Interpreting the HBGary Federal security breach

In February, security firm FBGary Federal was hacked by Anonymous. HBGary Federal is a security firm that offers services such as rootkit detection, incident response, malware reverse engineering, and computer forsenics. They have also given presentations at conferences such Black Hat Briefings and the RSA Conference.

Anonymous hacked HBGary Federal quickly and catastrophically. Anonymous released ~60,000 internal emails, released an easily cracked database full of hashed passwords, and severely hurt business (several companies are considering buying out HBGary Federal). Even worse, the hacks were performed using well-known security flaws. Some of the vulnerabilities that were exploited include badly-hashed passwords (no salting or multiple hasing used), easily cracked passwords (simple to guess), a SQL injection flaw, and social engineering (passwords were emailed around, among other things).

All of this activity is illegal; HGBary Federal was (at the time) a respected security company, employed by governments and companies around the world. Yet Anonymous did not hack HBGary Federal without provocation: CEO Aaron Barr was investigating the collective, and preparing to release names, online IDs, and addresses of members. Aaron Barr _told_ an anonymous ringleader about the forthcoming dump of information.

That alone is food for thought; an anonymous collective was able to carry out a form of vigilante justice. It brings to mind the famous letter by John Perry Barlow entitled “A Declaration of the Independence of Cyberspace”. “[...]you weary giants of slesh and steel[...]“.

But it gets weirder. In the email dump, it was revealed that HBGary Federal was itself selling rootkit software ($60,000) and 0-day security exploits, pursuing a plan to sniff cell phones to collect personal data, and was being paid to investigate Wikileaks by Bank of America.

This serves to show that security is not a black-and-white affair. A respected company was itself performing a variety of sketchy services, and the collective that unmasked it looks innocent by comparison. It’s an odd reversal of roles.

NOTES:

https://projects.eff.org/~barlow/Declaration-Final.html

http://www.pcworld.com/businesscenter/article/221504/8_security_tips_from_the_hbgary_hack.html

http://www.h-online.com/security/features/Anonymous-makes-a-laughing-stock-of-HBGary-1198176.html

http://arstechnica.com/tech-policy/news/2011/02/black-ops-how-hbgary-wrote-backdoors-and-rootkits-for-the-government.ars/3

http://www.lightbluetouchpaper.org/2011/02/09/measuring-password-re-use-empirically/

http://en.wikipedia.org/wiki/HBGary

The Internet Is In Danger!

GO HERE, READ THIS: http://americancensorship.org/

Time is running out ladies and gentlemen. You need to ACT NOW, TODAY,  to prevent censorship of the internet in America. The Great China Firewall has already demonstrated how devastating to free speech this policy would be, and if we do nothing the United States will  pass 2 bills that bring us much closer to a China style internet. so WHAT CAN YOU DO?

Paste this code into your website, prefereably in the <head></head> section:

<script type=”text/javascript” src=”http://americancensorship.org/js”></script>

Write to your congressman, tell everyone you know (even your enemies) to go to americancensorship.org and let the government know what you think about censorship!

Facebook Porn Attack!

Recently Facebook had an attack happen to them, this attack involved violent and pornographic images being uploaded to Facebook. Facebook claimed that the vulnerability was not on there shoulders but the browser which the user was using. Facebook did not claim to say what the browser was but blamed it on “self-XSS” its a user executed scripting agent that uses social engineering to trick the user to copy something and then post to Facebook.

 

 

http://www.informationweek.com/news/security/attacks/231903115

Clickjacking

Clickjaking seems to be going on a lot lately, you may have heard of it with the whole Facebook attack going on right now. Many people are victims of Clickjacking attacks, and its a hard attack to detect them. Many times it happens in the background without the user ever knowing. So what is Clickjacking? Well just check Wikipedia its a good enough description. http://en.wikipedia.org/wiki/Clickjacking

Simply put by wired.com

Clickjacking, put simply, is when a button, image, video, or some form of embedded content on a website is overlaid by an invisible layer that sits on top of the site underneath it.

Wired.com also had a fairly good example explanation:

For instance, you may see a page with a movie embedded on it. You want to watch the movie, so you click on the play button. You don’t think twice about it — you’ve done it a million times. Meanwhile, a hacker has superimposed an invisible web page over the movie. It just so happens that a button allowing access to your camera and microphone has been placed over the movie’s play button. Now, when you think you’re playing the movie, you’re actually permitting the hacker to access your video camera and microphone.

So your click on something that isn’t what it seems to be causes bad things to happen. Usually without you knowing. So how do you prevent it?

Keeping your browser and flash player up to date is the first step. Instead of repeating the rest of the information that’s already on the internet here’s a link that will give you some tips:
http://howto.wired.com/wiki/Prevent_Clickjacking_Attacks#Upgrade_Flash_Player

 

Hopefully this information will help for people who haven’t heard about Clickjacking yet. For those who have, hopefully all of you, this is just a reminder to make sure your secure.

 

 

 

 

Android Updates taking to long?

Through some searching online and reading multiple articles I found that many users are not on the latest Android version. This can obviously be seen as a security problem. As with many different software updates often include important security fixes. I doubt Android is any different. Although phones are shipped with a fairly recent version of the Android OS, the problem seems to be with how long it takes before the user even gets an update to the latest version. It can be a long process before the provider offers the update to its users. An article on computer world explained it better:

Google releases code that is in turn adapted by hardware manufacturers, and that in turn is adapted by various service providers. The software release latency from Google to device is long in the best of situations, and insurmountably long in many others.

With smart phone becoming some of the more popular devices to target for attacks, I feel this long process for updates could soon become a big issue. That is if it’s not already.

http://www.computerworld.com/s/article/9221844/Kenneth_Van_Wyk_The_security_implications_of_being_stuck_with_an_old_Android_OS

New Duqu Detection Software to help Windows OS users!!

Recently in the world networking and Internet security, researchers in Hungary from The Laboratory of Cryptography and System Security (CrySys) have developed software that has the ability to detect the presence of Duqu malware on a users system. Duqu is a malware software that is implanted onto a user’s system with the purpose stealing digital certificates from the infected computer and making it easier for other malicious software to appear as legitimate and secure. Most Duqu malware is acquired by opening a word document sent via email which contains the software. The researchers that developed this software are also the same researchers that discovered the Duqu malicious software back in September of 2011. The developers said that this software is ideal for Duqu victims to see how they were attacked, rather than just detecting and blocking an attack as most virus software does. The open source software is said to be as top class as a quality toolkit. However the developers say to examine the data reports that are given to make sure that you are not receiving a false positive report. I feel that this software is great for the fact that a computer user can never be too safe when it comes to securing their system. Prior to having gained this knowledge, I was unaware of this type of malicious software. I feel that it is a little intimidating, because it’s so easy to overlook and acquire. I hope that the researchers in Hungary continue to develop better software that can possibly aid in the removal of Duqu related malware.

People need to be more Cautious

People these days are too careless with their personal information. Due to this, cases of identify theft are becoming more prevalent. This past April, the Playstation Network (PSN) which has over 77 million registered accounts was hacked for almost a month. During this month crucial account information like credit card numbers were stolen from these registered accounts. I personally have a Playstation account but I have never gave them my credit card number for this sole reason. Giving out this information when you can go to the store and purchase a PSN card and then punch in the code on that card into the PSN to get money on your account makes no sense.

 

Sony (the creator of Playstation) did eventually regain control over the network from the hackers, revamp their security system and compensate the PSN users but that does not change the fact that they got hacked. Most people would think that a company of Sony’s caliber was not capable of getting hacked but that was not the case. With cyber attacks becoming more and more prevalent in today’s world, it is evident that people need to keep a better eye on their personal information. Checking your back statements and credit reports weekly is a good way of doing this.

 

http://venturebeat.com/2011/09/22/security-lessons-from-the-playstation-network-breach/

 

http://ps3.ign.com/articles/116/1164194p1.html

Nationwide Cyber Attacks Target Law Enforcement Agencies

A nationwide cyber attack on law enforcement agencies has raised alert in many cities.  The latest agency to be attacked was the Jefferson County Sheriffs office in Birmingham and they stated that their security is taken in layer to try and keep information secure.  Investigators stated that the hackers are trying to access personal information of law enforcers in the databases and release them publicly.

http://www.wtvy.com/home/headlines/Nationwide_Cyber_Attacks_Targeting_Law_Enforcement_Agencies_132835223.html

Canadians lax about cellphone security

Lax Security

It seems that Canadians are much more lax about their cellphone security that most people.

This article found that:

• One third of Canadians use public Wi-Fi at places such as coffee shops and airports where online communications are not always protected by encryption.

• One in five users of social networking sites do not adjust privacy settings to control who can see photos and information about them online.

I think perhaps they have just accepted the fact that protecting yourself at times can be futile because they can infiltrate you regardless.

Malware with Government Signature

I was browsing reddit and I came upon this link that showed a piece of malware with a signature belonging to the Malaysian government. While reading this article I saw that the attackers steal the code-signing certificates just so they can sign the code as if they are someone else.

I thought this was very interesting because I knew of phishing attacks are usually the ones were the attacker pretends to be someone else, but now it’s malware as well. The article mentioned that the Malaysian government was notified of this malware with their signature on it, but this made me wonder if they can steal government-type signatures, can they also pretend to be the U.S. government?

http://www.f-secure.com/weblog/archives/00002269.html