Posts tagged security

Tracking Cyber Attacks in Real Time Deutsche Telekom, the parent company of T Mobile, launched a site last week that shows cyberattacks and their point of origin in real time. Most attacks currently originate in Russia and China. Via Deutsche Telekom: The website has a digital map of the world which shows the origin of cyber attacks recorded around the clock by more than 90 sensors. A real-time ticker reports which targets they are setting their sights on. In addition, statistics show the current most common forms of attack and the countries in which the most active attack servers are located. However, their location is not necessarily also the country of origin of the attackers. “Most attacks are automated,” explained Kremer. “Figuratively speaking, the attackers shoot into the network with a shotgun to work out where the weaknesses in the systems are.”… …Deutsche Telekom developed the online situation overview of global security attacks as part of a partnership with the alliance for cyber security. The joint initiative of the industry association BITKOM and the Federal Office for Information Security (BSI) brings together companies and public organizations to provide mutual support in the fight against digital attacks… …Deutsche Telekom has more than 90 sensors in use around the world as decoy systems. These so-called honeypots feign weaknesses to provoke attacks and as such act as early warning systems. Image: Screenshot, Overview of Current Cyber Attacks, by Deutsche Telekom.

Tracking Cyber Attacks in Real Time

Deutsche Telekom, the parent company of T Mobile, launched a site last week that shows cyberattacks and their point of origin in real time. Most attacks currently originate in Russia and China.

Via Deutsche Telekom:

The website has a digital map of the world which shows the origin of cyber attacks recorded around the clock by more than 90 sensors. A real-time ticker reports which targets they are setting their sights on. In addition, statistics show the current most common forms of attack and the countries in which the most active attack servers are located. However, their location is not necessarily also the country of origin of the attackers. “Most attacks are automated,” explained Kremer. “Figuratively speaking, the attackers shoot into the network with a shotgun to work out where the weaknesses in the systems are.”…

…Deutsche Telekom developed the online situation overview of global security attacks as part of a partnership with the alliance for cyber security. The joint initiative of the industry association BITKOM and the Federal Office for Information Security (BSI) brings together companies and public organizations to provide mutual support in the fight against digital attacks…

Deutsche Telekom has more than 90 sensors in use around the world as decoy systems. These so-called honeypots feign weaknesses to provoke attacks and as such act as early warning systems.

Image: Screenshot, Overview of Current Cyber Attacks, by Deutsche Telekom.

Information is an existential threat to these regimes.

James Lewis, a cybersecurity expert, to the Wall Street Journal. Chinese Hackers Hit U.S. Media.

Yesterday we noted that the hackers in China have infiltrated the New York Times’ computer systems.

Today, the Wall Street Journal reports that it — along with Reuters and Bloomberg among others — has also been hacked:

Chinese hackers for years have targeted major U.S. media companies with hacking that has penetrated inside newsgathering systems, several people familiar with the response to the cyberattacks said. Tapping reporters’ computers could allow Beijing to identify sources on articles and information about pending stories. Chinese authorities in the past have penalized Chinese nationals who have passed information to foreign reporters.

Journal sources on occasion have become hard to reach after information identifying them was included in emails. However, Western reporters in China long have assumed that authorities are monitoring their communications and act accordingly in sensitive cases…

…Among the targets were a handful of journalists in the Beijing bureau, including Jeremy Page, who wrote articles about the murder of British businessman Neil Heywood in a scandal that helped bring down Chinese politician Bo Xilai, people familiar with the matter said. Beijing Bureau Chief Andrew Browne also was a target, they said.

For its part, a spokesperson for the Chinese government rejects the allegation that it is behind the attacks.

UPDATE: Add the Washington Post to the list.

Hackers in China Infiltrate the New York Times Via The New York Times: For the last four months, Chinese hackers have persistently attacked The New York Times, infiltrating its computer systems and getting passwords for its reporters and other employees… The timing of the attacks coincided with the reporting for a Times investigation, published online on Oct. 25, that found that the relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings. Security experts hired by The Times to detect and block the computer attacks gathered digital evidence that Chinese hackers, using methods that some consultants have associated with the Chinese military in the past, breached The Times’s network. They broke into the e-mail accounts of its Shanghai bureau chief, David Barboza, who wrote the reports on Mr. Wen’s relatives, and Jim Yardley, The Times’s South Asia bureau chief in India, who previously worked as bureau chief in Beijing… …The hackers tried to cloak the source of the attacks on The Times by first penetrating computers at United States universities and routing the attacks through them, said computer security experts at Mandiant, the company hired by The Times. This matches the subterfuge used in many other attacks that Mandiant has tracked to China… …Security experts found evidence that the hackers stole the corporate passwords for every Times employee and used those to gain access to the personal computers of 53 employees, most of them outside The Times’s newsroom. Experts found no evidence that the intruders used the passwords to seek information that was not related to the reporting on the Wen family. Image: The Times’ Patrick LaForge keeping things positive in a post on Twitter.

Hackers in China Infiltrate the New York Times

Via The New York Times:

For the last four months, Chinese hackers have persistently attacked The New York Times, infiltrating its computer systems and getting passwords for its reporters and other employees…

The timing of the attacks coincided with the reporting for a Times investigation, published online on Oct. 25, that found that the relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings.

Security experts hired by The Times to detect and block the computer attacks gathered digital evidence that Chinese hackers, using methods that some consultants have associated with the Chinese military in the past, breached The Times’s network. They broke into the e-mail accounts of its Shanghai bureau chief, David Barboza, who wrote the reports on Mr. Wen’s relatives, and Jim Yardley, The Times’s South Asia bureau chief in India, who previously worked as bureau chief in Beijing…

…The hackers tried to cloak the source of the attacks on The Times by first penetrating computers at United States universities and routing the attacks through them, said computer security experts at Mandiant, the company hired by The Times. This matches the subterfuge used in many other attacks that Mandiant has tracked to China…

…Security experts found evidence that the hackers stole the corporate passwords for every Times employee and used those to gain access to the personal computers of 53 employees, most of them outside The Times’s newsroom. Experts found no evidence that the intruders used the passwords to seek information that was not related to the reporting on the Wen family.

Image: The Times’ Patrick LaForge keeping things positive in a post on Twitter.

infoneer-pulse: A Real-Time Map of Global Cyberattacks Cyberattacks are happening constantly across the globe, and now you can see what that looks in real-time with [this map by the Honeynet Project](http://map.honeycloud.net/) that shows so many attacks, it looks and feels like it’s straight out of an apocalyptic war movie. Each red dot that pops up when you go to the map represents an attack on a computer. Yellow dots represent honeypots, or systems set up to record incoming attacks. The black box on the bottom says where each attack is coming from as they come in. The data comes from the members of Honeynet Project’s network of honeypot sensors that choose to publish the attacks. Not all of members of the project, which has more than 40 chapters around the world, chose to push data, which is why more red dots show up in Europe.  » via The Atlantic FJP: You sank my battleship?

infoneer-pulse:

A Real-Time Map of Global Cyberattacks

Cyberattacks are happening constantly across the globe, and now you can see what that looks in real-time with [this map by the Honeynet Project](http://map.honeycloud.net/) that shows so many attacks, it looks and feels like it’s straight out of an apocalyptic war movie.

Each red dot that pops up when you go to the map represents an attack on a computer. Yellow dots represent honeypots, or systems set up to record incoming attacks. The black box on the bottom says where each attack is coming from as they come in. The data comes from the members of Honeynet Project’s network of honeypot sensors that choose to publish the attacks. Not all of members of the project, which has more than 40 chapters around the world, chose to push data, which is why more red dots show up in Europe. 

» via The Atlantic

FJP: You sank my battleship?

The Perils of Free Messaging Apps, Specifically WhatsApp

via Worldcrunch:

WhatsApp is set up to make the service friendly to new users who don’t have to provide their own combination of user name and password – they just use the existing info relating to their phone as login data. Telephone numbers are simply and clearly the basis for user names, and WhatsApp passwords — at least on Android phones — are clearly based on a phone’s IMEI serial number.

Granger discovered that to generate a password out of the IMEI number the app just changes the order of the digits – “your password is likely to be an inverse of your phones IMEI number with an MD5 cryptographic hash thrown on top of it.” What that means is that anybody who knows a phone’s IMEI number can figure out the password.

Many apps use IMEI numbers to identify phones, and any installed program can access that information and pass it on to an external database. In the event that what happened to iPhone this week (a hacker group released one million Apple UDIDs) happens to WhatsApp, and a database generated from the phone serial numbers were to be made public, WhatsApp user accounts would be compromised and become targets for spammers. Not that hackers have lost any time — on gray market sites, databases of Android phone serial numbers and corresponding cell phone numbers are sold under the keyword WhatsApp.

FJP: Filing this under- be smart and secure about your online and mobile life.

Journalist Security Guide The Committee to Protect Journalists just released an extensive online guide for journalism security: This guide details what journalists need to know in a new and changing world. It is aimed at local and international journalists of varied levels of experience. The guide outlines basic preparedness for new journalists taking on their first assignments around the world, offers refresher information for mid-career journalists returning to the field, and provides advice on complex issues such as digital security and threat assessment for journalists of all experience levels. Topics covered include: Basic Preparedness Assessing and Responding to Risk Information Security Armed Conflic Organized Crime and Corruption Civial Matters and Disturbances Natural Disasters Health Epidemics and Mass Hazards Sustained Risks Stress Reactions Check it. Share it. Great stuff.

