Cyber Security Intelligence

Twitter< Follow on Twitter >

December Newsletter #2 2014

Darknet Dug Arrest – Can the criminals be stopped ?

In an operation involving 17 countries, law enforcement agencies arrested 17 people believed to be involved with Darknet markets. The operation, code named “Onymous”, first came to light with the announcement by the FBI and Homeland Security Investigations of the arrest of Blake Benthall (also known as “Defcon”) the operator of Silk Road 2.0. This arrest was followed up with news that a number of other Darknet sites had been seized. These sites dealt with the sale of drugs, firearms, stolen credit cards and money laundering.

The long-term impact of Operation Onymous, an international law enforcement operation targeting illegal dark net marketplaces, can be questioned given the ability of alternative websites to absorb customers. A study by the Digital Citizens Alliance (DCA) found that the six dark net marketplaces with the highest total product listings were Silk Road 2.0, Agora, Evolution, Pandora, Andromeda and Bluesky. Operation Onymous captured just three of these with Agora, Evolution and Andromeda remaining online. Agora had already surpassed Silk Road 2.0 prior to its closure whilst other sites such as Evolution have also grown in popularity.

Evolution is an online contraband bazaar that sells drugs in addition to stolen credit card numbers, weapons, and counterfeit documents. It has around 22,000 product listings (more than Silk Road 2.0 ever offered). According to data collected by the DCA, Evolution was growing quickly before Operation Onymous, adding 80 to 90 new products a day. However, it would appear that Evolution has profited from the closure of its competitor sites – drug offerings have grown over 50 per cent and it is now adding around 280 new products a day.

There has been continued speculation over the methods law enforcement used to locate and seize the dark net sites in Operation Onymous. A study by Professor Sambuddho Chakravarty suggests that the original IP addresses of over 81 per cent of Tor users can be revealed by exploiting the Netflow technology that Cisco has built into its router protocols as well as similar traffic analysis software used amongst other manufacturers. However, it has also been argued that more conventional detection methods could have been used. These include undercover operations, monitoring forums and trying to match anonymous identities to “real world” services such as buying server hosting, dealing with Internet service providers and exchanging Bitcoin for other currencies.

Analysis by Jamie Collier PhD student at Oxford University -

NSA Auroragold hacks cellphones worldwide

According to documents contained in the archive of material provided to The Intercept by whistleblower Edward Snowden, the NSA has spied on hundreds of companies and organizations internationally, including in countries closely allied to the United States, in an effort to find security weaknesses in cellphone technology that it can exploit for surveillance.

The documents also reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped into—a controversial tactic that security experts say could be exposing the general population to criminal hackers.

Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks.

One high-profile surveillance target is the GSM Association, an influential UK-headquartered trade group that works closely with large US-based firms including Microsoft, Facebook, AT&T, and Cisco, and is currently being funded by the U.S. government to develop privacy-enhancing technologies.

Sony Pictures hack includes sensitive celebrity data

Last week, all computers at Sony Pictures were hacked and the attackers were able to steal almost 1,100GB of private data. The leak also includes sensitive data of celebrities like Sylvester Stallone and Judd Apatow, as well SECURITY as nearly 47,000 social security numbers. A new report further claims that former Sony Pictures executives were aware of this vulnerability beforehand, and it ‘was a long time coming’. reports that Sony’s IT officials kept employees’ passwords were ‘hidden’ in a folder named password. On conditions of anonymity, these employees highlighted specific vulnerabilities on company websites and systems that were never addressed.

Currently, Sony has a small 11-member IT team, taking care of over 7,000 employees. The intruders now have a treasure trove of information including movie budgets, salary information, social security numbers, health care files, unreleased films, and the latest info dump ‘Passwords’.

Hackers who broke into systems at Hollywood studio Sony have revealed the multi-million dollar salaries allegedly received by Seth Rogen and James Franco for Kim Jong-un baiting comedy The Interview, reports Bloomberg.

Rogen picked up $8.4m for co-directing and acting in the film, while co-star Franco received $6.5m, according to the new leak. The film’s overall budget was $44m and included $241 for a “table of weed, coke, pills and panties”, believed to be props, and $74,000 for two tigers, their handlers, and special “tiger accommodations”. The details were released via the file-sharing site Pastebin along with sensitive information about scripts for upcoming TV shows and the credit card details of Sony boss Michael Lynton.

Sony is reeling from a cyber-attack last week that has seen five of its upcoming movies, including the big-budget musical remake Annie, released online to file-sharing sites by a group calling itself Guardians of Peace. The LA Times reports that social security details for Hollywood luminaries such as Judd Apatow, Sylvester Stallone and Rebel Wilson were also leaked in the breach.

Some reports have suggested the hackers were working on behalf of North Korea in retaliation for The Interview, which riffs on a fictional CIA plot to assassinate Kim Jong-un. Rogen and Franco play two journalists charged with carrying out the killing, the depiction of which caused officials to complain to the United Nations in July and has seen state media warning of “merciless retaliation”.

Experts have signaled skepticism about North Korean involvement in the leaks, but Bloomberg’s report suggests a Sony internal report has indeed now linked the attack to a group associated with Pyongyang known as DarkSeoul, which wiped out the computers of South Korean banks and broadcasters in March 2013. The report cites an anonymous person familiar with the investigation, though the studio has not officially accused Pyongyang.

The European Union divided on Net Neutrality…..

People have wondered how an Internet without net neutrality would work. It is currently hypothetical that on an Internet without net neutrality, companies would need to “pay to play” and live by arbitrary, ISP-devised rules for accessing consumers who want and pay for their services. This is the so-called “fast lane.” While ISPs argue this is about network utilization and bandwidth costs, businesses worry that it’s far beyond that.

As an organising principle, net neutrality explains why the Internet has enabled such an explosion of creativity over the past 30 years. It meant that if you were smart enough to invent something that could be done with data packets, then the Internet would do it for you with no questions asked. What that meant was that the barriers to entry for innovators were incredibly low, which is why Tim Berners-Lee was able to launch the web and a Harvard sophomore named Mark Zuckerberg could unleash Facebook on an unsuspecting world.

The current hoo-hah in the US was triggered by the decision of some ISPs (such as Comcast) to charge content providers such as Netflix to provide fast lanes to get films to subscribers. This was seen as a threat to net neutrality, because it means that those with the deepest pockets get priority for their bit streams. This seems to me to be a bad idea, ultimately raising the barriers to entry, privileging corporations over other users and reducing the disruptive potential of the network.

Recently the European commission’s vice president for the digital single market has expressed his concern over Italian proposals to give network providers the ability to offer different speeds to different sites.

Andrus Ansip, EU vice-president for the digital single market.

Andrus Ansip, the former Estonian prime minister, said he was “really worried” about the new plans in an interview with Reuters.

In a leaked document dated 14 November, Italy, which holds the rotating presidency of the EU, suggested removing the definitions of “net neutrality” and “specialised services”; the latter are seen by net neutrality proponents as little more than a euphemistic term for offering an internet fast lane to paying customers.

While the EU focuses on net neutrality, six UK ISPs have been required to block access to yet more torrent sites, “including,,, and”, according to industry site TorrentFreak.

Britain’s Internet censorship system, originally built around preventing access to child abuse images, has been extended to cover sites, which promote copyright infringement since the Pirate Bay was blocked in February 2012. BT and Sky have now implemented the latest load of changes, preventing direct access for their subscribers (although the blocks are easily circumvented by users with a VPN), but BT has gone a step further and blocked access to other torrent sites as well.

Phone calls have enjoyed common carriage since the Telecommunications Act of 1934, and it’s been a pretty good deal for consumers, businesses and access providers alike. However, the FCC has been reluctant to update its regulatory framework to account for all forms of communication, including technologies like SMS messaging and Internet traffic. But now is the time to change, as President Obama recently by calling for Title II treatment, common carriage, for Internet communications.

Without net neutrality, the Internet as we know it will become arbitrary, unstable and hostile to innovation.

and on Google …….

The European parliament has demanded action that could lead to competition regulators attempting to break-up firms such as Google.

The vote took place as the European Commission continues an investigation into Google to see whether it is abusing its market position amid accusations it is biased in linking search results to its own services.

The resolution did not mention Google or any specific search engine, though Google is by far the dominant provider of such services in Europe with an estimated 90% market share.

Not to mention Privacy… as websites silently track EU users

The pan-European data regulator group Article 29 has issued new opinion on how websites and advertisers can track users and the permissions they require.

The new opinion dictates that “device fingerprinting” – a process of silently collecting information about a user – requires the same level of consent as cookies that are used to track users across the Internet.

“Parties who wish to process device fingerprints which are generated through the gaining of access to, or the storing of, information on the user’s terminal device must first obtain the valid consent of the user (unless an exemption applies),” the Article 29 Working Party wrote.

It means that some websites, including Google, Facebook and Microsoft, that have used alternative technical processes to try to bypass the need for a “cookie policy notice” will have to show a notification after all.

Until now, device fingerprinting has been considered separate from the European legislation that covers cookies, which requires companies that store small bits of information on a users computer for storing settings and identity to explicitly ask for consent.

That requirement for consent is why most websites accessible from the UK have a small message either at the bottom or top of the site asking for permission to use cookies, or telling the user that the site uses cookies and continuing to use the site implies consent.

Companies, including Google, Microsoft and Facebook, use this information broadcast by almost anything that connects to the internet to track users as they play, browse, buy and watch primarily for advertising purposes.

Fighting Terror and Crime using Intel-Visualization

Intelligence agencies generate massive amounts of information and espionage and counter-terrorism organizations all over the world connect their data mining and collection systems to every civilian communications infrastructure, including cellular, landline and internet service providers, effectively acquiring the ability to intercept any phone call, location of cellular phones, SMS message contents, e-mails or surfing data.

The total amount of information is immense and constantly growing. All the information that’s collected using signal intelligence systems, or SIGINT, in addition to large amounts of additional civilian information held by intelligence organizations, such as population registries, border crossings, banking transactions and more, is entered into massive databases that must support quick retrieval of large amounts of data.

In order to present the large amounts of intercepted data regarding groups or individuals in a way that makes sense, and to help intelligence officers understand the information and use it effectively, the data has to be presented in a graphical, visual way, rather than textual.

One of the most important means of deducing a suspect’s routine and establishing his connection to an event is carried out using a “connections map”. The sum total of the suspect’s communications with his various social circles (friends, co-workers, family, bosses, etc.) – incoming and outgoing cellular phone calls, text messages, calls using landlines, VOIP chats – are presented visually, with every line representing his entire communication history with a specific target. This can be done in real time and used to direct tactical units on their way to arrest or neutralize the suspect. The layers can include topographic information, road images, demographic, intelligence and municipal information, and more.

150 million cars will be connected to the Internet by 2020

In just five years, most cars and trucks will be connected to the Internet, according to a report from Gartner Inc. By 2020, about 150 million vehicles will be connected via Wi-Fi, and 60% to 75% of them will be capable of consuming, creating and sharing Web-based data, the report states.

The added connectivity will let carmakers change their business model from pure hardware to tech innovators that draw income from mobile apps. To do that, however, vehicle manufacturers will need to team up with companies such as Google, Apple and Samsung.

By 2018, two automakers will have announced plans to become technology companies and expand their connected-vehicle value experiences to other industries and devices. And by 2020, at least one auto company will achieve 10% of its total revenues from connected mobility and service offerings so says Gartner.

As the amount of information being fed into in-car head unit or telematics systems grows, vehicles will be able to capture and share not only internal systems status and location data, but also changes in surroundings in real time.

In the future, apps will be tailored to in-vehicle services, such as scheduling service appointments, driver-related content such as real-time navigation updates, and streaming music and video services and even the ability to shop online or find and then pay for parking online. Also driving statistics can be anonymized and used to improve roadways. For example, analysis of vehicle tracking data could play a role in efforts to improve intersections where there are a lot of accidents.

The in-vehicle navigation service TomTom, for example, already routinely provides anonymized information to some police forces.

But once mobile devices are connected to car infotainment systems and cars are connected to the Internet, vehicles will become a rich source of data for manufacturers, marketers, insurance providers and the government.

Kaspersky discloses more info on Regin

The world is today learning more about the super-spying software known as Regin, which appears to have given a nation’s spy agencies, (initially this was thought to be malware from America and Israel but the debate has moved to others including China), access to Internet and telecom companies in at least 18 countries since about 2008 and maybe earlier.

First revealed by Symantec, there was new information recently from Kaspersky Labs, the Russian computer security firm. In a blog post that pulls highlights from a more detailed technical paper, the firm says it has been tracking the malware for two years.

The intended victims appear to be certain customers of the targeted ISPs and telecom companies. But Kaspersky notes a few classes of victims that Symantec did not: Government agencies, financial institutions and individuals doing advanced research into mathematics and cryptology.

One specific victim is the Belgian researcher Jean Jacques Quisquater, who earlier this year announced that he had been targeted in a sophisticated intrusion.

Easily the most interesting and ominous disclosure from Kaspersky is the fact that the Regin malware was used to compromise GSM wireless phone base stations.

The Regin malware was designed to quietly send the information it gathered to external machines known as “command and control,” or C&C, servers. Kaspersky tracked down the IP addresses of at least four of them. Two were in India, one was in Taiwan and one was in Belgium. That, however, doesn’t implicate those countries — anyone can easily set up a server in practically any country in the world.

Kaspersky also identified several new countries that were on the list of those targeted. Some unusual ones include the Pacific Island nations of Kiribati and Fiji. Other new entrants on the list include Syria, Malaysia and Indonesia.

Opion remains divided, although areport in the German magazine Der Spiegel suggests the Belgian attack specifically may have been carried out by the NSA and GCHQ.

Handling Big Data: Top 5 Mistakes To Avoid

In recent years, few terms have been as overused and misunderstood as “big data.” From making predictions about massive flu outbreaks with a Google flu trends solution, to tracking shopping trends and directing savings to customers, to making real-time trading decisions that impact company’s and an individual’s bottom line positions, data has become the key to staying competitive in today’s global economy.

Big data is simply the current generation of database management requirements and technology needed to meet the demand in the database marketplace. This data includes complex text, large video and audio files, real-time feeds, and ever-changing business processes that required flexible data schemas from various sources. Problems arose when technologists realized that legacy systems or traditional relational database management systems (RDBMS) solutions weren’t capable of handling or processing the types of data in a way that drove toward real business outcomes. It wasn’t just about storing the information anymore.

A recent survey indicated that more than 75 percent of big data/IT projects in the broader industry were incomplete. Clearly, there are challenges standing in the way of the most effective solutions to tapping into our big data and making it work.

Lets break down a few.

  1. Are You Doing Enough With The Data
    Perhaps the most obvious reason for any organization to take on the challenge of big data is the ability to remain competitive by using available data to drive business intelligence that supports decision-making.
    If an online publisher has a better understanding of when and why readers are clicking on the content and engaging longer, it can customize content for the current and future visitor demand. Driving value from existing data is one of the most common challenges faced in industry. While many technologies can help meet these challenges, most database technology lacks the ability to quickly and easily do so without a tremendous amount of data transformation, making the goal of accurate business intelligence that much more difficult to reach.
  2. You’ve Bet The Company On Free Software
    Through the hype cycle of the past few years, every organization thinks it must deploy the latest and greatest solution, like Apache Hadoop or Pig, while feeling that traditional RDBMS solutions are obsolete or outdated. While true that relational databases are inherently incapable of addressing the needs met by NoSQL databases, a growing number of failures in the open source big data ecosystem have prevented future analysis.
    The reality is that most open-source database software is not viable or realistic for solving the needs of the enterprise. Most open-source packages are built to appeal to the web developer for simple consumer-based applications. Those products typically don’t scale well, aren’t secure, and known to lose data.
  3. You’ve abandoned your expensive Legacy Data Systems
    Data shows a growing trend toward the (LDW): a warehouse that is really built on two or more physical databases integrated into a single access view. For the same reason that industry is adopting NoSQL for application development, it needs a new way to construct and host data warehouses. Using one RDBMS, relational database management, it’s too hard to get it right the first time and it takes too long (and too much money) to do it iteratively.
    A LDW, a logical data warehouse, uniquely consolidates the indexes and data from almost any data source and makes it possible to build a customised view enabling any client to perform transactions or analytical queries..
  4. You Don’t Know Your Data
    As with any industry, an evolution can quickly create a knowledge gap: where our understanding of the challenges and solutions hasn’t caught up with those faced by any specific organization.
    Some believe big data has created the need for new roles such as the chief data officer (CDO) and the data scientist. According to Gartner, 25 percent of all large global organizations will have appointed a CDO by 2015. However often you don’t need a data scientist. You need better software.
  5. You’ve Bitten Off More Than You Can Chew
    Perhaps one of the easiest mistakes to avoid in your foray into big data is simply taking on too much. Most of the time, this happens because of technology reasons.
    Leading with the end game in mind, IT managers and chief information officers should be asking what business decision they’re trying to affect, rather than how to integrate new technology into existing technology. Asking the right questions can be the success or failure of any data project.

To deal with the massive and continued influx of data in a way that drives business value, organisations need to understand the reasons so many big data projects fail, so those failings can be avoided. Knowing what not to do, is as important, as knowing what to do. With this knowledge, organisations can achieve their near and long-term objectives.

Big Data has rendered older security models largely obsolete. The 'all-in-one' product approach that once served the industry is now inadequate. Meanwhile Big Data promises to open new horizons in all aspects of business and analytics. Yet, there is an obvious downside. The more we digitize information and the more information we gather, the more doors we potentially open for hackers.

Snowden Says Vodafone is helping GCHQ Spies

Previously unpublished documents show how the UK telecom firm Cable & Wireless, acquired by Vodafone in 2012, played a key role in establishing one of the UK Government Communications Headquarters’ (GCHQ) most controversial surveillance programs.

A joint investigation by NDR, WDR, Süddeutsche Zeitung and Channel 4 based on documents leaked by whistleblower Edward Snowden, reveals that Cable & Wireless actively shaped and provided the most data to GCHQ mass surveillance programs, and received millions of pounds in compensation. The documents also suggest that Cable & Wireless assisted GCHQ in breaking into a competitor’s network.

In response to these allegations, Vodafone said that an internal investigation found no evidence of unlawful conduct, but the company would not deny it happened.

In August 2013 Süddeutsche Zeitung and NDR first named Vodafone as one of the companies assisting the GCHQ. Reports that Vodafone secretly provided customer data to intelligence agencies damaged the company’s relation to German customers. Few months later Der Spiegel reported that the NSA had spied on Chancellor Angela Merkel, whose cell phone was on a Vodafone contract.

This could be a coincidence. No evidence suggests that Vodafone was involved in the “Merkelphone” scandal. But unlike Facebook, Yahoo, or other companies forced to cooperate with the intelligence services, Vodafone has yet to challenge the GCHQ publicly.

Sentient: Meet Watson's Potential Rival

Sentient Technologies, a potential IBM Watson rival focused on artificial intelligence, machine learning and big data, has raised $103.5 million in Series C funding.

Key financial backers include Access Industries, Tata Communications (Hong Kong), Horizons Ventures, and a group of private investors. ""Making sense of massive amounts of data is critical for consumer-facing digital businesses,” said Jörg Mohaupt from Access Industries, in a prepared statement.

Read between the lines and it sounds like Sentient is trying to solve some of the same business issues that IBM's Watson system has been pursuing. While Watson is best-known as a "supercomputer" of sorts, Sentient has a distributed artificial intelligence platform spanning millions of AI processing nodes. This system enables researchers to solve mission-critical problems, the company said in a prepared statement.

Sentient claims its product team has quietly demonstrated the platform's capabilities to financial trading and medical research companies.

True believers include Tata Communications, which is rolling out data center space, managed hosting and network services for Sentient. The companies say they plan to partner on a range of products and services. Sentient is also working on APIs to allow partners and customers to work more deeply with the system.

Still, it's unclear how much revenue Sentient currently generates. And the world of artificial intelligence is filled with IT development challenges. Early IBM Watson customers, for instance, experienced challenges rolling out applications. But more recently, IBM has been describing major milestones for the Watson business -- without necessarily disclosing actual revenues tied to the business.

Stephen Hawking: The End. Artificial Intelligence & the human race

The development of artificial intelligence could spell the end of the human race, Professor Stephen Hawking has says.

The famous astrophysicist said he believed technology would eventually become self-aware and supersede humanity, as it developed faster than biological evolution.

Hawking told the BBC: “The primitive forms of artificial intelligence we already have, have proved very useful. But I think the development of full artificial intelligence could spell the end of the human race.”

Police & Thieves: Both US Police and Hackers begin to use drones

The newest addition to the Michigan State Police aviation unit is a high-tech remote-controlled helicopter, better known as a drone. Pilots have been training on it for almost a year and they hope to get Federal Aviation Administration approval in the next few days to use it across the state.

According to the Lansing State Journal, State Police want to use it for search and rescue missions, barricaded gunmen, and even natural disaster damage assessments.
The drone industry is poised to boom in Michigan and around the world. Hobbyists, entrepreneurs and businesses are finding new ways to use a technology that seemed like science fiction just a few years ago.

Hackers to use Drones

Now a group of Israeli researchers has demonstrated at the last Black Hat Conference how to hack air gapped-networks by using lasers and drones.

A lot of people believe that it is possible to secure a computer keeping it off, security specialists define a network separated by the Internet, or by any other unsecure networks, as “Air gapped-network”.

Unfortunately also Air gapped-networks could be hacked with different techniques, a threat actor could use a USB to compromise it (i.e. as happened for the Stuxnet infection in Iranian nuclear facility of Natanz) or, as revealed by Edward Snowden, using radar waves and sophisticated equipment.

A group of top Israeli cryptographers, Adi Shamir, Yuval Elovici, and Moti Guri, have recently explained how it is possible to use an all-in-one printer, complete with a built-in scanner, to infiltrate an air-gapped network, or a system, and steal sensitive data.

In the Stuxnet case, the attackers initially spread the Stuxnet virus using a USB stick, once infected the target, they had no opportunity to control the malicious agent due to the impossibility to communicate with it. The new research conducted by the experts has demonstrated that it is possible to overwhelm this limitation controlling the malware with a long-distance laser, which could be installed on a drone.

Kurdish Government Controls the internet in Iraq

Iraq's reliance on Kurdistan for Internet connectivity due to Baghdad bureaucracy has put the northern autonomous region in control of three-quarters of Iraqi networks. This runs contrary to what Baghdad had sought from state control of fixed infrastructure within its jurisdiction, and the situation has spooked private investors and neutered Internet development outside Kurdistan, which sets its own rules.

Iraq bars private companies from owning fixed networks that allow transiting domestic data and, any built by private companies, are often seized by the government. Just 9.2 percent of Iraqis are online, according to the International Telecommunication Union (ITU), placing OPEC's second-largest crude exporter below the likes of Haiti and Nepal despite an average income six times greater.

In Iraq proper, a one megabyte per second (mbps) broadband connection costs $399 per month, Arab Advisors Group estimated. This compares with $3.51 in the European Union and $7 in Iran, according to Ookla consultancy, while Kurdistan's pro-business approach has made the region's Internet faster, cheaper, more reliable and widespread.

Irbil-based Newroz Telecom has the largest international Internet gateway in Iraq yet faces long-standing hostility from Baghdad, which often blocks the company transiting data into Iraq from Kurdistan, said Ali Imad, Newroz technical director.

The government awarded contracts to build some FTTH but these mostly only reached the street, industry sources say. From there, another firm should have built a further fiber link to each home, but there was scant interest in doing so.


The full web site is currently under development and will be available during 2014