Cyber Security Intelligence

Twitter< Follow on Twitter >

June Newsletter #2 2014

Two weeks to save your computer from major cyber attack

Computer users have under two weeks to save themselves from a cyber attack blamed for millions of pounds of fraud across the world.

The National Crime Agency teamed up with the FBI and other cybercrime experts to take down a criminal network’s ‘command-and-control’ – but admit they cannot keep it down for long.
More than 15,500 British computers have already been invaded. Many more, running on Windows, remain under threat from ‘botnets’, which can steal money from accounts without users’ knowledge.

In the US alone, gangs are thought to have taken $500million in fraudulent transactions in 2013.

It is not just bank details being targeted; webcams can be used to spy on you, and criminals may also seek to gain money through holding photographs, email accounts or information to ransom.

The gangs are thought to be based in Russia or Eastern Europe, using malware such as Gameover Zeus, GOZeus, or P2PZeus, and ransomware CryptoLocker. The FBI last night described the alleged ringleader, Evgeniy Bogachev, as one of the most active cyber criminals in the world and issued a ‘most wanted’ poster to seek his arrest.

The criminal network was discovered in 2011, and seizing it temporarily in Operation Tovar is said to have been ‘extremely costly’.

The NCA urged people to tighten their software security. It said its warning was not intended to cause panic but added: ‘We cannot over-stress the importance of taking these steps immediately.’

Steve Rawlinson, whose company Tagadab helped target the network said the criminals could get around the take-down in as little as a week. ‘The scale of this operation is unprecedented,’ he added.

Related Links:
http://metro.co.uk/2014/06/02/two-weeks
http://www.independent.co.uk/life-style/

Russian wanted over cybercrime botnet

The US has charged a Russian man with being behind a major cybercrime operation that affected individuals and businesses worldwide.

Evgeniy Bogachev, said to be known as "lucky12345" and "slavik", is accused of being involved in attacks on more than a million computers.

The charges came as authorities seized control of a botnet used to steal personal and financial data.

Computer users were urged to run checks to protect themselves from the threat.
In a press conference held on Monday, the US Department of Justice said it believed Mr. Bogachev was last known to be residing in Anapa, Russia.

Cooperation with Russian authorities had been "productive", a spokesman added.
In an entry added to the FBI's Cyber Most Wanted list, it stated: "He is known to enjoy boating and may travel to locations along the Black Sea in his boat."

His charges, filed in a court in Pittsburgh, included conspiracy, wire, bank and computer fraud, and money laundering.

The UK's National Crime Agency (NCA) said people probably had "two weeks" before the criminals would get the botnet functioning again, and posted advice on how to best protect computers.

Internet service providers (ISPs) will be contacting customers known to have been affected by either letter or email. The first notices were sent out on Monday, the BBC understands.

Advice from Get Safe Online

*Install internet security software from companies listed on Get Safe Online's Facebook and Google+ profiles to download a free tool to scan for Gameover Zeus and CryptoLocker, and remove them from your computer
*Do not open attachments in emails unless you are 100% certain that they are authentic
*Make sure your internet security software is up-to-date and switched on at all times
*Make sure your Windows operating system has the latest Microsoft updates applied
*Make sure your software programs have the latest manufacturers' updates applied
*Make sure all of your files including documents, photos, music and bookmarks are backed up and readily available in case you are no longer able to access them on your computer
*Never store passwords on your computer in case they are accessed by Gameover Zeus or another aggressive malware program
------------------------------------------------------------------------------------------
The action related to a strain of malware - meaning malicious software - known as Gameover Zeus.
Malware is typically downloaded by unsuspecting users via what is known as a phishing attack, usually in the form of an email that looks like it comes from somewhere legitimate - such as a bank - when it fact it is designed to trick a person into downloading malicious software.
Once installed on a victim's machine, Gameover Zeus will search specifically for files containing financial information.
If it cannot find anything it deems of worth, some strains of Gameover Zeus will then install Cryptolocker - a ransomware program that locks a person's machine until a fee is paid.
----------------------------------------------------------------------------------------
Hi-tech crime terms
Bot - one of the individual computers in a botnet; bots are also called drones or zombies
Botnet - a network of hijacked home computers, typically controlled by a criminal gang
Malware - an abbreviation for malicious software i.e. a virus, Trojan or worm that infects a PC
Ransomware - like malware, but once in control it demands a fee to unlock a PC

Related Link:
http://www.bbc.co.uk/news/technology-27668260

Snowden's NBC Interview, pre-Whistleblowing Emails, his German effects and other Federal breaches

Federal agencies reported nearly 50,000 cyber incidents in 2013. A 32 percent jump from the year before.

After three years of consistent numbers of reported incidents from 2010 to 2012 (hovering between 33,000 and 35,000 among agencies) 2013 saw a spike to 46,160, according to data pulled from the Homeland Security Department’s US Computer Emergency Readiness Team. A report from the Government Accountability Office, released recently, didn’t provide much explanation for the spike, but did note agencies generally fell short of doing enough to prevent it from happening again.

However Edward Snowden's leaks of classified documents from the US National Security Agency have revealed that America spies - and their British counterparts at GCHQ - now use that very same Internet to sweep up vast amounts of data from the digital trail we leave every day.

It isn't simply that they mine social media updates and the information we already give to companies. The NSA and GCHQ have allegedly tapped into the Internet's structure.
US intelligence leaker Edward Snowden has also described himself as a trained spy specialising in electronic surveillance, dismissing claims he was a mere low-level analyst.
In an interview with NBC, he reiterated that he had worked undercover overseas for the CIA and NSA.

He said the US got better intelligence from computers than human agents.

Then recently the NSA released an email Edward Snowden had sent to its general counsel. The spy agency was responding to NBC News reporting that it had confirmed that the NSA had received an email from Snowden before he leaked all those documents expressing "policy and legal" concerns.

This report seemed to bolster Snowden's claim that he had alerted intelligence officials of his profound concerns about the NSA's extensive surveillance programs before taking matters into his own hand and becoming a whistleblower. But when the NSA put out the email—claiming it was the only communication of this sort it had received from Snowden—there was a surprise: Snowden had not contacted the NSA's top lawyers about possible abuses within the NSA. He had asked questions regarding information in a training course. The course had covered the "Hierarchy of Governing Authorities" for federal action. At the top of the chain was the US Constitution. Right below were federal statutes and presidential executive orders. Snowden wanted to know which of the two ranked higher. "My understanding is that EOs may be superseded by federal statutes, but EOs may not override statute," he wrote. " Am I incorrect in this?" And he had a similar question about Pentagon regulations and Office of Director of National Intelligence (ODNI) rules.

Someone in the general counsel's office—the person's name is redacted—replied quickly and informed Snowden that EOs cannot override a statute and that Defense Department and ODNI regulations "are afforded similar precedence." This NSA official helpfully added, "Please give me a call if you would like to discuss further." Apparently, if the NSA is to be believed, Snowden was satisfied and did not follow up.

Several hours after the NSA released the Snowden email, Snowden told the Washington Post, "Today’s release is incomplete, and does not include my correspondence with the Signals Intelligence Directorate’s Office of Compliance, which believed that a classified executive order could take precedence over an act of Congress, contradicting what was just published. It also did not include concerns about how indefensible collection activities—such as breaking into the back-haul communications of major US Internet companies—are sometimes concealed under EO 12333 to avoid Congressional reporting requirements and regulations."

Snowden insisted that he had tried to work within the system: "If the White House is interested in the whole truth, rather than the NSA’s clearly tailored and incomplete leak today for a political advantage, it will require the NSA to ask my former colleagues, management, and the senior leadership team about whether I, at any time, raised concerns about the NSA’s improper and at times unconstitutional surveillance activities. It will not take long to receive an answer."

Snowden said there was other relevant emails (presumably sent to the NSA) "not just on this topic. I’m glad they’ve shown they have access to records they claimed just a few months ago did not exist, and I hope we’ll see the rest of them very soon." He maintained, "I showed numerous colleagues direct evidence of programs that those colleagues considered unconstitutional or otherwise concerning. Today’s strangely tailored and incomplete leak only shows the NSA feels it has something to hide."

If Snowden did have more extensive correspondence with the NSA, he and/or the agency should be able to resolve the question of what he sought to do before revealing the NSA's most important secrets.

While the initial disclosures by Edward Snowden revealed how US authorities are conducting mass surveillance on the world's communications, further reporting by the Guardian newspaper uncovered that UK intelligence services were just as involved in this global spying apparatus. Faced with the prospect of further public scrutiny and accountability, the UK Government gave the Guardian newspaper an ultimatum: hand over the classified documents or destroy them.

The Guardian decided that having the documents destroyed was the best option. By getting rid of only the documents stored on computers in the UK, it would allow Guardian journalists to continue their work from other locations while acquiescing to the Government's demand. However, rather than trust that the Guardian would destroy the information on their computers to the Government's satisfaction, GCHQ sent two representatives to supervise the operation. Typically, reliable destruction of such hardware in the circumstances would be to shred or melt all electronic components using a much larger version of the common paper shredder and leaving only the dust of the original devices. Indeed, some devices such as external USB sticks were turned to dust.

Now the German government is to block IT companies that have links to the NSA from being awarded public contracts in the wake of Edward Snowden's revelations of mass surveillance. According to German newspaper Süddeutsche Zeitung and public broadcaster NDR, Germany's coalition government has changed the rules for awarding IT contracts to eliminate those companies suspected of passing on data to foreign secret services.

Now companies awarded contracts by the state will have to sign contracts saying that they won't pass on data relating to German citizens. The rule will mainly apply to US companies that are bound to give back-door access to the data they collect.

Related Links:
http://t.co/br3Z2B0dKd
http://international.sueddeutsche.de/post/85917094540/
https://www.privacyinternational.org/blog/
http://www.nbcnews.com/feature/edward-snowden-interview
http://www.bbc.co.uk/news/technology-25832341
http://edition.cnn.com/2014/05/27/us/edward-snowden-interview/
http://www.wired.co.uk/news/archive/2014-05/21/german-contracts-nsa
http://world.einnews.com/article/207156206/
http://www.bbc.co.uk/news/world-us-canada-27598516

Wikileaks Claims NSA is Logging Afghanistan’s Calls

The National Security Agency has been recording and archiving "nearly all" domestic and international phone calls in Afghanistan as of last year, according to the ant secrecy website WikiLeaks.

Following through on a promise made earlier in the week, WikiLeaks revealed Friday the identity of what it says is "Country X," a previously unnamed country that journalism reports have said was subject to an NSA surveillance program that allows agents to listen in to the entirety of its telephone conversations.

The country's identity had been censored by multiple journalism outlets because of requests from U.S. intelligence officials, who claimed its disclosure could significantly jeopardize national security and lead to deaths.

But WikiLeaks, which is known for an aggressive disclosure policy that rarely favors redaction, dismissed such concerns.

"Both The Washington Post and The Intercept stated that they had censored the name of the victim country at the request of the U.S. government," WikiLeaks said in a statement. "By denying an entire population the knowledge of its own victimization, this act of censorship denies each individual in that country the opportunity to seek an effective remedy, whether in international courts, or elsewhere."

Related Links:
http://www.nextgov.com/defense/2014/05/wikileaks-claims

Life after Silk Road: the Darknet drugs market

Buying drugs and weapons online is far easier since the closure of Silk Road in 2013, after a dozen new sites have taken its place

When the Silk Road website was busted in October 2013, the closure took out 13,648 different drug deals, according to research by US online safety group, Digital Citizens Alliance (pdf). Yet today, the dark web is teeming with dozens of new markets and thousands of new dealers serving a growing consumer base.

This week, a search of the revived Silk Road site, which has been back online since November 2013, showed 13,472 different drug deals. And according to a recent Reddit.com post, new Darknet markets carry a total of 33,985 different drug deals – an almost threefold increase in Darknet drug-dealing activity in just eight months.

As well as Silk Road, police forces worldwide must now add new sites, Agora, Evolution, Pandora, Blue Sky, Hydra, Cloud Nine, Andromeda, Outlaw, Pirate, BlackBank, Tor Bazaar, Cannabis Garden and Alpaca.

Related Links:
http://www.theguardian.com/technology/2014/may/30/

Half of American adults hacked

A new study publicized this week claims that almost half of all American adults - about 110 million people - have had their personal data hacked in the past year.

Tallied by the Ponemon Institute and reported by CNN, the study claims that 47% of US adults have been hacked in the past 12 months, with up to 432 million "hacked accounts."

CNN's data comes from the Identity Theft Resource Center (ITRC), which tallies data breaches in the US reported by news media and government sources (CNN says it also got data from its "own review of corporate disclosures").

Well, according to another headline-grabbing report, more than 820 million records were exposed in data breaches worldwide in 2013.

Whatever the real number of individuals affected by these data disasters is - and we really, truly just don't know – it is still far too high.

Related Links:
http://nakedsecurity.sophos.com/2014/05/30/

Iranian Hacks have used Facebook to Spy on the US

Iranian hackers set up fake Facebook accounts and tried to befriend Western officials and US in an effort to spy on them, an Internet security firm has said. The hackers created fake personas and populated their profiles with fictitious personal content, and then tried to befriend targets, the Reuters news agency reported. Targets are believed to include a US navy admiral, politicians, ambassadors, lobbyists and officials from several other countries including the UK and Saudi Arabia, according to the internet firm, iSight Partners.

ISight declined to identify the victims and said it could not say what data had been stolen. "If it's been going on for so long, clearly they have had success," said Tiffany Jones, a company executive.

Related Links:
http://cyberwar.einnews.com/article/
http://www.cbc.ca/news/technology/iranian-hackers

Many UK firms failing to identify cyber security risks, says Schillings

Many UK businesses skip basic steps needed to protect data assets from cyber attacks, says Law & Security firm Schillings.

"We are seeing companies struggle to identify significant, credible cyber threats that relate directly to them, such as data breaches and phishing campaigns," said David Prince, delivery director of cyber security at Schillings.

He believes it is critical for organisations to understand the specific threats they face using threat modeling, but few are doing so because they do not understand the impact of data loss.

Related Links:
http://www.computerweekly.com/news/2240221417/

New eBay vulnerabilities menaces 145M users

Just a few days after the disclosure of a major data breach at eBay, in the Internet is circulating the news of three new critical eBay vulnerabilities in the company website.

eBay admitted that the cyber attack has impacted nearly 145 million registered users worldwide, the hackers violated company database and the company immediately requested its customers to change their passwords.

Related Links:
http://securityaffairs.co/wordpress/25177/hacking/

Cyber War no longer Sci-Fi!

Cyber terrorism, Cyber war and widespread chaos caused by hacking isn’t the realm of science fiction any more – they are all possible, says David Jacobson, co-founder and technical director at Synaq. Jacobson says the greater the reach of the Internet, the greater the exposure and vulnerability of all things.

"In an ‘Internet of Everything' age in which over 50 billion devices will be connected to the Internet in a very few years from now, everything becomes an access point to everything else. This means that the number of vulnerabilities increases exponentially. Unfortunately, manufacturers are rushing to take connected products to market without fully considering the security implications," he says.

Jacobson notes the risks are heightened by the fact that most of the connected devices of the future will not be physically protected.

Related Links:
http://cyberwar.einnews.com/article/205700469/

IBM buys Virtual Assistant Technology for Watson

IBM has acquired virtual assistant software startup Cognea, with plans to roll its capabilities into the Watson cognitive computing platform.

Cognea's virtual assistants "relate to people using a wide variety of personalities -- from suit-and-tie formal to kid-next-door friendly," said Mike Rhodin, senior vice president of IBM's Watson Group, in a blog post. "We believe this focus on creating depth of personality, when combined with an understanding of the users' personalities will create a new level of interaction that is far beyond today's 'talking' smartphones."

The Cognea deal follows IBM's investments in Fluid, which makes a shopping assistant application, and Welltok, which develops online health-care community sites. IBM did not disclose financial terms of the Cognea acquisition.

IBM made a big splash with Watson in 2011, when the computer system defeated former champions of the game show "Jeopardy," and subsequently has tried to commercialize the technology.

Earlier this year, IBM announced it would invest more than $1 billion to create the business group Rhodin now leads, including $100 million in startup companies creating applications on its Watson-powered development cloud.

Related Links:
http://www.computerworld.com/s/article/9248454/IBM

Google sets up 'right to be forgotten' after EU ruling

Google has launched a service to allow Europeans to ask for personal data to be removed from online search results.

The move comes after a landmark European Union court ruling earlier this month, which gave people the "right to be forgotten".

Links to "irrelevant" and outdated data should be erased on request, it said.

Google said it would assess each request and balance "privacy rights of the individual with the public's right to know and distribute information".

"When evaluating your request, we will look at whether the results include outdated information about you, as well as whether there's a public interest in the information," Google says on the form which applicants must fill in.

Related Links:
http://www.bbc.co.uk/news/technology-27631001

Shortlisting Business Intelligence (BI) Vendors

BI is no longer a nice-to-have back-office application that counts widgets — it is now used as a key competitive differentiator by all leading organizations. For decades, most of the BI business cases were based on intangible benefits, but these days are over — today 41% of professionals, with knowledge of their firm's business case, base their business case on tangible benefits, like an increased margin or profitability. As a result, BI is front and center of most enterprise agendas, with North American data and analytics technology decision-makers who know their firm's technology budget telling Forrester in 2014 that 15% of their technology management budget will go toward BI-related purchases, initiatives, and projects.

But taking advantage of this trend by deploying a single centralized BI platform is easier said than done at most organizations. Legacy platforms, mergers and acquisitions (M&A), BI embedded into enterprise resource planning (ERP) applications, and organizational silos are just a few reasons why no large organization out there has a single enterprise BI platform. Anecdotal evidence shows that most enterprises have three or more enterprise BI platforms and many more shadow IT BI platforms.

Related Links:
http://www.information-management.com/blogs/

The full web site is currently under development and will be available during 2014