Superfish Was Not the End for Lenovo

2015 is not off to a great start for Lenovo, the world’s leading PC manufacturer.  On February 19, it was discovered that the company pre-installed their computers with a dangerous adware program known as Superfish.  The Verge reports that this piece of software would “allow anyone to unlock the certificate authority and bypass the computer’s web encryption” (The Verge).  Essentially, Superfish could allow a user on the same network as a Lenovo computer to spy on the Lenovo user or infect their system with malware.  In light of this discovery and public backlash from users, Lenovo has provided customers with a tool to completely remove Superfish from their computers.

Following this discovery that fostered deep mistrust in the company, Lenovo’s website was hacked on February 25.  Anyone that visited Lenovo’s site between 4pm EST and 5:30pm EST were greeted by a slideshow of disaffected youths and the song “Breaking Free” from High School Musical.  The attack appears to come from the hacker group known as Lizard Squad; the infected source code attributes the work to two publicly known members of the organization, Ryan King and Rory Andrew Godfrey.  However, the masterminds behind this attack have yet to be confirmed as the real hackers could just be hiding behind their names.  Due to the nature of the attack, there has been no reason to believe that these hackers breached Lenovo’s internal network.

In an attempt to due some much needed damage control, Lenovo announced, on February 27, a two part plan to “become the leader in providing cleaner, safer PCs” (Lenovo).  The first part of this plan involves scaling back the amount of pre-installed software on their computers; the company claims their computers will only include the operating system and software and drivers required for the hardware, like a fingerprint reader, security software, and useful Lenovo applications by the time Windows 10 is released.  The second part of the plan will have the company list all pre-installed software and its uses on the computer; this should help limit the amount of bloatware in their computers.

Although Lenovo is actively trying to reverse the damage, it is still an embarrassing and unfortunate series of events for a premier company.  It should be interesting to see how Lenovo’s attempts progress as well as their future attempts to move forward in the midst of deep mistrust from consumers.

– Kaitlin Keenan

Sources:

The Verge:  http://www.theverge.com/2015/2/25/8110201/lenovo-com-has-been-hacked-apparently-by-lizard-squad

Lenovo’s Plan:  http://news.lenovo.com/article_display.cfm?article_id=1934

Bank Hackers Steal Millions Via Malware

There was a story published in The New York Times, a few weeks ago about a organized group of cybercriminals that pulled off one of the largest bank heists, digitally, ever. This group, named by Kaspersky, Carbanak, is responsible for deploying malware to gain access to computers at more than 100 banks and steal well over $300 million.

Image: Kaspersky

There were 300 IP addresses targeted and the attack spanned nearly 30 countries worldwide. And the method used:

Phising

I’d hope that a bank would have better sense not to fall for a simple phising attack, but this wasn’t very simple. Most times, phishing attacks are aimed at the customers, trying to gain sensitive information. Carbanak targeted the machines in the banks directly, and finding ways to steal cash directly from the financial institution.

This same group is also thought to be behind several credit/debit card breaches at retail stores around the world, including Staples, however there has not been any noticable activity since the bank heists, which the story was covered by Brian Krebs back in December 2014.

Article: http://krebsonsecurity.com/2015/02/the-great-bank-heist-or-death-by-1000-cuts/#more-29921

Kaspersky Report: http://krebsonsecurity.com/wp-content/uploads/2015/02/Carbanak_APT_eng.pdf

-Jeremiah Faison

Payment Card Data Compromised in Big Fish Games Breach

Casual gaming company Big Fish Games recently discovered a breach in their security. This breach intercepted names, addresses, and payment information from customers on their website. Apparently only new data being entered on the website was taken, saved customer information wasn’t affected and neither was ios transactions.

Someone installed Malware on their website’s billing and payment page that intercepted new personal and financial information entered. The malware was discovered on January 12th and any new information entered on the website between Dec 24th 2014 and January 8th is said to be compromised.

It is unknown how many people were effected by this but the company has said that they have taken steps to remove the malware and prevent it from being re-installed. They are also cooperating with law enforcement to attempt to discover who installed the malware. All impacted individuals are being notified and offered a free year of identity protection services.

Nickolas Walter

Source:

Security Week Magazine: http://www.securityweek.com/payment-card-data-compromised-big-fish-games-breach

SC Magazine: http://www.scmagazine.com/big-fish-games-notifies-customers-of-payment-card-breach/article/398913/

NSA with Super malware?

Kaspersky Lab, is an international software security group, has announce that last Tuesday they have discovered a malware that they have never seen before. They have given the group a name “The Equation Group” who has been using these malware that use a technique that ordinary antivirus or antimalware can’t stop. Most of target was Windows but it has been found that some Mac OS X in China was hit as well making even the iOS vulnerable to attacks. Many attack by this Equation Group has targets government, diplomatic institutions, nuclear research facilitates as well as many gas and oil companies across 30 countries and over 500 victims. They have created many platform from which they attack those targets as well and encrypt using many form of algorithms, such as RC5 and 6, AES, and XOR. Code used by those were written back as early as 2008 making Kaspersky Lab suspect that they can be even more sophisticated by now. Also due to the targeting of this super malware by equation who happens to be also targeted by stuxnet, which was made by U.S NSA, that has led Kaspersky Lab to believe that this so called super malware was also created by NSA or at least a connect between NSA and The Equation Group. Rob Enderle tech analyst also stated that this will, ” create a huge cloud over U.S technology,[and this strategy] may have become a greater liability than a asset.” This creates an idea that what if this was used against us, can this really bring down a whole a lot more than what it was planned for? or will it be just another hick up for us and be able to adapt. I personally think that this can help us whole a lot if this is under US NSA control but if it is independent such as Equation Group, I believe us as a new cyber security personals that we can adapt and better our selves before this takes us down.

Also an interview with president Obama on cyber security. As well as explain our current situation nationally and his goal of improving this situation.

Lenovo’s Superfish

Lenovo laptops have been pre-downloaded with a software known as Superfish, created by a company called Superfish. It is a software whose main purpose is to give additional information to the user when they highlight on a search result. This could be something like the same item on a different site for a lower price. The problem comes with the way it works.

The way it works is that it installs its own self-signed HTTPS root certificate. This means that when a user visits a HTTPS site, the site certificate is signed and controlled by Superfish. This way Superfish falsely represents itself as the official website. Continuing, the Transport Layer Security certificate is the same for every Lenovo machine. Finally, that means that any laptop with a Superfish root certificate installed will fail to flag these fake sites as forgeries. Though, Superfish has said that the program doesn’t store or share personal information.

The reports go back to September of 2014, with some even going back before September 2014. Lenovo has been working with Microsoft and McAfee to fix the problem. Lenovo has created a Superfish removal tool, but the Department of Homeland security has also issued their preferred way of removal. Lenovo has sold more than 16 million computers in the fourth quarter of 2014 with the Superfish being installed on more than 11 types of computers, including the Yoga and the Flex models.

-Sean Connolly

For more information: