Tag Archives: special

[ISN] Hacking Team orchestrated brazen BGP hack to hijack IPs it didn’t own

http://arstechnica.com/security/2015/07/hacking-team-orchestrated-brazen-bgp-hack-to-hijack-ips-it-didnt-own/ By Dan Goodin Ars Technica July 12, 2015 Spyware service provider Hacking Team orchestrated the hijacking of IP addresses it didn’t own to help Italian police regain control over several computers that were being monitored in an investigation, e-sent among company employees showed. Over a six day period in August 2013, Italian Web host Aruba S.p.A. fraudulently announced its ownership of 256 IP addresses into the global routing system known as border gateway protocol, the messages document. Aruba’s move came under the direction of Hacking Team and the Special Operations Group of the Italian National Military Police, which was using Hacking Team’s Remote Control System malware to monitor the computers of unidentified targets. The hijacking came after the IP addresses became unreachable under its rightful owner Santrex, the “bullet-proof” Web hosting provider that catered to criminals and went out of business in October 2013, according to KrebsOnSecurity. It’s not clear from the e-mails, but they appear to suggest Hacking Team and the Italian police were also relying on Santrex. The emails were included in some 400 gigabytes of proprietary data taken during last weekend’s breach of Hacking Team and then made public on the Internet. With the sudden loss of the block of IP addresses, Italy’s Special Operations Group was unable to communicate with several computers that were infected with the Hacking Team malware. The e-mails show Hacking Team support workers discussing how the law enforcement agency could regain control. Eventually, Italian police worked with Aruba to get the block—which was known as 46.166.163.0/24 in Internet routing parlance—announced in the BGP system as belonging to Aruba. It’s the first known case of an ISP fraudulently announcing another provider’s address space, said Doug Madory, director of Internet analysis at Dyn Research, which performs research on Internet performance. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Evident.io encourages startups to boost AWS security

http://www.cloudpro.co.uk/cloud-essentials/cloud-security/5177/evidentio-encourages-startups-to-boost-aws-security By Clare Hopping Cloud Pro June 25, 2015 Evident.io has announced a startup and small business AWS Cloud Security platform to help those without a dedicated security resource ensure their Amazon cloud infrastructure is protected. Adrian Sanabria, an analyst with 451 Research, commented: “The rise of cloud computing has enabled small businesses to grow and thrive with affordable cloud infrastructure and powerful cloud-based tools, but it’s also created unprecedented security threats.” He explained that startups often set up multiple severs in the cloud before even thinking about the security implications this has, employing a security expert or buying even basic equipment for the office. It’s this ‘cloud-first’ attitude that can get organisations into trouble when it comes to securing their systems. “The biggest risk with cloud infrastructure, especially for ‘cloud-first’ businesses, is the management plane,” he commented. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Sony Pictures: Inside the Hack of the Century, Part 1

https://fortune.com/sony-hack-part-1/ By Peter Elkind Fortune.com June 25, 2015 A cyber-invasion brought Sony Pictures to its knees and terrified corporate America. The story of what really happened—and why Sony should have seen it coming. A special three-part investigation. On Monday, Nov. 3, 2014, a four-man team from Norse Corp., a small “threat-intelligence” firm based in Silicon Valley, arrived early for an 11:30 a.m. meeting on the studio lot of Sony Pictures Entertainment, in the Los Angeles suburb of Culver City. They were scheduled to see Sony’s top cybersecurity managers to pitch Norse’s services in defending the studio against hackers, who had been plaguing Sony for years. After a quick security check at the front gate and then proceeding to the George Burns Building on the east side of the Sony lot, the Norse group walked straight into the unlocked first-floor offices of the information security department, marked with a small sign reading info sec. There was no receptionist or security guard to check who they were; in fact, there was no one in sight at all. The room contained cubicles with unattended computers providing access to Sony’s international data network. The visitors found their way to a small sitting area outside the office of Jason Spaltro, Sony’s senior vice president for information security, settled in, and waited. Alone. For about 15 minutes. “I got a little shocked,” says Tommy Stiansen, Norse’s co-founder and chief technology officer. “Their Info Sec was empty, and all their screens were logged in. Basically the janitor can walk straight into their Info Sec department.” Adds Mickey Shapiro, a veteran entertainment attorney who helped set up the meeting and was present that day: “If we were bad guys, we could have done something horrible.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Attack on Lithuanian army’s website plotted for two weeks

