[ISN] Why Red October malware is the Swiss Army knife of espionage

http://arstechnica.com/security/2013/01/why-red-october-malware-is-the-swiss-army-knife-of-espionage/ By Dan Goodin Ars Technica Jan 17 2013 The Red October malware that infected hundreds of computer networks in diplomatic, governmental, and scientific research organizations around the world was one of the most advanced espionage platforms ever discovered, researchers with antivirus provider Kaspersky Lab have concluded. Its operators had more than 1,000 modules at their disposal, allowing them to craft highly advanced infections that were tailored to the unique configurations of infected machines and the profiles of those who used them. Most of the tasks the components carried out—including extracting e-mail passwords and cryptographically hashed account credentials, downloading files from available FTP servers, and collecting browsing history from Chrome, Firefox, Internet Explorer, and Opera—were one-time events. They relied on dynamic link library code that was received from an attacker server, executed in memory, and then immediately discarded. That plan of attack helps explain why the malware remained undetected by antivirus programs for more than five years. The malware was also capable of using more traditional Windows EXE files to carry out persistent tasks when necessary. One example was modules that waited for an iPhone, Nokia smartphone, or USB drive to be connected to an infected computer. There were also extensions for the Microsoft Word and Adobe Reader programs that watched for specially crafted documents. When they arrived in e-mail, the modules immediately reinstalled the main malware component, ensuring attackers could regain control of a machine in the event that it had been partially disinfected. The details are contained in 140 pages of technical analysis that concludes Red October dwarfs most other advanced espionage operations, including the Aurora campaign that targeted Google and three dozen other companies three years ago, or the Night Dragon attacks that penetrated energy companies in 2011. The breathtaking breadth of the malware comes into sharp focus, thanks to the unprecedented level of technical detail. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] A Hacker Says Smart Grid Can Be Penetrated

http://bits.blogs.nytimes.com/2013/01/17/a-hacker-says-smart-grid-can-be-penetrated/ By NICOLE PERLROTH Bits The New York Times JANUARY 17, 2013 A hacker wearing a fake beard and dark sunglasses took the stage at a computer security conference in Miami on Thursday and showed a group of about 60 security researchers how to intercept the radio communications between Silver Spring Networks, a maker of smart grid technology, and its clients, which include major utilities like Pacific Gas and Electric and Pepco Holdings. The hacker, who goes by the moniker Atlas, stopped short of showing how to inflict damage to these systems, but the implication of his presentation was clear: If you can understand the way these systems speak to one another, the potential to hack them is very real. And, the logic continues, if you can hack these systems, then you could tinker with an oil or gas pipeline, or cause a power failure. “I see these placed everywhere that I want them to be as a hacker,” Atlas said of Silver Spring’s wireless communications. “I see the sales getting better. I see a Titanic running full speed towards an iceberg, with the potential for a rudder that might make the turn in time.” Silver Spring Networks, which is based in Redwood City, Calif., makes the hardware and software that utilities use to connect electric meters in a digital grid. Atlas said he zeroed in on the company because he questioned Silver Spring’s security “buzzwords.” On its Web site, Silver Spring says it ensures that “only authorized personnel can access these devices,” provides encryption and claims to protect its data with hashing, or scrambling, functions. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Declaring war against hackers

http://www.nst.com.my/streets/northern/declaring-war-against-hackers-1.203201? By PAUL TOH nstp.com.my 18 January 2013 GEORGE TOWN: KDU Penang’s School of Engineering, Science and Technology and EC-Council Academy (ECCA) recently signed a MOU to ensure a level playing field between hackers and information security professionals. The agreement will allow KDU’s computer security students to access ECCA’s flagship Certified Ethical Hackers (CEH) programme. “Information security is not a new concept, but it has been a constant game of ‘catch up’ between hackers and information security professionals. “Our aim is to level the playing field by ensuring the latest and most relevant hacking technology and counter-measures are included in our training programme,” said ECCA managing director Wilson Wong at the signing ceremony. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Developer outsources work to China so he can watch cat videos (and gets caught)

Forwarded from: Reese At 01:15 AM 1/17/2013, InfoSec News wrote: > http://venturebeat.com/2013/01/16/developer-outsources-work-cat-videos/ > > By Ricardo Bilton > venturebeat.com > January 16, 2013 > > “Bob” is an unassuming, 40-ish software developer with a big secret: > He really likes cat videos. If you trace the story back, it originated with a Verizon security guy who is promoting his company services on their blog. What are the odds this is a completely fictional account or at best, the story could be used in classrooms for lessons on hyperbole and exaggeration? Meanwhile, the story has been picked up by quite a few outlets. Is there no fact-checking performed by news outlets anymore? Reese ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] ‘White hat’ hacker discovers names of ‘anonymous’ volunteers of genome study in security drill

http://www.independent.co.uk/news/science/white-hat-hacker-discovers-names-of-anonymous-volunteers-of-genome-study-in-security-drill-8457739.html By STEVE CONNOR The Independent 17 JANUARY 2013 A former “white hat” hacker hired by banks to test their computer security has been able to discover the names of individuals who volunteered to take part in genome studies on the condition of anonymity. Nearly 50 people who had agreed to have their genomes sequenced and placed on scientific databases provided that their names would not be used were identified by Yaniv Erlich as part of an exercise to test the vulnerability of personal data held in DNA libraries. The revelation will prove embarrassing for organisations who have promoted the widespread use of genome sequencing in medical research. Last month, the Government announced a plan to sequence the genomes of 100,000 Britons to boost the discovery of new drugs and treatments. Dr Erlich used computer algorithms to link DNA sequences, particularly of the male Y chromosome, with surnames and other personal data held on genealogy databases as part of a deliberate attempt to test the security of the “anonymised” information held on genome databases. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail