Friday, September 30, 2016

Heroes and villains

The recent release of the film ‘Snowden’, directed by Oliver Stone, talks about the issue of hackers and their role in society today. Because of  the impact of the Snowden case in the news, some practices of the secret intelligence services -on behalf of the public security- transcended the public debate. 

The reactions came soon. The Nextgov website published an interview with a former NSA official, Chris Inglis, who says there are several technical inaccuracies in the film. For Inglis, technical errors are not the worst part. In his opinion, it is how they show the intelligence services of the United States. In the film, Snowden is described as a patriot that gets disappointed with the secret services after realizing that the agency violated certain people’s rights.

Wednesday, September 28, 2016

Attacks in (cyber) space

The conquest of space has been one of the main goals that many world powers have constantly fought for. Many things have been said about the first man on the moon. Things such as it was a big step for mankind, or that it could have been set up in a film studio. 

The truth is that the aerospace sector is not free from the attack of cybercriminals. According to the magazine Security Week, a group of researchers at Palo Alto Networks may have discovered a Trojan for OS X used by Russian cyberspies in the aerospace sector. The malware known as Komplex seems to have been developed by a group of hackers known as Sofacy, Pawn, Storm, APT28, Fancy Bear and Tsar Team.

The attackers may be also linked to major cyber attacks against the US government and their political parties. Those hackers may have also intervened in the German parliament and the World Anti-Doping Agency (WADA).

According to researchers, the Komplex attack usually begins with a component that displays a document in the app preview in OS X. The dropper component is designed to drop and execute the main payload and ensure its persistence by configuring the system to launch it when OS X starts.

Once it infects the device, the malware establishes contact with its command and control server and collects system information. The Trojan allows attackers to execute arbitrary commands and download additional files. According to Ryan Olson, intelligence director at 42 Palo Alto Network, Komplex was detected at the beginning of August. “Komplex shares the same features and functions than other tools used by Sofacy, that were used in Windows systems”, Olson says.

Another study that was made public this week is the one by Google. The company has paid around one million euros to a group of researchers in order to try and fight the cross-site scripting (XSS), according to the website The Register. The XSS are one of the most widespread threats in the web app world. It can be used to steal sensitive information, hijack user sessions and affect the browser and the whole system integrity. 
Image Original Source: Freeimages

Monday, September 26, 2016

Choose: your money or your data?

Today, one year ago...

 In the genre of dystopia, from “Brave New World” by Aldous Huxley, to the film “The island” by Michael Bay, the starting premise is clear: when anyone can be the enemy, everybody should be monitored closely. Perhaps the enemy is a unique individual, an isolated group or a small percentage, but if you can’t get rid of it, you better limit everyone. A mental sequence that is present in the iconography of political conspiracy, the critics to the power and messianic revolutions. A classic that sometimes can be found in the real world in higher doses rather than in fiction.

In our Monday review from one year ago, today we find a plot that Eric Blair (known by his pen name George Orwell) would have wanted for himself. A week of intense news in the field of cybersecurity, from the hunt of criminals, to their aim to get their prize (money, always money), through the baroque monitoring done by the intelligence services to the population they must defend.

Friday, September 23, 2016

The speed of things

If there is something that development of technology has achieved is: information can travel faster. What before could take decades to be known, now it can be known in some minutes. No one is free. Neither celebrities nor politicians. Not even countries. Internet can spoil anyone’s reputation. But just as it takes little time to know something, it takes little time to forget it. And this week we have seen this very clearly.

In a piece of news published by The Guardian, we have found out that North Korea has only 28 websites. The discovery was made by Matt Bruant, who published the information on GitHub, after getting the domain data thanks to a malfunction on the servers. On those websites they talk about North Korea’s nuclear tests and their leader Kim Jon-un’s health. This would highlight that cybernetics is not their strong point.

Wednesday, September 21, 2016

There is a hacker in the car

Knight Rider was one of the most popular series in the eighties in the United States. The main character was a car that had complete autonomy thanks to a central computer. It could move by itself, make decisions and speak. Its name was Kitt and it was something like a modern technological horse loyal to Michael Knight, played by David Hasselhoff before he became a lifeguard in Baywatch.

Keen Lab researchers at the Chinese Tencent Company have found a number of weaknesses that could put Tesla Model S in the hands of hackers. According to several websites, Security Affairs among them, attackers could manage these vehicles with a remote control. The researchers proved that it’s possible to take control of the cars when they are parked or in full use. The most shocking part of this was that it could be done with the car moving. Those hackers could activate the brakes when the car was going 12 miles per hour. They could also activate the wipers, open the trunk and fold the rearview mirrors.

Monday, September 19, 2016

Unflattering cyber-tolls

If you have a job related to any IT activity you should reject anything that has to do with pirated software and unofficial access. We know that, unfortunately, it is NOT that way, but it should be. Because if you are working with something you shouldn’t, some of your tools may come with a “present” and your computer can get infected. But that is the lesser evil. The real danger is what you represent to your partners, employees, clients, and suppliers. Anybody who is in contact with you.

In our look back to Mondays, we find out that September 2015 was a perfect date to learn this basic lesson in cybersecurity. Some Chinese iOS developers, who were used to worki in an unofficial platform, started to use resources that were infected, and they ended up introducing 39 apps with malicious code in the Apple Store, apps such as WeChat. The curious thing is that this is the sixth time that something like this happens.

