Flame, a highly sophisticated virus that was first discovered in Iranian oil refineries, and is supposedly the result of a U.S. and Israel joint effort to slow down Iran's nuclear program, reports The Washington Post. The information comes from multiple Western officials who purportedly have knowledge of the project, but of course want to remain anonymous.
This shouldn't come as a surprise considering the U.S. were unveiled as using the volatile Stuxnet virus, where The New York Times reported about Operation: Olympic Games, which is a project that used Stuxnet and Duqu, both sophisticated viruses. These viruses targeted Iranian SCADA systems, that allowed the creators of this virus to gather intelligence and even control aspects of Iran's nuclear and oil refining facilities.
Stuxnet code has been found within the Flame virus, according to security researchers, which is an unofficial confirmation that the creators of the Stuxnet virus (the U.S. government) are also behind this new nasty virus. Once this was discovered, in Get Smart fashion, the virus began to self-destruct, hastily removing itself from infected computers... not suss, huh?
LulzSec, a hacking group responsible for many hacks last year, has been fairly quiet this year after their leader allegedly worked with law enforcement to bring charges against its members. Now, however, LulzSec Reborn has taken over and started hacking, mainly compromising user accounts and leaking the details.
LulzSec Reborn has had two major hacks this year and otherwise has been quiet. The first was a leaking of 170,000 MilitarySingles accounts on Pastebin and now they are taking responsibility for the leaking of 10,000 Twitter accounts on Pastebin. The latter, today's leak, features much more information than a traditional password hack.
The leak comes in the form of an SQL dump which features usernames, passwords, real names, bios, locations, avatars, security tokens used by the service for authentication with Twitter and the user's most recent Tweet. The hack comes from compromising a third-party site that required the login information to work.
LulzSec Reborn compromised TweetGif, a site which allows users to post animated GIFs to their feed. TweetGif isn't a very large service and only has around 75,000 global visitors. The company's Twitter only has around 700 followers. Often compromises such as this come from third-party services which require a username/password combo to work.
It's not known if LulzSec Reborn features any of the members in the original hacking collective.
A new discovery has been made by a Cambridge University researcher that a chip used by the US military features a security backdoor which could have massive implications on on national security. The chip, which was built in China, cannot simply be reprogrammed as the security backdoor is physically present on the silicon.
Sergei Skorobogatov of Quo Vadis Labs at Cambridge University said:
Our aim was to perform advanced code breaking and to see if there were any unexpected features on the (US Military) chip. We scanned the silicon chip in an affordable time and found a previously unknown backdoor inserted by the manufacturer. This backdoor has a key, which we were able to extract. If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key. This particular chip is prevalent in many systems from weapons, nuclear power plants to public transport. In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems. The scale and range of possible attacks has huge implications for National Security and public infrastructure.
Now, let's be fair: it isn't a sure thing that the backdoor was introduced by the Chinese. It's more probable that the backdoor was present in the original design as a debugging tool for the designer. This is a common practice and these backdoors are often present and not malicious.
Microsoft has left an unpatched exploit in Windows 8 Consumer Preview. The exploit works on Windows 7, Windows Server 2008 R2 and Windows 8 Consumer Preview and has been documented and known for a while. The details of the exploit are pretty simple and can be done in under a minute if one is a fast typist.
The general idea behind the exploit is to be able to run an elevated command prompt without even being logged in. It works by making a simple change in the registry so that when sticky keys is activated it launches the command prompt instead. The hack is virtually undetectable as all it is is a simple change in registry value.
To do the exploit one only needs to open command prompt once on the target PC and enter the code below. Once done, the hacker can return to the workstation at any point later in time and launch an administrator level command prompt just by pressing shift 5 times in a row. This could be of a serious nature for many different people, especially a business.
REG ADD "HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssethc.exe" /v Debugger /t REG_SZ /d "C:windowssystem32cmd.exe"
Microsoft, at the time of writing, has yet to issue a statement regarding the exploit.
Anonymous have dumped 1.7GB of data belonging to the US Department of Justice, and on the flip side, the DoJ have downplayed the sensitivity of the data siphoned from their website. Anonymous says that the information they have includes "internal e-mails", and "the entire database dump" from the website.
Anonymous' leak was announced alongside a torrent with the 1.7GB of data inside, as well as a statement:
Today we are releaseing [sic] 1.7GB of data that used to belong to the United States Bureau of Justice, until now. Within the booty you may find lots of shiny things such as internal emails, and the entire database dump. We Lulzed as they took the website down after being owned, clearly showing they were scared of what inevitably happened.
Hate pre-installed versions of completely useless software on your PC? Well, take your PC into a Microsoft Store, pay them $99 and they'll install a clean copy of Windows onto your PC for you. Handy. The new program is a branch from Microsoft's "Signature" PC initiative, which sells bloatware-free versions of PCs from Microsoft's partners in Microsoft Stores.
The Redmond-based company is willing to change any computer into a Signature PC, if the customers wish to do so, and bring their PC into a Microsoft Store and pay the $99 fee. Signature PCs sport Microsoft Windows Live Essentials program, the ad-supported Word and Excel-only Microsoft Office Starter Edition, the Microsoft Security Essentials anti-virus package, and Zune media player software.
Users can opt-out of having these programs installed, and can also specify which other third-party browsers or programs get installed. Included is 90 days of free phone support. The only issue I have with this, is Microsoft created this problem (allowing bloatware to be used and installed by OEMs) and are now cashing in on it. But, at least they're trying to dig out of the hole, and not make it deeper, I suppose.
The Mac-based Flashback Trojan caused a world of hurt for some, and really tarnished Apple's invincible mantra to viruses, and such. But, the maker of the Flashback Trojan enjoyed his wares being spread out to more than 600,000 Macs across the world.
It's been estimated that the maker of the trojan could've been generating more than $10,000 per day in fraudulent ad clicks. More analysis from Symantec points toward the author of the trojan probably never monetizing the trojan whatsoever.
Even though the trojan made its way into 600,000 machines, the ad-click component of Flashback only crawled into roughly 10,000 machines, less than 2-percent of all infected. Symantec says that around 10 million fraudulent ads were displayed on the machines that were compromised, but users only clicked them around 400,000 times. Over three weeks, those 400,000 clicks resulted in around $14,000 for the trojan maker.
Well, the government of the Netherlands have become the first European country to pass a net neutrality law. What this does is prevents internet service providers (ISPs) from traffic management except in the cases of congestion and network security, it also includes restrictions on ISPs performing deep packet inspection and other similar wiretapping techniques.
June 2011 was when the law was formed, where the Netherland's parliament passed a motion to stop mobile operators from blocking VoiP calls over their networks, with the bill only re cently passing the Dutch senate. The provisions in the law extend to anyone providing Internet access services, forbidding the use of traffic-shaping based on application usage, unless they hinder access for other users by causing congestion.
This means that equal types of traffic will be treated equally, with an example like video streaming services owned by a provider cannot have unrestricted access, where Hulu may be restricted. If a user chews up too much bandwidth, before the ISP can take any action, the user must be alerted so that they have the time to remedy the situation.
Once again, I get to be the bearer of bad news in order to keep you, our reader, safe. This time I bring news of a new malware that is going around dubbed "ransomware" due to the fact it locks up your computer until you pay the ransom amount demanded. This isn't a completely new idea, but this is a new strain and variation.
This latest campaign is mainly targeting the UK and a few other European countries and claims that illegally downloaded music has been found on the computer. Due to this illegal material, the malware claims that "to unlock your computer and to avoid other legal consequences, your are obligated to pay a release fee of 50 pounds."
The malware was spotted by security watch blog abuse.ch. According to them, the malware is delivered through an exploit known as "Blackhole." The ransomware also carries a payload of Aldi Bot which steals banking information. The message to take away here is to keep all your browsers and their add-ons up to date, as this is how Blackhole functions. Anti-virus isn't a bad idea either.
This year, so far, has not exactly been a stunning display for Macs. Between the Flashback malware and now this, it really shows just how weak the security of Mac OSX is. The latest blunder by Apple and its security team is that they turned on a debug log file which stores the user's password outside of the encrypted area.
If you were using FileVault prior to upgrading to Lion, it may be time to think about changing your passwords as this would affect you. FileValut 2 users (whole drive encryption) are not affected by this accident. Additionally, if you have Time Machine backups, the plaintext log file has stored your password for the long term.
Security researcher David Emery explains:
This is worse than it seems, since the log in question can also be read by booting the machine into firewire disk mode and reading it by opening the drive as a disk or by booting the new-with-LION recovery partition and using the available superuser shell to mount the main file system partition and read the file. This would allow someone to break into encrypted partitions on machines they did not have any idea of any login passwords for.
I'm sure there will be plenty of people who get up in arms over this, but I tend to agree. Apple is years behind Microsoft in terms of security because they have never had to worry about it since no one ever bothered to write malware or viruses for Macs due to their small market share. As it has increased, Macs has become a more attractive target.
Eugene Kaspersky, CEO of the influential Kaspersky security firm said:
For many years I've been saying that from a security point of view there is no big difference between Mac and Windows. It's always been possible to develop Mac malware, but this one was a bit different. For example it was asking questions about being installed on the system and, using vulnerabilities, it was able to get to the user mode without any alarms.
Several security breaches have brought Mac security to the attention of the public and Apple will have a bit of a public relations crisis on their hands if they continue. One in five Mac computers carry Windows malware but only 2.7% have Mac OS X malware. Kaspersky says "cyber criminals have now recognised that Mac is an interesting area. Now we have more, it's not just Flashback or Flashfake. Welcome to Microsoft's world, Mac. It's full of malware."
Most people think Macs are safe, and it's definitely a decision that sways some people when purchasing their latest kit. But, according to Sophos, one in five Macs actually harbors some kind of Windows-orientated malware.
The company looked at results over seven days from 100,000 Apple machines using its free anti-virus program, with 20-percent having one or more instances of Windows-based malware. Sophos have warned of this before, where last year they tested 50 USB drives lost in public. To their surprise, as well as mine, two thirds of these were infected. That's 33-percent! Seven of these owners of lost USB flash drives owned a Mac.
In their latest study, Sophos found that just 2.7-percent of the infected Macs actually contained harmful malware, with 75-percent of it being Flashback variants. Of the 20-percent harboring Windows malware, 12.2-percent carried Bredo, a three-year-old Trojan. Sophos does note that some machines contain malware samples that go back to 2007. Sophos have said the following:
A second Mac OSX Trojan has been discovered, but is likely not to be as widespread as the Flashback Trojan due to the process by which it infects the computer. As opposed to the Flashback Trojan which could be caught simply by surfing the internet, this new Trojan requires users to download a malformed Word doc.
Similar to the Flashback Trojan, this new Trojan requires no entering of a username and password so it could catch Mac users off guard. This Trojan should be less widespread due to the fact that users have to download a malformed Word document file. Once opened, it exploits Word and opens a backdoor for hackers to steal information or install further code.
The security vulnerability is actually pretty old. It comes from June 2009, so as long as you keep your Microsoft software up to date, you should be safe from this Trojan. With all of the recent outbreaks of Trojans, it won't surprise me if they start coming more frequently with more capabilities to do destructive things.
These recent Trojans underline the fact that Mac OSX does need some sort of good virus protection as well as security updates. Previously they weren't needed because people didn't waste time writing malicious code for 5% of the computer population. But, as the market share has increased and security updates haven't, Mac OSX has become a more inviting platform to write malicious code for.
Back in June, 2010, the Iranian nuclear program was hit with a massive work that caused the setback at one of the nuclear refinement factories. No one really knew how the virus got into the nuclear factory, but most speculated that it was a government operation. It has now come to light that the virus was implanted by an Israeli proxy who used a corrupt "memory stick.32."
Former and serving US intelligence officials stated that these proxies have been instrumental in assassinating Iran's nuclear scientists to continue to delay the Iranian nuclear program. These same sources said that they most likely used a person on the ground, an insider, to target weak spots of the system, rather than wait for the program to spread.
In addition to this virus, Israel has been doing targeted killings of Iranian nuclear scientists for 10 years. This has been a completely separate operation without any US involvement. The Stuxnet worm, however, was a joint US-Israel effort. This just continues to show that the easiest way to hack a system is to have physical access.
Researchers have found and released two exploits that are similar to the Stuxnet worm that attacked nuclear centrifuges in Iran. These two exploits are capable of being used to damage critical infrastructure, such as refineries or factories. The exploits operate on the same piece of hardware, but have two different outcomes.
The first method is just sending a "stop" command which causes the piece of hardware to stop its functions thus shutting down whatever the piece of hardware is responsible for doing. The second method is much more dangerous. Instead of just stopping or shutting down the factory, this exploit can be used to cause damage.
This exploit involves downloading the ladder logic that is currently on the PLC. It is analyzed so that it can be understood what the device is doing. A modified ladder logic is then uploaded which automatically overwrites the current logic on the device. Both exploits use the fact that the actual PLC device doesn't have any authentication. If you can talk to it, you can write to it.
Once again, I get to be the bearer of bad news just to keep you, our reader, safe. Facebook's Mobile app for iOS and Android store your login information in a plaintext file that doesn't expire until the year 4001. The Facebook .plist file where your login data is stored could easily be swiped by a USB connection or via malicious apps.
Gareth Wright, a U.K.-based app developer for Android and iOS, is the discoverer of this bug. He discovered it after poking around in the application directories using the free tool iexplorer. He first found a plaintext Facebook Access token that was stored by DrawSomething and was able to query all of his data.
He then took a look at Facebook's directory where he found the .plist in question. He passed this file over to his friend and fellow blogger who, in the next few minutes, started posting status updates, sending private messages, and even liking websites. In other words, he had full control over the account.
Facebook is currently working on a fix, but there is no ETA. Additionally, other apps who use Facebook Access Tokens need to encrypt those as well. This is just another reason to be careful when selecting apps or plugging your device into a shared PC. Getting Facebook "jacked" just became real.
The group that everyone has secretly been cheering for has a new branch in China. An Anonymous China Twitter account was created late last month and endorsed by the official Anonymous account. Shortly after all of this, they went to work. Now hundreds of Chinese government, corporation, and other websites have been hacked.
A Pastebin post explains why they are doing this:
Hello, we are Anonymous.
All these years the Chinese Government has subjected their people to unfair laws and unhealthy processes.
People, each of you suffers from tyranny of that regime.
Fight for justice, fight for freedom, fight for democracy!
In the defaces and leaks in this day, we demonstrate our revolt to the Chinese system. It has to stop! We aren't asking you for nothing, just saying to protest, to revolt yourself, to be the free person you always want to be! So, we are writing this message to tell you that you should protest, you should revolt yourself protesting and who has the skills for hacking and programming and design and other "computer things" come to our IRC: http://2.webchat.anonops.com/ channel: #GlobalRevolution .
We are Anonymous.
We are Legion.
We do not forgive.
We do not forget.
A new project that has been launched on Kickstarter wants to give privacy back to the users of social networks and the internet in general. Pretty much where ever you go on the internet right now, anything you post is tracked, and often sold, to the highest bidder. This is one form of monetization of the internet.
Sean McGregor, a computer scientist at Oregon State University, is Priv.ly's creator and lead developer. Priv.ly is an open-source project and allows a user to encrypt any message they post in basically any text box on the web. How it works is that the message is sent to Priv.ly to be encrypted. Eventually, it will simply be a peer-to-peer connection.
This creates a link to the message that can only be viewed by the people that the message is intended for when encrypted. Then, instead of posting the actual message to where ever your'e posting, you post a link to the Priv.ly message instead. The only visible data is the link to Priv.ly. So, maybe I should start encrypting these news posts!
Anonymous at it again, this time threaten Operation: BLACKOUT, where they'll take the Internet down on March 31
Collective hacking group Anonymous are at it again, this time threatening more than just SOPA, PIPA or Facebook. This time they're threatening to take down the entire Internet. This is said to be as a protest to SOPA, Wall Street, the world's irresponsible leaders, and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun.
While I agree with most of those points, why threaten if you can't go through with it? I shouldn't laugh, but I'd cry if the Internet went down on March 31st. So, Anonymous are now saying they "will shut the Internet down" on March 31st. They go into detail, where "in order to shut the Internet down, one thing is to be done. Down the 13 root DNS servers of the Internet, those servers are as follows:"
Anonymous state that by cutting the above DNS servers from the Internet, nobody will be able to perform a domain name look-up, which would effectively disable the HTTP Internet, which is the most widely used function of the Web itself. If someone was to enter in "http://www.google.com", or ANY other URL, it will result in an error page, thinking that their service, or the Internet is down, which it kinda is.
A report was released last fall that claimed using a single repeating digit was a stronger pin code for your iPhone than using unique digits. All bets are off, however, when you are dealing with Micro Systemation, a Swedish security firm that helps police and military around the world crack digital security systems.
Just last week, the company released a video showing just how simple it is to crack an iPhone or Android device that is password protected. The video, which you can see below, documents a process where the company spokesperson uses an application called XRY and accesses the contents of the mobile phone in less than two minutes.
Immediately, all user information becomes available. This information includes GPS location, call history, contacts, and messages. The software doesn't use a flaw put there by the manufacturer. Instead it uses a brute-force method to try all of the combinations to guess the correct password. It's more akin to jailbreaking than hacking.
"Every week a new phone comes out with a different operating system and we have to reverse engineer them," Micro Systemation marketing director Mike Dickinson told Forbes. "We're constantly chasing the market." The easiest way to make your phone more secure and less susceptible to this is to use a longer password. The longer the password, the longer it takes to guess.
Instead of just sitting around waiting for the police to take action against online crime, Microsoft filed a civil suit in order to gain a warrant to sweep two office buildings in Pennsylvania and Illinois. The sweeps occurred Friday and resulted in a bunch of evidence, deactivated servers, and Microsoft seizing control of hundreds of Web addresses.
Why would Microsoft waste their money filing these civil suits and attacking cyber crime? Well, as it stands, Microsoft has a vested interest in taking down these cyber criminals. Many computers are powered by Windows, and since it has such a large market share, it is a main target for hackers. If Microsoft can make Windows more secure, they can combat Apple's main claim that OSX is more secure and stop losing market share.
Additionally, they can provide a better end-user experience, which Microsoft's customers would appreciate. "Taking the disruption into the courthouse was a brilliant idea and is helping the rest of the industry to reconsider what actions are possible, and that action is needed and can succeed," said Richard Perlotto, director at the Shadowserver Foundation.
"We equate this to a neighborhood watch," Mr. Boscovich of Microsoft said. The cops are able to levy much greater punishments, but at least this slows the botnets down and maybe scares people off from attempting it. Friday's target was Microsoft's most complex target yet, known as the Zeus botnets.