Cyber Security Intelligence

Twitter< Follow on Twitter >

April Newsletter #4 2014

Breaking with Tradition the New UK Surveillance Chief is an Outsider

The UK global intelligence agency is getting a new boss. Robert Hannigan, a career diplomat and former adviser to two prime ministers, was appointed director of GCHQ the Government Communications Headquarters last week. Hannigan is a political operative who has served as a government spokesman and was closely involved in the Northern Ireland peace process.

While Hannigan has experience managing national security issues, it has been largely as a counselor to elected officials. When Gordon Brown was elected prime minister in 2007, he made Hannigan his adviser on intelligence and security at No. 10 Downing Street. Hannigan is currently the director general for defense and intelligence at the Foreign Office, the equivalent of the U.S State Department.

Like the NSA, the GCHQ has come under intense scrutiny and criticism for intelligence operations exposed by the former contractor NSA Edward Snowden. Many of the documents that Snowden leaked to journalists detail controversial British surveillance operations, including a program to collect webcam images from unsuspecting computer users and a plan to try and discredit Wikileaks and monitor people who visited the site.

The UK is a party to the so-called "five eyes" agreement, in which Britain, the U.S., Canada, Australia, and New Zealand share information and cooperate on operations. That relationship was strained after Snowden revealed the NSA was eavesdropping on the communications of foreign leaders whose countries weren't part of the spying pact, most notably German Chancellor Angela Merkel. More broadly, the Snowden documents underscored the GCHQ's long-standing and close relationship with the NSA.

Hannigan's appointment also reflects the British government's desire to have a closer handle on cyber security issues. GCHQ plays a leading role in computer network defense and warfare for the UK.

US Intelligence Monitors Romanian Hackers

The US Secret Service and FBI are investigating an increasing number of attacks on US retailers' data, including the massive breach of Target Corp last year that affected more than 40 million debit and credit card accounts.

The conspirators hit more than 800 US stores from 2009 to 2011, stealing data from in excess of 150,000 credit card accounts and inflicting losses to financial institutions conservatively tallied at $12.5 million, according to interviews with the agent, his supervisors and U.S. Justice Department prosecutors, as well as a review of court filings.

It began on a February afternoon in 2010 with calls from banks. American Express and Citibank reported fraudulent activity on accounts that had one thing in common -- purchases made at a Subway sandwich shop in Plaistow, New Hampshire, a town of 7,609 people about 25 miles southeast of Manchester. American Express reported that 36 compromised credit cards had been used at the Plaistow Subway; Citibank said it had suffered $80,000 in losses tied to cards swiped at the store. This became the "Subway case."

The investigators determined the stolen data was only stored briefly on the computer before being uploaded to a website, A password embedded in the software code -- Carabus05 -- provided a clue to its source. The word is Romanian for beetle. And US intelligence suspected they were in Romania. They chatted in e-mails in the language, and the US agents managed to track some of their computer activity back to the country. Finally, in late October, agents picked up a solid lead: in an online chat, a hacker mentioned that his computer had been seized and his house raided by Romanian police investigating his cyber activities.

The US agent called his Romanian counterparts and provided them with the information. In less than a day, they gave the agent one of the hacker's identities: Adrian Tiberiu Oprea, a 26-year-old who had studied computer science and lived in the Black Sea port city of Constanta. Romanian authorities told the agent they were investigating Oprea for hacking retailers in Eastern Europe.

Three hackers were finally caught and charged. All three pleaded guilty to hacking-related charges, admitting they hit more than 800 US stores, about 250 of which were Subways. There are about 25,000 Subways in the US and many had poor online security. However the hackers did not make much profit -- Oprea, the ringleader, made only $40,000. He paid a steep price for the estimated $12.5 million in losses inflicted on financial institutions and the $5 million Subway spent upgrading its cyber security systems. Oprea was sentenced to 15 years in prison.

Another Romanian story is 'Guccifer' who hacked Colin Powell and leaked Bush paintings

Guccifer, the infamous hacker perhaps best known for breaking into the email accounts of former secretary of state Colin Powell and several Bush and Rockefeller family members, among many others, was arrested Wednesday in Romania, local media reported.

Marcel Lazăr Lehel, 40, also known online as Little Smoke, was arrested at his home in the western city of Arad following a raid by Romania's Directorate for Investigating Organized Crime and Terrorism (DIICOT).

Not only did Guccifer leak former President George W. Bush's much-critiqued paintings, including two ablution-themed self-portraits, but he also hacked into Powell's account, revealing an alleged affair with Romanian European Parliament member Corina Cretu.

But while to the Western world the hacker appeared to come out have nowhere with the Bush email leak last February, Lehel was already known to Romanian authorities years earlier.

Why a Quiet Romania City has become a Global Hub For Hackers and Online Crooks

Ramnicu Valcea a city of about 100,000 citizens is located at the bottom of the Carpathian mountain range, in central Romania. In its mist it has a working-class neighborhood, made up of narrow streets and surrounded by housing projects from the communist era, called Ostroven.

Râmnicu Vâlcea and its Ostroveni neighborhood, is nicknamed "Hackerville." It is the world capital for online theft. Internet shoppers from all over the world have been had by the Romanian hacking network: French, British, Germans, Italians and mostly Americans. According to the Romanian police, around 80% of their victims reside in the US. "Last year, one billion dollars was stolen in the US by Romanian hackers," says American ambassador in Bucharest, Mark Gitenstein.

Parked around those poorly constructed buildings erected during the Cold War dictatorship, there are expensive cars. Behind the wheel, youths between 20 and 30-years-old are proud of showing off a wealth that deeply contrasts with its surroundings. In Ostroveni, everyone knows what is happening, but omerta – the code of silence – is the norm.

A group of FBI cyber-criminality specialists has set up shop in Bucharest, in order to train 600 Romanian policemen to end the scourge.

Europol's European Cybercrime Centre needs more support in the fight against cyber-attacks and crimes

When it comes to cyber relations between nations all is not well. Working with non-EU members such as Russia, where digital crime is rife, is far from straightforward.

Collaborating with Putin's cyber police is only going to get more difficult thanks to the standoff with Ukraine. Not only would Ukraine have been a useful addition to the EC3 membership, given the level of unlawful online activity in nations of the old Soviet Union, but Russia had started showing signs of greater cooperation. That progress looks likely to be put on hold, possibly indefinitely, especially with the sanctions being imposed by Europe and the US.

Countries where cyber criminals host their operations also tend to be those nations that do not have extradition agreements with Western powers. Trying to convince non-EU member states or those that don't have information sharing agreements to make arrests is "very cumbersome".

The leaks of Edward Snowden are also causing issues. Companies are now less willing to share data, even if it clearly relates to criminal activity.


Over 100 specialists including bomb technicians, police investigators, banking security experts and representatives from security companies, participated in a conference, focused on the use of explosives and explosives' mixtures to attack ATM machines. This 1st EU Conference on ATM Physical Attacks took place at Europol's headquarters in The Hague (NL).

Participants gained an overall view of the modus operandi used by criminals in the EU and worldwide, and they shared their expertise on recent attacks and were made aware of ongoing initiatives to defeat this phenomenon. The focus was also on counter measures available in the market, in order to reduce the likelihood and impact of such attacks. 

The conference (7-8th of April) was organised by the Europol business areas of Organised Crime and Counter-Terrorism, joining the expertise of organised crime investigators and counter-terrorist bomb technicians.

Europol has established a European Cybercrime Centre (EC3) and the purpose of EC3 Strategy & Prevention is to make the citizens and businesses of the EU safer through increased insight, knowledge and awareness rising. The EC3 analyses large amounts of data from a variety of sources - both crime data and open sources - to understand how cybercriminals, child sex offenders and fraudsters think and operate.

Internet slows after 'biggest attack in history'

The Internet around the world has been slowed down in what security experts are describing as the biggest cyber-attack of its kind in history. A row between a spam-fighting group and hosting firm has sparked retaliation attacks affecting the wider Internet. Experts worry that the row could escalate to affect banking and email systems.

Spamhaus, a group based in both London and Geneva, is a non-profit organisation that aims to help email providers filter out spam and other unwanted content. To do this, the group maintains a number of block lists - a database of servers is known to have been used for malicious purposes.

Writing exactly one year ago for the BBC, Prof Alan Woodward predicted the inherent weaknesses in the web's domain name system. He wrote: "It is essentially the phone book for the internet. If you could prevent access to the phone book then you would effectively render the web useless."

The attackers have used a tactic known as Distributed Denial of Service (DDoS), which floods the intended target with large amounts of traffic in an attempt to render it unreachable.

The attack's power would probably be strong enough to take down government Internet infrastructure. These attacks are peaking at 300 Gbps (gigabits per second). Normally when there are attacks against major banks, we are talking about 50 Gbps.

Cyber extortionists swipe cosmetic surgery records, try to blackmail Harley Medical Group

Cyber crooks may have broken into Harley Medical Group, a cosmetic surgery firm with 21 clinics in the UK, to steal the intimate details of about 480,000 potential patients and then try to extort money from the company.

The company believes that one intruder struck last month, managing to get their hands on online forms sent in from people querying about procedures such as tummy tucks and liposuction.

From a statement sent by Chairman Peter Boddy to all clients of the company:

‘We recently became aware that an unknown individual had deliberately bypassed our website security, gaining access to information from initial website enquiries in an attempt to extort money from the company.'

‘The intruder also made off with potential clients' names, email addresses, phone numbers, dates of birth and addresses.' Harley's management didn't give in to the thieves' demands. Instead, they called the police and the Information Commissioner's Office. The company insists that neither clinical nor financial information was accessed

The Guardian and The Washington Post win Pulitzer Prize for NSA revelations

The Guardian and the Washington Post have been awarded the highest accolade in US journalism, winning the Pulitzer Prize for public service for their groundbreaking articles on the National Security Agency's surveillance activities based on the leaks of Edward Snowden.

The award, announced in New York on Monday, comes 10 months after the Guardian published the first report based on the leaks from Snowden, revealing the agency's bulk collection of US citizens' phone records.

In the series of articles that ensued, teams of journalists at the Guardian and the Washington Post published the most substantial disclosures of US government secrets since the Pentagon Papers on the Vietnam War in 1971.

The Pulitzer committee praised the Guardian for its "revelation of widespread secret surveillance by the National Security Agency, helping through aggressive reporting to spark a debate about the relationship between the government and the public over issues of security and privacy".

Snowden, in a statement, said: "Today's decision is a vindication for everyone who believes that the public has a role in government. We owe it to the efforts of the brave reporters and their colleagues who kept working in the face of extraordinary intimidation, including the forced destruction of journalistic materials, the inappropriate use of terrorism laws, and so many other means of pressure to get them to stop what the world now recognizes was work of vital public importance."

The Pulitzers have been bestowed since 1917, at the bequest of the legendary newspaper publisher Joseph Pulitzer who established the honor in his will as a means of encouraging publicly spirited journalism. Awards were given in 22 categories this year: the Boston Globe received the Pulitzer for breaking for "exhaustive and empathetic" coverage of the Boston marathon bombing. Journalists in the Globe newsroom observed a period of silence on Monday in memory of the victims, a day before the one-year anniversary of the attack.

Among the disclosures were:

The staff of the Boston Globe, meanwhile, won a Pulitzer Prize for breaking news for its "exhaustive and empathetic coverage of the Boston Marathon bombings and the ensuing manhunt that enveloped the city." The prize committee cited the publication's use of "photography and a range of digital tools to capture the full impact of the tragedy."

Snowden, a 30-year-old computer technician, immediately achieved overnight international notoriety as a result of the stories. He met with Greenwald and Poitras in Hong Kong after downloading an estimated 1.7 million secret NSA files while working for government contract Booz Allen Hamilton in Hawaii. The disclosures have been widely credited with forcing President Obama and Congress to consider and implement still-pending reforms to the NSA's spy programs.

Sophisticated cyber-espionage malware has been circulating for Seven years

Researchers at Kaspersky Labs have discovered a new cyber espionage malware called Careto (Spanish for "Ugly face" or "Mask"). It is said to be one of the most sophisticated cyber espionage campaigns ever seen, according to the researchers at Kaspersky Lab.

The malware attacks not only Windows PCs, but also computers running on Mac OS and Linux (and possibly Android and iPhones) and has been running since at least 2007.  The Mask has successfully targeted at least 380 victims in 31 countries around the world – from the Middle East and Europe to Africa and the Americas; gaining access via directed spear-phishing attacks.

The Mask was thought to be the work of a government, and its targets were "government institutions, diplomatic offices and embassies, energy, oil and gas companies, research organizations and activists." According to a report posted on Kaspersky website.

Infections are usually by a phishing email, which links to malicious files stored on one of a number of exploit websites. Once a target clicked on the malicious link, the malware would monitor the target's Internet activities, record keystrokes, intercept Skype conversations, and steal files and even encryption keys. These keys, for example, could be used to decipher the target's encrypted emails. The malware was also designed to steal files with unknown and uncommon extensions that could be custom military or government encrypted.

Many of the domains used to infect victims have now been shut down, and in fact the team running "The Mask" ceased operations last week after some details of the exploit were made public.

Nine Charged in Conspiracy to Steal Millions of Dollars Using Zeus Malware

Nine alleged members of a wide-ranging racketeering enterprise and conspiracy who infected thousands of business computers with malicious software known as "Zeus" have been charged in an indictment unsealed in Lincoln, Nebraska.

The indictment alleges that the Zeus malware captured passwords, account numbers, and other information necessary to log into online banking accounts. The conspirators allegedly used the information captured by Zeus to steal millions of dollars from account-holding victims' bank accounts.

The indictment was unsealed for two Ukrainian nationals, Yuriy Konovalenko, 31, and Yevhen Kulibaba, 36. Konovalenko and Kulibaba were recently extradited from the United Kingdom. All the defendants were charged by a federal grand jury in August 2012 with conspiracy to participate in racketeering activity, conspiracy to commit computer fraud and identity theft, aggravated identity theft, and multiple counts of bank fraud.

"The Zeus malware is one of the most damaging pieces of financial malware that has ever been used," said Acting Assistant Attorney General O'Neil. "As the charges unsealed today demonstrate, we are committed to making the Internet more secure and protecting the personal information and bank accounts of American consumers. With the invaluable cooperation of our foreign law enforcement partners, we will continue to bring to justice cyber criminals who steal the money of U.S. citizens."

The following four identified defendants remain at large:

The FBI's Omaha Cyber Task Force investigated the case. The Metropolitan Police Service of the United Kingdom, the National Police of the Netherlands's National High Tech Crime Unit and the Security Service of Ukraine provided significant assistance in the investigation.

Big data a new frontier for innovation, competition, and productivity

The amount of data in our world has been exploding, and analyzing large data sets—so-called big data—will become a key basis of competition, underpinning new waves of productivity growth, innovation, and consumer surplus, according to research by MGI and McKinsey's Business Technology Office. Leaders in every sector will have to grapple with the implications of big data, not just a few data-oriented managers. The increasing volume and detail of information captured by enterprises, the rise of multimedia, social media, and the Internet of Things will fuel exponential growth in data for the foreseeable future.

Big data is the term for a collection of data sets so large and complex that it becomes difficult to process using on-hand database management tools or traditional data processing applications. The challenges include capture, curation, storage, search, sharing, transfer, analysis and visualization. The trend to larger data sets is due to the additional information derivable from analysis of a single large set of related data, as compared to separate smaller sets with the same total amount of data, allowing correlations to be found to "spot business trends, determine quality of research, prevent diseases, link legal citations, combat crime, and determine real-time roadway traffic conditions."

Big data is difficult to work with using most relational database management systems and desktop statistics and visualization packages, requiring instead "massively parallel software running on tens, hundreds, or even thousands of servers". What is considered "big data" varies depending on the capabilities of the organization managing the set, and on the capabilities of the applications that are traditionally used to process and analyze the data set in its domain. "For some organizations, facing hundreds of gigabytes of data for the first time may trigger a need to reconsider data management options. For others, it may take tens or hundreds of terabytes before data size becomes a significant consideration."