Friday, September 16, 2016

Invisible weapons

One of the best sitcoms that the Cold War gave us was Get Smart. The main character was Maxwell Smart, a secret agent (Agent 86), a bit clumsy and indiscreet, constantly confronted to his enemies from Kaos, who wanted to rule the world. In each mission, Smart was usually given a weapon or a rather peculiar tool. The most famous was his shoe phone, which predicted the arrival of mobile phones. 

Although he was somewhat clumsy, Smart was a good shooter and often had hidden weapons inside lighters and watches. The Register published a note stating that French hackers would be smuggling pen-guns that can fire bullets of .22 caliber. The website ensures that contraband in other countries is nothing compared to how this business is developed in France. Each gun would be worth 150 euros. The discovery was made by Pernet, from Trend Micro, when he investigated cybercriminal forums globally. Pernet found out that these weapons are sold only through French forums, where they also smuggle euthanasia kits, among other services in the dark web.

Wednesday, September 14, 2016

Emergency call

Suddenly you are in an extreme situation. Your hands are shaking, your heart beats faster and you are sweating. You are scared and need help. You pick up the phone and dial the emergency number (911 in this story), but it’s busy. Then you panic. The only chance to save your life is if you have professional help, but they can’t hear you. There is someone blocking your communication. Hackers. 

In a recent research conducted by Ben Gurion University in Israel, they concluded that the 911 emergency services could suffer an attack by cybercriminals. By using a network of hacked phones, hackers could make the whole US emergency system collapse, causing dropped calls, or leaving out all the people who may need help.

Monday, September 12, 2016

Astronomical cybersecurity

Today, one year ago...

Planets, satellites, comets, stars, galaxies and dark and interstellar materials, among other issues. It’s hard to get bored when you are interested in Astronomy, because we could be talking about millions and millions of subjects of study. In a similar way, it’s hard to get bored in cybersecurity, where figures can often be astronomical, and where there is a whole universe full of malwares, ransomwares, social engineering attacks, denial of services, espionage campaigns and advanced persistent threats. If someone gets bored here it's because he or she wants to. Today, as one year ago.
Precisely because one year ago we heard about the “astronomical” attack that was being prepared against 430 million emails, with the aim of installing the banking malware Dridex in the greatest possible number of British devices. The operation, discovered by Fujitsu, put immediately on guard (even more) the intelligence services in the country. The Government Communications Headquarts had no choice but to alert the multiple agencies involved, including banks, government institutions and large corporations.

Friday, September 9, 2016

House taken over by hackers

In the short story ‘House taken over’, by the Argentinian writer Julio Cortázar, a couple of brothers are gradually expelled from their home. Their house has been taken by some strange beings, undefined, and we never know who or what they really are. When the main characters realized, they were in the street, bewildered and sad because of what just had happened.

Cortázar never used the Internet, but that story could easily be a metaphor about cybercrime nowadays. Naked Security website talks about the precautions with the routers we have at home. The article gives a series of recommendations when configuring devices. Otherwise, we open the door to bandits than can spy our computers, extract our passwords and our configuration settings. Moreover, our system should be authenticated so cybercriminals don’t establish an impostor server somewhere between the router and the IP auto-configuration servers. This way we will make sure the device doesn’t send false orders.

Wednesday, September 7, 2016

Cybercrime: Tower of Babel

In the radio adaptation of The War of the Worlds, by Orson Welles in 1938, aliens invade the Earth. Maybe it is still hard to imagine how visitors from very faraway will be. But if the invasion was today, one of the aspects of our planet that would attract their attention would be how cybercriminals are different depending on the place of origin and the language that hackers use.

Info-Security magazine details the results of a study by Robert McArdle, from the research team Trend Micro. In the report –made public in an event organized by Cloudsec in London– he compared geographical differences among cybercrime groups worldwide. McArdle said the very first step for a good defense is to know your enemy, which begins with the detection of global trends regarding cyberattacks. This way, we will be able to be more protected. Although there are threats that go beyond geography itself, there are many differences among the attackers, depending on their origin.

Monday, September 5, 2016

Permanent Cybercrime Targets

Today, one year ago...

Hacked cars, cyberwar, espionage and health care cybersecurity. Are we talking about the present time? No, we are talking about what happened one year ago. As we have been doing every Monday since August, we look back to see what happened a year ago at this time. On days like this September 5th, we can see that the techniques can be modernized year by year, but many of the major threats are virtually identical: the money trail and the weakest link in the chain are 'responsible' for these reasonable similarities between the past and the present.
If we search on Google the term 'Blue Termit', we will be facing an Advanced Persistent Threat (APT), which has its roots in the last months of 2013. Since that date we can find some examples of malware that Kaspersky Labs identified within a campaign against organizations in Japan. At the end of August 2015, the matter came back to the news because there had been new and more sophisticated methods of attack. Among them, the infection of hundreds of websites by a Flash Player exploit, the same one that had been leaked in the well-known incident related to The Hacking Team.

Friday, September 2, 2016

Access Keys

In the 80s the videogame The Legend of Zelda caused furor among console lovers. It often consisted in finding keys to doors, trunks or jewellery boxes that would help the warrior Link in his eagerness to save the princess and the Kingdom of Hyrule. As in the fiction, those keys don't ever fall into good hands, as we have heard in the news related to cybersecurity this week.

According to Info-Security Magazine, a group of hackers had access to data from OneLogin, a cloud-based company that provides online accounts and identity management. Apparently the attackers kept that information for one whole month, from July 25 to August 25 this year. This happens just after it has come to light that 69 million Dropbox accounts have been leaked, forcing the enterprise to reset the passwords.