Twitter tightens security after recent hacking spate

Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security Comments Off

May 242013

Twitter tightens security after recent hacking spate

Micro-blogging site Twitter says it is bringing in an optional two-step login for users to beef up security following recent high-profile breaches.

BBC News / UK
May 23, 2013

The Syrian Electronic Army claims to have been behind some of the highest-profile attacks

The company said it would introduce the new system “to make sure it’s really you” when a user signs in.

Recent attacks broke into news organisations’ accounts, such as the Financial Times and the newswire service the Associated Press (AP).

One tweet sent from AP’s hacked account said President Obama had been injured.

Some attacks have come from political organisations, notably the Syrian Electronic Army, which appears to act in support of President Assad’s government.

It claimed credit for hacking several news organisations, including AP.

Two-step

Twitter product security head Jim O’Leary said that despite the new security plans, users should start out with a strong password:

“Of course, even with this new security option turned on, it’s still important for you to use a strong password and follow the rest of our advice for keeping your account secure.”

Twitter said the new system would allow users to opt in to a two-step system that would require a verification code for each sign-in.

Mr O’Leary said this would be simple: “You’ll need a confirmed email address and a verified phone number. After a quick test to confirm that your phone can receive messages from Twitter, you’re ready to go.”

A message containing a verification code would then be sent to the account holder’s mobile phone that can be used to log in. Businesses which run a Twitter account managed by several people will have to find a way of sharing texts from a single mobile number to take advantage of the facility.

Other security breaches suffered by Twitter included one in February, when 250,000 users had their passwords stolen in an attack.

News organisations including the BBC were warned by Twitter last month to tighten security in the wake of the high-profile hacks, one of which got into the BBC’s weather feed.

Mr Dotcom suggested firms using two-factor authentication should contribute to his legal costs

Patent threat

Twitter’s announcement prompted Kim Dotcom – the founder of controversial former file sharing site Megaupload – to claim the firm’s use of the safety measure infringed one of his patents.

“Google, Facebook, Twitter, Citibank, etc offer Two-Step-Authentication. Massive IP infringement by US companies,” he tweeted.

“I never sued them. I believe in sharing knowledge & ideas for the good of society. But I might sue them now cause of what the US did to me.”

The US authorities are currently trying to extradite Mr Dotcom from New Zealand to face trial for charges related to online piracy carried out on Megaupload.

Mr Dotcom filed for a patent describing an SMS-based two-step-authentication process in 1998, suggesting it could be used by banks, the military and government offices. It was granted by US officials in 2000, and Mr Dotcom said the innovation was also registered in 12 other countries.

However, he is not the only person to have registered claims to the technology.

A New Jersey-based firm called Strikeforce is currently suing Microsoft over its use of two-factor authentication tech based on a patent it filed in 2004.

And another British company, SecurEnvoy, recently announced it had been granted patents for a “business grade” SMS-based two-factor authentication process.

Direct Link: http://www.bbc.co.uk/news/technology-22634176

Chinese hackers said to have accessed law enforcement targets

Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Law Enforcement, National security, Terrorism, Cyber Terrorism & Related Crimes, Science & Related Space Technology, Social Media, Technology & Digital Security Comments Off

May 242013

Chinese hackers said to have accessed law enforcement targets

Cyber marauders sought more than just information on activists — they wanted access to FBI, DOJ investigations on spies in the U.S.

Computer World
by John P. Mello Jr
May 21, 2013

Chinese hackers said to have accessed law enforcement targets

CSO -

In January 2010, Google shocked the cyber world by confessing it had been the target of an advanced persistent threat lasting months and mounted by hackers connected to China’s People Liberation Army.

“[We] have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists,” Google Senior Vice President and Chief Legal Officer David Drummond wrote in blog post at the time.

Now, more that three years after that posting on what came to be known as Operation Aurora, it appears that the cyber marauders were after more than just information on activists. They were also after information on investigations on Chinese spies in the United States being conducted by the FBI and U.S. Department of Justice.

The Aurora hackers gained access on Google’s servers to a database that contained information on U.S. surveillance targets, the Washington Post reported on Monday, citing former and current government officials as sources for the story.

Such information would be invaluable to China because it would allow its intelligence operatives to destroy information before counter intelligence agents got their hands on it and allow the spies to evade capture and prosecution.

The database included years of surveillance information, including thousands of court orders issued to law enforcement officials around the nation seeking to monitor suspects’ email, as well as classified orders targeting foreign subjects and issued under the Foreign Intelligence Surveillance Act.

The incident set off a tiff between Google, the DOJ and FBI, the Post reported, because the federal agencies wanted to access the company’s technical logs and other information about the breach to assess the potential damage done to its counter espionage efforts.
** Also see: Opinion varies on action against Chinese cyberattacks

Google representative Jay Nancarrow said in an email that the company is not commenting on the matter at this time.

Google wasn’t a lone target in Operation Aurora. More than 20 companies were attacked, including Adobe Systems, Juniper Networks, Rackspace, Yahoo, Symantec, Northrop Grumman, Morgan Stanley and Dow Chemical.

Last month, a Microsoft executive said that the Aurora bandits had also breached his company’s servers snooping for accounts it had lawful wiretap orders on. Since that time, the executive has recanted those remarks.

“I was referring to statements in the media from the January 2010 timeframe,” Dave Aucsmith, senior director for Microsoft’s Institute for Advanced Technology, said in a statement.

“My comments were not meant to cite any specific Microsoft analysis or findings about motive or attacks, but I recognize that my language was imprecise,” he added.

Matt Thomlinson, Microsoft’s general manager for trustworthy computing and security added in an email, “The so-called ‘Aurora’ attacks did not breach the MS network.”

The Chinese government has denied being behind Aurora. It has noted that cyber attacks and espionage are against Chinese law and has done all it can to combat such online activities.

While an attack on the database is feasible, because of the breadth of Aurora, it’s unlikely it was a specific target, reasoned Jeffrey Carr, CEO of Taia Global and author of “Inside Cyber Warfare: Mapping the Cyber Underworld.”

“Google was only one of 20-plus companies attacked at the same time by the same group,” he said in an interview. “So I would be surprised if the database was the objective of the attack. It was likely a crime of opportunity.”

It’s also an object lesson for organizations dealing with cloud storage that’s operated by a third party, added Alan Brill, senior managing director for Kroll Advisory Solutions.

”There’s more trust being given to cloud services than some of them deserve,” he said in an interview. “It has become so easy [to store data somewhere else] that you might store something somewhere without thinking whether or not you really ought to do that.”

Direct Link: http://www.computerworld.com/s/article/9239440/Chinese_hackers_said_to_have_accessed_law_enforcement_targets?taxonomyId=82

Guantanamo Wi-Fi shuttered after Anonymous hacking threat

May 222013

Guantanamo Wi-Fi shuttered after Anonymous hacking threat

In unity with the prison’s inmates, the hacking group pledges to disrupt online activities at Guantanamo — prompting the U.S. military to shut down the base’s Wi-Fi.

C/NET News
by Dara Kerr
May 20, 2013

Guantanamo Wi-Fi shuttered after Anonymous hacking threat

After the hacking collective Anonymous launched a Twitter campaign pledging to go after the Guantanamo Bay Naval Base in Cuba, the U.S. military barred all Wi-Fi access on the base, according to the Associated Press. All social media, including Facebook and Twitter, also has been banned.

Army Lt. Col. Samuel House told the Associated Press that the shuttering of the base’s Wi-Fi was because of Anonymous’ public plans to “disrupt activities” at the military prison.

While no disruptions have yet been reported, according to the Associated Press, Anonymous has promised to make good on its threats.

The group said it launched its online protest in solidarity with the prisoners who have been on a hunger strike for the last few months. Anonymous publicized its campaign via several “Twitter Storm” packages with various hashtags referencing days in May, including #GTMO17, #GTMO18, and #GTMO19.

U.S. Naval Station Guantanamo Bay

According to Anonymous’ Twitter Storm packages, the group’s goal is to “raise awareness in social media of the human rights violations going on at Guantanamo, the indefinite detention of prisoners, many of whom have been cleared for release years ago.”

The majority of prisoners currently being held at Guantanamo are on strike, according to the Associated Press. They are protesting the conditions of the prison, as well as seeing no end in sight to their confinement.

Monday’s Wi-Fi shutdown isn’t the only Internet glitch at Guantanamo as of late. Last month, dozens of legal files suddenly disappeared from computers of lawyers representing Guantanamo inmates. Hundreds of thousands of these lawyers’ documents also landed on the prosecution’s computers. It’s not clear how the files vanished or if there was any illegal action behind the disappearance.

Direct Link: http://news.cnet.com/8301-1009_3-57585420-83/guantanamo-wi-fi-shuttered-after-anonymous-hacking-threat/

Malicious Mac OS X Backdoor Signed With Valid Developer ID Found on Activist’s Computer

May 202013

Malicious Mac OS X Backdoor Signed With Valid Developer ID Found on Activist’s Computer

Mac OS X Spyware Found On Users’ System Who Attended Oslo Freedom Forum

Security Week
by Ramida Y. Rashid
May 16, 2013

Malicious Mac OS X Backdoor Signed With Valid Developer ID Found on Activist’s Computer

Researchers found malware which acts as a backdoor for OS X on a computer belonging to an activist attending the Oslo Freedom Forum this week.

Independent security researcher Jacob Appelbaum discovered the “new and previously unknown backdoor” on an African activist’s Mac during a workshop at The Oslo Freedom Forum, F-Secure’s Sean Sullivan wrote on the company blog. The workshop, ironically, was on how activists could secure their devices against government monitoring.

“Discussion at the #OsloFF just turned to discuss the backdoor I found on an Angolan dissident’s computer. Poor guy,” Appelbaum wrote on Twitter.

F-Secure is currently investigating the sample, but the backdoor application appears to take screenshots of the user’s computer and stores them in a folder in the user’s home directory called MacApp, Sullivan said. F-Secure researchers believe the application is related to an older sample, “HackBack,” and suspect it was commercially developed, Sullivan told SecurityWeek.

OSX/HackBack-A is an information-stealing Trojan designed to look for specific types of files, compress them into a zip file and upload them to a remote server. HackBack looks for various documents and images, including .txt, .doc, .eml, .pdf, .jpg, .xls, .log, .mbox, .pages, .tiff, and .ppt, among others.

While it’s not yet known how macs.app got on the activist’s computer, once installed, the application appended itself to the current user’s list of log-in items. This way, the app would run whenever the user is logged in. The application is designed to upload the screenshots to two remote servers, one in the Netherlands and the other in France. One of the servers is not responding and the other is returning a “public access forbidden” error message, Sullivan said.

Appelbaum called the malware “lame” since it was pretty simple and easily detected, but “deadly” because it was still able to spy on the activist. “The problem is that the author was good enough to get someone into mortal danger,” Appelbaum wrote on Twitter.

The fact that the application, macs.app, was signed with a valid Apple Developer ID, may be a sign that the developer was trying to bypass Apple’s Gatekeeper. Designed to protect Macs from malicious applications downloaded and installed from the Internet, the execution prevention technology from Apple exists in OS X Mountain Lion and OS X Lion v10.7.5.

Since the backdoor is not making any attempt to hide itself, users can look for the MacApp folder in their home directories to figure out whether the malware has infected their Macs. Users should also remove the macs.app program from the computer completely, and make sure it’s not included on the log-in items list.

“As we all know, the problem isn’t good malware or lame malware. The problem is being spied upon,” Morgan Marquis-Boire, a security researcher at the Citizen Lab, wrote on Twitter. Marquis-Boire, also a security engineer at Google, has done extensive research on FinFisher and FinSpy, “a remote monitoring” program used by government agencies to intercept communications.
Direct Link: http://www.securityweek.com/malicious-mac-os-x-backdoor-signed-valid-developer-id-found-activists-computer

Europol Warns Organized Cybercrime Is Booming

Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), National security, Terrorism, Cyber Terrorism & Related Crimes, Science & Related Space Technology, Social Media, Technology & Digital Security Comments Off

May 202013

Europol Warns Organized Cybercrime Is Booming

There may be a recession in Europe, but business is booming for cyber-criminals.

Security Week
by Famidan Y. Rashid
March 19, 2013

Europol Warns Organized Cybercrime Is Booming

There are an estimated 3,600 organized crime groups currently operating in Europe, the European Union law enforcement agency Europol said in its 2013 EU Serious and Organised Crime Threat Assessment study released Tuesday. While international drug trafficking remained the most active organized crime activity in the EU, cybercrime is a growing crime area as criminals take advantage of the Internet to “generate illicit profits at low risk,” the study found.

Criminals are relying on the increasingly interconnected world to form a networked community of heterogeneous, international groups, Europol said. These individuals groups are no longer defined by their nationality, geographic region, or type of criminal activity. Organized crime can now operate on an international basis, “with a business-like focus on maximizing profit and minimizing risk,” said Rob Wainwright, director of Europol.

“A new breed of organized crime groups is emerging in Europe, capable of operating in multiple countries and criminal sectors,” said Wainwright.

The volume of cybercrime activity, such as phishing and click fraud scams, is expected to increase, according to Europol. The increase “will closely mirror the growth of the attack surface, as the Internet becomes even more essential to everyday life,” the report warned.

Thanks to the Internet, organized crime groups are able to access a large pool of victims, obscure their activities, and carry out a wide range of activities within a shorter period of time and on a larger scale, Europol found. Fraud, particularly online fraud, is an especially lucrative business for criminals. Fraud causes losses of billions of Euros per year in the EU, the report found.

Europol also said criminal groups are using online scams to fund traditionally offline crime, such as child exploitation rings.

“Cybercrime in the form of large scale data breaches, online frauds and child sexual exploitation poses an ever increasing threat to the EU, while profit-driven cybercrime is becoming an enabler for other criminal activity,” according to the report.

As more users shift to using mobile devices as their primary way of going online, criminals will increasingly target those devices. “Malware affecting these devices has already been seen, although mobile botnets have not yet been fully realized,” Europol warned.

Cybercrime is booming due to a lack of security awareness among European organizations and users, Europol said. For example, people and organizations “expose” themselves as targets by making their data freely available on social networking sites.

Organizations also have not fixed ongoing security flaws in their infrastructure, giving the criminals easy access. Security remains a “concern and challenge” as organizations outsource administrative, maintenance and development tasks, and effective prevention measures are still relatively expensive to deploy.

The report identified crime areas including illegal immigration, human trafficking, counterfeiting, cybercrime, drug trafficking, and money laundering, within the EU. The report also highlighted illicit waste trafficking and energy fraud as emerging threats.

The information in the 2013 SOCTA report is based on intelligence collected from various law enforcement databases, other information provided by the government, and Europol’s own extensive collection of data. The Council of Justice and Home Affairs Ministers are expected to use the report’s findings and recommendations to define priorities for the next four years.

Direct Link: http://www.securityweek.com/europol-warns-organized-cybercrime-booming

Older Entries