"Big Data" has increased the demand of information management specialists in that Software AG, Oracle Corporation, IBM, Microsoft, SAP, EMC, HP and Dell have spent more than $15 billion on software firms only specializing in data management and analytics. In 2010, this industry on its own was worth more than $100 billion and was growing at almost 10 percent a year: about twice as fast as the software business as a whole. Integrating Big Data initiatives into the fabric of everyday business operations is growing in importance.

Future big data analysts will know everything you did today

Consider what becomes possible if we correlate information about a person's genome, lifestyle habits, and location with their medical history and the medications they take. We could understand the true effectiveness of drugs and their side effects.  This would change the way drugs are tested and prescribed. And then, when genome data become available for hundreds of millions of people, we could discover the links between disease and DNA to prescribe personalized medications –tailored to an individual's DNA. We are talking about a revolution in health and medicine.

In schools, classes are usually so large that the teacher does not get to know the student – particularly the child's other classes, habits, and development through the years. What if a digital tutor could keep track of a child's progress and learn his or her likes and dislikes, teaching-style preferences, and intellectual strengths and weaknesses? Using data gathered by digital learning devices, test scores, attendance, and habits, the teacher could be informed of which students to focus on, what to emphasize, and how best to teach an individual child. This could change the education system itself.

Combine the data that are available on a person's shopping habits with knowledge of their social preferences, health, and location. We could have shopping assistants and personal designers creating new products including clothing that are 3D-printed or custom-manufactured for the individual. An artificial intelligence based digital assistant could anticipate what a person wants to wear or to eat and have it ready for them.

All of these scenarios will become possible, as will thousands of other applications of data in agriculture, manufacturing, transportation, and other fields. The only question is how fast will we get there – and what new nightmares we will create.

Cyber Security Market to reach $155.74 billion at a CAGR of 10.3% till 2019

Chinese army follows cyber laws says China's defense minister

China's military has always limited its cyber operations within domestic and international law, said Defense Minister Chang Wanquan, after meeting with U.S. counterpart Chuck Hagel.

Meeting journalists alongside Hagel, Chang called on all countries in the world to protect network security, and noted the security threats and challenges facing cyberspace. "China has always adhered to the principle of peace, security, openness and cooperation in cyberspace," he said.

China and the United States have maintained communication on cyber security and share broad common interests in cyberspace, he said, adding that the two armed forces have conducted many candid and effective dialogues on the issue.

Last month, Hagel said in a speech at the National Security Agency headquarters that the United States does not seek to militarize cyberspace and the Pentagon "will maintain an approach of restraint to any cyber operations outside the U.S. government networks." He also said the United States wants to promote the qualities of the Internet that have made it a "catalyst for freedom and prosperity."

First Heartbleed attack reported; taxpayer data stolen

Canadian police this week made what is believed to be the first arrest related to Heartbleed, a recently discovered bug that left countless websites vulnerable to cyber attacks.

Authorities discovered earlier this week that the Canada Revenue Agency (CRA) site was hacked into over a six-hour period and the Heartbleed vulnerability was exploited to nab roughly 900 social insurance numbers and possibly other information from Canadian taxpayers.

Police arrested Stephen Solis-Reyes, 19, in London, Ontario, on Wednesday and seized his computer equipment. He is allegedly associated with the attack and faces criminal charges of unauthorized use of computer and mischief in relation to data. While the hack into the CRA appears to be the first reported attack with Heartbleed, it likely won't be the last.

Solis-Reyes is scheduled to appear in court on July 17.,0,1432966.story#axzz2zJlVQrUM

VIDEO: Protecting against Heartbleed

The Heartbleed bug was an error in the code for OpenSSL, a technology used by two-thirds of the Web's servers to keep sensitive data secure. Heartbleed could be used to easily circumvent OpenSSL and quickly gain access to user data, including their passwords.

