Showing posts with label security. Show all posts
Showing posts with label security. Show all posts

Friday, July 13, 2012

Report: Half a Million Yahoo User Accounts Exposed in Breach



By Kim Zetter

Hackers have published half a million login credentials for what appear to be Yahoo Voices user accounts that were stolen from a server.

More than 453,000 login credentials were posted by a hacking group calling itself D33Ds Company, who say the credentials were stored in plaintext, an amateur security blunder. The hackers said, in a note posted online, that they used a SQL injection attack to grab the credentials, but did not say from which Yahoo service they were taken “to avoid further damage.”

But based on a domain hostname that the hackers left in the data (dbb1.ac.bf1.yahoo.com) they posted, researchers have concluded that the credentials appear to have been stolen from Yahoo Voices, a user-generated content service and blogging platform that was formerly part of Associated Content. Yahoo Voices claims on its website that it has “more than 600,000 contributors and growing.”

“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” the hackers wrote in a note accompanying their disclosure. “There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”

The page where the hackers originally published the credentials is not currently available, but the credentials have also been posted in a searchable format at Dazzlepod.com, with the passwords redacted. Users who find their credentials on the list can send an email to Dazzlepod requesting that their credentials be removed from the online list. A spokesperson at Dazzlepod, which published the credentials early Thursday morning, says their site has received more than 120 removal requests from account holders so far.

Yahoo said in a statement that it is investigating the breach claim. The breach is the latest in a rash of credential breaches that have occurred in the last few months involving unsecured servers and unencrypted credentials. LinkedIn, eHarmony and Last.fm have all been victims of similar breaches lately.

The attacks highlight the danger of re-using passwords at different websites, as hackers can mine the data and attempt to use the same credentials with more sensitive accounts that users may have, such as online banking and e-mail accounts.

Thursday, June 28, 2012

Whistleblower Reveals Plan To Evacuate London During Olympics



200,000 casket linings on standby says undercover journalist who infiltrated security team

By Paul Joseph Watson / Infowars

An undercover journalist going by the pseudonym ‘Lee Hazledean’ has blown the whistle on astounding revelations about how he infiltrated the G4S – the company responsible for security at the London Olympics – and discovered shocking plans for the evacuation of London, 200,000 ‘casket linings’ being on standby, along with botched security procedures that leave the Games wide open to attack.



Hazledean’s interview with Tony Gosling, Bilderberg.org editor and host of BCFM’s Friday Drivetime, has gone viral on the web over the last few days. Hazledean is an undercover journalist for a television program in London and has worked with news agencies on hard-hitting subjects, but when he approached the mainstream media with his bombshell story, they showed no interest.

When Hazledean asked Channel 4 News Home Affairs Correspondent Andy Davies if he would run the story, Davies said he wasn’t interested and days later Channel 4 ran a puff piece about G4S which portrayed the organization as competent and trustworthy.

“I sent him an email, I called, he wasn’t interested and he said there’s a media blackout on this kind of story, that nobody would be interested in running it,” said Hazledean.

In the interview, Hazledean divulges how he merely had to fill in an application form to get a job with G4S, the private company providing security for the Olympics, that he underwent no background check whatsoever, and that his personal references were not checked.

Employees are given just two days of training to run airport-style security checkpoints which include body scanners, which Hazledean said “would be turned off completely” at peak times, meaning terrorists could just walk straight into the event with ammunition or explosives and have an excellent chance of remaining undetected.

“In fact, I was asked to be a would-be terrorist on the final training day and I was given a knife, a gun and an IED, and on all three occasions throughout the day I got through the metal detector and I also got through the x-ray machine scanner,” said Hazledean, adding that terrorists could quite easily stage a “massacre” given the lax nature of the security.

“They’re not training them properly…it’s quite open to a terrorist attack very easily and I don’t say that lightly,” said Hazledean, adding that he witnessed G4S members doing drug deals while training classes were taking place, while others were taking surveillance photos on their cellphones of supposedly secure areas. Hazledean said a lot of the security staff were poorly qualified and that many of them could barely speak English.

Hazledean also revealed how the large contingent of soldiers being brought into London for the Olympic Games included “a lot of UN troops being posted in and around London,” including American and German troops.

The whistleblower also revealed how unauthorized personnel were being handed G4S uniforms and that uniforms had been stolen.

Hazledean’s most chilling revelation was how he learned about preparations to evacuate London and how, “The security guards used for the Olympics will be at the forefront of getting the public out of London.”

“They seem quite serious about it, they’ve spent a lot of time on this,” said Hazledean, noting how G4S spent two hours talking about the evacuation of London in comparison to just half an hour talking about security screening procedures for the Olympics itself.

The whistleblower also noted how the 100,000 plus troops that would be stationed in London during the Olympics would be enough to carry out such a large scale evacuation.

Another chilling facet Hazledean learned was that 200,000 casket linings (temporary coffins) were being shipped in to London that can hold four bodies each. The whistleblower expressed his amazement at why security guards working on mundane screening procedures would need to be told such information.

The whistleblower also revealed how he was told Predator drones would be circling London in readiness for terrorist attacks, and that G4S employees were shown a video of a drone killing a group of people in Afghanistan.

Hazledean noted how G4S leaders saw the public as “the scum of the earth” and also told their employees that the police had no authority over them. He also related how one of the leaders told him that an event after the Olympics would be a “defining moment” for London but when pressed, refused to divulge what she meant.

Hazledean is not the first to blow the whistle on G4S. Earlier this month, data input clerk Sarah Hubble revealed that she was fired by G4S after complaining that G4S was cutting corners in their security preparations for the Olympics and that she herself had not been vetted.

Speaking with Infowars, Hazledean said that he had been making contingency plans for if his life was put in danger or if he became a target for the authorities in any other way after blowing the whistle on the scandal.

Asked about a meme circulating the web that conspiracy theories about a false flag attack occurring at the London Olympics are being deliberately allowed to proliferate in order to make ‘truthers’ look paranoid after nothing happens, Hazledean stressed that merely getting the story out was necessary as it could derail any planned attack.

Wednesday, June 20, 2012

U.S., Israel developed Flame computer virus to slow Iranian nuclear efforts, officials say



By Ellen Nakashima, Greg Miller and Julie Tate

The United States and Israel jointly developed a sophisticated computer virus nicknamed Flame that collected intelligence in preparation for cyber-sabotage aimed at slowing Iran’s ability to develop a nuclear weapon, according to Western officials with knowledge of the effort.

The massive piece of malware secretly mapped and monitored Iran’s computer networks, sending back a steady stream of intelligence to prepare for a cyber­warfare campaign, according to the officials.

The effort, involving the National Security Agency, the CIA and Israel’s military, has included the use of destructive software such as the Stuxnet virus to cause malfunctions in Iran’s nuclear-enrichment equipment.

The emerging details about Flame provide new clues to what is thought to be the first sustained campaign of cyber-sabotage against an adversary of the United States.

“This is about preparing the battlefield for another type of covert action,” said one former high-ranking U.S. intelligence official, who added that Flame and Stuxnet were elements of a broader assault that continues today. “Cyber-collection against the Iranian program is way further down the road than this.”

Flame came to light last month after Iran detected a series of cyberattacks on its oil industry. The disruption was directed by Israel in a unilateral operation that apparently caught its American partners off guard, according to several U.S. and Western officials who spoke on the condition of anonymity.

There has been speculation that Washington had a role in developing Flame, but the collaboration on the virus between the United States and Israel has not been previously confirmed. Commercial security researchers reported last week that Flame contained some of the same code as Stuxnet. Experts described the overlap as DNA-like evidence that the two sets of malware were parallel projects run by the same entity.

Spokesmen for the CIA, the NSA and the Office of the Director of National Intelligence, as well as the Israeli Embassy in Washington, declined to comment.

The virus is among the most sophisticated and subversive pieces of malware to be exposed to date. Experts said the program was designed to replicate across even highly secure networks, then control everyday computer functions to send secrets back to its creators. The code could activate computer microphones and cameras, log keyboard strokes, take screen shots, extract geo­location data from images, and send and receive commands and data through Bluetooth wireless technology.

Flame was designed to do all this while masquerading as a routine Microsoft software update; it evaded detection for several years by using a sophisticated program to crack an encryption algorithm.

“This is not something that most security researchers have the skills or resources to do,” said Tom Parker, chief technology officer for FusionX, a security firm that specializes in simulating state-sponsored cyberattacks. He said he does not know who was behind the virus. “You’d expect that of only the most advanced cryptomathematicians, such as those working at NSA.”

Conventional plus cyber

Flame was developed at least five years ago as part of a classified effort code-named Olympic Games, according to officials familiar with U.S. cyber-operations and experts who have scrutinized its code. The U.S.-Israeli collaboration was intended to slow Iran’s nuclear program, reduce the pressure for a conventional military attack and extend the timetable for diplomacy and sanctions.

The cyberattacks augmented conventional sabotage efforts by both countries, including inserting flawed centrifuge parts and other components into Iran’s nuclear supply chain.

The best-known cyberweapon let loose on Iran was Stuxnet, a name coined by researchers in the antivirus industry who discovered it two years ago. It infected a specific type of industrial controller at Iran’s uranium-

enrichment plant in Natanz, causing almost 1,000 centrifuges to spin out of control. The damage occurred gradually, over months, and Iranian officials initially thought it was the result of incompetence.

The scale of the espionage and sabotage effort “is proportionate to the problem that’s trying to be resolved,” the former intelligence official said, referring to the Iranian nuclear program. Although Stuxnet and Flame infections can be countered, “it doesn’t mean that other tools aren’t in play or performing effectively,” he said.

To develop these tools, the United States relies on two of its elite spy agencies. The NSA, known mainly for its electronic eavesdropping and code-breaking capabilities, has extensive expertise in developing malicious code that can be aimed at U.S. adversaries, including Iran. The CIA lacks the NSA’s sophistication in building malware but is deeply involved in the cyber-campaign.

The CIA’s Information Operations Center is second only to the agency’s Counterterrorism Center in size. The IOC, as it is known, performs an array of espionage functions, including extracting data from laptops seized in counter­terrorism raids. But the center specializes in computer penetrations that require closer contact with the target, such as using spies or unwitting contractors to spread a contagion via a thumb drive.

Both agencies analyze the intelligence obtained through malware such as Flame and have continued to develop new weapons even as recent attacks have been exposed.

Flame’s discovery shows the importance of mapping networks and collecting intelligence on targets as the prelude to an attack, especially in closed computer networks. Officials say gaining and keeping access to a network is 99 percent of the challenge.

“It is far more difficult to penetrate a network, learn about it, reside on it forever and extract information from it without being detected than it is to go in and stomp around inside the network causing damage,” said Michael V. Hayden, a former NSA director and CIA director who left office in 2009. He declined to discuss any operations he was involved with during his time in government.

Years in the making

The effort to delay Iran’s nuclear program using cyber-techniques began in the mid-2000s, during President George W. Bush’s second term. At that point it consisted mainly of gathering intelligence to identify potential targets and create tools to disrupt them. In 2008, the program went operational and shifted from military to CIA control, former officials said.

Despite their collaboration on developing the malicious code, the United States and Israel have not always coordinated their attacks. Israel’s April assaults on Iran’s Oil Ministry and oil-export facilities caused only minor disruptions. The episode led Iran to investigate and ultimately discover Flame.

“The virus penetrated some fields — one of them was the oil sector,” Gholam Reza Jalali, an Iranian military cyber official, told Iranian state radio in May. “Fortunately, we detected and controlled this single incident.”

Some U.S. intelligence officials were dismayed that Israel’s unilateral incursion led to the discovery of the virus, prompting counter­measures.

The disruptions led Iran to ask a Russian security firm and a Hungarian cyber-lab for help, according to U.S. and international officials familiar with the incident.

Last week, researchers with Kaspersky Lab, the Russian security firm, reported their conclusion that Flame — a name they came up with — was created by the same group or groups that built Stuxnet. Kaspersky declined to comment on whether it was approached by Iran.

“We are now 100 percent sure that the Stuxnet and Flame groups worked together,” said Roel Schouwenberg, a Boston-based senior researcher with Kaspersky Lab.

The firm also determined that the Flame malware predates Stuxnet. “It looks like the Flame platform was used as a kickstarter of sorts to get the Stuxnet project going,” Schouwenberg said.

Tuesday, June 19, 2012

Researcher: CIA, NSA may have infiltrated Microsoft to write malware




Did spies posing as Microsofties write malware in Redmond? How do you spell 'phooey' in C#? 0 32 0Reddit1Submit2Email

By Kevin Fogarty

A leading security researcher has suggested Microsoft's core Windows and application development programming teams have been infiltrated by covert programmer/operatives from U.S. intelligence agencies.

If it were true it would be another exciting twist to the stories of international espionage, sabotage and murder that surround Stuxnet, Duqu and Flame, the most successful cyberwar weapons deployed so far, with the possible exception of Windows itself.

Nevertheless, according to Mikko Hypponen, chief research officer of antivirus and security software vendor F-Secure, the scenario that would make it simplest for programmers employed by U.S. intelligence agencies to create the Stuxnet, Duqu and Flame viruses and compromise Microsoft protocols to the extent they could disguise downloads to Flame as patches through Windows Update is that Microsoft has been infiltrated by members of the U.S. intelligence community.

Having programmers, spies and spy-supervisors from the NSA, CIA or other secret government agencies infiltrate Microsoft in order to turn its technology to their own evil uses (rather than Microsoft's) is the kind of premise that would get any writer thrown out of a movie producer's office for pitching an idea that would put the audience to sleep halfway through the first act.

Not only is it unlikely, the "action" most likely to take place on the Microsoft campus would be the kind with lots of tense, acronymically dense debates in beige conference rooms and bland corporate offices.

The three remarkable bits of malware that attacked Iranian nuclear-fuel development facilities and stole data from its top-secret computer systems – Flame Duqu and Stuxnet – show clear signs of having been built by the same teams of developers, over a long period of time, Hypponen told PC Pro in the U.K.

Flame used a counterfeit Microsoft security certificates to verify its trustworthiness to Iranian users, primarily because Microsoft is among the most widely recognized and trusted computer companies in the world, Hypponen said.

Faking credentials from Microsoft would give the malware far more credibility than using certificates from other vendors, as would hiding updates in Windows Update, Hypponen said.

The damage to Microsoft's reputation and suspicion from international customers that it is a puppet of the CIA would be enough to keep Microsoft itself from participating in the operation, even if it were asked.

That doesn't mean it didn't happen.

"It's plausible that if there is an operation under way and being run by a US intelligence agency it would make perfect sense for them to plant moles inside Microsoft to assist in pulling it off, just as they would in any other undercover operation,” Hypponen told PC Pro. "It's not certain, but it would be common sense to expect they would do that."

The suggestion piqued the imaginations of conspiracy theorists, but doesn't have a shred of evidence to support it.

It does have a common-sense appeal, however. Planting operatives inside Microsoft would probably be illegal, would certainly be unethical and could have a long-range disadvantage by making Microsofties look like tools of the CIA rather than simply tools.

"No-one has broken into Microsoft, but by repurposing the certificate and modifying it with unknown hash collision technologies, and with the power of a supercomputer, they were able to start signing any program they wanted as if it was from Microsoft," Hypponen said. "If you combine that with the mechanism they were using to spoof MS Update server they had the crown jewels."

Hypponen is one of a number of security experts who have said Stuxnet and Duqu have the hallmarks of software written by traditionally minded software engineers accustomed to working in large, well-coordinated teams.

After studying the code for Duqu, security researchers at Kaspersky Labs said the malware was most similar to the kind of work done by old-school programmers able to write code for more than one platform at a time, do good quality control to make sure the modules were able to install themselves and update in real time, and that the command-and-control components ahd been re-used from previous editions.

"All the conclusions indicate a rather professional team of developers, which appear to be reusing older code written by top “old school” developers," according to Kaspersky's analysis. "Such techniques are normally seen in professional software and almost never in today’s malware. Once again, these indicate that Duqu, just like Stuxnet, is a 'one of a kind' piece of malware which stands out like a gem from the large mass of “dumb” malicious program we normally see."

Earlier this month the NYT ran a story detailing two years worth of investigations during which a range of U.S. officials, including, eventually, President Obama, confirmed the U.S. had been involved in writing the Stuxnet and Flame malware and siccing them on Iran.

That's far from conclusive proof that the NSA has moved its nonexistent offices to Redmond, Wash. It doesn't rule it out either, however.

Very few malware writers are able to write such clean code that can install on a variety of hardware systems, assess their new environments and download the modules they need to successfully compromise a new network, Kaspersky researchers said.

Stuxnet and Flame are able to do all these things and to get their own updates through Windows Update using a faked Windows Update security certificate.

No other malware writer, hacker or end user has been able to do that before. Knowing it happened this time makes it more apparent that the malware writers know what they are doing and know Microsoft code inside and out.

That's still no evidence that Microsoft could be or has been infiltrated by spies from the U.S. or from other countries.

It does make sense, but so do a lot of conspiracy theories.

Until there's some solid indication Flame came from inside Microsoft, not outside, it's probably safer to write off this string of associative evidence.

Even in his own blog, Hypponen makes fun of those who make fun of Flame as ineffective and unremarkable, but doesn't actually suggest moles at Microsoft are to blame.

In the end it doesn't really matter. The faked certificates and ride-along on Windows Update demonstrate the malware writers have compromised the core software development operations at Microsoft. They don't have to live there to do it; virtual compromise on the code itself would do the job more effectively than putting warm bodied programmers in the middle of highly competitive, highly intelligent, socially awkward Microsofties with a habit of asking the wrong question and insisting on an answer.

The risk of having any such infiltration discovered is far too high to expose the cyberwar version of Seal Team Six to the perils of Redmond.

Friday, June 8, 2012

Password Theft: Hacking Probe At LinkedIn



Millions of users of the social networking website LinkedIn have been told to reset their passwords after security information was stolen.

The site, which is aimed at professionals and has in excess of 161 million members in more than 200 countries, was compromised and members' details were posted online.

LinkedIn director Vicente Silveira said in a statement: "We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts."

He said the company was investigating the security breach and added that those who were affected will notice their LinkedIn passwords will no longer be valid.

It is thought the passwords of more than 6.5 million people were stolen.

Mr Silveira said: "Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.

"These members will also receive an email from LinkedIn with instructions on how to reset their passwords."

Users were told they should never change their passwords by following a link sent on an email.
"These affected members will receive a second email from our customer support team providing a bit more context on this situation and why they are being asked to change their passwords," Mr Silveira added.

IT security and data protection firm Sophos said the leaked encrypted data does not include associated email addresses but warned that hackers will be working to crack the "unsalted" password hashes and "it is reasonable to assume that such information may be in the hands of the criminals".

Graham Cluley, senior technology consultant at Sophos, said: "It would seem sensible to suggest to all LinkedIn users that they change their passwords as soon as possible as a precautionary step."

Mr Silveira said LinkedIn had recently improved its security, which included the "hashing and salting" of current password databases.

California-based LinkedIn launched in 2003 and made its stock market debut in May 2011 in the hope of raising money for expansion.

LinkedIn gets more than two-thirds of its revenue from fees it charges companies, recruiting services and other people who want broader access to the profiles and other data on the company's website. The rest comes from advertising.