Tag Archive | New York Times

Mandiant is investigating hacks in efforts to better their research

Mandiant, the company behind the big research report we talked about on APT1, is now asking for people to talk about their hacking episodes they’ve been affected with. They’re trying to be the go-to investigators, it seems, for the Fortune 1000.

When trying for importance, first of all, let your work speak for yourself instead of trying so hard and stating your intents. Anyway, back on topic…When the New York Times was hacked back in late 2012, phone calls were made to Mandiant. When Mandiant investigated this issue, reports were shown that the hacks were coming from a hidden firm in the Chinese military, called APT1.

Chinese Defense Building

Sketch of the 12-Story Shanghai-based defense headquarters of unit 61398.

A 60-page report (PDF), which was created by Mandiant, detailed the issues behind cyber-espionage group APT1.  The New York Times detailed all about APT1 as well (which summarized some info in the 60-pg. report), and by rights done so out of anger/reply against the crime group.

One of the surprising aspects of the report, is that APT1 practiced spearphishing attacks on the NYT, but what were they targeting? A big organization with big media possibilities. That’s the point in spearphishing.

Mandiant’s data forensic capabilities are stepping it up, and now they want to know about your hacks that have been experienced. They’re looking to investigate more of the issues behind some of the hacks. They want to target the organizations, whomever they are, that are behind these small-to-large scale attacks.

Check out this video from Mandiant:

Some of Mandiant’s operations can be read on their annual report.

This proves that the investigations are continuing in trial for the cyberwars that are going on around the world. It’s still continuing, and even stepped up in some means.

Feel free to comment on this story below.

Advertisements

Saudi Aramco Incident Investigated Much Closer

We reported back in October about the damage swell of Saudi Aramco, Saudi Arabia’s oil company, which fell victim to a cyberattack. Some new details have been revealed by a few investigating/reporting organizations…

The New York Times reported the following yesterday:

The attack on Saudi Aramco — which supplies a tenth of the world’s oil — failed to disrupt production, but was one of the most destructive hacker strikes against a single business.

“The main target in this attack was to stop the flow of oil and gas to local and international markets and thank God they were not able to achieve their goals,” Abdullah al-Saadan, Aramco’s vice president for corporate planning, said on Al Ekhbariya television. It was Aramco’s first comments on the apparent aim of the attack.

Hackers from a group called Cutting Sword of Justice claimed responsibility for the attack, saying that their motives were political and that the virus gave them access to documents from Aramco’s computers, which they threatened to release. No documents have yet been published.

The “Cutting Sword of Justice” made a post on PasteBin.com about taking credit for the attack.

We explained previously that most of the cyberattacks this year have been aimed at erasing data on energy companies’ computers. However, renewed thoughts of Aramco are showing the want by hackers to stop the flow of production. Good thing it got sorted out.

The Damage Swell of Saudi Aramco Attack

The New York Times reported about the damages of the attacks on Saudi Aramco, a Saudi Arabian oil firm. The article stated the following, blaming Iran for the attacks on Saudi Aramco along with supporting evidence:

That morning, at 11:08, a person with privileged access to the Saudi state-owned oil company’s computers, unleashed a computer virus to initiate what is regarded as among the most destructive acts of computer sabotage on a company to date. The virus erased data on three-quarters of Aramco’s corporate PCs — documents, spreadsheets, e-mails, files — replacing all of it with an image of a burning American flag.

United States intelligence officials say the attack’s real perpetrator was Iran, although they offered no specific evidence to support that claim. But the secretary of defense, Leon E. Panetta, in a recent speech warning of the dangers of computer attacks, cited the Aramco sabotage as “a significant escalation of the cyber threat.” In the Aramco case, hackers who called themselves the “Cutting Sword of Justice” and claimed to be activists upset about Saudi policies in the Middle East took responsibility.

Intelligence officials are still investigating the nature of the RasGas hack also, because it is related to this attack, which involved a malware called Shamoon.

The investigations of Saudi Aramco and RasGas, Qatar’s top natural gas firm, are coming together. Most of the cyberattacks this year have been aimed at erasing data on energy companies’ computers. More updates to come.

Facebook Given Short Notice to Stop Breaching Privacy

A consumer group in Germany has alleged over Facebook App Center about violating privacy laws.

According to the Washington Post, the Federation of German Consumer Organisations has given Facebook one week to stop automatically giving user information to third-party applications without explicit consent.

Legal action is possibly to Facebook, if these solutions are not met to fix privacy flaws, by September 4, 2012.

According to the New York Times about two week ago, “The company’s use of analytic software to compile photographic archives of human faces, based on photos uploaded by Facebook’s members, has been problematic in Europe, where data protection laws require people to give their explicit consent to the practice.”

Officials say this investigation and alleged charges are related to the Google Street View investigation, and similar actions can be taken, if necessary, to resolve the problem.

For the App Center, it’s put in place, some speculate, to help the Facebook mobile market and increase revenue for the company. With its competition against Apple or Android stores, it’s trying to gain attention quickly as an app store itself.

What makes governments and privacy experts nervous, is when Facebook developers make users opt-out, instead of opt-in. This means that new, potentially problematic, features are turned on by default. This requires too much work on the user, and an unfair advantage for Facebook.

Cyberwar for Iran Heating Up

Apparently, Iran’s intelligence minister has blamed key countries, US, UK, and Israel for plotting a cyberattack against the country.

Also, earlier this month, The New York Times reported that President Obama ordered similar attacks on the super-computers that run Iran’s nuclear plants.

According to Reuters, “Based on obtained information, America and the Zionist regime (Israel) along with the MI6 planned an operation to launch a massive cyber attack against Iran’s facilities following the meeting between Iran and the P5+1 in Moscow,” Iran’s English-language Press TV quoted him as saying.

Another crazy issue would be that since Iranian leaders could not talk to the US/UK/Israel, they assumed an attack was planned. I guess what they don’t know WILL hurt them…right?

What is big about this, is the fact that the cyberwar between the US-based allies (UK + Israel + US) and Iran is heating up. Prepare for more stories like this here on seCURE Connexion!

%d bloggers like this: