The Middle Eastern Cyber War

In the middle east, since about six years ago, some countries have used their cyber power instead of having a physical war with a big number of military people and equipment with a big financial lose for the country’s economy. In the middle east, every country has both powers (cyber and physical), but some people from these countries have attacked another countries electronically and these attacks have started few political issues between those countries in the Middle East especially Iran, Israel and Saudi Arabia.

A few years ago, around 2007, a Syrian group hacked one of Israel’s banks and from their the cyber attacks in the Middle East have started. After that, in 2008, an Iranian group attacked one of the country’s systems in Saudi Arabia and they left comments about some political issues between these countries. two years later, a group from Israel hacked one of the nuclear reactors in Iran and they knew about that attack later and this attack was going to destroy the whole country of Iran. In 2011, a Saudi Arabian guy called “X-Omar” with a group called “Group-XP” hacked the system of a couple of the biggest credit card companies in Israel and they published about 26,000 numbers of credit cards on the internet. A few months ago, in May, 2012, Flame malware destroyed about 200,000 computer all around the Middle East. In August 2012, about month and a half ago, an Iranian group hacked the system of Saudi Aramco the biggest oil company in Saudi Arabia and they destroyed the whole system of the company and they deleted all of the information that computer in the company have.

Indeed, most of the Middle Eastern countries have used their cyber powers to attack each other instead of having a physical war with a group of soldiers and military equipment. Cyber attacks most of the time cost what physical attack do and maybe more. http://latimesblogs.latimes.com/world_now/2012/05/flame-malware-middle-east-computers-cyber-attack.html

http://www.haaretz.com/print-edition/news/saudi-hacker-threatens-to-expose-details-of-another-million-credit-cards-1.405725

http://www.theaustralian.com.au/opinion/world-commentary/a-game-of-war-over-iran/story-fnfi3i8f-1226480437198

http://bits.blogs.nytimes.com/2012/08/27/connecting-the-dots-after-cyberattack-on-saudi-aramco/

http://www.richardsilverstein.com/2012/05/28/flame-israels-new-contribution-to-middle-east-cyberwar/

http://in.reuters.com/article/2012/09/25/net-us-iran-military-idINBRE88O0MY20120925

Your phone isn’t as secure as you might think.

67% of adults use mobile devices to access the internet, and even more use mobile devices for just for calling and texting. The most common threats for people are: toll fraud, malware, and SMS spoofing.

1. Toll fraud is when an infected phone sends out multiple SMS messages in order to create excessive SMS charges, which results in nothing except hurting the consumer’s wallet. Malware is something that many people are familiar with.

2. Malware, for people who don’t know, is when software on someone’s phone is attempting to do something to cause harm. (Such as cause toll fraud.)

3. And the third most popular threat is SMS spoofing, which is when someone receives a SMS with a link or number telling them they need to click it or dial it to do something important, which tricks people into giving over their personal information.

The following chart from Lookout security shows the most popular threats over the past year:

As you can see, toll fraud is becoming a very popular way of “hurting” consumers.

Android users are particularly at risk because Google doesn’t filter the apps that go on Google Play. This means that absolutely anyone who wants to put an app on their for android phones can and that app can do anything. I personally believe this is one aspect that iPhone is better. Many people complain that the App Store is too restrictive, but I would rather not be vulnerable to these security threats.

In addition, 35% of adults who are online have lost their mobile device putting themselves at risk to identity and data theft. But their is nothing that can be done to help this, except for consumers being more protective of their personal belongings and simply not losing their phones.

I think the best solution to these problems is for people to be educated and use their common sense. For example, your bank is NOT going to be texting you asking for your personal information, nor is any other company. Users also have to be careful when installing apps on their devices by looking at the reviews, amount of users, the developer, and making a decision based on those facts, whether it is safe or not. I believe that users are sometimes too trusting, especially older generations who are not aware that these security threats even exist and do whatever pops up on their phone.

Sources:

http://www.pcworld.com/article/262017/mobile_security_threats_rise.html

https://www.mylookout.com/resources/reports/state-of-mobile-security-2012

http://now-static.norton.com/now/en/pu/images/Promotions/2012/cybercrimeReport/2012_Norton_Cybercrime_Report_Master_FINAL_050912.pdf

The Criminal Mindset, or, “I Think I Can”

Theories abound as to the motivation of someone who decides to sink below the letter of the law (or rise above it, depending), from the far out to the mundane.  Quite interestingly, it may be nearly impossible to ever retrieve a scientifically accurate representation of this data – criminals, much like wild animals, are rarely academically observed in the wild, only in the zoo of the prison system, where they will invariably act much different toward their prospective observers.

Speaking candidly as someone who has stolen from, emotionally harmed, and otherwise caused detriment to others in a distant past, I would offer the opinion that more often than not, a psychologically healthy criminal has one mindset, which boils down to, simply, “I can get away with this.”

Mind you, I have never committed a violent crime against another, nor would I; nor am I what you would call a “hardened criminal,” though I have spent an aggregate of roughly 24 hours in various jails across the country – so take the rest as you will.

Objectively, I could stand by an argument that in some felonies, a certain amount of very rudimentary “cost-benefit analysis” takes place.  Though deranged as it may be, a young person with no positive influences in their world could certainly value the kinship at stake in murdering an unknown person in order to gain favor in a gang over that stranger’s life.  Alternately, it may even be subjectively worth it to defraud hundreds or thousands of people out of millions or billions of dollars, depending on your personal morals.

For some, it can be deduced that trading a downtrodden life of poverty and loneliness for wealth and companionship could transcend any artificial, manmade consequences.

However, in the commission of most, if not all crimes, there must exist a certain measure of confidence in one’s ability to reap the reward without said consequence.  Whether it’s the aforementioned murderer, or a speeder on the interstate, or even or a child trying to play video games with the sound off after bedtime, the action can only even enter the mind after successfully spurning previous boundaries.

I realize this must sound paradoxical, but as toddlers, we absorb the world around us in very unique ways.  We are constantly pushing boundaries, both ours and those of others, and customarily, we are restrained.  It is only upon the absence of such restraint do we find the behaviors that we find what we are capable of outside of the limits of “regulations,” whether they be household rules, or manmade laws.

By building upon the selfish character of our human nature as we age, we eventually grow to learn that sometimes, there are rules that can be broken, and we discover the methodologies to do so.  Expanding on this, we can arrive at the logical mindset of what, socially and ethically, we can call “a criminal.”

In short, as long as there are humans, there will be opportunists, and as long as there are opportunists, there will continue to be those who are willing to subvert the laws put forth before them.

Citations:
http://bit.ly/xzTgpl – “The Overly Confident Mentality of Criminals”
http://bit.ly/zQyFhu – ”Criminal Mindset”

Clickjacking

Clickjaking seems to be going on a lot lately, you may have heard of it with the whole Facebook attack going on right now. Many people are victims of Clickjacking attacks, and its a hard attack to detect them. Many times it happens in the background without the user ever knowing. So what is Clickjacking? Well just check Wikipedia its a good enough description. http://en.wikipedia.org/wiki/Clickjacking

Simply put by wired.com

Clickjacking, put simply, is when a button, image, video, or some form of embedded content on a website is overlaid by an invisible layer that sits on top of the site underneath it.

Wired.com also had a fairly good example explanation:

For instance, you may see a page with a movie embedded on it. You want to watch the movie, so you click on the play button. You don’t think twice about it — you’ve done it a million times. Meanwhile, a hacker has superimposed an invisible web page over the movie. It just so happens that a button allowing access to your camera and microphone has been placed over the movie’s play button. Now, when you think you’re playing the movie, you’re actually permitting the hacker to access your video camera and microphone.

So your click on something that isn’t what it seems to be causes bad things to happen. Usually without you knowing. So how do you prevent it?

Keeping your browser and flash player up to date is the first step. Instead of repeating the rest of the information that’s already on the internet here’s a link that will give you some tips:
http://howto.wired.com/wiki/Prevent_Clickjacking_Attacks#Upgrade_Flash_Player

 

Hopefully this information will help for people who haven’t heard about Clickjacking yet. For those who have, hopefully all of you, this is just a reminder to make sure your secure.

 

 

 

 

Duqu – Stuxnet part 2?

Duqu malware is making waves in the security world at the moment. It is an attack that uses a zero-day to exploit a vulnerability in the windows kernel, more specifically it targets the Win32k TrueType font parsing engine. The reason why its big news is because its a highly sophisticated attack on specific organisations that steals digital certificates, keystrokes, and other systems information. While the specific organisations that have been targeted haven’t been made public, they all dealt with highly sensitive things such industrial control systems. The infection usually began with a .doc dropper file that was emailed and socially engineered to be something that the targeted user would open.

So security experts have began to conjecture that Duqu was developed and executed by the same people responsible for Stuxnet. The reason being that they share a lot in common. They both exploited zero-days relating to the windows kernel, both are signed using stolen certificates, and they both have been highly sophisticated attacks directed at specific organisations. Not only does the profile of the attack match Stuxnet but so does the source code. Where Stuxnet and Duqu start to differ is that Stuxnet was created to act autonomously while Duqu is reliant on command and control servers. Stuxnet targeted industrial machines while Duqu is attacking computer systems.

There are many features that add to Duqu’s sophisticated nature that raises it above the level of ordinary malware. One is that its able to communicate through server message blocks, the protocol that allows networked resources to interact. This allowed Duqu to infect systems that weren’t connected to the internet but were on a network with devices that were. On top of that it was able to receive and transmit message from the C&C server by transmitting the data to a computer connected to the internet and then through SMB to the device on the network that didn’t have internet access. Even the C&C servers themselves show a high level of dedication because they used a unique C&C server for each individual attack. So far only two have been discovered with one in India and one in Belgium. To avoid detection on infected systems it uses 54×54 jpeg files as containers to store stolen data. This way the network traffic wouldn’t show important data moving around just jpeg files. After 30 days of running on the system Duqu deletes itself hiding anyway of detecting it had been there.

So what I most likely think is that Duqu was created and used by the same people who did Stuxnet, and due to the level of sophistication and scale it was most likely a state actor. The state actor probably being a collaboration between the USA and Israel. As of right now Microsoft still hasn’t fixed the vulnerability that allows it. For most users this isn’t that big of a deal because the exact method of the zero-day isn’t known so Duqu’s the only one using it. So unless you happen to be part of large organization then the threat and danger from Duqu is minimal.

Further reading:
http://www.informationweek.com/news/security/vulnerabilities/231902121
http://www.theregister.co.uk/2011/11/11/duqu_analysis/
http://en.wikipedia.org/wiki/Duqu

 

 

 

New WordPress security vulnerability through Timthumb

WordPress is very popular blogging tool thats used by 14.7% of Alexa’s top 1 million web pages and its of course the same tool we use to write these posts on. Because of its widespread use and popularity, it finds itself coming under attack pretty frequently.

One of the more recent attacks on it exploits the php script for Timthumb, an tool for image cropping and resizing. The attack works by mimicking a GIF image by using fake header data. This confuses the intrusion detection and prevention systems by making think its an image file and thus ignoring it. In reality though its a zip carrying malicious code. The attackers then obfuscate it further by encoding it and compressing it multiple times so that it can only work when decoded and uncompressed in the correct order.

The payload of this attack is usually some sort of code that opens a backdoor up on the server hosting the site. From there attackers can do what they want with the server and that usually mean making part of botnet.

This attack also goes beyond just WordPress because Timthumb is a common php script that’s used in many other applications too.

For protection against this attack, users can disable remote images or get further protection through something like Timthumb Vulnerability Scanner .

http://blog.spiderlabs.com/2011/11/wordpress-timthumb-attacks-rising.html

Is the App store really safe?

Most people who lifted their shiny iPhones and pressed upgrade to iOS5 button, were looking for a better battery life that can get them more rounds of Angry Birds. The reality is that Apple’s latest updated was dealing with something a lot more important.

A week ago Accuvant LABS computer security researcher Charlie Miller uncovered a major security flaw that gives hackers a way to build apps that look and act legit but then downloads unproved code to your phone. Apple have always been known for having a tight grip on their app store and such incident shows that no system is fully secure from hackers attacks.

Miller even demonstrated by creating his own app that does that and got it fully approved by Apple and then did a video of what the app can do. His app have been now removed and his license revoked.

Anti-anti virus malware

The FBI has arrested six eastern European hackers for infecting numerous computers across the world with a sophisticated form on malware. The group known as The Rove Group, was actually hired and paid by advertising companies to increase traffic to specific sites. They did this by using a class of malware called DNSChanger which redirected traffic from legitimate sites to bogus sites instead. Some of the websites were iTunes, Netflix And even NASA and the IRS. The malware worked by redirecting a user that would click on a legitimate link to a site like iTunes to a site that pretended to sell Apple software or music.  Much like an online phishing attack except they would not steal your identity but rather the customer would pay them directly. Sometimes the customer would receive black-market good or pirated software and often they would get nothing at all. The scheme was discovered and brought down by a FBI investigation known as Operation Ghost but not before making 14 million dollars over four years. The rest of the story is here…

http://www.fbi.gov/news/stories/2011/november/malware

USB Hardware Keylogger with Wi-Fi

I’ve always known about hardware based keyloggers, but until recently I have not realized how advanced they have become. Upon my surprise, recently I came across a Wi-Fi Premium USB Hardware Keylogger being sold online. It has a somewhat hefty price tag at $169, but it’s amazing what it can do.

Features:

•    2 Gigabytes of internal memory
•    Automatic E-mail reports with recorded keyboard data
•    Background connection to the Internet over a local Access Point
•    Built-in time-stamping module
•    Internal clock and battery with over 7 years lifetime guaranteed!
•    No software or drivers required, Windows, Linux, and Mac compatible
•    On-demand access at any time through TCP/IPWi-Fi
•    Support for WEP, WPA, and WPA-2 encryption
•    Ultra compact and discrete, less than 2 inches (5 cm) long
•    Works with any USB keyboard

Link to the google product page

Just having 2 gigabytes of memory allows for a ton of text to be stored. Probably about 1000 word documents. Scariest thing about this Keylogger is it’s Wi-Fi connectivity. Once deployed, the attacker wouldn’t have to worry about collecting it and has the information they need as soon as they want. I do wonder though if the claim of it working with any USB keyboard is in fact true.

What do you guys think about this new breed of hardware keyloggers?

On-line Job Application Scam

As if job-seekers didn’t have it hard enough, the Better Business Bureau of Abilene, TX posted warnings about on-line job application scams that trick applicants into providing personal information.

http://abilene.bbb.org/article/score-a-job–not-a-scam-28725

The scammers were smart to target people who are willing to provide whatever information it takes to get hired by an employer.  Your resume usually contains your contact information and your employment history.  With the job market tightening up and many employers referring applicants to websites, it is no wonder that social engineers recognized this as a way to steal identities on a large scale.  With the publicity of websites like Linked.com and Monster.com it was inevitable that scammers would create copy-cat websites or create fake Craigslist postings.  Some scammers were even able to convince applicants to provide direct-deposit information or send money to the fake companies!

As we all prepare to look for Co-Op and permanent jobs, it is best to watch out for the red flags to a scam as suggested by the Better Business Bureau.

1. Watch out for grammatical and/or spelling errors on application websites or in e-mails.
2. Emails from job posting websites claiming there’s a problem with a job hunter’s account.
3. Employer asks for extensive personal information such as social security or bank account numbers.
4. An employer offers the opportunity to become rich without leaving home.
5. An employer asks for money upfront.
6. The salary and benefits offered seem too-good-to-be-true.
7. The job requires the employee to wire money through Western Union or MoneyGram.

Overall, be sure to know the company that you are applying for.  Do some research and make some telephone calls to be sure that the company and website are legitimate.  And remember that if it sounds too good to be true, it probably is!