Journalist Security Guide

The Committee to Protect Journalists just released an extensive online guide for journalism security:

This guide details what journalists need to know in a new and changing world. It is aimed at local and international journalists of varied levels of experience. The guide outlines basic preparedness for new journalists taking on their first assignments around the world, offers refresher information for mid-career journalists returning to the field, and provides advice on complex issues such as digital security and threat assessment for journalists of all experience levels.

Topics covered include:

  • Basic Preparedness
  • Assessing and Responding to Risk
  • Information Security
  • Armed Conflic
  • Organized Crime and Corruption
  • Civial Matters and Disturbances
  • Natural Disasters
  • Health Epidemics and Mass Hazards
  • Sustained Risks
  • Stress Reactions

Check it. Share it. Great stuff.

Facebook Hacking Happens Really Fast

Background: Facebook’s hundreds of millions of users log in and out of the the site a billion plus times each day.

The Good News: Facebook reports that logins are only compromised .06% if the time.

The Bad News: .06 of a really large number (Facebook members) is a really large number.

Via Consumer Reports:

Graham Cluley, a senior technology consultant with security software maker Sophos, took a closer look at the numbers reported by Facebook in a blog post touting its new online features such as Trusted Friends.

By Cluley’s calculations, 0.06 percent of a billion log-ins results in 600,000 compromised Facebook sign-ons per day. Or, more telling: One hacked Facebook account is being logged in to the social media website every 140 milliseconds.

That’s literally faster than the blink of an eye, which takes only 150 milliseconds.

Takeaway: Change your password from 12345 to something a little more clever.

As crisis maps become more prominent, it’s increasingly important to consider them as contested spaces, and to take seriously the idea that adversaries will try to manipulate them.

Ethan Zuckerman, senior researcher at the Berkman Center for Internet and Society at Harvard University.

Erica Naone, Technology Review. Why Crisis Maps Can Be Risky When There’s Political Unrest: Crisis maps in hostile political situations can let the dictatorial governments, as well as the protesters, see where the action is.

The article reviews what hacktivists and organizations like Ushahidi are doing to tackle security issues as maps are deployed around the globe.

CPJ, We Have A Problem

The Committee to Protect Journalists published an article yesterday exploring whether Google+ was a viable platform for journalists to interact with sources on sensitive topics.

In a generally positive review that outlines the dangers reporters and their sources face when communicating via digital channels the author writes:

So, how secure is Google+ for at-risk reporters? From Day 1, everything on Google+ is encrypted with https. That means that no one, not even a maliciously motivated government with control of your local ISP, can intercept your private conversations.

Let’s stop, pause, recalibrate and explore what HTTPS is and does.

HTTPS is a protocol that encrypts information shared at the point of contact between a User and the service that User is connecting with. You might know it from your experiences with online banking. That is, go to your bank’s Web site and instead of “http” at the beginning of the address, you”ll see an added “S” to the URL indicating that you’re now in a “secure” environment.

At a very high level, this is how it works: When you attempt to connect with a secure server, an encrypted “handshake” occurs. Basically, you say, “Hello” to the server, the server sends an encrypted message back which you (ie, your browser) then answer, and once the “handshake” is confirmed, the rest of your communications pass back and forth under this layer of encryption.

While secure for most purposes, it’s not fool proof. For example, “man in the middle” attacks can occur whereby an eavesdropping third party intercepts the initial request and fakes — and then controls — communication between the two parties.

Point being, to say, “[N]o one, not even a maliciously motivated government with control of your local ISP, can intercept your private conversations,” simply isn’t the case.

Beyond that, just because the servers are secure doesn’t mean they can’t be hacked or broken into. We need just look back a month to reports that Chinese hackers hacked Google’s Gmail which, yes, is HTTPS protected.

Go back a bit further and recall that a number of companies were hit with Operation Aurora, an attack that — among other things — compromised the Gmail accounts of human rights activists.

“As with most targeted attacks, the intruders gained access to an organization by sending a tailored attack to one or a few targeted individuals,” George Kurtz, CTO of McAfee, a technology security firm, explained at the time. “These attacks will look like they come from a trusted source, leading the target to fall for the trap and clicking a link or file… Once the malware is downloaded and installed, it opens a back door that allows the attacker to perform reconnaissance and gain complete control over the compromised system.”

So, long story long: HTTPS isn’t a security panacea and we hope the CPJ amends their Google+ review with these considerable caveats.

There are, after all, reporters and activists around the globe that listen very carefully to what they have to say.

Hacking was in the news this week. If you looked, you’d see something along the lines of: Sony Hacked Again (edit: Palm, meet face) Mac trojan evades Apple’s brand new security fix Spear phishers target gov, military officials’ Gmail accounts Wave of Trojans breaks over Android Lockheed Martin Network Subject to Hacks The British secret service got in on the action with a confectionary twist by hacking Al Qaeda’s English-language magazine and swapping out bomb making instructions with cupcake recipes. And the US military has a new report coming out that states that hacking can be considered an act of war. And that’s where ants come in. US researchers are developing software that mimics ant-like behavior in order to combat unwanted network intrusions. Via SecurityWeek: Errin Fulp, a computer science professor at Wake Forest University, is creating an “army of digital ants” that can roam computer networks looking for threats, and hopes the technology can transform how we think about cyber security. Fulp says the technology is different than traditional security software models because it adapts rapidly to changing threats. “In nature, we know that ants defend against threats very successfully,” Fulp said. “They can ramp up their defense rapidly, and then resume routine behavior quickly after an intruder has been stopped. We’re trying to achieve that same framework in a computer system.”… …This summer, Fulp is working with scientists at PNNL in Richland, Washington to train the “digital ants” to turn loose into the power grid to seek out computer viruses trying to wreak havoc on the system. If the approach proves successful in safeguarding the power grid, it could have wide-ranging applications on protecting anything connected to SCADA (Supervisory Control and Data Acquisition) networks, software systems that monitor and control industrial processes, such as those in nuclear power plants, and other industrial facilities such as water and sewer management systems to mass transit systems to manufacturing systems. Give it up for the little guys and, of course, biomimicry. Photo: Ants and Aphids by Binux via Flickr/Creative Commons.

Hacking was in the news this week. If you looked, you’d see something along the lines of:

The British secret service got in on the action with a confectionary twist by hacking Al Qaeda’s English-language magazine and swapping out bomb making instructions with cupcake recipes. And the US military has a new report coming out that states that hacking can be considered an act of war.

And that’s where ants come in.

US researchers are developing software that mimics ant-like behavior in order to combat unwanted network intrusions.

Via SecurityWeek:

Errin Fulp, a computer science professor at Wake Forest University, is creating an “army of digital ants” that can roam computer networks looking for threats, and hopes the technology can transform how we think about cyber security. Fulp says the technology is different than traditional security software models because it adapts rapidly to changing threats. “In nature, we know that ants defend against threats very successfully,” Fulp said. “They can ramp up their defense rapidly, and then resume routine behavior quickly after an intruder has been stopped. We’re trying to achieve that same framework in a computer system.”…

…This summer, Fulp is working with scientists at PNNL in Richland, Washington to train the “digital ants” to turn loose into the power grid to seek out computer viruses trying to wreak havoc on the system.

If the approach proves successful in safeguarding the power grid, it could have wide-ranging applications on protecting anything connected to SCADA (Supervisory Control and Data Acquisition) networks, software systems that monitor and control industrial processes, such as those in nuclear power plants, and other industrial facilities such as water and sewer management systems to mass transit systems to manufacturing systems.

Give it up for the little guys and, of course, biomimicry.

Photo: Ants and Aphids by Binux via Flickr/Creative Commons.

The hard-to-believe decision by magazine empire Condé Nast (publisher of Vogue, Vanity Fair, The New Yorker, Wired, and Glamour, among others) to move the city’s hot center of creative talent from its current Times Square headquarters to the never-ending security nightmare known as “Freedom Tower” at Ground Zero, may be one of the single most questionable corporate decisions in New York City history.

Ron Rosenbaum, Slate, Save the Condé Nast Maidens! Don’t lock them up in the WTC Tower of Terror.

Background: Condé Nast recently signed a lease for one million square feet of office space at 1 World Trade Center. The deal is worth an estimated $2 billion over 25 years, according to the New York Times which writes, “Besides matters of costs, terms and incentives, the negotiations involved reams of traffic studies and security discussions, to ensure that its black cars (more than 100), its racks of designer dresses and its well-shod executives would be able to pass swiftly each day through the police-imposed security zone that is to surround the complex.”

Journalist Denies FBI Ties

Yesterday we noted that the Center for Public Integrity uncovered a memo revealing that the FBI used an ABC journalist as a confidant during the 1990s.

Today, the New York Times runs a story where Christopher Isham, the journalist in question and now an executive at CBS, denounced the accusation as ““outrageous and untrue.”

Via the New York Times:

Like every investigative reporter, my job for 25 years has been to check out information and tips from sources,” Mr. Isham said in a statement released through a CBS spokeswoman. “In the heat of the Oklahoma City bombing, it would not be unusual for me or any journalist to run information by a source within the F.B.I. for confirmation or to notify authorities about a pending terrorist attack.”…

…One of Mr. Isham’s former colleagues said Tuesday that there was “tremendous pressure” for F.B.I. agents to recruit informants in the wake of the Oklahoma City bombing and noted that being considered an F.B.I. source did not necessarily mean a person was a willing informant.