Wednesday 18 December 2013

NSA saves world from plot to “remotely destroy” PCs, claims NSA director

An international plot which would have turned huge numbers of PCs  into “bricks” by remotely triggeriing deeply buried malware was foiled by the National Security Agency, according to an interview given to CBS by NSA director Keith Alexander.
The scale of the attack could have “taken down the U.S. economy”, an NSA official claimed.
The CBS show 60 Minutes named China as the country behind the alleged attack,which would have arrived “disguised as a request for a software update”, and attacked machines at the BIOS level. BIOS is the simple software which turns computers on, ‘starting up’ hardware such as drives before Windows starts.
The virus would have enabled PCs to be “remotely destroyed,” Alexander claimed in the CBS interview.
Neither Alexander, nor his colleague Information Assurance Director Debora Plunkett specified which nation was behind the attack, nor how many computers would have been affected.
In the hour-long interview, which also dealt with allegations of widespread spying against U.S. citizens, the NSA director made clear that the attack was designed on the mass scale.
“The NSA working with computer manufacturers was able to close this vulnerability”, Ross said, according to The Register’s report.
Debora Plunkett, cyber defense director for the NSA, said, “One of our analysts actually saw that the nation state had the intention to develop and to deliver, to actually use this capability– to destroy computers.
“The attack would have been disguised as a request for a software update. If the user agreed, the virus would’ve infected the computer. . Think about the impact of that across the entire globe. It could literally take down the U.S. economy.”
Attacks which work at this level are rare, and would require what ESET Senior Research Fellow David Harley describes as “an extraordinarily effective delivery mechanism”.
In a recent We Live Security feature on Five Malware that Kept Researchers Up at Night, ESET Security Researcher Lysa Myers ranked the Chernobyl malware number one on her list, saying that it remained in the news “for years”, due to the “pain it caused its victims,” saying, “In some cases the virus would even flash the BIOS, which is to say it rendered the computer completely unusable by overwriting code on a chip attached to the motherboard that enables computers to turn on. This virus hit over a million computers worldwide, and stuck around for many years after the last variant was found.”
“It’s not totally impossible to make a machine effectively (not necessarily permanently) unusable by trashing the BIOS,” says Harley, “But I’ve never heard of this one, unless the NSA have just become aware of 1998’s  Spacefiller/CIH/Chernobyl.”
Harley says that staging such an attack today would also face technical difficulties – beyond those faced by Chernobyl.
“This is essentially what CIH did to vulnerable machines (i.e. PCs using a particular combination of chipset and flash ROM). It changed one byte of the bootstrap routine, which was enough to stop a vulnerable machine from booting.”
But times have changed, Harley says, and crafting such an attack would be difficult these days. “
“Not all machines use the same BIOS,” Harley says. “Even in the days of CIH, some manufacturer’s restricted the initial boot code to a read-only stub, so that the machine could go far enough into the boot process to be reflashed.”
“Some systems had a jumper to write protect the BIOS – that’s pretty standard now, though it’s not necessarily a default. However, where the BIOS is reflashable from software, it does – more often than not – require the customer to disable write-protection. Of course, that does leave the customer vulnerable to social engineering.”
The NSA revealed few details of the BIOS malware’s functions, or how it would be delivered. Harley says that the methods mentioned in the CBS interview were simple social engineering and targeted emails – which may not be “very practical” as a mass attack.
“There is, of course, no guarantee that a new BIOS-trashing program would work exactly or even substantially like CIH,” Harley says. “After all, hardware and malware have moved on. But the sort of nightmare scenario proposed here would also require an extraordinarily effective delivery mechanism. From the transcript of the interview, one of the interviewees was talking about social engineering and targeted emails. But targeted social engineering isn’t very practical when everyone is the target. Clearly, while it’s referred to as a virus, a virus that ‘bricks’ its host has limited value as a delivery mechanism (none, once it has delivered its payload).”
“Unless, of course, the ‘vulnerability’ is in the supply chain, a possibility that isn’t mentioned in the transcript. Surprisingly, given the alleged source of the malware. I’ve no idea how many motherboards are made in China, but I suspect it’s a pretty large number. “

Malicious Firefox add-on turns thousands of PCs into botnet which “hunts” weak websites

A Firefox add-on has turned 12,500 users of the browser into a botnet which scours every page visited by infected users for vulnerabilities. The ‘Advanced Power’ add-on ensnared 12,500 PCs – and found 1,800 vulnerable websites for its unknown creators, according to security expert Brian Krebs.
 SC Magazine says that the add-on also has other capabilities, including password hijacking, but these have not been used.
Based on Google Translate language recognition, Krebs initially reported that text strings in the malware suggested it might be Czech in origin. Human inspection by a native Czech speaker in ESET’s labs revealed that technology was not perfect in this case – and the texts look more like some dialect of Russian.
“The malicious add-on then tests nearly every page the infected user visits for the presence of several different SQL injection vulnerabilities,” according to Krebs.
SQL injection attacks are one of the most common methods used to attack websites, but attackers require vulnerabilities to use them.
“Attackers can use this access to booby-trap sites with drive-by malware attacks, or force sites to cough up information stored in their databases,” Krebs said.
Information Week reports that the malware has been in circulation since May 31 this year at least, and quotes “Kafeine” at the Malware Don’t Need Coffee blog, who said that the malware was distributed at least in part by the Blackhole exploit kit.
Krebs’ report notes that the attack represents a way for hackers to ‘test’ a much larger sample of websites for vulnerabilities rather than simply targeting sites at random – by piggybacking on legitimate site visits, it removes the “blind guesswork” hackers often have to perform to find vulnerable sites.
Mozilla has now blocked the add-on, saying, “It is a malicious extension that is distributed under the same name to trick users into installing it, and turns users into a botnet that conducts SQL injection attacks on visited websites.”

Small businesses are new target for criminals as attacks double, report warns

The assault by cybercriminals against big businesses continued this year – 93% of big companies suffered a data breach in 2012, and 78% were attacked by outsiders, according to a report by Price Waterhouse Cooper. But small businesses – those with less than 50 employees – are rapidly becoming a target, with attacks by outsiders doubling in one year.
Overall, the cost to British business has tripled in the past year, the report said – with large businesses facing attack every few days, and smaller businesses every few weeks.
“Small businesses used not to be a target, but are now also reporting increasing attacks,” the British report warned, saying that breaches suffered by small businesses had increased nearly by half. This year, 63% of small businesses suffered a security breach – last year, that figure was 41%.
The report, commissioned in partnership with the British government’s Department for Business, Innovation and Skills, based on a survey of 1,400 people, found that attacks by outsiders against small businesses had more than doubled – up to 15% from 7% a year ago.
“Outsider attacks also increased substantially, especially against small businesses,” the report said. “ Large organizations still bear the brunt of attacks, with the average company having a serious attack every few days. But, small businesses are rapidly becoming a target too, on average suffering a serious attack once every six weeks.”
The IB Times reported that the sheer number of breaches meant that security spending was rising steadily – to what PWC described as “the highest level ever recorded in this survey.” Companies now spend 10% of their IT budget on security, according to the report.
“Overall, the survey results show that companies are struggling to keep up with security threats, and so find it hard to take the right actions. The right tone from the top is vital – where senior management are briefed frequently on the potential security risks, security defences tend to be stronger.”
ESET Senior Research Fellow David Harley says, “I doubt if there’s any business that hasn’t experienced some sort of breach (which may or may not have been noticed). But some kinds of attack probably work better against small businesses (which don’t usually have dedicated security staff).”
PWC also observed that larger businesses tended to be better at ‘vetting’ third-party companies such as suppliers, saying, “Large organisations are generally more diligent at ensuring third parties have adequate security. For example, they are three times as likely as small businesses to obtain audit rights and twice as likely to carryout penetration testing.”
Many breaches still occur due to staff error – 36% of the year’s worst breaches were due to “human error”, PWC say, and a further 10% due to deliberate misuse of systems.
“There’s a clear payback from investing in staff training. 93% ofcompanies where the security policy was poorly understood had staff-related breaches versus 47% where the policy was well understood,” PWC says.

Biometric ‘Smart ID’ card could offer the ultimate in portable security

A new ‘Smart ID’ card, BluStor, aims to “eliminate hacking and identity theft” – using a combination of voiceprints, fingerprints and iris readings and connecting to mobile devices via Bluetooth, so an app can confirm a user’s ID instantly.
The card stores biometric details for users, and connects to BluStor’s Secure Mobile Briefcase app, which checks fingerprints, iris scans or voiceprints against the ones stored on the card, according to a report by Biometric Update.
“That input is compared with the user’s biometric files stored on the BluStor card. If the offered biometric does not match the stored file, the SMB remains locked,” the company says. The app can be used to lock devices entirely, or to lock folders of sensitive data. It can also be used as an entry system, an ID card, or to store medical files, the company says.
The app works on both Android and iOS, and will be available for testing in Spring 2014. The full version will launch in Fall 2014.
The card connects to nearby devices via Bluetooth 4.0, and stores up to 8GB of data – the U.S. government has already expressed interest in using the cards for storing medical data, BluStor claims, and a Middle Eastern country is interested in using the system for national ID cards.
BluStor also sugggests that the cards could be used for remote employee authentication – allowing home workers to access sensitive data freely. The cards also have room for file storage for email, medical records or work files.
Technology Tell said in its report, “The BluStor Secure Mobile Briefcase idea is pretty genius, and it also has widespread application across quite a number of fields and industries. But most importantly, it provides consumers with a way to secure their mobile devices without the use of a pin or password.”
The high-capacity cards allow the biometric details of a user to be stored in full on the card, and are encrypted with high-grade AES encryption. BluStor claims it is “virtually impossible for a hacker to gain access to a user’s device.”
The card is the brainchild of Finis Conner, a serial entrepreneur who launched Seagate in 1979, and launched the first 5.25-inch drives for Mac computers,  “About two years ago, there was a combination of technologies that had arrived primarily to service the mobile device market, and that was in the form of Bluetooth 4.0 high-performance low-power devices, ultra-thin polymer batteries,” he told Biometric Update. “ I pulled my guys together again and we designed a solution, which is the BluStor platform.”
Biometric ID has become a hot topic this year, after Apple’s adoption of a fingerprint reader on its iPhone 5S, and as cloud services require users to memorise more and more passwords.

Phear of Phishing

(All four blog articles in this series, of which this article is the last, are available as a single paper here: The_Thoughtful_Phisher_Revisited.)
From the sort of ‘visit this link and update or we’ll cancel your account’ message that we saw in the previous blog in this series (The Less Thoughtful Phisher), it’s a short step to trying to frighten you into logging into a malicious URL by telling you there’s already suspicious activity on your account.
Dear Valued Customer,
Your Nationwide Account has been limited due to the unusual login attempt to your online banking.
Resolve Your Nationwide Account

Thanks,
Nationwide Building Society.
Well, fall for this and suspicious activity will certainly happen, though it may take a while before you realize it has taken place.

Yes, it’s me. No, it’s me.

And here’s a short example of a type I’ve been seeing a lot of recently. The potential victim might think that simply confirming or denying that they requested a change is safer than linking to an obvious login link – after all, we keep telling you not to go directly to a link in a message you can’t trust – but the scammer isn’t going to be content with a simple yes or no. At some point in the process you’re going to have to share your login details, and the scammer will have got what he wants. And you may not be surprised to note that – as with most examples of this type of message I’ve seen so far – the ‘yes’ and ‘no’ links are exactly the same. It seems to have starter to occur to them, though, that the social engineering might be a little more convincing if they went to a different page.
Dear Valued Customer,
This is a short email to let you know that your NatWest Credit Card Online Services security details was recently changed on Monday, November 11, 2013 at 9:32:48 AM. Please confirm that this request was made by you.
Best wishes
Paul Riley
Head of Credit Card
 What an interesting coincidence that the Head of Credit Cards at MINT has, according to the message of which I generated a screenshot in an earlier blog in this series, exactly the same name as the Head of Credit Card(s) at NatWest. At least, so the number of NatWest phishing messages I’ve seen with that signature would seem to indicate. Unless he’s changed jobs. Or, more likely, some phishing phreak thought that Paul Riley was a name likely to inspire confidence in UK readers. Just as I always feel reassured when I get offers from various dictator’s widows to share millions of dollars. ;)

We don’t know why, but we know exactly when…

Here ‘he’ is again with a more comprehensive message. I love the precision with which they report the date and time of this imaginary breach.
Dear Valued Customer,
An attempt to access your NatWest Credit Card Online Services was denied on: Thursday, 07 November 2013 at 7:03:55 GMT
Access was denied for one of two reasons:
The response to your personal logon details did not match our records
A recent change in your contact information.
If you remember trying to access NatWest Credit Card Online Services on the above date and time, please select “That was me.”
If you do not remember trying to access NatWest Credit Card Online Services on the above date and time, please select “That was NOT me.” You will then be prompted to Confirm your account profile on file with us.
That was me.
That was NOT me.
Best wishes
Paul Riley
Head of Credit Cards
P.S …don’t forget that you can make a payment online using the payments and transfers link once you have logged on.
Please do not reply to this email. It is for notification only as this mailbox cannot accept incoming mail. If you need to contact us then use the Contact Us link at www.natwest.com.
National Westminster Bank plc. Registered in England and Wales (Registered Number 929027)
Registered Office: 135 Bishopsgate, London EC2M 3UR.
Authorised and regulated by the Financial Services Authority.
This email message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. Internet emails are not necessarily secure. The Royal Bank of Scotland plc does not accept responsibility for changes made to this message after it was sent.
Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the responsibility of the recipient to ensure that the onward transmission, opening or use of this message and any attachments will not adversely affect its systems or data. No responsibility is accepted by The Royal Bank of Scotland plc in this regard and the recipient should carry out such virus and other checks as it considers appropriate.
Talk about adding value. Two possible reasons for the ‘problem’ you have to log on to resolve, an opportunity to make a payment while you’re at it (more money? Bring it on!), and a lengthy disclaimer that looks like it was scraped from a real site or document.

Newly MINTed

And here is Mr Riley, again, apparently moonlighting back with MINT. I wonder if he’s getting paid by both divisions.
And yes, this time the scammers used different links for yes and no. Apart from the change of provider, the value-added disclaimer is almost identical to the previous message (so I haven’t reproduced it).
Dear Valued Customer,
Our records shows that your MINT Credit Card Online Services security details was recently changed on Tuesday, November 05, 2013 at 06:09:42 PM. Please confirm that this request was made by you.
Yes, I made this request.
No, I did not make this request.
Best wishes
Paul Riley
Head of Credit Cards

Implore-sible…

Dear Account Holder,
We noticed a violation of our services on your account and for this
reason, your account will be closed if you fail to resolve the
issue within the next 48 hours.
This will only take a moment, We implore you to resolve the issues
on your account immediately to restore access.
Resolve Here to complete the process.
Sincerely,
Lloyds Bank
I like it. Short and to the point. Log on and give us your money or we’ll close your account. Even though, as usual, we don’t know anything about you or your account… I really like ‘we implore you’: it’s always comforting when a scammer asks nicely.

Doomed!

At Lloyds, we take your security very seriously indeed. In fact
we’ve invested in a host of measures that help protect you
and your money
Recent transactions involving your designated accounts was revoked.
Follow the provided steps to restore your online access and to
review your account status
Online banking Log on
Sincerely,
Lloyds Bank
Eek! Revoked! I’m doomed. (I’ve been seeing a lot of these, but this one is enough to give you the idea…)

Browserbeaten

And one last shot across the browser from ‘Paul Riley’.
Dear Valued Customer
Thank you for choosing NatWest Online Credit Card Services.
At NatWest Credit Card Services we are continually making improvements to protect our customers from fraud, but there are also things you should do to ensure that your details are kept safe when using your card online. We ask that you always have the latest anti-virus software protection on whichever device you use to access NatWest Online Credit Card whether that be your laptop, pc or mobile. We also offer free ‘Rapport’ security software protection that works alongside your anti-virus software to give added online protection.
At NatWest Credit Card Services we have introduced new additional security measures and updated our software to protect our Online Credit Card Account users. The security update will be effective immediately and requires our NatWest Credit Card customers to update their access. Please click on “Continue” below to update yours today.
CONTINUE
Find out more
If you have any questions about using your card online, we’re happy to help. Simply visit our Help 24/7 service.
Yours sincerely,
Paul Riley
Head of Credit Cards
Rapport, of course, is Trusteer’s banking-specific security software, which has been genuinely recommended and made available by various banks to their customers. Nice touch of circumstantial suggestion of good intent, and perhaps an indication of content scraping, but the real intent here is far from benevolent.
And finally…
At least for this series.
Dear Valued NatWest Card Customer
Due to too many errors on your NatWest Credit Card account.
Your access to NatWest Credit Card Online Services has been locked out. Please use the link below to unlock.
Unlock Your NatWest Credit Card Online Services

Please do not reply to this message. For questions, please call Customer Service at the number on the back of your card. We are available 24 hours a day, 7 days a week.
Happily, this has some major logical weaknesses that should alert most people immediately to what they’re looking at here.
  1. There is no personalization to prove they’re addressing a known customer
  2. There’s an inline link to a very dodgy-looking URL
  3. If you were in any doubt about this, you could check it instantly by going to a known genuine URL to log in, where hopefully you would be able to log in without a problem.

Government calls for stricter security controls between Huawei and GHCQ

huawei-sign-logo
A review into security arrangements between Huawei and GCHQ for vetting the firm's telecoms kit in the UK has called for several changes, although it has dismissed many of the original concerns raised.
The report was conducted after major security concerns were raised earlier this year by the Intelligence and Security Committee (ISC). It was concerned that Huawei had been able to carve out a dominant position in the telecoms market without scrutiny.
This also led to fears that the Huawei Cyber Security Evaluation Centre (HCSEC, also known as the Cell) used to evaluate Huawei kit in the UK, was staffed by its own employees rather than GCHQ staff.
This led to a review of the working practices at the Cell and the relationship between Huawei and GCHQ, carried out by national security adviser Sir Kim Darroch. The report has now been published and, although no major issues came to light, several recommendations have been put forward.
These focused on formalising many of the currently informal working practices between the two organisations, such as when code and equipment is made available for checking. The report also said that senior staff at the Cell should be appointed with more direct input from GCHQ.
“GCHQ’s involvement in the future appointment of senior staff to HCSEC should be strengthened. At present, GCHQ have a power of veto over appointments through the security vetting process,” it said.
“The review recommends that, in future, GCHQ should lead and direct senior HCSEC appointments (in consultation with Huawei), in particular through chairing the selection panel.”
However, the report noted that although initial concerns focused on the amount of control Huawei has over the oversight of its own equipment, this is required given the complexities involved in accessing source code.
“Although the fact of HCSEC staff being employed by Huawei appeared to create conflicts of interest, it was, in reality, the best way of ensuring continued complete access to Huawei products, codes and engineers, without which HCSEC could not do its job,” it said.
“In particular, were HCSEC staff not to be Huawei employees, access arrangements would be complicated by Huawei’s non-disclosure agreements with its hundreds of third-party suppliers.
“Also, there would be a possibility of commercial risk or even liabilities for the taxpayer were GCHQ, in effect, to impose themselves between Huawei and the UK telecommunications market.”
Huawei said it welcomed the report and that it vindicated its own strategy in tackling cyber security. "We are pleased that the model of the UK Government, the telecom operators and Huawei working together in an open and transparent way has been recognised as the best approach for providing reassurance on the security of products and solutions deployed in the UK," the firm said.
"Huawei believes it is only by working together internationally, as vendors, customers, policy and law makers, that the challenge of global cyber security can be met."
The UK's continued open-arms policy towards Huawei stands in stark contrast with other Western nations such as Australia and the US, which are far more wary of the firm given its close links to the Chinese government.

PRISM: Judge brands NSA surveillance 'Orwellian' and unconstitutional

nsa-headquarters-fort-meade-maryland
A US judge has ruled that the NSA's wholesale gathering of internet traffic, emails and phone calls is likely to be in breach of the Fourth Amendment, which protects citizens against "unreasonable searches".
The ruling found that despite the NSA's claims to the contrary, there was an "utter lack of evidence that a terrorist attack has ever been prevented" as a result of the data-collection tactics employed.
In his closing statement, Judge Richard Leon described the NSA's tactics as "Orwellian". He added: "I cannot imagine a more 'indiscriminate' and 'arbitrary invasion' than this systematic and high-tech collection and retention of personal data on virtually every single citizen for purposes of querying and analysing it without prior judicial approval."
Claimants in the case, which has now been put on hold pending appeal from the US government, are lawyer Larry Klayman and Charles Strange, the father of a cryptologist killed in Afghanistan in 2011. If the case is upheld it will be a landmark ruling and a significant setback for the NSA.
Judge Leon said he expected the process to take six months, during which the government should prepare its defence. "Suffice it to say, requesting further time to comply with this order months from now will not be well received and could result in collateral sanctions," he warned.
Edward Snowden, the whistleblower who put the NSA's tactics into the limelight over the summer, released a rare statement to The New York Times. "Today, a secret program authorised by a secret court was, when exposed to the light of day, found to violate Americans' rights," he said. "It is the first of many."

Christmas shoppers can browse in private with anti-tracking Android app

An AVG logo
There’s no sign of the shopping season waning in the next couple of weeks with Christmas around the corner.

Shoppers will be flocking to shopping malls and retail stores to fill up stockings and buy gifts for their loved ones until the last minute. And while some retailers will be interested in how much they spend, others will be keen to track their movements around the stores. How?

The answer is simple. Via smartphone.

Smartphone tracking isn’t something new. In August 2013, the City of London Corporation asked a company to stop using recycling bins to track the smartphones of passers-by.

"The key problem is it’s impossible for consumers to know because technology is monitoring your phone," said Dr Ian Brown, associate director, Oxford University Cyber Security Centre. "It is not sending signals back to you, so even if you had the right electronic equipment, you couldn’t tell technology is being used to track you."

Recent research suggests tracking is big business in the US with over $175m being privately invested in this kind of technology. A few retail sources say it is widespread in the UK but declined to be named. The British Retail Consortium and the British Council of Shopping Centres declined to comment.

However, as a consumer, there are ways to protect yourself from being tracked. AVG Technologies has launched a new app to block retailers from accessing smartphones and ensure consumers have an enjoyable experience in stores and shopping centres.

The WiFi Do No Track feature within the AVG PrivacyFix for Android suspends WiFi on a user’s phone when they’re out and about, only reconnecting when they’re close to trusted WiFi locations like their home, office or favourite coffee shop.

The feature stops smartphones from transmitting their unique MAC address which retailers and marketers have begun using to track the movement of shoppers based on physical location. Retailers are using the information to count visitors in their shops, optimise store layouts or measure the effectiveness of mobile advertising.

"Using WiFi technology to capture our location data in stores provides retailers with analytics. The problem is that consumers have limited notice of these activities, often no opportunity to opt out, and many may not realise they are even being observed in this way," said Gary Kovacs, chief executive at AVG Technologies.

The problem is not only with tracking, but how the information is then siphoned off to retailers.

According to Jim Brock, vice president of Privacy Products at AVG Technologies, "The commercialisation of WiFi tracking of shoppers appears to be on the rise with companies offering such services to retailers. Yet often these services fail to provide assurance of basic encryption protection of your device identifier.

"AVG PrivacyFix gives individuals the choice and control over their privacy that the industry has yet to provide. Until we see broadly accepted and protective industry standards in place to regulate smartphone tracking in the real-world, consumers need to fend for themselves. We're here to make that easier."

Google blasted as 'arrogant' for trying to move UK privacy case to the US

Google Logo
Google has been accused of "arrogant" behaviour as it attempts to have a privacy case brought by UK citizens heard in California, rather than the UK.
Google allegedly circumvented privacy settings in the iOS version of Apple's Safari browser, using cookies to serve targeted adverts. Google insists that the tracking was accidental.
Google has already paid $17m in compensation to 38 US states and $22.5m in fines to the US Federal Trade Commission over the Safari browser tracking case. The firm said that it is looking for confirmation that the case is strong enough to go ahead.
The claimants, a group who call themselves Safari Users Against Google's Secret Tracking, insist that because Google has a strong UK presence, its misdemeanours should be challenged here too.
Judith Vidal-Hall, part of the group, said: "Google is very much here in the UK. It has a UK-specific site, it has staff here, it sells adverts here, it makes money here. It is ludicrous for it to claim that, despite all of this very commercial activity, it won't answer to our courts.
"If consumers are based in the UK and English laws are abused, the perpetrator must be held to account here, not in a jurisdiction that might suit them better. Google's preference that British consumers should travel all the way to California to seek redress for its wrongdoings is arrogant, immoral and a disgrace."
Dan Tench partner at law firm Olswang, which is representing the group, said: "British users have a right to privacy protected by English and European laws. Google may weave complex legal arguments about why the case should not be heard here, but it has a legal and moral duty to users on this side of the Atlantic not to abuse their wishes. Google must be held to account here, even though it would prefer to ignore England."
A Google spokesman dismissed these criticisms, though: "A case almost identical to this one was dismissed in its entirety two months ago in the US. We're asking the court to re-examine whether this case meets the standards required in the UK for a case like this to go to trial."

US Judge hacked for the lulz: Sex toys ordered with his credit card


They've sided with a sheriff in the US state of Texas in a dispute over a teacher picking thrown-away school furniture out of the trash, have leaked 23 documents stolen from the judge's computer, have used the judge's credit card to order what Softpedia reports is a total of 18 sex toys, and have shown prodigious talent at making images out of keyboard characters that will forever change the way you view "x", "@" and "s" if you click through to their Pastebin message.
(Warning: At least one of the Pastebin images are probably NSFW, albeit they'd be very appropriate for a gallery show on keyboard character artwork.)
The TeamBerserk crew align themselves with the Anonymous hacktivistbrand but carry out their own operations.
In October, they announced that they were taking a breather from their attacks, which they say have been carried out against such organizations asthe US Office of Personnel Management, HITRUST, Interactive Data, CITIC, the Chinese University of Hong Kong, New Mexico ISP Plateau, The West Australian, Loretto Telecom, and California-based ISP Sebastian.
Now, they're back, as spotted by Softpedia's Eduard Kovacs, and they're ready for more lulz, as they said in their comeback message:
After many days at port, days filled with rum, women and lulz - which have recovered us. We have again united for an explosive several weeks of exploitation, mayhem and LoLz.
In the Pastebin message, they threatened "corporations and governments", with Judge Souli A. Shanklin appearing to be their first target as part ofProjectMayhem, a campaign Anonymous first announced in 2011.
The dispute with Judge Shanklin dates back to a conflict that flared up in September between Edwards County Sheriff Pam Elliott and Rocksprings Independent School District Superintendent David Velky.
After claiming to have analyzed the case, the hackers said that they're on the sheriff's side:
We TeamBerserk agree with Sheriff Pam Eliott [sic]. You have been placing pressure on board members to do your bidding and you have concealed information. This information will be publicly available soon.
At this very moment we are sorting through and analyzing all of your accounts. We have gained remote access to your cell phones and we have conversation logs between you and various, shall we say.. characters of shady backgrounds.
All of your Android devices are under our control as well as your personal nets.
TeamBerserk claims to have ordered several dildos from Velky's Amazon account, as they did from Judge Shanklin's account, and published screenshots as proof.
Kovacs reported on Wednesday that the hackers hijacked Velky's LinkedIn account and leaked seven more documents related to Judge Shanklin.
Although some might see these antics as amusing, let's get serious kids. Don't try this at home.
As it is, when TeamBerserk went on hiatus in October, it noted that various members had just finished jail terms.
Credit card fraud is illegal, as it should be, even if you use the stolen credit card to send truly tasteful Christmas gifts such as those selected by TeamBerserk.
The US legal system doesn't have much of a sense of humor.
For evidence of that, you don't have to look any further than to the $183,000 penalty dished out to Eric Rosol this week for participating in an Anonymous-organized DDoS against Koch Industries for one measly minute.
High financial penalties and jail terms against hackers and 'hacktivists' alike are rife.
Is it really worth the lulz?

Muslim Group Hacks Israeli Army to Avenge Hezbollah Leader's Death


A group of Muslim hackers infiltrated the servers of the Israeli army and extracted top secret intelligence and military information, including the personal files of hundreds of army officers, forcing Tel Aviv to shut down its army servers.
The group which calls itself, the Islamic Cyber Resistance Group, said it has gained valuable intelligence in the hacking attack, named 'Remember Hassan Lakkis Operation'.
The Muslim hackers said the personal files, including the job titles, passwords, file passwords, employer, postal addresses, E-mails, contact numbers, military codes, etc. of 2014 Israeli officers, are a small part of the information and intelligence it has extracted from the Israeli army. The personal files of these 2014 Israeli militaries can be downloaded from the hackers' website. (You may also find a copy of the same files down this page.)
The group said the cyberattack has been conducted in retaliation for the assassination of the Lebanese Hezbollah leader, Hassan Hawlo Lakkis, who was assassinated in front of his home in St. Therese-Hadath on December 4, while he was on his way back from work.
"Be aware that, we, the Islamic Cyber Resistance Group, followers of Prophet Mohammad (S.A), have conducted an operation in the name of martyr Hassan Lakkis to revenge his assassination," the group said in a statement released on its website.
The Lebanese Hezbollah movement took Israel and Al-Qaeda responsible for the terror operation.
"Israel is automatically held completely responsible for this heinous crime," a Hezbollah statement said a day after Lakkis's assassination, adding that Israel had already staged several assassination attempts on the life of Lakkis in various areas.
"This enemy should bear full responsibility and all consequences of this heinous crime, and this repeated targeting of dear resistance leaders and cadres," the Hezbollah statement added.
The Islamic Cyber Resistance Group did not affiliate itself with Hezbollah or any other party or country, identifying itself as true Muslim believers who would not withdraw from the war on Israel.
The group warned that it takes the Israeli Mossad secret service and the Al-Qaeda responsible for the assassination of the Hezbollah leader, adding that the war on these two accomplices will rage on.
"This is a warning to you that the next operation would be much more damaging to you. We present this operation to his (Hassan Lakkis') children (Ayah, Husain, Zeynab)," the group said in its statement.

Top 5 free vulnerability scanners 2014

Finding a good vulnerability scanner is a hard job as there are many to choose from. We have made an top 5 list of free vulnerability scanners which you can use to audit your targets for vulnerabilities.
Vulnerability scanning is performed by (ethical) hackers that wish to find vulnerabilities in their designated targets which they afterwards can exploit with the right exploit.

Qualys - Cloud solution free for 7 days 

The Qualys vulnerability scanner can be used for free and it will allow you to use the power of the cloud as your targets will be audited from on external IP. The Qualys cloud solution will allow you to discover devices, find vulnerabilities, perform PCI audits and it will help you to stay on top of the latest security patches.
Free 7 day Qualys Cloud vulnerability scanner

Nessus Vulnerability Scanner - Free for 7 days 

The Nessus® vulnerability scanner provides patch, configuration, and compliance auditing; mobile, malware, and botnet discovery; sensitive data identification; and many other features.
With a continuously updated library of more than 60,000 plugins and the support of Tenable’s expert vulnerability research team, Nessus delivers accuracy to the marketplace. Nessus scales to serve the largest organizations, and is easy to deploy on premises or in the Amazon Web Services (AWS) cloud.
Nessus Free Vulnerability Scanner

OpenVAS - Open Source Vulnerability scanner

The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.
The actual security scanner is accompanied with a daily updated feed of Network Vulnerability Tests (NVTs), over 30,000 in total (as of April 2013).
All OpenVAS products are Free Software. Most components are licensed under the GNU General Public License (GNU GPL).
OpenVAS free vulnerability scanner

Subgraph VEGA free vulnerability scanner

The Subgraph VEGA security scanner can be downloaded for free and is free of charge. Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.
Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. The Vega scanner finds XSS (cross-site scripting), SQL injection, and other vulnerabilities. Vega can be extended using a powerful API in the language of the web:Javascript.
Free Security Assessment Tool VEGA

GFI LanGuard 30 days free usage

Easy to set up and use, GFI LanGuard® acts as a virtual security consultant to provide you with a comprehensive overview of your business’s network security status through vulnerability assessments, patch management, and network and software auditing.
The GFI LanGuard is an complete network security package.
GFI Free Security Scanner LanGuard

Gmail scans images in e-mails for malware: Privacy breach or Security?

This month Google announced that they scan image content in your e-mail to keep you safe from hackers that might want to use your data. Google has also been using DMARC for a while to fight e-mail fraud.
But thanks to new improvements in how Gmail handles images, you’ll soon see all images displayed in your messages automatically across desktop, iOS and Android. Instead of serving images directly from their original external host servers, Gmail will now serve all images through Google’s own secure proxy servers.
So what does this mean for you? Simple: your messages are more safe and secure, your images are checked for known viruses or malware, and you’ll never have to press that pesky “display images below” link again. With this new change, your email will now be safer, faster and more beautiful than ever.
Google scans images in your e-mail

Enable all images to be downloaded automatically

Here is how:
  1. Open Gmail.
  2. Click the gear icon in the top right.
  3. Select Settings.
  4. Scroll down to the Images section (stay in the “General” tab).
  5. Choose Ask before showing.
  6. Click Save Changes at the bottom of the page.

President Obama will meet CEO's of Apple, Twitter, Netflix, Dropbox tomorrow to discuss actions of the NSA

The White House has announced (via TIME) that President Barack Obama is scheduled to meet with a long list of high-profile tech executives tomorrow to discuss the controversial rollout of the Healthcare.gov website as well as NSA surveillance programs that have recently come to light:
“Tomorrow, President Obama will meet with executives from leading tech companies to discuss progress made in addressing performance and capacity issues with HealthCare.Gov and how government can better deliver IT to maximize innovation, efficiency and customer service,” a White House official said. “The meeting will also address national security and the economic impacts of unauthorized intelligence disclosures.  Finally, the President will discuss ways his Administration can partner with the tech sector to further grow the economy, create jobs and address issues around income inequality and social mobility.”
First on the list is Apple CEO Tim Cook who will also be joined by CEOs from Twitter, Netflix, Dropbox, Yahoo and many others.
Last month Apple participated in an open letter signed by Facebook, Google, Microsoft, Yahoo and other tech companies expressing support for the USA Freedom Act that would limit the NSA’s ability to run its surveillance programs and keep them secret from the public. Another open letter to the President and congress was published earlier this month with support from Apple and other companies urging Washington to reform laws related to government surveillance.
The full list of tech executives scheduled to meet with Obama tomorrow is below:
· Tim Cook, CEO, Apple
· Dick Costolo, CEO, Twitter
· Chad Dickerson, CEO, Etsy
· Reed Hastings, Co-Founder & CEO, Netflix
· Drew Houston, Founder & CEO, Dropbox
· Marissa Mayer, President and CEO, Yahoo!
· Burke Norton, Chief Legal Officer, Salesforce
· Mark Pincus, Founder, Chief Product Officer & Chairman, Zynga
· Shervin Pishevar, Co-Founder & Co-CEO, Sherpa Global
· Brian Roberts, Chairman & CEO, Comcast
· Erika Rottenberg, Vice President, General Counsel and Secretary, LinkedIn
· Sheryl Sandberg, COO, Facebook
· Eric Schmidt, Executive Chairman, Google
· Brad Smith, Executive Vice President and General Counsel, Microsoft
· Randall Stephenson, Chairman & CEO, AT&T

The UK National Cyber Security Strategy and Forward Plans


Two years have passed since the first UK National Cyber Security Strategy was published and much has been done by the UK Government towards delivering the four Strategy objectives for the "fifth domain" of warfare:
- making the UK one of the most secure places in the world to do business in cyberspace;
- making the UK more resilient to cyber attack and better able to protect our interests in cyberspace;
- helping shape an open, vibrant and stable cyberspace that supports open societies; and
- building the UK´s cyber security knowledge, skills and capability.
Nevertheless improving the UK´s cyber security is and will remain a top priority for the UK Government, and the 2013 Spending Review directed a further £210 million to the UK National Cyber Security Programme in 2015-16, on top of the £650 million set aside over the previous four years.
This document gives an outline of the UK cyber security forward plans, which will focus on the core goals of:
- further deepening the UK national sovereign capability to detect and defeat high-end threats;
- ensuring law enforcement has the skills and capabilities needed to tackle cyber crime and maintain the confidence needed to do business on the Internet;
- ensuring critical UK systems and networks are robust and resilient;
- improving cyber awareness and risk management amongst UK business;
- ensuring members of the public know what they can do to protect themselves, and are demanding good cyber security in the products and services they consume;
- bolstering cyber security research and education, so have the skilled people and know-how needed to keep pace with this fast-moving issue into the medium-term; and
- working with international partners to bear down on havens for cybercrime and build capacity, and to help shape international dialogue to promote an open, secure and vibrant cyberspace.

Android botnet stole SMSes from South Korea, emailed them to China


An Android botnet found in South Korea that steals text messages may be one of the largest and most advanced mobile malware operations discovered, according to security vendor FireEye.
The botnet, which FireEye called "MisoSMS," was used in 64 spyware campaigns, stealing text messages from phones in Korea and forwarding them to email accounts accessed by hackers in both China and South Korea.
MisoSMS is embedded in an Android application that purports to be an administrative settings tool, FireEye wrote on its blog. The application calls itself "Google Vx" and asks for administrative permissions that, if granted, allow the malware to hide.
It then collects text messages and sends them by email to the attackers, which is a new technique, FireEye wrote. Some SMS malware applications forward text messages to hackers' phones via SMS, while others send messages via TCP connections.
More than 450 web email accounts were used to control the malware. "The attackers logged in from Korea and mainland China, among other locations, to periodically read the stolen SMS messages," FireEye analysts wrote.
The email accounts used in connection with MisoSMS have been deactivated, and the attackers have not since registered any new email addresses. FireEye wrote on its blog it is working with Korean law enforcement and the Chinese web mail provider whose accounts were used by the hackers.

EC-COUNCIL demands you re-exam if you score higher than 95%


EC-Council is an company that provides certifications in various fields of information security. A lot of people will know ec-council because the certified ethical hacker exam is made by them. The ec-council instructs and makes sure that each participant gets the right training to pass their exam. But it seems that there is an catch. The rumor is spreading on the internet that if you succeed with an score result higher then 95% then EC-council will demand that you will redo your exam as achieving an result that high would make the exam look bad.

Development of the EC-Council exams

The EC-Council certification exams have been developed with the highest professional standards. The principles and processes employed by EC-Council conform to the Standards for Education and Psychological Testing. The EC-Council approach has been audited and validated by a psychometric specializing in professional certification methodology. And all the questions on the certification exams have been reviewed and approved by a group of subject experts on behalf of EC-Council.

Convicted Operation Open Market world-wide online market place for stolen personal and financial information


Man Who Bought And Sold Stolen Personal Information Online Convicted Of Participating In Racketeering Organization,United States Attorney for the District of Nevada .
The first defendant to go to trial in “Operation Open Market,” an investigation of a sophisticated cybercrime organization that operated a world-wide online market place for stolen personal and financial information, was convicted today by a federal jury in Las Vegas, announced Daniel G. Bogden, United States Attorney for the District of Nevada and Acting Assistant Attorney General Mythili Raman of the Justice Department’s Criminal Division.
David Ray Camez, 22, of Phoenix, Ariz., was convicted of one count of participating in a racketeer influenced corrupt organization and one count of conspiracy to participate in a racketeer influenced corrupt organization. Camez is scheduled to be sentenced on April 10, 2014, and faces up to 20 years in prison on each count and fines of up to $250,000.  The trial began on Nov. 18, 2013.
“It is difficult to fathom the enormity and complexity of the Carder.su racketeering organization and its far-reaching tentacles across international borders,” said U.S. Attorney Bogden. “The Internet has provided sophisticated international criminals access to the United States and its citizens, and the ability and means to harm us.  It has given new definition to reaching out and touching someone.  This verdict and our charges against other members of this criminal organization demonstrate that we are likewise reaching out and touching them with our federal criminal justice system.”
“The actions of these computer hackers and identity thieves have harmed countless innocent Americans and seriously compromised our financial system and global commerce,” said Michael Harris, Assistant Special Agent in Charge of Homeland Security Investigations in Las Vegas.  “These criminals may think they can escape detection by hiding behind their computer screens here and overseas, but as this verdict demonstrates, cyberspace is not a refuge from American justice.”
Camez was one of 39 charged in an indictment returned in January 2012.  Five others have pleaded guilty, seven are scheduled for trial in February 2014, and the rest are fugitives.  There were also 16 other defendants charged in the scheme in three separate indictments.  Most of those defendants are also scheduled to go to trial in February.
The target of the investigation was an organization which called itself “Carder.su.”  Investigation of the Carder.su organization began in March 2007, after the United States Secret Service, operating in conjunction with Homeland Security Investigations and other federal, state and local law enforcement agencies who participate in the Southwestern Identity Theft and Fraud Task Force (SWIFT), began investigating a pattern of credit and debit card fraud.  A special agent initiated an undercover investigation called Open Market and assumed the identity as a member of the organization when it was in its infancy. 
The investigation determined that members of the Carder.su organization, known as “carders,” were involved in large scale trafficking of compromised credit card account data and counterfeit identifications and credit cards, as well as money laundering, narcotics trafficking, and various types of computer crime. The organization operated an internet web portal called a forum, where members could purchase the illicitly obtained data and share knowledge of various fraud schemes. A second forum was also created to vet incoming new members.  The forums were generally hosted within the former Soviet Union and the upper echelon of the organization resides within the former Soviet Union. It was estimated that in July 2011, there were over 5,500 members of the organization.
It was determined that members of the organization had different roles, including moderators who directed other members in carrying out activities; reviewers who examined and tested products, services, and contraband; vendors who advertised and sold products, services and contraband; and members. Members were required to successfully complete a number of security features designed to protect the organization from infiltration by law enforcement or members of rival criminal organizations.  Camez became a member of the organization under the name “Bad Man” on June 22, 2008. Camez also used the name “doctorsex.”  During 2009 and 2010, the undercover special agent had multiple contacts with Camez in which Camez purchased counterfeit Nevada and Arizona driver’s licenses.  Investigators also intercepted and seized a package shipped to Camez from Pakistan which contained counterfeit credit and gift cards.  During a search of Camez’ home in Phoenix in May 2010, agents recovered counterfeit credit cards, equipment used to manufacture counterfeit credit cards, counterfeit U.S. currency, and counterfeit identification documents. A search of Camez’ computer revealed software used to encode counterfeit credit cards and stolen identity information.
In addition to the U.S. Secret Service, Homeland Security Investigations and members of the SWIFT Task Force in Las Vegas, NASA’s Jet Propulsion Laboratory, Computer Crimes Division, also provided assistance in the investigation.  The case was prosecuted by Assistant U.S. Attorneys Kimberly M. Frayn and Andrew W. Duncan, and Trial Attorney Jonathan Ophardt of the U.S. Department of Justice Organized Crime and Gang Section.
 This law enforcement action is sponsored by President Barack Obama’s Financial Fraud Enforcement Task Force. President Obama established the interagency Financial Fraud Enforcement Task Force to wage an aggressive, coordinated and proactive effort to investigate and prosecute financial crimes.  The task force includes representatives from a broad range of federal agencies, regulatory authorities, inspectors general, and state and local law enforcement who, working together, bring to bear a powerful array of criminal and civil enforcement resources. The task force is working to improve efforts across the federal executive branch, and with state and local partners, to investigate and prosecute significant financial crimes, ensure just and effective punishment for those who perpetrate financial crimes, combat discrimination in the lending and financial markets, and recover proceeds for victims of financial crimes.