Cyber Security Intelligence

Twitter< Follow on Twitter >

November Newsletter #4 2014

Regin, a new 'Stuxnet' attacks Russia & Saudi 'probably western government produced'

A highly advanced malware is as sophisticated as Stuxnet and Duqu. The "Regin" Malware is thought to have been developed by a nation-state, because of the financial clout needed to produce code of this complexity. The malware targets organisations in the telecommunications, energy and health sectors.

Symantec malware reversers found attackers have foisted Regin on targets using mixed attack vectors including one unconfirmed zero-day in Yahoo! Messenger.

"Regin is a complex piece of malware whose structure displays a degree of technical competence rarely seen," Symantec's researchers wrote.

The security firm did not name a nation as the source of Regin, but is willing to say most of its victims were from Russia and Saudi Arabia and were targeted between 2008 and 2011 with a since de-commissioned version of the malware that re-surfaced after 2013. More than half of observed attacks have targeted Russia and Saudi Arabia, Symantec said. The rest are scattered across Europe, Central America, Africa, and Asia. The initial infection can come from a wide variety of sources, such as copies of popular websites or web browsers and USB drives that have been plugged into contaminated systems.

Regin has five attack stages. It begins with an initial “drop,” also called a Trojan horse (or “backdoor”) breach, which allows it to exploit any security vulnerability, while avoiding detection. The first stage deploys what is called a loader, which prepares and executes the next stage; the second stage does the same to complicate detection. The third and fourth stages, called kernels, build a framework for the fifth and final stage, called the payload. That’s when it can wrest control of a computer or leap to a new victim.

US Senate fails to pass NSA reform bill

The US Senate has voted against a bill that would rein in the National Security Agency's bulk collection of telephone records within the country, possibly killing any NSA reforms until next year.

Supporters of the USA Freedom Act, in a Senate vote, failed to get the 60 votes needed to end debate and move toward a final vote on the legislation. Fifty-eight senators voted to end debate, while 42 voted against it.

While supporters said the legislation is needed to restore public trust in US intelligence services, opponents said the NSA's widespread collection of US phone records is needed to keep the country safe from terrorism.

The legislation, sponsored by Senator Patrick Leahy, a Vermont Democrat, would have "gutted" the NSA phone records collection program at a time when the US faces major threats from homegrown terrorists, said Senator Marco Rubio, a Florida Republican. If the US has another terrorist attack, "the first question we will be asked is, why didn't we know about it, and why didn't we prevent it?" he said.

Senator Mike Lee, a Utah Republican, countered that the bill is needed to restore confidence in US intelligence gathering services, after the public learned about widespread surveillance programs through leaks by former NSA contractor Edward Snowden. The public is concerned that the NSA "had been collecting and storing enormous amounts of information about American citizens," he said. "The data collection at issue was not limited to those suspected of terrorist activity."

A Cryptic Tweet - Then A Global Police Raid

The National Crime Agency (NCA) recently tweeted: "Criminals think they're safe on the Dark Web. They're wrong."

Some 20 minutes later the NCA revealed that it and other crime agencies across Europe and the US had targeted illegal marketplaces on the dark net - the parts of the internet not readily accessible by a search engine - taking down 400 sites.

Among those was Silk Road 2.0, the successor to the notorious Silk Road, the online drugs marketplace currently the subject of a trial in the US.

The NCA made six arrests in the UK - those arrested were allegedly either involved in the sale of drugs through the sites or the administration of the sites themselves. That's nothing new. Four people were arrested in the UK when the original Silk Road was taken down in October 2013.

The revenues of Silk Road 2.0 were relatively small - the site processed around $8m (£4.4m) in sales, paid using Bitcoin, every month. On the same day, the NCA announced the seizure of 250kg of cocaine, worth up to £40m - about 10 months' revenue.

But the international raid - which would have demanded serious resources - was coordinated for maximum impact.

It is intended to send exactly the message tweeted by the NCA - that criminals can still feel the long arm of the law online, and that law enforcement continues to take dark web marketplaces very seriously, even with Silk Road 1.0 gone. But despite the NCA's tweet, criminals are in fact relatively safe on the dark web, compared to on the street or on the normal, open internet most of us use day to day. Like the Dread Pirate Roberts, it appears that the operator of Silk Road 2.0, alleged to be Blake Benthall, slipped up, handing administrative access to the site over to an FBI agent.

Traditional law-enforcement techniques have so far proved the most useful when it comes to this very modern technology. The dark net makes things extremely difficult for police. These very public raids are an attempt to convince us that it doesn't.

Control over personal info and data is dead

As the tentacles of Facebook's data spread, privacy questions resurface many people in the US say they've lost control over how their personal data is used, according to a Pew survey. More than 90 percent of Americans feel they've lost control over how their personal information is collected and used by companies, particularly for advertising purposes, according to the results of a survey by the Pew Research Center published this month.

Eighty percent expressed concern over how third parties like advertisers accessed the data they share on social media sites.

The survey, which polled 607 adults online, was the Washington, DC-based think tank's first in a series to tackle Americans' views toward privacy after the leaks around government surveillance made by Edward Snowden last year.

The majority of respondents said people should be concerned about whether the government is listening in on their phone calls or viewing their online communications and other sensitive data. But beyond government surveillance, the findings also reflect people's attitudes amid the increasing sophistication by which Internet companies leverage people's data for advertising.

And companies are now getting smarter in tracking people's online behavior across devices. Google and Facebook are refining their techniques for connecting the ads people see online to whether they bought items in a physical store. Facebook's recently relaunched Atlas system lets partnered advertisers leverage Facebook members' data across the wider Internet.

To preserve privacy, the recommendation to delete cookie files doesn't really apply anymore, because more tracking is being done on mobile where cookies don't work.

The poll was released to the public on the morning on November 11th, 2014 but was part of a broader survey fielded online January 11-28, 2014. The margin of error is 4 percent.

Russia, China, Germany, Brazil: Nations want Internet control – at least within their own borders

There are no physical fences in cyberspace, that doesn’t mean there are no border controls.

While there is only one world power on the Internet, that situation will not last forever. The Internet's underpinning technologies were mostly created in the US, the initial networks were based there – and today the US hosts the majority of the most powerful Internet companies. Although the international community has fought minor battles on Internet sovereignty for years, the de facto power that stems from this US-centralism has for a long time seemed acceptable. But with the revelations – not even all following from Snowden – about international mass surveillance by the US and its allies, it's inevitable the gloves have had to come off.

In a replay of an imaginary Cold War nightmare scenario, Russia and China appear to have identified a common enemy. The nations are expected to sign a collaborative cyber-security treaty to "oppose the use of IT and the internet to interfere in the internal affairs of independent states".

Similarly, Brazil is moving to secure its communications through its own satellite and digital networks to end its dependence on the United States, which is accused of electronically spying on the region. Documents leaked by fugitive ex-NSA contractor Edward Snowden, revealed that Washington snooped on Brazilians' phone calls and Internet communications. It also said a spy base in Brasilia was part of a network of 16 such stations operated by the NSA to intercept foreign satellite transmissions.

There has also been discussion in mainland Europe, particularly Germany, about "Schengen-routing", which would keep Internet traffic away from the parts of the network where NSA and GCHQ could easily snoop on them. However, Edward Snowden has claimed that establishing a "European cloud" may not be effective.

Generally, there are two main reasons for states to want to take control of the Internet: they want to defend against outsiders – and to defend against insiders. Snowden files have shown us that the NSA hoovers up most Internet traffic. In a recent court case it was established that US law enforcement agencies can and do demand data from US companies even when it is stored abroad (in this case, Microsoft servers based in Ireland). Nor are US allies, chiefly Britain, innocent in this context. Unexplained spying by GCHQ abroad is well documented, with the claims of eavesdropping at climate change conferences the most recent.

For countries such as Russia and China, the threat from outside is more acute given that both countries have problems with territorial conflicts. There have been reports of cyber attacks in both directions between Russia and Ukraine. And China has been suspected of carrying out man-in-the-middle attacks in order to spy on citizens using encrypted connections.

IoT: The next wave from the Internet will be huge.

It is already possible to buy Internet-enabled light bulbs that turn on when your car signals your home that you are a certain distance away and coffeemakers that sync to the alarm on your phone, as well as Wi-Fi washer-dryers that know you are away and periodically fluff your clothes until you return, and Internet-connected slow cookers, vacuums, and refrigerators. “Check the morning weather, browse the web for recipes, explore your social networks or leave notes for your family—all from the refrigerator door,” reads the ad for one.

Welcome to what they call the Internet of Things (IoT), the beginning of what is being touted as the Internet’s next wave by technologists, investment bankers, research organizations, and the companies that stand to rake in some of an estimated $14.4 trillion by 2022. Cisco Systems, which is one of those companies, and whose CEO came up with that multitrillion-dollar figure, takes it a step further and calls this wave “the Internet of Everything,” which is both aspirational and telling. Jeremy Rifkin, whose consulting firm is working with businesses and governments to hurry this new wave along, describes it like this:

The Internet of Things will connect every thing with everyone in an integrated global network. People, machines, natural resources, production lines, logistics networks, consumption habits, recycling flows, and virtually every other aspect of economic and social life will be linked via sensors and software to the IoT platform, continually feeding Big Data to every node—businesses, homes, vehicles—moment to moment, in real time. Big Data, in turn, will be processed with advanced analytics, transformed into predictive algorithms, and programmed into automated systems to improve thermodynamic efficiencies, dramatically increase productivity, and reduce the marginal cost of producing and delivering a full range of goods and services to near zero across the entire economy.

K2 urges a forward Intel Approach to Cybersecurity

Senior management at K2 Intelligence, an industry leading investigative and risk analytics services firm, spoke about corporate cybersecurity defense strategy at the Journal of Law and Cyber Warfare's first annual symposium. The event was held at John Jay College of criminal justice.

"The private sector will not be able to defend against cyber warfare until it can better understand and prepare for potential attackers. This calls for companies to take an anticipatory intelligence-based approach to cybersecurity," said Jeremy Kroll, president and chief executive officer at K2 Intelligence. "Static IT security is no longer effective on its own. Cybersecurity must transition to a dynamic and proactive defense that employs investigative tools to collect and analyze information from internal and external sources."

Can Drones Bring Peace to Ukraine?

A special drone is in flight over Ukraine – a peace drone. The unmanned aircraft will monitor movements of pro-Russian separatists and Russian forces, working to ensure that they are living up to commitments made in the Sept. 5 Minsk ceasefire agreement (the so-called Minsk Protocol). If the drone’s operators like what they see through their eyes in the sky, the situation in Ukraine could begin to look a lot brighter in the months and years ahead.

The unarmed drone from Austrian UAV manufacturer Schiebel is called the Camcopter S-100. It takes two operators, has an ISR ceiling of 18,000 feet in international standard atmosphere conditions and, with normal payloads, a six-hour endurance.

The drone’s operators will be looking to verify that pro-Russian separatists in Eastern Ukraine and Russia are acting in accordance with the Minsk Protocol, and specifically that “illegal military formations, military equipment, as well as militants and mercenaries” leave Ukraine – all things that US military and intelligence spyglasses have been monitoring already for months. Pro-Russian separatists now must open up corridors to allow humanitarian assistance flow in while refugees evacuate and separatist forces withdraw heavy Russian weapons from residential areas.

Russia owns a fleet of 500 drones, which come in 43 different flavors. Probably the most sophisticated armed drone under development is the Altius-M, a MQ-19 Reaper knock-off that Russia wants to deploy by 2016. Experts say that Russian armed drones are years behind those of United States in terms of capability. But Russia has recently signaled a big commitment to drone development, as a way to compensate for a shrinking pool of draft-age young men.

How the US military's idiotic tribal mentality leaves us vulnerable to cyber catastrophe: Opinion by DB Grady

The future of cyber warfare is limited only by the imaginations of enterprising hackers. In this arena, there is a dangerously level geopolitical playing field and an ill-defined domestic "turf." In the void of the unfulfilled promise of Cybercom, we're left waiting for some US agency to take the lead on cyber warfare. The US military in particular has a chance to "own" cyber.

But if you want to find the smartest minds in technology, look anywhere but the government and military. This isn't to say that there aren't clever people doing interesting things at dot-gov. But if you're a hot, second-year computer science student at Stanford, are you going to choose the huge paychecks, free gourmet food, wine-and-beer Fridays, and lavish ancillary financial benefits that come with, say, Google? Or will you choose a job in Washington DC, a city so "with it" that, brace yourself, you might not have to wear a tie to the office.

Silicon Valley is full of technologists who have developed driverless cars, contact lenses that track glucose levels, a fleet of tiny drones that can deliver packages to your front door, and, oh yeah, they have a plan to cure death. But the government should have some advantages. Say you want to be a spy — like, the best spy in the world. There's only one place to be: the Central Intelligence Agency. That's a real coup for American security. Why can Langley attract the kinds of minds we want running American espionage while Ft. Meade and its branch offices attract only the cyber second-stringers? The reason goes back to the CIA's founding, when guys like Frank Wizner and "Wild Bill" Donovan and Allen Dulles not only tolerated guys able to think "outside the box," but insisted on it. The old military men who fell by default into "leadership" positions and whose decrepit, outdated, and addle-minded ideas will never have to face any real scrutiny.

When America does sustain a crippling cyber attack, these same men will testify before Congress and say that nobody could have foreseen whatever horror befalls the United States, and nobody will be disciplined, let alone go to Leavenworth. But I assert today that when the nightmare of cyber war finally strikes the US, these men will be directly responsible, and they know it, and they will deserve no less punishment than they'd like to see inflicted on Edward Snowden. Let's just hope that Russia doesn't take these guys, too, even though Siberia is a deserving end to their small, shortsighted, and petty lives.

Russia plans 'alternative Wikipedia'

Since it’s founding in 2001, Wikipedia has become one of the world's most popular websites and now Russia is planning an alternative version of the Wikipedia, the country's presidential library has said. A statement said the initiative aimed to provide better information about Russia than is available on Wikipedia.

Analysis had shown that Wikipedia "does not have enough detailed and reliable information about Russian regions and the life of the country", it said. Some 50,000 books and documents had been collected, it said, to portray Russia "objectively and accurately".

In August, laws were enacted forcing bloggers with more than 3,000 daily readers to register with the mass media regulator. And in March, websites run by opponents and critics of President Vladimir Putin were blocked.

US government planes are collecting domestic mobile phone data

Devices that gather data from millions of mobile phones are being flown over the US by the government, according to the Wall Street Journal.

The "dirtbox" devices mimic mobile phone tower transmissions, and handsets transmit back their location and unique identity data, the report claims. While they are used to track specific suspects, all mobile devices in the area will respond to the signal.

The US Justice Department refused to confirm or deny the report.

The Wall Street Journal said it had spoken to "sources familiar with the programme" that said Cessna aircraft fitted with dirtboxes were flying from at least five US airports.

A dirtbox mimics the signals transmitted by mobile phone providers, which handsets look to latch on to. When they do, they send their individual registration information and location.
They are used to track an individual or small group but all phones within the area where they are operating will also be swept up in the surveillance. They operate in the same way as Stingray, a more commonly known mobile phone surveillance tool, security expert Prof Alan Woodward told the BBC.

How the battle against ISIS is being fought online

The battle against Islamic State (ISIS) militants has been fought in part on social networks, and has raised the question - how best to counter the message being spread by jihadists? Amid the murder of Alan Henning, there was a glimmer of hope. Recently the online propaganda campaign from ISIS was drowned out.

The hash tag #notinmyname swarmed around the net in the hours after reports of Henning's death, driven by Western Muslims who are sickened, heart-broken and furious at how their faith has been hijacked.

The hash tag was the brainchild of the Active Change Foundation, an organisation dedicated to fighting extremism. Hanif Qadir of ACF said he and the young people at the organisation came up with the campaign because the broad mass of ordinary Muslim voices couldn't be heard. They wanted to take back online space occupied by ISIS.

"It's a simple message," he says. "It's Muslims [and] non-Muslims saying no way, not in the name of Islam, and not in the name of any faith or humanity, It's a very powerful message and very simple."


The full web site is currently under development and will be available during 2014