LinuxPlanet Casts

Media from the Linux Moguls

Archive for the ‘anonymous’ Category

Skype Exposes Pirates | TechSNAP 29

without comments

post thumbnail

Coming up on this week’s TechSNAP…

Researches have developed a way to tie your file sharing to your Skype account. We’ll share the details on how this works, and what you can do to prevent being tracked!

Plus we cover the Ultimate way to host your own email, and what happened when Chinese hackers took control of US Satellites!

All that and more, on this week’s episode of TechSNAP!


Direct Download Links:

HD Video | Large Video | Mobile Video | MP3 Audio | OGG Audio | YouTube

Subscribe via RSS and iTunes:




Show Notes:

Audible.com:


Suspected Chinese Military Hackers take control of US Satellites

  • On four separate occasions during 2007 and 2008 US satellites were hijacked by way of their ground control stations.
  • The effected satellites were Landsat–7 (Terrain Mapping and Satellite Photography, example 1 example 2) and Terra AM–1 (Climate and Environmental Monitoring, 2010 Hurricane Karl)
  • While the US does not directly accuse the Chinese government in writing, these types of actions are consistent with known war plans that involve disabling communications, command and control, and GPS satellites as a precursor to war.
  • In one incident with NASA’s Terra AM–1, “the responsible party achieved all steps required to command the satellite,” however the attackers never actually took control of the satellite.
  • It was not until the 2008 investigation that the previous compromises in 2007 were detected
  • This raises an important question, are the US military and other NATO members, too reliant of satellite communications and GPS?
  • In a recent NATO exercise called ‘Joint Warrior’, it was planned to jam GPS satellite signals, however the jamming was suspended after pressure on the governments over civilian safety concerns. Story


Researchers develop a procedure to link Skype users to their Bittorrent downloads

  • The tools developed by the researchers at New York University allow any to determine a strong correlation between bittorrent downloads and a specific skype user.
  • Importantly, unlike RIAA/MPAA law suites, the researchers consider the possibility of false positives because of multiple users behind NAT.
  • The researchers resolve this issue by probing both the skype and bittorrent clients after a correlation is suspected. By generating a response from both clients at nearly the same time and comparing the IP ID (similar to a sequence number) of the packets, if the ID numbers are close together, than it is extremely likely that the response was generated by the same physical machine. If the IDs are very different, then it is likely that the Skype and BitTorrent users are on different machines, and there is no correlation between them.
  • This same technique could be made to work with other VoIP and P2P applications, and could be used to gather enough evidence to conclusively prove a bittorrent user’s identity.
  • This situation can be mitigated by using the feature of some OS’s that randomizes the IP ID to prevent such tracking. (net.inet.ip.random_id in FreeBSD, separate ‘scrub random-id’ feature in the BSD PF firewall)
  • The discovery could also be prevented by fixing the skype client such that it will not reply with its IP address if the privacy settings do not allow calls from that user. The current system employed by the researches does not actually place a call to the user, just tricks skype into thinking that a call will be placed, and skype then leaks the sensitive information by returning its IP address or initiating a connection to the attacker.
  • Read the full research paper


NASDAQ web application Directors Desk hacked

  • Directors Desk is a web application designed to allow executives to share documents and other sensitive information
  • When NASDAQ was hacked in February, they did not believe that any customer data was stolen
  • The attackers implanted spyware into the Directors Desk application and were able to spy on the sensitive documents of publicly traded companies as they were passed back and forth through the system
  • This is another example of the Advanced Persistent Threat (APT) as we saw with the RSA and South Korea Telecom hacks, where the attackers went after a service provider (in his case NASDAQ) to compromise the ultimate targets, the publicly traded companies and their sensitive documents.
  • It is not known what if any protection or encryption systems were part of Directors Desk, but it seems that the application was obviously lacking some important security measures, including an Intrusion Detection System that would have detected the modifications to the application.


SEC says companies may need to disclose cyber attacks in regulatory filings

  • The new guidance from the SEC spells out some of the things that companies may need to disclose to investors and others, depending upon their situation.
  • Some of the potential items companies may need to disclose include:
  • Discussion of aspects of the registrant’s business or operations that give rise to material cybersecurity risks and the potential costs and consequences
  • To the extent the registrant outsources functions that have material cyber security risks, description of those functions and how the registrant addresses those risks
  • Description of cyber incidents experienced by the registrant that are individually, or in the aggregate, material, including a description of the costs and other consequences
  • Risks related to cyber incidents that may remain undetected for an extended period
  • “For example, if material intellectual property is stolen in a cyber attack, and the effects of the theft are reasonably likely to be material, the registrant should describe the property that was stolen and the effect of the attack on its results of operations, liquidity, and financial condition and whether the attack would cause reported financial information not to be indicative of future operating results or financial condition,” the statement says.
  • From the SEC guidance: The federal securities laws, in part, are designed to elicit disclosure of timely, comprehensive, and accurate information about risks and events that a reasonable investor would consider important to an investment decision”
  • CF Disclosure Guidance: Topic No. 2 – Cybersecurity


Feedback:

It is definitely advantageous to own the domain that your email address is on. On top of looking more professional than a hotmail, or even gmail address, it also allows you to choose your host and have full control over everything. There are some caveats though, of course you must remember to renew your domain name, else your email stops working (just ask Chris about that one), you also have to be careful about picking where to host your domain, having your site or email hosted by a less reputable service can result in your domain being included on blacklists and stopping delivery of your mail to some users. The biggest problem with hosting your own email, from your home, is that you must keep the server up 24/7, and it must have a reasonable static IP address. If you are going to host from your home, I recommend you get a ‘backup mx’ service, a backup mail server that will collect mail sent to you while you are offline, and then forward it to your server when it is back up. Even if you are using a dedicated server or VPS, this is important, because email is usually the most critical service on your server. The other major issue with hosting your email from home, is that most ISPs block port 25 inbound and outbound, to prevent infected computers from sending spam. This means that you will not be able to send or receive email to other servers. Usually your ISP will require you to have a more expensive business class connection with a dedicated static IP address in order to allow traffic on port 25. Also, a great many spam filtering systems, such as spamassassin, use blacklists that contain the IP ranges of all consumer/home Internet providers, designed to stop spam from virus infected machines, because email should not be send from individual client machines, but through the ISP or Domain email server.


Round Up:

Classified Cloud | TechSNAP 15

without comments

post thumbnail

This week on, TechSNAP!

The UK Government is building a cloud of secrets, but can it ever possibly be secure enough?

Plus we’ll cover the FBI Arresting 16 suspected members of Anonymous, and being prepared when forced to decrypt your laptop!

All that and more on this week’s TechSNAP!

Direct Download Links:

HD Video | Large Video | Mobile Video | MP3 Audio | OGG Audio | YouTube

Subscribe via RSS and iTunes:

Show Notes:

Thanks to the TechSNAP Redditors!


UK Government to use the Cloud to share Restricted Documents

  • Files will be hosted on the UK internal cloud, the Government Secure Application Environment (GSAE)
  • The system will allow civil servants, diplomats and other Government officials to share documents up to the secrecy level IL3, or Restricted
  • “Information marked as Restricted is at a level where the release of the material will have effects such as significant distress to individuals, adversely affecting the effectiveness of military operations, or to compromise law enforcement.”
  • The internal cloud will use SaaS software from established tech startup Huddle.
  • Planned upgrades to the GSAE and Huddle software will allow it to support IL4 or Confidential information
  • “The effects of releasing information marked as Confidential include considerable infringement on personal liberties, material damage to diplomatic relations, or to seriously disrupt day-to-day life in the country.”
  • A possible obstacle to the deployment of a cloud based system for storing classified information is that policy states that the end users must have local disk encryption to be allowed to access the documents

FBI Arrests 16 suspected members of Anonymous

  • 14 of the arrests are related to the attacks on PayPal after they announced they would no longer accept donations on behalf of WikiLeaks
  • The defendants are charged with conspiracy to intentionally damage protected computers
  • The remaining arrests are related to attacks on InfraGard (Affiliated with the FBI) and a former AT&T Contractor who stole files from AT&T and gave them to members of LulzSec
  • Similar arrests were also made in the UK and the Netherlands
  • The charge of “intentional damage to a protected computer” is punishable by a maximum of 10 years in prison and a $250,000 fine, while conspiracy carries a maximum penalty of five years in prison and a $250,000 fine.

US General Criticizes Defense IT Infrastructure

  • The Military and Defense Department use far too many proprietary systems
  • During the 2nd invasion of Iraq, The Army and Marine Corps used different proprietary encrypted radios, and were therefore unable to communicate directly with each other, because of this, they had to be assigned to different areas of the country to avoid running in to each other
  • Proprietary systems meet the states requirements, but are not flexible and require a long time to modify or adapt the hardware and software.
  • The General places most of the blame on the procurement process, and contractors who design their systems to be proprietary.
  • The Federal CIO worries about the IT Cartel, a small group of companies that understand the Government IT Procurement process better than other companies, and get a disproportionate share of contracts.

DoJ asks Federal Judge to order Defendant to Decrypt Laptop

  • A woman being accused of mortgage fraud is contesting a court order that she provide the decryption key for her laptop
  • The laptop was seized during a raid of her home
  • This case could set the president, as no Appeals Court has yet ruled on whether such an order would violate a defendant’s 5th amendment right to not incriminate themselves.
  • The DoJ goes on to state that “Public interests will be harmed absent requiring defendants to make available unencrypted contents in circumstances like these”. Failing to compel defendants amounts to a concession to potential criminals (be it in child exploitation, national security, terrorism, financial crimes or drug trafficking cases) that encrypting all inculpatory digital evidence will serve to defeat the efforts of law enforcement officers to obtain such evidence.
  • Prosecutors clarified that they were not asking for the pass phrase it self, and that the defendant would be allowed to enter the pass phrase on the computer without anyone looking over her shoulder
  • The U.S. Supreme Court already affirms that defendants can be forced to provide fingerprints, blood samples, or voice recordings, however past rulings have affirmed that a defendant cannot be forced to disclose the contents of their mind.
  • The EFF filed a brief supporting the rights of the defendant, stating “Decrypting the data on the laptop can be, in and of itself, a testimonial act–revealing control over a computer and the files on it“ and “Ordering the defendant to enter an encryption password puts them in the situation the Fifth Amendment was designed to prevent: having to choose between incriminating themselves, lying under oath, or risking contempt of court“
    Submitted by: port-forward-podcast

Round-Up:


Bitcoin Blaster:

Written by chris

July 22nd, 2011 at 12:02 am

Cyber Warfare | TechSNAP 13

without comments

post thumbnail

Since the start of this show, one constant theme keeps coming to light, a new age of Cyber warfare has begun.

In this week’s episode we cover what critical targets hackers and foreign governments might target to wage Cyber Warfare

Plus what major attacks have already taken place? Some of which we are just now learning the ramifications of…

All that and more, on this week’s TechSNAP!

Direct Download Links:

HD Video | Large Video | Mobile Video | MP3 Audio | OGG Audio | YouTube

Subscribe via RSS and iTunes:

Show Notes:

Thanks to the TechSNAP Redditors!

 

No Q&A this week, but we’re doing a double dose next week, send in your feedback and questions!

Attacks on Government:


Topic: Anonymous hacks 100 Turkish Government Sites

  • As part of Operation Anti-Sec, Anonymous has compromised the Turkish governments network of sites, and locked the administrators out.
  • A number of the sites appear to be for Hospitals and other medical facilities
  • The group released a 20MB archive on ThePirateBay, a complete dump of the content of each of the compromised sites.
  • Many of the sites were defaced
  • In a Cyber Warfare type situation, these types of actions could disable critical government functions, everything from weather forecasts to tax filing.

