Archive for December, 2012

Facebook Patches Webcam Snooping Vulnerability

Late last week the social networking giant Facebook patched a particularly voyeuristic security vulnerability in the platform that could have given malefactors the ability to remotely turn on the webcams of other users and post videos to their profiles, according to a Bloomberg News report.

The vulnerability was discovered in July by the Indian security firm XY Sec. The firm’s founders, Aditya Gupta and Subho Halder told Bloomberg that Facebook must have considered the bugs serious because they paid XY Sec five times the typical $500 bug bounty price.

On his personal website, Gupta said the issue arose from a problem in Facebook’s video upload feature. Evidently Facebook did not have, in Gupta’s words, “proper security checks enforced.” If exploited, it would have given an attacker the ability to secretly record video using another user’s webcam and post that content to the victim’s wall without their knowledge.

A Facebook spokesperson, Fred Wolens, told Bloomberg it appeared as if the vulnerability had not been exploited and that no users were impacted by it.

“This vulnerability, like many others we provide a bounty for, was only theoretical, and we have seen no evidence that it has been exploited in the wild,” Wolens told Bloomber via e-mail. “Essentially, several things would need to go wrong — a user would need to be tricked into visiting a malicious page and clicking to activate their camera, and then after some time period, tricked into clicking again to stop/publish the video.”

It’s not clear why the network’s security team took five months to fix the troubling bug.

Facebook has had its bug bounty for more than a year, and while it hasn’t issued many splashy, high-payout rewards like Google, it did pay out $40,000 in rewards in its first month and has continued to pay researchers since. The programs have their critics and their advocates. Stephen Dubner of Freakonimics-fame compared the practice to rat farming. Google insiders have called their program a success and claimed that it makes users safer.

The notorious Apple hacker, Charlie Miller echoed the familiar sentiment that such programs sometimes seem to be devious schemes designed to underpay bug-hunters for valuable research.

“I only wish bug bounties gave more money,” Miller told Threatpost earlier this year. “Google is the only company which seems to be going in the right direction in that regard. Bug bounties are important because, if nothing else, it shows that the company takes bugs seriously. As for how [much] payout is ‘enough’, it is a complicated formula.”

Commenting on this Article will be automatically closed on March 31, 2013.

Article source:

No Comments

Data Breaches Abound in Wholesale Retail and Healthcare

Data Breaches Abound in Wholesale Retail and Healthcare

Tech forecasts for 2013 expect data breaches of all kinds to become more sophisticated in the coming year. Two recent cases may prove a future of perpetual security concern is closer than we think.

Restaurant Depot Sees Second POS Network Hack in Two Years
Two weeks ago, Restaurant Depot notified customers of a data breach that could put a month’s worth of visiting customers’ debit and credit card information in jeopardy.

In a letter sent to customers, Jetro Holdings – the College Point, New York-based wholesale retailer’s parent company –  states it received notice of customers experiencing credit card fraud after they had made payments at Restaurant Depot. Jetro brought in a forensic firm that determined a point-of-sale network breach occurred between November 7 and December 5. It is not yet clear how many people have been affected by the breach.

“At this point, all we know is that our system was hacked and that only card numbers were exposed,” Richard Kirschner, president of Restaurant Depot and COO of Jetro Holdings, tells BankInfoSecurity. “It was not an individual POS hack, but we know our system was hacked. Each store has a unique password for network access, so we’re still trying to figure out how they got in. It will take time; this was very sophisticated.”

Jetro also notified law enforcement and credit card companies, who are expected to alert cardholders of suspicious activity on their accounts.

The company faced a similar breach in 2011 that affected more than 200,000 individuals who had shopped at Restaurant Depot or Jetro Cash carry stores, BankInfoSecurity reports. The forensic study traced the breach to cybercriminals in Russia, who hijacked payment processing systems and introduced malware. Hackers access cardholders’ names and card numbers, expiration dates and verification codes.

Since the first incident, Jetro had upgraded its POS security and took initiatives to comply with the Payment Card Industry Data Security Standard.

Equipment Theft from University of Michigan Health Causes Possible Patient Data Breach
An information protection error threatened the security of health and demographic information about 4,000 patients at the University of Michigan Health System (UMHS).

In mid-November, electronic equipment carrying potentially sensitive information was stolen out of the vehicle of a medical healthcare information technology service provider, Omnicell. The stolen device carried data about patients who had visited two UMHS hospitals and two other unnamed hospitals during late October to mid-November, Modern Healthcare reports.

Violating UMHS’s agreement with Omnicell, the data should have been saved on an encrypted device, but it was not. The stolen equipment may have contained information about patients’ admission dates, gender, allergies, doctor’s name, medication and room number, the magazine states.

Because a data key is still necessary to understand the information, UMHS said the likelihood of fraud is low.

Both the Restaurant Depot and UMHS incidents depict some of the variety of forms data breaches can take. While the wholesale retailer was virtually attacked by hackers on a different continent, the health system was physically robbed of information.

Share what you think: What measures should organizations take to protect data?

Article source:


No Comments

Tool Aids in Cracking Mysterious Gauss Malware Encryption

The mystery wrapped inside a riddle that is the Gauss malware’s encryption scheme may be closer to falling. Late last week, researcher Jens Steube, known as Atom, put the wraps on a tool that should bring experts closer to breaking open the encryption surrounding the espionage malware’s payload.

The tool, called oclGaussCrack, accelerates the process of calculating the hash value of Gauss’ known cipher scheme, Steube said.

“If it matches, we know we have used the correct key and we can use it to decrypt the encrypted payload,” Steube said. “This process is very time-consuming since it takes a lot of calculations. It is so many that we cannot simply brute-force the key. We need a targeted attack to crack it.”

Gauss, along with Flame, Wiper, MiniFlame and other malicious code used in state-sponsored espionage campaigns, was one of the most concerning stories of 2012. What separated Gauss from Flame, et al, was its focus on attacking financial services organizations.

Gauss is a banking Trojan targeting Windows machines in the Middle East; it also can infect USB sticks in order to spread to other machines. It steals data such as system and network information, browser cookies, passwords and more. It also installs a custom Palida Narrow font on infected systems, for reasons still unknown, and also includes an encrypted payload that is awakened only on systems configured in certain ways.

Steube’s work focused on cracking the encryption protecting the payload. He told Threatpost the best approach would be to split the problem in two different ways: generating plaintext key candidates, as well as working on the time-consuming work of creating a hash of the candidate to compare the results.

OclGaussCrack is the answer to the second part, he said. The tool has been released under a GPL license and Steube hopes that by doing so he can get help in writing a program for candidate generation. Version 1.1 has been released and includes Windows binaries; it speeds up significantly work on the has carrying out 489,000 calculations per second on an AMD Radeon HD 7970 card, more than 30 times faster than an AMD FX 8120 CPU, researchers at Kaspersky Lab said.

Steube gave the research community interested in generating candidate keys a couple of jumping off points: the key starts with a path from the PATH environment variable; and appended to this, a substring that is taken from a directory listing from %PROGRAMFILES%.

“I find it interesting that there is no backslash appended to the path before the second substring is added. This might be because it is assumed the string from the first fetch already contains one at the end,” Steube said. “It is possible the second substring contains a company name or a
product name since this is what we usually see when listing %PROGRAMFILES%. You should be able to write a program to generate candidates with this information. Then just pipe your candidates to oclGaussCrack.”

Steube is the creator of the oclHashcat password-recovery tool.

Gauss emerged in August and immediately, researchers saw links to Flame and Stuxnet in its code. The malware was found on thousands of machines, most of those in Lebanon. It has a similar architecture to Flame, despite its bent toward stealing banking credentials. It’s also able to infect USB drives with data-stealing malware so that when the infected USB is connected to another PC, the malware runs from the removable drive and collects information from the infected machine—likely in an attempt to target air-gapped networks.

Kaspersky Lab researchers helped in the initial investigation into Gauss and made the connection between Gauss and its predecessors Stuxnet, Duqu and Flame.

“Based on our analysis and the timestamps from the collected malware modules, we believe the Gauss operation started sometime around August-September 2011,” Kaspersky Lab said in August. “This is particularly interesting because around September 2011, the CrySyS Lab in Hungary announced the discovery of Duqu. We do not know if the people behind Duqu switched to Gauss at that time but we are quite sure they are related: Gauss is related to Flame, Flame is related to Stuxnet, Stuxnet is related to Duqu. Hence, Gauss is related to Duqu.”

Commenting on this Article will be automatically closed on March 31, 2013.

Article source:

No Comments

Microsoft Responds to IE Zero Day Used in CFR Watering Hole Attack

Microsoft responded this weekend with temporary mitigations and workarounds for a zero-day vulnerability in Internet Explorer exploited in an attack on the Council on Foreign Relations website.

IE 6, 7 and 8 are vulnerable to exploits that would enable a remote attacker to execute code on a computer running the flawed browser. IE 9 and 10, the latest versions of the browser, are not vulnerable, Microsoft said.

Dustin Childs, group manager Trustworthy Computing, said in an email to Threatpost that Microsoft is working on a Fix-It and Security Update for the vulnerability. It is unknown whether Microsoft will issue an out-of-band patch, or wait until Jan. 8 when its next batch of scheduled security updates is due.

News broke on Friday of the vulnerabilities after a nearly month-long watering hole attack against the CFR website. The foreign-policy resource site includes many notable public figures among its members and directors. Researchers dubbed it a watering hole attack, where a website frequented by topically connected subjects is infected with malware hoping to snare those site visitors in drive-by attacks. The attackers in past watering hole attacks such as Aurora and VOHO are thought to be state-sponsored and are ultimately after some kind of business, government or military intelligence.

“We are only aware of a very small number of targeted attacks at this time,” Microsoft said in Security Advisory 2794220, released Saturday.” This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.”

Among its workarounds and mitigations, Microsoft recommends setting Internet and local intranet security zone settings to high, which will block ActiveX controls and Active Scripting in these zones; users should add trusted sites to IE’s Trusted Sites zone because this mitigation will impact the usability of some websites. Microsoft also recommends administrators configure IE to prompt users before running Active Scripting, or disable it altogether.

IE on Windows Server 2003, 2008 and 2008 R2 runs by default in a restricted mode, which mitigates the vulnerability, Microsoft said. The same goes for Outlook, Outlook Express and Windows Mail when opening HTML email messages in the restricted sites zone.

The vulnerability, Microsoft said, occurs in the way IE access an object in memory that has been deleted or not properly allocated. Memory may be corrupted and allow an attacker to execute code with the user’s privileges.

Jonathan Ness and Cristian Craioveanu, software security engineers with Microsoft, point out that exploits against these types of vulnerabilities generally bypass Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) protections in place in the Windows operating system. Four exploits used in four targeted attacks analyzed by Microsoft displayed similar characteristics, including the use of obfuscated Javascript to trigger the vulnerability and the use of a Flash file to generate a heap spray attack and overrun the buffer.

Users of these older browsers are also encouraged to update IE; in the meantime a Fix-It is expected shortly.

The CFR attack, experts said, is an attempt to get at some of the government and political figures who frequent the site; some members and directors include former secretaries of state Madeleine K. Albright and Colin L. Powell, former treasury secretary Robert Rubin, and former ambassador Carla A. Hills.

FireEye researcher Darien Kindlund did an early analysis of the exploit and learned that the JavaScript hosting the exploit triggers only against browsers set to English, Chinese (China and Taiwan), Japanese, Korean and Russian. The exploit also uses cookies to deliver the attack once per user; it also tracks when the infected page was last visited via cookies, Kindlund said.

Researcher Eric Romang told Threatpost that the CFR website had been hosting malware as early as Dec. 7, according to a Google cache, and researchers at FireEye said it was still hosting malware on Dec. 26, the day after Christmas.

A large watering hole attacks was carried out in June and July against government and financial websites in Maryland and Massachusetts, as well as against websites promoting democracy in oppressed regions of the world, RSA’s FirstWatch research team reported. The Gh0st RAT remote access Trojan was used in those attacks to carry out surveillance against victims. Gh0st RAT not only steals data from computers, but can turn on embedded webcams and microphones, and has been tied to numerous state-sponsored attacks.

Commenting on this Article will be automatically closed on March 31, 2013.

Article source:

No Comments

Council on Foreign Relations Website Hit by Watering Hole Attack, IE Zero-Day Exploit

UPDATE – Another high profile watering hole attack has been discovered, this one targeting visitors to the Council on Foreign Relations website.

The CFR is a Washington, D.C.-based think tank that provides foreign policy and foreign affairs resources to government officials, journalists, and business and education leaders. Its list of directors and members includes public figures such as former secretaries of state Madeleine K. Albright and Colin L. Powell, former treasury secretary Robert Rubin, former ambassador Carla A. Hills, former NBC anchor Tom Brokaw and many other influential industry leaders.

Watering hole attacks target topically connected websites that an attacker believes members of a particular organization will visit often. An attacker will infect the website with malware which stings visitors in drive-by attacks. The site visitors are the ultimate targets; attackers are generally state-sponsored and hope to spy on their victims’ activities and siphon off business or military intelligence, experts say.

Watering hole attacks were used in the 2009 Aurora attacks on Google, Adobe and numerous other large technology and manufacturing companies. The tactic was also used in the Gh0stNet attacks, a widespread espionage campaign beginning in 2009 against numerous government agencies and embassies worldwide.

Security company FireEye reported Friday night that the CFR website had been compromised as early as Dec. 21 and was still hosting malware last Wednesday, the day after Christmas. Researchers there said the attackers were exploiting a zero-day vulnerability in Microsoft’s Internet Explorer browser.

“We can confirm that the malicious content hosted on the website does appear to use Adobe Flash to generate a heap spray attack against Internet Explorer version 8.0 (fully patched), which was the source of the zero-day vulnerability,” wrote FireEye’s Darien Kindlund on the company’s blog. “We have chosen not to release the technical details of this exploit, as Microsoft is still investigating the vulnerability at this time.”

Dustin Childs, group manager, Response Communications, Microsoft Trustworthy Computing said in an email to Threatpost the zero day is in IE 6-8 and that the impact is limited.

“We will take appropriate action to help keep customers protected once our analysis is complete. People using Internet Explorer 9-10 are not impacted,” said Childs.

A further look into the exploit reveals that JavaScript hosting the exploit only triggers against browsers set to English, Chinese (China and Taiwan), Japanese, Korean and Russian. The exploit also uses cookies to deliver the attack once per user; it also tracks when the infected page was last visited via cookies, Kindlund said.

“Once those initial checks passed, the JavaScript proceeded to load a Flash file today.swf which ultimately triggered a heap spray in Internet Explorer in order to complete the compromise of the endpoint,” Kindlund said.

Once the attacker owns the browser, the exploit downloads a dropper called xsainfo.jpg.

One of the largest waterholing attacks was carried out over the course of a month starting in June, according to RSA’s FirstWatch research team. The VOHO attack targeted government websites in Maryland, a regional bank in Massachusetts and several websites promoting democracy in oppressed regions of the world.

The Gh0St RAT malware was used in those attacks, which also included the defense industrial base, education and political activism sites in D.C. and Boston. Gh0StNet is a remote access Trojan, and once it infects a victim, it carries out surveillance activities such as logging keystrokes, opening embedded webcams or microphones, run code remotely and exfiltrate files. Gh0StRAT also connects and sends data to command and control servers. It has been tied to numerous state-sponsored attacks.

This article was updated Dec. 29 at 1:30 p.m. ET to add comments from Microsoft.

Commenting on this Article will be automatically closed on March 29, 2013.

Article source:

No Comments

DDoS Attacks on Major Banks Causing Problems for Customers

Customers of Wells Fargo, Citibank and Bank of America have had problems accessing their accounts online due to denial-of-service attacks, but the extent of the attacks is unclear.

A number of major banks have endured massive distributed denial-of-service attacks for much of December, with customers from Wells Fargo, Citibank and Bank of America reportedly complaining that they were unable to access the banks’ Websites toward the end of the month.
Despite defenders adapting to new attack techniques, the denial-of-service attacks that started earlier in December have had some success in keeping customers from accessing their accounts online. On Dec. 21, the U.S. Treasury Department warned that a number of groups were using denial-of-service attacks to slow financial institutions’ responses to account fraud.
“Recently, various sophisticated groups launched distributed denial-of-service [DDoS] attacks directed at national banks and federal savings associations,” the Office of the Comptroller of the Currency, part of the U.S. Treasury Department, said in the alert.
“Each of the groups had different objectives for conducting these attacks, ranging from garnering public attention to diverting bank resources while simultaneous online attacks were under way and intended to enable fraud or steal proprietary information.”

On Dec. 25, a pro-Muslim hacker group, using the name Izz ad-Din al-Qassam Cyber Fighters, stated in a post on Pastebin that they would continue their attacks against a variety of banks this week, calling for the U.S. government to take down a video that insulted the prophet Muhammad.

Click here

“By understanding the caused problems for ordinary customers, we frequently do apologize for the disruptions in their financial transactions,” the group stated. “We suggest that U.S. government and the banks should seek a logical and easy solution instead of spending big to deal with these attacks.”, a Website for registering outage complaints, lists Bank of America, Citibank and Wells Fargo as having 470, 467 and 50 complaints, respectively, registered in the past week. The service does not investigate the complaints itself, which could lead to fraudulent reports.
However, eWEEK confirmed that Citibank had repeated issues with accessibility since the beginning of this week. While the bank’s site was accessible, repeated errors would appear following customer log-in. Citibank did not immediately return requests for comment.
Wells Fargo’s customers could not access their online accounts for much of last week, according to a Dec. 24 Reuters report. A spokesperson for the bank did not confirm the issues, but provided a statement via email.
“We have significant efforts in place to ensure our online and mobile channels remain available and operational so we can service our customers’ financial needs,” the spokesperson stated. “We constantly monitor the environment, assess potential threats and take action as warranted.”
Bank of America, PNC Bank and SunTrust reportedly had accessibility issues earlier this month, following the Izz ad-Din al-Qassam Cyber Fighters’ original pledge to attack the banks.
The U.S. Treasury and security experts have warned that many denial-of-service attacks are a way to hinder banks’ response to online account theft, and that banks should not assume that such attacks are politically motivated.
“Fraudsters also use DDoS attacks to distract bank personnel and technical resources while they gain unauthorized remote access to a customer’s account and commit fraud through Automated Clearing House (ACH) and wire transfers,” the agency stated.

Article source:


No Comments

Senate Reauthorizes FISA, Rejects Proposed Privacy Amendments

UPDATE – The Senate today rejected the inclusion of four privacy-friendly amendments before voting to reauthorize the controversial Foreign Intelligence Surveillance Act (FISA) that grants the federal government the authority to clandestinely monitor electronic communications involving foreign citizens coming into or out of the United States without the probable cause required for traditional warrants.

In an article published on the Electronic Frontier Foundation’s DeepLinks Blog yesterday, EFF activist Trevor Timm celebrated the fact that the Senate was, in the end, forced to openly debate the FISA amendments, a debate that Timm claims, some in the senior legislative house tried to avoid having.

Timm wrote that any Senator seeking to stay true to the constitution should vote no on the reauthorization, but in the end, the Senate not only reauthorized FISA but voted to reject the four, amendments endorsed by the American Civil Liberties Union and the EFF.

FISA became law in 1978 and is intended to regulate how the government can collect “foreign intelligence information.” The bill was last authorized in 2008 and has since been at the center of a number of lawsuits. The bill’s proponents advocate it as an important tool in the U.S.’s ongoing war on terror.

On Twitter, the EFF characterized the Senate’s rejection of the four amendments as “disgraceful.”  TImm Tweeted “What a shame,” as the bill passed, 73-23.

The rejected amendments were proposed by Senators Ron Wyden, Rand Paul, Jeff Merkley, and Patrick Leahy.

Wyden’s, which was shot down 52-43, would have forced the National Security Agency to reveal an estimate of how many Americans are affected by FISA. The NSA has argued that the enforcement of this regulation would violate the privacy of American citizens. There was a second Wyden amendment clarifying that FISA does not give the government the authority to commandeer the domestic communication of American citizens. It’s not clear if this was bundled with his other amendment.

Paul’s amendment attempted to protect the communication data of American citizens held by third-parties (e.g. emails stored in Google’s Gmail). It would have required that prosecutors provide probable cause and acquire a warrant before accessing information from third party sources. It lost lost 79-12.

The Merkley amendment would have required the Attorney General to disclose court cases in which FISA was deployed, but ultimately failed to pass with a 54-37 vote.

The Leahy amendment sought to shorten the bill’s tenure from five to three years but failed as well, 52-38.

In an email interview, Timm told Threatpost that Senate leadership intentionally opted out of voting on the bill when it was ready for the floor in September, and instead pushed the vote back until four days before it would expire.

“Sen. Feinstein disingenuously lamented how she’d like to support some of the amendments but couldn’t because of the time crunch (which was wholly created by her and Senate leadership),” Timm told Threatpost via email. “This tactic stifled debate on the bill and prevented these common sense transparency and oversight from having a full hearing.”

The EFF said it will continue to fight against warrantless wiretapping in the courts. They are  challenging the NSA’s larger dragnet spying program while the ACLU has taken to the courts to challenge the constitutionality of FISA. According to Timm, the government is asking the courts to dismiss the EFF’s case because the NSA’s dragnet program is a “state secret” and the government is arguing that the ACLU’s case shouldn’t go forward because that group cannot prove that any Americans are in fact being spied on.

“FISA Amendment Act’s proponents claim it’s vital to stop terrorists, yet there’s no real evidence that is the case,” Timm told Threatpost. “Sen. Feinstein read a list of all the terrorism suspects arrested in the last four years, yet she didn’t say they were arrested because of FISA. And if it was, there’s no reason to believe getting a warrant like every other criminal investigation in American history, would’ve impeded law enforcement at all.”

We reached out to the office of the bill’s sponsor, Rep. Lamar Smith, and his office sent us the following quote in a press release.

“Our national security agencies operate around the clock to protect America from foreign terrorist groups and spies,” Lamar said in a press release. “But in order to keep America safe, we must be able to conduct surveillance of foreign terrorists and intelligence organizations. H.R. 5949 enables the intelligence community to gather information on foreign terrorists overseas, while still protecting the civil liberties of U.S. citizens at home and abroad. The President should sign this bipartisan bill to ensure that our intelligence capabilities are not dismantled and our nation not put in danger.”

Commenting on this Article will be automatically closed on March 28, 2013.

Article source:

No Comments

10 Biggest Information Security Stories Of 2012

Who Is Hacking U.S. Banks? 8 Facts
(click image for larger view and for slideshow)On the information security front, 2012 has featured nonstop takedowns and arrests, breaches and data dumps, and hacktivist-launched distributed denial-of-service (DDoS) attacks.

Early in the year, notably, hackers breached Stratfor, while the FBI arrested alleged Anonymous and LulzSec ringleaders. By year’s end, hacktivists were still out in force — this time supporting Syrian rebels and targeting picket-happy Westboro Baptist Church. In between, there were a plethora of hacks, defacements, leaks, arrests, mass surveillance, privacy violations and numerous other high-profile information security happenings.

Here are the highlights from 2012:

1. Feds Bust Alleged LulzSec, Anonymous Ringleaders.

Hacktivist group LulzSec dominated headlines in 2011 for its 50-day hacking and defacement spree, as well as witty press releases. After those attacks, U.S. and U.K. law enforcement officials began arresting alleged LulzSec participants, many of whom were also accused of participating in attacks launched under the banners of Anonymous and AntiSec. But LulzSec leader Sabu appeared to elude the authorities.

[ Want to read about more 2012 security escapades? See 9 Ways Hacktivists Shocked The World In 2012. ]

That turned out to not be the case, when in March 2012 the FBI arrested a handful of alleged LulzSec and Anonymous leaders — accused of launching attacks against PBS, Sony, Stratfor and more. Court documents unsealed after those arrests revealed a stunning turn of events, and what many hacktivists would soon label as betrayal. In fact, Sabu — real name Hector Xavier Monsegur — had been cooperating with the FBI since being secretly arrested in June 2011. In short order, the former LulzSec leader apparently had helped the bureau identify his alleged former comrades, leading to their arrests.

2. DDoS Attackers Reach New Heights With Bank Attacks.

How do you define a DDoS attack? Many hacktivists label it as a form of online protest, while law enforcement agencies say disrupting websites remains a punishable offense, and have the arrests and convictions to prove it. Regardless, attackers have continued to push DDoS attacks to new levels of packet-overwhelming power, leading security experts to warn that so-called Armageddon attacks — which disrupt not only a targeted site, but every service provider in between — might soon become reality.

A glimpse of that new reality has been seen in the DDoS attacks launched by Muslim hacktivists against U.S. banks. After compromising numerous servers with DDoS toolkits, the attackers have been able to overwhelm leading Wall Street firms’ websites, despite the attackers revealing in advance which sites they’ll target, and when. The bank attacks reveal that with advance planning and a good DDoS toolkit, attackers might soon be able to disrupt any website they choose.

3. Escape From Belize: AV Founder John McAfee Turns Fugitive.

The security-related world turned surreal in November, when eccentric security expert John McAfee, who’d founded and later sold the McAfee antivirus firm, announced that he was on the run from authorities in Belize. McAfee claimed the government was trying to frame him for a murder after he refused to honor its shakedown request.

McAfee’s freedom proved short-lived when his location was revealed through an information security error: Journalists traveling with him posted an iPhone snap with McAfee, but failed to remove the GPS coordinates that had been automatically included in the image. Soon, the dual American and British citizen was arrested by Guatemalan authorities, requested asylum, faked a heart attack, had his asylum request refused, and was deported to Miami, where’s he’s now reportedly laying low.

4. Espionage Malware Is All Around.

What do Stuxnet, Duqu, Flame, Gauss and Mini-Flame all have in common? They’re all examples of espionage malware, and they were all designed at least in part by the United States. That conclusion can be drawn because unnamed U.S. government officials this year confirmed that Stuxnet was the product of a U.S. cyber-weapons program.

Because security researchers who studied Stuxnet have found evidence that it’s related to Duqu, as well as to Flame and Gauss, it’s clear that the United States hasn’t shied away from using malware to spy on its opponents. Which means that the opposite, of course, is also likely to be true.

5. Attackers Turn To Wire Transfers.

Malware also has long been a favorite tool of criminals, because they can use it to make money, most often by stealing people’s bank credentials and transferring money to dummy accounts, from which money mules withdraw the funds via ATMs. Although such attacks aren’t new, the sophistication and success rate of the related malware appears to be on the increase. In September, notably, the FBI, Financial Services Information Sharing and Analysis Center, and the Internet Crime Complaint Center released a joint warning that criminals have been targeting bank account information using “spam and phishing e-mails, keystroke loggers, and remote access trojans (RATs),” as well as variants of the Zeus financial malware. Individual heists have bagged up to $900,000 in one go. U.S. officials have claimed that the Iranian government is sponsoring the attacks.

Article source:

No Comments

Rethinking IT Security Architecture



Experts question the wisdom of current ‘layered’ cyberdefense strategies as attacks become more sophisticated and breaches abound.

Layered security. Security integration. Defense in depth. For years, cybersecurity professionals and vendors have been preaching sermons on the merits of an enterprise security strategy that mixes a variety of tools and technologies to create a complex barrier that hackers can’t penetrate. “Layered security” has become as much a part of industry parlance as authentication or encryption.

There’s just one problem: It isn’t working.

While enterprises and government agencies have invested unprecedented resources in cybersecurity over the past few years, the incidence of new data threats and breaches remains at record highs. The most recent Verizon Data Breach Investigations Report (PDF) indicates that breaches involving hacking and malware were both up considerably last year, with hacking involved in 81% of incidents and malware involved in 69%.

Read full story on Dark Reading

Related Reading

More Insights

InformationWeek encourages readers to engage in spirited, healthy debate,
including taking us to task. However, InformationWeek moderates all comments posted to our site,
and reserves the right to modify or remove any content that it determines to be derogatory, offensive,
inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM.
InformationWeek further reserves the right to disable the profile of any commenter participating in
said activities.

Disqus Tips

To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.

Subscribe to RSS

Resource Links

Article source:

No Comments

Army says data breach exposed personal information from Fort Monmouth

NEPTUNE, New Jersey — Computer hackers have illegally gained access to personal information of more than 30,000 people connected to Army commands formerly based at Fort Monmouth.

An Army spokeswoman says the information includes names, birth dates, Social Security numbers, addresses and salaries.

The breach was discovered this month.

The commands believed to be affected include Communications-Electronics Command, or CECOM, and Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance, known as C4ISR.

Both were housed at Fort Monmouth up until its closing last year and are now housed at Maryland’s Aberdeen Proving Ground.

The Army tells The Asbury Park Press ( the databases that were breached contained information taken from former Fort Monmouth visitor logs as well as CECOM personnel files.


Information from: Asbury Park (N.J.) Press,

Article source:


No Comments