Cyber-espionage attempts on US businesses on the rise

Cyber-espionage attempts on US businesses to gain business secretes and industrial secretes are on the rise. The source of these attacks come mainly from China and Russia. The report projects that China and Russia will “remain aggressive and capable collectors of sensitive US economic information and technologies, particularly in cyberspace.”

“National boundaries will deter economic espionage less than ever as more business is conducted from wherever workers can access the Internet,” the report states. “The globalization of the supply chain for new—and increasingly interconnected—IT products will offer more opportunities for malicious actors to compromise the integrity and security of
these devices.”

The biannual report is mandated by a provision of the 1995 law funding US intelligence organizations. But this edition is the first to focus heavily on cyber-espionage, reflecting how most critical data now passes over networks.

This is really troubling, since I think many of the US’s biggest assets are its Intellectual Property and industrial secretes. We can not let anyone just steal it from us.

Source: http://arstechnica.com/business/news/2011/11/cyber-espionage-attempts-on-us-businesses-are-on-rise.ars

Major privacy flaw found in 3rd party Android browser

The Dolphin HD browser for Android has been a favorite 3rd Party browser with the Android community for its excellent features, but in recent updates its been found to have a major privacy flaw.

Discussions in the XDA forums and a report published on the Android Police blog yesterday revealed that every URL loaded in Dolphin HD is relayed as plain text to a remote server. The article includes screenshots from a packet sniffer that clearly demonstrate the issue.

In response the company behind the browser issued a statement. Recent versions of Dolphin introduced a feature called Webzine that offers a specialized presentation of websites. When a user visits a website, the URL is relayed to Dolphin’s servers which determine whether the Webzine view is supported for the specified destination. They issued an update that has disabled the feature.

They said they plan to re-enable the feature in the future and it will be opt-in only. This seems galling that they would not even use any kind of encryption on the data that’s sent back. The fast response and updates are somewhat reassuring, since this company could have handled this much worse than they did.

Source: http://arstechnica.com/gadgets/news/2011/10/major-privacy-flaw-found-in-dolphin-hd-browser-for-android.ars

Researchers can keylog your PC using your iPhone’s accelerometer

Thinking about today’s discussions about Malware in general, I found this story interesting and pretty relevant to what we did today. Researchers with MIT and Georgia Tech have developed a proof of concept to demonstrate that they can use a smartphone’s accelerometer to keylog a user’s computer. It can accurately decipher the keys from the vibrations of the keyboard when the smartphone is placed on a desk next to the keyboard.

According to Traynor, the method is 80 percent accurate with a 58,000 word dictionary. Even that accuracy, though, requires thoroughly modern equipment. “We first tried our experiments with an iPhone 3GS, and the results were difficult to read,” Traynor said in a statement. “But then we tried an iPhone 4, which has an added gyroscope to clean up the accelerometer noise, and the results were much better. We believe that most smartphones made in the past two years are sophisticated enough to launch this attack.”

The researchers said that the probability of a smartphone user falling victim to this attack as “pretty low”. It only has 80% accuracy and would then have trouble with username’s and passwords that would not be in a dictionary.

Source: http://arstechnica.com/apple/news/2011/10/researchers-can-keylog-your-pc-using-your-iphones-accelerometer.ars

Drone saga deepens

Officials at Chreech Air Force Base in Nevada knew for weeks about the virus infecting drone “Cockpits”. They however never bothered to inform the rest of the Air Force, including the Air Force’s cybersecurity specialists. The specialists at the 24th Air Force learned of the virus from Danger Room.

The virus, which records the keystrokes of remote pilots as their drones fly over places like Afghanistan, is now receiving attention at the highest levels; the four-star general who oversees the Air Force’s networks was briefed on the infection this morning. But for weeks, it stayed (you will pardon the expression) below the radar: a local problem that local network administrators were determined to fix on their own.

The virus has sparked a bit of a firestorm in military circles. Not only were officials in charge kept out of the loop about an infection in America’s weapon and surveillance system of choice, but the surprise surrounding that infection highlights a flaw in the way the US military secures its information infrastructure.

The four branches of the US armed forces each has a dedicated unit that, in theory, is supposed to handle cyber defense for the entire service. The 24th Air Force, for example, “is the operational warfighting organization that establishes, operates, maintains and defends Air Force networks,” according to a military fact sheet. These units are then supposed to provide personnel and information to US Cyber Command, which is supposed to oversee the military’s overall network defense.

Each base has its own IT teams and no one can see what is traveling through a bases pipes from one location, let alone all bases from one location. There are plans to integrate the Air Forces networks to one network, but until then nothing. It’s a little scary that this base just let this virus continue, what else could they not be seeing on there networks?

Source: http://arstechnica.com/tech-policy/news/2011/10/get-hacked-dont-tell-drone-base-didnt-report-virus.ars

Predator Drone ‘Virus’ Could Be Military’s Own Monitoring

Earlier last week it was reported that the military’s Predator and Reaper UAV fleet was hit by a virus that logged the pilots keystrokes. After several attempts to remove it, the virus kept coming back to the system’s.

Security researcher Miles Fidelman says, however, the virus may be an internal Department of Defense (DoD) security monitoring package. He noted there are “a couple of vendors” who sell such technology to the DoD, which are “essentially rootkits that do, among other things, key logging.” The comments were sent to the Dailydave security mailing list, which was posted through SecLists.org.

“I kind of wonder if the virus that folks are fighting is something that some other part of DoD deployed intentionally,” Fidelman adds.

It would be quite glaring if the Air Force’s tech’s are wasting there time fighting this virus if it was employed by the DoD itself as accountability on its pilots.

Source: http://techzwn.com/2011/10/predator-drone-virus-could-be-internal-monitoring-system-analyst/

Microsoft kills Google Chrome with bad malware signature

Earlier on Friday Microsoft issued an update to its Microsoft Security Essentials anti-virus program. The definition update seemed to have deleted Google’s Chrome web browser from users machines.

Chrome users began reporting the specious detection of the browser early Friday in a quickly-growing thread on a Google support forum.

“This morning, after I started up the PC, a Windows Security box popped up and said I had a Security Problem that needed to be removed,” said someone identified as “chasd harris” in the first message of the thread. “I clicked the Details button and saw that it was ‘PWS:Win32/Zbot.’ I clicked the Remove button and restarted my PC. Now I do not have Chrome. It has been removed or uninstalled.”

Scores of others reported the same behavior on their Windows PCs running Microsoft’s Security Essentials — its free, consumer-grade antivirus software — as well as Forefront, the antivirus product designed for enterprises.

Microsoft issued another update about 3 hours after the first went live which fixed the issue, but said that about 3,000 users were effected.

This is no where near the first or worst instance of anti-virus vendors issuing bad updates. More than a year ago McAfee issued an update that deleted critical Windows XP system files that wreaked havoc of corporate systems.

This is not too common of a problem, but anti-virus vendors must be fast in responding and fixing issues people have before they create too much damage. Speed is the name of the game for anti-virus vendors, in responding to new attacks and fixing issues customers have with their software that break there systems.

Source: http://www.computerworld.com/s/article/9220435/Microsoft_kills_Google_Chrome_with_bad_malware_signature

iPhone, Android owners worry about security, don’t know what to do.

According to recent data by the NPD group, users of both platforms are worried about having their credit card info stolen, device theft, hackers accessing personal information, harmful apps, and unwanted location tracking. Few do anything more then worry though.

Android users showed more concern than iPhone users, but in general both had the same percentages of worry in all categories. NPD expressed concern, however, in the low number of users who had taken any kind of security measures—the firm said that more than 25 percent of all smartphone owners (35 percent of iPhone owners) had no idea how to acquire any kind of security software for their devices. And among those who did know but still had no security products installed, one quarter said they were too expensive.

“Consumers are both unaware of security for their phones and reluctant to pay for it when they are aware,” NPD’s Stephen Baker said in a statement.

This is one area where Android users—the ones who know how to obtain security software—are much more conscientious than iPhone owners. NPD says 30 percent of Android users have some kind of security product installed, compared to only 6 percent of iPhone owners.

This problem seems like a problem of user education, since most phones in the past were controlled by telecom companies and the manufacturers they never had to worry about virus’s or people stealing their personal information. Now threats are beginning to emerge and no one knows what to get or who to trust.  Apple and Google should advise people on best practices for their devices.

Source: http://arstechnica.com/apple/news/2011/09/iphone-android-users-worry-about-security-but-dont-know-what-to-do.ars

 

 

Amazon cloud earns key FISMA government security accreditation

Amazon has received the FISMA security accreditation from the US General Services Administration. It could help increase its adoption among government agencies. The FISMA Amazon received now is the moderate accreditation, Amazon has previously gotten the low accreditation.

FISMA, the Federal Information Security Management Act, is the fifth major certification or accreditation Amazon has gotten for its Web services business. Amazon has achieved compliance with the SAS 70 Type II auditing standard, the HIPAA health data privacy act, PCI DSS credit card standards, and the ISO 27001 international security standard. The new FISMA certification covers Amazon EC2, Amazon’s Simple Storage Service, the Virtual Private Cloud, and the services’ underlying infrastructure.

FISMA certification had already been obtained by Google for its Apps service and by Microsoft for its cloud infrastructure and its BPOS-Federal service.

Getting these accreditations is good for Amazon and even better for the government. Hopefully they can move more and more of their IT systems to cloud based systems that are easier to bring up and down, cheaper, and more environmentally friendly. Overly redundant Data centers seems to be a halmark of government IT, hopefully this and other cloud based systems can alleviate the problem.

Source: http://arstechnica.com/business/news/2011/09/amazon-cloud-earns-fisma-government-security-accreditation.ars?comments=1#comments-bar

Researchers’ typosquatting Fortune 500 companies emails

List of some of the 151 Fortune 500 companies (in red) that have subdomains that are potentially vulnerable to a doppelganger attack

Two researchers set up doppelganger domains to intercept email’s with mistyped company domains and collected 20GB of emails over a 6 month period.

Email’s included a lot of sensitive company data, including employee info, legal documents pertinent to the company and network configuration data. “Twenty gigs of data is a lot of data in six months of really doing nothing,” said researcher Peter Kim from the Godai Group. “And nobody knows this is happening.”

Doppelganger domains are domains that are spelled almost exactly like legitimate domains, usually missing a period or letter such as uscisco.com instead of us.cisco.com.

The researchers found that 30% of Fortune 500 companies were potentially vulnerable from such attacks. They also found many of these doppelganger domains had already been registered, many of them in China.

Attackers could also set up man-in-the-middle attacks so they get emails then forward them to the real recipient. A victim could send emails back and forth without ever noticing something is wrong.

Of the 120,000 emails their doppleganger domains got, only 2 senders noticed something was wrong. Of the 30 domains they set up only 1 company noticed they had registered the domain and threatened a lawsuit if the researchers didn’t turn over ownership, which they did.

Companies can always buy up these domains to protect themselves, or block DNS and any internal emails to these domains as Kim seggests. Though this will not protect from email sent from outside the company to the doppleganger in the first place.

This is a somewhat hard problem to fix since most people will mistype some of the email they send, however we should be trying to educate users to watch out for this type of attack and/or validate that you are talking with the right person before sending sensitive information.

Source: http://arstechnica.com/business/news/2011/09/researchers-typosquatting-snarfed-20gb-worth-of-fortune-500-e-mails.ars