Submitted by: Acidpunk


Topic: Florida Elections Database Hacked

  • The database contained the names, usernames and plaintext passwords of election workers and polling stations
  • Username was first initial, last name, and password was first initial, last initial and 4 numbers. These passwords are too predictable and horribly insecure.

Submitted by: Deathwalk


Topic: Attacks on RoK Gov might have been Drills by DPRK

  • Attacks that crippled South Korean (Republic of Korea) government websites in July 2009 and again in March 2011 might have been cyber warfare drills conducted by North Korea (Democratic People’s Republic of Korea)
  • Attacks were likely reconnaissance to start building a detailed plan of attack in the event of war.
  • Much of the attack came from within South Korea, it is speculated that the virus was left on a number of South Korean file sharing sites, and then the resulting botnet of infected computers was used to take down the government websites.

Attacks on Media:


Topic: Washington Post hacked, 1.27m email addresses leaked

  • The Washington Post’s Jobs site was compromised on June 27th and 28th
  • 1.27 Million Usernames and email addresses were leaked
  • The Washington Post claims that no passwords or other personal information were stolen (were the passwords just hashed, and therefore ‘not disclosed’, or did the attackers not gain access to the passwords?)

Topic: Fox News Twitter hacked, False Obama Death Notice

  • The @foxnewspolitics twitter account was hijacked and false news of US President Obama’s assassination was posted.
  • As with all incidents of this nature, it is being investigated by the Secret Service
  • BBC Coverage

Submitted by: beyere5398 and LeifAndersen


The Future:


Topic: The Pentagon Establishes Cyber Warfare Retaliation Policy

  • The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war
  • Foreign directed hacker could pose as significant a threat to U.S. nuclear reactors, subways or pipelines as a hostile country’s military
  • If a cyber attack causes significant disruption (for example, to the power grid), or death, then the attackers will be met with conventional armed force.
  • New York Times coverage

Topic: More is happening than we actually know

  • By reverse engineering a crashed EP-3E Aries II reconnaissance plane, the Chinese were able to begin intercepting encrypted US Navy communications
  • A few weeks after President Obama’s election, the Chinese flooded communications links they knew were monitored by the NSA with unencrypted copies of intercepted communications, proving they had compromised American communications links.

Topic: Cyber Warfare will be constant and often subtle

  • The attacks on RSA earlier this year were not conclusively linked to Cyber Warfare, they could have been the work of a lone hacker, a small group, or an organized government
  • The RSA hack later led to the compromise of secure systems at Lockheed Martin and other US arms manufacturers.
  • Earlier this year we also saw the compromise of a large number of email accounts belonging to government and military officials. This type of reconnaissance can be used to gather information that would allow attackers to break in to more secured systems over time.
  • Many attacks go unnoticed, as the perpetrators keep the systems just to be used to launch future attacks from. As we saw in the RSA hack, the attackers used an offsite webserver they had compromised earlier to send the data to, to avoid connecting directly to RSA and possibly leaving a trail. They then destroyed the webserver, breaking the link back to them
  • In the past was have discussed the similar tactic of Island hopping, compromising an outward facing system such as a web, mail or monitoring server, or the desktop of a secretary or other lower level employee, and then slowly gathering more and more information in order to compromise the true targets of the attack.

Submitted by: Raventiger


Roundup:
South Korea army, University to start Cyber Defense majorSubmitted by: refuse2speak
Anonymous hacks apple server, leaks usernames and hashed passwords
The Fog of Cyber Warfare – A battle without borders?Submitted by: Raventiger
Chicago Mercantile Exchange Secrets and Source Code Leaked To China

Copies of vsftpd 2.3.4 downloaded from official mirrors contain backdoorSubmitted by: stmiller
Dropbox TOS gives them broad copyright license over your filesSubmitted by: rakudave
Targeted phishing helped hackers earn 150 million in JuneSubmitted by: stmiller

Bitcoin BLASTER:
Lawyer Attempts To Trademark Bitcoin
First bitcoin app for Android, but is it safe?
BTCGuild suffers major DDoS Attack


Download & Comment: