Cyber Security Intelligence

Twitter< Follow on Twitter >

January Newsletter #2 2015

‘Anonymous’ Call For Revenge On Charlie Hebdo Terrorists

“Anonymous from around the world have decided to declare war against you, terrorists” a purported member of the hacktivist group said in a video uploaded to YouTube, referring to the killers responsible for the attack on French satirical newspaper Charlie Hebdo. Speaking in French on Anonymous’s Belgian channel, the cyber vigilante warned terrorists, “We will track all your online activity, we will close your accounts on every social network.”

A post to text board Pastebin associated with the message states that “We will fight always and everywhere the enemies of freedom of speech…Freedom of speech and opinion is a non-negotiable thing, to tackle it is to attack democracy. Expect a massive frontal reaction from us because the struggle for the defense of those freedoms is the foundation of our movement.”

The video message to the Charlie Hebdo attackers roughly translates to “We will find you until the very last one, destroy you. You killed innocents. You won’t bring Shariah to our democracies. We won’t let your stupidity destroy our freedom of press.”

For now, the #OpCharlieHebdo message is merely a call to action from a sole hacker, though it has received support from other Anonymous-related figures. The loose, decentralized group known as Anonymous does not have a traditional chain of command. Nothing may happen unless others aligned with the cause heed the call.

Late last year, members of Anonymous declared a “full-scale cyber war” against ISIS, and reports indicated the group planned DDOS attacks on countries offering aid to the terrorist group. News of those attacks never came, though. We’ll be watching for any #OpCharlieHebdo actions.

Unfortunately, the Internet largely serves to amplify the message of fear touted by terrorists. 24-hour updates and gruesome images from the scene can make people worry they could become victims, even if the likelihood is infinitesimal. While cyber vigilantism has its risks, Anonymous’ could potentially use the power of the Internet crowd to create additional consequences for those seeking to suppress liberty through violence.

MI5 seeks new powers after Paris magazine attack

Andrew Parker describes Charlie Hebdo outrage as ‘a terrible reminder of the intentions of those who wish us harm’

The Metropolitan police's two-minute silence outside New Scotland Yard in London in solidarity with those affected by the Charlie Hebdo attack in Paris.

The head of MI5, Andrew Parker, has called for new powers to help fight Islamist extremism, warning of a dangerous imbalance between increasing numbers of terrorist plots against the UK and a drop in the capabilities of intelligence services to snoop on communications.
Parker described the Paris attack as “a terrible reminder of the intentions of those who wish us harm” and said he had spoken to his French counterparts to offer help.

Speaking to an invited audience at MI5 headquarters, he said the threat level to Britain had worsened and Islamist extremist groups in Syria and Iraq were directly trying to orchestrate attacks on the UK. An attack on the UK was “highly likely” and MI5 could not give a guarantee it would be able to stop it, he said.

“Strikingly, working with our partners, we have stopped three UK terrorist plots in recent months alone,” he said. “Deaths would certainly have resulted otherwise. Although we and our partners try our utmost, we know that we cannot hope to stop everything.”

Britain had increased security checks at the French border, including extra vehicle searches, in light of the Paris terrorist attack to make sure the suspects do not enter the country, Downing Street said.

Almost all of MI5’s top-priority UK counter-terrorism investigations had used intercept capabilities in some form to identify, understand and disrupt plots, he said. “So if we lose that ability, if parts of the radar go dark and terrorists are confident that they are beyond the reach of MI5 and GCHQ, acting with proper legal warrant, then our ability to keep the country safe is also reduced.”

The intelligence agencies in the UK and the US claim that the Snowden revelations in 2013 about the scale of bulk data collection have undermined their capabilities. Parker said: “We all value our privacy – and none of us want it intruded upon improperly or unnecessarily. But I don’t want a situation where that privacy is so absolute and sacrosanct that terrorists and others who mean us harm can confidently operate from behind those walls without fear of detection. “If we are to do our job, MI5 will continue to need to be able to penetrate their communications as we have always done. That means having the right tools, legal powers and the assistance of companies, which hold relevant data. Currently, this picture is patchy.”

New Snowden Revelations Expose NSA Interceptions

German news outlet Spiegel recently published a story about the NSA’s ability to crack encrypted forms of communication, exposing the agency’s routine interception of SSL/TLS, which are used by web servers to transmit sensitive information. The report also exposed the fact that the agency has the ability to decrypt a virtual private network.

But perhaps more significantly, the revelations culled from the trove of documents leaked by Edward Snowden show the forms of encryption the NSA struggled to break (at least at the time of the documents in 2012). That list includes PGP, Tor, CSpace, OTR and ZRTP.

Overall the report was reassuring. Many of the forms of added encryption measures those concerned about security have taken in the 18 months since the Snowden documents became public are effective. For example, the documents show that communications protected by ZRTP (the type of encryption RedPhone uses) block the NSA.

Although the scope of the interceptions on SSL and VPN connections are concerning, many assumed the agency possessed this capability previously. The trove released by Spiegel shows the specific tools the agency used to go about this.

The Spiegel report has prompted backlash in the information security community, with some saying it sensationalizes the NSA’s ability to access information on VPN connections. According to Spiegel, the NSA operates “a large-scale VPN exploitation project to crack large numbers of connections, allowing it to intercept data inside the VPN — including, for example, the Greek government’s use of VPNs.”

This is a very concerning revelation, considering the high number of companies and governments that utilize VPNs to allow users to access their networks anywhere in the world.
The Spiegel story leaked a large number of documents containing very specific information about the NSA’s techniques. A year-and-a-half after The Guardian and Washington Post first published the documents, the report reignited calls on social media for the full release of the Snowden documents. If anything, the report served as a reminder that we likely have years of new exposures to come about American surveillance practices.

How you could become a victim of cybercrime in 2015

Cybersecurity experts’ predictions for the year ahead: from ransomware and healthcare hacks to social media scams and state-sponsored cyberwar

Online security companies have been making their predictions for 2015, from the malware that will be trying to weasel its way onto our computers and smartphones to the prospect of cyberwar involving state-sponsored hackers.

Here’s a summary of what you should be watching out for online in 2015, based on the predictions of companies including BitDefender, KPMG, AdaptiveMobile, Trend Micro, BAE Systems, WebSense, InfoSec Institute, Symantec, Kaspersky, Proofpoint and Sophos.

The more we do and share online, the more vulnerable we may be to “targeted” attacks to steal our passwords and data. “It is possible that our willingness to share and shop online will let criminals become more selective about who they target,” suggests Stephen Bonner of KPMG. “They won’t need to maintain the current ‘hit and hope’ approach of spear phishing, instead only attacking specific users and computers based on the data these give away about their owners.”

Meanwhile, you may see more spam emails in your inbox in 2015, as the technology used to send them becomes more sophisticated. A parallel trend cited by several of the companies is the prospect of attacks on bigger companies in the private and public sector, with cybercriminals having specific goals in mind.

“Cybercriminals will go after bigger targets rather than home users as this can generate more profits for them. We will see more data breach incidents with banks, financial institutions, and customer data holders remaining to be attractive targets,” suggests Trend Micro.

Healthcare is also expected to be a target. “Companies operating in the sector are a privileged target because of the wealth of personal data they manage, and that represents a precious commodity in the criminal underground,” notes InfoSec Institute. “Healthcare data are valuable because medical records can be used to commit several types of fraudulent activities or identity theft. Their value in the hacking underground is greater than stolen credit card data.”

One of the most common forms of malware in 2014 was “ransomware”, where cybercriminals trying to extort money from victims either by locking their devices and demanding a fee to release them, or by accusing them of various unpleasant crimes.

“Users should remain sceptical of any message accusing them of various crimes such as zoophilic behaviour and distributing child pornography,” claims BitDefender. “These threats may be part of ransomware campaigns and could also hit social networks.”

One of the big announcements for Apple in 2014 was the launch of its mobile payments service, Apple Pay. However, several security companies expect cybercriminals to make a concerted effort to crack it and rival services in 2015.

Some of the most high profile vulnerabilities in 2014, such as Shellshock and Heartbleed, provoked discussion about the security of open source code. Several security companies expect this debate to continue in 2015.

“From Heartbleed to Shellshock, it became evident that there are significant pieces of insecure code used in a large number of our computer systems today,” adds Sophos. “The events of 2014 have boosted the cybercriminals’ interest in typically less-considered software and systems – so businesses should be preparing a response strategy.”

Technology like Tor is used for a variety of reasons, including activists anonymising their online activities when under pressure from authoritarian governments. However, this kind of technology will also be used by more cybercriminals in 2015.

BAE’s cyber security boss Scott McVicar also thinks criminals will “go to greater lengths” to hide their identity, which will have an impact on efforts to identify them and nullify their efforts. “Researchers will need to adopt practices from the professional intelligence community and tread more carefully when drawing conclusions about who is ultimately behind cyber attacks,” he says.

The huge number of people using social networks like Facebook is proving an appetising target for malware developers: BitDefender has already published its roundup of popular Facebook scams in 2014, for example.

“Malicious links hidden in atrocious Facebook videos will be on the rise in 2015,” warns the company. “Malicious ‘beheading and murder’ videos are expected to multiply in the following year. Behaviour analysts and psychologists say teenagers are the most susceptible to clicking on shocking videos, as their empathy for victims of violence is lower.”

As more of our devices talk to one another, via the “Internet of Things”, there may be a range of new cybersecurity headaches to think about. WebSense thinks that in 2015, attacks on the Internet of Things will focus more on businesses than individuals with gadgets.

As 2014 ended with the now-infamous hack of Sony Pictures, with intense debate about whether North Korea was involved, security firms see 2015 bringing a greater prospect of cyberattacks on behalf of nation states, even if they don’t run them themselves.

“Cyber warfare is very attractive to small nations. The development of a government-built malware is cheaper than any other conventional weapon and far more accessible to any nation-state. Cyber warfare represents for every government an efficient alternative to conventional weapons,” notes InfoSec Institute.

“North Korea, Syria, and Iran are among the countries that have developed great capabilities that pose a serious threat to major Western states. The risk of a serious attack on the critical infrastructure of a Western government is high, and its attribution will be even more difficult.”
The boundaries between cybercriminal gangs and governments may also blur. “Criminal groups will increasingly adopt nation-state tactics,” predicts Kaspersky.

FBI briefed on alternate Sony hack theory

FBI agents who are investigating the Sony Pictures hack were briefed recently by a security firm that says its research on the attacks points to laid-off Sony staff and not to North Korea, as the perpetrator.

Even the unprecedented decision to release details of an ongoing FBI investigation and President Barack Obama publicly blaming the hermit authoritarian regime hasn’t quieted a chorus of well-qualified skeptics who say the evidence just doesn’t add up.

Hackers who targeted Sony Pictures over the release of the film The Interview “got sloppy” and inadvertently revealed their links to North Korea, according to the director of the FBI.

Picture: James Comey, the director of the Federal Bureau of Investigation

Speaking at the International Conference on Cyber Security James Comey said hackers had mistakenly sent messages that could be traced to IP addresses used exclusively by North Korea.

Comey said the North Korean origins of the cyber attack were evident despite the use of proxy servers in other countries to throw investigators off their trail.

"It was a mistake by them," he said. "It made it very clear who was doing this."

The US federal investigations chief added that he had a “very high confidence” that the attack was carried out by North Korea, “as does the entire intelligence community”.

However researchers from the cyber intelligence company Norse have said their own investigation into the data on the Sony attack doesn’t point to North Korea at all and instead indicates some combination of a disgruntled employee and hackers for piracy groups is at fault.
The FBI says it is standing by its conclusions, but the security community says the agency has been open and receptive to help from the private sector throughout the Sony investigation.

Norse, one of the world’s leading cyber intelligence firms, has been researching the hack since it was made public just before Thanksgiving.

Norse’s senior vice president of market development said the quickness of the FBI’s conclusion that North Korea was responsible was a red flag.

“When the FBI made the announcement so soon after the initial hack was unveiled, everyone in the [cyber] intelligence community kind of raised their eyebrows at it, because it’s really hard to pin this on anyone within days of the attack,” Kurt Stammberger said in an interview as his company briefed FBI investigators Monday afternoon.

He said the briefing was set up after his company approached the agency with its findings.
Stammberger said after the meeting the FBI was “very open and grateful for our data and assistance” but didn’t share any of its data with Norse, although that was what the company expected.

The FBI afterwards said that it is standing behind its assessment, adding that evidence doesn’t support any other explanations.

“The FBI has concluded the Government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment. Attribution to North Korea is based on intelligence from the FBI, the US intelligence community, DHS, foreign partners and the private sector,” a spokeswoman said in a statement. “There is no credible information to indicate that any other individual is responsible for this cyber incident.”

In addition to Norse’s analysis of Internet forums where perpetrators may have communicated and compiled dates within the malware used, a report from firm Taia Global said a linguistic analysis of the purported hacker messages points to Russian speakers rather than Korean.
The official said law enforcement is still treating the incident as an “active criminal investigation” but that that may or may not lead to a prosecution built on evidence that goes beyond a reasonable doubt.

And recently US Director of National Intelligence James Clapper has said at a cybersecurity conference that he suspects his North Korean counterpart to be behind the hack of Sony Pictures. The Daily Beast reports that Clapper said during his talk at the International Conference on Cybersecurity that General Kim Youn Chol may have been behind the hack.

Clapper explained that if North Korea were behind the hack, then General Kim would have had to authorise the action. General Kim is a four-star general in charge of North Korea's Reconnaissance General Bureau, the organisation that Clapper claims is responsible for the Sony hack.

Sony’s chief exec Kazuo Hirai said he does not expect the November cyber attack on the company's film studio to have a significant financial impact on the entertainment conglomerate, two weeks after the studio rolled out the movie after the attack.

"We are still reviewing the effects of the cyber attack," Hirai told reporters at the Consumer Electronics Show in Las Vegas. "However, I do not see it as something that will cause a material upheaval on Sony Pictures business operations, basically, in terms of results for the current fiscal year."

The studio, Sony Pictures Entertainment, said separately that the film, "The Interview," has generated revenue of $36 million (23 million pounds).

June gains a second in 2015 and will have 86,401

With Earth’s rotation speed slowing down at the rate of around two thousandths of a second per day, time keepers over at the International Earth Rotation Service (IERS) in Paris have announced that they will be adding one extra second on June 30 to compensate for the Earth’s slowing rotation. The announcement has instigated fears that a 2012-like Internet crash could be waiting to happen this time around as well. IERS made the announcement and the day of June 30 will have 86,401 seconds, instead of 86,400 seconds and the length of the day on the Earth will have an extra second.

The increase in one second isn’t a new thing and it has been happened 25 times since 1972, which was the year when it was originally introduced. However, the increase in number of computers that sync up with atomic clocks, the problems related to increase in seconds in this manner is increasingly becoming serious.

A second was added in 2012 and at that time it took down much of the Internet with major sites like Reddit, Foursquare, Yelp and LinkedIn at the receiving end of the problem. Computer and servers panic when they are shown the same second twice in a row. If a computer is asked to carry out an operation at a time when the second is repeated, the computer is unsure what to do resulting into a crash.

To fend off such issues, Google has proactively developed a ‘leap smear’ technique where it gradually adds milliseconds to its system clocks prior to the official arrival of the leap second.
The mechanism for adding a second of ‘leap-second’ to clock time is being actively opposed by US. The US claims that this is disruptive to navigation and communication systems and more critical systems like timed money transactions could go haywire. The UK on the other hand is in favour of continuing with this mechanism because if it is abolished, it could spell the end of Greenwich Mean Time, which was adopted in 1847 and is measured by the moment the Sun crosses the Greenwich Meridian.


The full web site is currently under development and will be available during 2015