Wait…not China?

In an interesting turn off events America has seemingly become the target of Iran’s new cyber army.  I guess this really just means China does not have to work as hard.  Although, with all seriousness Iran is a force to be reckoned with.  Ever since the Stuxnet virus Iran has rapidly developed their cyber power.  With that said they have not reached the heights of many European countries or China and Japan, but as the director of Homeland Security Policy said “And what they lack in capability they more than make up for in intent.”  This intent was enough to delay users of American Bank, Citi-bank, and JP Morgan and Chase co.  Apparently, this was in response to western economic sanctions against Iran’s nuclear program.  In these attacks users were only delayed use of the company’s websites but in another incident that Iran has been accused of instigating this was not the case.

Saudi Aramco was the target of a virus now known as Shamoon.  The attack was well planned and included the use of insiders.  This code of Shamoon itself was similar to flame with the most notable similarity being the erasing component of the virus.  Shamoon was able to erase data on 75% of Aramco’s corporate computers and a burning American flag replaced all the data on these computers.  Aramco hired security experts from Symantec and flew twelve American experts out whom when they landed already had a handle on how the virus worked.  Despite the timely response of Aramco and Symantec the attack was devastating enough to become the world’s greatest example of cyber corporate espionage.  This all occurred during Lailat al Qadr which is one of Islam’s holiest nights of the year.

In both cases hacking groups took responsibility for the results of these incidents.  However, at least in case of the Aramco breach the level of sophistication required to pull off the attack was great.  This seems to be what has many nations believing that the attacks which occurred may actually have originated in Iran.  There are other motivating factors but what I want to know from my classmates is if they believe that Iran is behind these attacks or if this is sensationalized to sell papers?

These are the links I visited while writing this paper:

http://www.reuters.com/article/2012/09/23/iran-cyberattacks-denial-idUSL5E8KN19R20120923

http://www.nytimes.com/2012/10/24/business/global/cyberattack-on-saudi-oil-firm-disquiets-us.html?pagewanted=1&ref=technology&_r=0

http://www.huffingtonpost.com/2012/10/24/iran-cyber-attack-threat_n_2011014.html

Phishing with shortened .gov URLs

Recently, a phishing trick involving shortened .gov URLS has become popular in luring even savvy internet users. Email spam is the primary method for distributing short links, and the click rate has been significant, in just five days redirecting over 16,000 victims that fell for a link that appeared to be a CNBC news article talking about some “work from home” scheme, which everyone deep down inside knows is just a scam.

But the fact that the phishers are using several U.S. State government domains to model their malicious shortened URLs after, like Vertmont.gov or some tax service, even people with average intelligence can fall into their trap.

The .gov short URL service is run by the U.S. government, in partnership with bitly.com. It was designed to enable users to submit a long URL to bitly that resides on a .gov or .mil top-level domain. The goal of the service is to make it easier to verify the authenticity of a U.S. government site in a shortened URL. But vulnerabilities with software designed to give website developers the ability to configure a set of custom re-direct values creates an open-redirect vulnerability, which simplifies phishing attacks by bypassing protection mechanisms.

Despite the best intentions, 1.usa.gov short links seem to be ineffective at ensuring the ultimate destinations of the URLs are trustworthy government websites.” –Jeff Jarmoc, Dell SecureWorks

Dell traced the IP destination of the malicious servers used in the attack to hosting services in Moscow and InMotion Hosting Inc., based in Los Angeles.

Resources: http://searchsecurity.techtarget.com/news/2240167381/Phishing-campaign-abuses-flaw-tricking-thousands-with-shortened-gov-URLs

Hacking Medical Devices: When Will Hackers Go Too Far?

As we advance into the future, more and more medical devices are starting to go wireless.  Patients are so far enjoying their new wireless technology because it allows them to be more mobile, rather than having to be tied down to the bed because of these medical machines. Also, it allows for “less invasive monitoring and treatment methods for common diseases has also improved patient mobility. Innovations have allowed at-home patient monitoring, minimizing patient trips to the hospital and saving valuable hospital space.”

This all seems well and good, but what people fail to realize that these machines are essentially computers, and can be hacked just like everything else. Barnaby Jack showed the ability to do this last February. For Jack’s example he hacked into the insulin pumps used by diabetics. With a wave of his antenna and a push of a button, Jack has the security credentials for the pump using a program that he wrote himself. His software then instructs the pump to slowly empty it’s insulin supply into the body which will most likely be fatal, especially if the patient doesn’t know until it’s too late. Currently insulin pumps and pacemakers are the two big wireless medical devices, but there are others as well.

Thankfully, no actual attack like this has ever happened on a patient in real life. However, that raises the question of when that will happen. All it takes is one mentally disturbed person with the right know how to execute this hack. Hackers have already caused physical pain to people before, when I hacking group filled the website Epilepsy Foundation with a bunch of epileptic flashing images, sending many into seizures. What’s even scarier is that there hasn’t been that much security put in place on these devices just yet. So far there has been a prototype firewall made by researchers at Purdue and Princeton… but that’s it. You have to wonder if it’ll actually take a person’s death before we see some regulation on these devices.

http://go.bloomberg.com/tech-blog/2012-02-29-hacker-shows-off-lethal-attack-by-controlling-wireless-medical-device/

http://www.purdue.edu/newsroom/research/2012/120412RaghunathanHacking.html

http://www.medicaldevice-network.com/projects/wireless_revolution/

http://www.cbsnews.com/2100-205_162-4079730.html

3G Flaw makes any device vulnerable to tracking.

A recent flaw discovered in 3G-enabled devices seems to allow the attacker to track anyone of these devices. Any devices would be vulnerable since the 3G system has this flaw hard-wired into its design.

The most shocking part of the exploit is described by the researchers who reported the issue: “The attacker does not need to know any keys, nor perform any cryptographic operation… [These] kind of vulnerabilities usually look trivial once uncovered but often remain unnoticed for [a] long time, since they do not involve fancy cryptography but are caused by errors in the protocol logic,” So essentially anyone who want’s to sniff out a radio link, there really isn’t anything preventing them aside from the knowledge to perform such a task.

The 3G standard specifies that it should mask the user’s permanent identity from being revealed by providing user identity confidentiality, as well as regular updates to the 3G-enabled devices and making it impossible for a user to be traced even if the attacker was sniffing out the radio link.

The strangest part of the story is that this vulnerability was found in the past and patched, but it still can be circumvented easily, simply by spoofing an IMSI paging request (what a mobile network uses to locate a device and provide the necessary services to it), one specific device can be pinpointed accurately and the location found. Explained shortly by the researchers: “The possibility of triggering a paging request for a specific IMSI allows an attacker to check a specific area for the presence of mobile stations of whom he knows the identity, and to correlate their IMSI and TMSI,” which really summarizes it nicely.

Another vulnerability lies in session keys that authenticate a device to the network. This is authenticated using a protocol called Authentication and Key Agreement (AKA). These keys can be identified by sniffing the AKA request and then sending that request to all devices within a certain area. All the devices except the target would return an authentication failure, which would identify the target device, which, again, would allow for tracking. So the error messages make it possible to track specific devices. The researchers tested the theories on a range of networks, but any network that follows the 3G protocol standard is technically vulnerable. While these attacks are possible, they can be easily mitigated with more aggressive cryptography tactics employed by the networks, but that remains to be determined if it is that big of a priority to be fixed.

Overall, 3G has somewhat significant exploits, but it remains to be seen if they are significant enough to get fixed quickly, and since many people are switching to 4G, if they even should.

Sources:

http://www.zdnet.com/3g-flaw-makes-any-device-vulnerable-to-tracking-7000005483/

http://5z8.info/launchexe_v7x5ne_INCREDIBLE-DEAL-CANT-MISS

Let’s Talk About Cyber War

Image

“Speaking to a group of U.S. business leaders last week, Defense Secretary Leon E. Panetta issued a dire warning that foreign hackers are becoming increasingly sophisticated and that their online attacks on transportation systems, banks and other vital facilities are escalating.”

Based on the numerous blog articles that this class has presented on cyber security, I’m pretty sure we have proven this quote to be true. Certain cyber activists, like Defense Secretary Panetta, are again lobbying congress for a more defined structure on how to handle and protect the United States from what he calls a potential “cyber Pearl Harbor”.

The United States has become an increased target for foreign nation sponsored cyber attacks, and we’re pretty unprepared. In August, measure S.3414 was presented to the Senate. Measure S.3414’s basic goal was to, “… enhance the security and resiliency of the cyber and communications infrastructure of the United States.” This measure was unfortunately blocked by a Republican filibuster. Why it was blocked, I’m not going to get into (politics can be a dangerous zone to enter), but what is clear is that there is a need for a more defined government cyber defense policy.

This need has now materialized itself in a bipartisan House bill that only addresses the area of information sharing between targeted companies and the federal government. This new bill, H.R. 3523, is aimed to “… provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities, and for other purposes.”

As the topic of cyber defense has reached a governmental level, it is becoming very clear time and time again that there is an apparent need to a centralized cyber defense measure. The fate of H.R. 3523 is not known yet, but time will tell if we as a country make the move to a more secure digital future.

Sources:

Main article

S.3414

H.R.3523

Picture source