Continue reading »]]>

Some of the details are beginning to emerge about the 10 Russian spies that were captured in the US. According to an article on The Register, the spies communicated with Ad-Hoc Wi-Fi networks and hid messages in pictures using Steganography.

FBI agents monitored 28 year old Russian spy Anna Chapman as she communicated with a Russian government official. Anna would go to a book store and using her laptop, created an Ad-Hoc Wi-Fi connection to a Russian contact who was outside the store:

Surveillance agents nearby used “a commercially available tool that can detect the presence of wireless networks” to witness the creation of the ad hoc networks. NetStumbler is probably the most popular example of such software. Law enforcement agents were able to detect a particular MAC address – MAC address A – at the time that Chapman was observed powering on her laptop computer,” the complaint says. Law enforcement agents were also able to determine that the electronic device associated with MAC address A created the ad hoc network.”

The spies also embedded secret messages in pictures and uploaded them to sites where Russian officials retrieved them, and decoded the messages.

A New Jersey search uncovered a network of websites, from which the alleged spies had downloaded images. “These images appear wholly unremarkable to the naked eye,” the complaint explains. “But these images (and others) have been analyzed using the steganography program. As a result of this analysis, some of the images have been revealed as containing readable text files.”

It is interesting to see the tactics used by modern spies. Of course Russia is denying any and all involvement. Kudos to the FBI for taking them down.

Continue reading »]]> Wonder where all those annoying spam messages come from? Who sends them? Well, you have got some answers here. Panda Security, a player in antivirus and preventive technologies segment, has stated in its report that India is the world’s number two spammer. Surprised? Even we were.

Panda Security has released a report stating that Brazil, India, Korea, Vietnam and U.S. head the list of countries from which most spam was sent during the first two months of the year 2010. With respect to the cities from which spam was being sent, Seoul was first in the list, followed by Hanoi, New Delhi, Bogota, Sao Paulo and Mumbai.

The five million emails analyzed by PandaLabs came from a total of almost one million different IP addresses. This shows that the spam is mostly sent from zombie computers belonging to a botnet. This way, the computers of the infected users themselves are those which send the spam. The cybercrooks have thousands of computers at their disposal, which do the dirty work for them.

Spam is nothing but a business and is used primarily either to distribute malware or sell/advertise all type of products. Therefore, as long as there are users, no matter if they are few, who trust these messages, it’s enough to continue betting on it.

Continue reading »]]> Cyber security researchers and analysts have uncovered the existence of a spy network based in China that was used to steal sensitive, classified government documents from India – as well data from the Dalai Lama’s office and the United Nations.

The “Shadow Network”, as this network is now known, has been traced to two people living in Chengdu, China.
China is largely believed to possess a Cyber Warfare Doctrine that is designed to achieve global “electronic dominance” by 2050. With a yearly budget of $55 million allotted for it and over 10,000 hackers working in tandem, China is second only to U.S. when it comes to cyber snooping prowess.

As more details emerge about the intentions of these hackers, it is clear that they had targeted the upcoming Commonwealth games in India. The idea was to make Commonwealth games an utter failure later this year. The plans included studying the network architecture of the entire Commonwealth games IT infrastructure. This includes ticket sales, online registration servers all of which would crash at the time of the inaugural ceremony. The hackers had also looked into tender documents for the Commonwealth games network infrastructure. Intelligence agencies feel this could be for studying vulnerabilities in the system for possible attacks.

As to how the latest attacks happened, the modus operandi was simple. Individuals in the ministries were sent emails from a genuine looking nic.in mail address. The email had a PDF attachment that was infected. Accounts on Twitter, Yahoo Mail, Google Groups, Blogspot and other social-networking sites were used to update compromised computers and to host malware, according to the report.

Isn’t it high time that we pull up our socks and deal with this grave security threat?

Continue reading »]]> By Sean Hollister

Mar 9th 2010

http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/

Since 1977, RSA public-key encryption has protected privacy and verified authenticity when using computers, gadgets and web browsers around the globe, with only the most brutish of brute force efforts (and 1,500 years of processing time) felling its 768-bit variety earlier this year. Now, three eggheads (or Wolverines, as it were) at the University of Michigan claim they can break it simply by tweaking a device’s power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password. With a small cluster of 81 Pentium 4 chips and 104 hours of processing time, they were able to successfully hack 1024-bit encryption in OpenSSL on a SPARC-based system, without damaging the computer, leaving a single trace or ending human life as we know it. That’s why they’re presenting a paper at the Design, Automation and Test conference this week in Europe, and that’s why — until RSA hopefully fixes the flaw — you should keep a close eye on your server room’s power supply.

Continue reading »]]> March 2010

http://news.webindia123.com/news/articles/Science/20100314/1464200.html

Iran claimed to have busted a spy racket allegedly linked with the US intelligence agency CIA and arrested 30 people for operating an internet network to gather secret data related to Iran’s nuclear scientists.

The Judiciary said Saturday it has dismantled a US-backed cyber network, which was set up to gather information on Iran’s nuclear scientists and spread unrest after the presidential election.

The nexus was formed by anti-Iran groups, including the terrorist Mojahedin Khalq Organisation (MKO), the Judiciary said in a statement, adding that 30 suspects have been arrested.

According to Iranian authority, during former US President George W Bush’s regime, a new campaign in the intelligence front – the “cyber war” – was set up to engage Iran, with the help of the MKO, pro-monarchy groups and other anti-Iran cells.

“Iran proxy”, which was one of the main projects of the campaign, received $50 million from the CIA and the US State Department, the statement said.

The program, which allowed Iranians bypass the state’s filtering system and access the internet, was designed to “obtain personal and family information” of its users and pass them on to US spy agencies.

Another major project was a network of “human rights activists”, which was led by Keyvan Rafiei, Jamal Hosseini and Ahmad Batebi, it said.

The network was tasked with recruiting people and sending them to an MKO camp in Iraq and other countries, where they would receive training, the statement said.

It said the network was also in close cooperation with “Lawyers Committee” and “Harana News service”, Press TV reported.

The network, according to the confession of its arrested members, was also tasked with inviting people to attend rallies and riots after the presidential election in June.

The Judiciary said that the International Criminal Police Organisation (INTERPOL) has been briefed on the situation and about the key members of the group, who operate the racket from the US.

Continue reading »]]> IANS / PTI

The Hindu

March 2010

http://beta.thehindu.com/business/article193044.ece

There have been attempts to hack into the government computer network, but till date there has been no loss of vital information, says Minister of State for Communication and Information Technology Sachin Pilot.

“Yes, there have been attempts but I can categorically say that not one attempt has been successful,” the minister said. “The government’s computer network system, maintained by the National Informatics Centre, is highly efficient,” Mr. Pilot told IANS in an interview.

Earlier this year, hackers tried to penetrate government computers in vital ministries including the office of the National Security Adviser (NSA). These attacks, officials said, originated in China.

According to the Computer Emergency Response Team, a cyber security advisory and referral agency of the Department of Information Technology, 570 Indian web sites were defaced by hackers during January this year, against 271 during the like month of last year.

During the whole of last year, a total of 6,023 cases of defacement were reported.

The agency also said that during January, out of 246 cyber-security incidents, as 63 percent related to spamming, 18 to phishing, 8 percent to malicious viruses, 76 percent to unauthorised scanning and the rest to other categories.

Former NSA M.K. Narayanan, who is currently West Bengal governor, had stated that his office and other government departments were targeted on the same date that U.S. Defence, Finance and Technology companies, including Google, reported cyber attacks from China.

The hackers had sent an e-mail with a PDF attachment containing a Trojan virus. But the virus, which allows hackers to download or delete files, was detected and officials were told not to log on until it was eliminated.

Mr. Pilot pointed out that such hackers were usually scanning the entire system to find weak spots. “But our people are very efficient and well trained. Safeguards have ensured that national security has not been breached.”

The Ministry of External Affairs and Indian embassies have instituted stringent protocol on the use of e-mails by serving officers, which includes frequently changing passwords and using e-mails only for routine communication.

Besides, the ministry has instituted a periodic security review of all computers to ward off cyber threats.

Continue reading »]]> William Maclean, Security Correspondent

Reuters

Feb 22, 2010

http://www.reuters.com/article/idUKTRE61L37B20100222

LONDON (Reuters) – The best weapon against the online thieves, spies and vandals who threaten global business and security would be international regulation of cyberspace.

Luckily for them, such cooperation does not yet exist.

Better still, from a hacker’s perspective, such a goal is not a top priority for the international community, despite an outcry over hacking and censorship and disputes over cyberspace pitting China and Iran against U.S. firm Google.

Nations are thinking too parochially about their online security to collaborate on crafting global cyber regulation, an EastWest Institute security conference heard last week.

Policy statements from governments around the world are dominated by the need to heighten national cyber defenses. As a result, too many cyber criminals are getting a free ride.

“Nations are in denial,” a cyber law expert told Reuters, saying national legislation was of limited use in protecting users of a borderless communications tool.

“It may take a big shock of an event to wake people out of their complacency, something equal to a 9/11 in cyberspace,” he said referring to the 2001 coordinated attacks on U.S. cities.

With a quarter of humanity connected to the Internet, cyber crime poses a growing danger to the global economy.

TARGET THE PERPETRATOR

The FBI tallied $264 million in losses from Internet crime reported by individuals in the United States in 2008 compared to $18 million of losses from 2001: These were probably a fraction of the losses caused to companies and government departments.

The menace extends to many sectors including control systems for manufacturing, utilities and oil refining, since many are now tied to the Internet for convenience and productivity.

A priority for regulators is to find ways of tracking down criminals across borders and ensuring they are punished, a tough task when criminals can use proxy servers to remain anonymous.

“We cannot postpone the debate until we are in the midst of a catastrophic cyber attack,” former U.S. Homeland Security Secretary Michael Chertoff told the conference.

“We must formulate an international strategy and response to cyber attacks that parallels the traditional laws governing the land, sea, and air.”

Security experts say the ability to conduct disastrous mass cyber attacks is the preserve of some governments, well beyond the capacity of militant guerrilla groups like al Qaeda.

But it cannot be assumed that international organized criminal networks, long practiced at mass online fraud and theft, are not developing an interest in gaining this ability.

“Cyber crime is a very sophisticated crime with very sophisticated players and it takes a multinational effort to make sure we can enforce the law,” Dell Services President Peter Altabef told Reuters.

“Once you have identified who is at fault you really want to make sure, as a deterrent, that you can go to those jurisdictions and enforce the laws on the books.”

James Stikeleather, Dell Services Chief Technology Officer, told Reuters that tracking own criminals across borders could pose legal issues for drafters of multilateral regulation.

Giving an example, he said the more companies added the technology needed to give investigators the ability to attribute a crime, the more users’ privacy and anonymity would be reduced.

“PLAYING WITH FIRE”

“Probably the sticking point among the governments will be ‘where is the appropriate level of attribution versus anonymity or privacy for what people are doing (online)’.”

Datuk Mohammed Noor Amin, chairman of the U.N.-affiliated International Multilateral Partnership Against Cyber Threats, said failure to regulate could perpetuate cyber “failed states.”

He cited impoverished countries where customers can purchase unregistered SIM cards with mobile Internet capability, giving them the ability to commit online crime such as identify theft against people in rich nations without fear of being traced.

He said it was in the interest of rich nations to help poorer countries develop the capacity to crack down on this kind of abuse, because their own citizens were being targeted.

“Governments tend to look at their self-interest. But it’s actually in their own interest to collaborate,” he said.

Altabef said the growing rate and scale of international cyber attacks threatened to undermine the trust between nations, businesses and individuals that was necessary for economies and societies to act on the basis of the common good.

Complacency was also a problem, delegates said. “Nations take for granted the Internet is going to be ‘on’ for the rest of our lives. It may not necessarily be so,”.

“Imagine the Internet being down for two to four weeks,” he said. This would “rain disaster” on online businesses as well as transport, industry and governmental surveillance systems.

“People have realize the Internet is an integral part of every country, politically, socially and business-wise.”

“Not to focus on cybersecurity is playing with fire.”

Continue reading »]]> DAILY NEWS

February 18th 2010

http://www.nydailynews.com/news/2010/02/18/2010-02-18_kneber_botnet_virus_attacks_75000_computers_worldwide_including_us_government_sy.html

A new computer virus has infected almost 75,000 computers worldwide – including 10 U.S. government agencies – collecting login credentials from online financial, social networking sites and email systems and reporting back to hackers.

The virus, dubbed the Kneber botnet, is thought to be the brainchild of an Eastern European criminal group that is likely selling the information on the black market, according to the Internet security firm NetWitness, which uncovered the attacks in January.

The attacks are continuing and corporate losses are still being compiled, said NetWitness chief technology officer Tim Belcher.

The FBI, Department of State and Department of Homeland Security have been notified, Belcher said.

The crime groups “running this activity are every bit as expert at compromising systems and siphoning off information as nation states,” according to Belcher.

“They’re well funded, motivated and successful.” Hackers using the new virus have infiltrated the computer networks of more than 2,400 companies in almost 200 countries over an 18-month period, the Herndon, Va.-based computer security firm reported.

Further investigation revealed that many commercial and government systems were compromised, including 68,000 corporate login credentials and access to email systems, online banking sites, Yahoo, Hotmail and social networks such as Facebook.

Infiltrated companies include pharmaceutical giant Merck & Co., Cardinal Health Inc., software firm Juniper Networks and Paramount Pictures, the Wall Street Journal reported Thursday.

Hackers reportedly used the virus to break into computers at 10 U.S. government agencies and in one case obtained the user name and password for a soldier’s military e-mail account.

Companies in Egypt, Mexico, Saudi Arabia, Turkey and the U.S. are the most frequently targeted in the attack, according to a research paper released by NetWitness.

The attack uses a piece of software called ZeuS, designed in Eastern Europe, that takes control of large numbers of computers.

ZeuS is among the top five most reported computer infections, according to the Department of Homeland Security.

“These large-scale compromises of enterprise networks have reached epidemic levels,” said Amit Yoran, CEO of NetWitness and former Director of the National Cyber Security Division.

“Cyber criminal elements like the Kneber crew quietly and diligently target and compromise thousands of government and commercial organizations across the globe.”

Yoran said that conventional intrusion detection systems are “inadequate for addressing Kneber or most other advanced threats.”

Continue reading »]]> ‘Kill Zeus’ removes rival software from PCs, giving Spy Eye access to usernames, passwords

By Robert McMillan

IDG News Service

February 9, 2010

http://www.computerworld.com/s/article/9154618/New_Russian_botnet_tries_to_kill_rival

IDG News Service – An upstart Trojan horse program has decided to take on its much-larger rival by stealing data and then removing the malicious program from infected computers.

Security researchers say that the relatively unknown [Spy Eye toolkit] added this functionality just a few days ago in a bid to displace its larger rival, known as Zeus.

The feature, called “Kill Zeus,” apparently removes the Zeus software from the victim’s PC, giving Spy Eye exclusive access to usernames and passwords.

Zeus and Spy Eye are both Trojan-making toolkits, designed to give criminals an easy way to set up their own “botnet” networks of password-stealing programs. These programs emerged as a major problem in 2009, with the U.S. Federal Bureau of Investigation estimating last October that they have caused $100 million in losses.

Trojans such as Zeus and Spy Eye steal online banking credentials. This information is then used to empty bank accounts by transferring funds to so-called money mules — U.S. residents with bank accounts — who then move the cash out of the country.

Sensing an opportunity, a number of similar Trojans have emerged recently, including Filon, Clod and [Bugat], which was discovered just last month.

Spy Eye popped up in Russian cybercrime forums in December, according to Symantec Senior Research Manager Ben Greenbaum.

With its “Kill Zeus” option, Spy Eye is the most aggressive crimeware, however. The software can also steal data as it is transferred back to a Zeus command-and-control server, said Kevin Stevens, a researcher with SecureWorks. “This author knows that Zeus has a pretty good market, and he’s looking to cut in,” he said.

Turf wars are nothing new to cybercriminals. Two years ago a malicious program called Storm Worm began attacking servers controlled by a rival known as Srizbi. And a few years before that, the authors of the Netsky worm programmed their software to remove rival programs Bagle and MyDoom.

Spy Eye sells for about $500 on the black market, about one-fifth the price of premium versions of Zeus. To date, it has not been spotted on many PCs, however.

Still, the Trojan is being developed quickly and has a growing list of features, Greenbaum said. It can, for example, steal cached password information that is automatically filled in by the browser, and back itself up via e-mail. “This is interesting in its potential, but it’s not currently a widespread threat at all,” he said.

Continue reading »]]> TNN

01 February 2010

http://timesofindia.indiatimes.com/india/India-needs-a-separate-cyber-police-force-Moily/articleshow/5521142.cms

NEW DELHI: India urgently needs a well-trained special police force to deal with cyber crimes and it must be equipped and trained to deal with all kinds of internet bugs, law minister Veerappa Moily said on Sunday.

“India does not have a specific police force to deal with cyber crimes and implementation of laws against crimes in the virtual world. India needs it urgently following the footsteps of US and South Korea,” Moily said at an interactive seminar for judges, heads of police forces and prosecution of states here.

He said there were many impediments that needed to be overcome soon. While a vast majority of the police force or prosecutors in the country had no experience of tackling cyber crime, judges too lacked experience in appreciating evidence in such cases. As cyber crime knows no geographical boundary, the absence of international cooperation between police forces adds to the woes of victims and lets the culprit go scot free, he said.

It was attorney general G E Vahanvati who pointed out the danger potential of cyber crime as was shown by `Trojan horse’ and `I love you’ bug and said cyber crime was not limited to the web world but had been extended to mobile phones, which could be used to bombard a victim with messages and send illicit MMSes.

Chief Justice of India K G Balakrishnan said cyber crimes caused irreparable damage to the victims though it may not involve inflicting of physical pain. “Someone’s bank account can be wiped off depriving him of life-long savings and others can face huge loss of reputation when his face is morphed and put in an obscene video on the net,” he said while emphasising on sensitisation of the police, prosecutors and judiciary about the consequences of the crime.

Supreme Court judge and Cyber Law Enforcement Committee chairman, Justice Altamas Kabir, said the attending DGPs and judges should make efforts to understand the nitty-gritty of the anti-cyber crime law enacted by the country in the shape of IT Act, 2000. However, he said going by the growing ingenuity of cyber criminals, there was a need for expanding the definitions of various crimes listed in the law.

Continue reading »]]> ATTACKED : CIA, PayPal under bizarre SSL assault

Plus hundreds of others

By Dan Goodin in San Francisco

29 January 2010

http://www.theregister.co.uk/2010/01/29/strange_ssl_web_attack/

The Central Intelligence Agency, PayPal, and hundreds of other organizations are under an unexplained assault that’s bombarding their websites with millions of compute-intensive requests.

The “massive” flood of requests is made over the websites’ SSL, or secure-sockets layer, port, causing them to consume more resources than normal connections, according to researchers at Shadowserver Foundation, a volunteer security collective. The torrent started about a week ago and appears to be caused by recent changes made to a botnet known as Pushdo.

“What do I mean by massive? I mean you are likely seeing an unexpected increase in traffic by several million hits spread out across several hundred thousand IP addresses,” Shadowserver’ Steven Adair wrote. “This might be a big deal if you’re used to only getting a few hundred or thousands of hits a day or you don’t have unlimited bandwidth.”

Shadowserver has identified 315 websites that are the recipients of the SSL assault. In addition to cia.gov and paypal.com, other sites include yahoo.com, americanexpress.com, and sans.org.

It’s not clear why Pushdo has unleashed the torrent. Infected PCs appear to initiate the SSL connections, along with a bit of junk, disconnect and then repeat the cycle. They don’t request any resources from the website or do anything else.

“We find it hard to believe this much activity would be used to make the bots blend in with normal traffic, but at the same time it doesn’t quite look like a DDoS either,” Adair wrote.