Cyber-espionage attempts on US businesses on the rise

Cyber-espionage attempts on US businesses to gain business secretes and industrial secretes are on the rise. The source of these attacks come mainly from China and Russia. The report projects that China and Russia will “remain aggressive and capable collectors of sensitive US economic information and technologies, particularly in cyberspace.”

“National boundaries will deter economic espionage less than ever as more business is conducted from wherever workers can access the Internet,” the report states. “The globalization of the supply chain for new—and increasingly interconnected—IT products will offer more opportunities for malicious actors to compromise the integrity and security of
these devices.”

The biannual report is mandated by a provision of the 1995 law funding US intelligence organizations. But this edition is the first to focus heavily on cyber-espionage, reflecting how most critical data now passes over networks.

This is really troubling, since I think many of the US’s biggest assets are its Intellectual Property and industrial secretes. We can not let anyone just steal it from us.

Source: http://arstechnica.com/business/news/2011/11/cyber-espionage-attempts-on-us-businesses-are-on-rise.ars

Major privacy flaw found in 3rd party Android browser

The Dolphin HD browser for Android has been a favorite 3rd Party browser with the Android community for its excellent features, but in recent updates its been found to have a major privacy flaw.

Discussions in the XDA forums and a report published on the Android Police blog yesterday revealed that every URL loaded in Dolphin HD is relayed as plain text to a remote server. The article includes screenshots from a packet sniffer that clearly demonstrate the issue.

In response the company behind the browser issued a statement. Recent versions of Dolphin introduced a feature called Webzine that offers a specialized presentation of websites. When a user visits a website, the URL is relayed to Dolphin’s servers which determine whether the Webzine view is supported for the specified destination. They issued an update that has disabled the feature.

They said they plan to re-enable the feature in the future and it will be opt-in only. This seems galling that they would not even use any kind of encryption on the data that’s sent back. The fast response and updates are somewhat reassuring, since this company could have handled this much worse than they did.

Source: http://arstechnica.com/gadgets/news/2011/10/major-privacy-flaw-found-in-dolphin-hd-browser-for-android.ars

Researchers can keylog your PC using your iPhone’s accelerometer

Thinking about today’s discussions about Malware in general, I found this story interesting and pretty relevant to what we did today. Researchers with MIT and Georgia Tech have developed a proof of concept to demonstrate that they can use a smartphone’s accelerometer to keylog a user’s computer. It can accurately decipher the keys from the vibrations of the keyboard when the smartphone is placed on a desk next to the keyboard.

According to Traynor, the method is 80 percent accurate with a 58,000 word dictionary. Even that accuracy, though, requires thoroughly modern equipment. “We first tried our experiments with an iPhone 3GS, and the results were difficult to read,” Traynor said in a statement. “But then we tried an iPhone 4, which has an added gyroscope to clean up the accelerometer noise, and the results were much better. We believe that most smartphones made in the past two years are sophisticated enough to launch this attack.”

The researchers said that the probability of a smartphone user falling victim to this attack as “pretty low”. It only has 80% accuracy and would then have trouble with username’s and passwords that would not be in a dictionary.

Source: http://arstechnica.com/apple/news/2011/10/researchers-can-keylog-your-pc-using-your-iphones-accelerometer.ars

Drone saga deepens

Officials at Chreech Air Force Base in Nevada knew for weeks about the virus infecting drone “Cockpits”. They however never bothered to inform the rest of the Air Force, including the Air Force’s cybersecurity specialists. The specialists at the 24th Air Force learned of the virus from Danger Room.

The virus, which records the keystrokes of remote pilots as their drones fly over places like Afghanistan, is now receiving attention at the highest levels; the four-star general who oversees the Air Force’s networks was briefed on the infection this morning. But for weeks, it stayed (you will pardon the expression) below the radar: a local problem that local network administrators were determined to fix on their own.

The virus has sparked a bit of a firestorm in military circles. Not only were officials in charge kept out of the loop about an infection in America’s weapon and surveillance system of choice, but the surprise surrounding that infection highlights a flaw in the way the US military secures its information infrastructure.

The four branches of the US armed forces each has a dedicated unit that, in theory, is supposed to handle cyber defense for the entire service. The 24th Air Force, for example, “is the operational warfighting organization that establishes, operates, maintains and defends Air Force networks,” according to a military fact sheet. These units are then supposed to provide personnel and information to US Cyber Command, which is supposed to oversee the military’s overall network defense.

Each base has its own IT teams and no one can see what is traveling through a bases pipes from one location, let alone all bases from one location. There are plans to integrate the Air Forces networks to one network, but until then nothing. It’s a little scary that this base just let this virus continue, what else could they not be seeing on there networks?

Source: http://arstechnica.com/tech-policy/news/2011/10/get-hacked-dont-tell-drone-base-didnt-report-virus.ars

Predator Drone ‘Virus’ Could Be Military’s Own Monitoring

Earlier last week it was reported that the military’s Predator and Reaper UAV fleet was hit by a virus that logged the pilots keystrokes. After several attempts to remove it, the virus kept coming back to the system’s.

Security researcher Miles Fidelman says, however, the virus may be an internal Department of Defense (DoD) security monitoring package. He noted there are “a couple of vendors” who sell such technology to the DoD, which are “essentially rootkits that do, among other things, key logging.” The comments were sent to the Dailydave security mailing list, which was posted through SecLists.org.

“I kind of wonder if the virus that folks are fighting is something that some other part of DoD deployed intentionally,” Fidelman adds.

It would be quite glaring if the Air Force’s tech’s are wasting there time fighting this virus if it was employed by the DoD itself as accountability on its pilots.

Source: http://techzwn.com/2011/10/predator-drone-virus-could-be-internal-monitoring-system-analyst/