Cyber Security Intelligence

Twitter< Follow on Twitter >

April Newsletter #2 2014

The Malaysia government is purposefully concealing information on MH370

Malaysia’s sophisticated radar system would have immediately detected Flight MH370 as it crossed the country’s mainland after changing course and should have alerted the air force, Anwar Ibrahim, the opposition leader, has claimed Malaysia’s government is deliberately concealing information that would help to explain what happened to missing Flight MH370, the country’s opposition leader has claimed.

In a wide-ranging interview that cast doubt on the official investigation into the disappearance of the plane, Anwar Ibrahim said the country’s “sophisticated” radar system would have identified it after it changed course and crossed back over Malaysia.

Anwar, who personally knew the pilot of the Malaysia Airlines Boeing 777 that went missing in the early hours of March 8 during a flight from Kuala Lumpur to Beijing, called for an international committee to take over the Malaysian-led operation because “the integrity of the whole nation is at stake”.

He indicated that it was even possible that there was complicity by authorities on the ground in what happened to the plane and the 239 people on board.

US Control of Cuban Social Media

The mobile network called ZunZuneo, which had been in use in Cuba from 2009 until 2012, was funded by the US Agency for International Development and monitored by US Intelligence.

Back in January 2010 Secretary of State Hillary Clinton had suggested this type of action, in her DC Newseum speech, when she called for “a coordinated response by all governments, the private sector, and the international community” to promote Internet freedom.

“The spread of information networks is forming a new nervous system for our planet. When something happens in Haiti or Hunan, the rest of us learn about it in real time - from real people. And we can respond in real time as well. Americans eager to help in the aftermath of a disaster and the girl trapped in the supermarket are connected in ways that were not even imagined a year ago, even a generation ago. That same principle applies to almost all of humanity today. As we sit here, any of you - or maybe more likely, any of our children - can take out the tools that many carry every day and transmit this discussion to billions across the world.

“Now, in many respects, information has never been so free. There are more ways to spread more ideas to more people than at any moment in history. And even in authoritarian countries, information networks are helping people discover new facts and making governments more accountable.”

ZunZuneo is Cuban slang for a hummingbirds twittering and suggests local gossip. The US put over a million dollars into creating the system which locals used to chat about music, relationships sport and the weather.

However the data was being collected and researched for political analysis and trends and was used to put forward ideas and propaganda into Cuban society.

“The euphoria around social networks coexists with the risk of regime change operations, which have increased, as well as the threat to peace. These hazardous conditions make it necessary and urgent that we appropriate these platforms,” Cuban foreign minister Bruno Rodriguez said in 2011, according to a report in the Havana Times.

“Cuban authorities seem willing to embark on the path of social networks, but they’ll do so in their own style. They propose creating internal networks on the island that will enable them to maintain control over their operation and content, according to the explanation given in a workshop on the topic.”

And with similar issues in the UK, Baroness Miller of Chithorne Domer (LD) said in the Lords last week that she was attempting to address the problem of government intervention through social media, which is running ahead of the regulations governing spy activity. She said that the Regulation of Investigatory Powers Act should to be reviewed and up-dated.

“The capacity and scale of interceptions from the RAF bases used by our allies, the Americans, under the Visiting Forces Act means that Parliament must put something in place to be confident of a statutory basis for these interceptions. However, I emphasize that in no way should the amendment be seen as undermining of our relationship with our NATO allies or of the intelligence agencies-quite the reverse. It seeks to increase confidence among UK citizens that we are in compliance with international law and have a national legislative framework that respects citizens’ right to privacy while keeping abreast of threats and technological developments,” she said to the Lords.

And she added. “I welcome particularly my right honorable friend Nick Clegg’s announcement that the Royal United Services Institute-RUSI-has agreed to establish an expert panel to review the use of Internet data for surveillance purposes.”

This issue is not going to go away and is going to get larger and more complicated as we go forward into social networks connected to more complex cognitive computing.

Recently Julian Assange, who since 2012 has been living in the Ecuadorean Embassy in London – still not having been charged with any offence – was asked in a BBC interview his opinion on a European Internet, which in principal he thought was a good idea, but like other networks it would be under threat and review by corporate and intelligence organisations unless some form of independent secure process could be built – a problem we have all been under since the beginning of social intelligence observation.

A Jagged Little Pill : Google want to Microchip the Human Race

Former DARPA director and now Google executive Regina Dugan is pushing an edible “authentication microchip” along with an electronic tattoo that can read your mind.

Regina E. Duncan, has unveiled a super small, ingestible microchip that we can all be expected to swallow by 2017. “A means of authentication,” she calls it, also called an electronic tattoo, which takes NSA spying to whole new levels. She talks of the ‘mechanical mismatch problem between machines and humans,’ and specifically targets 10 – 20 year olds in her rant about the wonderful qualities of this new technology that can stretch in the human body and still be functional.

Hailed as a ‘critical shift for research and medicine, ’ such biochips would not only allow full access to insurance companies and government agencies to our pharmaceutical med-taking compliancy (or lack thereof), but also a host of other aspects of our lives which are truly none of their business, and certainly an extension of the removal of our freedoms and rights.

“These biochips look like the integrated circuits in a personal computer, but instead of containing tiny semiconductors, they are loaded with bits of actual DNA that make up genes or fragments of genes. Inserted in a PC-sized analytical instrument, the chips allow scientists to perform thousands of biochemical experiments at a fraction of the cost and time required for traditional tests.”

With biotech’s track record of hybridizing genes in our food and trees as GMO, why should we give them full access to our entire genetic makeup? With a satellite or the click of a button, these tiny microchips could also be set to begin our own demise, or even control our minds.

Advanced Cyber Attacks are now The Norm says Websense!

Sophisticated cyber attacks are now far more frequent according to the Websense 2014 Threat Report. This Report is an analysis of the market from Websense TRITON’s commercial perspective and provides a very useful, if slightly partial, understanding of the cyber attack and prevention space.

A lot of cyber attackers take into account the costs that apply to their ‘craft’ and they reuse and reinvent their malware to suit the next attack.

“The overall success of last year’s threats is proof that “advanced attacks” and “targeted attacks” are now the norm, not the exception. The data and numerous examples within this report make it clear - of the more than 4.1 billion live attacks that Websense technology prevented in 2013, nearly all exhibited techniques to bypass traditional defenses, compromise systems, and persist throughout infected networks in pursuit of confidential data.”

Stealing money is still the most frequent crime but corporate data theft, changes to information and embedding faults and malware into the opponents system are also high on the list

Though data theft was a common goal of many attacks, attacker motivation varied greatly. Financial gain remained a highly motivating factor, yet some attackers attempted to compromise data for reasons other than making money - to destroy a company’s data and impair its competitive advantage, for example, or to disrupt civic infrastructure or steal state secrets.”

“Eighty-five percent of malicious links used in Web or email attacks were located on compromised legitimate websites, rather than more easily recognizable malicious sites, Websense says. Thirty percent of malicious executable files sampled included custom encryption of command-and-control communication or data exfiltration.

Websense detected more than 67 million exploit kit events in 2014, the study says. The Magnitude and Neutrino Exploit Kits experienced the largest surge in adoption following the arrest of Blackhole's creator in 2013.”

To protect your organisation the Report recommends a seven stage viewing system of the threat landscape and, of course, recommends some software protection systems.

“To better understand how an attacker translates motivations into methods, one must understand the apparatus that they create in order to launch and re-launch their campaigns. To this end, the “kill chain” - that set of activities executed by threat actors to penetrate organizations, expand their footprint within these compromised networks, and steal valuable data – is a useful model. The kill chain can be segmented into seven discernible stages to help organizations determine the most effective defense strategies.”

These seven stages are:

  1. Recon
  2. Lure
  3. Redirect
  4. Exploit Kit
  5. Dropper File
  6. Call Home
  7. Data Theft

This provides a very good starting point for many organisations to understand threat issues more clearly.

UDP – User Datagram Protocol – Attacks

Another view on the protection of information and data and technology security comes from ENSIA - the European Union Agency for Network and Information Security.

According to Wikipedia “The objective of ENISA is to improve network and information security in the European Union. The agency has to contribute to the development of a culture of network and information security for the benefit of the citizens, consumers, enterprises and public sector organisations of the European Union, and consequently will contribute to the smooth functioning of the EU Internal Market.

ENISA assists the Commission, the Member States and, consequently, the business community in meeting the requirements of network and information security, including present and future EU legislation. ENISA ultimately strives to serve as a center of expertise for both Member States and EU Institutions to seek advice on matters related to network and information security.”

ENSIA says that recent news show the increase of large scale attacks exploiting specific vulnerabilities of the Internet core protocols. In the latest cases, the Network Time Protocol (NTP), which allows synchronizing devices to the coordinated universal time (UTC), has been misused. Specifically, in December 2013, vulnerability in this UDP protocol became mainstream and started to be exploited for large-scale reflection attacks leading to a dramatic increase of the size of denial of services. Luckily, network providers can already put in place a series of known countermeasures to mitigate these threats, as ENISA underlined also for amplification attacks in April last year.

The potential of using NTP in attacks is not new: NTP misuse and abuse have been around since the late nineties, nevertheless the possibility to use the monlist vulnerability as an attack vector against specific targets was first publicly underlined in 2010 and early attempts to use this vulnerability can be traced back to 2011.

Unfortunately this specific vulnerability started to be exploited for highly recognizable objectives at the end of 2013, first on gaming sites and recently to target a content delivery network reaching enormous volumes per second. NTP allows synchronizing the time for any services between client and server and this attack exploits a functionality to retrieve a list of IP addresses that queried the server before the request. When addressing this specific request (monlist) using a spoofed victim IP address, the victim receives back the list of up to 600 IP addresses that queried the server before. Due to the large size of incoming packets for a small request packet, the response can generate a denial of service as in the recent attack to a content delivery network where the attacker used 4,529 NTP servers running on 1,298 different networks generating approximately 400Gbps of traffic.

It is clear that the trend of amplification and reflection attacks exploiting network core protocols is not going to stop.

New tool makes scanning the Internet for illegal images possible

Researchers have developed a system that makes it possible to scan traffic on the Internet for illegal photographs. The system can, for example, help trace child pornography on the Internet without infringing on the privacy of Internet users. Internet service providers could use the tool to keep their network “clean.”

Researchers at the University of Twente have developed a system that makes it possible to scan traffic on the Internet for illegal photographs. The system can, for example, help trace child pornography on the Internet without infringing on the privacy of Internet users. Internet service providers could use the tool to keep their network “clean.”

The police use a standard database to detect illegal photographs, like child pornography, on equipment they seize, such as computers or USB sticks. For security reasons, the database cannot be used to scan networks such as the Internet. Were the database to end up in criminal hands, criminals could use it to make their own illegal photographs untraceable.

An UTwente release reports that with the system of the University of Twente, the police database can, from now on, be used to scan a network as well. This makes it possible to search for illegal photographs without the risk of the database ending up in wrong hands. Another advantage of this system is that the police can only see the number of illegal photographs to be found on the Internet; they cannot see the actual photographs. Therefore, the privacy of the owner of the photographs remains safeguarded.

Despite the technical possibilities of the system, it is not yet clear what the consequences are in terms of current Dutch legislation. The researchers still want this verified from a legal point of view.

The standard police database does not contain any truly illegal photographs but only features of these photographs expressed in numbers (hash values). When the police seize equipment, such as a PC, the database is brought into action to compare the known hash values with those of the photographs on the PC. In this way, the police are able to verify whether the equipment contains any illegal photographs.

The new system is a special encryption version of the police database. Researcher Andreas Peter says:

“You can compare it with a sort of safe, the contents of which you cannot see but in which you can place photographs. Subsequently, it is the ‘safe’ alone that scans the photographs and then sends a confidential report to the police. The police can open this report with a special key. The report indicates how many illegal photographs are in the safe.”

With this new system, Internet service providers can also use the police database to scan their network for illegal photographs. The release notes that at this time the University of Twente is consulting with companies that are interested in starting to work with the system. A scientific article about the prototype will soon be published during ICASSP 2014, an international conference on signal processing, to be held in Florence, Italy, 4-5 May.

The system is a part of Christoph Bösch’s doctoral research. He has conducted his research at the University of Twente’s CTIT research institute departments of Services, Cybersecurity and Safety and Databases. Bösch hopes to graduate by the end of 2014. His Ph.D. thesis is entitled “Cryptographically Enforced Search Pattern Hiding.”

Researchers of the University of Twente have also developed a unique, autonomous tour-guide robot as part of the project Fun Robotics Outdoor Guide (FROG): the campus robot.

The robot is capable of exploring the environment and independently guiding groups of people around cultural places. At the same time he monitors the behavior of his audience and adapts accordingly. This type of tour-guide robot is unique in the world.

Einstein theory suggests Quantum Mechanics offers an ultra-secure Internet

Back in 1935 Einstein highlighted a theory in quantum mechanics, suggesting that entangled particles stay connected even when they are large distances apart.

Einstein’s skepticism about quantum mechanics may lead to an ultra-secure Internet, suggests a new paper by researchers from Swinburne University of Technology and Peking University.

Associate Professor Margaret Reid from Swinburne’s Center for Quantum and Optical Science said Einstein’s reservations about quantum mechanics were highlighted in a phenomenon known as “‘spooky’ action at a distance.”

“Until now the real application of this has been for messages being shared between two people securely without interception, regardless of the spatial separation between them,” Professor Reid said. “In this paper, we give theoretical proof that such messages can be shared between more than two people and may provide unprecedented security for a future quantum Internet.”

Sending Einstein’s entanglement to a larger number of people means the key can be distributed among all the receiving parties, so they must collaborate to decipher the message, which Professor Reid said makes the message even more secure.

“The message will also remain secure if the devices receiving the message have been tampered with, like if an iPhone were hacked, because of the nature of Einstein’s spooky entanglement. Discovering that it can be applied to a situation with more parties has the potential to create a more secure Internet - with less messages being intercepted from external parties.”

Spritz gets you reading faster

A new reading system known as Spritz has been developed to enable faster reading on devices with smaller screens.

The developers of the app say reading time is mostly spent moving your eyes from one word to the next, but Spritz displays the most important part of each word in exactly the same place on the screen, keeping your eyes in the same place.

Facebook Face Recognition

Facebook is developing a programme that can recognise a face before it has been tagged. It is claimed that DeepFace can recognise whether two photographs are the same person with a 97% accuracy rate. Facebook's facial recognition software is quite advanced; probably something only the military or the NSA has access to.

According to a new report from Facebook, the technology researchers are looking into has the ability to recognize a person's face just as accurate as a human being. If this is real, then the social network is turning into a scary place, and only a drastic change in Facebook's privacy policy and options could allow such software to move forward.

Asked whether two unfamiliar photos of faces show the same person, a human being will get it right 97.53 percent of the time. New software developed by researchers at Facebook can score 97.25 percent on the same challenge, regardless of variations in lighting or whether the person in the picture is directly facing the camera.

The full web site is currently under development and will be available soon!