National Cyber Security

Several weeks ago, a document from the Pentagon affirmed that cyberattacks against US’ companies and institutions “appear to be attributable” to the Chinese government. Now, a report released by the Commission on the Theft of American Intellectual Propertysays that the best method against these threats is to “hack back.”

The group, which includes personalities like the former US Ambassador to China Jon Huntsman and former Director of National Intelligence Dennis Blair, says that “without damaging the intruder’s own network, companies that experience cyber theft ought to be able to retrieve their electronic files or prevent the exploitation of their stolen information.”

The report says that Congress should consider the addition or modification of laws which will allow US companies to “counterattack” against hackers. Meanwhile, the group says cyber security information-sharing between companies and the government has to increase, by passing the controversial Cyber Information and Sharing Protection Act (CISPA).

The defence proposed by the commission includes surveillance activities, activation of malware in hacker’s network and destruction of hacker’s computers and networks.

“Both technology and law must be developed to implement a range of more aggressive measures that identify and penalize illegal intruders into proprietary networks, but do not cause damage to third parties,” says the report.

In essence, the document suggests that companies which have been hacked must have the right, at least, of do the same with hackers and get stolen files back.

However, the Computer Fraud and Abuse Act considers these proposals illegal and, according to the Justice Department’s cybercrime manual states that a hacked company “should not take any offensive measures on its own”, even if they are defined as “defence.”

Besides, such activities could damage computers from innocent citizens, because hackers use to launch their attacks from third parties. In addition, it’s not clear yet which is the source or sources of the cyberattacks. Despite the government affirms that China is behind, the Asian country maintains that such actions weren’t launched by them.

According to experts, “hacking back” is not the solution. Allowing companies to react against hackers will violate international laws and cybersecurity measures.

The question now is whether companies will take action, despite the illegality of the proposal.

Source:  http://www.neurope.eu/article/hacking-back-may-stop-cyberattacks-us-group-says

Cape Town – Hackers did not access any confidential information when the SAPS website was compromised during a concerted cyber attack last week, say police.

A hacker performed a data dump on Friday, uploading personal details of complainants on the police’s website’s e-mail server to another page.

Almost 16 000 e-mails were exposed, including details of incidents of crimes such as rape, murder and robbery and the names and contact details of the complainants.

The police website hosts a variety of services, including an anonymous crime tip-off page where users can report criminal activity.

But national police spokesman Brigadier Phuti Setati said on Wednesday it was only the general feedback portion of the website and the list of police contacts that had been compromised.

“This is not confidential, it is available to anyone… the SAPS has made a facility available on the website where a person may log a request to be addressed by a specific station or division or merely to give a compliment. This information is usually published.”

Anonymous tips and case information were stored on a different server in another building, and there was no electronic link between the two.

“Hacking (our website) will always be a matter that the hacker community will strive to achieve, and therefore the website and the police’s corporate systems are hosted on completely different networks.

“The confidential information cannot be hacked.”

Setati said police had launched a “major investigation” into those behind the attack.

“They will be brought to justice.”

DomainerAnon, a user on Twitter who claimed credit for the attack, tweeted: “The reason for (the attack) is to serve as a reminder to the government regarding murders of 34 protesting miners outside the Marikana platinum mine by police. To date, no officers have been brought to justice… this situation will NOT be tolerated.”

Source:  http://www.iol.co.za/news/crime-courts/saps-hackers-did-not-access-secret-info-1.1520596#.UZ5Mz7Up-8A

JOHANNESBURG — Hackers cracked into the website of South Africa’s police and downloaded information that could leave whistleblowers vulnerable, police and a government data agency said Wednesday.

State Information Technology Agency (Sita), which hosts all of the government’s websites, said that last week the hackers accessed information relating to crimes posted by some 15,000 whistleblowers and complainants.

“Most of the information was submitted anonymously… we are concerned because there is information where people have given further details” of crimes, Daniel Mashao, Sita’s divisional manager, was quoted as saying by SAPA news agency.

The hackers then posted the information onto a public website.

Local media said some of the whistleblowers’ details that may have been compromised include phone numbers, identity numbers and email addresses provided between 2005 and 2013.

The hacker “DomainerAnon” claimed responsibility for the cyber attack in a tweet late last week, saying it was linked to last year’s killing by police of 34 striking workers at the Marikana platinum mine operated by Lonmin.

Police have launched an investigation into the breach, which only discovered on Monday.

Source:  http://www.google.com/hostednews/afp/article/ALeqM5iT8WgZkEDblFE0hNeMEJZYXRTmHQ?docId=CNG.418a3a171f448734c1b6d83987a6a1ab.2f1

Radical hackers Anonymous have rallied behind a lesbian teenager expelled from school and charged by police for an alleged sexual relationship with a 15-year-old girl.

Kaitlyn Hunt, now 18, has been charged with two counts of lewd and lascivious battery of a child 12 to 16 years of age.

The parents of the other girl, a fellow player in Hunt’s basketball team, are believed to have called police to report the pair’s alleged relationship as soon as Hunt turned 18.

Hunt, a high-achieving student and cheerleader who was previously voted ‘Miss School Spirit’, has been expelled from Sebastian River High School, in the town of Sebastian, Florida. Hunt’s parents alleged their daughter is being targeted for her sexuality.

Hacktivists from Anonymous have launched Operation Justice4Kaitlyn, announcing their intention to target the school and the Indian River County State Attorney’s Office.

“While in the course of performing your duties we feel that you’ve lost perspective. Tsk, tsk. The truth is, Kaitlyn Hunt is a bright young girl who was involved in a consensual, same-sex relationship while both she and her partner were minors.

“She has a big future ahead of her and there are people, thousands of people in fact, that have no intention of allowing you to ruin it with your rotten selective enforcement.

“Intolerance has been the curse of this country since its inception. Frankly, we’re sick of it. Specifically, we’re sick of paying the salaries of people like you.

“There are quite a few organizations in this country that would prefer that our elected officials not hire bigots that hunt down and file erroneous charges against young women because of their sexual orientation. The fact is, the puritanism you practice doesn’t have a place in this world any longer.”

Hunt’s parents have started a ‘Free Kate’ Facebook page which has 39,000 members. They describe their daughter as “an active cheerleader, a basketball player, a camp counselor and cheering coach, and a medical assistant training to join the nursing program at Valencia College after graduation.”

Hunt’s parents claim their daughter made friends with a 14-year-old girl at her school, and “their friendship eventually developed into more.

“In September, shortly after Kaitlyn’s 18th birthday, the girls began dating, and they eventually expressed their affection for one another in intimate ways.”

Upon finding out about the relationship the parents “conspired with police to entrap Kaitlyn and press charges.

“Kaitlyn’s girlfriend denies that Kaitlyn ever pressured her and is adamant that their relationship is entirely consensual.”

Prosecutors have offered a plea deal if she pleads guilty to lesser charges of child abuse, and that would allow her to avoid registering as a sex offender. State Attorney Bruce Colton said he would recommend two years of house arrest followed by a year’s probation.

“One of the reasons this case has gotten people’s attention is because it’s being publicized as a person being persecuted because she’s gay, and that has nothing to do with the case, nothing to do with the law, nothing to do with the sheriff’s office filing the charges,” Colton told the Associated Press.

Source:  http://www.huffingtonpost.co.uk/2013/05/22/kaitlyn-hunt-anonymous-lesbian_n_3318291.html?utm_hp_ref=uk

A year of stunning revelations has made many Americans aware that Chinese hackers, some of them believed to be associated with the country’s military, have infiltrated just about every powerful institution in the District, from federal agencies to think tanks to, yes, media organizations. But less well-known are the freelance and industrial hackers operating within China, where they’re estimated to have caused $873 million in damage to Chinese economy in 2011 alone.

That estimate is according to a recent study by academics at China’s prestigious Tsinghua University, mentioned in a new report by the Financial Times’ Kathrin Hille on China’s hackers. There are criminal hackers, sure, but also corporate agents taking China’s often-cutthroat internal economic competition online. Hille documents what she calls a “booming underground cyber economy in China” that goes way beyond the centralized, military-run hackers who are so much more famous.

“Some assessments seek to create the impression that China conducts cyber espionage in a highly organised way with a tight command structure, but that is just not true,” says an official at a U.S. industry association.

He says the military unit portrayed by Mandiant as a spider at the centre of a giant web is just one actor in a thriving but chaotic Chinese hacking ecosystem with many different private and state actors. “One key driver is a set of national policies that call for innovation and the development and acquisition of new technologies. This means there is an incentive for every company and every government institution to get their hands on [intellectual property], whatever it takes.”

There are probably a number of factors behind China’s problem with criminal and corporate hacking; Hille cites bureaucratic infighting and underdeveloped cybersecurity firms. But you have to wonder if the country’s notorious state-run hacking might play a role as well. The Chinese military’s cyber-espionage would seem to set an internal norm that hacking can be okay.

As the U.S. industry official says above, Chinese corporate espionage is partially a product of national Chinese policy, which emphasizes hyper-competitiveness and acquiring intellectual property. Maybe it’s a deliberate product and maybe not, but if Chinese officials even tacitly encourage Chinese firms to steal from foreign competitors, then it’s reasonable to wonder whether a culture of cyber-espionage and intellectual theft might lead those companies to turn those same cyber-tricks against one another.

Could official, state-run hacking lead, directly or indirectly, to less-official hacking of the sort that’s hurting China’s economy? The New Yorker’s John Seabrook interviewed a cybersecurity expert named Adam Meyers who walked him though a hypothetical cyberattack of the sort that might blur the lines between state and non-state hacker:

[Meyers] began by noting that many patterns of corporate espionage bear a suspicious resemblance to China’s five-year plans for modernizing the country’s infrastructure. The scenario he conjured up involved China’s South Sea Fleet. … The Chinese navy is known to be interested in expanding its capabilities from green-water – near to shore – and building up a blue-water, or deep-sea, presence. To do that, it needs to advance its satellite communications, boat building, robotics and other technologies.

“So the P.L.A. naval officer says to his intelligence forces, ‘Here’s the five-year-plan,’” Meyers said. “He’s not using the military’s elite hacking crews, because he doesn’t want this traced back to the military. But there are plenty of crews for hire that are only loosely affiliated with the government, so he uses one of those. He says, ‘Get me everything you can on these technologies.’ So they go out and start their operation.

That operation, of course, would likely include some intellectual property theft from foreign firms. But the point here is not that non-state hackers are just secretly being hired by military officers, which seems unlikely. The point is that official government hacking creates a culture of cyber-espionage; it’s how things are done. It also supports the freelance hacking economy, those crews who might do a job for our hypothetical PLA officer and then might hire themselves out to a Chinese firm looking to edge out its domestic competition. One branch of the Chinese government might want to clean out the hackers, sure, but as long as other branches rely on them, some hackers (as long as they don’t cross certain red lines) are probably going to persist.

That culture of hacking even pervades, as I’ve previously written, the ranks of the Communist Party itself. Senior officials regularly spy on one another, hiring out hackers and other freelancers to help them survive the party’s kill-or-be-killed culture. If you’re the party secretary of a particular province and need for-hire hackers to keep that local upstart from getting you jailed or worse on corruption charges, how hard are you really going to work to arrest every known hacking crew?

None of this is to say that China’s military-run hackers necessarily mean that the country will be unable to solve its problem with internal, unofficial hackers. The United States, after all, employs a massive cybersecurity force at the National Security Agency but still vigorously prosecutes cybercriminals. But the broader hacking culture, which appears to permeate much of the party in one form or another, is going to make it tougher for China to police its own Web.

Source:  http://www.washingtonpost.com/blogs/worldviews/wp/2013/05/20/chinas-culture-of-hacking-cost-the-country-873-billion-in-2011/

Michael Harper for redOrbit.com – Your Universe Online

Earlier this year, security firm Mandiant released a report which found a rash of cyber attacks against companies from the US and other English-speaking countries. These attacks were all believed to be launched from China, specifically a branch of the People’s Liberation Army (PLA) called Unit 61398, located in one 12-story building on the edge of Shanghai.

In the weeks following this report’s release, cyber activity from Unit 61398 had been slow, even though the Chinese government denied any participation in the attacks on hundreds of companies. Yesterday, the New York Times released a second report claiming that the Unit is back at work, and this time they’re using different techniques to avoid being spotted.

“They dialed it back for a little while, though other groups that also wear uniforms didn’t even bother to do that,” said Kevin Mandia, the chief executive of Mandiant, in an interview with the Times.

“I think you have to view this as the new normal.”

Mandiant has once again reported hacking activity, and though they did not disclose the PLA’s targets, they did say several of them were attacked during the last round of cyberattacks. The New York Times itself was a target of the earlier attacks and hired Mandiant to investigate.

The Obama administration has commented on this new uptick in hacking attempts, saying they need to have another conversation with the Chinese government and let them know “there is a real cost to this kind of activity.”

Shortly after being discovered in February, the hackers not only ceased their attacks but also removed any spying tools that they had used or left behind. Mandiant has kept an eye on the Unit, however, and now says they’ve been slowly ramping up their attacks over the past two months. To hide their tracks, the Chinese hackers have begun to use new servers with which to carry out their strikes as well as other spy tools which allow them to steal private information without being detected.

Mandiant believes these hackers have been able to operate at “60 to 70 percent” of the level they were at before they shut down operations in February. The security firm watched as the Unit was essentially dismantled and hackers dispersed. Online detectives worked to find these hackers and link their online pseudonyms with their real identities.

One hacker in particular operated under the assumed name “UglyGorilla.” Online detectives later linked him back to a man named “Wang Dong” who blogged about his experiences as a low-paid and hungry hacker for the PLA.

The PLA hackers only took a few weeks off from their strikes before slowly picking up again where they left off. The new attacks are still originating from the same building in Shanghai, and Mandiant claims most of the Chinese hackers are taking advantage of small Internet Service Providers (ISPs) who aren’t aware of their presence.

Mandiant also found the hackers are still using the same malware as before, though the code has been slightly altered.

Thomas Donilon, President Obama’s national security advisor, is expected to talk about these attacks and more during an upcoming visit to China.

Source:  http://www.redorbit.com/news/technology/1112851568/chinese-hackers-resume-work-052013/

Ever heard of the black hats? And, no, we’re not talking top-hatted City bankers, but unscrupulous computer hackers. The data on your laptop and desktop might be nailed up tighter than Sing Sing prison, but what about your smartphone?

Take hacking personally

According to Intel, hacks on mobile devices rose by a factor of six in 2012. And while the UK’s Leveson Inquiry has made us all hyper-aware of mobile phone hacking, it gets worse than intercepted voice messages: because your smartphone is the repository all sorts of intimate information—your personal (or work) email, instant messages, texts, videos, photos, notes, credit and debit card information, and more—if you’re not aware of the risks of mobile hacking, you’re leaving some extremely personal data vulnerable to attack and misuse.

Phishing and scams

How much of a problem is it? Well, whilst we’re all very aware of the security risks when browsing the Web on our desktops and laptops, the research says we’re not quite so savvy when we’re using our mobile devices; in fact, mobile users are three times more likely to fall for phishing attacks or email scams than desktop users. Lookout Security warns that four in ten mobile users will click on an unsafe link this year. On a small screen, it’s harder to determine if a Web page is legitimate, and on open platforms it’s easy to download an app without checking out the developer first.

Unappy days

As well as phishing operations and suspect links, dodgy apps are one of the mobile user’s weaknesses: these can gain access to your contact list, phone calls, GPS location, and credit card data, often without notifying you, and they can install spyware or malware on your smartphone. Some of the most widely-reported threats in 2012 were able to send and delete SMS messages, make unauthorised phone calls, access and use your phone’s model information, and use the mobile device as a proxy. Then there are the so-called toll fraud applications, which accounted for 62% of all mobile phone threats in 2012; these bill you serious amounts for premium SMS services like wallpaper downloads.

Choose a more secure smartphone

All the signs indicate that mobile Internet users are less security-aware than their laptop and desktop-using brethren. So what can you do about it? The most sensible measure is to research the vulnerability of your OS and device before you buy it. The Nokia Lumia family of smartphones, for instance, runs on Microsoft Windows Phone 8, which has two level protection with built-in anti-phishing protection and an application integrity check.

Forewarned is forearmed

Overall best practice, though, is to be always on guard against cyber-attack. Just like with laptops, logging onto an unsecured Wi-Fi connection isn’t very sensible, especially if you’re going to be working with sensitive information. Be careful what content you download and what sites you access from your device. And, finally, make sure you always have an up-to-date back-up of the contents of your phone, just in case you do become the victim of a mobile hacker.

Happily, knowledge is power and if you know the risks, it’s very easy to take simple precautions. Any questions let us know in the comments below.

Source:  http://conversations.nokia.com/2013/05/21/all-you-need-to-know-about-smartphone-hacking/

The Financial Times’ website and Twitter feeds were hacked on Friday, renewing questions about whether the popular social media service has done enough to tighten security as cyber-attacks on the news media intensify.

The Syrian Electronic Army, an online group that supports Syrian President Bashar al-Assad, was behind the incident which followed a phishing attack on the company’s email accounts, FT reported on its website.

The attack is the latest in which hackers commandeered the Twitter account of a prominent news organization to push their agenda. Twitter’s 200 million users worldwide send out more than 400 million tweets a day, making it a potent distributor of news.

“Twitter has become a big enough media outlet that they should provide better security for high-value accounts like the Associated Press, the FT and others,” said Mikko Hypponen, chief research officer with security software maker F-Secure.

Several attempts to reach Twitter for comment were unsuccessful. The company’s media relations team made no mention of the attack on its own Twitter feed.

Last month, the Syrian Electronic Army took control of the Associated Press’ official Twitter feed and sent out a bogus message that two explosions at the While House injured President Obama. The false tweet triggered a brief but steep sell-off in the U.S. financial markets.

That followed a spate of attacks in the past year by the group on Twitter accounts of other media organizations, including the BBC, National Public Radio, CBS, Reuters News and the satirical news website The Onion.

Over the past few years security experts have become increasingly vocal in calling for Twitter to introduce an additional safety measure, a two-step process to log in, that would help reduce breaches.

This type of authentication has long been used by governments and big corporations and in recent years some consumer Internet companies like Facebook Inc , Google Inc and Microsoft Corp have embraced it.

“You can get two-factor authentication for World of Warcraft, but you can’t get it for Twitter. Go figure,” Hypponen said, referring to the popular video game.

Execution videos

In Friday’s hacking of the FT, the Syrian Electronic Army – which regularly targets media organizations it sees as sympathetic to Syria’s rebels – posted links on the newspaper’s Twitter feed to YouTube.

The video purports to show members of the al Qaeda-linked Nusra Front Syrian rebel group executing blindfolded and kneeling members of the Syrian army.

The video could not be independently verified.

“Today various FT Twitter accounts and one FT blog (not more as previously stated) were compromised by hackers. We have now secured those accounts are working to resolve the issue as quickly as possible,” the FT, owned by Pearson Plc , said in an updated statement.

Stories on the FT’s website had their headlines replaced by “Hacked By Syrian Electronic Army” and messages on its Twitter feed read: “Do you want to know the reality of the Syrian ‘Rebels?’” followed by a link to the video.

The FT’s feeds dedicated to technology and commodities were among those affected.

Also on Friday, the Kyodo news agency reported that Yahoo Japan suspects up to 22 million of its 200 million user IDs may have been leaked. Kyodo said Yahoo Japan also detected an unauthorized attempt to access the administrative systems of its web portal.

Source:  http://gadgets.ndtv.com/internet/news/syria-government-supporters-hack-the-financial-times-369180