“Computer terror simulation used to recruit ‘cyber defenders’ “

The United Kingdom is having a contest to test contestants skill with cyber defense.  The ones who are running this contest are members of the National Crime Agency (NCA).  They are hosting the contest on the HMS Belfast, where 42 contests are split into teams.  The simulation is that the guns have been taken control of by hackers and are aimed at the city hall building and will go off when the countdown timer goes off.  The contestants taking part are not working for any cyber-security companies or in the field.  The contest had been started over 10 months ago and had many people competing to qualify for this.  The reason for the contest is that the people in field of cyber-security said they have had a shortage of skill across the country and they are hoping to give them a job in the field if they have the skills they are looking for.  The simulation went on for 48 hours and had a lot of twists and turns. The contestants had to use the 48 hours to see if the threat was real, find the threat and stop it, and gather forensic evidence to use against the hackers.  There is another room that has critical national infrastructure simulations like water systems and power systems. The contestants are taken in this other room and they have to see if the hackers have been in there too.  The ones who are running the simulation say that the simulation could be real and that anything that is internet-enabled is at risk of being hacked.

Sources:

http://www.bbc.com/news/uk-31875832

Phishing Leads to Man-In-The-Middle Attacks

Krebs on Security reported that a security company called Proofpoint had detected a 4 week-long targeted phishing campaign against customers of one of Brazil’s largest ISPs who use two routers (UTStarcom and TP-Link) that are commonly used on that ISP. The emails pretended to be an account/billing message from the ISP with a link to a fake site that looked like the ISP’s site. The fake site used a cross-site request forgery exploit to start a brute force attack against the victim’s router administrator login page using default usernames and passwords for the two brands of routers. Once the script had successfully logged in it would change the router’s primary DNS (Dynamic Name Server) address to the criminal’s own malicious DNS. This allows the crooks to monitor all web traffic, hi-jack search results and redirect the victim from legitimate sites to look-alike spoofs that steal authentication credentials and sensitive data like usernames, passwords and credit card info. This could also lead to the installation of other malware.

dnshijack-600x162
I
mage of malicious iframe scripts used to hi-jack the router and DNS

This type of  attack is especially dangerous because it can bypass antivirus and security tool detection and can even lead to the router and hosts becoming part of a bot-net.

The important take away from this attack is that users need to change the default usernames and passwords on their routers and take precautions against falling victim to phishing attacks.

Sources:
http://krebsonsecurity.com/2015/02/spam-uses-default-passwords-to-hack-routers/
https://www.proofpoint.com/us/threat-insight/post/Phish-Pharm

Author: Charles Leavitt

Facebook Gives Out Bounties to White Hat Hackers

In today’s world there are dozens of big name companies being hacked every year through countless vulnerabilities in software that we all depend on.  This has created a rather bleak public opinion of the term ‘hacker.’  Yet, as Facebook is clearly aware, not all hacking is bad hacking – it just depends on how you use the holes that you have exploited.

Facebook is a company that should be very concerned about cyber security, over a billion (yes, I said a billion) people around the world use this social media behemoth – meaning they have a lot of private information to keep track of.  Recognizing this, Facebook started an ongoing public program back in 2011 to give hackers a chance to turn away from the dark side – albeit with a little monetary reward as incentive.  They give hackers a chance to quietly report any exploits that they have found directly to Facebook in exchange for a cash bounty.

Colloquially these hackers are known as ‘white hat’ hackers, and there are surprisingly a lot of them.  Facebook dished out a total of 1.3 million dollars in 2014 alone through this program, with bounties ranging from as low as $500 to as high as $30,000.  Just recently, a hacker named Laxman Muthiyah discovered a way to delete a users photos through Facebook’s graphing API.  Grateful for the find, Facebook gave him a whopping $12,500 for reporting it without making it public.

Despite this monetary reward, these hackers can’t be all in it for the money.  By exploiting Facebook’s holes on their own or by selling them, they could surely turn a much higher profit than what Facebook is offering.  Yet, the reward coupled with a sense of morality are what drive these hackers to continue to do good rather than evil.

– Keegan Parrotte

Superfish Was Not the End for Lenovo

2015 is not off to a great start for Lenovo, the world’s leading PC manufacturer.  On February 19, it was discovered that the company pre-installed their computers with a dangerous adware program known as Superfish.  The Verge reports that this piece of software would “allow anyone to unlock the certificate authority and bypass the computer’s web encryption” (The Verge).  Essentially, Superfish could allow a user on the same network as a Lenovo computer to spy on the Lenovo user or infect their system with malware.  In light of this discovery and public backlash from users, Lenovo has provided customers with a tool to completely remove Superfish from their computers.

Following this discovery that fostered deep mistrust in the company, Lenovo’s website was hacked on February 25.  Anyone that visited Lenovo’s site between 4pm EST and 5:30pm EST were greeted by a slideshow of disaffected youths and the song “Breaking Free” from High School Musical.  The attack appears to come from the hacker group known as Lizard Squad; the infected source code attributes the work to two publicly known members of the organization, Ryan King and Rory Andrew Godfrey.  However, the masterminds behind this attack have yet to be confirmed as the real hackers could just be hiding behind their names.  Due to the nature of the attack, there has been no reason to believe that these hackers breached Lenovo’s internal network.

In an attempt to due some much needed damage control, Lenovo announced, on February 27, a two part plan to “become the leader in providing cleaner, safer PCs” (Lenovo).  The first part of this plan involves scaling back the amount of pre-installed software on their computers; the company claims their computers will only include the operating system and software and drivers required for the hardware, like a fingerprint reader, security software, and useful Lenovo applications by the time Windows 10 is released.  The second part of the plan will have the company list all pre-installed software and its uses on the computer; this should help limit the amount of bloatware in their computers.

Although Lenovo is actively trying to reverse the damage, it is still an embarrassing and unfortunate series of events for a premier company.  It should be interesting to see how Lenovo’s attempts progress as well as their future attempts to move forward in the midst of deep mistrust from consumers.

– Kaitlin Keenan

Sources:

The Verge:  http://www.theverge.com/2015/2/25/8110201/lenovo-com-has-been-hacked-apparently-by-lizard-squad

Lenovo’s Plan:  http://news.lenovo.com/article_display.cfm?article_id=1934

NSA with Super malware?

Kaspersky Lab, is an international software security group, has announce that last Tuesday they have discovered a malware that they have never seen before. They have given the group a name “The Equation Group” who has been using these malware that use a technique that ordinary antivirus or antimalware can’t stop. Most of target was Windows but it has been found that some Mac OS X in China was hit as well making even the iOS vulnerable to attacks. Many attack by this Equation Group has targets government, diplomatic institutions, nuclear research facilitates as well as many gas and oil companies across 30 countries and over 500 victims. They have created many platform from which they attack those targets as well and encrypt using many form of algorithms, such as RC5 and 6, AES, and XOR. Code used by those were written back as early as 2008 making Kaspersky Lab suspect that they can be even more sophisticated by now. Also due to the targeting of this super malware by equation who happens to be also targeted by stuxnet, which was made by U.S NSA, that has led Kaspersky Lab to believe that this so called super malware was also created by NSA or at least a connect between NSA and The Equation Group. Rob Enderle tech analyst also stated that this will, ” create a huge cloud over U.S technology,[and this strategy] may have become a greater liability than a asset.” This creates an idea that what if this was used against us, can this really bring down a whole a lot more than what it was planned for? or will it be just another hick up for us and be able to adapt. I personally think that this can help us whole a lot if this is under US NSA control but if it is independent such as Equation Group, I believe us as a new cyber security personals that we can adapt and better our selves before this takes us down.

Also an interview with president Obama on cyber security. As well as explain our current situation nationally and his goal of improving this situation.