IT and Cyber Security News Update from
Centre for Research and Prevention of Computer
Courtesy - Sysman Computers Private Limited, Mumbai (www.sysman.in)
Since June 2005 December 22, 2014 Issue no 1521
Tenth year of uninterrupted publication
(Click on heading above to jump to related item. Click on Top to be back here)
Rajnath Singh has admitted gaps in cyberspace monitoring by the government and said he had set up a committee to suggest ways to strengthen the system.
Dec 17, 2014
NEW DELHI: Home minister Rajnath Singh on Tuesday admitted gaps in cyberspace monitoring by the government and said he had set up a committee to suggest ways to strengthen the system and ensure proper monitoring of cyberspace.
It was exposed last week that intelligence agencies had no clue of the identity or location of Mehdi Biswas, the Bangalore man behind the ISIS Twitter handle @ShahiWitness, till UK's Channel 4 exposed his identity. The home minister's statement was prompted after former home secretary and now BJP MP, RK Singh on Tuesday pointed out in Parliament that the government had no control over ISIS propaganda in cyberspace as servers were located abroad.
RK Singh also pointed out that though the home ministry had banned ISIS and put it under the schedule of banned organisations under Unlawful Activities (Prevention) Act, it was not being communicated properly to people that ISIS was a dangerous organization. "It is important that people of the country are told that this is a dangerous organization and they should stay away from it. The statements that should come to that effect...that we have not seen yet," RK Singh said in Parliament on Tuesday.
The home minister meanwhile gave credit to families from minority community for discouraging their children from getting influenced by the terror group.
IDG News Service
December 19, 2014
A German steel factory suffered massive damage after hackers managed to access production networks, allowing them to tamper with the controls of a blast furnace, the government said in its annual IT security report.
The report, published Wednesday by the Federal Office for Information Security (BSI), revealed one of the rare instances in which a digital attack actually caused physical damage.
The attack used spear phishing and sophisticated social engineering techniques to gain access to the factorys office networks, from which access to production networks was gained. Spear phishing involves the use of email that appears to come from within an organization. After the system was compromised, individual components or even entire systems started to fail frequently.
Due to these failures, one of the plants blast furnaces could not be shut down in a controlled manner, which resulted in massive damage to plant, the BSI said, describing the technical skills of the attacker as very advanced.
The attack involved the compromise of a variety of different internal systems and industrial components, BSI said, noting that not only was there evidence of a strong knowledge of IT security but also extended know-how of the industrial control and production process.
The hack sounds similar to attacks involving the Stuxnet worm. Considered the first known cyberweapon, Stuxnet is believed to have been created by the U.S. and Israel to attack Irans nuclear program. Discovered in 2010, the worm has espionage and sabotage functionalities that were used to destroy up to 1,000 uranium enrichment centrifuges at a nuclear plant near the city of Natanz in Iran.
18 Dec 2014
Sony Pictures Entertainment has canceled the Christmas Day release of "The Interview" amid threats of a widespread attack from hackers, who U.S. intelligence officials say were working for North Korea. But how does a poverty-stricken country with unreliable electricity even accumulate cyber-capabilities to level an international corporation the size of Sony?
North Korea is a totalitarian state with a per capita GDP of under $2,000, compared with $22,000 for South Korea. But while average citizens hustle for food and survival, North Korea's all-powerful upper classwith access to cashhas ramped up its digital infrastructure in recent years. The regime's elite cyberarmy has shrewdly learned to execute and recycle quick-and-dirtyyet effectivecyberattacks and malware to prey on high-level targets. They previously have included a bank, university and media websites, according to prosecutors.
"While the regime does not appear to have an advanced cyber-capability, we should never underestimate the potential impact of North Korea utilizing less advanced, quick-and-dirty tactics," said Ted Ross, security research director for enterprise security products at U.S. tech giant Hewlett-Packard.
The full details of North Korea's involvement in the November data breach, according to U.S. officials, aren't yet available. But an audit of Sony Pictures' computer network conducted months before the attack revealed gaps in the way the company monitored its system, as Re/code has reported. It was a window of opportunity, it seems, that North Korean hackers noticed and seized to stunning effect.
The data breach has outed business transactions including the James Bond script "Spectre" as well as personal details about employee health records, bank transactions, Social Security numbers and emails that go back years. Security experts say the Sony breach is an omen about the dangers of modern cyberterrorism in a post 9/11 worldwhether the perpetrators are from North Korea or some other rogue state.
Wake-up call for all companies, employees
As the ripple effect widens, the Sony attack is proving to be about much more than leaked, juicy emails among movie stars and Hollywood studio executives. The breach is a warning for all employees and businesses, large and small, to reflect on the storage of sensitive business information, and the treasure trove of employee details housed in human resource departments.
There will be re-evaluations about how companies conduct business including the use of cloud storage computing and "BYOD," or the practice of bringing your personal devices to work, which businesses allow amid cost-cutting.
The hackers obtained some 100 terabytes of data stolen from Sony servers. That's roughly 10 times the entire printed collection of the Library of Congress.
"This incident covers the broad spectrum of your worst nightmare for cybersecurity," said Jason Glassberg, co-founder of Casaba Security, based in Seattle.
The movie "The Interview" depicts two American journalists, played by Seth Rogen and James Franco, who secure a rare interview with North Korean leader Kim Jong Un and are tasked with executing him. The film's planned U.S. release on Christmas Day was canceled Wednesday after several large cinema chains said they would not show the film. There are no further release plans including video-on-demand or other platforms.
The North Korean government, meanwhile, has denied responsibility for the data breach. But a spokesman quoted by the North's Korean Central News Agency described the attack as a "righteous deed."
New revelations about North Korea's involvement in the attack, according to U.S. officials, mark a sharp turn for the federal investigation into the hack. But how might North Korea have executed such a spectacular data breach?
For starters, the isolated, communist nation has been pursuing cyberstrategies as far back as the 1980s. It's cheaper than sending men to gather intelligence on perceived enemies. There are at least 3,000 North Korean cyberwarriors, though some reports place that number higher.
Rinse and repeat: The north's cyberstrategy
North Korea's computer network operations and their capabilities pale compared with wealthier, industrialized nations including South Korea, one of the most wired countries in the world. But the North's "regime has made significant progress in developing its infrastructure and in establishing cyber-operations in the past few years," said HP's Ross in an email to CNBC.com.
And while the regime's network capabilities are far from modern, the North's cyberarmy has smartly focused on more bare-bones cyberattacks and replicated those tactics effectively. "Attacks and malware attributed to North Korean origin are not particularly sophisticated and recycle similar tactics, techniques and procedures," Ross explains. Malware can include everything from viruses to infected software.
One simple yet efficient cyber tool for the regime has been a distributed denial-of-service, often known as "DDoS" attacks. In a typical DDoS attack, the perpetrator exploits many computers and multiple server connections to create a wide, exponential effect. Such attacks are generally more difficult to thwart than narrower cybertactics.
Tactics used in the Sony hack also seem to mirror what's known about the North including the use of wiper malware. This technique eliminates both the master boot record and all host data, Ross explains. The technology and code behind wiper malware is not particularly complex. But with enough industrious perpetrators cobbling together the code, the end product can be effective malware with multiple trigger points that set off a wave of data contamination.
"This is very similar to the behavior of the malware used in previous attacks attributed to North Korea," said Ross. The North also has been known to use malware that targets South Korean military interests.
Luckily for poor North Korea, low-level cyber-procedures can bring results. James A. Lewis, a cyberpolicy expert at the Center for Strategic and International Studies, speaking at an event Wednesday, said 80 percent of attacks only require basic techniques.
Gaps in Sony's system
Beyond specific cyberstrategies, the North's elite unit of cyberwarriors are culled from a young age and nurtured in Pyongyang, North Korea's capital city, according to Heung Kwang Kim, a North Korean defector and former computer science professor. Kim spent nearly 20 years in the regime educating promising students.
Armed with skilled cyberwarriors and attack strategies, North Korea noted the upcoming release of "The Interview." Sony Pictures' network, meantime, was sitting there with gaps, as Re/code has reported. Then North Korea pounced.
The security audit, from mid-July to Aug. 1, was performed by PricewaterhouseCoopers and found one firewall and more than 100 other devices that were not being monitored by the corporate security team charged with oversight of infrastructure.
When it comes to data security, companies generally focus intently on external data entering and infecting the system. Less attention is paid to how sensitive company information including emails and other documents leave a company network, an area often referred to as "exfiltration."
Sony Pictures "didn't seem to have a coordinated strategy in terms of intrusion detection or exfiltration or data moving out," said Glassberg of Casaba Security.
According to Re/code, a spokesperson for the studio declined to comment on the audit report. A PwC auditor who received the report did not respond to Re/code's interview requests.
Beyond the audit, the sheer breadth and depth of the breach suggest the data, from scripts to employee health information, may have been housed on a small group of servers and not distributed widely. "People are going to be talking about data segregation going forward," Glassberg said.
Investigators, Sony executives and lawyers are now combing over the wreckage. There are larger diplomatic questions about how the U.S. might respond to the attack.
In a cluster of events, the American-produced raucous comedy is the tip of North Korea's growing list of problems and perceived enemies. The regime is facing international scrutiny about human rights violations, which some leaders are now trying to refer to the International Criminal Court.
The North Korean regime and Kim, believed to be in his 30s, are watching all of its enemies, including filmmakers. And the regime has responded deftly with its cyberarmy.
"This is a huge wake-up call," says Jason Habinsky, a New York City-based labor and employment partner at Haynes and Boone. "Every company big and small is at risk now. This is like watching a thriller. Or a horror film."
by Scott Roxborough
Dec 15, 2014
Hackers have released the emails and passwords of employees of the Swedish government in retaliation for Sweden's crackdown on the popular file-sharing site.
Last week, Swedish authorities staged a raid, in which they seized computer servers they said were used by The Pirate Bay as part of an operation targeting crimes related to intellectual property rights. The Pirate Bay, one of the most popular file-sharing sites on the Internet, went offline and has not yet returned, although mirror and copy-cat sites have popped up in the wake of the raid.
A group calling itself HagashTeam 2015 posted a list of email addresses and passwords for Swedish government employees. The post said the release was in retaliation for The Pirate Bay! The post also included individual emails from several other countries, including India, Mexico, Israel and Brazil.
The post, which ends with the cheerful Merry Christmas & a Happy New Year to all! also thanks the hacktivist group Anonymous, though it is not immediately clear if Anonymous was directly involved in the hack. The HagashTeam has been active since 2013. Its Twitter feed is dominated by political postings. A post dated Nov. 30, says the reasoning behind our recent work is (to)... embarrass corporations/corrupt organizations, as well as governments.
This isn't the online hack attack connected to The Pirate Bay raid. Swedish Internet group Telia confirmed it has been targeted by another group, a hacking collective called Lizard Squad, in a move designed to slow or disrupt Telia's online service.
The Pirate Bay has been under fire by governments and copyright holders for years but authorities have upped the pressure recently. Courts in France and the U.K. have ordered Internet service providers to block access to the site and Google has taken steps to remove apps liked to The Pirate Bay from its online app store.
Stands for "Downloadable Content." DLC refers to additional content that can be downloaded within a video game. It has become a common feature in PC, console, and mobile games.
The most common type of downloadable content is extra maps or levels that extend the gameplay of the original game. For example, Activision provides Modern Warfare players with new downloadable levels every few months. The company also releases new songs for its Guitar Hero series on a regular basis. By downloading new levels or songs, players can continue to enjoy new challenges after completing the original game.
Another popular type of DLC includes extra items that can be incorporated into the game. For instance, Capcom allows Street Fighter IV players to download custom outfits for their favorite players. Microsoft provides additional vehicles that can be downloaded by Forza Motorsport 3 users. Epic Games provides Gears of War 3 players with new characters that can be added to the game.
While some downloadable content is offered for free, most DLC must be purchased. The cost of downloadable content packs is typically much less than the price the original game, though multiple DLC purchases may surpass the cost of the game itself. Therefore, DLC has become a common way for software developers to generate a continual long-term revenue stream from video games.
NOTE: While DLC first became popular on gaming consoles, it soon progressed to PC games, and then to mobile devices. Now, many mobile apps offer "in-app purchases," which is synonymous with DLC.
We first fought the heathens in the name of religion, then Communism, and now in the name of drugs and terrorism. Our excuses for global domination always change.