28 August 2013

China hit by 'biggest ever' cyber-attack

.....The distributed denial of service (DDoS) attack was said to have targeted servers responsible for sites with a ".cn" domain name...

....The technique is typically employed by hacktivists looking to disrupt websites from operating correctly.......

....Notice of the attack was posted on the website of the China Internet Network Information Center (CNNIC).....
....It said that the DDoS had begun at 02:00 local time on Sunday - before intensifying at 04:00......
...It said it would "enhance the service capabilities" of the network responsible for the affected domains.....

Click here to read more ....

11 July 2013

HP admits to backdoors in storage products

Hewlett-Packard has agreed that there is an undocumented administrative account in its StoreVirtual products, and is promising a patch by 17 July.

.....HP has now issued this security advisory, stating:
“This vulnerability could be remotely exploited to gain unauthorized access to the device.
“All HP StoreVirtual Storage systems are equipped with a mechanism that allows HP support to access the underlying operating system if permission and access is provided by the customer. This functionality cannot be disabled today.
“HP has acknowledged this vulnerability and will provide a patch that will allow customers to disable the support access mechanism on or before July 17, 2013”...

"...Although data isn't accessible via the backdoor, one user with around 50 TB of StoreVirtual capacity said the account gave sufficient access to reboot nodes in a cluster, “and so cripple the cluster"....

04 July 2013

Rules under Section 69 Information Technology Act 2000


New Delhi, the 27th October, 2009

G.S.R. 780 (E).— In exercise of the powers conferred by clause (y) of sub-section (2) of section 87, read with sub-section (2) of section 69 of the Information Technology Act, 2000 (21 of 2000), the Central Government hereby makes the following rules, namely:

1.  Short title and commencement— (1) These rules may be called the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.             (2)  They shall come into force on the date of their publication in the Official Gazette.

2. Definitions—In these rules, unless the context otherwise requires, --
(a) 'Act' means the Information Technology Act. 2000 (21 of 2000);
(b)'communication' means dissemination, transmission, carriage of information or signal in some manner and include both a direct communication and an indirect communication;
(c)'communication link' means the use of satellite, microwave, radio, terrestrial line, wire, wireless or any other communication media to inter-connect computer resource;
(d)'competent authority' means -
(I) The Secretary in the Ministry of Home Affairs, in case of the Central Government; or
(II) The Secretary in charge of the Home Department, in case of a State Government or Union territory, as the case may be;
(e) 'Computer resource' means computer resource as defined in clause (k) of sub-section (1) of section 2 of the Act;
(f)'decryption' means the process of conversion of information in non-intelligible form to an intelligible form via a mathematical formula, code, password or algorithm or a combination thereof;
(g)'decryption assistance' means any assistance to -
(I) allow access, to the extent possible, to encrypted information; or
(II) Facilitate conversion of encrypted information into an intelligible form;
(h)'decryption direction' means a direction issued under rule 3 in which a decryption key holder is directed to -
(I)disclose a decryption key; or
(II)provide decryption assistance in respect of encrypted information
(i)'decryption key' means any key, mathematical formula, code, password, algorithm or any other data which is used to -
(I)allow access to encrypted information; or
(II)facilitate the conversion of encrypted information into an Intelligible form;
(j) 'decryption key holder' means any person who deploys the decryption mechanism and who is in possession of a decryption key for purposes of subsequent decryption of encrypted information relating to direct or indirect communications;
(k) 'information' means information as defined in clause (v) of sub-section (1) of section 2 of the Act;
(I) 'intercept' with its grammatical variations and cognate expressions, means the aural or other acquisition of the contents of any information through the use of any means, including an interception device, so as to make some or all of the contents of a information available to a person other than the sender or recipient or intended recipient of that communication, and includes—
(a)monitoring of any such information by means of a monitoring device;
(b)viewing, examination or inspection of the contents of any direct or indirect information; and
(c)diversion of any direct or indirect information from its intended destination to any other destination;
(m)'Interception device' means any electronic, mechanical, electro-mechanical, electro-magnetic, optical or other instrument, device, equipment or apparatus which is used or can be used, whether by itself or in combination with any other instrument, device, equipment or apparatus to intercept any information; and any reference to an "interception device' includes, where applicable, a reference to a 'monitoring device';
(n)'intermediary' means an intermediary as defined in clause (w) of sub-section (1) of section 2 of the Act;
(o)"monitor' with its grammatical variations and cognate expressions, includes to view or to inspect or listen to or record information by means of a monitoring device;
(p)'monitoring device means any electronic, mechanical, electro-mechanical, electro-magnetic, optical or other instrument, device, equipment or apparatus which is used or can be used, whether by itself in combination with any other instrument, device, equipment or apparatus, to view or to inspect or to listen to or record any information;
(q)'Review Committee' means the Review Committee constituted under rule 419A of Indian Telegraph Rules, 1951.

3. Directions for interception or monitoring or decryption of any Information — No person shall carry out the interception or monitoring or decryption of any information generated, transmitted, received or stored in any computer resource under Sub-section (2) of section 69 of the Act, except by an order issued by the competent authority;
Provided that in an unavoidable circumstances, such order may be issued by an officer, not below the rank of the Joint Secretary to the Government of India, who has been duly authorised by the competent authority;
Provided further that in a case of emergency-
(I) In remote areas, where obtaining of prior directions for interception or monitoring or decryption of information is not feasible; or
(II) for operational reasons. where obtaining of prior directions for interception or monitoring or decryption of any information generated, transmitted, received or stored In any computer resource is not feasible,
the interception or monitoring or decryption of any information generated, transmitted, received or stored in any computer resource may be carried out with the prior approval of the Head or the second senior most officer of the security and law enforcement agency (hereinafter referred to as the said Security agency) at the Central level and the officer authorised in this behalf, not below the rank of the Inspector General of Police or an officer of equivalent rank, at the Stale or Union territory level;
Provided also that the officer, who approved such interception or monitoring or decryption of information in case of emergency, shall inform in writing to the competent authority about the emergency and of such interception or monitoring or decryption within three working days and obtain the approval of the competent authority thereon within a period of seven working days and if the approval of competent authority is not obtained within the said period of seven working days, such Interception or monitoring or decryption shall cease and the information shall not be intercepted or monitored or decrypted thereafter without the prior approval of the competent authority.

4. Authorisation of agency of Government- The competent authority may authorise an agency of the Government to intercept, monitor or decrypt information generated, transmitted, received or stored in any computer resource for the purpose specified in sub-section (1) of section 69 of the Act.

5. Issue of decryption direction by competent authority — The competent authority may, under rule 3 give any decryption direction to the decryption key holder for decryption of any information involving a computer resource or part thereof.

6. Interception or monitoring or decryption of information by a State beyond its Jurisdiction— Notwithstanding anything contained in rule 3, if a State Government or Union territory Administration requires any interception or monitoring or decryption of information beyond its territorial jurisdiction, the Secretary in-charge of the Home Department in that State or Union territory, as the case may be, shall make a request to the Secretary in the Ministry of Home Affairs, Government of India for issuing direction to the appropriate authority for such interception or monitoring or decryption of information.

7. Contents of direction — Any direction issued by the competent authority under rule 3 shall contain reasons for such direction and a copy of such direction Shall be forwarded to the Renew Committee within a period of seven working days.

8. Competent authority to consider alternative means in acquiring Information- The competent authority shall, before issuing any direction under rule 3, consider possibility of acquiring the necessary information by other means and the direction under rule 3 shall be issued only when it is not possible to acquire the information by any other reasonable means.

9.Direction of interception or monitoring or decryption of any specific information— The direction of interception or monitoring or decryption of any information generated, transmitted, received or stored in any computer resource shall be of any information as is sent to or from any person or class of persons or relating to any particular subject whether such information or class of information are received we one or more computer resources, or being a computer resource likely to be used for the generation, transmission, receiving, storing of information from or to one particular person or one or many set of premises, as may be specified or described in the direction.

10.Direction to specify the name and designation of the officer to whom information to be disclosed — Every directions under rule 3 shall specify the name and designation of the officer of the authorised agency to whom the intercepted or monitored or decrypted or stored information shall be disclosed and also specify that the use of Intercepted or monitored or decrypted information shall be subject to the provisions of sub-section (1) of section 69 of the said Act.

11.Period within which direction shall remain in force — The direction for interception or monitoring  or decryption shall remain in force, unless revoked earlier, for a period not exceeding sixty days from the date of its issue and may be renewed from time to time for such period not exceeding the total period of one hundred and eighty days.

12. Authorised agency to designate nodal officer— The agency authorised by the competent    authority under rule 4 shall designate one or more nodal officer, not below the rank of Superintendent of Police or Additional Superintendent of Police or the officer of the equivalent rank, to authenticate and send the requisition conveying direction issued under rule 3 for interception, or monitoring or decryption to the designated officers of the concerned intermediaries or person in-charge of computer resource;
Provided that an officer, not below the rank of Inspector of Police or officer of equivalent rank, Shall deliver the requisition to the designated officer of the Intermediary.

13. Intermediary to provide facilities, etc.— (1) The officer issuing the requisition conveying direction issued under rule 3 for interception or monitoring or decryption of information shall also make a request in writing to the designated officers of intermediary or person in-charge of computer resources, to provide all facilities, co-operation and assistance for interception or monitoring or decryption mentioned in the direction.
(2)On the receipt of request under sub-rule (1), the designated officers of intermediary or person in-charge of computer resources, shall provide all facilities, co-operation and assistance for interception or monitoring or decryption of information mentioned in the direction.
(3)Any direction of decryption of information issued under rule 3 to intermediary shall be limited to the extent the information is encrypted by the intermediary or the intermediary has control over the decryption key.

14.Intermediary to designate officers to receive and handle requisition— Every intermediary or  person in-charge of computer resource shall designate an officer to receive requisition, and another officer to handle such requisition, from the nodal officer for interception or monitoring or decryption of information generated, transmitted, received or stored in any computer resource.

15.Acknowledgement of instruction — The designated officer of the intermediary or person in-charge of computer resources shall acknowledge the instructions received by him through letters or fax or email signed with electronic signature to the nodal officer of the concerned agency within two hours on receipt of such intimation or direction for interception or monitoring or decryption of information.

16.Maintenance of records by designated officer— The designated officer of intermediary or person  in-charge of computer resource authorised to intercept or monitor or decrypt any information shall maintain proper records mentioning therein, the intercepted or monitored or decrypted information, the particulars of persons, computer resource, e-mail account, website address. etc whose information has been intercepted or monitored or decrypted, the name and other particulars of the officer or the authority to whom the intercepted or monitored Of decrypted information has been disclosed, the number of copies, including corresponding electronic records of the intercepted or monitored or decrypted information made and the mode or the method by which such copies, including corresponding electronic record are made, the date of destruction of the copies, including corresponding electronic record and the duration within which the directions remain in force.

17. Decryption key holder to disclose decryption key Or provide decryption assistance— If a decryption direction or a copy thereof is handed to the decryption key holder to whom the decryption direction is addressed by the nodal officer referred to in rule 12, the decryption key holder shall within the period mentioned in the decryption direction -
(a) disclose the decryption key; or
(b) provide the decryption assistance,
Specified in the decryption direction to the concerned authorised person.

18. Submission of list of Interception or monitoring or decryption of information— (1) The designated officers of the intermediary or person in-charge of computer resources shall forward in every fifteen days a list of interception or monitoring or decryption authorisations received by them during the preceding fortnight to the nodal officers of the agencies authorised under rule 4 for confirmation of the authenticity of such authorizations.
(2) The list referred to in sub-rule (1) shall include details, such as the reference and date of orders of the concerned competent authority including any order Issued under emergency cases, date and time of receipt of such order and the date and time of implementation of such order.

19. Intermediary to ensure effective check In handling matter of Interception or monitoring or decryption of Information— The intermediary or the person n-charge of the computer resource so directed under rule 3, shall provide technical assistance and the equipment including hardware, software, Firmware, storage, interface and access to the equipment wherever requested by the agency authorised under rule 4 for performing interception or monitoring or decryption including for the purposes of-
(I)the installation of equipment of the agency authorised under rule 4 for the purposes of interception or monitoring or decryption or accessing stored information in accordance with directions by the nodal officer; or
(II)the maintenance, testing or use of such equipment; or
(III)the removal of such equipment; or
(iv) the performance of any action required for accessing of stored information under the direction issued by the competent authority under rule 3.

20. Intermediary to ensure effective check In handling matter of interception or monitoring or decryption of Information— The intermediary or person in-charge of computer resources shall put in place adequate and effective internal checks to ensure the unauthorised interception of information does not take place and extreme secrecy is maintained and utmost care and precaution shall be taken in the matter of interception or monitoring or decryption of information as it affects privacy of citizens and also that it is handled only by the designated officers of the intermediary and no other person of the intermediary or person in-charge of computer resources shall have access to such intercepted or monitored or decrypted information.

21. Responsibility of Intermediary— The intermediary or person in-charge of computer resources shall be responsible for any action of their employees also and in case of violation pertaining to maintenance of secrecy and confidentiality of information or any unauthorized interception or monitoring or decryption of information, the intermediary or person in-charge of computer resources shall be liable for any action under the relevant provisions of the laws for the time being in force.

22. Review of directions of competent authority— The Review Committee shall meet at least once in two months and record its findings whether the directions issued under rule 3 are in accordance with the provisions of sub-section (2) of section 69 of the Act and where the Review Committee is of the opinion that the directions are not in accordance with the provisions referred to above, it may set aside the directions and issue order for destruction of the copies, including corresponding electronic record of the intercepted or monitored or decrypted information.

23. Destruction of records of Interception or monitoring or decryption of information— (1) Every record, including electronic records pertaining to such directions for interception or monitoring or decryption of information and of intercepted or monitored or decrypted information shall be destroyed by the security agency in every six months except in a case where Such information is required, or likely to be required for functional requirements.
 (2) Save as otherwise required for the purpose for any ongoing investigation, criminal complaint or legal proceedings, the intermediary or person in-charge of computer resources shall destroy records pertaining to directions for Interception of information within a period of two months of discontinuance of the Interception or monitoring or decryption of such information and in doing so they shall maintain extreme secrecy.

24. Prohibition of interception or monitoring or decryption of information without authorisation —  (1) Any person who intentionally or knowingly, without authorisation under rule 3 or rule 4, intercepts or attempts to intercept, or authorises or assists any other person to intercept or attempts to intercept any information in the course of its occurrence or transmission at any place within India, shall be proceeded against and punished accordingly under the relevant provisions of the laws for the time being in force.
(2) Any interception, monitoring or decryption of Information in computer resource by the employee of an intermediary or person in-charge of computer resource or a person duly authorised by the intermediary, may be undertaken in course of his duty relating to the services provided by that intermediary, if such activities are reasonably necessary for the discharge his duties as per the prevailing industry practices, in connection with the following matters, namely-
(I) installation of computer resource or any equipment to be used with computer resource; or
(II) operation or maintenance of computer resources; or
(III) installation of any communication link or software either at the end of the intermediary or subscriber, or installation of user account on the computer resource of intermediary and testing of the Same for its functionality;
(iv)accessing stored information from computer resource relating to the installation, connection or maintenance of equipment, computer resource or a communication link or code; or
(v)accessing stored information from computer resource for the purpose of—
(a)implementing information security practices in the computer resource;
(b)determining any security breaches, computer contaminant or computer virus;
(c)undertaking forensic of the concerned computer resource as a part of investigation or internal audit, or
(iv) accessing or analysing information from a computer resource for the purpose of tracing a computer resource or any person who has contravened, or is suspected of having contravened or being likely to contravene, any provision of the Act that is likely to have an adverse impact on the services provided by the intermediary.
(3) The intermediary or the person in-charge of computer resource and its employees shall maintain strict secrecy and confidentiality of information while performing the actions specified under sub- rule (2)

25. Prohibition of disclosure of intercepted or monitored or decrypted information — (1) The contents of intercepted or monitored or stored or decrypted information shall not be used or disclosed by intermediary or any of its employees or person in-charge of computer resource to any person other than the intended recipient of the said information under rule 10.
(2)The contents of intercepted or monitored or decrypted information shall not be used or disclosed by the agency authorised under rule 4 for any other purpose, except for investigation or sharing with other security agency for the purpose of investigation or in judicial proceedings before the competent court in India.
(3)Save as otherwise provided in sub-rule (2), the contents of intercepted or monitored or decrypted information shall not be disclosed or reported in public by any means, without the prior order of the competent court in India.
(4)Save as otherwise provided in Sub-rule (2), strict confidentiality shall be maintained in respect of direction for interception, monitoring or decryption issued by concerned competent authority or the nodal officers.
(5)My Intermediary or its employees or person in-charge of computer resource who contravenes provisions of these rules shall be proceeded against and punished accordingly under, the relevant provisions of the Act for the time being in force.
(6)Whenever asked for by the concerned security agency at the Centre the security agencies at the State and the Union territory level shall promptly share any information which they may have obtained following directions for interception or monitoring or decryption of any information generated, transmitted, received or stored in any computer resource under rule 3, with the security agency at the Centre.

                                                                                                              Sd/-                      
[No.9(16/2004-EC)]                                                                                                                                N. RAVI SHANKER, Jt. Secy

07 June 2013

Chinese hacked Obama, McCain campaigns, took internal documents, officials say

The U.S. secretly traced a massive cyberespionage operation against the 2008 presidential campaigns of Barack Obama and John McCain to hacking  units backed by the People’s Republic of China, prompting  high level warnings to Chinese officials to stop such activities,  U.S. intelligence officials tell NBC News.
....
“There’s been successful exfiltration of data from government agencies (by the Chinese) up and down Pennsylvania Avenue,” said Shawn Henry, who headed up the FBI’s probe of the 2008 attacks as the bureau’s chief of cyberinvestigations. 


Click here to read more ....

Microsoft and FBI strike blow against $500m cyber crime ring

Microsoft and the FBI say they have significantly disrupted a ring of botnets that has stolen $500 million in the last 18 months. 

The Citiadel botnet ring was made up of 1,400 individual botnets - networks of malware-infected PCs

....The ring had amassed some 5 million infected machines in over 90 countries. Organisations affected include American Express, Bank of America, Citigroup, Credit Suisse, PayPal and HSBC......

.....Citadel was developed using augmented source code from the Zeus toolkit. .....

....“Creating successful public-private partnerships –in which tools, knowledge and intelligence are shared– is the ultimate key to success in addressing cyber threats and is among the highest priorities of the FBI," McFeeley said......

Click here to read more ....

06 June 2013

Hackers to be denied US entry under House cyber security Bill

.....Computer hackers who target US agencies and companies on behalf of countries such as China and Russia would be denied entry into the US and have their bank accounts frozen under legislation to be unveiled on Thursday.....

....This is putting a face to the criminals, Knight said in an interview. If you’re a foreign agent working on behest of a nation and participating in cybercrime, you will not be allowed a visa into the country, nor will your family.....


Click here to read more..

05 June 2013

Researchers prove that light, sound can activate mobile malware


....Researchers have discovered a way to trigger and control malware on smartphones using sensory channels, like light, vibrations, music or other sounds...

.....The paper, titled “Sensing-Enable Channels for Hard-to-Detect Command and Control of Mobile Devices,” described one example in which music that blares from a speaker could cause compromised smartphones to carry out malicious activities at a sports event.
Attackers could instruct the malware to perform actions such as launch distributed denial-of-service attacks, interfere with other non-mobile networks in range....
...So, if an attacker was clever enough to make use of these tricks, it would make for an interesting story, or possibly bragging rights, but wouldn't give them a pass to wreak havoc undetected.

Drupal breach compromises nearly one million accounts

.....Hackers ransacked the servers of Drupal.org, an open source content management platform, to plunder the sensitive information of nearly one million accounts. .....

......In a Wednesday blog post, Ross said usernames, email addresses, country information, and hashed passwords were exposed in the incident. All passwords were hashed, while only some were salted, an additional security layer where a sequence of symbols is added to passwords before they're hashed......

......As a safety measure, the company reset all passwords for its nearly one million accounts. ......

04 June 2013

Cyber War: U.S. Electric Grid is Riddled With Cyber Security Holes

.....a report released by Reps. Ed Markey (D-Mass.) and Henry A. Waxman (D-Calif.), it had been discovered that malicious computer worms have been attacking electric grids, causing the companies involved to have losses in both energy and money.....

......A computer worm has the ability to replicate itself, allowing the worm to create hundreds or even thousands of copies of itself. However, consuming too much system memory could lead to network servers, Web servers, and the like to becoming unresponsive....

.....To control this issue, he says to "install firewalls, apply patches and to always perform upgrades." If something isn't done soon, the nation could be at risk for a massive power outage, resulting in millions going without the basic needs that electricity satisfies.....

Click here to read more ....

McAfee: Cyber criminals using Android malware and ransomware the most


 .....the company witnessed a 40 increase in Android malware, a near-300-percent jump in instances of Facebook-threat Koobface, and a steady rise in ransomware and reported infections. Add to that an increase in AutoRun malware, malware that attacks MBRs (master boot records), and a doubling of spam worldwide, and the state of security looks bleak.....

....Among the key findings in report, McAfee revealed that it now has a total of 50,926 mobile malware samples in its database, 28 percent of which arrived this year.....

.....McAfee has witnessed more instances of malicious spyware being combined with botnets. Among them is Android/Ssucl.A, a Trojan that poses as a system cleanup utility but is really a botnet client. It not only steals user and SMS data, it also launches phishing attacks for Dropbox and Google log-ins. It tries to infect PCs using an autorun.inf attack too.....

....... "Within the enterprise, we see password-stealing Trojans evolving to become information-gathering tools for cyber espionage attacks. Whether they target login credentials or intellectual property and trade secrets, highly targeted attacks are achieving new levels of sophistication.".....

Click here to read more ....

Now LinkedIn rolls out two-factor authentication


LinkedIn is the latest website to add two-factor authentication as a measure to prevent account takeovers....

.....The feature works similarly to the two-step verification recently pushed out by Twitter, which had been experiencing high-profile account compromises......

.......The site's more than 200 million members can enable the capability by visiting "Settings," then selecting the "Account" tab and clicking "Manage Security Settings.".......

Click here to read more.


28 May 2013

Google cyber-knight lances Microsoft for bug-hunter 'hostilities'

Top Google engineer Tavis Ormandy has slammed Microsoft for treating security bug hunters with “great hostility”.

He blasted Redmond's behaviour towards those who report vulnerabilities as he publicly revealed a new unpatched security hole in the Windows operating system - a bug that can be exploited to crash systems or gain administrator privileges. The vulnerable driver is present in "all currently supported versions" of Windows, according to the Googler...

......After documenting the bug, he posted his initial findings to the Full Disclosure mailing list, and published a complete dossier last week.
In a related post on his personal blog, Ormandy invited others to look into the flaw, before finishing the essay with trenchant criticism of Redmond's attitude towards computer security professionals...

...Vulnerability management specialists Secunia warned that the flaw discovered by Ormandy can be used to launch denial-of-service assaults or elevate a local user's privilege......

...“The vulnerability is caused due to an error within 'win32k.sys' when processing certain objects and can be exploited to cause a crash or execute arbitrary code with the kernel privilege,”....
..Click here to read more ....

24 May 2013

CNN International Breached, Accounts Leaked, Fake Articles Claim to be Posted By @Reckz0r

A hacker who has been quite for some time now in headlines has come back out with a claim that they have hacked CNN’s international Edition website (http://edition.cnn.com/).

.....In the post comes a short statement which states that CNN has been hacked for false news reports and also makes further claims that they have published 4 fake articles, which i could not locate or distinguish on the site and the leak also comes with small amount of data leaked from the websites database with claims that anyone who can figure out the 4 fake articles is able to obtain the complete database from them (the hacker)....

.....The site breached as you can see is the International Edition site for CNN and the leaked data that has been published to paste bin is 9 administrator accounts with usernames, user IDs and encrypted passwords along with a list of database tables......

Click here to read more ...

DHS employees' info possibly compromised due to system flaw

"U.S. Department of Homeland Security employees have begun receiving notifications about a vulnerability that has inadvertently made their personal information potentially accessible to unauthorized parties.

The flaw was apparently found in the software used by a DHS vendor to process personnel security investigations and has been immediately addressed. "

There is no evidence that the information contained in the system - names, social security numbers, date of birth - were actually stolen or accesses at all, but potentially affected employees, contractors, inactive applicants, and former employees. ...


Click here to read more ....

A spotlight on grid insecurity


Drawing from responses from more than 100 utilities across America, a new report shows that the nation’s electric grid remains highly vulnerable to attacks from Iran and North Korea, or other threats like geomagnetic storms from solar activity.

The electric grid is the target of numerous and daily cyber attacks. One utility said that there were 10,000 attempted attacks each month, and others describe the level of potential incursions as “daily”, “constant”, “malicious” and “seeking to gain access to internal systems.”

...Most utilities comply with mandatory standards only, not additional voluntary ones, and do so unevenly. For example, while almost all utilities said they complied with mandatory Stuxnet standards, only 21 percent of industry-owned utilities, 44 percent of municipally- or cooperatively-owned utilities and 62.5 percent of federal entities reported compliance with voluntary Stuxnet recommendations that industry did not agree to mandate.

Most utilities have not taken concrete steps to reduce the vulnerability of the grid to geomagnetic storms and it is unclear whether the number of available spare transformers is adequate...

Click here to read more ....

Microsoft decrypts Skype comms to detect malicious links

.. Several independent researchers including security consultant Ashkan Soltani who was hired by Ars Technica confirmed that some of the URLs contained in chats were, indeed, accessed from an IP address belonging to Microsoft...

..encrypted communication must be decrypted in order for the links to be scanned, and according to its Privacy Policy, Skype can record and retain links and other content sent over Skype.

"There's a widely held belief—even among security professionals, journalists, and human rights activists—that Skype somehow offers end-to-end encryption, meaning communications are encrypted by one user, transmitted over the wire, and then decrypted only when they reach the other party and are fully under that party's control. This is clearly not the case if Microsoft has the ability to read URLs transmitted back and forth," points out Ars Technica's Dan Goodin.


Click here to read more

17 May 2013

LulzSec cyber hackers jailed in Britain

Four online hackers who masterminded attacks against major global institutions, including Sony Pictures and the CIA, have been jailed in Britain. The sentencing judge criticized the group's quest for publicity.


The group hacked into Pentagon computers, crashed the website of the US Central Intelligence Agency (CIA), as well as targeting British institutions - including websites belonging to the National Health Service and the Serious Organized Crime Agency.
In one attack, the group targeted the website of Rupert Murdoch's The Sun newspaper, redirecting visitors to a spoof story that Murdoch had committed suicide. The group also carried out distributed denial of service (DDoS) attacks, using linked networks of up to one million computers to crash websites.


Click here to read more ....

Is Microsoft reading your Skype communications?

The question of whether Skype - a Microsoft subsidiary since May 2011 - allows U.S. intelligence and law enforcement agencies to access the communications exchanged by its users has still not been adequately answered by Microsoft...


That conclusion has been reached after The H's German associates at heise Security have been notified, and then independently confirmed, that every HTTPS URL sent over Skype gets checked from an IP address registered to Microsoft headquarters in the U.S...

When asked why that is, the company has replied that they are indeed accessing all sent URLs so that they could spot and remove spam and phishing links.

But the researchers remain unconvinced...


Click here to read more ....

Private messages of Bloomberg clients end up online

Private messages of Bloomberg clients end up online: "Mere days after Bloomberg News admitted that its journalists could access some client information via the company's financial terminals, it has been revealed that the company inadvertently leaked on the Internet over 10,000 private messages exchanged by its clients.

Financial Times reports that the messages in question were found by a unnamed financial markets professional via a simple Google search, and that they were online for a number of years, accessible to anyone who knew what to look for. After the FT inquired about them, they were taken down.

“This work was done with client consent, where emails were explicitly forwarded to us to a dedicated email account and released by the person responsible for the email so that we could conduct internal testing to improve our technology for the client,” a Bloomberg spokesman stated.

Click here to read more ....

Info-stealing Dorkbot worm spreading on Facebook

The Dorkbot worm, which first appeared in 2011 and has since been spreading via removable drives, IM programs and social networks, is currently targeting Facebook users.

The worm is delivered to potential victims via a chat message that appear to be coming from a friend and, at first glance, the link looks like it should take users to a regular JPG image file hosted on MediaFire...

According to Bitdefender, over 9,000 malicious links pointing to the malware have been detected in 24 hours, but Facebook is reacting quickly and blocking them.


Click here to read more

16 May 2013

IT security jobs: What's in demand and how to meet it

The information security job market continues to expand. In fact, according to a report by Burning Glass Technologies, over the past five years demand for cybersecurity professionals grew 3.5 times faster than that for other IT jobs..

Employment in the occupational group that includes information security analysts is projected to grow 22 percent from 2010 to 2020, faster than the average for all occupations, according to Eric Presley, CTO at CareerBuilder

Read more: IT security jobs: What's in demand and how to meet it

22 March 2013

TeamSpy snooped on governments, big biz undetected for 10 years


Computer security researchers say they have uncovered a decade-long espionage campaign against governments, businesses and human-rights activists in Eastern Europe and beyond.

We're told the spying operation was partially pulled off by subverting TeamViewer - a legitimate tool for remotely controlling computers and holding meetings online. The snoopers installed the software on victims' Windows PCs and modified the code's behaviour with DLL hijacking to open a backdoor on the compromised machines. This successful tactic earned the campaign the nickname of TeamSpy and kept the hacking crew under the radar for years.
The researchers, who are based at the Laboratory of Cryptography and System Security (CrySyS Lab), said the spying team also used custom-built malware in days gone by.
......

"The campaigns are a mix of targeted attacks and conventional cyber-crime activities, for example, banking crime operations such as the Sheldor campaign."
CrySyS Lab reckoned the attacks are the work of a small and technically skilled team that has grown more sloppy over the years as complacency set in.

.....
TeamSpy's modus operandi is similar to the approach taken by the hackers behind the earlier Red October attack, although the two operations are not thought to be directly linked. The TeamSpy crew usually roped in victims using so-called waterhole attacks based on planting malicious code on websites frequently visited by people working at targeted organisations. That attack code was also injected into advertising networks that ran across the targeted regions.

A detailed technical analysis by Kaspersky Lab of TeamSpy can be found here [PDF]. ®

....


Click here to read more ....

SOUTH KOREA UNDER CYBER ATTACK


SEOUL – Three South Korean broadcasters and two banks were hit by a major cyber attack this afternoon, in an apparently successful attack that has rendered system-wide computer networks unusable since 1400KST (0100EST).
KBS, MBC and YTN were all hit by the attack, as were Shinhan and Nonghyup banks, South Korean news agency Yonhap reported. KBS staff member Luke Cleary tweeted a picture of his laptop screen, apparently showing a wiped operating system:

Although no evidence has thus-far been presented, a statement from the presidential office said they were investigating the possibility of North Korean involvement in the attack, and the military has upgraded its “info surveillance status” in response. Reuters, however, reported that a holding page from a hacking group know as the “Whois Team” appeared on an LG-owned website (see below video).
“The circumstantial evidence points towards North Korea, but that’s also the perfect cover for someone wanting to attack South Korea and cause mischief,” North Korea Tech blogger Martyn Williams told NK NEWS.
.......


Click here to read more ....

Other Links of same story :

http://english.yonhapnews.co.kr/

http://www.northkoreatech.org/

http://www.scmagazine.com

http://www.symantec.com

15 March 2013

Britain and India to agree cyber crime joint taskforce

Britain and India are expected to agree to set up a joint task force to fight cyber crime, a move London hopes will help it safeguard the personal banking and mobile phone data of millions of Britons, much of which is stored on Indian servers.
....
It said India was set to have one of the biggest online populations by 2015 with an expected 300 million users - larger than the United States and up from the 137 million users already in India today.
......


Click here to read more ....

Cybercrime-as-a-Service – A Very Modern Business


By Vishak Raman on 7 March, 2013

Cybercrime business includes a complete range of deliverables, from attack tools and methods, consulting, services, advertising, and a myriad of programs that serve as the ‘product.’
Cybercrime business includes a complete range of deliverables, from attack tools and methods, consulting, services, advertising, and a myriad of programs that serve as the `product'. The more features or the more complex the service offered, the higher the price. A worrying new phrase has entered the lexicon of cybercrime - Crime-as-a-Service (CaaS). While the term is self-explanatory it more than adequately describes how cybercrime in the 21st Century has become commoditised. 
......
Just as with any other business, there are products and services available to be sold to customers. These include; Consulting services such as botnet setup ($350-$400); Infection/spreading services (~$100 per 1K installs); Botnets and Rentals - Distributed Denial of Service or DDoS ($535 for 5 hours per day for one week), email spam ($40 / 20K emails) and Web spam ($2/30 posts); Crimeware Upgrade Modules. SpyEye Modules as an example, range anywhere from $500 upwards to $10K. SpyEye is a prolific banking botnet that emerged in 2010 and can be upgraded to enable advanced features for money laundering.
.......


Click here to read more ....

Chinese hackers breach DRDO systems; steal cabinet committee on security files


Saikat Datta l @saikatd

New Delhi: A successful Chinese hacking attack has caused what is arguably the biggest security breach in India with systems of hundreds of key DRDO and other security officials being compromised and leading to the leak of sensitive files related to the cabinet committee on security (CCS), the highest decision-making body for security issues of the government of India. 
The other stolen files recovered so far belong to the governments of the United States, Russia, and South Korea.
....

As they continued to trace the breach, they discovered thousands of top secret CCS files, and other documents related to surface-to-air missile and radar programmes from DRDL, a DRDO laboratory based in Hyderabad, among many other establishments. 
Even the e-tickets of the scientists who had travelled to Delhi in February were found on the server. 
The intelligence officials also discovered documents of deals struck between DRDO and Bharat Dynamics Ltd, a defence PSU which manufactures strategic missiles and components. Some other recovered files were related to price negotiations with MBDA, a French missile manufacturing company.
But the shocking part was the extent of the hacking by the Chinese, believed to be officially sponsored. 
.......

Click here to read more ...... 

Doctors used silicone fingers to fool fingerprint scanner


The story broke when Globo TV managed to get its hands on a video that shows 29-year old doctor Thauane Nunes Ferreira first clocking in at work by pressing her own finger onto the device, then doing the same for two colleagues by using silicone fingers.

In the footage, she seems uncomfortable doing it, and collecting the slips of paper that proved that those persons checked in. After having been arrested, she admitted to doing it for a while now, but pointed out that she was coerced into doing it by Jorge Cury, the head of the emergency room

Click here to read more ......

12 February 2013

Software that tracks people on social media created by defence firm

A multinational security firm has secretly developed software capable of tracking people's movements and predicting future behaviour by mining data from social networking websites.
video obtained by the Guardian reveals how an "extreme-scale analytics" system created by Raytheon, the world's fifth largest defence contractor, can gather vast amounts of information about people from websites including Facebook, Twitter and Foursquare.
Raytheon says it has not sold the software – named Riot, or Rapid Information Overlay Technology – to any clients.
....


The sophisticated technology demonstrates how the same social networks that helped propel the Arab Spring revolutions can be transformed into a "Google for spies" and tapped as a means of monitoring and control.
Using Riot it is possible to gain an entire snapshot of a person's life – their friends, the places they visit charted on a map – in little more than a few clicks of a button.

.....
The power of Riot to harness popular websites for surveillance offers a rare insight into controversial techniques that have attracted interest from intelligence and national security agencies, at the same time prompting civil liberties and online privacy concerns.
....
n April, Riot was scheduled to be showcased at a US government and industry national security conference for secretive, classified innovations, where it was listed under the category "big data – analytics, algorithms."
According to records published by the US government's trade controls department, the technology has been designated an "EAR99" item under export regulations, which means it "can be shipped without a licence to most destinations under most circumstances".



Click here to read more ....