach statement is here. ®

Security Breach Roundup, June 2011

Travelodge still doesn’t know who hacked it • The Register.

Travelodge still doesn’t know who hacked it

Free whitepaper – Physical Security in Mission Critical Facilities

Travelodge is still trying to find out who got into their customer database and snaffled names and email addresses.

The budget chain told the Reg it has asked outside contractors to go through its systems to try and find the culprits.

A spokeswoman said:

In the last 24 hours, we have been conducting a comprehensive investigation to find out why a small group of our customers have received a spam email from a third party to their registered email address.   Investigative specialist experts in this field have been working around the clock to methodically eliminate the possible areas of concern. Our current findings have revealed that a small proportion of data contained on one of our marketing databases may have been compromised. This data related to customers names and email addresses only, which has been used for the spam email.We can further confirm no financial data has been stolen, accessed or compromised.

The breach first emerged on Thursday when customers started getting spam emails to addresses which had only been given to the hotel chain.

The Information Commissioner’s Office is investigating but stressed that hacking was primarily a matter for the police – provided Travelodge was taking proper care of the data of course. ®

***************************************************

Web Host Down Under Goes TitsUp After Hackage

Industry rallies following crippling online strike

Free whitepaper – Energy Efficient Cooling for Data Centers

Distressed domain hosting outfit Distribute.IT and its offshoot Click n Go have been acquired by larger competitor the Netregistry Group after a systematic hack attack brought down the company’s operations.

Neither party have disclosed the sale price or customer numbers but it is clear Distribute.IT’s priority was to ensure continuity of service after the hack crippled its network last week.

All of Distribute.IT’s customer base will be given the option of moving their services to the Netregistry Group.

Netregistry Group CEO Larry Bloch said:

We all have a great deal of sympathy and concern for the consequences to Distribute.IT staff, management and customers of this unfortunate incident. It is important to us that all Distribute.IT customers know the extent of effort to which Distribute IT have gone to rectify the damage. Distribute.IT had a very solid reputation – that comes from doing a good job for a long time. I want to remind customers of that excellence and ask for their patience and support as we work through the requirements to return services to all customers as rapidly as possible.

Bloch told customers that NetRegistry would honour all payments for hosting at Distribute.IT, but said that while it was assessing billing and payment history, it would give all Distribute.IT customers a free hosting service “as soon as humanly possible” so that they could upload their site and get their email addresses working.

The transaction is supported by domain administration agency auDA, which has been working closely with Distribute.IT management and NetRegistry through the saga.

The sale was quickly negotiated on Thursday morning. Up until late Wednesday night the Distribute.IT team was working with supporting companies such as data centre Micron21 to assist in migrating co-location clients to their facilities.

In an email to customers on Tuesday Distribute.IT support said:

All attempts to manage and stabilize the network and the storage have resulted in our security and network teams identifying further vulnerabilities in the configuration. This has resulted in the various lockouts of ports and loss of accessibility that you have experienced recently. In this climate of uncertainty, we would strongly recommend that you make preparations to migrate and transfer your requirements to another hosting/co-location provider.

Distribute.IT recommended to clients that they move to Micron21 for continuity or resumption of services for co-location, website and email hosting.

Micron21 James Braunegg said that Distribute.IT had worked “tirelessly” for its customers. “They have done the industry proud in coming back from a crisis and we are excited to be part of the recovery effort,” he said.

Braunegg also said that Micron21 may hire some of Distribute.IT’s staff, as it is currently recruiting.

auDA confirmed that Distribute.IT had advised the organisation that its hosting services, and not its domain name services, were the target of the attack.

“Distribute.IT has also advised auDA that it does not store any credit card data in its databases or logs, and so there has been no compromise to customers’ financial data. auDA can also confirm that .au registry data has not been compromised as a result of the security attacks on Distribute IT,” it said. ®

************************************************

Web authentication authority suffers security breach

Counterfeit certificates sought for high-profile sites

Free whitepaper – Creating Order from Chaos in Data Centers and Server Rooms

Yet another web authentication authority has been attacked by hackers intent on minting counterfeit certificates that would allow them to spoof the authenticated pages of high-profile sites.

Israel-based StartCom, which operates StartSSL suffered a security breach that occurred last Wednesday, the company said in a tersely worded advisory. The certificate authority, which is trusted by the Microsoft Internet Explorer, Google Chrome, and Mozilla Firefox browsers to vouch for the authenticity of sensitive websites, has suspended issuance of digital certificates and related services until further notice.

Eddy Nigg, StartCom’s CTO and COO, told The Register that the attackers targeted many of the same websites targeted during a similar breach in March against certificate authority Comodo. The hackers in the earlier attack managed to forge certificates for seven addresses, including Google mail, www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.com, and Microsoft’s login.live.com.

The earlier breach touched off a frantic effort by the world’s biggest browser makers to blacklist the counterfeit credentials before the hackers could use them to create spoof websites that contained a valid cryptographic stamp validating the sites’ authenticity. It took more than a week for the fraudulent credentials to be blocked in all browsers, and even then, many widely used email programs still weren’t updated.

The hackers behind the attack on StartCom failed to obtain any certificates that would allow them to spoof websites in a similar fashion, and they were also unsuccessful in generating an intermediate certificate that would allow them to act as their own certificate authority, Nigg said in an email. The private encryption key at the heart of the company’s operations isn’t stored on a computer that’s attached to the internet, so they didn’t get their hands on that sensitive document, either, he said.

Last week’s attack is at least the fifth time an entity that issues SSL, or secure sockets layer, certificates has been targeted. In all, four of Comodo’s resellers have suffered security breaches in the past three months.

The susceptibility of CAs to hackers represents one of the many significant vulnerabilities of the SSL system, which serves as the internet’s foundation of trust. Once a CA’s root certificate is included with a browser, it can be responsible for validating tens of thousands or hundreds of thousands of individual websites. That makes it impractical to remove the root certificate even if there is good reason to be wary of it.

Nigg declined to state how many certificates StartSSL has issued during its tenure, but he did say it is among the top 10 issuers. It is unclear when the CA will resume services. ®

 

And an old one that I missed before:

Teenage Girl Helps Anonymous Take Down Security Firm

HBGary’s nemesis is a ’16-year-old schoolgirl’

  • alert
  • print
  • tweet

Tales of mystery and imagination

Free whitepaper – The Advantages of Row and Rack-oriented Cooling Architectures for Data Centers

Forbes has bagged an interview with the “teenage girl” who supposedly played a key role in hacking security firm HBGary on behalf of Anonymous.

HBGary Federal earned the enmity of the loosely knit hacker collective by threatening to expose its membership at the B-Sides security conference last month. The security consultancy unwisely publicised the planned move, which followed weeks after members of Anonymous brought down the websites of MasterCard and PayPal in an act of cyber-solidarity/vandalism (take your pick) and in support of WikiLeaks.

However before HBGary execs had the opportunity to spill the beans, Anonymous turned the tables on the small security consultancy, using a variety of website exploits and social engineering tricks to deface its website and extract HBGary’s email database, which Anonymous then released as a torrent.

These files contained all sort of embarrassing snippets, including a pitch by HBGary to run a dirty tricks campaign against WikiLeaks on behalf of the Bank of America. Worse still, the files inadvertently revealed one of HBGary’s clients – Morgan Stanley – to be a victim of the Operation Aurora attacks in 2009.

The whole episode was hugely amusing, if you weren’t involved, and high profile enough for Stephen Colbert to devote a segment of the Colbert Report show to the hack in late January. Soon afterward, HBGary Federal chief exec Aaron Barr resigned in order to draw a line under the whole unfortunate business. Colbert described Barr as a victim of the “global hacker nerd brigade”.

A key part of the hack against HBGary involved the impersonation of Barr in an exchange of emails with an IT administrator (Nokia security specialist Jussi Jaakonaho) in order to gain access to HBGary’s servers. The hacker, who used social engineering trickery to persuade Jaakonaho to drop security defences and allow in-bound connections, has since identified herself as a 16-year-old girl called Kayla in an interview with Forbes.

Kayla supposedly got into computers at the age of around 14, chiefly because her father is a software engineer. She told Forbes that she had learned the basics quickly and soon began to take an interest in computer security, which led her towards learning how to hack databases. Kayla said she then went on to hack the content management system on 4chan’s notorious /b/ channel, the web home of weird smut.

The “youngster” supposedly began hanging around this forum, the birthplace of Anonymous, before joining in on web attacks supported by the free-wheeling group. She told Forbes that her dad knows about her activities and though he “disapproves”, he hasn’t “done anything about it”.

This sounds implausible and the supposed teenager’s refusal to talk to Forbes via Skype also appears shifty. Anonymous vouches for Kayla, which is hardly convincing because the group is notorious for pranks almost as much as anything else.

“Kayla” is concerned that the authorities might catch up to her, even though she takes various precautions.

“Each night she wipes every one of her web accounts and deletes every email in her inbox,” Forbes reports. “She has no physical hard drive and boots her computer from a microSD card,” it adds.

Forbes is careful to put caveats into its story, which makes an interesting yarn if nothing else. As one point the Forbes reporter put it to her interviewee that she is in fact a mid-20s “male from New Jersey named Corey Barnhill” (AKA Xyrix). Not a bit of it, claimed Kayla, I am Xyrix.

Of course you are. How could anyone think differently? ®

 

 

 

 

WikiLeaks wars: Digital conflict spills into real life

WikiLeaks wars: Digital conflict spills into real life – tech – 15 December 2010 – New Scientist.

Editorial: Democracy 2.0: The world after WikiLeaks

WHILE it is not, as some have called it, the “first great cyberwar“, the digital conflict over information sparked by WikiLeaks amounts to the greatest incursion of the online world into the real one yet seen.

In response to the taking down of the WikiLeaks website after it released details of secret diplomatic cables, a leaderless army of activists has gone on the offensive. It might not have started a war, but the conflict is surely a sign of future battles.

No one is quite sure what the ultimate political effect of the leaks will be. What the episode has done, though, is show what happens when the authorities attempt to silence what many people perceive as a force for freedom of information. It has also shone a light on the evolving world of cyber-weapons (see “The cyber-weapon du jour”).

WikiLeaks was subjected to a distributed denial of service (DDoS) attack, which floods the target website with massive amounts of traffic in an effort to force it offline. The perpetrator of the attack is unknown, though an individual calling himself the Jester has claimed responsibility.

WikiLeaks took defensive action by moving to Amazon’s EC2 web hosting service, but the respite was short-lived as Amazon soon dumped the site, saying that WikiLeaks violated its terms of service. WikiLeaks responded via Twitter that: “If Amazon are so uncomfortable with the first amendment, they should get out of the business of selling books”.

With WikiLeaks wounded and its founder Julian Assange in custody, a certain section of the internet decided to fight back. Armed with freely available software, activists using the name “Anonymous” launched Operation Avenge Assange, targeting DDoS attacks of their own at the online services that had dropped WikiLeaks.

With WikiLeaks wounded and its founder in custody, a section of the internet decided to fight back

These efforts have so far had limited success, in part due to the nature of Anonymous. It is not a typical protest group with leaders or an organisational structure, but more of a label that activists apply to themselves. Anonymous has strong ties to 4chan.org, a notorious and anarchic message board responsible for many of the internet’s most popular memes, such as Rickrolling and LOLcats. The posts of unidentified 4chan users are listed as from “Anonymous”, leading to the idea of a collective anonymous campaigning force.

This loose group has previously taken action both on and offline against a number of targets, including Scientologists and the Recording Industry Association of America, but the defence of WikiLeaks is their most high-profile action yet. Kristinn Hrafnsson, a spokesman for WikiLeaks, said of the attacks: “We believe they are a reflection of public opinion on the actions of the targets.”

The “public” have certainly played a key role. The kind of DDoS attacks perpetrated by Anonymous are usually performed by botnets – networks of “zombie” computers hijacked by malicious software and put to use without their owner’s knowledge. Although Anonymous activists have employed traditional botnets in their attacks, the focus now seems to be on individuals volunteering their computers to the cause.

“I think there are two groups of people involved,” says Tim Stevens of the Centre for Science and Security Studies at Kings College London. The first group are the core of Anonymous, who have the technological know-how to bring down websites. The second group are ordinary people angry at the treatment of WikiLeaks and wanting to offer support. “Anonymous are providing the tools for these armchair activists to get involved,” says Stevens.

The human element of Anonymous is both a strength and a weakness. Though the group’s freely available LOIC software makes it easy for anyone to sign up to the cause, a successful DDoS requires coordinated attacks. This is often done through chat channels, where conversations range from the technical – “I have Loic set to 91.121.92.84 and channel set to #loic, is that correct” – to the inane – “please send me some nutella ice cream”.

There are continual disagreements about who and when to attack, though new tactics also emerge from the chat, such as Leakspin, an effort to highlight some of the less-publicised leaks, and Leakflood, a kind of analogue DDoS that attempts to block corporate fax machines with copies of the cables.

These chat channels are also occasionally knocked offline by DDoS attacks. Some blame “the feds”, but could governments – US or otherwise – actually be involved? (see “Are states unleashing the dogs of cyberwar?”)

The US Department of Defense’s recently launched Cyber Command has a dual remit: to defend US interests online and conduct offensive operations. Cyber Command is meant to defend .mil and .gov web domains, but do commercial websites qualify too? “Is PayPal really that important to national security that the US military would have a role in defending it?” asks Stevens, who also teaches in the Department of War Studies at King’s College London. “The US doesn’t have an answer to that particular conundrum, and they’re not alone – nobody does”.

Is PayPal so important to national security that the US military would have a role in defending it?

The difficulty comes in assessing whether DDoS attacks are an act of cyberwar, a cybercrime or more akin to online civil disobedience.

Individual LOIC users may not even be breaking the law. “All that DDoS does is send the normal kind of traffic that a website receives,” says Lilian Edwards, professor of internet law at the University of Strathclyde in Glasgow, UK. “That has always been the legal problem with regulating DDoS – each individual act is in fact authorised by the site, but receiving 10 million of them isn’t.”

It’s hard to say what will happen next. Anonymous might continue its attempt to cause as much disruption as possible, but it could just as easily become fragmented and give up. With no leaders or central structure, it is unlikely to be stopped by a few arrests or server takedowns but may equally find it difficult to coordinate well enough to have an impact.

More worrying is the prospect that more organised groups may follow Anonymous’s example. If that happens, who will be responsible for stopping them – and will they be able to?

Read more: Are states unleashing the dogs of cyber war?