NSA denies reports it exploited 'Heartbleed' to spy on consumers,0,5235051.story#axzz2zLJIgjCr

Server makers rush their Heartbleed patches

Dell, HP and IBM issue firmware and software updates for servers affected by the Heartbleed bug

IT suppliers are rushing to protect users from the Heartbleed bug, which has been found in some servers and networking gear and could allow attackers to steal critical data -- including passwords and encryption keys -- from the memories of exposed systems.

Hewlett-Packard, Dell and IBM have set up pages that identify hardware and software products affected by Heartbleed, which exposes a critical defect in certain versions of OpenSSL, a software library for secure communication over the Internet and networks.

Israeli hacker hijacks webcams to unmask Anonymous OpIsrael hackers

Webcams can be exploited in numerous ways, such as click jacking, so that the "record" light does not come on even though the webcam is recording. For that reason alone, it's wise to always keep your webcam covered by a sticky note or a piece of tape when you're not using it. Perhaps that's something even hackers need to be reminded of every once in a while.

Anonymity is not the same thing as privacy, but both are nearly possible to maintain on the Internet. There are cautious privacy-aware people who don't over share and "it's-all-about-me" social media narcissists who share everything; some folks use real names and view the use of pseudonyms as "suspicious" and even subscribe to the stupid "nothing to hide" privacy argument. There's people who literally hide nothing and put on a show via webcam. Then there are people hoping to stay anonymous because they actually are doing something illegal that they hope to hide. No matter who you are, whether you choose to share everything, nothing, or are a teen beauty queen, you should cover your webcam until you need it.

Although some people in hacktivists groups could fall in either category, either crave or shy away from public attention, it seems like both types tend to do a lot of doxing. That's when personal information like real name, aliases, address, phone number, and sometimes-sensitive info like credit card numbers get dumped on the Internet. Sadly, that sort of thing happens frequently.

In something of a twist, Israeli Elite Force hackers doxed 16 members of Anonymous #OpIsrael by using the hackers' own webcams against them.

There seems to be a hash tag for everything, from brands to illegal hacking operations. Regarding #OpIsrael, it's a "massive cyber attack" carried out every year on April 7, "the eve of Holocaust Remembrance Day," with a goal of "erasing Israel from the internet."

Last week in a counter-attack against OpIsrael, pro-Israel hacker "Buddhax" hijacked the webcams of anti-Israel hackers. The Times of Israel reported:

While Anonymous hackers were attacking Israeli sites, Buddhax traced the IP addresses of some of the attackers and broke into at least 16 computers, taking screenshots, scraping computers for logins and passwords of online accounts and using their webcams to take photos of the hackers, Buddhax said. He sent a message to each hacker reading "Next time don't take part in OpIsrael. We know who you are. We know where you are. Long live Israel!" 

The Israeli Elite Force member posted the captures from exploited webcams, screenshots, usernames and passwords, real names and other doxed details in a Dropbox document via the IEF Facebook page, saying, "Anonymous, next time do not mess with us." According to the document now on Scribd, the 16 "not-so-Anonymous" members were located in Switzerland, Malaysia, Indonesia, Portugal, Italy, Finland, Algeria, Saudi Arabia and the United Kingdom. Some show the alleged hackers passed out and sleeping in front of their computers.

Buddhax wrote, "DDOS attacks and defacing small sites are not hacking. I'm not too big of a hacker, but I'm good enough to expose you."

Israeli Elite Force members allegedly released the following statement on Pastebin: "Our original mission was to give pride back to the people of Israel, prove that defacements and such actions are ‘childish' and we can always out smart those who ‘attack' in the cyber realm. Since this task was clearly done, we move on to the future."

While not everyone would agree on only one specific "moral of the story," covering a webcam when not using it could be one moral…or at least serve as another cautionary tale.

Cyber insurance is becoming more Mainstream

Increasingly companies are trying to hedge costs associated with attacks on their networks by purchasing cyber insurance. Not only are more start-ups and established insurance providers getting into the cyber insurance business, but also more companies including mom and pops are paying for insurance against cybercriminals.

The new insurance trend also underscores the growth and complexity of the cyber world. Cyber insurance providers already are using security scores, similar to credit scores, to help gauge what kinds of businesses those insurers want to cover.

The full web site is currently under development and will be available soon!