Malicious Mac OS X Backdoor Signed With Valid Developer ID Found on Activist’s Computer

 Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security  Comments Off
May 202013
 

Malicious Mac OS X Backdoor Signed With Valid Developer ID Found on Activist’s Computer


Mac OS X Spyware Found On Users’ System Who Attended Oslo Freedom Forum

Security Week
by Ramida Y. Rashid
May 16, 2013

Malicious Mac OS X Backdoor Signed With Valid Developer ID Found on Activist's Computer

Malicious Mac OS X Backdoor Signed With Valid Developer ID Found on Activist’s Computer

 

Researchers found malware which acts as a backdoor for OS X on a computer belonging to an activist attending the Oslo Freedom Forum this week.

Independent security researcher Jacob Appelbaum discovered the “new and previously unknown backdoor” on an African activist’s Mac during a workshop at The Oslo Freedom Forum, F-Secure’s Sean Sullivan wrote on the company blog. The workshop, ironically, was on how activists could secure their devices against government monitoring.

“Discussion at the #OsloFF just turned to discuss the backdoor I found on an Angolan dissident’s computer. Poor guy,” Appelbaum wrote on Twitter.

F-Secure is currently investigating the sample, but the backdoor application appears to take screenshots of the user’s computer and stores them in a folder in the user’s home directory called MacApp, Sullivan said. F-Secure researchers believe the application is related to an older sample, “HackBack,” and suspect it was commercially developed, Sullivan told SecurityWeek.

OSX/HackBack-A is an information-stealing Trojan designed to look for specific types of files, compress them into a zip file and upload them to a remote server. HackBack looks for various documents and images, including .txt, .doc, .eml, .pdf, .jpg, .xls, .log, .mbox, .pages, .tiff, and .ppt, among others.

While it’s not yet known how macs.app got on the activist’s computer, once installed, the application appended itself to the current user’s list of log-in items. This way, the app would run whenever the user is logged in. The application is designed to upload the screenshots to two remote servers, one in the Netherlands and the other in France. One of the servers is not responding and the other is returning a “public access forbidden” error message, Sullivan said.

Appelbaum called the malware “lame” since it was pretty simple and easily detected, but “deadly” because it was still able to spy on the activist. “The problem is that the author was good enough to get someone into mortal danger,” Appelbaum wrote on Twitter.

The fact that the application, macs.app, was signed with a valid Apple Developer ID, may be a sign that the developer was trying to bypass Apple’s Gatekeeper. Designed to protect Macs from malicious applications downloaded and installed from the Internet, the execution prevention technology from Apple exists in OS X Mountain Lion and OS X Lion v10.7.5.

Since the backdoor is not making any attempt to hide itself, users can look for the MacApp folder in their home directories to figure out whether the malware has infected their Macs. Users should also remove the macs.app program from the computer completely, and make sure it’s not included on the log-in items list.

“As we all know, the problem isn’t good malware or lame malware. The problem is being spied upon,” Morgan Marquis-Boire, a security researcher at the Citizen Lab, wrote on Twitter. Marquis-Boire, also a security engineer at Google, has done extensive research on FinFisher and FinSpy, “a remote monitoring” program used by government agencies to intercept communications.
Direct Link:  http://www.securityweek.com/malicious-mac-os-x-backdoor-signed-valid-developer-id-found-activists-computer

Europol Warns Organized Cybercrime Is Booming

 Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), National security, Terrorism, Cyber Terrorism & Related Crimes, Science & Related Space Technology, Social Media, Technology & Digital Security  Comments Off
May 202013
 

Europol Warns Organized Cybercrime Is Booming

There may be a recession in Europe, but business is booming for cyber-criminals.

Security Week
by Famidan Y. Rashid
March 19, 2013

Europol Warns Organized Cybercrime Is Booming

Europol Warns Organized Cybercrime Is Booming

 

There are an estimated 3,600 organized crime groups currently operating in Europe, the European Union law enforcement agency Europol said in its 2013 EU Serious and Organised Crime Threat Assessment study released Tuesday. While international drug trafficking remained the most active organized crime activity in the EU, cybercrime is a growing crime area as criminals take advantage of the Internet to “generate illicit profits at low risk,” the study found.

Organized Cybercrime

Criminals are relying on the increasingly interconnected world to form a networked community of heterogeneous, international groups, Europol said. These individuals groups are no longer defined by their nationality, geographic region, or type of criminal activity. Organized crime can now operate on an international basis, “with a business-like focus on maximizing profit and minimizing risk,” said Rob Wainwright, director of Europol.

“A new breed of organized crime groups is emerging in Europe, capable of operating in multiple countries and criminal sectors,” said Wainwright.

The volume of cybercrime activity, such as phishing and click fraud scams, is expected to increase, according to Europol. The increase “will closely mirror the growth of the attack surface, as the Internet becomes even more essential to everyday life,” the report warned.

Thanks to the Internet, organized crime groups are able to access a large pool of victims, obscure their activities, and carry out a wide range of activities within a shorter period of time and on a larger scale, Europol found. Fraud, particularly online fraud, is an especially lucrative business for criminals. Fraud causes losses of billions of Euros per year in the EU, the report found.

Europol also said criminal groups are using online scams to fund traditionally offline crime, such as child exploitation rings.

“Cybercrime in the form of large scale data breaches, online frauds and child sexual exploitation poses an ever increasing threat to the EU, while profit-driven cybercrime is becoming an enabler for other criminal activity,” according to the report.

As more users shift to using mobile devices as their primary way of going online, criminals will increasingly target those devices. “Malware affecting these devices has already been seen, although mobile botnets have not yet been fully realized,” Europol warned.

Cybercrime is booming due to a lack of security awareness among European organizations and users, Europol said. For example, people and organizations “expose” themselves as targets by making their data freely available on social networking sites.

Organizations also have not fixed ongoing security flaws in their infrastructure, giving the criminals easy access. Security remains a “concern and challenge” as organizations outsource administrative, maintenance and development tasks, and effective prevention measures are still relatively expensive to deploy.

The report identified crime areas including illegal immigration, human trafficking, counterfeiting, cybercrime, drug trafficking, and money laundering, within the EU. The report also highlighted illicit waste trafficking and energy fraud as emerging threats.

The information in the 2013 SOCTA report is based on intelligence collected from various law enforcement databases, other information provided by the government, and Europol’s own extensive collection of data. The Council of Justice and Home Affairs Ministers are expected to use the report’s findings and recommendations to define priorities for the next four years.

Direct Link:  http://www.securityweek.com/europol-warns-organized-cybercrime-booming

CISPA cybersecurity bill backers hope second time’s a charm

 Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Law Enforcement, National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security  Comments Off
May 172013
 

CISPA cybersecurity bill backers hope second time’s a charm

NBC News
by Alina Selyukh & Deborah Charles (Reuters)
May 16, 2013

 

CISPA cybersecurity bill backers hope second time's a charm

CISPA cybersecurity bill backers hope second time’s a charm

 

WASHINGTON (Reuters) –

Six months after a U.S. cybersecurity bill died in the Senate, some Obama administration officials and lawmakers are optimistic they can get a new law passed amid heightened public awareness of hacking attacks and cyber espionage.

With top intelligence officials warning that cyber attacks have replaced terrorism as the leading threat against the United States, the White House and lawmakers have spent months discussing how to improve the flow of information between the government and the private sector.

A second go-around for the Cyber Intelligence Sharing and Protection Act (CISPA) was approved by the Republican-controlled House of Representatives in a bipartisan vote on April 18, though the White House has again threatened to veto the bill unless more protections for privacy and civil liberties are added.

Still, senior Obama administration officials say behind-the-scenes talks with lawmakers this time around are constant, more serious and more productive.

“I actually think that the outlook is significantly better than it was last year,” the White House cybersecurity policy coordinator, Michael Daniel, told the Reuters Cybersecurity Summit in Washington this week. “What has impressed me has been the willingness of everybody involved to actually continue having those discussions and to continue that extensive level of dialogue trying to find some solutions.”

While Daniel cautioned that it is never easy to get the divided House and Senate to agree to anything, he predicted that final cyber legislation might be seen by the fall.

“A lot of us are concerned about getting a good piece of cybersecurity legislation before something really bad happens. As a general rule, legislation that is produced immediately after a crisis is not as good as the stuff that can be done when it’s more thought-out,” he said.

Last year, the Senate failed to pass a comprehensive cybersecurity bill that combined information-sharing provisions similar to those in the current CISPA with voluntary cybersecurity standards for businesses that control critical U.S. infrastructure.

Since then, President Barack Obama has signed an executive order that directs government officials to set voluntary standards to reduce cybersecurity risk and offer incentives to private companies to adopt them.

A series of high-profile cyber attacks — such as repeated disruptions of the online banking sites of major U.S. banks, or markets plunging on a fake message on the AP Twitter feed about a White House bombing that never happened — have built momentum behind cyber legislation.

* Separate bills

The Senate does not plan to vote on CISPA, but is expected instead to take up its own cyber-related bills. On Wednesday, Senate Intelligence Committee Chairman Dianne Feinstein, a California Democrat, said her panel was drafting a version of an information-sharing bill.

Congressional aides said staff and lawmakers from both sides of the aisle are constantly meeting on the issue. One Senate aide said it was a collaborative process to agree on multiple key elements to make the overall law stronger.

Representative Mike Rogers, chairman of the House intelligence committee and CISPA co-author, said key senators including Feinstein were “completely all in” on the need to pass a cybersecurity law. The Michigan Republican predicted that House and Senate lawmakers could work out an agreement on at least an information-sharing bill.

“I think we’re finally coming to the consensus here that hey, let’s pass what we can pass and take another bite. This isn’t the end-all cure-all,” Rogers told the summit.

He said a meeting was scheduled this week — with more to come — between the House and the Senate to discuss in detail the elements of cyber legislation and see where compromise could be reached, without starting completely from scratch.

Rogers predicted that if a bill could pass through both houses of Congress, Obama would sign it despite the veto threat.

* Urgent need

Top administration officials have underscored the urgent need for laws that would complement Obama’s executive order and help ensure the government and the private sector are on the same page when it comes to threats posed to critical U.S. infrastructure.

Homeland Security Secretary Janet Napolitano said many lawmakers received classified briefings last year on cyber threats, and better education on cyber risks means “we’re starting from a much better base” on legislation.

“There’s a lot of work going on behind the scenes,” Napolitano told the summit. “There are many fewer concerns than there were last time around.”

But officials acknowledge that hurdles remain. For example, some senators, like Homeland Security Committee Chairman Tom Carper, prefer a more comprehensive bill.

“While information sharing is an important part of our efforts, it is only one of many elements needed to properly bolster our cyber defenses,” Carper, a Delaware Democrat, said in a statement.

Other issues he says he would like to address in legislation include protections for critical infrastructure, security of federal agency networks, cyber workforce development and notification of data breaches.

Some private industry security experts were skeptical about the prospects for broad legislation, as well as the effectiveness of such laws in preventing cyber attacks. Shane Shook, chief knowledge officer at cybersecurity services company Cylance Inc, suggested the private sector should organize information sharing itself.

“Comprehensive legislation is never going to happen that can be effective over all 18 sectors,” Shook told the summit.

Ira Winkler, president of the Information Systems Security Association, said he was skeptical that any meaningful legislation would pass this year, barring a major cyber attack that damaged U.S. infrastructure.

“We hear about wake-up calls, but people keep hitting the snooze button,” he said.


— Additional reporting by Andrea Shalal-Esa and Thomas Ferraro

Direct Link:  http://www.nbcnews.com/technology/cispa-cybersecurity-bill-backers-hope-second-times-charm-1C9948195#cispa-cybersecurity-bill-backers-hope-second-times-charm-1C9948195

Hotel Lock Hack Still Being Used In Burglaries, Months After Lock Firm’s Fix

 Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Firearms, Weapons & Personal Safety, Science & Related Space Technology, Social Media, Technology & Digital Security  Comments Off
May 152013
 

Hotel Lock Hack Still Being Used In Burglaries, Months After Lock Firm’s Fix


FORBES
by Andy Greenberg
5/15/2013

 

Photos released by Arizona police of two suspects alleged to have robbed a 27-year-old girl's hotel room using the Onity lock-hacking method at the Coast Hotel in Phoenix.

Photos released by Arizona police of two suspects alleged to have robbed a 27-year-old girl’s hotel room using the Onity lock-hacking method at the Coast Hotel in Phoenix.

 

More than nine months after the hotel lock firm Onity announced a fix for a security flaw that allowed anyone to gain access to millions of hotel rooms in seconds, that lock-hacking technique seems to be thriving–and thieves are still using it to perform dozens of burglaries with hardly a trace.

The latest reports of criminals implementing the Onity lock hack come from Arizona, where police say that hotel rooms have been burglarized across the cities of Phoenix, Scottsdale, Tempe, and Mesa, with between six and nine robberies in each city. In every case, police and hotel staff believe that the burglars used a small device that can be inserted into a data port on the underside of hotel locks to read their memory, access a digital key, and trigger the locks’ opening mechanism in seconds. The targeted hotels include the Holiday Inn, Extended Stay, Quality Inn, Laquinta Inn, Red Roof Inn, Motel Six, Budget Inn, Courtyard By Marriot, and Comfort Inn, according to a Phoenix police spokeperson.

The video below shows two of the suspects entering the Coast Hotel in Phoenix and allegedly leaving with a 27-year old woman’s suitcases. Though the video footage doesn’t capture the accused thieves using the lock-hacking device to open the room’s door, police say that hotels found evidence in its lock’s memory that a device accessed the lock during the brief time when the men were in the building. That hacking device, which was first revealed by the security researcher and software developer Cody Brocious at the Black Hat security conference last year, can be built for less than $50, and spoofs the “portable programmer” used by hotel staff to change locks’ settings and open locks with depleted batteries.

Local police are offering a $1,000 reward for information about the suspects.

In cases at other hotels, thieves stole luggage, TVs, laptops, iPads, the gun and badge of a U.S. marshall, and the full uniform of an airline pilot, along with every other possession he’d left in the Tempe hotel room. “Since all my stuff was cleaned out, I thought I was in the wrong room,” pilot Ahmiel Fried told local news TV station ABC15, who first reported the break-ins. “[I was] not expecting everything to be gone.

 

Photos released by Arizona police of two other suspects believed to have used the hotel lock-hacking devices.

Photos released by Arizona police of two other suspects believed to have used the hotel lock-hacking devices.

 

Phoenix police spokesperson Darren Burch says it’s still not clear how many people are exploiting the vulnerability in Onity’s locks to rob hotels, or even whether the Arizona burglaries were performed by a single group or by individuals working separately. But he warns that while he’s only aware of the Arizona thefts, it’s likely that the lock-hacking technique is being exploited across the country, and that it may be being used more often than it’s being reported. After all, Onity’s keycard locks protect more than four million rooms worldwide. “We’ve just learned about this locally, but it’s my understanding this is happening elsewhere,” Burch says. “This is just the tip of the iceberg.”

In November of last year I reported that the same vulnerability in Onity locks was used to break into a series of hotel rooms in Houston, Texas. In that case, police arrested and charged 27-year-old Matthew Allen Cook with theft. Cook, who still awaits trial, was identified when a stolen HP laptop ended up at a local pawnshop, whose staff helped to identify him.

An Onity lock and (inset) the circuit board Onity has offered to replace for a full reimbursement in many hotels' doors.

An Onity lock and (inset) the circuit board Onity has offered to replace for a full reimbursement in many hotels’ doors.

This latest round of burglaries comes months after Onity became aware of its security issue and began working to fix it. In August, Onity announced it would be releasing temporary plugs to cover its locks data ports, and would follow up with a software update, albeit one that hotel customers themselves would have to pay for. But after the string of Texas break-ins, I obtained memos from Onity to Marriott, InterContinental Hotel Group, and Hyatt in which it agreed to reimburse those major chain hotels for a full circuit-board fix.

Given that some of the Arizona hotels are among the customers whose fixes Onity agreed to cover, it’s not clear how they’ve remained vulnerable. I’ve reached out to Onity for a response and will update this post if I hear from the company.

Onity’s troubles began in July, when Cody Brocious demonstrated to me in a series of New York hotels that his lock-opening trick could work. At the time, Brocious’ technique was unreliable, only opening one of the three hotel room doors we tested. But he soon released the method online, and hackers began to post YouTube videos of themselves adapting and improving the lock-opening device until it worked reliably and could fit into an iPhone case or even a dry-erase marker.

At the time, Brocious argued that his hacking trick was intended to demonstrate Onity’s security vulnerability and force the company to fix it–not to take advantage of the security flaw for criminal purposes. But nearly a year after he first showed me his trick, it’s transformed from a theoretical bug to a very real criminal technique. And unless Onity and its customer hotels take greater care to update their locks, there’s no end to the insecurity in sight.
Direct Link:  http://www.forbes.com/sites/andygreenberg/2013/05/15/hotel-lock-hack-still-being-used-in-burglaries-months-after-lock-firms-fix/

 Older Entries