jump to navigation

All’s Fair in Love & (Cyber) War September 17, 2012

Posted by Heather Mark in cyberespionage.
Tags: , , , , , , ,
add a comment

A report released today suggests that the United States government is far more involved in the use of trojans and mal-ware than previously thought.  The US had previously been linked to the Stuxnetvirus that wreaked havoc on the Iranian nuclear program. Speculation at that point was that the US and Israel had collaborated on the program in an effort to derail Iranian nuclear ambitions.  I don’t think many were surprised to hear that supposition.  Today, though, Kapersky Lab and Symantec announced that they have found evidence linking the US to three other, previously unknown viruses.

The use of covert operations on “enemy” governments dates back to the beginning of the civilization, really.  Sun Tzu writes extensively about the subject and the use of “covert operatives” peppers Greek and Roman history, as well.  These historical endeavors share a common purpose with the cyber-espionage that we see today – to gather data, or to provide data, that can be used to bring about the downfall of one’s enemy, or at least provide a significant advantage to the other side. It shouldn’t come as any surprise, then, that any country would make use of the available technology to conduct remote espionage operations.

We know that other countries, China in particular, has a specific focus on launching attacks on Intellectual Property of Western companies.  A recent report in the Baltimore Sun highlights the countries singular focus on hiring cyber-soldiers (for lack of a better word): “Experts estimate that North Korea has as many as 1,000 cyber warfare agents working out of China and is recruiting more every day.”  When we know that our enemies are fully engaged in cyber-warfare tactics, it would be short-sighted and naive to believe that our government is not fighting back.

“Why does the FBI have your UDID (and 12.4 million more)?” FBI Laptop Hacked…1 million Apple IDS posted online September 4, 2012

Posted by Chris Mark in cyberespionage, cybersecurity.
Tags: , , , , , , , ,
add a comment

*UPDATE* It was reported yesterday that the FBI laptop was not, in fact, the source of UUIDs that were hacked.  A company called Blue Toad revealed that it was the source of the stolen ids.  It’s not clear how the data was stolen from Blue Toad or what, if any relationship exists between the company and the laptop that was first identified as the source of the breach.***

According to NBC News, hackers associated with the anti-government group AntiSec have hacked an FBI Agent’s laptop and posted over 1 million Apple Unique Device Identification Number or UDIDs online.   The Apple UDID is used by Apple to determine what applications are running and to lock down the phones, IPads and computers from other applications.  Alone, they do not represent personally identifiable information but However, New Zealand-based security researcher Aldo Cortesi has shown that thanks to disregard of Apple’s security guidelines by iOS game and app developers, it’s possible to determine a user’s identity through an UDID alone.  According to the story:

“The Pastebin post claims that the UDIDs were stolen thanks to an Anonymous hack into the laptop of FBI agent Christopher Stangl, a member of a New York-based cybercrime task force. “During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java,” the posting states. “During the shell session some files were downloaded from his Desktop folder one of them with the name of ‘NCFTA_iOS_devices_intel.csv’ turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts.”

Why the FBI has such a list of over 12 million UDIDs is an interesting question. Why the list would be on a laptop is another interesting question. To check whether your iPhone, iPad or iPod Touch’s UDID might be among those affected, a Unix developer based in Florida has already posted a tool: http://kimosabe.net/test.html

“Cyber Espionage is Alive and Well”; Motorola Employee Sentenced in theft of IP August 30, 2012

Posted by Chris Mark in cyberespionage, cybersecurity.
Tags: , , , , , , , ,
add a comment

According to a story in CIO, a former Motorola employee was sentenced to 4 years in prison for theft of trade secrets. For more information on the cyber espionage threat, you can read my  article: “The Rise of CyberEspionage” published in The Counter Terrorist Magazine.

Below is an excerpt of the CIO article.

“Hanjuan Jin, 41, a nine-year Motorola software engineer, conducted a “purposeful raid to steal technology,” U.S. District Judge Ruben Castillo said while imposing the sentence, according to a statement by the department.

The Judge did not however find her guilty of three counts of economic espionage for the benefit of China and its military, although he found by a preponderance of the evidence, that Jin “was willing to betray her naturalized country,” according to the department. Jin had earlier been convicted by the court of three counts of theft of trade secrets.

Judge Castillo’s order was not immediately available on the website of the U.S. District Court for the Northern District of Illinois, Eastern Division where Jin was on trial.

Jin, who is a naturalized U.S. citizen born in China, was stopped from traveling on a one-way ticket to China on Feb. 28, 2007 at O’Hare International Airport by U.S. customs officials who are said to have seized from her possession more than 1,000 electronic and paper documents from Motorola.”

Companies need to be vigilant and understand that the same techniques used to steal national secrets are being employed in US businesses.  While not exclusive to China, they certainly represent the greatest threat today.

“Gauss What!?” – Another CyberWeapon Discovered August 14, 2012

Posted by Chris Mark in cyberespionage, Risk & Risk Management, terrorism.
Tags: , , , , , , , ,
add a comment

According to Kaspersky labs, yet another cyberweapon was discovered last week.  On August 9, 2012 Kaspersky labs released a press release stating that they had identified another cyber-weapon dubbed Gauss.  According to the press release:

“…‘Gauss’, a new cyber-threat targeting users in the Middle East. Gauss is a complex, nation-state sponsored cyber-espionage toolkit designed to steal sensitive data, with a specific focus on browser passwords, online banking account credentials, cookies, and specific configurations of infected machines. The online banking Trojan functionality found in Gauss is a unique characteristic that was not found in any previously known cyber-weapons.” (more…)

“I know it’s true because I got it from the Internet!” – Reuters Hacked by Pro-Assad Group to publich Propaganda August 6, 2012

Posted by Chris Mark in competitive intelligence, cyberespionage, cybersecurity.
Tags: , , , , , , , ,
add a comment

Reuters acknowledged that on August 3rd, their blogging platform was hacked and a false, pro-Assad post was published.  “Reuters.com was a target of a hack on Friday,” the company said in a statement. “Our blogging platform was compromised and fabricated blog posts were falsely attributed to several Reuters journalists.”  Additionally, Reuters Twitter account was hacked and used to tweat several false, and pro-Assad messages.   While this type of propaganda has been going on for as long as news has been published, the ease of which a person or group can publish on the Internet coupled with the speed at which it can spread creates new challenges for companies.  Imagine a situation in which a company is hacked and fraudulent financial data is released before an IPO?  As the US Presidential elections ramp up, we are seeing increasing numbers of stories and claims that can only be categorized as propaganda.  In fact, unless you clicked on the links above and checked the underlying domains, you have no real confidence that this particular post is true, or accurate. 😉

It is important for companies to monitor the news that is being distributed about the organization.  I have worked at an organization where we found someone who had intentionally published misleading and malicious information in an attempt to promote a competitor.  While it did not require hacking a news system to publish the story, it is yet another area that exposes companies to unnecessary risk.