Russia hacked hundreds of Western, Asian companies: security firm

A U.S. cybersecurity firm says it has gathered evidence that the Russian government spied on hundreds of American, European and Asian companies, the first time Moscow has been linked to cyber attacks for alleged economic – rather than political – gains.

According to the firm, CrowdStrike, the victims of the previously unreported cyber espionage campaign include energy and technology firms, some of which have lost valuable intellectual property.

CrowdStrike declined to go into detail about those losses or to name any victims, citing confidentiality agreements related to its investigation.

Officials with the Russian Interior Ministry could not be reached for comment early on Wednesday in Moscow.

“These attacks appear to have been motivated by the Russian government’s interest in helping its industry maintain competitiveness in key areas of national importance,” Dmitri Alperovitch, chief technology officer of CrowdStrike, told Reuters on Tuesday evening.

Cybersecurity researchers have in the past said that China’s government was behind cyber espionage campaigns against various corporations dating back as far as 2005, but China has vehemently denied those allegations. Alperovitch said this is the first time the Russian government has been linked to cyber intrusions on companies.

Governments have been using computer networks to spy on each other for more than 30 years in the type of surveillance programs conducted by virtually every nation, according to CrowdStrike. It is only in the past decade that some nations have started using cyber espionage as a platform for gaining data to help promote their national economic interests, according to Alperovitch.

CrowdStrike has been following the activities of the Russian group of hackers, which it dubbed “Energetic Bear,” for two years. The firm believes the Russian government is behind the campaign because of technical indicators, as well as analysis of the targets chosen and the data stolen, according to Alperovitch.

“We are very confident about this,” he said. Victims include European energy companies, defense contractors, technology companies and government agencies, according to the CrowdStrike report.

Manufacturing and construction firms in the United States, Europe and Middle East as well as U.S. healthcare providers were also cited as targets in the report that was posted on the web early on Wednesday morning, here

CrowdStrike described the activities of the Energetic Bear hackers in its annual cyber threat report, released on Wednesday. It also documented attacks by hacking groups in China and Iran and described the activities of the activist Syrian Electronic Army.

Alperovitch, who is of Russian ethnic origin and now lives in the Washington, D.C., area, is an expert on cyber espionage who rose to prominence while working for McAfee Inc. While there he managed a team of researchers who produced a landmark January 2010 report that described how Chinese hackers had launched an unprecedented series of attacks known as “Operation Aurora” on Google Inc and dozens of other companies.

In 2012, he co-founded CrowdStrike, which collects intelligence about the activities of hacking groups around the world and sells software to thwart such attacks.

He told Reuters that the data his firm has obtained about Energetic Bear suggests that authorities in Moscow have decided to start using cyber espionage to promote Russia’s national economic interests.

“They are copying the Chinese play book,” he said. “Cyber espionage is very lucrative for economic benefit to a nation.”

Source : Reuters

About these ads

17 year old fingered as author of malware used in Target attack

A 17 year old Russian hacker who goes by the online handle of “ree4″ has been identified as the author of the malware that was used to attack Target and Neiman Marcus.

The teenager, Sergey Taraspov, is well known in cyber crime circles having developed other malicious codes to hack commercial systems. He apparently sold about 40 copies of his program to criminals who then modified it slightly and used it to sweep up at least 80 million debit and credit card numbers from Target alone.

Now, the firm that first revealed the Target attack, is saying that 6 other companies suffered a similar fate.

PC World:

Clements said IntelCrawler is “90 percent” sure of its finding, based on the forum postings and sources it communicated with.

The forum posts indicate the teenager sold the malware for $2000 or for a share of the profits that came from monetizing stolen payment card details, Clements said.

BlackPOS was also sold to “carding” websites such as .rescator, Track2.name and Privateservices.biz that trade in stolen card details, according to IntelCrawler.

BlackPOS was originally called Kaptoxa, which is Russian slang for potato. Clements said the Russian teenager eventually renamed the malware BlackPOS during a fresh marketing push.

Dallas-based security company iSight Partners wrote in a report earlier this week on the Target hack, which it called the “Kaptoxa operation.” It says the hackers used a high level of skill to gain stealthy access to the retailer’s network.

International Business Times is reporting that the 6 other companies targeted in the hack have not informed their customers yet:

Retailers in California and New York were among those hacked with kARTOXA/BlackPOS, the software used in the attack on Target.

Security researchers at the Los Angeles-based IntelCrawler said the teen malware author created the first sample of the software in March 2013. Komarov issued the first report on this malware in the beginning of the spring, when he worked for another forensics company.

Komarov also said in an email to the IBTimes that there is evidence of more than six ongoing attacks, but that he cannot yet release more information.

“We will report with the first feedback and approval from [law enforcement authorities],” Komarov said.

IntelCrawler describes itself as a “a multi-tier intelligence aggregator, which gathers information and cyber prints from a starting big data pool of over 3,000,000,000 IPv4 and over 200,000,000 domain names, which are scanned for analytics and dissemination to drill down to a desired result.”

I have taken to checking my bank balance almost every day looking for any charges I didn’t make. It’s probably a good habit to get into anyway, but especially now with these massive hacks underway. I have also invested in Lifelock which would inform us if any suspicious activity occurred or was occurring on our bank account or cards. It won’t prevent an attack but it can help limit the damage.

Better get used to this. It looks like we’re getting a peek at the future of e-commerce.

Source : American Thinker

FBI warns that Anonymous has hacked US government sites for a year

Activist hackers linked to the collective known as Anonymous have secretly accessed U.S. government computers in multiple agencies and stolen sensitive information in a campaign that began almost a year ago, the FBI warned this week.

The hackers exploited a flaw in Adobe Systems Inc’s software to launch a rash of electronic break-ins that began last December, then left “back doors” to return to many of the machines as recently as last month, the Federal Bureau of Investigation said in a memo seen by Reuters.

FBI Warns Anonymous

FBI Warns Anonymous

The memo, distributed on Thursday, described the attacks as “a widespread problem that should be addressed.” It said the breach affected the U.S. Army, Department of Energy, Department of Health and Human Services, and perhaps many more agencies.

Investigators are still gathering information on the scope of the cyber campaign, which the authorities believe is continuing. The FBI document tells system administrators what to look for to determine if their systems are compromised.

An FBI spokeswoman declined to elaborate.

According to an internal email from Energy Secretary Ernest Moniz’ chief of staff, Kevin Knobloch, the stolen data included personal information on at least 104,000 employees, contractors, family members and others associated with the Department of Energy, along with information on almost 2,0000 bank accounts.

The email, dated October 11, said officials were “very concerned” that loss of the banking information could lead to thieving attempts.

Officials said the hacking was linked to the case of Lauri Love, a British resident indicted on October 28 for allegedly hacking into computers at the Department of Energy, Army, Department of Health and Human Services, the U.S. Sentencing Commission and elsewhere.

Investigators believe the attacks began when Love and others took advantage of a security flaw in Adobe’s ColdFusion software, which is used to build websites.

Adobe spokeswoman Heather Edell said she was not familiar with the FBI report. She added that the company has found that the majority of attacks involving its software have exploited programs that were not updated with the latest security patches.

The Anonymous group is an amorphous collective that conducts multiple hacking campaigns at any time, some with a few participants and some with hundreds. In the past, its members have disrupted eBay’s Inc PayPal after it stopped processing donations to the anti-secrecy site Wikileaks. Anonymous has also launched technically more sophisticated attacks against Sony Corp and security firm HBGary Federal.

Some of the breaches and pilfered data in the latest campaign had previously been publicized by people who identify with Anonymous, as part of what the group dubbed “Operation Last Resort.”

Among other things, the campaigners said the operation was in retaliation for overzealous prosecution of hackers, including the lengthy penalties sought for Aaron Swartz, a well-known computer programmer and Internet activist who killed himself before a trial over charges that he illegally downloaded academic journal articles from a digital library known as JSTOR.

Despite the earlier disclosures, “the majority of the intrusions have not yet been made publicly known,” the FBI wrote. “It is unknown exactly how many systems have been compromised, but it is a widespread problem that should be addressed.”

Dalai Lama’s China website hacked, infects others: Kaspersky

The Chinese-language website of the Tibetan government-in-exile, whose spiritual head is the Dalai Lama, has been hacked and infected with viruses.

Experts at computer security company Kaspersky Lab warned that the Central Tibetan Administration (CTA) site had been compromised.

It is believed the malicious software could be used to spy on visitors.

Technical evidence suggests the hackers carried out previous cyber-attacks on human rights groups in Asia.

Dalai Lama's Chinese website hacked and infected

Dalai Lama’s Chinese website hacked and infected

Tibet.net is the official website of the CTA, which is based in Dharamshala, northern India.

The organisation’s spiritual leader is the 14th Dalai Lama, who fled Tibet in 1959 after a failed anti-Chinese uprising, and set up a government-in-exile. China considers the Dalai Lama a separatist threat.

Constant threat

Kaspersky says the CTA website has been under constant attack from the same group of hackers since 2011, but previous breaches have been quietly identified and repaired before attracting significant attention.

Other Tibetan organisations, such as the International Campaign for Tibet, have also been targeted.

Kaspersky Lab researcher Kurt Baumgartner says the hackers used a method known as a “watering-hole attack”.

A security bug in Oracle’s Java software might have been exploited, giving hackers a “back door” into browsers’ computers.

“This is the initial foothold,” Mr Baumgartner said. “From there they can download arbitrary files and execute them on the system.”

Kaspersky’s education manager Ram Herkanaidu said the discovery of the attack came after an “email account of a prominent Tibetan activist was hacked“.

Mr Herkanaidu added: “The likely actors behind the sustained campaign against Tibetan sites are Chinese speaking, as in many cases we have seen log files written in Chinese.”

Second LulzSec hacker sentenced

Second Member of Hacking Group Sentenced to More Than a Year in Prison for Stealing Customer Information from Sony Pictures Computers

LOS ANGELES—A member of the LulzSec hacking group was sentenced this morning to one year and one day in federal prison for participating in an extensive computer attack that compromised the computer systems of Sony Pictures Entertainment and resulted in personal information of more than 138,000 people being posted on the Internet.

LulzSec Hacker Jailed

LulzSec Hacker Jailed

Raynaldo Rivera, age 21, known by the online moniker “neuron,” of Chandler, Arizona, was sentenced by United States District Judge John A. Kronstadt. In addition to the prison sentence, Judge Kronstadt ordered Rivera to serve 13 months of home detention, to perform 1,000 hours of community service and to pay $605,663 in restitution.

Rivera pleaded guilty last October to conspiring to cause damage to a protected computer after participating in the attack on Sony Pictures in 2011.

Lulzsec’s goal in the attacks on Sony Pictures and other corporate and government entities, according to a court document, was to see the “raw, uninterrupted, chaotic thrill of entertainment and anarchy” and to provide stolen personal information “so that equally evil people can entertain us with what they do with it.”

Another member of LulzSec, Cody Andrew Kretsinger, who used the online moniker “recursion,” was sentenced in April to one year and one day in federal prison. In addition to the prison term, Judge Kronstadt ordered Kretsinger to serve one year of home detention following the completion of his prison sentence, to perform 1,000 hours of community service, and to pay $605,663 in restitution.

Rivera and Kretsinger studied together at the University of Advancing Technology in Tempe, Arizona. Kretsinger first joined LulzSec, and then he recruited Rivera to join the group, prosecutors said.

Rivera, Kretsinger and others involved in the intrusion obtained confidential information from Sony Pictures’ computer systems by using an SQL injection attack against Sony Pictures’ website. The attackers distributed the stolen data on the Internet, information that included names, addresses, phone numbers, and e-mail addresses for tens of thousands of Sony customers.

LulzSec is known for its affiliation with Anonymous, which is a loose collective of computer hackers and others around the world who conduct cyber attacks and disseminate confidential information stolen from victims’ computers. In 2011, LulzSec engaged in “a two-month rampage of cyber attacks against various corporate and government entities in the United States and the United Kingdom,” according to a sentence memorandum filed by prosecutors.

This investigation into the attack on Sony Pictures’ computer systems was conducted by the Electronic Crimes Task Force (ECTF) in Los Angeles. The ECTF is composed of agents and officers from the FBI, the United States Secret Service, the Los Angeles Police Department, the Los Angeles County Sheriff’s Department, the United States Attorney’s Office, the Los Angeles County District Attorney’s Office, and the California Highway Patrol.

Russia grants one year asylum to Edward Snowden

The whole time Edward Snowden has been seeking asylum, WikiLeaks staffer Sarah Harrison has been by his side.

She has emerged as a central, if mysterious, figure in the saga that has taken Snowden across the world in an attempt to evade U.S. espionage charges. Harrison rose from intern to one of WikiLeaks’ founder Julian Assange’s most trusted lieutenants in just a few years, but she has earned an even higher profile as Snowden’s guide and adviser.

"He has left the airport to go to a safe location"

“He has left the airport to go to a safe location”

WikiLeaks says she traveled with the former NSA systems analyst from Hong Kong to Moscow. She appeared next to Snowden at a meeting with activists at the Moscow airport where he was stranded in hiding for weeks. She even slipped out of the airport in a taxi with him after Russia granted him asylum Thursday, according to the group.

WikiLeaks has otherwise not revealed much about her. But what is clear is that she has become indispensable to the organization.

It has described her as Snowden’s legal adviser. While she does not appear to have a law degree, her bio on the Wikileaks websites lists Harrison as a “U.K. citizen, journalist and legal researcher.” Media reports put her age at 31.

While interning at the Center of Investigative Journalism, based at London’s City University, she helped WikiLeaks’ founder Julian Assange with the organization’s disclosure of secret U.S. military records, according to the group’s website. Harrison went on to join the Bureau of Investigative Journalism in August 2010, working as a researcher at the British not-for-profit that supports investigative journalism.

There she worked on the team handling a series of Iraq War files released by WikiLeaks to several major media organizations —before moving into WikiLeaks itself in October 2010. Since then, she has maintained a constant, but mostly silent, presence at Assange’s side.

She was with him at the English country manor where he lived under house arrest while resisting extradition to Sweden on sex-related allegations. She was also with him at his court appearances. She was also among those who forked over funds for his bail, money they lost when he sought refuge in the Ecuadorean Embassy in violation of his bail conditions.

But with Assange holed up in the embassy, Harrison has taken on a more public role with the organization.

She appeared at London’s Frontline Club last year to announce that WikiLeaks was in the process of publishing material from 2.4 million Syrian emails, many of which it said came from official government accounts. In that appearance, she acknowledged that WikiLeaks was facing “a difficult time at the moment” but said “we are continuing to work through that.”

On Thursday, WikiLeaks announced that Snowden had left the Moscow airport — under Harrison’s care. Rarely seen publicly in their weeks hiding out at the Sheremetyevo airport transit zone, that appears unlikely to change now that they have taken a taxi to somewhere in Russia.

“Harrison has remained with Mr. Snowden at all times to protect his safety and security, including during his exit from Hong Kong,” WikiLeaks said in a statement. “They departed from the airport together in a taxi and are headed to a secure, confidential place.”