http://en.delfi.lt/lithuania/defence/attack-on-lithuanian-armys-website-plotted-for-two-weeks.d?id=68228302 BNS June 12, 2015 The Wednesday’s cyber attack on the website of the Lithuanian Armed Forces Joint Staff was plotted for at least two weeks, with requests sent from Iran, among other countries, says Rimantas Černiauskas, director of the National Cyber Security Centre. “We see large amounts of interesting information. We see that there were continued various pings, for instance, there was an attempt from Iran to guess the password. We see that the server hosting the website was constantly checked by hackers, with attempts to enter it, most of the attempts were not successful,” said the expert. In his words, the final conclusions on the hacking should be submitted to the Armed Forces by the end of office hours on Friday – additional information has now been requested from the company managing the website content. Černiauskas confirmed that special robots had been checking the weak spots of the system on a daily basis, i.e., at least two or three times a day, attempting to guess the passwords and find system gaps, the attack was conducted by specific individuals. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Cybersecurity: A Global Legal Perspective For Hedge Funds

http://risktech-forum.com/news/cybersecurity-a-global-legal-perspective-for-hedge-funds Hedgeweek 11 June 2015 The House of Representatives passed a new cybersecurity bill – the Protecting Cyber Networks Act (PCNA) – to allow file sharing between government intelligence agencies and private companies and raise the overall awareness of hacking. This is just the latest chapter in what is fast becoming a key narrative within the US, where cybersecurity legislation is being rolled out to address the growing sophistication of cyber attacks. Hedge funds are now becoming a more pronounced target and to that end, lawyers are requiring to get on top of the issues to advise their clients accordingly. Ed McNicholas is a partner at Sidney Austin LLP in Washington DC. He confirms that he has just finished a treatise for the Practicing Law Institute, the aim of which is to provide a legal guide on cybersecurity. It is due to be published in June. “The law here is developing rapidly and one of the biggest things that hedge funds need to do is to ensure communication between their lawyers and their IT staff on this issue. The lawyers have, for a long time, considered it to be an IT issue but they need to get up to speed on this,” says McNicholas. McNicholas sees three big tasks facing lawyers. The first relates to managing the information assets of a hedge fund. These are highly specialised vehicles and as such an intellectual step needs to be taken by law firms in realising that this is not an issue that pertains solely to personal data. Hedge funds have significant intellectual property – trading algorithms, investor details, proprietary research etc. In relation to cybersecurity, it is important to identify those assets and understand where and with whom the manager shares those assets. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] How can SCADA security be improved for oil and gas companies

http://www.energyglobal.com/downstream/special-reports/29052015/How-can-SCADA-security-be-improved-for-oil-and-gas-companies-089/ By Deborah Galea Manager, OPSWAT. 29/05/2015 According to the recently released 2015 Dell Security Annual Threat Report, SCADA attacks are on the rise. The report found that in 2014 the number of attacks on Supervisory Control and Data Acquisition (SCADA) systems doubled compared to the previous year. Most of these attacks occurred in Finland, the UK, and the US, probably due to the fact that in these countries SCADA systems are more likely to be connected to the internet. The Dell Report came on the heels of findings from the US Industrial Controls Systems Cyber Emergency Response Team (ICS-CERT) showing that energy was the most targeted sector for attack among all critical infrastructure providers. “Since companies are only required to report data breaches that involve personal or payment information, SCADA attacks often go unreported,” said Patrick Sweeney, Executive Director of Dell Security. “This lack of information sharing combined with an aging industrial machinery infrastructure presents huge security challenges that will continue to grow in the coming months and years.” This does not come as a surprise to those in hydrocarbons. Many SCADA and industrial control systems (ICS) were built decades ago when cyber security was not yet an issue for the industry. There has been an inevitable collision as operational technology (OT) systems like SCADA come into closer contact with IT management modalities, introducing risks as systems not designed for outside connectivity are exposed to the internet. In addition to their importance for hydrocarbons, SCADA systems control key functions for other critical infrastructure providers, such as utilities, airports and nuclear plants. Successful attacks on SCADA systems could potentially cause disruptions in services that we all depend on every day. For this reason, SCADA attacks are often politically motivated and backed by foreign state actors with motives such as industrial espionage and major supply chain disruption. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Skytalks 2015 CFP – NOW OPEN

Forwarded from: bluknight bluknight@skytalks.info> == https://skytalks.info == Skytalks is a ‘sub-conference’ that gives a unique platform for researchers to share their research, for angry hackers to rant about the issues of their industry, and for curious souls to probe interesting issues, all without the watchful eye of the rest of the world. With a strict, well-enforced “no recording” policy, research that is underway or critical of a vendor can be aired to your peers. You are talking to other security people, sharing your working knowledge of a topic. That said, this isn’t a soapbox to say and trash whoever or whatever you want. Skytalks is old-school DEF CON. We encourage handles – we want your material to stand on its own, not what company’s logo is on your slide deck. We encourage the audience to ask questions and challenge what does not seem to be right. Speakers will be held accountable for their material by their peers… loudly. We’re looking for talks that are about cutting edge material, either in-progress, or ready to be disclosed… at the risk of offending a company. Talks that challenge the industry norms are great. Calling out those who plague our beloved industry, welcome! Talks that are outside the realm of a PG rating, can find (and have found) a home here (was re: Teledildonics). First time speakers are welcome. We have had the privilege and honor of hosting for the first time some great names in the community. You, too, can be among that group. What you must bring: A compelling topic, slides, and willingness to educate and/or face your peers. You should be: outgoing, willing to educate, wanting to learn (yes, as a presenter), and wanting to engage your peers. If you lack any of these skills, we can fix this. Please bring a spare liver. A good talk is about mutual learning; it is a conversation. We just provide a room of professionals that want to converse, over booze. Sometimes… a lot of booze. Your submission must include a brief abstract that explains your talk. It must include a detailed outline of the major talking points. Optionally, you can give us additional information or arguments about why we should accept your talk. What we provide: A place to present, with projectors (VGA video). While we may have adapters on-hand, please be prepared and bring your own. We’ll have a PA system with appropriate microphones, as well as audio input from a device if you need it. Please let us know if you have any special requirements, such as a fire extinguisher for when you plan to set the table on fire. Please note: all speakers must already be badged Defcon attendees. Skytalks cannot provide DEF CON badges for speakers, and Skytalks badges, while great keepsakes, do not provide access to DEF CON itself. Also, dongs. == https://skytalks.info ==


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Feds Say That Banned Researcher Commandeered a Plane

http://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/ By Kim Zetter Wired.com 05.15.15 A SECURITY RESEARCHER kicked off a United Airlines flight last month after tweeting about security vulnerabilities in its system had previously taken control of an airplane and caused it to briefly fly sideways, according to an application for a search warrant filed by an FBI agent. Chris Roberts, a security researcher with One World Labs, told the FBI agent during an interview in February that he had hacked the in-flight entertainment system, or IFE, on an airplane and overwrote code on the plane’s Thrust Management Computer while aboard the flight. He was able to issue a climb command and make the plane briefly change course, the document states. “He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights,” FBI Special Agent Mark Hurley wrote in his warrant application (.pdf). “He also stated that he used Vortex software after comprising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system.” Hurley filed the search warrant application last month after Roberts was removed from a United Airlines flight from Chicago to Syracuse, New York, because he published a facetious tweet suggesting he might hack into the plane’s network. Upon landing in Syracuse, two FBI agents and two local police officers escorted him from the plane and interrogated him for several hours. They also seized two laptop computers and several hard drives and USB sticks. Although the agents did not have a warrant when they seized the devices, they told Roberts a warrant was pending. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail