TweakTown NewsRefine News by Category:
Coordinated state-sponsored cyberattacks are nothing new, but it looks like Pakistan wants to evolve from simple hacktivism and mature into official cyberespionage. Recent collaborative research from FireEye and ThreatConnect noted advanced persistent threat (APT) attacks dating back to early 2013, which is more common from organized cyberattackers.
The Bitterbug malware, for example, uses US virtual private servers and is designed to steal information and send it back to its operator overseas. It appears that a hosting provider in Pakistan leases the ability to operate a command and control server from a U.S. provider.
"Adversaries are masking their exploitation operations behind U.S. infrastructure and targeting U.S> and international victims," said Rich Barger, ThreatConnect Director of Intelligence Research, in a press release. "These adversaries are purporting to be legitimate organizations and abusing unwitting service providers."
The Community Health Systems (CHS) suffered a data breach in April and June that has affected up to 4.5 million of the company's patients. Although payment information wasn't taken, patient names, addresses, birthdates, telephone numbers, and Social Security numbers were compromised during the breach.
The attack likely was an Advanced Persistent Threat (APT) originating from China, in an effort to steal bulk data which can be used later. APTs are targeted attacks designed to circumvent modern firewalls, antivirus and antimalware solutions used by companies.
"The company has confirmed that this data did not include patient, credit card, medical, or clinical information," Community Health noted in a statement to the Securities and Exchange Commission (SEC).
The current Ebola epidemic in West Africa has become popular news in the western world and on social media, with three current malware and phishing campaigns currently underway, according to Symantec.
The first campaign utilizes the Trojan.Zbot malware, infecting users when they mistakenly click on a fake report related to the ongoing Ebola problem in Liberia and other countries.
The second campaign utilizes an email that mimics something sent out from Etisalat, a telecommunications provider that serves the Middle East, Asia, and Africa. However, it's not a real email and instead has an attached zip file, titled "EBOLA - ETISALAT PRESENTATION.pdf.zip," which is the Trojan.Blueso software. It will also inject W32.Spyrat that logs keystrokes, records audio and video from the Webcam, captures screenshots, create processes, opens Web pages, and other tasks.
Former NSA contractor Edward Snowden would "volunteer" for prison but only under the right circumstances, he said in a recent interview with Wired Magazine. Considering he faces charges that include conveying classified information to an unauthorized party, theft of government property and disclosing communications intelligence information, he would likely face significant prison time if convicted.
"I told the government I'd volunteer for prison, as long as it served the right purpose," Snowden told Wired earlier this month. "I care more about the country than what happens to me. But we can't allow the law to become a political weapon or agree to scare people away from standing up for their rights, no matter how good the deal is. I'm not going to be part of that."
Earlier in the month, Russian officials announced Snowden's asylum was extended for an additional three years - allowing him to remain in a safe location as he tries to figure out what to do long-term. Most U.S. politicians have been less than kind when describing Snowden's actions, and it seems unlikely he would receive a fair trial if he returns back to the United States. However, they are still keen to see him return home, because they certainly seem to have a lot of questions they would like him to answer.
In a rather ironic twist, German foreign intelligence reportedly recorded at least one phone call made by U.S. Secretary of State John Kerry, according to Der Spiegel magazine. Berlin has heavily criticized officials in Washington for systematic snooping, including of German Chancellor Angela Merkel and other high-ranking German politicians.
The phone call was recorded by the BND when Kerry was in the Middle East to help ease tensions between Israel, Palestine and other Arab states sometime in 2013. After it was discovered, the recording was supposedly erased immediately, but the magazine didn't offer any evidence to prove this claim.
A phone call in 2012 by Hillary Clinton while she served as Secretary of State was also recorded by German spy officials, German media recently reported.
Britain's GCHQ spy agency, which was revealed to be working in partnership with America's NSA to monitor the online communications of pretty much everyone ever, has been scanning the internet connections of entire countries in order to find weaknesses its agents can exploit.
According to documents obtained by Heise Online, a GCHQ programme called Hacienda examines every single internet address in a country to find out what kinds of connections are being used and any software running in tandem with those addresses. Weaknesses are reported back to agents - allowing them to gain access to steal user data, or alternatively, to put phishing websites in place of legitimate ones. Hacienda looks at protocols like SSH and SNMP, as well as HTTP and http://FTP.
The documents state there's another system, called Olympia, which is capable of scanning all the information in just minutes and automatically. Five countries are reported to have had all of this data, although it's not yet public which countries these are.
The Google Android-powered Tesco Hudl tablet has a data reset flaw in which the factory reset option doesn't do a good job deleting information, according to security specialists. There is concern that many Tesco tablets end up on eBay, and despite having broken screens, weren't wiped of onboard data.
Researchers were also able to discover PIN codes to unlock the tablets, with Wi-Fi keys, cookies and Web browsing data from original owners discovered.
"The factory data reset doesn't appear to zero all sectors on the disc; it's simply too quick a reset process to do so," said Ken Munro, a Pen Test Partners security expert, in a statement to The Register. "So then we bought a few Tesco refurbished Hudls from the Tesco Outlet Store on eBay. Whilst two of them had been correctly zeroed using a wiping product, one was not. From this we recovered some of the previous owners personal data, again including social media and mail profiles."
Chinese national Su Bin has been indicted by a federal grand jury, allegedly working with two other hackers in their efforts to compromise Boeing. The trio stole information related to the F-22 and F-35 fighter jets, along with the C-17 military transport aircraft, and wanted to sell the information to Chinese companies.
If convicted of unauthorized computer access and conspiracy charges, Su faces up to 30 years in federal prison. The Chinese citizen is currently in Canadian custody and will likely be extradited to the United States to face prosecutors.
When people think of cybercrime, it's related more to state-sponsored hacking conducted by cyberattacks from criminals overseas. However, there are occasional incidents where attacks are launched from North America and the alleged suspects are caught.
Repeated cyberattacks against French news website Rue89 has drawn criticism from the Committee to Protect Journalists (CPJ), with staff and their families being harassed after publishing a story related to a "militant Zionist" cybercriminal. The person in question, Gregory Chelli, lives in Israel, and reportedly attacked people he thought were against Israel.
The official Rue89 website suffered multiple distributed denial-of-service (DDoS) attacks, according to Pierre Haski, website editorial director. An official complaint has been filed with the French public prosecutor's office, and Chelli already faced a suspended sentence in France, but it's unsure what will happen this time around.
"We call on French and Israeli authorities to launch a thorough investigation into these attacks on Rue89 and to ensure its staff members' safety," said Nina Ognianova, CPJ Europe and Central Asia Program Coordinator, in a statement. "Such intimidation tactics against journalists and their families must not be tolerated, lest they lead the media to self-censor."
Hackers can compromise a smartphone user and eavesdrop by using the device's internal gyroscope, according to a study from Stanford University and the Rafael Advanced Defense Systems technology company. Instead of directly listening to a phone conversation, this is remote eavesdrop exploit so users can be snooped on when in the immediate area of a device.
"Whenever you grant anyone access to sensors on a device, you're going to have unintended consequences," said Dan Boneh, Stanford security professor, in a statement to Wired. "In this case the unintended consequence is that they can pick up not just phone vibrations, but air vibrations."
The gyroscope in smartphones use a small plate that vibrates around 200 hertz, which is fast enough to recognize human voices. Using customized speech recognition software allowed the researchers to accurately determine 65 percent of "numeric digits" of a specific speaker. Eavesdropping levels aren't quite the same as using a compromised smartphone's microphone, but shows the potential threat level of current data security efforts.