Intelligent Connections. Recruiting Integrity.
Call Us: 415-510-2973

Archive for July 2016

Alleged Kickass Torrent Founder Arrested, Site Goes Offline

Alleged Kickass Torrent Founder Arrested, Site Goes Offline

The alleged founder and owner of Kickass Torrents, one of the biggest piracy sites on the web, has been arrested in Poland.

Ukrainian Artem Vaulin has been charged with one count of conspiracy to commit criminal copyright infringement, one count of conspiracy to commit money laundering and two counts of criminal copyright infringement after an operation led by US law enforcement officials.

The Department of Justice said in a statement that it would seek to extradite Vaulin to the US.

Kickass Torrents rose to prominence after the collapse of The Pirate Bay, and quickly became the biggest file-sharing site on the web. US authorities allege that the site enabled users to download and share hundreds of millions of films, video games, TV shows, albums and more.

According to the complaint, the copyrighted material is worth over $1 billion (£760 million). The site attracts 50 million unique visitors per month and is the 69th most visited website on the internet.

A federal court in Chicago has ordered the seizure of a bank account and several domains associated with the site, in an attempt to shut it down.

Vaulin had evaded capture and closure of his site for many years by allegedly relying on servers located across the world and frequently moving domains whenever they were under the threat of seizure, US authorities said.

It appears that what eventually led to Vaulin’s capture was his use of Apple iTunes and Facebook. According to papers filed with the court, an email address associated with Vaulin conducted an iTunes transaction in July 2015 and the same IP address was used to log into the Kickass Torrent Facebook page the same day.

The same process was repeated in December 2015, when an IP address was logged accessing the Kickass Torrent Facebook account. A few days later the same IP address was used to make another iTunes transaction via the same “tirm@me.com” email address.

Photo © Gil C/Shutterstock.com

Source: Information Security Magazine

UK Records Six Million Cyber Offenses In One Year

UK Records Six Million Cyber Offenses In One Year

Nearly six million cybercrimes were committed in England and Wales during the last year, the Office for National Statistics (ONS) has revealed.

In total 5.8 million “fraud and computer misuse incidents” were committed. Of this total, 3.8 million were fraud incidents, including 2.8 million “bank and credit account fraud” crimes, and 1 million cases of “non-investment fraud,” which is anything related to online shopping or fake computer support calls.

The 2 million "computer misuse incidents” included 1.4 million cases related to viruses while the remaining 600,000 were cases of “unauthorized access to personal information,” which included incidents of hacking.

These 5.8 million cybercrime cases sit on top of the ONS figure of 6.3 million crimes being committed against adults in England and Wales in the year up to the end of March 2016. However, this does not mean the crime rate has doubled, ONS statistician John Flatley said.

“This is the first time we have published official estimates of fraud and computer misuse from our victimisation survey. Together, these offences are similar in magnitude to the existing headline figures covering all other Crime Survey offences. However, it would be wrong to conclude that actual crime levels have doubled, since the survey previously did not cover these offences,” he wrote.

Additionally, the figure of 5.8 million cases of cybercrime could be well below the true number, the report said, as many victims may not even be aware of any incidents or be unwilling to report the crime to police.

Increased reporting of cybercrime is a good step for the UK to take, according to Paul Taylor, UK head of cybersecurity at KPMG.

“The cybercrime and fraud statistics in the latest ONS crime survey are deeply concerning, but not surprising. Greater transparency around the scale of this problem is vital, helping set the national priorities for law enforcement resources, and underlining the need for industry and government to work together to combat this growing menace.”

The figures also represent a wake-up call for businesses. “Through the inclusion of online crime in ONS crime reports, this further supports the requirement for all organizations to realize the severity and seriousness of cybercrime and the need for all to take up arms to fight it. Organizations need to put security at the top of the boardroom agenda to implement the right technology to protect themselves and their employees,” said Robert Norris, Director of Enterprise & Cyber Security in UK & Ireland at Fujitsu.

Photo © a masterphotographer

Source: Information Security Magazine

Health Data on Nearly Every Dane Sent to Chinese Firm

Health Data on Nearly Every Dane Sent to Chinese Firm

Sensitive medical data on almost the entire population of Denmark has been accidentally sent to a Chinese state-linked visa office.

The Danish Data Protection Agency (Datatilsynet) admitted the error last week.

It happened in February last year when two unencrypted CDs containing the data were posted by the State Serum Institute (SSI) – a government-funded organization tasked with combating infectious diseases.

They were apparently intended for Statistics Denmark, the country’s equivalent of the UK’s ONS, but the envelope containing the CDs ended up in the hands of the Chinese Visa Application Service Centre a few hundred meters away.

An employee at the center opened the envelope “by mistake” and then went to the Statistics Denmark office with it, explaining what had happened, according to an SSI explanation on the Datatilsynet site.

The SSI said it doesn’t believe anyone at the center accessed the data, and the watchdog claims it will take no further action, despite having previously told the SSI that data must be encrypted before being sent by post.

The data involved is highly sensitive, containing social security numbers as well as health information related to cancer, diabetes, psychiatric illnesses and more, according to Reuters. However, no names or addresses were included, according to the watchdog.

The visa office is not directly run by the Chinese state, but is apparently a unit of the state-owned Bank of China, so there are legitimate concerns that the data may have been accessed.

It was claimed after the infamous US Office of Personnel Management attacks that the Chinese state is building up a database of US citizens for strategic purposes which could further its geopolitical and military aims in the future.

Health information like that accidentally leaked by the Danish state would certainly be strategically useful for a foreign power.

In total, data on 5,282,616 citizens residing in the Scandinavian nation between 2010 and 2012 was on the two discs. The population at the time is said to have been around 5.5 million – which means most of the country is affected.

Source: Information Security Magazine

Stagefright Returns? Mac & iPhone Users Urged to Update

Stagefright Returns? Mac & iPhone Users Urged to Update

A senior technologist at Sophos has called on all Mac and iPhone users to update to protect themselves against a Stagefright-style bug.

In a Naked Security blog post Paul Ducklin explained that the bug, which hit the headlines last year as "one of the most noteworthy Bugs with an Impressive Name (BWAIN)" has now come to Macs and iPhones. This was a cluster of holes in Android’s core media-handling library known as libstagefright.

Ducklin wrote:

“Four different bugs (CVE-2016-1850, CVE-2016-4629, CVE-2016-4630, CVE-2016-4631) were fixed; the ‘biggie’ is CVE-2016-4631.”

According to security researcher Tyler Bohan of Cisco Talos: the CVE-2106-4631 bug occurs in the handling of TIFF images; the faulty code affects both OS X and iOS; and the bug has been around for a while.

“In theory, then, now the CVE-2016-4631 hole is known, and the crooks have hints on where to start looking to find a working exploit, there’s a real risk of OS X and iOS malware or data-stealing attacks that can be triggered by messages or emails.”

Image rendering bugs like Stagefright are particularly dangerous when they are ‘weaponized’ into RCEs, because so many of the images we receive these days are processed and displayed automatically as an expected part of some other innocent activity, he continued.

“That’s why Android’s series of Stagefright bugs caused widespread alarm (more alarm than was needed, fortunately), because apps that auto-render and auto-display images include:

•    Messaging apps. Text messages contain only text, but messages sent using MMS (the mobile phone network’s multimedia messaging system) usually link directly to image files, which are pulled down and processed automatically by the messaging software.

•    Email clients. Email attachments are easy enough to open by mistake, but they require an extra tap after reading the message in the first place. Inline images simply appear as part of the message, so just reading an email containing images may be enough for an attack to succeed.

•    Browsers. Modern web pages typically contain anywhere from tens to hundreds of images, all of which are processed, scaled and put into the page that gets displayed. The bad news in all of these cases is that the sender gets to decide what images are included, as well as what format they are in.”

“In other words, even if there’s an unusual bug in an abstruse image format you’ve never used yourself, the sender can pick that format, and the app does the work of figuring what program code to use to process it, and how to display it on screen.”

The bottom line, according to Ducklin, is that your iDevice or Mac is almost certainly vulnerable if you haven’t installed the very latest update yet.

What to do?

“Patch early, patch often. That may one of our truisms, but truisms get to be truisms precisely because they’re true!”

“Consider turning off MMS messaging. If you don’t use MMSes (I haven’t received one for ages), you can turn them off altogether on iOS in Settings/Messages.”

Source: Information Security Magazine

WikiLeaks Blocked In Turkey Following Government Email Release

WikiLeaks Blocked In Turkey Following Government Email Release

Whistleblowing website WikiLeaks has been banned in Turkey after publishing 300,000 emails from the ruling Justice and Development party (AKP) in response to the failed military coup in the country.

WikiLeaks said it had the emails, which date from 2010 to July this year, for a while but sped up publication following the attempt to topple president Recep Tayyip Erdogan’s party. The website said the emails came from a source that, “is not connected, in any way, to the elements behind the attempted coup, or to a rival political party or state.”

In response the Turkish Telecommunications Communications Board said it had taken an “administrative measure” against WikiLeaks. The Independent says this is the term it usually uses when it bans access to a website or service. The WikiLeaks Twitter account posted a screenshot it claims shows access blocked from within Turkey.

The Guardian added that a “senior Turkish official said the ban was imposed on the WikiLeaks content because it constituted stolen or illegally obtained information.”

As well as being blocked in Turkey, WikiLeaks said it was hit with cyber attacks in the days before releasing the documents.

And according to a Twitter account which claims to be part of the Anonymous hacktivism group, “Wikileaks has sustained DDos attacks after announcing they will release e-mails (300,000), docs (500,000) of the Turkish government, and we suspect the Turkish government will try to censor any information Wikileaks will release,” the group said in a statement.

"We ask of the people in Turkey to take interest in the material Wikileaks is about to release and to not dismiss it because a leader tells them. We advocate the use of anti-censorship tools as Tor, I2P or VPN,” the statement added.

This echoes a call from WikiLeaks for people in Turkey to bypass the restrictions. “We ask that Turks are ready with censorship bypassing systems such as TorBrowser and uTorrent. And that everyone else is ready to help them bypass censorship and push our links through the censorship to come."

Photo © 360b/Shutterstock.com

Source: Information Security Magazine

Thousands At Risk After Flaw Found In Security Products From AVG, Kaspersky And More

Thousands At Risk After Flaw Found In Security Products From AVG, Kaspersky And More

Researchers have discovered flaws in products from some of the world’s biggest security firms that could potentially expose hundreds of thousands of users to attack.

The flaws all revolve around incorrect implementation of code hooking, according to researchers at data protection firm enSilo. Code hooking is a technique that enables the monitoring and/or changing of the behavior of operating system functions.

It is widely used in the antivirus industry to enable products to monitor for suspicious activity, but also has uses in virtualisation, performance monitoring, and more.

The code hooking issues discovered by enSilo cover 15 different products. Companies affected include: AVG, Kaspersky, McAfee, Symantec, TrendMicro, BitDefender, Citrix XenDesktop, Webroot, AVAST, Emsisoft, and Vera.

More worryingly, the company also said the flaw was discovered in three different hooking engines, including Microsoft Detours, which is considered the most popular commercial hooking agent on the market. This means there are potentially thousands more products and hundreds of thousands of users affected by the flaw, enSilo said.

Microsoft has said it plans to patch the issue in August. enSilo’s co-founder and CTO Udi Yavo and Tommer Bitton, co-founder and VP of research, said that won’t be an easy task. “In most cases fixing this issue will require recompilation of each product individually which makes patching extremely hard.”

Exploiting the flaw could result in attackers being able to inject code into any process running on the system, Yavo and Bitton wrote in a blog post.

“Most of these vulnerabilities allow an attacker to easily bypass the operating system and third-party exploit mitigations,” they said. “This means an attacker may be able to easily leverage and exploit these vulnerabilities that would otherwise be very difficult, or even impossible, to weaponize. The worst vulnerabilities would allow the attacker to stay undetected on the victim’s machine or to inject code into any process in the system.”

“Companies using affected software should get patches from the vendors, if available, and demand patches if they aren’t yet available. Customers using software from the affected vendors should contact their vendors and demand that the software be patched,” the blog added.

The duo plan to present their findings at the upcoming Black Hat security conference in Las Vegas.

Photo © Gil C/Shutterstock.com

Source: Information Security Magazine

Technology Giants Join Forces For IoT Security Standards

Technology Giants Join Forces For IoT Security Standards

The industrial, home, health and transportation industries may be rushing to embrace the Internet of Things, but without a coherent security strategy in place those billions of connected devices could represent a security nightmare.

Now, some of the world’s biggest companies have joined forces to address this security issue, most notably the lack of standards in IoT devices. Led by Symantec and ARM, the group has created the Open Trust Protocol (OTrP).

The group says OTrP combines a secure architecture with trusted code management and uses security technologies that are already well established in the banking industry as well as in applications available for smartphones and tablets that manage sensitive data. The protocol is available for download from the IETF website, the group said.

According to the group, OTrP is a high level management protocol that works with security products such as ARM’s TrustZone-based Trusted Execution Environments and others that are designed to protect mobile devices from security threats.

The protocol reuses the security architecture that is already well-established in the ecommerce industry, which removes the need for a centralized database. The use of Public Key Infrastructure (PKI) and Certificate Authority-based trust architectures means service providers, app developers and OEMs can use their own keys to secure and manage both IoT-related hardware and software.

The OTrP can be added to existing Trusted Execution Environments or to microcontroller-based platforms capable of RSA cryptography, the group said.

As well as Symantec and ARM, Intercede, Solacia, Beanpod, Sequitur Labs, Sprint, Thundersoft, Trustkernel and Verimatrix are members of the group.

“In an internet-connected world, it is imperative to establish trust between all devices and service providers,” said Marc Canel, Vice President of Security Systems, ARM. “Operators need to trust devices their systems interact with and OTrP achieves this in a simple way. It brings ecommerce trust architectures together with a high-level protocol that can be easily integrated with any existing platform.”

“With new technologies come increased security risks,” said Brian Witten, Senior Director, Internet of Things (IoT) Security, Symantec. “The IoT and smart mobile technologies are moving into a range of diverse applications and it is important to create an open protocol to ease and accelerate adoption of hardware-backed security that is designed to protect on-board encryption-keys.”

“Posting OTrP as an IETF informational for public review is an important step in providing universal digital trust from silicon to services for mobile and IoT connected devices, said Richard Parris, CEO of Intercede. “It provides network operators and app developers the control they need over their selection of hardware security module and cryptographic key provider for reasons of interoperability, policy and cost while maintaining a common management platform across mixed fleets of devices."

Photo © monicaodo

Source: Information Security Magazine

Orgs Struggle to Recruit Skilled DDoS Personnel

Orgs Struggle to Recruit Skilled DDoS Personnel

Companies looking to recruit network engineering professionals with experience of dealing with DDoS attacks are facing an uphill struggle, according to new research from Imperva.

The firm’s survey found that whilst companies across the globe are recognizing the importance of hiring skilled staff to help address security concerns threatening their online presence, a scarcity of qualified personnel is making this a difficult task.

Imperva report that China is seeing the highest demand for DDoS network engineering skills, with an estimated 47% annual growth (compared to 30% in the US). Further, findings show that companies in the US, UK and Canada are taking longer to fill the positions that require such skills, highlighted by an increase in the average number of job listing days in these nations. In the US for example, this has increased from 27 to 37 days over a four-month period, with the growth rate being over 75%.

“It is indeed difficult to attract engineers with strong experience in DDoS attack handling,” Jay Coley, senior director, Global Enterprise Security Architects at Akamai, told Infosecurity. “These skills can only develop in organizations that either see frequent DDoS attempts or in security companies that specialize in DDoS handling as a service. Additionally, due to the difficulty in gaining this experience and the need outstripping demand for these engineers, organizations will go to great lengths to hold onto and nurture talent.”

The demand for network engineers with DDoS expertise is on the up because of the marked rise of volumetric attacks on organizations, says Imperva. As a result, companies are often left scrambling for DDoS-skilled staff as they try to implement the planning, prevention and mitigation strategies that are now so essential in the fight against these types of attacks.

“DDoS attacks are still a major threat to any organization to both reputation and data integrity” said Coley. “As the Akamai SOTI security report bears out, DDoS attack frequency, size and many times complexity is still growing. Often these attacks are also used as a distraction or cover for other malicious activities, such as customer redirects to a false site, or direct data theft attempts.”

