CHINESE HACKERS AT WORK ON MEMBERS PRIOR TO THE G2 SUMMIT

MALICIOUS CODES IMPLANTED INTO EUROPE’S G20 MEMBERS BY CHINA

1386723128609

Chinese hackers eavesdropped on the computers of five European foreign ministries before last September’s 2013 G20 Summit, which was dominated by the Syrian crisis, according to research by computer security firm FireEye.

The hackers infiltrated the ministries’ computer networks by sending emails to staff containing tainted files with titles such as “US_military_options_in_Syria,” said FireEye, which sells anti-virus software to companies.

When recipients opened these documents, they loaded malicious code on to their computers.

For about a week in late August, California-based FireEye said its researchers were able to monitor the “inner workings” of the main computer server used by the hackers to conduct their reconnaissance and move across compromised systems.

AAA

FireEye lost access to the hackers after they moved to another server shortly before the G20 Summit in St. Petersburg, Russia. FireEye said it believes the hackers were preparing to start stealing data just as the researchers lost access.

The US company declined to identify the nations whose ministries were hacked, although it said they were all members of the European Union. FireEye said it reported the attacks to the victims through the FBI.

FBI spokeswoman Jenny Shearer declined to comment.

“The theme of the attacks was US military intervention in Syria,” said FireEye researcher Nart Villeneuve, one of six researchers who prepared the report. “That seems to indicate something more than intellectual property theft … the intent was to target those involved with the G20.”

The September 5-6 G20 summit was dominated by discussion of the Syrian crisis, with some European leaders putting pressure on US President Barack Obama to hold off on taking military action against Syrian President Bashar al-Assad.

Villeneuve said he was confident the hackers were from China based on a variety of technical evidence, including the language used on their control server, and the machines they used to test their malicious code.

He said he did not have any evidence, however, that linked the hackers to the Chinese government.

“All we have is technical data. There is no way to determine that from technical data,” Villeneuve said.

Chinese Foreign Ministry spokesman Hong Lei said China opposed any hacking activities.

“US internet companies are keen on hyping up the so-called hacker threat from China, but they never obtain irrefutable proof, and what so-called evidence they do get is widely doubted by experts. This is neither professional nor responsible,” Hong told a daily news briefing in Beijing.

One of dozens

Western cyber security firms monitor several dozen hacking groups operating in China, most of which they suspect of having ties to the government. The firms also suspect the hacking groups of stealing intellectual property for commercial gain.

China has long denied those allegations, saying it is the victim of spying by the US. Those claims gained some credibility after former NSA contractor Edward Snowden began leaking documents about US surveillance of foreign countries, including China.

FireEye said it had been following the hackers behind the Syria-related attack for several years, but this is the first time the group’s activities have been publicly documented. The company calls the group “Ke3chang”, after the name of one of the files it uses in one of its pieces of malicious software.

FireEye said it believed the hackers dubbed the Syria-related campaign “moviestar” because that phrase was used as a tag on communications between infected computers and the hackers’ command-and-control server.

In 2011, the group ran another operation dubbed “snake”, which enticed victims with a file that FireEye said contained nude pictures of Carla Bruni, the Italian-French singer, songwriter and model who in 2008 married then French President Nicolas Sarkozy.

The host name for that campaign’s command-and-control server contained the string “g20news”, which might indicate that it was related to the G20 Finance Ministers meeting in Paris in 2011, FireEye said.

The email address used to send those malicious files had the phrase “consulate” in it, which also bolstered the possibility that the attack was politically motivated, Villeneuve said.

He said researchers only gathered evidence about “snake” through reviewing emails and malicious code. They did not have access to its command-and-control server, which they did in the case of the “moviestar” attack.

Reuters

AAA

Henry Sapiecha

blue cam line

NATIONAL SECURITY AGENCY ILLEGAL ACCESS TO MICROSOFT GLOBAL COMMUNICATIONS LINKS

Microsoft is moving toward a major new effort to encrypt its internet traffic amid fears that the National Security Agency may have broken into its global communications links, said people familiar with the emerging plans.

1381280795980

Suspicions at Microsoft, while building for several months, sharpened in October when it was reported that the NSA was intercepting traffic inside the private networks of Google and Yahoo, two industry rivals with similar global infrastructures, said people with direct knowledge of the company’s deliberations. They said top Microsoft executives are meeting this week to decide what encryption initiatives to deploy and how quickly.

Documents obtained from former NSA contractor Edward Snowden suggest – though do not prove – that the company is right to be concerned. Two previously unreleased slides that describe operations against Google and Yahoo include references to Microsoft’s Hotmail and Windows Live Messenger services. A separate NSA email mentions Microsoft Passport, a web-based service formerly offered by Microsoft, as a possible target of that same surveillance project, called MUSCULAR, which was first disclosed by The Washington Post last month.

Though Microsoft officials said they had no independent verification of the NSA targeting the company in this way, general counsel Brad Smith said Tuesday that it would be ‘‘very disturbing’’ and a possible constitutional breach if true.

Microsoft’s move to expand encryption would allow it to join Google, Yahoo, Facebook and other major technology firms in hardening their defences in response to news reports about once-secret NSA programs. The resulting new investments in encryption technology stand to complicate surveillance efforts – by governments, private companies and criminals – for years, experts say.

Though several legislative efforts are underway to curb the NSA’s surveillance powers, the wholesale move by private companies to expand the use of encryption technology may prove to be the most tangible outcome of months of revelations based on documents that Snowden provided to The Washington Post and Britain’s The Guardian newspaper.

In another major shift, the companies also are explicitly building defenses against US government surveillance programs, in addition to combating hackers, criminals or foreign intelligence services.

‘‘That’s a pretty big change in the way these companies have operated,’’ said Matthew Green, a Johns Hopkins University cryptography expert. ‘‘And it’s a big engineering effort.’’

In response to questions about Microsoft, the NSA said in a statement Tuesday, ‘‘NSA’s focus is on targeting the communications of valid foreign intelligence targets, not on collecting and exploiting a class of communications or services that would sweep up communications that are not of bona fide foreign intelligence interest to the U.S. government.’’

A US official, who was not authorised to discuss the matter publicly and spoke on the condition of anonymity, said Tuesday that collection can be done at various points and does not necessarily happen on a company’s private fiber-optic links.

A 2009 email from a senior manager of the NSA’s MUSCULAR project specifies that a targeting tool called ‘‘MONKEY PUZZLE’’ is capable of searching only across certain listed ‘‘realms,’’ including Google, Yahoo and Microsoft’s Passport service. It is not clear what service a fourth listed realm, ‘‘emailAddr,’’ refers to.

‘‘NSA could send us whatever realms they like right now, but the targeting just won’t go anywhere unless it’s of one of the above 4 realms,’’ the email said.

The tech industry’s response to revelations about NSA surveillance has grown far more pointed in recent weeks as it has become clear that the government was gathering information not only through court-approved channels in the United States – overseen by the Foreign Intelligence Surveillance Court – but also through the massive data links overseas, where the NSA needs only authority from the president.

That form of collection has been done surreptitiously by gaining access to fiber-optic connections on foreign soil. Smith, the Microsoft general counsel, hinted at the extent of the company’s growing encryption effort at a shareholder’s meeting last week.

‘‘We’re focused on engineering improvements that will further strengthen security,’’ he said, ‘‘including strengthening security against snooping by governments.’’

People familiar with the company’s planning, who spoke on the condition of anonymity to discuss matters not yet publicly announced, said that while officials do not have definitive proof that the NSA has targeted Microsoft’s communication links, they have been engaged in a series of high-level meetings to pursue encryption initiatives ‘‘across the full range of consumer and business services.’’

A cost estimate was not available; key decisions are due to be made at a meeting of top executives this week in Redmond, Washington, where Microsoft is headquartered.

When asked about the NSA documents mentioning surveillance of Microsoft services, Smith issued a sharply worded statement: ‘‘These allegations are very disturbing. If they are true these actions amount to hacking and seizure of private data and in our view are a breach of the protection guaranteed by the Fourth Amendment to the Constitution.’’

That echoes a similar statement by Google’s general counsel, David Drummond, who said last month that he was ‘‘outraged’’ over the report in The Washington Post about the NSA tapping into the links connecting the company’s network of data centers. Google in September announced an ambitious new set of encryption initiatives, including among data centers around the world. Yahoo made a similar announcement last week.

Microsoft, Google and Yahoo also have joined other major tech firms, including Apple, Facebook and AOL, in calling for limits to the NSA’s surveillance powers. Most major US tech companies are struggling to cope with a global backlash over US snooping into internet services.

The documents provided by Snowden are not entirely clear on the way the NSA might gain access to Microsoft’s data, and it is possible that some or all of it happens on the public internet as opposed to on the private data center links leased by the company. But several documents about MUSCULAR, the NSA project that collects communications from links between Google and Yahoo data centers, discuss targeting Microsoft online services.

The company’s Hotmail email service also is one of several from which the NSA has collected users’ online address books.The impact of Microsoft’s move toward expanded encryption is hard to measure. And even as most major internet services move to encrypt their communications, they typically are decoded – at least briefly – as they move between each company’s systems, making them vulnerable.Privacy activists long have criticized Microsoft as lagging behind some rivals, such as Google and Twitter, in implementing encryption technology.

A widely cited scorecard of privacy and security by tech companies, compiled by the Electronic Frontier Foundation in San Francisco, gives Microsoft a single check mark out of a possible five.

‘‘Microsoft is not yet in a situation where we really call them praiseworthy,’’ said Peter Eckersley, technology projects director at the foundation. ‘‘Microsoft has no excuse for not being a leader in encryption and security systems, and yet we often see them lagging behind the industry.’’

Encryption, while not impervious to targeted surveillance, makes it much more difficult to read communications in bulk as they travel the internet. The NSA devotes substantial resources to decoding encrypted traffic, but the work is more targeted and time consuming, sometimes involving hacking into individual computers of people using encryption technology.

Documents provided by Snowden, and first reported by The Guardian, show that Microsoft worked with US officials to help circumvent some forms of encryption on the company’s services.

Soltani is an independent security researcher and consultant.

The Washington Post

AAA

Henry Sapiecha

blue cam line

CYBER ATTACKS ON COMPANIES ARE A GREAT RISK SO GET THIS COMPANY REPORT SO YOU KNOW WHAT TO DO ABOUT IT

CYBER ATTACKS ON COMPANIES ARE EVEN A GREATER RISK NOW

Cyber-attack image www.crimefiles.net

THIS REPORT IS A MUST FOR ALL COMPANIES TO READ

Companies are facing an alarming rise of cyber-attacks threats as they cut costs, rely more on the Internet, automate equipment, and run mines remotely, a new study by Ernst & Young shows.

The survey, conducted among nearly 40 mining and metal companies and published Wednesday, reveals that 41% of respondents has experienced more external attempts of hacking during the past year.

The participants believed to be behind cyber-attacks had also broadened, to include national governments, the report says.

“It was once thought that hackers were rebellious young students who would target symbols of authority as a protest and a reflection of their technological prowess (…) The list of cyber adversaries has grown to include criminals, national governments and hacktivists, and their target list has likewise grown,” Ernst & Young’s report shows.

top secret report folder

GET YOUR FULL 28 PAGE REPORT HERE >>

MICROSOFT PAY AUSTRALIAN HACKER $100,000 FOR REVEALING FLAWS IN SECURITY FLAW IN SOFTWARE

Microsoft pays Australian hacker $100,000 for finding security holes

James Forshaw of security firm Context

James Forshaw of security firm Context. Photo: Context

Microsoft is paying a well-known Australian hacking expert more than $100,000 for finding security holes in its software, one of the largest bounties awarded to date by a tech company.

The company also released a much anticipated update to Internet Explorer, which it said fixes a bug that made users of the browser vulnerable to remote attack.

James Forshaw, who heads vulnerability research at Melbourne-based consulting firm Context Information Security, won Microsoft’s first $US100,000 ($106,000) bounty for identifying a new “exploitation technique” in Windows, which will allow it to develop defences against an entire class of attacks, the company said.

microsoft logo-

Forshaw is among the many “white hat” hackers who hack for good and get rewarded for their efforts. Companies such as Apple and Facebook have hall of fame pages on their websites to recognise hackers, and some companies even pay them.

Forshaw, who is currently travelling to attend a security conference, earned another $US9400 for identifying security bugs in a preview release of Microsoft’s Internet Explorer 11 browser, Katie Moussouris, senior security strategist with Microsoft Security Response Centre, said in a blog post.

“Over the past decade working in secure development and research, I have discovered many interesting security vulnerabilities with a heavy focus of complex logic bugs,” Forshaw said.

“I’m keenly interested in the intellectual puzzle of finding novel exploitation techniques and the creativity it requires.”

To find his winning entry, Forshaw studied the mitigations available today and after brainstorming identified a few potential angles.

“Not all were viable but after some persistence I was finally successful.”

He said receiving recognition for his entry was “exciting” to him and his employer.

“It also gives me the satisfaction that I am contributing to improving the security of both Microsoft’s and Context’s customers.”

Microsoft unveiled the reward programs four months ago to bolster efforts to prevent sophisticated attackers from subverting new security technologies in its software, which runs on the majority of the world’s PCs.

Forshaw has been credited with identifying several dozen software security bugs. He was awarded a large bounty from Hewlett-Packard for identifying a way to “pwn”, or take ownership of, Oracle’s Java software in a high-profile contest known as Pwn2Own (pronounced “pown to own”).

Microsoft also released an automatic update to Internet Explorer on Tuesday afternoon to fix a security bug that it first disclosed last month.

Researchers say hackers initially exploited that flaw to launch attacks on companies in Asia in an operation that cyber security firm FireEye has dubbed DeputyDog.

Marc Maiffret, chief technology officer of the cyber security firm BeyondTrust, said the vulnerability was later more broadly used after Microsoft’s disclosure of the issue brought it to the attention of cybercriminals.

He is advising PC users to immediately install the update to Internet Explorer, if they do not have their PCs already set to automatically download updates.

“Any time they patch something that has already been used [to launch attacks] in the wild, then it is critical to apply the patch,” Maiffret said.

That vulnerability in Internet Explorer was known as a “zero-day” because Microsoft, the targeted software maker, had zero days notice to fix the hole when the initial attacks exploiting the bug were discovered.

In an active, underground market for “zero day” vulnerabilities, criminal groups and governments sometimes pay $US1 million or more to hackers who identify such bugs.

Microsoft’s reward is slightly more generous than that of Yahoo!, which recently offered a security researcher a $US25 voucher to the company’s online store for reporting three security flaws.

Yahoo later opened up a program, with rewards of up to $US15,000, after security researchers ridiculed the minuscule $US25 prize.

With Reuters

AAA

Henry Sapiecha

blue cam line

WikiLeaks releases documents on global surveillance industry

1378333895919

WikiLeaks has stepped up its campaign to expose the global surveillance industry with the release of a new collection of sensitive documents from private intelligence and information technology companies.

The transparency group has published 294 documents from 92 contractor firms providing surveillance and intelligence technology to governments around the world.

WikiLeaks publisher Julian Assange said “Spy Files 3”, the third tranche of documents released on the subject, was part of his organisation’s “ongoing commitment to shining a light on the secretive mass surveillance industry”.

“The files form a valuable resource for journalists and citizens alike, detailing and explaining how secretive state intelligence agencies are merging with the corporate world in their bid to harvest all human electronic communication,” he said.

The released documents include sensitive sales brochures and presentations used by companies to encourage security, intelligence and police services to acquire surveillance systems and services. Technologies on offer include “lawful interception” systems, mass telecommunications monitoring, network recording, signals and communications intelligence and listening devices.

The WikiLeaks release shows internet spying capabilities now being sold on the intelligence market include detecting encrypted and obfuscated internet usage such as Skype, BitTorrent, VPN, SSH and SSL. The documents also reveal how contractors work with intelligence and police agencies to obtain decryption keys.

The documents detail bulk interception methods for voice, SMS, MMS, email, fax and satellite phone communications. The released documents also show intelligence contractors are selling capabilities to analyse web and mobile interceptions in real-time.

One 2011 document shows how companies such as British-based Gamma Group, German-based Desoma and Swiss-based Dreamlab are working in concert to “create Telecommunications Intelligence Systems for different telecommunications networks to fulfil the customers’ needs” regarding “massive data interception and retention”.

Other documents in the release show evidence of these technologies being used to infect users in Oman with remote-controlled spyware. The FinFly ‘iProxy’ installation by Dreamlab shows how targets are identified and malware is covertly inserted alongside a legitimate download while keeping the intended download functioning as expected. The target identification methods mean that anybody connecting through the same network would be systematically and automatically intercepted and infected as well, even unintended targets.

British-based privacy advocacy organisation Privacy International said the latest WikiLeaks release “further reveals the extent of which Western corporations are equipping repressive regimes and non-democratic governments to target activists, journalists, and human rights defenders”.

“Unequivocally, the newest ‘Spy Files’ documents show that this dark industry only continues to grow, in both technical capability and customer base, all while amassing billions in profits off the suffering of individuals,” Privacy International researcher Kenneth Page said.

“The types of surveillance being marketed by these companies represent some of the most sophisticated technologies available – whether it’s intrusion software, data mining, Trojans, location tracking, deep packet inspection, facial recognition or mass monitoring,” he said.

“And just like an advertisement you would see on television or in a magazine, spy firms are marketing these tools with flashy graphics, sales-speak and guarantees on effectiveness. It’s quite jarring to see such dangerous technologies being presented in such an unthreatening fashion, given that these products represent one of the biggest threats to human rights in the 21st century.”

The global trade of surveillance technology is estimated to be worth up to $US5 billion ($5.5 billion) a year. By comparison, the “traditional” global trade in small arms (excluding the sale of ammunition) was worth $US4 billion a year.

WikiLeaks has also published information on the movement of private intelligence corporate executives and sales personnel, thereby revealing the geographical focus of their activities.

Mr Assange said the WikiLeaks “Counter Intelligence Unit” has been “tracking the trackers”.

“The WikiLeaks Counter Intelligence Unit (WLCIU) operates to defend WikiLeaks’ assets, staff and sources, and, more broadly, to counter threats against investigative journalism and the public’s right to know,” he said. “The WLCIU has collected data on the movements of key players in the surveillance contractor industry, including senior employees of Gamma, Hacking Team and others as they travel through Azerbaijan, Bahrain, Brazil, Spain, Mexico and other countries.”

No further details of the new unit have been revealed. However it is a matter of public record that former US intelligence contractor turned whistle-blower Edward Snowden has been associated with WikiLeaks since his travel from Hong Kong to Russia in June.

AAA

Henry Sapiecha

blue cam line

BUYING HACKING ABILITIES FROM RUSSIAN GANGS WILL GET YOU THE BEST IT IS CLAIMED

(Reuters) – If you want to hack a phone, order a cyber attack on a competitor’s website or buy a Trojan program to steal banking information, look no further than the former Soviet Union.

An employee works near screens in the virus lab at the headquarters of Russian cyber security company Kaspersky Labs in Moscow

The breadth and sophistication of services sold on Russian-language websites such as Forum.zloy.bz or Forum.evil offer a small window onto a Russian criminal underground that is costing Western firms billions of dollars in credit card and online banking fraud as well as “phishing” attempts to lure people into downloading malware or disclosing passwords.

“If you look at the quantity of malware attacks, the leaders are China, Latin America and then Eastern Europe, but in terms of quality then Russia is probably the leader,” said Vitaly Kamluk, a cyber security researcher in Moscow.

Two of the five most wanted men in the United States for cyber crime are Russian, and one is from Latvia, which used to be part of the Soviet Union.

Russians were also behind the biggest cyber crime case in U.S. history. Federal prosecutors named four Russians and a Ukrainian in a banking card fraud spree that cost companies including J.C. Penney Co, JetBlue Airways Corp and French retailer Carrefour SA more than $300 million.

The risk of being prosecuted is so low it does little to dissuade highly educated and skilful but under-employed programmers from turning to illicit hacking for profit or fun.

In a country where wages are lower than in the West and life is expensive, and which has long produced some of the world’s best mathematicians, the temptation to turn to crime is great, and the hackers are in general ahead of the people trying to catch them.

“People think: ‘I’ve got no money, a strong education and law enforcement’s weak. Why not earn a bit on the side?'” said Alexei Borodin, a 21-year-old hacker.

As long as these hackers target victims abroad, experts say, the Russian authorities are willing to sit back and let them develop tools to burrow into computer vulnerabilities, which they can in turn use for their own cyber espionage.

Two of the Russian suspects in the banking card fraud case were arrested while in the Netherlands, but two others – Alexander Kalinin, 26, and Roman Kotov, 32 – are still at large and thought to be in Russia, where experts doubt they will be caught.

Moscow’s decision to harbor Edward Snowden, wanted in the United States for leaking details of government surveillance programs on the phone and Internet, is likely to freeze already slow-moving cross-border police cooperation with Washington, they said.

“They have been doing this in Russia for many years now,” said Misha Glenny, an expert and author on cyber crime.

“Russian law enforcement and the FSB (Federal Security Service) in particular have a very good idea of what is going on and they are monitoring it but as long as the fraud is restricted to other parts of the world they don’t care.”

Several email requests for comment and calls over three weeks to the special Interior Ministry unit tasked with policing the web – Department K – went unanswered.

NO BOUNDARIES

The pool of talent churned out by top-tier institutes excelling in hard sciences across the former Soviet Union is indisputable.

A trio of students from the St Petersburg National Research University, for instance, won the oldest and most prestigious world programming competition, the ACM International Collegiate Programming Contest, four times in the last six years.

Three Russian teams, one from Belarus and one from Ukraine, were also among the top ten finalists this year in the contest, which featured teams from 2,322 universities in 91 countries.

But in a 2013 survey, only 51 percent of IT specialists in Russia polled by HeadHunter, a recruiting website, found jobs in the country’s burgeoning IT sector. It said average salaries in Moscow for work in information security was 65,000 roubles ($2,000) a month, far less than Western counterparts would earn.

Hacking is not a crime in and of itself. So-called white-hat hackers, who access computers to bolster security defenses, face off at the front lines of a virtual battleground with criminals, known as crackers or black-hat hackers, who break in with ill intent.

Hackers on both sides of that divide are mostly aged 22 to 30 and, in Russia, many may have been university classmates.

Borodin, who works on start-ups involved in Bitcoin, the virtual currency, describes web security as his hobby. Known as ZonD80, he began exploring computer vulnerabilities at the age of 12, and made waves last year by publishing a hack allowing iPhone users to avoid paying for in-App upgrades – a system loophole it took him about a week to find.

He says he has never broken the law.

“I hacked Apple and Google systems, but I’ve been working on the other side for ages… Now it’s fun to design defenses against all the hacks I used to do myself,” he said in an interview via instant messenger.

“There aren’t really any boundaries. Someone can go over to the bad side or suddenly become a protector. In any event, if you’re caught, then you were in the wrong place at the wrong time.”

WEAPONS RACE

At the Moscow headquarters of the Kaspersky Lab, a Russian rival to U.S. security firms Symantec or McAfee, sweatshirt-clad youths sit silently tapping away in an ultra-sleek workspace.

“Stealing money from behind a screen is incomparably easier psychologically than attacking someone in the street,” Kamluk, 29, said in a round, glass room known as the Virus Lab. Here client data on millions of suspicious programs is parsed by analysts sitting at a circle of screens that looks like a spaceship control room.

“Using technical means, you can fight cyber crime endlessly, but it is a non-stop weapons race: We make security systems and they find ways around it.”

The soft-spoken Belarusian, who sports a Mohawk and a T-shirt printed with green-on-black computer code, was hired in 2005 and is now part of an elite team chosen by CEO Eugene Kaspersky to investigate new or exotic cyber threats.

The Global Research and Expert Analysis Team, or GREAT for short, discovered the Stuxnet cyber weapon, which is believed to have been used by the United States and Israel to attack Iran’s nuclear program a few years ago.

This year Kamluk and other GREAT prodigies uncovered a Russian-speaking cyber espionage gang, Red October, operating a complex data-hijacking system used to steal intelligence from government, military and diplomatic targets worldwide.

GREAT was not able to identify who was behind the gang. But the manpower and expense needed to wield such a network is believed by some experts to point to the involvement of a state intelligence agency, possibly Russian.

ADVICE FORUMS

On the Blackhacker.ru forum, threads offer advice on what countries have the most crime-friendly laws and sell cyber tools such as bullet-proof hosting from which to launch attacks.

In a feeble nod to the law, some sellers post disclaimers, denying responsibility if their service is put to criminal use.

Such forums played a crucial role in the criminal baptism of a generation of programmers who emerged onto the job market in the 1990s when the Soviet Union was unraveling, and have served as hacker incubators popularizing cyber crime in Russia.

“In 2008, you needed to buy a Botnet (network of infected computers) and set it up, it was quite sophisticated. Nowadays, every schoolboy can do this by … using forums and reading,” said Maxim Goncharov, a researcher at security firm Trend Micro.

The amount of cash flowing to this underground industry is hard to quantify as many companies do not report losses. Moscow-based cyber forensics firm Group-IB estimated the Russian cyber crime market was worth $2.3 billion in 2011 and far more today.

Some of the cash, it says, goes to pay off corrupt police, who then tip off the criminals.

Andrey Komarov, head of international projects at Group-IB, said cyber criminals are winning in the war against the world’s law enforcement agencies.

“It is like the battle between a fly and an elephant,” said Komarov said. “Some cyber criminals have very close contacts with corrupted law enforcement agencies, and during our investigations some disappeared and were not arrested.”

(Additional reporting by Alessandra Prentice and Megan Davies in Moscow and Liza Dobkina in St Petersburg; Editing by Sonya Hepinstall)

AAA

Henry Sapiecha

blue cam line

BRITISH SPIES ARE OPERATING AN EAVEDROPPING OPERATION THAT DWARFS THE USA SPY SAGA

BRITAIN HAS A SPY NETWORK WHICH OUTSTRIPS THE USA OPERATION

Security contractor Edward Snowden

London: British spies are running an online eavesdropping operation so vast that internal documents say it even outstrips the United States’ international internet surveillance effort, The Guardian newspaper says.

The paper cited UK intelligence memos leaked by former National Security Agency contractor Edward Snowden to claim that UK spies were tapping into the world’s network of fibre optic cables to deliver the “biggest internet access” of any member of the Five Eyes – the name given to the espionage alliance composed of the United States, Britain, Canada, Australia and New Zealand.

That access could in theory expose a huge chunk of the world’s everyday communications – including the content of people’s emails, calls, and more – to scrutiny from British spies and their US allies. How much data the British are copying off the fibre optic network isn’t clear, but it’s likely to be enormous.

The Guardian said the information flowing across more than 200 cables was being monitored by more than 500 analysts from the NSA and its UK counterpart, GCHQ.

“This is a massive amount of data!” The Guardian quoted a leaked slide as boasting.

The newspaper, whose revelations about America and Britain’s globe-spanning surveillance programs have reignited an international debate over the ethics of espionage, said GCHQ was using probes to capture and copy data as it crisscrossed the Atlantic between western Europe and North America.

It said that, by last year, GCHQ was in some way handling 600 million telecommunications every day – although it did not go into any further detail and it was not clear whether that meant that GCHQ could systematically record or even track all the electronic movement at once.

GCHQ declined to comment on Friday, although in an emailed statement it repeated past assurances about the legality of its actions.

“Our work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary, and proportionate,” the statement said.

Fibre optic cables – thin strands of glass bundled together and strung out underground or across the oceans – play a critical role in keeping the world connected. A 2010 estimate suggested that such cables are responsible for 95 per cent of the world’s international voice and data traffic, and The Guard-ian said Britain’s geographic position on Europe’s western fringe gave it natural access to many of the trans-Atlantic cables as they emerged from the sea.

The Guardian said GCHQ’s probes did more than just monitor the data live; British eavesdroppers can store content for three days and metadata – information about who was talking to whom, for how long, from where, and through what medium – for 30 days.

ocf-banner-500x300-FINAL

SECURITY EXPERT SAYS HE CAN HACK INTO HIGH END SURVEILLANCE CAMERA SYSTEMS REMOTELY TO ACCESS DATA

ACCESSING INFO BY HACKING INTO CCTV SYSTEMS

art-sec-camera345634-620x349

A US security expert says he has identified ways to remotely attack high-end surveillance cameras used by industrial plants, prisons, banks and the military, something that could potentially allow hackers to spy on facilities or gain access to sensitive computer networks.

Craig Heffner, a former software developer with the National Security Agency (NSA) who now works for a private security firm, said he discovered the previously unreported bugs in digital video surveillance equipment from firms including Cisco, D-Link and TRENDnet.

They could use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems. 

Craig Heffner, security expert

“It’s a significant threat,” he said. “Somebody could potentially access a camera and view it. Or they could also use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems.”

He plans to demonstrate techniques for exploiting these bugs at the Black Hat hacking conference, which starts on July 31 in Las Vegas.

Heffner, who now works as a vulnerability researcher with Tactical Network Solutions in Columbia, Maryland, said he has discovered hundreds of thousands of surveillance cameras that can be accessed via the public internet.

In 2011, the $7 million security camera system at Parliament House in Canberra was found to have ”critical” security deficienciesthat left the building vulnerable to attack, according to a whistleblower’s report.

Heffner said he has figured out a real-life version of the familiar “Hollywood-style” attack that has become a fixture in action films. He can freeze a picture on a surveillance camera to help thieves break into facilities without detection.

He has not discussed his research with the camera makers, he said, and does not plan to do so ahead of his presentation at the hacking conference.

Cisco, D-Link and TRENDnet said they would take any appropriate action that might be needed to secure their equipment after the Black Hat presentation.

Heffner’s presentation is one of more than 100 talks at the annual gathering, which is expected to attract 6500 security professionals who will learn about the growing threat hackers pose to businesses, consumers and national security.

Other talks will explore threats to Microsoft Windows and Apple systems, mobile phone networks, medical devices and systems that control industrial plants.

All research presented at the conference is vetted by a review board of 22 security experts.

Reuters

AAA
Henry Sapiecha
blue cam line

ENTERING ANOTHER PERSONS COMPUTER IS EASY IF YOU KNOW HOW AS THIS 14 YEAR OLD SHOWS

A 14YEAR OLD HACKER SEES PEOPLE VIA THEIR WEB CAM

The 14-year-old couldn’t believe his eyes. The virtual currency he’d worked so hard to amass in the online role-playing game Runescape had vanished. He’d lost the equivalent of $700 in the blink of an eye, after investing his pocket money into the game’s economy for months. All that remained was an instant message dialogue box: “Haha, you got RATted!”


What is a Computer Hacker?

These days, a hacker doesn’t have to be a geek from a top university who breaks into high profile banks and government systems.

A hacker can be anyone, even the kid next door. Anyone can download a simple software off the Internet to see everything that goes into, and out of, a computer on a the same network. And people who do this don’t always have the best of intentions. So just imagine how exposed you are when you use WiFi in a public hotspot. Everybody in that very same hotspot are all on the same computer network.

 

Firewalls and anti-virus can’t stop this new type of hacking, called sniffing, but PRIVATE WiFi can. Learn more about how to protect yourself against hackers. Private wifi description

Sitting in his bedroom in Wauchope, on the mid-north coast of NSW, the teenager wrote back: “What does that mean?” He didn’t know at the time that his machine had been compromised by a Remote Administration Tool (RAT), an aggressive form of malware that allows hackers to access a victim’s entire computer. It was too late. The thief had disappeared. “He ran away with my money, like a girl,” laments Alex (not his real name).

When I started, it was hard to learn. I was confused. I helped others because I wanted them to feel how I felt when I first started RATting – that feeling of excitement. I wanted to empower them.

‘Alex’ the NSW hacker

AAA

Weeks later, his desolation and rage had been replaced by joy. After researching RATs and spending an entire day spreading an innocuous link using Runescape’s in-game chat function, in the hope that someone would visit the page and run the Javascript application embedded within, Alex had his mark.

An image uploaded to a hacking forum showing a woman picking her nose as seen through her webcam.An image uploaded to a hacking forum showing a woman picking her nose as seen through her webcam.

Within a few clicks, the teenager had access to a stranger’s entire computer, without their knowledge. “I was the happiest kid in the whole entire world,” he says. “I could see their desktop, what they typed, the history of what they’d typed, stored passwords, files – everything.”

AAA

His victim didn’t have a webcam, so Alex wasn’t sure of their gender or their appearance, although he assumes they were male. But he knew that they played Runescape, so he got straight to work on what mattered: looting their gold, just as he’d recently experienced himself.

After emptying the stranger’s account, the teenager watched, intrigued, as his mark realised that he’d been hacked, and began trying to close the connection. Fifteen minutes later, Alex’s first “slave” – hacker shorthand for a compromised user – had disconnected himself.

An image uploaded to a hacking forum showing a woman sleeping as seen through her webcam.
An image uploaded to a hacking forum showing a woman sleeping as seen through her webcam.

The RATted had become the RATter. “I felt unstoppable,” says Alex, now 17 and studying Year 11. “I was really insecure about myself at the time. I felt like the most powerful person on Runescape.”

AAA

Know more? Email us

The senior security manager at antivirus software company Trend Micro has another name for RAT: Remote Access Trojan. “It’s a piece of software loaded onto somebody’s computer that allows it to be controlled or accessed from a third-party location,” says Adam Biviano in Sydney.

An image uploaded to a hacking forum showing a woman starting at her computer as seen through her webcam.
An image uploaded to a hacking forum showing a woman starting at her computer as seen through her webcam.

“They often arrive on a computer masquerading as something else,” he says. “Just like the mythological story, you open your gates up and you allow it inside your protected walls. All of a sudden, you think you’re getting one thing, but in reality you’re getting what they call a ‘RAT’. You’re giving access to your computer to … who knows who.”

AAA

A 14-year-old boy motivated by revenge is probably one of the last people you’d want to have unmitigated access to your computer. Especially if you’re female, given that one of the most commonly exploited features of RAT software is the ability to spy on a user’s webcam. Many modern laptops will display a green light when the webcam is in use; however, RAT developers have long since worked out how to disable that tell-tale sign on some computers.

The cumulative effect is a gross breach of privacy, often without the user’s knowledge. Think of where your computer’s webcam is positioned, and what someone might see if they watched you constantly: your bedroom antics, perhaps, or your daily nude stroll around the house. They might even see you take your laptop to the toilet with you.

AAA

An image uploaded to a hacking forum showing a woman looking at her computer as seen through her webcam.
An image uploaded to a hacking forum showing a woman looking at her computer as seen through her webcam.

Discussion threads in the Remote Administration Tools section of HackForums.net overflow with webcam screenshots, to celebrate both “hot female slaves” and “ugly slaves”.

AAA

Alex goes by a pseudonym on HackForums that Fairfax Media has chosen to keep secret in order to conceal his identity. He’s been a particularly active community member over the past 12 months, clocking more than 6000 posts – about 17 a day – while establishing himself as a helpful source of information for those new to RATs.

“When I started, it was hard to learn,” he says. “I was confused. I helped others because I wanted them to feel how I felt when I first started RATting – that feeling of excitement. I wanted to empower them.”

AAA

The teenager says he’s never had a job, yet he’s drawn a respectable income from his RAT activities for more than two years. His parents began asking questions when he connected his PayPal to his bank account, and sums of up to $500 at a time would flow in: profit from his Runescape thefts. “I sat down with them and told them what was going on,” says Alex.

“They understood. They said, ‘If you get caught, you’re in serious shit.’ My parents are laidback about it, because they knew I was smart with computers when I was younger. I’ve gotten way smarter since then.” Their son may not have been completely honest about the precise source of income, though: “They don’t really know what happens behind the scenes when I’m on the computer,” he admits.

AAA

Trend Micro’s Adam Biviano isn’t surprised by Alex’s exploits, nor his age. “I’ve been in the anti-malware industry for about 15 years,” he says. “A lot of these attacks start off with people who are quite young. It’s that younger element that probably doesn’t understand the legal implications of what they’re doing. They think that because it’s online, it’s simply a bit of harmless fun.

“We also see that those skills are put to far more malicious use these days, by moving on to target businesses, to target individuals by stealing their identities, even cross-border espionage using RATs,” he says, referring to a malware outbreak in the fractured state of Syria last year. “[Virtual goods theft] is one of the more benign uses of RATs, but it can certainly get nastier from there.”

AAA

The Attorney-General’s Department responded to questions with this statement: “The Commonwealth Criminal Code contains a range of offences that apply to the unauthorised access to or modification of data, as well as offences that relate to the possession, control or supply of data with an intent to commit a computer offence.”

Federal penalties for these offences range from two to 10 years’ imprisonment; the states and territories also have laws prohibiting the installation and use of surveillance devices, including listening, optical, tracking and data surveillance devices, which may also apply to those caught using RATs for malicious purposes.

AAA

The Department of Broadband, Communications and the Digital Economy says it does not have a position statement on the use of RATs among private citizens.

Remote access technology is not new – Windows has had this functionality in-built for many years – but the malware form of delivery is a constant headache for security companies such as Trend Micro, especially since some of these products are marketed as “FUD”: fully undetectable, by either software or user.

AAA

“That’s the unfortunate part of the business we’re in,” says Biviano. “For a malware writer, we’re part of their quality assurance process. A piece of malware will be sold for far more money than a competing product if it’s undetectable by current anti-malware products. That’s the sad reality of life right now.”

Trend Micro’s labs deal with RAT infections on a daily basis, not just on personal computers, but increasingly, mobile devices. “This year alone, we’re anticipating that we’ll see nearly one million forms of malware just on [the] Android [mobile operating system]. A lot of these will have RAT built in. It’s very rare these days that we see malware that doesn’t have some sort of remote access capabilities.”

AAA

RATs have a long history of legitimate, non-malicious uses: IT departments throughout the world benefit daily from the ability to view their colleagues’ screens when troubleshooting, as do workers who wish to access files on their home computer from the office.

Chris Gatford, director of Sydney security consultancy HackLabs, uses this type of software when performing penetration testing for clients on four continents. “We’re engaged by our customers to compromise their environment,” says Gatford. “We use social engineering as the mechanism to gain access to the organisation, using “RAT-like” functionality in commercial security testing tools to perform our work.

AAA

“In our experience, when performing this testing, we’re very rarely detected, and therefore most organisations aren’t able to detect it,” he says. “I would say the majority of Australian organisations certainly wouldn’t have the capability to detect whether they were infected by RATs, if [the software] was being used by attackers correctly.”

Using freely available RATs with names such as DarkComet and BlackShades, Alex was able to gain control of up to 1000 computers simultaneously. The dual monitors in his Wauchope bedroom became a window to the world. “I’ve had a guy in Vietnam working in a store,” he says of his “slaves”. “I’ve had a whole Asian family looking at the computer at once. I’ve had a lot of ugly people; one guy in his nineties or something, who looked like Santa Claus,” he says, laughing.

AAA

He has clicked onto people masturbating to child pornography. He didn’t like that one bit. “I basically destroy their computer if I see them looking at that shit, because that’s just wrong.” With a few commands, he’d delete their computer’s “system32” folder; without those files, Windows operating systems won’t function.

But those days are behind Alex now. In mid-March, he posted a thread on HackForums saying goodbye to using Remote Administration Tools. The 17-year-old feels he’s learned all there is to know about RATs. He’s had some fun, made some money. Now he’s setting his sights on learning to code, while balancing his Year 11 workload. He’s fond of software design, IPT and English, but hates maths. He’s looking forward to studying at university – something to do with computers, naturally – and building a career in penetration and vulnerability testing.

AAA

The only thing that’s stopped the teenager from accessing strangers’ computers without their knowledge is boredom. That initial buzz – that feeling of being “the happiest kid in the world” – has long since worn off. Gross invasions of privacy have lost their lustre. Alex maintains that he never touched any bank accounts while RATting: “That shit’s lame,” he says. “I know people do it, but it’s a dog act.”

If he got caught by the police – not that he ever came close – he’d have justified his behaviour thus: “I know it was wrong to steal virtual goods, but I didn’t do it for bad reasons.

“I did it for educational purposes. Hacking isn’t just about ‘bad’ things. Most people hack to learn.”

AAA

Asked whether he’s proud of what he did, he laughs. “I kind of am! I felt bad when I got my stuff stolen, though.” But it was okay when you did it to others?

He pauses. “Now I’m confused … How do I say it? RATting is bad, and good. People do it for knowledge; people do it to steal shit; people do it to mess around. It’s a thing that hackers these days need to learn, before they move on.

AAA

Henry Sapiecha