Tag Archive | Cybercrime

Flame malware command-and-control servers reveal earlier origins, among other links

Government malware, Flame, Stuxnet, etc. is expanding and becoming more of a problem. Computer systems are getting even more inventive, but not at the alarming rate that dangerous malware is expanding. There may be more links other than Stuxnet for Flame.

First, computer systems are created for specific purposes, and have been for about forty years now. However, some of the newer computer systems are created to become like robots, which means that the computer system works on its own without user intervention. But, what happens when malware targets the core computer systems of oil industries, energy companies, military plants, etc.? It can cause dangerous and severe consequences if the system were to become compromised.

Second, the Flame malware became uprising just this past May, where it infected over 1000 computers, according to Kaspersky Lab. The victims of the first attack included governmental organizations, educational institutes, and personal users. Most of the attacks were central over West Asia, including Iran, Israel, Syria, Saudi Arabia, Egypt, among others. Supporting a kill command, which would eliminate all traces of the malware from the computer attacked, this command was sent soon after the malware’s exposure. Right now, there are no reported active infections of Flame, or other variants being created.

However, there are derivatives of the Flame malware being created. We reported a few weeks ago about Shamoon being actively distributed using its skiddie approach. There are other links that were recently found (like Gauss) that can relate Flame to command-and-control usage back to 2006. Which means this Flame project could be as much as 6 years old, or is related to malware from then.

Instead of looking like a botnet interface, the Flame command centers look more like content-management systems (CMS), and have many other new approaches. One of its approaches included the three fraudulent certificates, which Microsoft patched to block them back in June.

More news about the findings and C&C servers were fully unveiled to the recent Flame investigation by Kaspersky Lab and the news from Symantec (PDF). Researchers at Kaspersky Lab state they were suspicious about the findings of a development link to Stuxnet back in June, when communication was eavesdropped between the team.

Some of the key developers behind all of this situation include speculation of the US & Israel combined. However, there is no known evidence backing these claims, except for what researchers can reveal about coding types and other methods used.

Much of the articles by Kaspersky Lab and Symantec include the following speculations as well:

  • Four programmers at least tag-teamed on the job of development as their nicknames were left in the code.
  • One-server called home 5000 victim machines during just a one-week period in May, suggesting at least 10,000 victims.
  • The infections weren’t just focused on one-group of organizations or people, but in separate groups of targets in many countries.
  • Many of the targets focused a lot on Iran and Sudan.
  • Different custom protocols were used to communicate with the servers, not just one protocol. Meaning that there were at least four different protocols used to communicate to the servers.
  • Tons of data was stolen, which 5.5 GBs was reported in just one week of data-mining from the malware.
  • The attackers are either mining for government information, or attempting to gain military intelligence.

The developers behind the Flame malware have a lot more secrets, which are being unveiled. More ties are being linked to Stuxnet and Flame, and when the information becomes available, it’ll be here on seCURE Connexion’s blog. The Flame developers obviously have a lot of nerve developing these cyber-weapons. But, many politicians and security experts have warned of this information warfare for years. Here we are at the peak!

To protect your computer from hackers, use Kaspersky’s PURE Total Security:
Kaspersky PURE Total Security

AntiSec theft of FBI data a lie

The Anonymous group AntiSec has claimed to have mined around 12 million Unique Device Identifiers (UDIDs) from a FBI laptop, after the hack was claimed to have been part of a Java vulnerability. News has been booming with Java vulnerabilities lately, so this is a very believable story. AntiSec published their list to prove the group had the data. The data is used as identifiers for iPhone and iPad devices.

AntiSec’s reason stated includes that it wanted to expose the FBI’s tracking of Apple device users.

However, the FBI has came back with a press release statement:

The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.

That was published on the FBI site.

Therefore, all this was just a tactic to draw attention to themselves.

 

TeaMp0isoN Member that Hacked Tony Blair Sentenced

TeaMp0isoN member, Junaid Hussain, 18, of Birmingham, was accused and plead guilty to hacking in the Gmail account of British Prime Minister Tony Blair.

According to ThreatPost, the attack that Hussain admitted to being involved with was a breach of the email account of one of Blair’s former advisers. Hussain, who used the handle “TriCk”, pleaded guilty in early July to the attack and was sentenced Tuesday in England to six months in prison for the attack. He was arrested in April.

According to Sophos’s Naked Security, members of the TeaMp0isoN hacking gang then published the hacked information online, sparking security fears about the safety of the former Prime Minister, his friends and associates.

Message posted by Team Poison

A time in prison at the start of your adult life is no easy undertaking. Hope the young lad learned his lesson.

Republican Senators Revise Cybersecurity Bill

Government Security

The cybersecurity bill discussed in congress earlier this Spring is now revised with newer details. The revision to the originally democratic bill is more based on disallowing the government to absolutely standardize new cybersecurity bills. The idea is for those with critical infrastructured networks get fully secure (as required). The new SECURE IT bill restricts the government from retaining and using information about cyberthreats.

According to Computer World: SECURE IT, backed by Sens. John McCain (R-Ariz.), Kay Bailey Hutchison (R-Texas), Chuck Grassley (R-Iowa), Saxby Chambliss (R-Ga.), Lisa Murkowski (R-Alaska), Dan Coats (R-Ind.), Ron Johnson (R-Wis.), and Richard Burr (R-N.C.), will allow companies to legally share real-time cyberthreat information from their networks with other industry stakeholders, law enforcement agents and government officials.

The restriction of the use of such information about cyberthreats is to help combat the ability of hackers from discovering the information and getting quicker revision time for their threats.

The mere investment in to tools to combat cybersecurity threats is crucial to American infrastructure, and infrastructure all around the world even!

The biggest deal is watching how cyberthreat information is shared. Programs like CISPA are not going to function very well. Which means cyberthreat information should be held between private parties for a temporary time, and once a mitigation is made, destroy the data.

Corporate and government systems are not immune to cyberattacks by hackers.

 

Julian Assange, Wikileaks Founder Arrested

Wikileaks founder Julian Assange, who is seeking asylum at Ecuador’s London embassy, faces arrest for breaching his bail, police say.

Mr Assange, 40, whose conditions included staying at his bail address between 2200 and 0800 BST, spent Tuesday night at the embassy.

Last week he failed to reopen an appeal against his extradition to Sweden.

Mr Assange, wanted for questioning in Sweden over rape and sexual assault allegations, denies any wrongdoing.

Ecuador had said it was “studying and analysing” Mr Assange’s request for asylum.

Read more on this story now

Summing Up Google’s Censorship Requests

By Jay Pfoutz – Opinion Article

Google has published Transparency Report, which is indeed helpful, because it allows users to see how Google’s operations run. Particularly in the bounds of censorship. Some of the data is aggregated below, but is taken from the Transparency Report.

Governments all across the world find data, videos, pictures, that might be offensive to the nature of their country. Therefore, they make requests to Google for removing such content, or at least removing it from view. This data is dated from July to December 2011.

Some of the governments are lenient, and some are just plain ridiculous, in my opinion.

Here are the most ridiculous governments (namely countries):

  • Brazil – Mainly because of Orkut, Google received 128 requests for removal of content. 😛
  • United States – Mainly because of YouTube videos denoting harassment (some 1,400), Google received 117 requests for removal of content. :O

Copyright removal was another form of requests (data in past month)…here are the ridiculous ones from that list:

Top Potential Copyright Violation Sites (Oh no…SOPA/PIPA would be on this):

  • FilesTube.com
  • ExtraTorrent.com
  • BitSnoop.com
  • Kat.ph
  • Torrentz.eu

And that’s not close to all of them.

Check out the full Transparency Report for more interesting data: google.com/transparencyreport/removals


%d bloggers like this: