Ars Technica

Syndikovat obsah Risk Assessment – Ars Technica
Serving the Technologist for more than a decade. IT news, reviews, and analysis.
Aktualizace: 57 min 1 sek zpět

Al-Jazeera claims to be victim of cyber attack as Qatar crisis continues

8 Červen, 2017 - 23:03

Enlarge / Qatari Foreign Minister Sheikh Mohammed bin Abdulrahman bin Jassim Al-Thani delivers a speech during a press conference. (credit: Mohamed Farag/Anadolu Agency/Getty Images)

Two weeks after an alleged cyber attack on Qatar's state news agency resulted in the publishing of a fake news story, the Qatari-funded broadcasting company Al-Jazeera claims that the company's "websites and digital platforms" are being targeted in "systematic and continual hacking attempts." The attack comes as officials from the Federal Bureau of Investigation continue to assist the Qatari government in Doha in investigations into an April breach of systems at the Qatar National Bank, as well as the previous media breach.

The fake news story was apparently aimed at further escalating tensions in Qatar's ongoing diplomatic crisis. On Wednesday, CNN reported that unnamed US officials had linked Russian hackers to planting it. That story falsely reported comments by Qatar Emir Sheikh Tamim bin Hamad Al Thani at a military graduation ceremony, saying that President Trump might not last long in office, criticizing escalation of animosity toward Iran, and praising Hezbollah and Hamas as resistance organizations.

However, multiple sources Ars has spoken with have disputed the Russia connection claim. No clear evidence has surfaced yet of who was involved, but Qatar's relationship with the US and its funding of the Al-Jazeera news service have been sources of concern for other governments in the region.

Read 3 remaining paragraphs | Comments

Kategorie: Hacking & Security

Task force tells Congress health IT security is in critical condition

8 Červen, 2017 - 13:20

Health IT's security problems run deep. (credit: Sean Gallagher)

A congressionally mandated healthcare industry task force has published the findings of its investigation into the state of health information systems security, and the diagnosis is dire.

The Health Care Industry Cybersecurity Task Force report (PDF), published on June 1, warns that all aspects of health IT security are in critical condition and that action is needed both by government and the industry to shore up security. The recommendations to Congress and the Department of Health and Human Services (HHS) included programs to drive vulnerable hardware and software out of health care organizations. The report also recommends efforts to inject more people with security skills into the healthcare work force, as well as the establishment of a chain of command and procedures for dealing with cyber attacks on the healthcare system.

The problems healthcare organizations face probably cannot be fixed without some form of government intervention. As the report states, "The health care system cannot deliver effective and safe care without deeper digital connectivity. If the health care system is connected, but insecure, this connectivity could betray patient safety, subjecting them to unnecessary risk and forcing them to pay unaffordable personal costs. Our nation must find a way to prevent our patients from being forced to choose between connectivity and security."

Read 20 remaining paragraphs | Comments

Kategorie: Hacking & Security

Internet cameras have hard-coded password that can’t be changed

8 Červen, 2017 - 00:10

Enlarge (credit: F-Secure)

Security cameras manufactured by China-based Foscam are vulnerable to remote take-over hacks that allow attackers to view video feeds, download stored files, and possibly compromise other devices connected to a local network. That's according to a 12-page report released Wednesday by security firm F-Secure.

Researchers at F-Secure documented 18 vulnerabilities that the manufacturer has yet to fix despite being alerted to them several months ago. All of the flaws were confirmed in a camera marketed under the Opticam i5 HD brand. A smaller number of the vulnerabilities were also found in the Foscam C2. The report said the weaknesses are likely to exist in many other camera models Foscam manufactures and sells under other brand names.

F-Secure researchers wrote:

Read 7 remaining paragraphs | Comments

Kategorie: Hacking & Security

You’ll never guess where Russian spies are hiding their control servers

7 Červen, 2017 - 00:40

Enlarge (credit: Instagram)

A Russian-speaking hacking group that, for years, has targeted governments around the world is experimenting with a clever new method that uses social media sites to conceal espionage malware once it infects a network of interest.

According to a report published Tuesday by researchers from antivirus provider Eset, a recently discovered backdoor Trojan used comments posted to Britney Spears's official Instagram account to locate the control server that sends instructions and offloads stolen data to and from infected computers. The innovation—by a so-called advanced persistent threat group known as Turla—makes the malware harder to detect because attacker-controlled servers are never directly referenced in either the malware or in the comment it accesses.

Turla is a Russian-speaking hacking group known for its cutting-edge espionage malware. In mid-2014, researchers from Symantec documented malware dubbed Wipbot that infiltrated the Windows-based systems of embassies and governments of multiple European countries, many of them former Eastern Bloc nations. A few months later, researchers at Kaspersky Lab discovered an extremely stealthy Linux backdoor that was used in the same campaign, a finding that showed it was much broader than previously believed. Turla has also been known to use satellite-based Internet connections to cover its tracks. In March, researchers observed Turla using what was then a zero-day vulnerability in Window to infiltrate European government and military computers.

Read 6 remaining paragraphs | Comments

Kategorie: Hacking & Security

How a few yellow dots burned the Intercept’s NSA leaker

6 Červen, 2017 - 17:00

Enlarge (credit: Ars Technica)

When reporters at The Intercept approached the National Security Agency on June 1 to confirm a document that had been anonymously leaked to the publication in May, they handed over a copy of the document to the NSA to verify its authenticity. When they did so, the Intercept team inadvertently exposed its source because the copy showed fold marks that indicated it had been printed—and it included encoded watermarking that revealed exactly when it had been printed and on what printer.

The watermarks, shown in the image above—an enhancement of the scanned document The Intercept published yesterday—were from a Xerox Docucolor printer. Many printers use this or similar schemes, printing faint yellow dots in a grid pattern on printed documents as a form of steganography, encoding metadata about the document into its hard-copy output. Researchers working with the Electronic Frontier Foundation have reverse-engineered the grid pattern employed by this class of printer; using the tool, Ars (and others, including security researcher Robert Graham) determined that the document passed to The Intercept was printed on May 9, 2017 at 6:20am from a printer with the serial number 535218 or 29535218.

Read 1 remaining paragraphs | Comments

Kategorie: Hacking & Security

Leaked NSA report says Russians tried to hack state election officials

6 Červen, 2017 - 00:00

Enlarge / Eric Trump, son of then-presidential nominee Donald Trump, looks at wife Lara Yunaska's voting booth. An NSA report indicates Russia may have attempted to plant malware on the computers of election officials in the days before voting. (credit: Bloomberg / Getty Images News)

A Top Secret NSA analyst's report published by The Intercept suggests that, in August 2016, the Russian General Main Staff Intelligence Directorate (GRU) hacked into an election-related hardware and software vendor in the US. The GRU then used data from the company for at least two "spear phishing" campaigns against local government officials associated with elections—including one attack close to the election that appeared to target officials dealing with absentee ballots. The report was based on information that only became available in April of this year, and the NSA report does not reveal the name of the company. There are references, however, to a product from VR Systems, the manufacturer of voter registration roll software and polling place hardware for checking voter information.

Within an hour of the story's publication, the FBI announced the arrest of the alleged source of the leaked report. Reality Leigh Winner was arrested at home in Augusta, Georgia, after an NSA audit identified her as the person who printed and removed the report from a secure facility. The Intercept had turned over a copy of the report to the NSA to verify its provenance while asking for comment. After analysis of the document showed that it had been folded up, suggesting it had been printed, the NSA determined only six employees had access to the document, and only Winner had been in e-mail contact with The Intercept. Additionally, there appears to be a security watermark on the posted document that identifies when it was printed.

Seven e-mail accounts at the vendor company were targeted with a method similar to the one that obtained access to e-mail accounts used by members of the Clinton campaign earlier in 2016, according to the text of the report. At least one of those accounts appears to have been compromised, as information from the company was then used in two separate sets of e-mails with malicious attachments sent to election officials just days before the election.

Read 4 remaining paragraphs | Comments

Kategorie: Hacking & Security

Putin: “Patriotic” Russian hackers may have interfered in US election

1 Červen, 2017 - 23:06

Enlarge / Russian President Vladmir Putin in Saint Petersburg today for the St. Petersburg International Economic Forum, acknowledged today that Russian hackers may have interfered in the US election. (credit: Mikhail Svetlov/Getty Images)

Russian Federation President Vladimir Putin acknowledged today that “patriotically minded” Russian hackers may have been responsible for the breach of the network of the Democratic National Committee and the e-mail accounts of members of Hillary Clinton's presidential campaign, as well as other attempts to interfere in the US presidential elections of 2016 to aid the campaign of Donald Trump.

The admission, which Putin made during comments at the St. Petersburg International Economic Forum, was a reversal of previous Kremlin denials of any Russian involvement in the information operations against Hillary Clinton and the Democrats. Putin continued to deny state involvement in the attacks, instead suggesting that the attacks were staged by Russians acting independently. “If they are patriotically minded, they start making their contributions—which are right, from their point of view—to the fight against those who say bad things about Russia,” he said.

Radio Free Europe posted an excerpt from the interview on Twitter:

Read 2 remaining paragraphs | Comments

Kategorie: Hacking & Security

WikiLeaks says CIA’s “Pandemic” turns servers into infectious Patient Zero

1 Červen, 2017 - 22:08

Enlarge / One of the pages published Thursday in WikiLeaks' latest Vault 7 release. (credit: WikiLeaks)

WikiLeaks just published details of a purported CIA operation that turns Windows file servers into covert attack machines that surreptitiously infect computers of interest inside a targeted network.

"Pandemic," as the implant is codenamed, turns file servers into a secret carrier of whatever malware CIA operatives want to install, according to documents published Thursday by WikiLeaks. When targeted computers attempt to access a file on the compromised server, Pandemic uses a clever bait-and-switch tactic to surreptitiously deliver malicious version of the requested file. The Trojan is then executed by the targeted computers. A user manual said Pandemic takes only 15 seconds to be installed. The documents didn't describe precisely how Pandemic would get installed on a file server.

In a note accompanying Thursday's release, WikiLeaks officials wrote:

Read 7 remaining paragraphs | Comments

Kategorie: Hacking & Security

OneLogin suffers breach—customer data said to be exposed, decrypted

1 Červen, 2017 - 14:59

Enlarge

OneLogin has admitted that the single sign-on (SSO) and identity management firm has suffered a data breach. However its public statement is vague about the nature of the attack.

An e-mail to customers provides a bit of detail—warning them that their data may have been exposed. And a support page that is only accessible to OneLogin account holders is even more worrying for customers. It apparently says that "customer data was compromised, including the ability to decrypt encrypted data."

OneLogin—which claims to offer a service that "secures connections across all users, all devices, and every application"—said on Thursday that it had "detected unauthorised access" in the company's US data region. It added in the post penned by OneLogin CISO Alvaro Hoyos:

Read 4 remaining paragraphs | Comments

Kategorie: Hacking & Security

Defense contractor stored intelligence data in Amazon cloud unprotected [Updated]

31 Květen, 2017 - 22:00

Enlarge / NGA headquarters. A trove of top secret data processed by NGA contractor Booz Allen Hamilton was left exposed on a public Amazon cloud instance. (credit: Trevor Paglen)

On May 24, Chris Vickery, a cyber risk analyst with the security firm UpGuard, discovered a publicly accessible data cache on Amazon Web Services' S3 storage service that contained highly classified intelligence data. The cache was posted to an account linked to defense and intelligence contractor Booz Allen Hamilton. And the files within were connected to the US National Geospatial-Intelligence Agency (NGA), the US military's provider of battlefield satellite and drone surveillance imagery.

Based on domain-registration data tied to the servers linked to the S3 "bucket," the data was apparently tied to Booz Allen and another contractor, Metronome. Also present in the data cache was a Booz Allen Hamilton engineer's remote login (SSH) keys and login credentials for at least one system in the company's data center.

[Update, 5:10 PM] UpGuard's post suggested the data may have been classified at up to the Top Secret level. A Booz-Allen spokesperson told Ars that the data was not connected to classified systems. However, the credentials included in the store could have provided access to more sensitive data, including code repositories.

Read 6 remaining paragraphs | Comments

Kategorie: Hacking & Security

New Shadow Brokers 0-day subscription forces high-risk gamble on whitehats

30 Květen, 2017 - 22:36

Enlarge / Gambling. (credit: Jamie Adams)

The mysterious group that over the past nine months has leaked millions of dollars' worth of advanced hacking tools developed by the National Security Agency said Tuesday it will release a new batch of tools to individuals who pay a $21,000 subscription fee. The plans, announced in a cryptographically signed post published Tuesday morning, are generating an intense moral dilemma for security professionals around the world.

On the one hand, the Shadow Brokers, as the person or group calls itself, has in the past released potent hacking tools into the wild, including two that were used to deliver the WCry ransomware worm that infected more than 200,000 computers in 150 countries. If the group releases similarly catastrophic exploits for Windows 10 or mainstream browsers, security professionals are arguably obligated to have access to them as soon as possible to ensure patches and exploit signatures are in place to prevent similar outbreaks. On the other hand, there's something highly unsavory and arguably unethical about whitehats paying blackhats with a track record as dark as that of the Shadow Brokers.

"It certainly creates a moral issue for me," Matthew Hickey, cofounder of security firm Hacker House, told Ars. "Endorsing criminal conduct by paying would be the wrong message to send. Equally, I think $21k is a small price to pay to avoid another WannaCry situation, and I am sure many of its victims would agree with that sentiment."

Read 11 remaining paragraphs | Comments

Kategorie: Hacking & Security