Monday, October 30, 2017

DailyDDoSe: Indictment Day

As I writer, I have a pretty loyal fan base. People become addicted and my sites are mirrored all over the world in multiple languages. Some people love me, some people hate me and some people love to hate me. But the one thing that makes my voice so powerful is that I make people FEEL. 

If my language, style or profanity offends you, unfollow me. I won’t change my style and it’s only going to get worse as the day the goes on. 

I see no value in providing people with false narratives and holding back. I call it as I see it. If that offends you, you can always retreat into your safe place. 

We are living in a time of unprecedented violence, hatred and corruption. My job is to bring that to your attention. I don’t use my press credentials here, because I won’t pretend to be unbiased. You are my family and my friends. I will not pretend for your sake that everything is okay. We are in serious trouble here in America. 


If you get anything from my posts, I hope it is motivation. Get off your ass and DO SOMETHING!! This needs to end. And it needed to end yesterday. 

Yours, 

Elyssa D. Durant
Research and Policy Analyst 

Thursday, October 26, 2017

DANGER DANGER

DailyDDoSe © ElyssaD
© October 25, 2017

Before the United States and other Allies went to Germany to fight Nazis and Hitler years passed and countless Jews were executed as the world watched from afar.

It has become abundantly clear that "President" Donald J. Trump has embraced the support from White Supremacists and  Nazis who carry their flags at his rallies.  When confronted with the facts, Trump unscripted said they were "very fine people".

Trump receives letters of thanks and support from David Duke and allowed Mike Cernovich to visit the White House  Richard Spencer, Nigel Farage, Paul Joseph Watson; all known mouthpieces for the Alt-Right White Supremacist movement and the only time denounces these affiliations is when he is reading a script off a teleprompter. 

Does he know we can tell the difference?

Trump has only been in office for nine months and will be known for being the most divisive President in American history. He attacks minorities on a regular basis referring to Mexicans as rapists and Blacks as Sons of Bitches.


His hateful rhetoric only gets worse by the day and I have to ask, how long are we going to sit by and let this happen to our homeland?


Enough is enough. It/s time to impeach and indict Trump.  NOW!
Millions were killed before America deployed the military for World War II. 


I have to wonder what took us so long. 


There is renewed outrage once again demanding that Trump be relieved of his duties.


We saw similar demands and outrage after KKK rallies when A women was killed at peaceful protest.


For people who suddenly saw Trump for the White Supremacist has always been after  Charlotte, I have to ask,  WHAT TOOK YOU SO LONG?

As the grow shorter with a new season upon us, I am shocked that Trump hasn’t been removed yet.


I don’t care if they drag him let kn handcuffs or a straight jacket but Donald J. Trump is  by far the most dangerous man to the American people.


Wednesday, October 25, 2017

Many organizations —AMAZON— unprepared for DNS attacks, reveals new global survey - Latest Web Hosting Trends | Cloud News

Many organizations unprepared for DNS attacks, reveals new global survey - Latest Web Hosting Trends | Cloud News
My Amazon was hacked three times over again. I can personally conform that this a fùcking nightmare. 



Many organizations unprepared for DNS attacks, reveals new global survey

According to the recently released results of a global survey by Infoblox Inc., most of the companies are still not well-prepared against DNS attacks. The survey found that the companies have inadequate defenses against DNS attacks and DNS security is often ignored during charting an organizational cybersecurity strategy.

The study was conducted by Dimensional Research, and they surveyed over 1000 security and IT professionals across the world, and found that 86% of DNS solutions failed to pre-alert teams of an occurring DNS attack, and approximately one-third of the companies were not sure whether they can defend against the DNS attack in future.

Infoblox had last year reported that there was an increase of 71% in DDoS attacks from 2015 to 2016, which had knocked many leading companies including Amazon, Twitter, New York Times, and more. But still only 11% of the companies have dedicated security teams for DNS management, which shows that DNS is not a high priority for most of the companies.

"Our research reveals a gap in the market – while we found that DNS security is one of IT and security professionals' top three concerns, the vast majority of companies are ill-equipped to defend against DNS attacks," said David Gehringer, principal at Dimensional Research. "This is exacerbated by the fact that companies are extremely reactionary when it comes to DNS security, only prioritizing DNS defense once they have been attacked. Unless today's organizations begin moving to a proactive approach, DDoS attacks such as the one on DNS provider Dyn will become more pervasive."

The other important findings of this survey are:

• 3 out of 10 companies had already faced DNS attacks, and it had resulted in downtime in most cases, nearly 93%.

• 71% of the companies already had real-time monitoring for DNS attacks, even then, 86% of their solutions had failed to notify their teams about an occurring DNS attack.

• Only 37% of the companies could defend all DNS attacks, while 63% of them were apparently not capable to defend the next DNS attack.

• 74% of the companies had anti-virus monitoring as their top priority until they faced a DNS attack. Following an attack, the DNS security became the top priority for 70% of them.

• As for the financial losses by DNS attacks, 24% of the companies lost over $100,000 from their last attack, while 54% of them lost $50,000 or more.

Also read: Latest release Kubernetes 1.8 focuses on security and workload support

The number of DNS attacks is increasing each year. Reducing or completely eliminating the network outage threat can make a huge difference between the success and failure of a business, and the most important element to keep a network up and running is by securing the Domain Name System.

So, the companies need to give DNS security the attention it deserves, since DNS is going to remain one of the most vulnerable internet systems.



^ed 

Every Wi-Fi enabled device vulnerable to a new security attack called KRACK - Latest Web Hosting Trends | Cloud News

Every Wi-Fi enabled device vulnerable to a new security attack called KRACK - Latest Web Hosting Trends | Cloud News
An absolute nightmare for iot. 



Every Wi-Fi enabled device vulnerable to a new security attack called KRACK

Security researchers have discovered weaknesses in the WPA2 (Wi-Fi Protected Access II), the security protocol for most modern Wi-Fi networks. An attacker within the range of victim can interrupt credit card numbers, passwords, photos, and other sensible information using the bug called KRACK (Key Reinstallation Attacks).

What this means is that the security built into Wi-Fi is likely ineffective, and we should not assume it provides any security. If the security problem which researchers have discovered is true, then it will be very difficult to fix it. Because the WPA2 is built into almost every internet connected device.

During the initial research, it was found that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others are all affected by some variant of attacks. The attacks against Linux and Android 6.0 or higher devices could be devastating because these devices can be tricked into (re)installing an all-zero encryption key. Currently 41% of Android devices are vulnerable to this attack.

It is also possible that attackers can inject and manipulate data depending on the network configuration, such as ransomware or other malware data into websites.

US Homeland Security's cyber-emergency unit US-CERT confirmed the news of vulnerability on Monday and described the research this way- "US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017."

Most of the protected Wi-Fi networks including personal and enterprise WPA2 networks are affected by the KRACK and are at risk of attack. All the clients and access points that were examined by researchers were vulnerable to some variant of the attack. The vulnerabilities are indexed as: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088.

"The weakness lies in the protocol's four-way handshake, which securely allows new devices with a pre-shared password to join the network. If your device supports Wi-Fi, it is most likely affected," said Mathy Vanhoef, a computer security academic, who found the flaw.

Changing the passwords is not going to work even if you set a strong one. So, update all your devices and operating systems to the latest versions. As of now, users can protect themselves by sticking with sites that have HTTPS security, and keeping the Wi-Fi off. Since the security issue is related to Wi-Fi, the attacker has to be within a range, and the odds of widespread attacks are apparently low.

Also read: Many organizations unprepared for DNS attacks, reveals new global survey

The warning came at Black Hat security conference, and is scheduled to be formally presented on November 1 at ACM Conference on Computer and Communications Security (CCS) in Dallas.



^ed 

KRACK: Huge Wi-Fi Vulnerability Threatens Internet Armageddon

KRACK: Huge Wi-Fi Vulnerability Threatens Internet Armageddon
The latest threat to worry about. 

KRACK: Huge Wi-Fi Vulnerability Threatens Internet Armageddon

The IoT is predicated on Wi-Fi connectivity; whatever security flaws existed previously pale in comparison to a flaw discovered in the Wi-Fi security protocol itself. Hundreds of millions of existing Wi-Fi devices are at risk, and most will never be patched. Undoubtedly, this will raise calls for a new security protocol, like quantum encryption currently being perfected by China.  TN Editor

Security researchers have discovered weaknesses in the WPA2 (Wi-Fi Protected Access II), the security protocol for most modern Wi-Fi networks. An attacker within the range of victim can interrupt credit card numbers, passwords, photos, and other sensible information using the bug called KRACK (Key Reinstallation Attacks).

What this means is that the security built into Wi-Fi is likely ineffective, and we should not assume it provides any security. If the security problem which researchers have discovered is true, then it will be very difficult to fix it. Because the WPA2 is built into almost every internet connected device.

During the initial research, it was found that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others are all affected by some variant of attacks. The attacks against Linux and Android 6.0 or higher devices could be devastating because these devices can be tricked into (re)installing an all-zero encryption key. Currently 41% of Android devices are vulnerable to this attack.

It is also possible that attackers can inject and manipulate data depending on the network configuration, such as ransomware or other malware data into websites.

US Homeland Security's cyber-emergency unit US-CERT confirmed the news of vulnerability on Monday and described the research this way- "US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017."

Most of the protected Wi-Fi networks including personal and enterprise WPA2 networks are affected by the KRACK and are at risk of attack. All the clients and access points that were examined by researchers were vulnerable to some variant of the attack. The vulnerabilities are indexed as: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088.

"The weakness lies in the protocol's four-way handshake, which securely allows new devices with a pre-shared password to join the network. If your device supports Wi-Fi, it is most likely affected," said Mathy Vanhoef, a computer security academic, who found the flaw.

Changing the passwords is not going to work even if you set a strong one. So, update all your devices and operating systems to the latest versions. As of now, users can protect themselves by sticking with sites that have HTTPS security, and keeping the Wi-Fi off. Since the security issue is related to Wi-Fi, the attacker has to be within a range, and the odds of widespread attacks are apparently low.

Read full story here…

Related Articles That You Might Like



^ed 

Israel Hacked Kaspersky, Caught Russian Spies Hacking American Spies, But...

Israel Hacked Kaspersky, Caught Russian Spies Hacking American Spies, But...

but what?

Israel Hacked Kaspersky, Caught Russian Spies Hacking American Spies, But...

kaspersky-hacking-news
The cold cyber war has just turned hot.

According to a story published today by the New York Times, Israeli government hackers hacked into Kaspersky's network in 2015 and caught Russian government hackers red-handed hacking US government hackers with the help of Kaspersky.

In other words — Russia spying on America, Israel spying on Russia and America spying on everyone.

What the F^#% is going around?

It is like one is blaming another for doing exactly the same thing it is doing against someone else. Wow!

Well, the fact that everyone is spying on everyone is neither new nor any secret. However, somehow now Kaspersky Labs is at the centre of this international espionage tale for its alleged devil role.

Just last week, the Wall Street Journal, an American media agency, published a story against the Kaspersky, a Russian antivirus provider, claiming that the Russian government hackers stole highly classified NSA documents and hacking tools in 2015 from a staffer's home PC with the help of Kaspersky Antivirus.

Even if the incident is real, quoting multiple anonymous sources from US intelligence community, Wall Street Journal article failed to provide any substantial evidence to prove if Kaspersky was intentionally involved with the Russian spies or some hackers simply exploited any zero-day vulnerability in the Antivirus product.
Now, the latest NYT story, again quoting an anonymous source from Israeli Intelligence Agency, seems another attempt to justify the claims made by WSJ article about Russians hacking NSA secrets.
"The role of Israeli intelligence in uncovering [the Kaspersky Labs] breach and the Russian hackers' use of Kaspersky software in the broader search for American secrets have not previously been disclosed," the NYT reported.

According to the report, United States officials began an immediate investigation in 2015 after Israel officials notified the U.S. National Security Agency (NSA) about the possible breach.

Indeed, in mid-2015, Moscow-based Kaspersky Lab detected sophisticated cyber-espionage backdoor within its corporate network and released a detailed report about the intrusion, although the company did not blame Israel for the attack.

At the time, Kaspersky said that some of the attack code the company detected shared digital fingerprints first found in the infamous Stuxnet worm, same malware which was developed by America and Israel to sabotage Iran's nuclear program in 2010.

This suspicion of malicious Kaspersky's behaviour eventually leads the U.S. Department of Homeland Security (DHS) to ban and remove Kaspersky antivirus software from all of its government computers.

Moreover, just last month, the U.S. National Intelligence Council shared a classified report with NATO allies concluding that the Russian FSB intelligence agency had access to Kaspersky's databases and as well as the source code.

However, Kaspersky Lab has always denied any knowledge of, or involvement in, any cyber espionage operations.

"Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage efforts," Kaspersky's founder Eugene Kaspersky said in a statement.

Eugene today also announced that he has just launched an internal investigation to cross-check if United States LEA has relevant facts.

Eugene previously admitted there's a possibility that NSA hacking tools could have been picked up as malware by their Anti-malware scanner because antivirus products are designed to work in that way.

"We absolutely and aggressively detect and clean malware infections no matter the source," the antivirus company said.

Until now it is quite tough to judge if Kaspersky was involved in any wrongdoing, but the ball is in America's court, who has to provide the actual evidence to the world about the highly classified Israeli counter-intelligence operation.


^ed 

KRACK Demo: Critical Key Reinstallation Attack Against Widely-Used WPA2 Wi-Fi Protocol

KRACK Demo: Critical Key Reinstallation Attack Against Widely-Used WPA2 Wi-Fi Protocol
KRACK IS WHACK

KRACK Demo: Critical Key Reinstallation Attack Against Widely-Used WPA2 Wi-Fi Protocol

wpa2-krack-wifi-hacking
Do you think your wireless network is secure because you're using WPA2 encryption?

If yes, think again!

Security researchers have discovered several key management vulnerabilities in the core of Wi-Fi Protected Access II (WPA2) protocol that could allow an attacker to hack into your Wi-Fi network and eavesdrop on the Internet communications.

WPA2 is a 13-year-old WiFi authentication scheme widely used to secure WiFi connections, but the standard has been compromised, impacting almost all Wi-Fi devices—including in our homes and businesses, along with the networking companies that build them.

Dubbed KRACKKey Reinstallation Attack—the proof-of-concept attack demonstrated by a team of researchers works against all modern protected Wi-Fi networks and can be abused to steal sensitive information like credit card numbers, passwords, chat messages, emails, and photos.

Since the weaknesses reside in the Wi-Fi standard itself, and not in the implementations or any individual product, any correct implementation of WPA2 is likely affected.

According to the researchers, the newly discovered attack works against:

  • Both WPA1 and WPA2,
  • Personal and enterprise networks,
  • Ciphers WPA-TKIP, AES-CCMP, and GCMP

In short, if your device supports WiFi, it is most likely affected. During their initial research, the researchers discovered that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by the KRACK attacks.
It should be noted that the KRACK attack does not help attackers recover the targeted WiFi's password; instead, it allows them to decrypt WiFi users' data without cracking or knowing the actual password.

So merely changing your Wi-Fi network password does not prevent (or mitigate) KRACK attack.

Here's How the KRACK WPA2 Attack Works (PoC Code):



Discovered by researcher Mathy Vanhoef of imec-DistriNet, KU Leuven, the KRACK attack works by exploiting a 4-way handshake of the WPA2 protocol that's used to establish a key for encrypting traffic.

For a successful KRACK attack, an attacker needs to trick a victim into re-installing an already-in-use key, which is achieved by manipulating and replaying cryptographic handshake messages.
"When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value," the researcher writes. 
"Essentially, to guarantee security, a key should only be installed and used once. Unfortunately, we found this is not guaranteed by the WPA2 protocol. By manipulating cryptographic handshakes, we can abuse this weakness in practice."
The research [PDF], titled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2, has been published by Mathy Vanhoef of KU Leuven and Frank Piessens of imec-DistriNet, Nitesh Saxena and Maliheh Shirvanian of the University of Alabama at Birmingham, Yong Li of Huawei Technologies, and Sven Schäge of Ruhr-Universität Bochum.

The team has successfully executed the key reinstallation attack against an Android smartphone, showing how an attacker can decrypt all data that the victim transmits over a protected WiFi. You can watch the video demonstration above and download proof-of-concept (PoC) code from Github.
"Decryption of packets is possible because a key reinstallation attack causes the transmit nonces (sometimes also called packet numbers or initialization vectors) to be reset to zero. As a result, the same encryption key is used with nonce values that have already been used in the past," the researcher say.
The researchers say their key reinstallation attack could be exceptionally devastating against Linux and Android 6.0 or higher, because "Android and Linux can be tricked into (re)installing an all-zero encryption key (see below for more info)."

However, there's no need to panic, as you aren't vulnerable to just anyone on the internet because a successful exploitation of KRACK attack requires an attacker to be within physical proximity to the intended WiFi network.

WPA2 Vulnerabilities and their Brief Details 


The key management vulnerabilities in the WPA2 protocol discovered by the researchers has been tracked as:

  • CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the four-way handshake.
  • CVE-2017-13078: Reinstallation of the group key (GTK) in the four-way handshake.
  • CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the four-way handshake.
  • CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
  • CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
  • CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
  • CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
  • CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
  • CVE-2017-13087: reinstallation of the group key (GTK) while processing a Wireless Network Management (WNM) Sleep Mode Response frame.
  • CVE-2017-13088: reinstallation of the integrity group key (IGTK) while processing a Wireless Network Management (WNM) Sleep Mode Response frame.

The researchers discovered the vulnerabilities last year, but sent out notifications to several vendors on July 14, along with the United States Computer Emergency Readiness Team (US-CERT), who sent out a broad warning to hundreds of vendors on 28 August 2017.
"The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others," the US-CERT warned. "Note that as protocol-level issues, most or all correct implementations of the standard will be affected."
In order to patch these vulnerabilities, you need to wait for the firmware updates from your device vendors.

According to researchers, the communication over HTTPS is secure (but may not be 100 percent secure) and cannot be decrypted using the KRACK attack. So, you are advised to use a secure VPN service—which encrypts all your Internet traffic whether it's HTTPS or HTTP.

You can read more information about these vulnerabilities on the KRACK attack's dedicated website, and the research paper.

The team has also released a script using which you can check whether if your WiFi network is vulnerable to the KRACK attack or not.

We will keep updating the story. Stay Tuned!


^ed 

#WikiLeaks publishes millions of Hacked Stratfor E-mails #gifiles

#WikiLeaks publishes millions of Hacked Stratfor E-mails #gifiles

Turns out I was right to block Wikileaks. And I'm still paying a price for it. 



#WikiLeaks publishes millions of Hacked Stratfor E-mails #gifiles

#WikiLeaks publishes millions of Hacked Stratfor E-mails #gifiles


WikiLeaks today began publishing more than five million confidential e-mails from US-based Intelligence firm Stratfor.  About 5.5m emails obtained from the servers of Stratfor, a US-based intelligence gathering firm with about 300,000 subscribers and has been likened to a shadow CIA.

The emails, snatched by hackers, could unmask sensitive sources and throw light on the murky world of intelligence-gathering by the company known as Stratfor, which counts Fortune 500 companies among its subscribers. Stratfor in a statement shortly after midnight said the release of its stolen emails was an attempt to silence and intimidate it.

The Online organisation claims to have proof of the firm's confidential links to large corporations, such as Bhopal's Dow Chemical Co and Lockheed Martin and government agencies, including the US Department of Homeland Security, the US Marines and the US Defense Intelligence Agency. WikiLeaks did not say how it had acquired access to the vast haul of internal and external correspondence of the Austin, Texas company, formally known as Strategic Forecasting Inc.

Stratfor, somewhat akin to a privatized CIA, sells its analyses of global politics to major corporations and government agencies.Members of Anonymous with direct knowledge of the hack and transfer of data to WikiLeaks told that the group decided to turn the information over to WikiLeaks because the site was more capable of analyzing and spreading the leaked information than Anonymous would be.

People linked to Anonymous took credit for the data theft.'Congrats on the amazing partnership between £Anonymous and £WikiLeaks to make all 5 million mails public,' AnonSec Tweeted. Hackers linked to the loosely organized Anonymous hackers group said at the beginning of the year they had stolen the email correspondence of some 100 of the firm's employees. WikiLeaks and Anonymous maintain the emails will expose dark secrets about the company.

WikiLeaks founder Julian Assange said, 'Here we have a private intelligence firm, relying on informants from the U.S. government, foreign intelligence agencies with questionable reputations and journalists.'

The first batch of released emails contains only 167, and the rest some 5 million are to be gradually released in the coming weeks, as WikiLeaks media partners report on what they found in them.The source of the leaked emails is Anonymous, who got their hands on it when they breached Stratfor's systems in December.

The group claims to have found evidence that Stratfor gave a complimentary membership to Pakistan General Hamid Gul, former head of Pakistan's ISI Intelligence service, who, according to US diplomatic cables, planned an IED attack against international forces in Afghanistan in 2006.

Bradley Manning, the man suspected of turning over a massive cache of classified US documents to the secret-spilling site, on Thursday declined to enter a plea at his arraignment. Manning, a 24-year-old US army private, is charged with 22 counts in connection with one of the biggest Intelligence breaches in US history. WikiLeaks was due to hold a Press conference at London's Frontline Club later today.

After Stratfor's computers were hacked at least twice last December, the credit card details of more than 30,000 subscribers to Stratfor publications were posted on the Internet. The hacking attack on Stratfor is subject to an FBI investigation. Several alleged members of Anonymous have been arrested by authorities in the US and UK as part of investigations.Stratfor had not at the time of writing commented on the authenticity of the published material.


^ed 

New Tool Debuts for Hacking Back at Hackers in Your ...

New Tool Debuts for Hacking Back at Hackers in Your ...
I need this. Given the state of my network I could do some serious damage if I knew how. 

With 17 admins added I would say that I certainly would not be one of the usual suspects and NOBODY has more plausible deniability than yours truly. 

Now who wants to teach me to code quickly. 

New Tool Debuts for Hacking Back at Hackers in Your Network

Deception technology firm Cymmetria offers a new offense option for defenders.

Call it hacking back, call it next-generation incident response, but don't call it illegal: that's how security firm Cymmetria frames a new security platform it rolled out today.

Cymmetria's newest deception technology platform, called MazeHunter, lets organizations engage with attackers that infiltrated their network and are operating on their machines. The company calls this "legal hackback," and along with the new tool also published a framework for organizations to determine what types of actions they can perform legally against the attacker in their network, as well as within their risk profile.

The idea for kicking deception and incident response up a notch with legal hack-back came via two of Cymmetria's customers, a Fortune 500 telecommunications firm and a major financial services firm, which separately approached Cymmetria about their interest in hacking back at attackers that had taken over machines in their networks. "They wanted to connect to the computer inside [their] network and steal their toolsets" or perform more proactive incident response tasks, says Gadi Evron, founder and CEO of Cymmetria.

Hacking back has long been a controversial topic in security circles. The act of attacking an attacker head-on outside your network is a high-risk practice that most experts do not recommend because it can quickly backfire or escalate an attack. Not only is it potentially dangerous, it's also illegal in the US under the Computer Fraud and Abuse Act (CFAA) to purposely access a computer without proper authorization. (However, a movement to legalize some form of hacking back was most recently introduced last week by Reps. Kyrsten Sinema, D-Ariz,. and Tom Graves, R-Ga. Their bill, H.R. 4036, the Active Cyber Defense Certainty Act, would amend CFAA.)  

"I don't think hacking back is a good thing. I also don't think it's a productive thing to engage with" attackers, says Itzik Kotler, CTO and co-founder of SafeBreach, of hacking hackers outside your network. Attackers can hide behind layers of IP addresses, and abusing others' systems or networks, for instance, can lead to collateral damage in a hack-back situation, he points out.

But Cymmetria says its new "legal hackback" MazeHunter passes CFAA muster because it only allows organizations to attack their own machines within their own network. They can interface live with the attacker camped on their machine, allowing them to feed phony data via deception technology, for example, or access the attacker's tools to thwart further attacks.

"Cymmetria's automated 'Hack Back' allows us to take the fight directly to the enemy, battling them on our own terms," said a senior executive from a telecommunications customer that requested the feature from Cymmetria. "They're on our turf, and we use that to our advantage."

The difference between this form of hacking back and pure incident response, according to Cymmetria, is that MazeHunter lets the victim organization run any payload on the infected machine to engage with the attacker, live. "You don't have to wait for forensics, after the fact. It extends the capabilities of incident response … so you can collect on their toolset, instead of [wondering] 'what are they doing to us?'" Evron explains. It also provides an automated way to contain or mitigate the attack.

Joe Stewart, a security researcher with Cymmetria, says it's also not a manual process like traditional incident response. "In the past, it was 'let's find that machine and send someone over to physically take it down, do forensics or use a tool we can launch,'" he says. "By then, the attacker is gone and you've lost an opportunity" to gain more information or even thwart the attacker's spread, he says.

"Why not just instantly launch our response right then and there … Get on that machine really quickly, get the payloads they have before they delete it" and forensics is built in, he adds. They can launch PowerShell, Metasploit, or other payloads on the attacker in their machine to fight back and thwart the attack, he says.

And unlike hacking back outside the network, the target is known. "They can be more aggressive in their response because they are 100% confident that the machine has a bad actor on it" because they've been employing deception technology and watching the attacker take the bait, for example, he says.

Deception Not Mainstream

But deception technology such as Cymmetria's remains a rarity, adopted mainly by the usual early adopters: government, financial services, and telecommunications providers. The concept isn't new: honeypot lures have been around in the research field for years. But a wave of deception technology startups such as Cymmetria, Illusive Networks, and TrapX, as well as veteran security firms, offer commercial products that allow organizations to be a bit more aggressive in their defenses with phony devices or fake data to lure and catch attackers in action.

[Hear INGuardians' John Sawyer discuss "Using Offensive Tools to Improve Enterprise Cyber Defense" at the INSecurity conference at National Harbor, Md., on Wed., Nov. 29. Register here.]

The so-called legal hack-back approach now offered by Cymmetria takes deception and incident response to the next level. Even so, most organizations are still mainly concerned with minimizing the damage and getting back to business after an attack.

John Sawyer, senior managing researcher with INGuardians, says in most incident response cases, victims are all about returning to normalcy: "The primary goal is to make sure data didn't get stolen and equipment is back online. It's not about attribution; that's a little harder," he says, although some organizations would like to know who was behind their security incident. 

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry's most knowledgeable IT security experts. Check out the INsecurity agenda here.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

More Insights

ElyssaD (maybe) 

^ed 

Trump Orders Removal of Kaspersky Products from ...

Trump Orders Removal of Kaspersky Products from ...
Trump hasn't even acknowledged that we were hacked and certainly isn't doing jack shit to resolve or improve our CyberSecurity. 

Just wait until they take down the power grid with SCADA or dox his tax returns now that Equifax has a government contract with the IRS. 


I've never felt so vulnerable in my life. 




Trump Orders Removal of Kaspersky Products from Federal Systems

The president cites concern that the Russia-based company could be influenced by the Kremlin.

President Trump instructed all federal departments and agencies to purge Kaspersky Lab products and services from their information systems, marking the latest blow to the Russian cybersecurity company.

Trump issued his order citing concerns that the Kremlin could influence Kaspersky Lab, according to a Reuters report. Within the next 30 days, all federal agencies are required to identify Kaspersky products and services on their systems, and within 90 days remove these products and services and discontinue their future use, according to a statement from the US Department of Homeland Security. Kaspersky will have a chance to respond in writing to the Department of Homeland Security's concerns.

"The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks," the Department of Homeland Security stated. "The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security."

Kaspersky will have a chance to respond in writing to the Department of Homeland Security's concerns. The company, in a statement, says: "Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts, and it's disconcerting that a private company can be considered guilty until proven innocent, due to geopolitical issues. The company looks forward to working with DHS, as Kaspersky Lab ardently believes a deeper examination of the company will substantiate that these allegations are without merit."

Sponsor video, mouseover for sound

Read more about Kaspersky and the Department of Homeland Security here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

More Insights



^ed 

DHS Statement on the Issuance of Binding Operational Directive 17-01 | Homeland Security

DHS Statement on the Issuance of Binding Operational Directive 17-01 | Homeland Security
Lol 

Too little too late 

DHS Statement on the Issuance of Binding Operational Directive 17-01

For Immediate Release
Office of the Press Secretary
Contact: 202-282-8010

WASHINGTON – After careful consideration of available information and consultation with interagency partners, Acting Secretary of Homeland Security Elaine Duke today issued a Binding Operational Directive (BOD) directing Federal Executive Branch departments and agencies to take actions related to the use or presence of information security products, solutions, and services supplied directly or indirectly by AO Kaspersky Lab or related entities.

The BOD calls on departments and agencies to identify any use or presence of Kaspersky products on their information systems in the next 30 days, to develop detailed plans to remove and discontinue present and future use of the products in the next 60 days, and at 90 days from the date of this directive, unless directed otherwise by DHS based on new information, to begin to implement the agency plans to discontinue use and remove the products from information systems.

This action is based on the information security risks presented by the use of Kaspersky products on federal information systems. Kaspersky   anti-virus products and solutions provide broad access to files and elevated privileges on the computers on which the software is installed, which can be exploited by malicious cyber actors to compromise those information systems. The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks. The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.

The Department's priority is to ensure the integrity and security of federal information systems. Safeguarding federal government systems requires reducing potential vulnerabilities, protecting against cyber intrusions, and anticipating future threats. While this action involves products of a Russian-owned and operated company, the Department will take appropriate action related to the products of any company that present a security risk based on DHS's internal risk management and assessment process.

DHS is providing an opportunity for Kaspersky to submit a written response addressing the Department's concerns or to mitigate those concerns. The Department wants to ensure that the company has a full opportunity to inform the Acting Secretary of any evidence, materials, or data that may be relevant. This opportunity is also available to any other entity that claims its commercial interests will be directly impacted by the directive. Further information about this process will be available in a Federal Register Notice.

# # #

Last Published Date: September 13, 2017

Elyssa Durant 


^ed 

Trump Orders Removal of Kaspersky Products from ...

Trump Orders Removal of Kaspersky Products from ...
Trump lol


Trump Orders Removal of Kaspersky Products from Federal Systems

The president cites concern that the Russia-based company could be influenced by the Kremlin.

President Trump instructed all federal departments and agencies to purge Kaspersky Lab products and services from their information systems, marking the latest blow to the Russian cybersecurity company.

Trump issued his order citing concerns that the Kremlin could influence Kaspersky Lab, according to a Reuters report. Within the next 30 days, all federal agencies are required to identify Kaspersky products and services on their systems, and within 90 days remove these products and services and discontinue their future use, according to a statement from the US Department of Homeland Security. Kaspersky will have a chance to respond in writing to the Department of Homeland Security's concerns.

"The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks," the Department of Homeland Security stated. "The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security."

Kaspersky will have a chance to respond in writing to the Department of Homeland Security's concerns. The company, in a statement, says: "Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts, and it's disconcerting that a private company can be considered guilty until proven innocent, due to geopolitical issues. The company looks forward to working with DHS, as Kaspersky Lab ardently believes a deeper examination of the company will substantiate that these allegations are without merit."

Sponsor video, mouseover for sound

Read more about Kaspersky and the Department of Homeland Security here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

More Insights

Chillieh 🐧

^ed