CHINESE HACKERS AT WORK ON MEMBERS PRIOR TO THE G2 SUMMIT

MALICIOUS CODES IMPLANTED INTO EUROPE’S G20 MEMBERS BY CHINA

1386723128609

Chinese hackers eavesdropped on the computers of five European foreign ministries before last September’s 2013 G20 Summit, which was dominated by the Syrian crisis, according to research by computer security firm FireEye.

The hackers infiltrated the ministries’ computer networks by sending emails to staff containing tainted files with titles such as “US_military_options_in_Syria,” said FireEye, which sells anti-virus software to companies.

When recipients opened these documents, they loaded malicious code on to their computers.

For about a week in late August, California-based FireEye said its researchers were able to monitor the “inner workings” of the main computer server used by the hackers to conduct their reconnaissance and move across compromised systems.

AAA

FireEye lost access to the hackers after they moved to another server shortly before the G20 Summit in St. Petersburg, Russia. FireEye said it believes the hackers were preparing to start stealing data just as the researchers lost access.

The US company declined to identify the nations whose ministries were hacked, although it said they were all members of the European Union. FireEye said it reported the attacks to the victims through the FBI.

FBI spokeswoman Jenny Shearer declined to comment.

“The theme of the attacks was US military intervention in Syria,” said FireEye researcher Nart Villeneuve, one of six researchers who prepared the report. “That seems to indicate something more than intellectual property theft … the intent was to target those involved with the G20.”

The September 5-6 G20 summit was dominated by discussion of the Syrian crisis, with some European leaders putting pressure on US President Barack Obama to hold off on taking military action against Syrian President Bashar al-Assad.

Villeneuve said he was confident the hackers were from China based on a variety of technical evidence, including the language used on their control server, and the machines they used to test their malicious code.

He said he did not have any evidence, however, that linked the hackers to the Chinese government.

“All we have is technical data. There is no way to determine that from technical data,” Villeneuve said.

Chinese Foreign Ministry spokesman Hong Lei said China opposed any hacking activities.

“US internet companies are keen on hyping up the so-called hacker threat from China, but they never obtain irrefutable proof, and what so-called evidence they do get is widely doubted by experts. This is neither professional nor responsible,” Hong told a daily news briefing in Beijing.

One of dozens

Western cyber security firms monitor several dozen hacking groups operating in China, most of which they suspect of having ties to the government. The firms also suspect the hacking groups of stealing intellectual property for commercial gain.

China has long denied those allegations, saying it is the victim of spying by the US. Those claims gained some credibility after former NSA contractor Edward Snowden began leaking documents about US surveillance of foreign countries, including China.

FireEye said it had been following the hackers behind the Syria-related attack for several years, but this is the first time the group’s activities have been publicly documented. The company calls the group “Ke3chang”, after the name of one of the files it uses in one of its pieces of malicious software.

FireEye said it believed the hackers dubbed the Syria-related campaign “moviestar” because that phrase was used as a tag on communications between infected computers and the hackers’ command-and-control server.

In 2011, the group ran another operation dubbed “snake”, which enticed victims with a file that FireEye said contained nude pictures of Carla Bruni, the Italian-French singer, songwriter and model who in 2008 married then French President Nicolas Sarkozy.

The host name for that campaign’s command-and-control server contained the string “g20news”, which might indicate that it was related to the G20 Finance Ministers meeting in Paris in 2011, FireEye said.

The email address used to send those malicious files had the phrase “consulate” in it, which also bolstered the possibility that the attack was politically motivated, Villeneuve said.

He said researchers only gathered evidence about “snake” through reviewing emails and malicious code. They did not have access to its command-and-control server, which they did in the case of the “moviestar” attack.

Reuters

AAA

Henry Sapiecha

blue cam line

BUYING HACKING ABILITIES FROM RUSSIAN GANGS WILL GET YOU THE BEST IT IS CLAIMED

(Reuters) – If you want to hack a phone, order a cyber attack on a competitor’s website or buy a Trojan program to steal banking information, look no further than the former Soviet Union.

An employee works near screens in the virus lab at the headquarters of Russian cyber security company Kaspersky Labs in Moscow

The breadth and sophistication of services sold on Russian-language websites such as Forum.zloy.bz or Forum.evil offer a small window onto a Russian criminal underground that is costing Western firms billions of dollars in credit card and online banking fraud as well as “phishing” attempts to lure people into downloading malware or disclosing passwords.

“If you look at the quantity of malware attacks, the leaders are China, Latin America and then Eastern Europe, but in terms of quality then Russia is probably the leader,” said Vitaly Kamluk, a cyber security researcher in Moscow.

Two of the five most wanted men in the United States for cyber crime are Russian, and one is from Latvia, which used to be part of the Soviet Union.

Russians were also behind the biggest cyber crime case in U.S. history. Federal prosecutors named four Russians and a Ukrainian in a banking card fraud spree that cost companies including J.C. Penney Co, JetBlue Airways Corp and French retailer Carrefour SA more than $300 million.

The risk of being prosecuted is so low it does little to dissuade highly educated and skilful but under-employed programmers from turning to illicit hacking for profit or fun.

In a country where wages are lower than in the West and life is expensive, and which has long produced some of the world’s best mathematicians, the temptation to turn to crime is great, and the hackers are in general ahead of the people trying to catch them.

“People think: ‘I’ve got no money, a strong education and law enforcement’s weak. Why not earn a bit on the side?'” said Alexei Borodin, a 21-year-old hacker.

As long as these hackers target victims abroad, experts say, the Russian authorities are willing to sit back and let them develop tools to burrow into computer vulnerabilities, which they can in turn use for their own cyber espionage.

Two of the Russian suspects in the banking card fraud case were arrested while in the Netherlands, but two others – Alexander Kalinin, 26, and Roman Kotov, 32 – are still at large and thought to be in Russia, where experts doubt they will be caught.

Moscow’s decision to harbor Edward Snowden, wanted in the United States for leaking details of government surveillance programs on the phone and Internet, is likely to freeze already slow-moving cross-border police cooperation with Washington, they said.

“They have been doing this in Russia for many years now,” said Misha Glenny, an expert and author on cyber crime.

“Russian law enforcement and the FSB (Federal Security Service) in particular have a very good idea of what is going on and they are monitoring it but as long as the fraud is restricted to other parts of the world they don’t care.”

Several email requests for comment and calls over three weeks to the special Interior Ministry unit tasked with policing the web – Department K – went unanswered.

NO BOUNDARIES

The pool of talent churned out by top-tier institutes excelling in hard sciences across the former Soviet Union is indisputable.

A trio of students from the St Petersburg National Research University, for instance, won the oldest and most prestigious world programming competition, the ACM International Collegiate Programming Contest, four times in the last six years.

Three Russian teams, one from Belarus and one from Ukraine, were also among the top ten finalists this year in the contest, which featured teams from 2,322 universities in 91 countries.

But in a 2013 survey, only 51 percent of IT specialists in Russia polled by HeadHunter, a recruiting website, found jobs in the country’s burgeoning IT sector. It said average salaries in Moscow for work in information security was 65,000 roubles ($2,000) a month, far less than Western counterparts would earn.

Hacking is not a crime in and of itself. So-called white-hat hackers, who access computers to bolster security defenses, face off at the front lines of a virtual battleground with criminals, known as crackers or black-hat hackers, who break in with ill intent.

Hackers on both sides of that divide are mostly aged 22 to 30 and, in Russia, many may have been university classmates.

Borodin, who works on start-ups involved in Bitcoin, the virtual currency, describes web security as his hobby. Known as ZonD80, he began exploring computer vulnerabilities at the age of 12, and made waves last year by publishing a hack allowing iPhone users to avoid paying for in-App upgrades – a system loophole it took him about a week to find.

He says he has never broken the law.

“I hacked Apple and Google systems, but I’ve been working on the other side for ages… Now it’s fun to design defenses against all the hacks I used to do myself,” he said in an interview via instant messenger.

“There aren’t really any boundaries. Someone can go over to the bad side or suddenly become a protector. In any event, if you’re caught, then you were in the wrong place at the wrong time.”

WEAPONS RACE

At the Moscow headquarters of the Kaspersky Lab, a Russian rival to U.S. security firms Symantec or McAfee, sweatshirt-clad youths sit silently tapping away in an ultra-sleek workspace.

“Stealing money from behind a screen is incomparably easier psychologically than attacking someone in the street,” Kamluk, 29, said in a round, glass room known as the Virus Lab. Here client data on millions of suspicious programs is parsed by analysts sitting at a circle of screens that looks like a spaceship control room.

“Using technical means, you can fight cyber crime endlessly, but it is a non-stop weapons race: We make security systems and they find ways around it.”

The soft-spoken Belarusian, who sports a Mohawk and a T-shirt printed with green-on-black computer code, was hired in 2005 and is now part of an elite team chosen by CEO Eugene Kaspersky to investigate new or exotic cyber threats.

The Global Research and Expert Analysis Team, or GREAT for short, discovered the Stuxnet cyber weapon, which is believed to have been used by the United States and Israel to attack Iran’s nuclear program a few years ago.

This year Kamluk and other GREAT prodigies uncovered a Russian-speaking cyber espionage gang, Red October, operating a complex data-hijacking system used to steal intelligence from government, military and diplomatic targets worldwide.

GREAT was not able to identify who was behind the gang. But the manpower and expense needed to wield such a network is believed by some experts to point to the involvement of a state intelligence agency, possibly Russian.

ADVICE FORUMS

On the Blackhacker.ru forum, threads offer advice on what countries have the most crime-friendly laws and sell cyber tools such as bullet-proof hosting from which to launch attacks.

In a feeble nod to the law, some sellers post disclaimers, denying responsibility if their service is put to criminal use.

Such forums played a crucial role in the criminal baptism of a generation of programmers who emerged onto the job market in the 1990s when the Soviet Union was unraveling, and have served as hacker incubators popularizing cyber crime in Russia.

“In 2008, you needed to buy a Botnet (network of infected computers) and set it up, it was quite sophisticated. Nowadays, every schoolboy can do this by … using forums and reading,” said Maxim Goncharov, a researcher at security firm Trend Micro.

The amount of cash flowing to this underground industry is hard to quantify as many companies do not report losses. Moscow-based cyber forensics firm Group-IB estimated the Russian cyber crime market was worth $2.3 billion in 2011 and far more today.

Some of the cash, it says, goes to pay off corrupt police, who then tip off the criminals.

Andrey Komarov, head of international projects at Group-IB, said cyber criminals are winning in the war against the world’s law enforcement agencies.

“It is like the battle between a fly and an elephant,” said Komarov said. “Some cyber criminals have very close contacts with corrupted law enforcement agencies, and during our investigations some disappeared and were not arrested.”

(Additional reporting by Alessandra Prentice and Megan Davies in Moscow and Liza Dobkina in St Petersburg; Editing by Sonya Hepinstall)

AAA

Henry Sapiecha

blue cam line

BRITISH SPIES ARE OPERATING AN EAVEDROPPING OPERATION THAT DWARFS THE USA SPY SAGA

BRITAIN HAS A SPY NETWORK WHICH OUTSTRIPS THE USA OPERATION

Security contractor Edward Snowden

London: British spies are running an online eavesdropping operation so vast that internal documents say it even outstrips the United States’ international internet surveillance effort, The Guardian newspaper says.

The paper cited UK intelligence memos leaked by former National Security Agency contractor Edward Snowden to claim that UK spies were tapping into the world’s network of fibre optic cables to deliver the “biggest internet access” of any member of the Five Eyes – the name given to the espionage alliance composed of the United States, Britain, Canada, Australia and New Zealand.

That access could in theory expose a huge chunk of the world’s everyday communications – including the content of people’s emails, calls, and more – to scrutiny from British spies and their US allies. How much data the British are copying off the fibre optic network isn’t clear, but it’s likely to be enormous.

The Guardian said the information flowing across more than 200 cables was being monitored by more than 500 analysts from the NSA and its UK counterpart, GCHQ.

“This is a massive amount of data!” The Guardian quoted a leaked slide as boasting.

The newspaper, whose revelations about America and Britain’s globe-spanning surveillance programs have reignited an international debate over the ethics of espionage, said GCHQ was using probes to capture and copy data as it crisscrossed the Atlantic between western Europe and North America.

It said that, by last year, GCHQ was in some way handling 600 million telecommunications every day – although it did not go into any further detail and it was not clear whether that meant that GCHQ could systematically record or even track all the electronic movement at once.

GCHQ declined to comment on Friday, although in an emailed statement it repeated past assurances about the legality of its actions.

“Our work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary, and proportionate,” the statement said.

Fibre optic cables – thin strands of glass bundled together and strung out underground or across the oceans – play a critical role in keeping the world connected. A 2010 estimate suggested that such cables are responsible for 95 per cent of the world’s international voice and data traffic, and The Guard-ian said Britain’s geographic position on Europe’s western fringe gave it natural access to many of the trans-Atlantic cables as they emerged from the sea.

The Guardian said GCHQ’s probes did more than just monitor the data live; British eavesdroppers can store content for three days and metadata – information about who was talking to whom, for how long, from where, and through what medium – for 30 days.

ocf-banner-500x300-FINAL