Saturday, June 25, 2011

UK Cyber Security Challenge renewal promises better prizes • The Register

UK Cyber Security Challenge renewal promises better prizes

by John Leyden, theregister.co.uk
April 20th 2011 11:14 AM

The UK's Cyber Security Challenge is promising a renewal of the competition, with more competitions on a broader range of topics and better prizes.

The Challenge, successfully run last year as a way of promoting interest in information security as a career and unearthing hidden pools of talent, is once again backed by the UK government.

Last year's exercises have involved one-off code-breaking puzzles as well as a more structured programme of network security exercises culminating in a grand final, which was won by Dan Summers, a postman from Wakefield.

This year's event will include exercises involving penetration testing, malware forensics, and network defence among a total of eight competitions, each testing a different cyber-security skill.

Competitions will run more frequently throughout the year and some will offer multiple opportunities to play, allowing more people the chance to participate. Winners in each of the eight categories will compete in a semi-final before the most accomplished performers face off in a masterclass grand final, due to be held in HP Labs, near Bristol.

The Government’s Office of Cyber Security and Information Assurance is giving £180k in sponsorship to help the scheme along. Organisations providing logistical and financial support for the scheme include PWC, Sophos, the SANS Institute, HP Labs, Cassidian and QinetiQ, the US Department of Defense’s Cyber Crime Center is also getting on board by running and promoting the digital forensics strand of the competition.

Organisers of the scheme are seeking further sponsors ahead of the opening of competition to schools and members of the general public in May.

More details on the renewal can be found on the official Cybersecurity challenge website here. ®

Original Page: http://www.theregister.co.uk/2011/04/20/cyber_security_challenge_reloaded/

Shared from Read It Later

Elyssa Durant, Ed.M. 

United States of America 

Forgive typos! iBLAME iPhone

Posted via email from Whistleblower

No waiting list for admin passwords

Lulz warns NHS of sick security

by John Oates, theregister.co.uk
June 10th 2011 8:45 AM

LulzSec, the security collective which claimed credit for hacking Sony, has taken to Twitter to warn the NHS that it stumbled across several admin passwords.

The Department of Health claimed the breach was nothing more serious than "a very small number of website administrators". It said no national systems were hit - given the slow progress of creating such national systems this might not be a surprise.

Lulz published an email sent to the NHS with the relevant passwords blacked out.

It said:

We're a somewhat known band of pirate-ninjas that go by LulzSec.

Some time ago, we were traversing the Internets for signs of enemy fleets.

While you aren't considered an enemy - your work is of course brilliant - we did stumble upon several of your admin passwords, which are as follows....

We mean you no harm and only want to help you fix your tech issues. Also, we hope that little girls feasts on the bones of many giving souls. All the best.

Lulz Security

And no, we don't have any idea what "little girls feasts" means either.

At least the breach is not quite as embarrassing as the recent failure by FBI partner Infraguard which was hacked this week.

Original Page: http://www.theregister.co.uk/2011/06/10/lulz_nhs_hack/

Shared from Read It Later

Elyssa Durant, Ed.M. 

United States of America 

Forgive typos! iBLAME iPhone

Posted via email from Whistleblower

8m health records go walkabout • The Register

8m health records go walkabout

by John Oates, theregister.co.uk
June 15th 2011 9:11 AM

A London health authority has admitted losing a laptop which contains 8.6 million health records.

The machine was lost three weeks ago, but has only just been reported missing to police and the Information Commissioner's Office.

We've asked North Central London health board why it needed to store 8.63 million health records on an unsecure laptop in the first place.

They sent us the following: "NHS North Central London is investigating the loss of a number of laptops. One of the machines was used for analysing health needs requiring access to elements of unnamed patient data. All the laptops were password protected and our policy is to manually delete the data from laptops after the records have been processed. NHS North Central London operates under strict data protection guidance and is taking the matter extremely seriously. We have started an investigation into the issues raised by the loss. We are liaising with the office of the Information Commissioner."

The machine was one of 20 lost from a storeroom at London Health Programmes - a research body based at NHS North Central London, reports. Eight of the 20 have been recovered, but the authority is still looking for the other 12.

The records contain no names but do include other identifying information like age, gender, postcode, medical history, hospital visits, HIV status and mental illnesses.

An ICO spokesperson said: “Any allegation that sensitive personal information has been compromised is concerning and we will now make enquiries to establish the full facts of this alleged data breach.”

A Department of Health spokesman later sent us this statement:

"All NHS organisations are legally required to comply with Data Protection legislation and are expected to take data loss extremely seriously, be open about incidents and about the action taken as a result.

"We have set clear standards for NHS organisations to adhere to on data handling, and have issued guidance that sets out the steps they must take to ensure records are kept secure and confidential.

"Local NHS organisations are responsible for implementing these data handling processes, including which staff need to have access to health records, and for compliance with Information Governance standards." ®

Original Page: http://www.theregister.co.uk/2011/06/15/eight_million_health_records/

Shared from Read It Later

Elyssa Durant, Ed.M. 

United States of America 

Forgive typos! iBLAME iPhone

Posted via email from Whistleblower

Daily Mail launches McKinnon campaign • The Register

Daily Mail launches McKinnon campaign

by John Leyden, theregister.co.uk
July 3rd 2009 2:17 PM

The Daily Mail has launched a high-profile campaign supporting Gary McKinnon's fight against extradition to the USA.

The red-baiting, Romany-hating paper criticises US authorities for treating a "naive hacker" interested in uncovering evidence of extraterrestrial life on poorly-secured Pentagon systems as a dangerous cyber-saboteur.

The paper also lambasts UK politicians for meekly going along with US demands in a front-page article. An associated online petition to the new Home Secretary, Alan Johnson, calls on him to use his discretion in order to block extradition proceedings against McKinnon, a recently diagnosed sufferer of Asperger's Syndrome.

Such a move would allow for McKinnon to be tried in the UK, avoiding the trauma of a US trial followed by the likelihood of an extended spell behind bars.

The wholehearted support of the influential daily paper is a major fillip to the McKinnon campaign, which has already attracted high-profile supporters including Pink Floyd's David Gilmour, London mayor Boris Johnson and former Beirut hostage Terry Waite.

Lord Carlile, the independent reviewer of anti-terror laws, and Oscar-winning actress Julie Christie have also voiced support for McKinnon's fight against extradition.

McKinnon admits taking advantage of weak password security to root around US military and NASA systems back in 2001 and 2002 but denies claims that he caused $700,000 in damage in the process. He was first arrested and questioned by UK cops in 2002, but it wasn't until 2005 that the US began extradition proceedings.

The long-running campaign against extradition included failed appeals to the House of Lords and the European Court of Human Rights last summer. These legal actions happened before McKinnon was diagnosed with Asperger's Syndrome.

McKinnon's last hope against avoiding extradition rests with two judges who are due to review the decision by UK prosecutors not to prosecute McKinnon in the UK during a hearing scheduled for Tuesday, 14 July. The same two judges - Lord Justice Stanley Burnton and Mr Justice Wilkie - heard arguments that the then Home Secretary Jacqui Smith was wrong to allow McKinnon's extradition to proceed following his diagnosis with a mild form of autism at an earlier hearing.

A decision on the first hearing was "reserved" pending consideration of the other judicial review. ®

Original Page: http://www.theregister.co.uk/2009/07/03/mail_mckinnon_campaign/

Shared from Read It Later

Elyssa Durant, Ed.M. 

United States of America 

Forgive typos! iBLAME iPhone

Posted via email from Whistleblower

DEC 'hacker' questions McKinnon political bandwagon • The Register

DEC 'hacker' questions McKinnon political bandwagon

by John Leyden, theregister.co.uk
January 30th 2009 2:19 PM

Boris Johnson's outspoken defence of Gary McKinnon in his extradition fight has been criticised by a former security consultant, who complains he was denied such support when he himself was charged with hacking offences.

Daniel Cuthbert was convicted in October 2005 of breaking the Computer Misuse Act by "hacking" into a tsunami appeal website in December 2004, and fined £400 plus £600 in costs. He was subsequently forced to change career after the prosecution, which was widely seen by his peers as misguided. Cuthbert now wants to know why he wasn't shown any support from politicians of the kind lent to McKinnon by Johnson.

The London mayor wrote a barbed critique of attempts by US authorities to drag McKinnon over to the US to answer for charges of hacking into US military systems, rather than be tried in the UK for his admitted offences, in an opinion piece in The Daily Telegraph on Monday. Johnson argues that treating McKinnon as a "cyberterrorist" rather than a hacker with out-there beliefs is itself lunacy.

McKinnon is far from the first Brit to face high-profile computer charges, but the degree of political support he's received - a motion on his behalf was signed by 80 MPs, to say nothing of the lampooning of extradition proceedings by the London mayor - is unprecedented, and a tribute to the long-running campaign fought by McKinnon's lawyers and supporters.

Cuthbert's woes began when he made a donation through the DEC (Disasters Emergency Committee) site. After failing to get a confirmation email, he became suspicious and carried out two tests to check its security. These actions triggered a warning on the intrusion detection system behind the site, maintained by BT, who reported the matter to police. This ultimately led to Cuthbert's arrest, conviction and inability to continue his career as an IT security consultant.

After a spell in Thailand, Cuthbert is back in the UK and studying for an MA in documentary and photojournalism at the London College of Communication. Cuthbert - who has repeatedly spoken out against the extradition proceedings against McKinnon in the past - ruefully notes that he didn't enjoy the benefit of support from political figures, such as the London mayor.

"Whilst it would be lovely if Boris could talk about my conviction, the chance of that happening is slim," Cuthbert told El Reg.

Cuthbert criticised Johnson's argument that McKinnon ought to be given special consideration because of his motives.

"Gary committed a crime, end of story," Cuthbert said. "The issue has always been where he would be tried for that crime. In all honesty, the fact he was searching for UFOs doesn't make what he did right, he did break into computers and the intent was always to break in to find information. What Boris is saying is that he should be given special consideration, and I don't believe in that at all.

"I personally think he should be tried in the UK. The UK is wrong to bow down to the whims of the US, especially since the extradition treaty between the two countries is hardly fair and equal."

Cuthbert's sense of injustice is supported in a response to Johnson's original piece by Ira Winkler, president of the Internet Security Advisors Group and an ex-NSA officer who's become a cybercrime guru. Winkler argues that McKinnon caused real damage, so arguments that he was only rooting around systems looking for evidence of UFOs are neither here nor there. He goes on to say that Johnson would do better to look into cases of injusice closer to home, such as the Cuthbert case.

Why doesn't Johnson turn to the case of Daniel Cuthbert? In that case prosecuted in London, a real security expert and security community volunteer was prosecuted and convicted for what essentially amounted to typing "cd ..". The Cuthbert case demonstrates absurdity of at least one computer crime prosecution in London. Until Johnson speaks out on Cuthbert, he shouldn't have the gall to waste any time on a person who actually caused significant damage to a government system.

We've dropped the Mayor an email asking what position he might have on the Cuthbert case. We've received an automated reply confirming the safe delivery of this message and saying that, while busy, "the Mayor is committed to responding to all appropriate correspondence and everything is being done to reply to your query as quickly as possible". We await further correspondence with interest.

Meanwhile, a former US prosecutor involved at the start of the McKinnon prosecution has defended the US handling of the case. Scott Christie, an assistant US attorney in New Jersey in 2002 at the time McKinnon was first indicted in the case, criticised Johnson's critique as badly misinformed.

"[McKinnon] has created this cause celebre status in order to appeal to folks who will beat the drum on his behalf and they conveniently ignore the facts of the situation and the entire nature of his conduct," Christie said, Computerworld reports. Christie, who heads the IT group at attorneys McCarter & English LLP, added that Johnson's public support "lends some credence to the individuals who are painting McKinnon as a victim" rather than a criminal hacker. ®

Original Page: http://www.theregister.co.uk/2009/01/30/cuthbert_mckinnon/

Shared from Read It Later

Elyssa Durant, Ed.M. 

United States of America 

Forgive typos! iBLAME iPhone

Posted via email from Whistleblower

Pink Floyd frontman backs McKinnon musical protest • The Register

Pink Floyd frontman backs McKinnon musical protest

by John Leyden, theregister.co.uk
April 6th 2009 4:30 AM

A small group of protesters held a successful musical protest against attempts to extradite UFO enthusiast turned hacker Gary McKinnon to the US on Thursday.

Janis Sharp, McKinnon's mum, organised the sing-in protest outside the US embassy on Thursday to coincide with President Barack Obama's visit to London for the G20 conference and UN World Autism Awareness Day.

Sharp rewrote the lyrics (but not the tune) of Graham Nash's "Chicago" as a protest against long-running attempts to wrench her son over to the US to face trial and probable incarceration for hacking into US government and military systems. The protests also sought to highlight concerns with the lop-sided UK-US extradition treaty more generally.

These efforts gained a massive publicity boost when David Gilmour, legendary singer and guitarist with Pink Floyd, agreed to sing on the backing track of the song. Gilmour wasn't able to attend the event himself, but he did post a message of support for McKinnon on his website, adding his name to those who oppose McKinnon's extradition.

Crank up the volume

Music has been a feature in McKinnon's long-running campaign against extradition. Celebrity supporters of McKinnon's include former Police frontman Sting and wife Trudie Styler.

Nash, famous as a member of Crosby, Stills, & Nash, gave permission for his song "Chicago" to be rewritten to reflect McKinnon's plight. He, along with Gilmour, also number themselves among McKinnon's supporters.

McKinnon's friends and family hope to produce a music track/compilation CD - involving some famous musicians - in support of Gary McKinnon's legal fight against extradition, the Free Gary support blog reports.

Other high-profile supporters outside the world of music include London mayor Boris Johnson, Lord Carlile, the independent reviewer of anti-terror laws, and former Beirut hostage Terry Waite.

The 'sit-in' musical protests took place two months before a judicial review on whether Home Secretary Jacqui Smith was correct to allow extradition proceedings against McKinnon to continue in spite of his recent diagnosis with Asperger's Syndrome. This hearing represents McKinnon's best hopes of avoiding extradition after the failure of earlier appeal to the House of Lords and elsewhere last year, prior to McKinnon's diagnosis with a mild form of autism. ®

Bootnote

A big Reg thank you to Janis Smith for use of the photographs. Janis and her husband Wilson are both musicians, which is why they came to live and work in London when Gary was a child. "Gary is a gentle musician but unfortunately that's not how he's portrayed in the media," she said.

Original Page: http://www.theregister.co.uk/2009/04/06/mckinnon_extradition_musical_protest/

Shared from Read It Later

Elyssa Durant, Ed.M. 

United States of America 

Forgive typos! iBLAME iPhone

Posted via email from Whistleblower

Promoter hunts stars for McKinnon benefit gig • The Register

Promoter hunts stars for McKinnon benefit gig

by John Leyden, theregister.co.uk
November 21st 2008 11:27 AM

Updated Rock band Marillion have offered to take part in a gig in support of accused Pentagon hacker Gary McKinnon with proceeds going to autism charities, according to local media reports.

Ross Hemsworth, managing director of Glastonbury Radio has taken on the role of promoter to write to 100 bands asking them to perform at a benefit concert next month, the Hampstead and Highgate Express reports. The Rock Against Injustice concert aims to highlight concerns about McKinnon's plight as well as wider worries about the UK's extradition treaty with the US.

A galaxy of stars including the Kaiser Chiefs, Madonna, George Michael, Brian May and Jamiroquai have been invited to take part in the gig. How many of these celebs will respond, especially on such short notice, is open to question but 80s prog rockers Marillion appear to be well up for the job. Mark Kelly, keyboardist for Marillion, told local reporters that as something of a computer geek himself he symphathised with McKinnon's plight.

"I thought he [McKinnon] seemed quite harmless. He was only looking for UFOs. His story struck a chord with me. When I heard he was being extradited, it seemed so unjust. He shouldn't be made an example of just because of American incompetence," Kelly said.

Hemsworth, UK director of the International UFO Congress, is clearly keen to do everything he can to help a fellow UFO enthusiast in peril. He also hopes to recruit pop stars to take part in a charity recording of a track written by McKinnon, entitled Only a Fool, at London's famous Abbey Road studios.

All proceeds from the concert and the record will go towards funding the Autism Research Centre in Cambridge. McKinnon was diagnosed with Asperger's syndrome (a mild form of autism) in August.

McKinnon's lawyer, Karen Todner, was unavailable for immediate comment on the charity gig idea at the time of going to press. A spokesman for the FreeGary support campaign welcomed the sympathetic quotes from Marillion band members but added "whether that translates into an actual concert in time remains to be seen".

The Scot has run a long campaign against extradition the the US, where he faces faces seven charges of hacking into US government and military systems from his then girlfriend's home in Crouch End during 2001 and 2002. He admits hacking but denies causing damage. To US prosecutors McKinnon is the "biggest military hacker of all time", but the former sysadmin describes himself as a bumbling amateur, one of many hackers to have infiltrated US military systems, looking for suppressed evidence on UFOs.

McKinnon has suffered a string of legal setbacks in his fight against extradition. The House of Lords to denied his appeal against extradition and the European Court of Justice washed its hands of the case earlier this year. Lawyers acting on behalf of McKinnon were refused a written judicial review of the Home Secretary's decision not to suspend extradition proceedings following his recent diagnosis with Asperger's Syndrome, but an oral hearing has been scheduled for 5 December. ®

Original Page: http://www.theregister.co.uk/2008/11/21/mckinnon_benefit_gig/

Shared from Read It Later

Elyssa Durant, Ed.M. 

United States of America 

Forgive typos! iBLAME iPhone

Posted via email from Whistleblower

Accused Pentagon hacker prosecution could backfire • The Register

Accused Pentagon hacker prosecution could backfire

by John Leyden, theregister.co.uk
April 13th 2007 10:06 AM

Analysis Accused Pentagon hacker Gary McKinnon is continuing to fight against extradition to the US after losing an appeal last week.

Only the Law Lords now stand between the Scot and a US trial for allegedly breaking into and damaging 97 US government computers between 2001 and 2002 and causing $700,000 worth of damage, in what US authorities have described as the "biggest military" computer hack ever. He allegedly infiltrated networks run by the US Army, US Navy, US Air Force, Department of Defense and NASA. US authorities described McKinnon as an uber-hacker who posed a threat to national security in the aftermath of the 9/11 attack.

McKinnon (AKA Solo) admits he infiltrated computer systems without permission. The 41-year-old former sysadmin said he gained access to military networks - using a Perl script to search for default passwords - but describes himself as a bumbling amateur motivated by curiosity about evidence of UFOs. He said numerous other hackers had access to the resources he was using and questions why the US authorities have singled him out for extradition.

Any damage he did was purely accidental, McKinnon claims. If convicted, following extradition and a US trial, McKinnon faces a jail term of up to 45 years' imprisonment.

Scapegoat

According to a reformed computer hacker accused of similar crimes 10 years ago, McKinnon is been made a scapegoat for the shortcomings of US military security.

Mathew Bevan, whose hacker handle is Kuji, was accused of breaking into US military computer systems but his 1997 case at Woolwich Crown Court was dropped after a legal battle lasting around 18 months. No attempt was made to extradite Bevan. After the case, Bevan became an ethical hacker and security consultant, first with Tiger Computer Security, and later on a freelance basis with his firm the Kuji Media Corporation.

"Both Gary and I were accused of similar offences. The difference is his alleged crimes were committed in a different political climate, post 9-11. The decision to push extradition in Gary's case is political," Bevan told El Reg.

Bevan, like McKinnon, has an interest in free energy and evidence of UFOs. The similarities in the case go further. The crimes Bevan is alleged to have committed were cited as evidence of cyberterrorism in US senate hearings in 1996. "They haven't found a cyberterrorist or 'bad boy' for a while and it looks like they are trying to make an example in Gary's case," he said.

McKinnon should have been allowed to plead guilty in his own country and not be faced with the prospect of a long prison term in a US prison with "inhumane" conditions, Bevan argues.

He says the military systems McKinnon is accused of hacking remain vulnerable to attack. "I'm sure there are a lot of people on these machines, some of who the US authorities allow to get in."

"The prosecution against Gary is about saving face for security lapses by the US military that remain as bad as they were 10 years ago," Bevan said. "If this had happened with a corporation someone would have been sacked."

He added that US authorities are keen to talk up the cyberterrorism threat in order to protect information security budgets.

McKinnon, unlike a US citizen who faced similar charges, is in a particularly bad situation. "The authorities are trying to rip him away from his family and ruin his life. Gary committed his alleged offences in the UK, and according to the Computer Misuse Act, jurisdiction lies here.

"Gary has suffered trial by media over the last five years, with everything weighed against him," Bevan added.

Despite everything that's happened to McKinnon, he reckons the case will fail to act as much of a deterrent to other would-be hackers. "Has it scared anyone? I shouldn't think so," Bevan said.

Next page:

Final appeal

Lawyers for McKinnon are petitioning for leave to appeal to the House of Lords on grounds including the use of "deliberately coercive plea bargaining" tactics by US authorities during the course of the long running case. His lawyers argued that he had been subjected to "improper threats" that he would receive a much harsher sentence and be denied the opportunity to serve out the back-end of his jail term in the UK unless he played ball.

Appeal court judges Lord Justice Maurice Kay and Mr Justice Goldring criticised US prosecution tactics but said these didn't offer enough grounds for appeal against the Home Secretary's decision to confirm a 2006 ruling that McKinnon ought to be extradited to the US.

The unemployed sysadmin has had these charges over his head since March 2002 when he was arrested by officers from the UK's National High Tech Crime Unit. The case against him lay dormant until July 2005 when extradition proceedings commenced. McKinnon has suffered ill health over recent months as a result of the stress caused by the case, according to his lawyers.

McKinnon's supporters argue the case has wider political implications. "It is not just about Gary McKinnon, there are lots of other people, from computer hackers to legitimate businessmen, who will continue to fall foul of this sort of surrender of British sovereignty and obeisance before the extra- territorial demands of the US legal bureaucracy," Mark, a member of London 2600 who runs the Free Gary blog, told us. "However the same lack of a requirement to show prima facie evidence also applies to European Union countries under the European Arrest Warrant," he adds.

McKinnon's lawyers chose not argue about whether he might be put on trial before a military tribunal but that this may well be argued in the House of Lords if leave to appeal (which is by no means guaranteed) is granted.

"Basically the judges have said 'we have to trust the USA Government to act in good faith', until they show that they have broken their promises - which will by then, of course, be too late for Gary McKinnon. Unlike Babar Ahmad or even any of the British citizens who were held without trial at Guantanamo Bay, Gary is actually accused of directly 'attacking the US military' systems," Mark notes.

"Even if Gary faces a civilian court in the USA, his chances of being found not guilty or of getting a lenient sentence appear to be slim, given the prosecutions recommendations as to length of sentence."

But the whole effort to try McKinnon in the US might backfire on the US military by putting its security shortcomings under the spotlight.

"If there is an actual trial in the USA, rather than a coerced or otherwise 'plea bargain', there are a large number of senior US military officers and civilian IT managers and auditors who are going to have to explain the incompetence or possible corruption or perhaps treason, which went on for years and months under their command, both before and after September 11," Mark claims.

"Even if this is suppressed in court, it might lead to Congressional Committee hearings," he adds. ®

Original Page: http://www.theregister.co.uk/2007/04/13/mckinnon_extradition_appeal_analysis/

Shared from Read It Later

Elyssa Durant, Ed.M. 

United States of America 

Forgive typos! iBLAME iPhone

Posted via email from Whistleblower

McKinnon a 'scapegoat for Pentagon insecurity' • The Register

McKinnon a 'scapegoat for Pentagon insecurity'

by John Leyden, theregister.co.uk
September 3rd 2008 8:02 AM

As accused Pentagon hacker Gary McKinnon hopes against hope to avoid being extradited to the US, another reformed military systems meddler considers his own case - and how different the outcome was.

McKinnon is probably days away from extradition. Only a last minute plea to the Home Secretary "Wacky" Jacqui Smith - based on McKinnon's recent diagnosis with Asperger Syndrome - now stands between the Scot and a US trial for hacking into US government and military systems. Friends and family staged a demonstration outside the Home Office on Tuesday in a bid to draw attention to McKinnon's plight.

The handling of McKinnon's case is in marked contrast to how US authorities handled a similar one ten years ago. Like McKinnon, reformed computer hacker Mathew Bevan was charged with breaking into US military computer systems. Bevan was also curious about searching for evidence that the US military had harvested technology from crashed UFOs. Bevan's alleged crimes were cited as examples of cyberterrorism at Senate hearings in 1996.

But no attempt was ever made to extradite Bevan to the US. Instead he was prosecuted in the UK. The case eventually fell apart after 18 months, when prosecutors decided not to proceed.

Bevan put the legal fight behind him and has since gone on to become an ethical hacker and security consultant. Speaking exclusively to El Reg, Bevan said McKinnon is being used in a political game that has more to do with securing funds than deterring or preventing attacks.

"Clearly, lessons have not been learned since I breached similar systems and as I have always suggested - perhaps stopping the intrusions is not the goal of the administration," Bevan said. "Tacitly allowing access to machines by ensuring that default passwords or in fact access methods without passwords is suggestive of a system that really does not care too much about many of the machines connected to it."

Bevan questions why Windows PCs on US military networks are connected to the internet via direct IPs. Thousands of attackers regularly use the same remote access port accessed during McKinnon's hack, but little or no action has been taken in their cases, Bevan adds.

McKinnon has said that many other hackers had gained access to the same systems he was accessing, questioning why US authorities singled him out for prosecution. The fact that McKinnon did nothing to disguise his tracks and lived in a country with a friendly extradition regime probably has a fair bit to do with this.

Bevan supports McKinnon's contention that he was far from alone in rooting around US military systems. "You ask any military hacker about the machines they broke in to and they will tell you they were not the only people on those systems. Of course, they weren't the only people, as there were great numbers of people whiling away their time hacking computers."

Pork barrel ploy

McKinnon, according to Bevan, was far more than simply unlucky.

"Why is it that only a tiny number of those people ever face prosecution? It is clearly not because the others cannot be found. You cannot believe that out of so many people, Gary just happened to be caught."

McKinnon is being used as a scapegoat in a bid to secure extra funding to protect US military networks, according to Bevan, who reckons a commercial organisation would never get away with such trickery.

"I think it's all about timing and whether or not the hacker will make a good scapegoat whilst allowing the administration to request further money. The fear machine can keep churning out propaganda as per normal, but don't expect those machines to actually get better security. They are not businesses, have no shareholders and therefore do not have to answer to the same stringent rules and tests that the computer systems of corporations would."

Bevan compared hacking attacks to an infestation by pests. Both stem from a failure to follow basic housekeeping rules, he argued.

"My cynical side believes that those 'pesky hackers' are treated just like any bug infestation, the odd one or two or even a handful is not much of an issue until the place becomes overrun. It is then that you can call in the exterminators and make a big fuss about the problem, of course it never addresses that the usual problem with an infestation is someone has not been keeping their place tidy. You leave scraps around for rats to find and in a short time you will have many, many more rats sniffing around for the goodies."

With such lax security, the US authorities are lucky that McKinnon only had peaceful intentions in mind, Bevan noted.

"Gary is a self-confessed stoner and perpetrated the 'biggest military hack of all time' whilst completely wasted. This is clearly a sign of how lax the security of these systems was. If Gary had been clear minded and deliberate about what he wanted to achieve and was a malicious person rather than the pacifist he is - where exactly would we be now?"

Next page:

Fast-track extradition is a one-way street

The US Congress has not ratified the fast-track extradition treaty between the UK and the US. UK prosecutors would need to present a compelling case before a US court before securing an extradition, whereas US authorities, as in the McKinnon case, have far fewer hurdles to clear.

"If it was an American hacker who had breached our computers - would we be fighting for extradition? I doubt it. In fact, we would most likely have to issue a public apology for our lapse in security and the media would be up-in-arms about how weak our defences are."

He added that the human factor is often ignored in the debate over McKinnon's fate, which is split between the 'burn him' camp and the 'deal with him here or let him go' lobby.

"People seem to forget that Gary is not just a meme or a 'hacker' - he is a real person. This guy has been waiting for six and a half years already. Now the chances are that if it had been dealt with over here he would have long served his time and be free to carry on his life.

"Due to political wranglings, all we are going to see is more time lumped on top of what has already been spent waiting in the wings and as many expect that time could be way in excess of the sentences for murder here."

According to papers submitted to his failed House of Lords appeal, McKinnon was offered a plea bargaining deal featuring a sentence of between three and four years in jail, if he cooperated with the US authorities and dropped his opposition to extradition against eight to ten years behind bars in a high-security prison after a US trial. Lawyers acting for McKinnon said that this deal might not be binding, and expressed concerns that McKinnon might be prosecuted by a US military rather than civilian court.

McKinnon (AKA Solo) has always admitted that he broke into US government computer systems but denies causing any damage. Bevan said McKinnon has not had enough credit in admitting responsibility for his misdeeds.

"Under UK law we are supposed to be more lenient on criminals who admit their crimes and accept the consequences. In this case, the effect appears to be the opposite - plead guilty then wait for the consequences. In the meantime have your charges upgraded as new laws are introduced and applied retrospectively."

Supporters of McKinnon argue that the prosecution may yet blow up in their faces by placing the security shortcomings of US government systems under the microscope, especially if the case goes to trial. Sysadmins may be faced with awkward questions about why their systems were so easy to infiltrate. Even if such questions fail to arise at trial, they might spark unwelcome Congressional scrutiny.

Stars and prison stripes

Bevan said McKinnon can expect to be treated harshly by a US court, especially if (as expected) he is tried in Virginia.

"Virginia is not exactly the most friendly state to foreigners and somehow I do not think that someone who 'attacked the United States' is going to be treated that well," Bevan said, adding there was a "high chances of abuse, torture, rape and drug abuse" in US prisons.

McKinnon's supporters argue the case has wider political implications involving the UK's willingness to deport suspects to the US and Europe without requiring evidence to be presented. Bevan is also critical of the fast-track deportation system.

"Is this the new way forward for the UK justice system, to allow citizens to be removed from the country without any evidence having to be presented? To allow them to go to a penal system which allows torture and brutality of its inmates is a clear violation of his human rights."

McKinnon has shown clear signs of remorse, according to Bevan, yet this has not counted in his favour. Bevan predicts that the case sets a pattern for how the prosecution of other UK hackers accused of committing offences in the US will be treated - marking a permanent move away from local prosecution to extradition as the preferred route.

"It saddens me that the USA can remove our citizens without any prima facie evidence, yet we cannot do the same when we wish to prosecute one of their citizens. This always felt like one of the main test cases and I am sure that we will see more people being treated in this way - guilty or not makes no difference," Bevan told El Reg. "If you do not have to argue your case or can justify closed hearings based on 'national security', we are clearly moving deeper into a system of control and away from any kind of democracy."

"People talk about 'Don't do the crime if you can't do the time', but what if the crime did not have the consequences at the time that it has now? When he was doing what he was doing, the extradition laws were not made and hacking was not a terrorist offence."

McKinnon was recently diagnosed with Asperger syndrome. Bevan is sceptical whether this, and more especially his heavy use of marijuana while hacking, will be counted as mitigating by the US court system.

"People clearly forget to consider that Gary has Aspergers, was using huge quantities of skunk. Is this a person that was thinking clearly?"

"Do you think that he had any real comprehension of what he was doing? The internet is 'not real' to many people, it's just stuff that happens somewhere else. It is here that people can do things they would never normally do in the real world and do not see the correlation between online activities and real world consequences. Someone who is wasted on weed can suffer many mental effects of doing so. Here, this would be taken into consideration, but in the States, he could be looking at ten years on top of his sentence for committing a crime under the influence of drugs." ®

Original Page: http://www.theregister.co.uk/2008/09/03/mckinnon_bevan_interview_analysis/

Shared from Read It Later

Elyssa Durant, Ed.M. 

United States of America 

Forgive typos! iBLAME iPhone

Posted via email from Whistleblower

Command and control? Yours for $500, guv

Hackers sell access to hacked .mil and .gov sites

by John Leyden, theregister.co.uk
January 24th 2011 12:03 PM

Cybercrooks are offering hacked domains, including military sites, for sale through underground marketplaces.

Government, defence (.mil) and education sites in the US and Europe are on offer to interested parties from anywhere between $55 and $499 each. The hacker is selling admin login credentials to hacked sites as well as looted personal data from compromised sites, yours for $20 per 1K records.