This is why it’s critical to ensure that organizations include DDoS planning, training and drills into their normal operational procedures to make sure their security teams are able to act quickly and effectively to any DDoS threat, he added.

“It’s also very important to include any DDoS security providers into the action plans as a matter of course, through table top drills and comprehensive run-book development.”

Source: Information Security Magazine

WhatsApp Gets Reprieve After Another Brazil Ban

WhatsApp Gets Reprieve After Another Brazil Ban

WhatsApp’s delicate relationship with the Brazilian authorities took another turn for the worse on Tuesday after a Rio judge ordered telcos to block the messaging platform, before herself being overruled.

Judge Daniela Barbosa ordered the ban after claiming WhatsApp owner Facebook had shown “total disrespect for Brazilian laws” by failing to provide messages sent via the platform to help in a criminal investigation.

In reality, what the judge again failed to grasp is that WhatsApp could not provide the content of the messages as its service is fully end-to-end encrypted.

As CEO Jan Koum explained in a Facebook post shortly after the decision: “As before, millions of people are cut off from friends, loved ones, customers, and colleagues today, simply because we are being asked for information we don't have."

The decision not only put WhatsApp’s estimated 100 million Brazilian users in the dark but also came just over a fortnight before the start of the Rio Olympics.

However, just hours later it was overturned after Brazilian supreme court president, Ricardo Lewandowski, claimed the original decision was “scarcely reasonable or proportional,” according to The Guardian.

This is by no means the first time that WhatsApp and its parent company have caught the ire of the Brazilian authorities.

The service has twice been blocked before this year alone, and Facebook regional VP, Diego Dzodan, was even arrested at the beginning of March for allegedly obstructing a police investigation.

On that occasion once again the courts believed WhatsApp was refusing to co-operate when in fact it technically couldn’t access the messages requested by police in a criminal investigation.  

This is exactly the reason why the Investigatory Powers Bill, or Snoopers’ Charter, working its way through parliament seeks to force communications providers to “develop and maintain a technical capability to remove encryption that has been applied to communications or data,” in order to help police in specific investigations.

That in itself will be a major stumbling block, however, as US tech giants such as Apple and Facebook certainly would not accede to such demands. 

Source: Information Security Magazine

Over One-Third of Managers Would Bypass IT Security

Over One-Third of Managers Would Bypass IT Security

Shadow IT is still a major security risk for organizations, despite apparent improvements in employees’ security awareness, according to new research.

Palo Alto Networks claimed that 61% of the 760+ business managers it spoke to in European firms with over 1000 employees said they’d check first with IT before bringing a new device onto the network.

However, that still leaves a significant 39% who would not, creating potential security issues for IT managers.

Of this group, one in eight apparently claimed they would tell no one in the organization about it.

Unsurprisingly, contractors emerged as the biggest risk, with 16% of respondents claiming they’d seen someone in this role bypass corporate security policies.

This is especially troubling given the potential explosion in BYOD driven by the Internet of Things (IoT) revolution.

Even as far back as 2014, a Trend Micro report claimed 69% of UK IT leaders had seen wearables in the workplace and 91% said they expect numbers to increase the following year.

Such devices can introduce potential malware to corporate networks, or else create data loss risks if they automatically sync once connected.

“Modern state-of-the-art security must be able to prevent any device communication becoming the point of a breach and minimize risk for an organization,” argued Palo Alto Networks EMEA CSO, Greg Day.

The research partially chimes with a report from Tenable Network Security out last week which revealed that 55% of UK and 57% of German IT decision makers had seen shadow IT introduced into their organizations.

Two-thirds (65%) of German respondents and 45% of UK IT leaders claimed that this had directly led to a cyber-attack in the past 12 months.

“The presence of unknown or undiscovered assets makes it difficult for security teams to identify and manage the available attack surface,” said Gavin Millard, Tenable’s EMEA technical director.

“If organizations want to stay ahead of the curve they need security solutions that provide the continuous visibility required to stop shadow IT from becoming an attack vector.”

Source: Information Security Magazine