Cyber Security Intelligence

Twitter< Follow on Twitter >

May Newsletter #4 2014

Worldwide Crackdown on Hackers

Two major events targeting Hackers show growing international concern across governments over the growing impact and extent of Cybercrime.

Operation Blackshades, an internationally coordinated police offensive directed by Europol taking in 16 countries, has resulted in over 100 arrests of creators, sellers and users of malware.

In a parallel development, US authorities have brought charges against named officers of a special unit of the Chinese Army in a multiple indictment accusing them of cybercrime against major US corporations and sensitive infrastructure in a systematic attempt to gain advantage by industrial espionage.

Yet, US and EU governments are still spying on each other. In the wake of revelations about the US NSA spying on friendly governments, the German government is reported to be introducing a policy which will deny contracts to companies that cannot demonstrate their data is beyond the reach of foreign access. The restriction is being introduced to prevent the flow of data worth protecting to foreign security authorities.

Related Links:
https://www.europol.europa.eu/content/
http://money.cnn.com/2014/05/19/
http://www.computing.co.uk/ctg/news/2345522/german-government

Israel Fears Attack from ‘Hijacked’ Malaysian Flight MH370 and Iran’s Role is Still Suspected

As the theory that the missing Malaysia Airlines flight 370 might have been hijacked has grown popular of late, Israel has tightened security in its airspace, amid fears that the airplane could launch an attack anytime.

According to The Times of Israel, the security officials and aviation authorities recently held a meeting and decided to beef up security measures for ensuring safety in the Israeli airspace.
Based on profiling, pilots are unlikely suspects, says Israeli airline’s former security chief; he and other experts believe plane intact.

Isaac Yeffet, who served as head of global security for Israel’s national carrier in the 1980s and now works as an aviation security consultant in New Jersey, said investigators were correct in homing in on the two fake-passport carrying Iranian passengers on the doomed flight, and they have wasted valuable time by exploring other leads.

“What happened to this aircraft, nobody knows. My guess is based upon the stolen passports, and I believe Iran was involved,” he said. “They hijacked the aircraft and they landed it in a place that nobody can see or find it.”

In the immediate aftermath of the aircraft’s disappearance, which occurred last week during a standard night flight from Kuala Lumpur to Beijing, Malaysian officials and the media were fixated on the story of two Iranians who had made it onto the plane with stolen passports. As the days wore on and the investigation uncovered new and confusing details, with officials admitting that the plane could have traveled for as long as seven hours without radio contact, and that its potential location could be anywhere from northern Kyrgyzstan to the southern Indian Ocean, attention has shifted to the pilots and to far-flung conspiracy theories. This is a misstep, said Yeffet, and one that would not have happened in Israel.

However, it would have taken more than just a pair of Iranians with forged documents, Yeffet said, to pull off such an astonishing crime. “I can’t believe for a second that if these people planned to hijack the aircraft, it was just them,” he said. But based upon the tried-and-true Israeli intelligence strategy of profiling, the pilots, he said, are unlikely suspects.

“We are talking about a captain who is 53 years old, who has worked for Malaysia Airlines for 30 years, and suddenly he became a terrorist? He wanted to commit suicide? If he committed suicide, where is the debris?”

Adding that the captain in question, Zaharie Ahmad Shah, was known to be happily married and comfortably well off, Yeffet said the profile simply does not fit. “From the United States to China to Japan, everybody is searching for this aircraft or piece of it. And there is no sign. So in my opinion, the aircraft was hijacked. And it was an excellent plan from the terrorists, to land in a place where they can hide the plane and no one can find it.”

Lt. Col. (Res.) Eran Ramot, a former IAF fighter pilot and the head of aviation research at Israel’s Fisher Institute for Air and Space Strategic Studies, however, drew other conclusions.
“It would be very complicated [for someone other than the pilot to have flown the plane],” Ramot said, based on the stunning revelations that the flight not only made a total U-turn from its planned route but also dipped in between radar points for hours and had all of its tracking systems manually turned off. “It takes somebody that knows how to operate an airplane like this.”

Like Yeffet, Ramot believes the plane was being intentionally flown to a secret location, and he went as far as to say he is holding out hope that the 239 passengers and crew who were on board are still alive.

“We don’t know any better yet,” he said. “One of my theories is that the airplane landed in Bangladesh. It could reach there as it’s very close to Afghanistan. It could have landed on airstrip there, and everybody on board is still alive. It could be done.”

The crucial 30-minutes that decided plane's fate

The mystery of missing Malaysian Airlines flight MH370 ultimately boils down to a 30-minute period.

In that period of time, the plane veered off course and disappeared from the radars. But what investigators don't know is exactly what caused the plane to so drastically take a turn for the worst.

What is known is that the two pieces of vital tracking communications were switched off in two separate actions.

At 1.07am the plane’s Aircraft Communications Addressing and Reporting System (ACARS) sent the last transmission from the plane. When the next transmission was due but never arrived 1.37am that was the first sign that something had gone wrong.

The transmission of flight data was automatic, and monitors the performance of the plane and the pilots for engineers on the ground to keep track of.

In that 30 minute period, co-pilot Fariq Abdul Hamid spoke the last words anyone would hear from the plane: "alright, good night".

By choosing one place and time to vanish into radar darkness with 238 others on board, the person - presumed to be a pilot or a passenger with advanced knowledge - may have acted only after meticulous planning, according to aviation experts.

Engineer under suspicion

Malaysian police are investigating a flight engineer who was among the passengers on the missing Malaysia Airlines plane as they focus on the pilots and anyone else on board who had technical flying knowledge, a senior police official said.

The aviation engineer is Mohd Khairul Amri Selamat, 29, a Malaysian who has said on social media he had worked for a private jet charter company.

"Yes, we are looking into Mohd Khairul as well as the other passengers and crew. The focus is on anyone else who might have had aviation skills on that plane," a senior police official with knowledge of the investigations told Reuters.

"Whoever did this must have had lots of aircraft knowledge, would have deliberately planned this, had nerves of steel to be confident enough to get through primary radar without being detected and been confident enough to control an aircraft full of people," a veteran airline captain told Reuters.

https://au.news.yahoo.com/a/22029295/malaysia-airlines-missing
http://www.timesofisrael.com/ex-el-al-expert-iran-likely-involved-in-mh-370/
http://www.investorvillage.com/

Snowden’s Biggest NSA Leaks are yet to Come Says Greenwald who adds NSA planted bugs in Cisco product

Journalist Glenn Greenwald, who has been at the center of controversy ever since breaking the story about the existence of the expansive National Security Agency (NSA) surveillance program, told Al Jazeera's John Seigenthaler that there were "many more stories to go" based on the top secret documents taken by former NSA contractor Edward Snowden.

Greenwald also insisted that despite accusations to the contrary the Obama administration has repeatedly said that the leaks hurt US national security "nobody has been injured or in any way harmed as a result of our reporting." Greenwald also said in his interview that despite all that has been published about the depth and scope of the NSA program, there is still much to be revealed.

"There's among the biggest stories that are left to be reported," he said. That apparently includes one particular story that has yet to be published because, Greenwald said, it is a "very complicated story to report."

"I do think it will help to shape how this story is remembered for many years to come, because it answers some central questions about how surveillance is conducted that still aren't answered," he said, without providing further details.

Incredible as it seems, routers built for export by Cisco (and probably other companies) are routinely intercepted without Cisco's knowledge by the National Security Agency and equipped with hidden surveillance tools.

We know this because it's one of the new details of the spy agency's vast data gathering programs revealed in "No Place to Hide," a just-published book by Greenwald.

We learn that the scale of the NSA's data gathering operations was much, much larger than we could have imagined: "As of mid-2012, the agency was processing more than twenty billion communications events (both Internet and telephone) from around the world each day," Greenwald writes.

Greenwald reveals that a program called X-KEYSCORE allows "real-time" monitoring of a person's online activities, enabling the NSA to observe emails and browsing activities as they happen, down to the keystroke. The searches enabled by the program are so specific that any NSA analyst is able not only to find out which websites a person has visited, but also to assemble a comprehensive list of all visits to a particular website from specific computers.
You would think that an analyst wanting to monitor someone's online activities so closely would need, at the very least, authorization from a high-level agency executive. Not so. All the analyst needs to do is fill out an online form "justifying" the surveillance and the system returns the information requested.

http://www.infoworld.com/d/the-industry-standard/snowden-the-nsa-planted
http://world.einnews.com/article/

Emails Reveal how Close Google is to NSA

Email exchanges between National Security Agency Director Gen. Keith Alexander and Google executives Sergey Brin and Eric Schmidt suggest a far cozier working relationship between some tech firms and the U.S. government than was implied by Silicon Valley brass after last year’s revelations about NSA spying.

Disclosures by former NSA contractor Edward Snowden about the agency’s vast capability for spying on Americans’ electronic communications prompted a number of tech executives whose firms cooperated with the government to insist they had done so only when compelled by a court of law.

http://america.aljazeera.com/articles/2014/5/6/nsa-chief-google.html

‘We Kill People Based on Metadata’ Provided by The NSA! Admits Ex-NSA Chief

There has been a lot of rhetoric going on ever since Snowden leaked classified documents detailing the extent of surveillance done by the US National Security Agency, NSA.

HackRead reported earlier informing how the US uses unreliable NSA cell metadata to drone civilians, yet we have US officials denying spying activities conducted by the NSA, we had President Obama asserting,

“Nobody is listening to your telephone calls.” “What the intelligence community is doing is looking at phone numbers and durations of calls – they are not looking at people’s names and they are not looking at content,” he said then. NSA had claimed earlier that its sweeping collection of phone and Internet records should not concern people because it is only the metadata that is retained.

Hayden added, “We kill people with metadata,” and then was quick enough to defend his comments, “but that’s not what we do with this metadata program. It’s really important to understand this program in its entirety. Not the potentiality of the program but how it’s actually conducted. The NSA under very strict limitations can access the lockbox of surveillance data,” Hayden added.

http://hackread.com/nsa-matadata-drone-killings/

Australian military is to use new cyber warfare after Snowden's revelations

Previously, the Australian government has expressed the desire and need to protect their country from cyber threats and various foreign spying. However, it is due to the release of the ADF new "Information Activities" report last November that launches the start of Australia being engaged in the cyber activities.

The aim of the so-called information operations is to "persuade, convince, deter, disrupt, compel or coerce" people who are part of foreign governments and military units as well as "domestic players such as the general public and government."

Another measure that will be used by the ADF is conducting "computer network operations", better known as cyber warfare, which will protect domestic information and data networks. Part of the ADF's doctrine is to use "manipulation, distortion, or falsification of evidence ... to influence the mind, decisions and actions of the adversary ... to form inaccurate impressions about friendly forces, squander intelligence assets, or fail to use other resources to best advantage."

The push to implement new cyber warfare was obviously instigated by former US intelligence contractor Edward Snowden who has revealed a lot of documents that he gathered during his work in NSA.

Professor Des Ball and Dr Gary Waters, signals intelligence and cyber warfare experts have recently published a paper where they have noted that the Australian Signals Directorate is "a privileged party to cyber warfare developments in the United States and the United Kingdom." The ADF states that there is a need to instantly deal with people who present any danger, even if those people are Australians. Despite that, there is no hint on any guidance on the questions related to propaganda through Internet or the way media should react to any events taking place in the world.

"It is important to nurture public trust by providing clear, timely and accurate information in order to remain responsive to public expectations," the ADF's new doctrine adds.

http://cyberwar.einnews.com/article/

Google Maps plans public transport routes across UK

Google has today announced the next iteration of Maps with in-built Transit planning options covering the whole of the UK.

The service will be available from today on iOS and Android apps, as well as an in-browser version. It will incorporate 16,983 routes across Great Britain covering every mode of public transport, over which 1.4 million trip variations are made every week.

The result is that Google Maps now offers a unified one-stop shop for planning journeys across the country, which can be adapted to suit you depending on your preferred method of travel and whether you'd rather walk less or make fewer transfers.

http://www.wired.co.uk/news/archive/2014-05/14/google-maps-transit-uk

Tibet Propaganda Boss Vows to 'Seal' Internet to Stop Separatists

Tibet's top propaganda official vowed to "seal and stifle" the Internet in an effort to defang separatist groups in the Himalayan region.

Dong Yunhu, Tibet's propaganda department head, made the remarks at a meeting on Monday, the State Council's information office said, as China seeks to stamp out ethnic unrest after a string of violent attacks it has blamed on separatists from the far-western region of Xinjiang.

"We must bring down pressure from the sky, find and confiscate materials on the ground, and seal and stifle the Internet - the holy trinity of supervision and control of the system," Dong said. "(This is) to cut off Tibetan separatist propaganda from infiltrating and destroying all manner of communication."

Tibet has also seen heightened unrest in recent years. More than 120 Tibetans have set themselves on fire since 2009 to protest Beijing's rule, with many calling for the return of their exiled spiritual leader, the Dalai Lama.

China maintains tight control over the media. Censorship is widespread, and Internet users cannot access information about many topics without special software to circumvent restrictions.

http://gadgets.ndtv.com/internet/news/tibet-propaganda-boss

Launching the Open Data Compass

Arachnys Open Data Compass building on top of on-going indexing of the world’s compliance-relevant data gives a powerful overview of where in the world has the best provision of the types of business-critical data necessary for due diligence research.

Compass scores give a measure of interplay of different factors including anti-corruption, compliance, development, transparency and tech infrastructure. Given this, the top and bottom of the rankings may be no surprise, with New Zealand, the United Kingdom and Australia taking the podium, and the lower ranges dominated by sub-Saharan Africa, North Korea and small island states. There are some notable outliers, however, on several of the above factors: China and India, noted for their struggles with political corruption, score well, boosted by the high volumes of online public data to be found on provincial and state government e-services. Conversely, pay walls and other access restrictions prevent more developed and tech-friendly countries such as the USA, Singapore and South Korea from performing better in the index.

http://compass.arachnys.com/

Eleven signs - you have been hacked!

Here are 11 sure signs you've been hacked and what to do in the event of compromise. Note that in all cases, the first recommendation is to completely restore your system to a known good state before proceeding.

In the early days, this meant formatting the computer and restoring all programs and data. Today, depending on your operating system, it might simply mean clicking on a Restore button. Either way, a compromised computer can never be fully trusted again.

The recovery steps listed in each category below are the recommendations to follow if you don't want to do a full restore, but again, a full restore is always a better option.

1: Fake antivirus messages
As soon as you notice the fake antivirus warning message, power down your computer. Boot up the computer system in Safe Mode, No Networking, and try to uninstall the newly installed software. Then follow up with a complete antivirus scan. Oftentimes, the scanner will find other sneak remnants left behind.

2: Unwanted browser toolbars
Most browsers allow you to review installed and active toolbars. Remove any you didn't absolutely want to install. When in doubt, remove it.

3: Redirected Internet searches
You can often spot this type of malware by typing a few related, very common words (for example, "puppy" or "goldfish") into Internet search engines and checking to see whether the same websites appear in the results. The traffic sent and returned will always be distinctly different on a compromised computer vs. an uncompromised computer. Remove the bogus toolbars and programs is often enough to get rid of malicious redirection.

4: Frequent random popups
When you're getting random browser pop-ups from websites that don't normally generate them, your system has been compromised. You'll need to get rid of bogus toolbars and other programs if you even hope to get rid of the pop-ups.

5: Your friends receive fake emails from your email account
If one or more friends reports receiving bogus emails claiming to be from you, do your due diligence and run a complete antivirus scan on your computer, followed by looking for unwanted installed programs and toolbars. Often it's nothing to worry about, but it can't hurt to do a little health check when this happens.

6: Your online passwords suddenly change
If the scam is widespread and many acquaintances you know are being reached out to, immediately notify all your contacts about your compromised account. Do this to minimize the damage being done to others by your mistake. Second, contact the online service to report the compromised account. Most online services are used to this sort of maliciousness and can quickly get the account back under your control with a new password in a few minutes.

7: Unexpected software installs
There are many free programs that show you all your installed programs and let you selectively disable them. My favorite for Windows is Autoruns. It doesn't show you every program installed but will tell you the ones that automatically start themselves when your PC is restarted. Most malware programs can be found here. The hard part is determining what is and what isn't legitimate. When in doubt, disable the unrecognized program, reboot the PC, and re-enable the program only if some needed functionality is no longer working.

8: Your mouse moves between programs and makes correct selections
If your computer "comes alive" one night, take a minute before turning it off to determine what the intruders are interested in. Don't let them rob you, but it will be useful to see what things they are looking at and trying to compromise. If you have a cellphone handy, take a few pictures to document their tasks. When it makes sense, power off the computer. Unhook it from the network (or disable the wireless router) and call in the professionals. This is the one time that you're going to need expert help.

9: Your antimalware software, Task Manager, or Registry Editor is disabled and can't be restarted
You should really perform a complete restore because there is no telling what has happened. But if you want to try something less drastic first, research the many methods on how to restore the lost functionality (any Internet search engine will return lots of results), then restart your computer in Safe Mode and start the hard work. I say "hard work" because usually it isn't easy or quick. Often, I have to try a handful of different methods to find one that works. Precede restoring your software by getting rid of the malware program, using the methods listed above.

10: Your bank account is missing money
In most cases you are in luck because most financial institutions will replace the stolen funds (especially if they can stop the transaction before the damage is truly done). However, there have been many cases where the courts have ruled it was the customer's responsibility to not be hacked, and it's up to the financial institution to decide whether they will make restitution to you.
If you're trying to prevent this from happening in the first place, turn on transaction alerts that send text alerts to you when something unusual is happening.

Unfortunately, many times the bad guys reset the alerts or your contact information before they steal your money. So make sure your financial institution sends you alerts anytime your contact information or alerting choices are changed.

11: You get calls from stores about nonpayment of shipped goods
First try to think of how your account was compromised. If it was one of the methods above, follow those recommendations. Either way, change all your logon names and passwords (not just the one related to the single compromised account), call law enforcement, get a case going, and start monitoring your credit.

Conclusions
Most malicious hacking originates from one of three vectors: unpatched software, running Trojan horse programs, and responding to fake phishing emails. Do better at preventing these three things, and you'll be less likely to have to rely on your antimalware software's accuracy and luck.

http://www.infoworld.com/d/security/11-sure-signs
http://www.infoworld.com/d/security/7-sneak-attacks

The full web site is currently under development and will be available soon!