Database security firm Imperva, which issued an advisory late last week after coming across the illicit trade, reckons SQL injection vulnerabilities are the root cause of the security problems affecting the sites up for sale. It reckons the miscreant behind the sale used a scanner to search for vulnerabilities he knew how to exploit using automated tools.

Such a scenario is credible but by no means proven. Screenshots posted by the hacker show access to the admin interface for the University of Connecticut in a bid to substantiate claims that staff members' details are up for sale.

However the list of domains on offer includes several typos, which raises doubts about whether what is on offer is the real deal or a scam directed at fleecing cybercrooks themselves.

Underground sites more commonly offer access to networks of compromised machines or stolen credit card information. The offer to sell access to compromised websites is unusual, suggesting a further diversification of the goods on offer via black market outlets.

Imperva's advisory on the illicit trades, complete with screenshots, can be found here. ®

Original Page: http://www.theregister.co.uk/2011/01/24/hacked_domain_sale/

Shared from Read It Later

Elyssa Durant, Ed.M. 

United States of America 

Forgive typos! iBLAME iPhone

Posted via email from Whistleblower

Hack followed Libya bombing

Norway's military computers targeted in serious attack

by Dan Goodi, theregister.co.uk
May 20th 2011 8:14 PM

Norwegian military officials said they were targeted in a serious computer attack that struck in late March, one day after the country's F-16 fighter jets participated in bombings on Libya, according to published news reports.

On March 25, about 100 military employees received an email in Norwegian that included an attachment that installed a data-stealing trojan when opened, Agence France-Presse reported. The news service, citing the Norwegian Defense Information Infrastructure, said only one computer containing non-classified information was compromised. Among the recipients were high-ranking military personnel.

"The army is regularly the target of cyber and virus attacks, but not as extensive as this," AFP quoted INI spokeswoman Hilde Lindboe as saying.

Norway has six F-16s stationed in Crete as part of NATO's campaign against Moammar Gaddafi's forces. ®

Original Page: http://www.theregister.co.uk/2011/05/20/norway_military_computer_attack/

Shared from Read It Later

Elyssa Durant, Ed.M. 

United States of America 

Forgive typos! iBLAME iPhone

Posted via email from Whistleblower

Firefox add-on with 7m downloads can invade privacy • The Register

Firefox add-on with 7m downloads can invade privacy

by Dan Goodin, theregister.co.uk
May 20th 2011 4:00 AM

A high-rated Firefox extension with more than 7 million downloads secretly collects data about every website the open-source browser visits and combines it with uniquely traceable information tied to the user, an independent security researcher said.

The undisclosed behavior of the Ant Video Downloader and Player add-on takes place even when the Firefox private browsing mode is turned on or when users are availing themselves of anonymity services such as Tor. The add-on carries a rating of four out of five possible stars and gets an average of almost 7,000 downloads per day, according to official Mozilla statistics.

The revelations raise new questions about the safety of extensions offered on Mozilla's website. A spokeswoman for the open-source developer said the media player, like all public extensions not designated experimental, was vetted to make sure it meets a list of criteria. Chief among them is that add-ons "must make it very clear to users what [privacy and security] risks they might encounter, and what they can do to protect themselves."

"We've looked into the Ant Video Player and found that it does send information about websites users visit in order to power its ranking feature displayed for each website, and also includes a unique identifier in this communication," the spokeswoman wrote in an email. "While this does not violate our policies, we do require it to be disclosed in the privacy policy and the add-on's description. We have contacted the developer and asked them to correct this."

In the meantime, the add-on is available for download on Mozilla's site with no warning.

Messages left through a submission form on Ant.com, where a stand-alone version of the software is hosted, weren't returned. Attempts to reach the developers through other channels weren't successful.

The stealth tracking came to the attention of Simon Newton while he was diagnosing problems with a web application he was in the middle of developing. When he fired up a packet sniffer, he discovered that information about every single HTTP request his PC made was being sent to a server at rpc.ant.com, which used an IP address owned by the Reality Check Network Corp. The data included the external website or internal server being accessed, the time, the browser details, and several persistent browser cookies that contained a Universally Unique Identifier.

Newton quickly linked the behavior to the the Ant Video add-on installed on the PC. He said packets captured during a recent visit to El Reg looked like this:

POST / HTTP/1.1 Host: rpc.ant.com User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110422 Ubuntu/10.04 (lucid) Firefox/3.6.17 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Content-Type: application/json; charset=UTF-8 Content-Length: 327 Cookie: __utma=1.1249745586.1303010447.1305056403.1305056954.3; __utmz=1.1303010447.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=1.4.10.1305056954 X-Ant-UID: {0D908E35-A6A6-4326-B03A-CD8409A7FB79} X-Ant-Agent: vdmoz-2.3.0-stable.linux-linux-i686 Pragma: no-cache Cache-Control: no-cache {"version":"1.0","id":1,"method":"rank","params":[{"url":"http://www.theregister.co.uk/","ref":"","uid":"{0D908E35-A6A6-4326-B03A-CD8409A7FB79}","uagent":"Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110422 Ubuntu/10.04 (lucid) Firefox/3.6.17","lang":"en-us, en"}],"agent":"vdmoz-2.3.0-stable.linux-linux-i686"}HTTP/1.1 200 OK

Ant.com servers responded with the following:

Content-Type: application/json Content-Length: 50 Server: thin 1.2.7 codename No Hup Connection: close Date: Tue, 10 May 2011 20:19:09 GMT {"version":"1.0","id":1,"code":0,"result":"4,086"}

Interestingly, the unique identifier of Newton's PC didn't change even after he removed the add-on and reinstalled it. The only way he was able purge the tracking ID was to completely revert Firefox to its original settings and then reinstall the Ant Video extension.

"As there is this unique identifier, patterns could be built up about where I go -- for example if I use my laptop at work, at a public wifi hotspot, at home or a friends house -- that [UUID] and cookie can be tied to all of those IP addresses, building a picture of not only what I am doing online, but where I am doing it from," he wrote in a blog post published on May 10.

"What alarms me a bit more is that the data that is transmitted about me and my browsing (even anonymously) is going onto servers in New York, USA," he continued. "What if I were visiting [a] site I did not want anyone to know about? What if the US government subpoena 'Reality check network corp' for all information stored on their servers about my IP address, cookie, or UUID?"

Newton said he tried contacting the add-on's developers to find out if the snoop behavior is the result of a bug, but so far no one has responded to a personal message or his blog post.

The larger lesson here is that just because a Firefox add-on has been subjected to Mozilla's official vetting process there is no guarantee it doesn't do things that many users consider to be invasions of their privacy. With at least 5,000 add-ons hosted on its site, it wouldn't be shocking to find out that Ant Video isn't the only extension that comes with a few nasty surprises. ®

Update

As of late Thursday night California time, the Ant Video Downloader was no longer available on Mozilla's site.

"The page or file you requested wasn't found on our site," the page where the add-on had been located read. "It's possible that you clicked a link that's out of date, or typed in the address incorrectly."

The error message didn't elaborate.

Original Page: http://www.theregister.co.uk/2011/05/20/firefox_addon_privacy_invasion/

Shared from Read It Later

Elyssa Durant, Ed.M. 

United States of America 

Forgive typos! iBLAME iPhone

Posted via email from Whistleblower

Stiff-arms feds over seized domains

Mozilla refuses US request to ban Firefox add-on

by Dan Goodin, theregister.co.uk
May 5th 2011 8:47 PM

Mozilla officials have refused a US government request to ban a Firefox add-on that helps people to access sites that use internet domain names confiscated in an unprecedented seizure earlier this year.

The request came from officials at the Immigration and Customs Enforcement, the agency under the Department of Homeland Security that in February took the unprecedented step of seizing domain names accused of streaming live pay-per-view sporting events. Without giving the owners an opportunity to defend themselves, ICE officials obtained a court order that gave them control of the addresses, which ended in .com, .net, and .org.

That's where MafiaaFire came in. The Firefox add-on, available on Mozilla.org, made it easy for users to access sites that used some of the confiscated addresses. It did this by redirecting them to substitute domain names that were out of the reach of US courts, such as those with a .de top level domain.

“You simply type Demoniod.com into your browser as usual,” the add-on's authors wrote in an FAQ explaining how it works. “The browser sends the address to the add-on, the add-on checks if Demoniod.com is on the list of sites to be redirected and immediately redirects you to the mirror site.

According to a blog post published on Thursday by Mozilla General Counsel Harvey Anderson, ICE officials alleged MafiaaFire circumvented their seizure order and asked Mozilla to remove it.

The open-source group, in not so many words, said no.

“Our approach is to comply with valid court orders, warrants, and legal mandates, but in this case there was no such court order,” Anderson explained.

He continued: “The problem stems from the use of these government powers in service of private content holders when it can have unintended and harmful consequences. Longterm, the challenge is to find better mechanisms that provide both real due process and transparency without infringing upon developer and user freedoms traditionally associated with the internet.”

Indeed, a vocal chorus of lawmakers and policy wonks have decried the domain seizures, arguing that the ex parte actions are a serious power grab that threaten the stability of the internet. If the US government can confiscate addresses it doesn't agree with, what's to stop China or any other country from doing the same thing?

So far, at least 92 domain names have been seized under the program, which ICE officials have dubbed Operation in our Sites. Two of the affected domain names are rojadirecta.org and rojadirecta.com, which belong to a site that was recently ruled to be operating legally in Spain, where it is headquartered.

Anderson said he responded to the ICE request by sending officials a set of detailed questions that among other things asked: “What protections are in place for MAFIAAfire.com or the seized domain owners if eventually a court decides they were not unlawful?”

So far, he's received no response. ®

Original Page: http://www.theregister.co.uk/2011/05/05/mozilla_firefox_addon_survives/

Shared from Read It Later

Elyssa Durant, Ed.M. 

United States of America 

Forgive typos! iBLAME iPhone

Posted via email from Whistleblower

Imadinnerjacket's centrifuges unspun

Iran admits cyberattack hit nuke programme

by Chris Williams, theregister.co.uk
November 29th 2010 5:01 PM

The Iranian president Mahmoud Ahmadinejad today seemed to confirm speculation that the Stuxnet worm obstructed his regime's nuclear ambitions.

"Several" uranium enrichment centrifuges were damaged by the virus, he told a press conference.

"They were able to create problems on a limited basis for some of our centrifuges by software installed in electronic equipment," Ahmadinejad said.

Security analysts have speculated for months that Stuxnet is a digital weapon aimed at Iran's nuclear facilities at Bushehr and Natanz.

Reverse engineering of the worm has revealed it is able to infect the Siemens industrial control systems used at the plants. It then makes subtle, damaging changes to frequency converter drives that operate in a frequency range used in uranium enrichment.

"Our specialists stopped that and they will not be able to do it again," Ahmadinejad said.

Speculation as to the source of Stuxnet has centred on Israel, which is known to have advanced cyber attack capabilities.

Ahmadinejad also dismissed Wikileaks' disclosures about Iran's relations with its Arab neighbours. He claimed the US had deliberately leaked the cables, which show the king of Saudi Arabia calling for military action against his regime, adding "we don't give any value to these documents".

Separately, Iran also blamed Israel and the West for two explosions today targeting its nuclear scientists. One was killed and one injured in simultaneous operations. Assassins on motorbikes had reportedly attached bombs to the scientists' moving cars and detonated them from a distance. ®

Original Page: http://www.theregister.co.uk/2010/11/29/stuxnet_stuxnet/

Shared from Read It Later

Elyssa Durant, Ed.M. 

United States of America 

Forgive typos! iBLAME iPhone

Posted via email from Whistleblower

Hackers tap SCADA vuln search engine • The Register SHODAN

Hackers tap SCADA vuln search engine

by Dan Goodi, theregister.co.uk
November 2nd 2010 8:44 PM

A search engine that indexes servers and other internet devices is helping hackers to find industrial control systems that are vulnerable to tampering, the US Computer Emergency Readiness Team has warned.

The year-old site known as Shodan makes it easy to locate internet-facing SCADA, or supervisory control and data acquisition, systems used to control equipment at gasoline refineries, power plants and other industrial facilities. As white-hat hacker and Errata Security CEO Robert Graham explains, the search engine can also be used to identify systems with known vulnerabilities.

According to the Industrial Control Systems division of US CERT, that's exactly what some people are doing to discover poorly configured SCADA gear.

“The identified systems range from stand-alone workstation applications to larger wide area network (WAN) configurations connecting remote facilities to central monitoring systems,” the group wrote in an advisory (PDF) published on Thursday. “These systems have been found to be readily accessible from the internet and with tools, such as Shodan, the resources required to identify them has been greatly reduced.”

Besides opening up industrial systems to attacks that target unpatched vulnerabilities, the information provided by Shodan makes networks more vulnerable to brute-force attacks on passwords, many of which may still use factory defaults, CERT warned. The organization advised admins to tighten security by:

  • Placing all control systems assets behind firewalls, separated from the business network
  • Deploying secure remote access methods such as Virtual Private Networks (VPNs) for remote access
  • Removing, disabling, or renaming any default system accounts (where possible)
  • Implementing account lockout policies to reduce the risk from brute forcing attempts
  • Implementing policies requiring the use of strong passwords
  • Monitoring the creation of administrator level accounts by third-party vendors

Short for Sentient Hyper-Optimized Data Access Network, Shodan contains a wealth of information about routers, servers, load balancers and other hardware attached to the internet. Its database was built by indexing metadata contained in the headers the hardware broadcasts to other devices. Searches can be filtered by port, hostname and country. In other words, not only can it identify a Solaris server, it can in many cases identify a Solaris server located in Pakistan that remains vulnerable to a known exploit.

CERT's warning comes a few month after reports that a worm called Stuxnet burrowed into SCADA systems controlling nuclear power plants. The attack, which many researchers speculate was intended to disrupt Iran's nuclear aspirations, demonstrated the success in which determined hackers have in penetrating control systems. ®

Original Page: http://www.theregister.co.uk/2010/11/02/scada_search_engine_warning/

Shared from Read It Later

Elyssa Durant, Ed.M. 

United States of America 

Forgive typos! iBLAME iPhone

Posted via email from Whistleblower

SCADA security bug exposes world's critical infrastructure • The Register

SCADA security bug exposes world's critical infrastructure

by Dan Goodi, theregister.co.uk
June 12th 2008 6:12 PM

Gasoline refineries, manufacturing plants and other industrial facilities that rely on computerized control systems could be vulnerable to a security flaw in a popular piece of software that in some cases allows attackers to remotely take control of critical operations and equipment.

The vulnerability resides in CitectSCADA, a software product used to manage industrial control mechanisms known as SCADA, or Supervisory Control And Data Acquisition, systems. As a result, companies in the aerospace, food, manufacturing and petroleum industries that rely on Citect's SCADA products may be exposing critical operations to outsiders or disgruntled employees, according to Core Security, which discovered the bug.

Citect and Computer Emergency Response Teams (CERTs) in the US, Argentina and Australia are urging organizations that rely on CitectSCADA to contact the manufacturer to receive a patch. In cases where installing a software update is impractical, organizations can implement workarounds.

In theory, the bug should be of little consequence, since there is general agreement that SCADA systems, remote terminal units and other critical industrial controls should never be exposed to the internet.

But "in the real world, in real scenarios, that's exactly what happens, because corporate data networks need to connect to SCADA systems to collect data that's relevant to running the business," said Ivan Arce, CTO of Core. "Those networks in turn may be connected to the internet."

Wireless access points also represent a weak link in the security chain, he said, by connecting to systems that are supposed to be off limits.

It's the second vulnerability Core has found in a SCADA system in as many months. In May, the security company warned of a flaw in monitoring software known as InTouch SuiteLink that put power plants at risk of being shut down by miscreants. Also last month, the organization that oversees the North American electrical grid took a drubbing by US lawmakers concerned it isn't doing enough to prevent cyber attacks that could cripple the country.

The scrutiny comes as more and more operators try to cut costs and boost efficiency by using SCADA systems to operate equipment using the internet or telephone lines. The technology has its benefits, but it may also make the critical infrastructure vulnerable to cyber attacks by extortionists, disgruntled employees and terrorists.

The flaw in CitectSCADA is related to a lack of proper length-checking that can result in a stack-based buffer overflow. Attackers who send specially crafted data packets can execute malicious code over the vulnerable system, according to Core, maker of the Core Impact penetration testing product. ®

Original Page: http://www.theregister.co.uk/2008/06/12/scada_vuln_discovered/

Shared from Read It Later

Elyssa Durant, Ed.M. 

United States of America 

Forgive typos! iBLAME iPhone

Posted via email from Whistleblower

'Iranian' attackers forge Google's Gmail credentials • The Register

'Iranian' attackers forge Google's Gmail credentials

by Dan Goodin, theregister.co.uk
March 23rd 2011 8:12 PM

Extremely sophisticated hackers, possibly from the Iranian government or another state-sponsored actor, broke into the servers of a web authentication authority and counterfeited certificates for Google mail and six other sensitive addresses, the CEO of Comodo said.

The March 15 intrusion came from IP addresses belonging to an Iranian internet service provider, and one of the purloined certificates was tested from the same country, said Melih Abdulhayoglu, whose company is the certificate authority used to validate the bogus web credentials. Other web addresses that were targeted included www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.com, and Microsoft's login.live.com.

“All the IPs were from Iran, and this was critically executed,” Abdulhayoglu told The Register. “It wasn't like a brute-force attack like you would see from a typical cyber criminal. It was a very well orchestrated, very clinical attack, and the attacker knew exactly what they needed to do and how fast they had to operate.”

The intrusion on what amounts to a reseller of Comodo certificates allowed the attackers to obtain the encryption keys needed to create SSL, or secure socket layer, certificates that web browsers and email programs use to mathematically determine that the server they're connected to belongs to its true owner, rather than an imposter. The attack came around the same time that unknown parties compromised the security of RSA's SecurID, the matchbook-sized tokens that 40 million people use to secure logins to sensitive and corporate networks.

“The security companies who are providing authentication are being directly attacked by the government,” Abdulhayoglu said. “All of us provide some sort of security, some sort of authentication, to people and we're being attacked. The reason is these people (the attackers) want to have access to communication.”

Comodo revoked the forged certificates almost immediately after discovering they had been issued. That would cause most modern browsers to warn of a forgery when encountering them. But older browsers don't provide such warnings, and the validation check can be turned off, both of which create the possibility that people visiting the targeted websites on unsecured networks could have been duped by the counterfeited certificates.

Google very quietly blacklisted “a small number of certificates” two days after the attack, and Mozilla and Microsoft took similar action for Firefox or Internet Explorer until Tuesday and Wednesday respectively.

Abdulhayoglu declined to identify the reseller, which in SSL parlance is known as a registration authority, except to say that it was based in southern Europe. Comodo still doesn't know how the RA was breached but investigators have determined that other non-Comodo accounts held by the partner were also compromised around the same time.

Abdulhayoglu said he could neither confirm nor deny that the breaches were related to, or aided by, the compromise of RSA's SecurID.

Next page: Who knew what, when?

Original Page: http://www.theregister.co.uk/2011/03/23/gmail_microsoft_web_credential_forgeries/

Shared from Read It Later

Elyssa Durant, Ed.M. 

United States of America 

Forgive typos! iBLAME iPhone

Posted via email from Whistleblower

Iran says it was attacked by second computer worm • The Register

Iran says it was attacked by second computer worm

by Dan Goodin, theregister.co.uk
April 25th 2011 8:30 PM

A senior Iranian commander said his country has been targeted by a second malware attack in addition to the Stuxnet worm that was designed to disrupt nuclear operations.

Iranian security personnel are still in the process of investigating the Stars computer worm, Brigadier General Gholam-Reza Jalali, told Iran's Mehr News Agency. The Associated Press quoted him as calling the malware an “espionage virus” that targeted undisclosed computer systems in his country.

“Certain characteristics about the Stars worm have ben identified, including that it is compatible with the (targeted) system and that the damage is very slight in the initial state, and it is likely to be mistaken for executable files of the government,” said Jalali, who heads Iran's Passive Defense Organization, a military unit in charge of combatting sabotage.

Jalali's claim follows the discovery in July of a worm that targeted SCADA, or supervisory control and data acquisition, computer systems throughout the world. Many researchers who have studied the so-called Stuxnet worm claim it was designed to sabotage Iran's nuclear facilities by causing centrifuges used in uranium enrichment to operate at unsafe speeds. The New York Times has said the highly sophisticated malware was jointly engineered by the US and Israel.

Last week, Jalali repeated claims that the US and Israel were behind the attack and went on to say those countries got help from German engineering firm Siemens, which built the industrial control system that was sabotaged by Stuxnet.

Jalali and other Iranian officials have said that Stuxnet managed to affect a limited number of Iran's centrifuges but that damage was contained after the discovery.

“It must be taken into consideration that (the fact that we dealt with) Stuxnet does not mean that the threat has been completely eliminated since worms have specific life cycles and can continue their activities in other forms,” Mehr quoted him as saying. “Therefore the country should prepare itself to tackle future worms since future worms, which may infect our systems, could be more dangerous than the first ones.”

There's no evidence researchers outside of Iran have examined the new worm.

“We can't tie this case to any particular sample we might already have,” F-Secure researcher Mikko Hypponen wrote in a blog post published Monday. “We don't know if this is another cyber attack launched by (the) US government. We don't know if Iran officials have just found some ordinary Windows worm and announced it to be a cyber war attack.” ®

Original Page: http://www.theregister.co.uk/2011/04/25/iran_under_second_worm_attack/

Shared from Read It Later

Elyssa Durant, Ed.M. 

United States of America 

Forgive typos! iBLAME iPhone

Posted via email from Whistleblower

Cloak and dagger: Stuxnet & SCADA

Mystery lingers over stealthy Stuxnet infection

by John Leyden, theregister.co.uk
September 27th 2010 5:15 PM

Analysis The infamous Stuxnet worm infected 14,000 systems inside Iran, according to new estimates.

The sophisticated and complex malware was tuned to infect supervisory control and data acquisition (SCADA) systems that are used to control power plants and factories. Stuxnet was tuned to attack specific configurations of Siemens Simatic WinCC SCADA system software. The technology is used in industrial control systems in power plants, oil pipelines and factories.

In addition to exploiting four zero-day vulnerabilities, Stuxnet also used two valid certificates (from Realtek and JMicron) and rootlet-style technology, factors that helped the malware stay under the radar for much longer than might normally be the case. The malware is capable of reprogramming the programmable logic controllers (PLCs) of control systems. Infected USB sticks are reckoned to be the main route of initial infection but once established Stuxnet spreads via default shares.

It was first detected by VirusBlokAda, an anti-virus firm based in Belarus, in late June, and confirmed by other security firms shortly afterwards in July.

Some have used this, along with the pattern of the worm's infection and sophistication, to suggest it was the work of an intelligence agency rather than regular cybercrooks and that its objective may have been to damage Iran's new nuclear reactor in Bushehr.

"Studies conducted show some personal computers of the Bushehr nuclear-power plant workers are infected with the virus," Mahmoud Jafari, a facility projects manager, at Bushehr, told Iran's official Islamic Republic News Agency, the Wall Street Journal reports. He added that no significant damage was caused and the infection is unlikely to delay the scheduled completion of the plant next month. State media, by contrast, is reporting no infection at Iranian nuclear facilities.

Figures from Kaspersky Lab suggest far more systems in India (86,000) and Indonesia (34,000) have been affected than those inside Iran since the malware was first detected, back in July. However, binaries later associated with the malware were detected months before this, leading some to suggest Stuxnet may have been around for as long as a year.

The Russian anti-virus firm said that there's no firm evidence of the intended target much less who the creators of the attack are. However it is possible to narrow down the possibilities. Kaspersky describes the worm as a "one-of-a-kind, sophisticated malware attack" backed by a "well-funded, highly skilled attack team with intimate knowledge of SCADA technology".

"We believe this type of attack could only be conducted with nation-state support and backing," it concludes.

Other antivirus analysts agree with Kaspersky that the primary aim of the malware was sabotage rather than to information extraction (spying).

A comprehensive technical FAQ on the Stuxnet from McAfee can be found here. More detail on how Stuxnet infects systems can be found in an overview, complete with helpful diagrams, from Symantec, here.

Theories and further analysis about Stuxnet, which has started to receive widespread mainstream coverage over the last few days thanks to the Iranian nuke plant angle, are due to be discussed at the Virus Bulletin conference in Vancover later this week. For a contrary view, that the whole thing has been ridiculously overhyped, see Vmyths here. ®

Original Page: http://www.theregister.co.uk/2010/09/27/stuxnet_analysis/

Shared from Read It Later

Elyssa Durant, Ed.M. 

United States of America 

Forgive typos! iBLAME iPhone

Posted via email from Whistleblower

MS confirms Windows shortcut zero-day flaw • The Register

MS confirms Windows shortcut zero-day flaw

by John Leyden, theregister.co.uk
July 19th 2010 9:19 AM

Microsoft has confirmed the presence of a zero-day vulnerability in Windows, following reports of sophisticated malware-based hacking attacks on industrial control systems that take advantage of the security flaw.

Security shortcomings in the Windows shortcut (.lnk files) are being exploited by the Stuxnet rootlet, an information stealing threat that targets industrial and power plant control systems. The malware - which has been detected in the wild - executes automatically if an infected USB stick is accessed in Windows Explorer.

The attack features rootkit components designed to hide the presence of the information-stealing payload on compromised systems. The digital certificate, assigned to legitimate firm Realtek Semiconductor, used to sign the rootkit components in the malware was revoked by VeriSign last week following discovery of the attack.

All versions of Windows - including Win XP SP2, widely used despite the discontinuation of further security updates earlier this month - are vulnerable. Disabling Windows AutoPlay and AutoRun - the normal defence against malware on USB sticks - has no effect.

Sophos has published a video illustrating the attack in action against a fully patched Win 7 system on its YouTube channel here.

In an advisory, Microsoft confirmed the flaw and suggested possible workarounds, ahead of a possible future patch.

"Microsoft is investigating reports of limited, targeted attacks exploiting a vulnerability in Windows Shell, a component of Microsoft Windows," it said.

"The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut. This vulnerability is most likely to be exploited through removable drives.

"For systems that have AutoPlay disabled, customers would need to manually browse to the root folder of the removable disk in order for the vulnerability to be exploited."

The same vulnerability might also lend itself to exploitation via Windows file shares and WebDav as well as infected USB sticks, net security firm F-Secure adds. Disabling the displaying of icons for shortcuts and turning off WebClient service are offered by Microsoft as workarounds against possible attacks, ahead of the completion of Microsoft's investigation and the possible publication of a more comprehensive security fix. These workarounds would also work on end of life Win XP SP2 systems.

Additional commentary on the flaw, including the results of early analysis, can be found in a blog post by the SANS Institute's Internet Storm Centre here. ®

Original Page: http://www.theregister.co.uk/2010/07/19/win_shortcut_vuln/

Shared from Read It Later

Elyssa Durant, Ed.M. 

United States of America 

Forgive typos! iBLAME iPhone

Posted via email from Whistleblower

PC consultant pleads not guilty to malware 'sextortion' plot • The Register

PC consultant pleads not guilty to malware 'sextortion' plot

by Dan Goodi, theregister.co.uk
July 21st 2010 1:16 AM

A California computer consultant has pleaded not guilty to federal charges he engaged in an insidious “sextortion” scheme in which he hacked into scores of computers and used the personal information he found to extort sexually explicit videos from female victims, many of whom were juveniles.

Luis Mijangos of Santa Ana, California, entered the plea in Los Angeles federal court on Monday, assistant US attorney Mark Krause said. He remains free on a $10,000 unsecured bond, according to court documents.

According to court documents, Mijangos used peer-to-peer networks to infect more than 100 computers with malware that allowed him to take full control of video cameras and access intimate pictures, videos and other files. He then notified female victims that he planned to publish the sensitive information unless they provided him with sexually explicit videos.

In other cases, Mijangos used the compromised computers of teenage boys to trick their girlfriends into providing him with “intimate images and videos,” according to an indictment filed in the case. He would then contact the female victims directly and demand additional intimate content.

Investigators who searched Mijangos's home said they found dozens of videos that appeared to be shot from the web cams of infected PCs. They “showed the unknowing victim in some sort of undress (ie getting out of the shower, dressing for the day, having sex with a partner)”, according to an affidavit filed in the case. Many of the victims remain unidentified and appear to be juveniles.

Mijangos is also accused of using the information lifted from infected PCs to engage in payment card fraud. In March, he possessed at least 15 “unauthorized access devices,” which is legal parlance for things such as stolen usernames and passwords, account numbers and verification numbers. Institutions that were allegedly defrauded included PayPal and Wachovia Bank.

His next court appearance is scheduled for August 9 for a pre-trial status conference. Trial has been set for August 17, but it wouldn't be surprising for that date to be pushed back, given the complexity of the case. ®

Original Page: http://www.theregister.co.uk/2010/07/21/mijangos_not_guilty_plea/

Shared from Read It Later

Elyssa Durant, Ed.M. 

United States of America 

Forgive typos! iBLAME iPhone

Posted via email from Whistleblower

Man nabbed nude pics from women's email accounts • The Register

Man nabbed nude pics from women's email accounts

by Dan Goodi, theregister.co.uk
January 14th 2011 12:37 AM

A California man on Thursday admitted breaking into the Facebook and email accounts of hundreds of women and stealing nude and semi-nude pictures of them.

George Samuel Bronk, 23, of Citrus Heights, pleaded guilty to seven felony charges, including computer intrusion, false impersonation and possession of child pornography. He faces a maximum six years in prison and will have to register as a sex offender.

When Bronk's home was raided in September, investigators found more than 170 explicit photographs of women stored on his hard drive. The women resided in California and 16 other states as well as the UK.

Bronk acquired the pictures by trawling Facebook for women who included their email addresses and personal information, such as their favorite food, their high school or mother's maiden name. He then used those details to reset the passwords for their email accounts. Once in, he searched the victims' sent folders for nude or semi nude pictures.

In some cases, he sent the pictures to everyone in the victim's address book. In other cases, he threatened to make the pictures public unless the women sent even more explicit images. He told one woman he did it "because it was funny."

The investigation began after one victim notified Connecticut State Police that her account had been breached. The agency then contacted the California Highway Patrol after discovering the perp was likely located there.

Investigators are having a hard time identifying the majority of the victims. In some cases, the investigators were able to rely on locating tags embedded in the photos. Police have emailed 3,200 questionnaires to potential victims, but so far only 46 women have come forward.

A press release from the California Attorney General's office is here. ®

Original Page: http://www.theregister.co.uk/2011/01/14/mass_explict_pic_theft/

Shared from Read It Later

Elyssa Durant, Ed.M. 

United States of America 

Forgive typos! iBLAME iPhone

Posted via email from Whistleblower

[[ forbidden to see status ]]

Tickety Tock Tock (@th3j35t3r)
6/12/11 7:14 PM
@lolunix - Howdy. I am afraid I have always worked alone, & have no desire to play nicely with the other kids, especially @LandryTom #peace
lolunix (@lolunix)
6/12/11 7:09 PM
@LandryTom so are you guys working with @th3j35t3r or ...... worthy cause regardless.. just curious

[[you can't see it here, but I Twitpic conversation thread, "forbidden to see status!" oops! That leads me to believe  their is lizard hiding under that boat!]{

^ed over and out 


Elyssa Durant, Ed.M. 
United States of America 

Forgive typos! iBLAME iPhone

Posted via email from Whistleblower

Conversation Ligatt

The Lulz Boat (@LuLzOps)
6/7/11 3:35 PM
@GregoryDEvans @LuzSec UR A FAG Evans you probably got raped to much in federal, that a dirt nap you whitehat scum
Gregory D. Evans (@GregoryDEvans)
6/7/11 2:48 PM
@LuzSec This BS! I never said anything of the sort! This is just another rumor someone made up!

Elyssa Durant, Ed.M. 

United States of America 

Forgive typos! iBLAME iPhone

Posted via email from Whistleblower

@yj51395, 6/25/11 2:57 PM #China

刚强的鹰 (@yj51395)
6/25/11 2:57 PM
RT @dwbjr69: RT @ElyssaD: @dwbjr69 lol! I think I made my point. I go back to blogging! Thank you, Davey.<TY

Elyssa Durant, Ed.M. 

United States of America 

Forgive typos! iBLAME iPhone

Posted via email from Whistleblower