STE WILLIAMS

The White House is reportedly getting all federal agencies together to develop voluntary cybersecurity guidelines for power, water and other critical infrastructure companies.

The Feds will get 90 days to propose the regulations and put together a new cybersecurity council at the Department of Homeland Security with agents from the Defence, Justice and Commerce Departments and the Director of National Intelligence, a former cybersecurity official let on to Reuters.

The draft executive order from the Obama-led administration apparently includes bits out of The US Cybersecurity Act 2012, which was defeated in the Senate over the summer after opposition from industry and Republicans. Despite the bill’s defeat, some government officials are still worried about the security of critical infrastructures.

Senate Homeland Security Committee Chairman Joe Lieberman urged President Barack Obama yesterday to use the “full extent of his executive powers” to help cybersecurity.

“I urge you to explore any means at your disposal that would encourage regulators to make mandatory the standards developed by the Department of Homeland Security pursuant to your Executive Order so we can guarantee that our most critical infrastructure will be defended against attacks from our adversaries,” the senator wrote.

“In addition, I urge you to consider using your authority to strengthen information sharing mechanisms to the extent possible under current law. The Cybersecurity Act of 2012 contained important provisions that would have allowed companies and the Government to share cybersecurity threat information while protecting and preserving the rights and liberties we hold dear.”

A spokeswoman for the administration’s National Security Council confirmed that a draft order was being considered but didn’t give any details. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/09/25/executive_order_cybersecurity/

A US government agency will soon announce which of five remaining candidate algorithms will become SHA-3, the new hash function to replace SHA-1 and SHA-2. The latter is a key component in various security technologies, from SSL and SSH to PGP and IPsec, and must be used by law in certain US government applications.

The US National Institute of Standards and Technology’s decision to name the winning algorithm will mark the end of a six-year competition.

However one of the software authors still in the running, cryptography guru Bruce Schneier, hopes that all five functions – including his own – will be passed over. The “no award” decision Schneier wants would effectively leave the competition open until a compelling reason to make a change emerges.

“It’s not that the new hash functions aren’t any good, it’s that we don’t really need one,” Schneier explained in a blog post. “When we started this process back in 2006, it looked as if we would be needing a new hash function soon. The SHA family (which is really part of the MD4 and MD5 family), was under increasing pressure from new types of cryptanalysis. We didn’t know how long the various SHA-2 variants would remain secure. But it’s 2012, and SHA-512 is still looking good.

“Even worse, none of the SHA-3 candidates is significantly better. Some are faster, but not orders of magnitude faster. Some are smaller in hardware, but not orders of magnitude smaller. When SHA-3 is announced, I’m going to recommend that, unless the improvements are critical to their application, people stick with the tried and true SHA-512. At least for a while.”

A cryptographic hash algorithm converts data into a shortened “message digest” from which it is, ideally, impossible to recover the original information. This one-way technique is used to generate digital signatures that confirm a message or file is from a genuine source – and other scenarios where you don’t want to reveal your secret cryptographic key, but at least prove you have it in your possession.

As well as the strength and elegance of each wannabe SHA-3 algorithm, the performance and power consumption on battery-powered computers, such as smartphones, will be a crucial deciding factor.

Teams of competing cryptographers were invited take a crack at smashing rival algorithms, or at least unearthing potential flaws.

The overall competition is similar to the contest for the function to underpin the Advanced Encryption Standard (AES). The Rijndael cipher won this competition in 2002, and was adopted as the standard for AES. Its subsequent adoption by the US made it the gold standard for cryptography, superseding the Data Encryption Standard (DES).

Schneier’s Twofish algorithm made it into the final five of the AES competition, but lost out because it was slightly slower than Rijndael. No call was made to drag out the AES competition by Schneier or anyone else, because there was a general acceptance that DES was potentially vulnerable and not particularly fast.

Both DES and AES deal with the encryption of the complete content of an electronic message in a way that the encrypted data can be decrypted with the correct key. Hashing algorithms deal with message digests and cannot, ideally, be reversed without brute-forcing the function. Problems arise where two different inputs to the one-way function produce the same message digest, known as a cryptographic collision. These collisions can be used to fake digital certificates, and featured in the recent Flame cyber-espionage malware – a very rare real-world example of this kind of attack.

If NIST does announce a SHA-3 winning candidate – and after spending years whittling 64 initial candidates down to five, this does some likely – then it could do worse in selecting Schneier’s Skein algorithm instead of its four rivals (BLAKE, Grøstl, JH, Keccak).

“Of course I want Skein to win, but that’s out of personal pride, not for some objective reason,” Schneier writes. “And while I like some more than others, I think any would be okay.”

“Well, maybe there’s one reason NIST should choose Skein. Skein isn’t just a hash function, it’s the large-block cipher Threefish and a mechanism to turn it into a hash function. I think the world actually needs a large-block cipher, and if NIST chooses Skein, we’ll get one.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/09/25/sha_3_hash_contest/

An analysis of the hacking communities in Eastern Europe and Asia has concluded that citizens of the former Soviet bloc are still top dogs at cracking complex systems.

“While East Asian hackers dominate cybersecurity-related headlines around the world with high-profile intrusions and advanced persistent threats (APTs), it would be a mistake to conclude that these attackers are the sole or greatest criminal threat to the global internet today,” said Trend Micro’s VP of cybersecurity Tom Kellermann, in the report.

“After conducting extensive research into the nature of the East Asian and East European underground,” he wrote, “Trend Micro has concluded that hackers from the former Soviet Bloc are a more sophisticated and clandestine threat than their more well-known East Asian counterparts.”

The two groups have very different modes of operation, Kellermann explained. Eastern European hackers typically operate in small groups and write specifically designed malware for custom jobs. The code is tight, highly automated, and the target is attacked only after extensive reconnaissance work.

Once the hack attack is launched, the Europeans are typically after data that can be rapidly converted into cash or used internally for further attacks, and the attack itself is designed to be as stealthy as possible to avoid alerting the victim. The attackers also tend to own and operate their own servers, ensuring they are covered at every stage of the attack.

By contrast, East Asian hackers tend to use off-the-shelf malware that exploits existing vulnerabilities or reverse-engineered patches for recent flaws. Once inside a network they grab as much data as possible in large-scale attacks using multiple people, and export it all back to base, often making little effort to hide what’s been done.

The difference in attacking styles is down in part to the relative maturity of the European hacking market. The Eastern Europeans were one of the first groups to turn a profit from the trade in the mid-1990s, after large numbers resorted to hacking in the wake of the post-Soviet economic meltdown, and they remain highly financially motivated.

This is also reflected in their code. Most hackers in the region started out using outdated hardware and so write very tight code that maximizes effectiveness without requiring too much in the way of hardware support or additional applications. Third-party tools are also uncommon.

“There’s a flourishing online arms bazaar and the greatest weapons are coming from Eastern Europe,” Kellermann said. “They’re the equivalent of a custom made automatic rifle with a laser scope rather than one shot weapons made to be discarded.”

While there are some highly skilled Asian hackers who use similar techniques, the vast majority of attacks from that region use malware that’s either bought as-is, or that has been cobbled together from various different sources. Asian malware users are much less concerned about elegant code, preferring to stick with whatever works to get them into a target system.

Part of these differences between the two groups also stems from the motives behind the attacks, Kellermann explained. Whereas Europeans chase the money, Asian attacks are much more likely to be looking for corporate data that can be used or resold for competitive advantage in commerce.

“Asian corporations in sovereign boundaries can hack outsiders for comparative advantages with very little attention – they’re not after money,” Kellermann told The Register. “These corporations either hack for data themselves or use mercenaries for hire.”

Such tactics mean that the Asian hackers have far more job security than their Eastern European counterparts, so long as they have a reliable backer. By contrast European hackers operate as individual mercenaries or in small groups, and are only as good as their last job.

“You need to be trusted as someone who is good to their word in deals, show you’re not collaborating with any authorities and your code has to function as advertised,” Kellermann explained. “Lose any one of those three features and you’ll be ostracized from the community.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/09/24/european_v_asian_hackers/

Transit systems around the world have begun turning to card-based “contactless” ticketing systems as an easy way to process fares. But according to security researchers, flaws in some ticketing schemes could allow savvy customers to bag themselves a permanent ticket to ride, using nothing more than an Android app and an NFC-enabled phone.

Speaking at the EUSecWest conference in Amsterdam last Thursday, Corey Benninger and Max Sobell of the Intrepidus Group revealed how weak security in certain tickets based on the MIFARE Ultralight chip could allow hackers to rewrite the data on the cards, potentially recharging them an infinite number of times.

Not every type of NFC-enabled transit ticket is vulnerable. The exploit only works on disposable, paper tickets that can be purchased for a specific number of trips. Permanent, plastic cards that offer more complicated fare schemes are not affected.

According to the researchers, the vulnerability lies in the fact that the tickets keep a count of the number of trips left on the card, but they do nothing to invalidate the card once the purchased number of trips is exhausted.

The Ultralight chip does include a few bits of storage that can only be written once and never again, which allows for the digital equivalent of punching a hole to the ticket to cancel it. But according to Benninger and Sobell, at least two US transit systems don’t actually use this technique, and probably many more don’t, either.

“We know a number of cities are looking to roll out contactless technology and hope we can bring light to this issue so that it is implemented correctly in the future,” the researchers write in a blog post explaining the technical details of the hack.

The Intrepidus Group says it has actually developed an Android app that can exploit the flaw by copying the data from a brand-new ticket, then writing it back to the card when the purchased number of trips are used up. All that is required is an NFC-enabled phone, as demonstrated in the video below:

The researchers haven’t released this version of the app – much to the relief of transit operators, no doubt – but they have released a version that can scan the data from a ticket to determine if the transit system in question is vulnerable. That version is available from the Google Play store.

The two vulnerable transit systems the Intrepidus Group has identified are the City of San Francisco’s Muni rail and bus system and the Path train system, which shuttles passengers between New York City and various parts of the State of New Jersey.

The researchers say they have contacted both transit operators, explained the problem, and provided recommendations on how to fix the flaw. But although they say they contacted San Francisco Muni in December, your West Coast Reg hack can confirm that the Intrepidus Group’s app still reports Muni tickets as vulnerable as of Monday.

The larger issue, the researchers say, is that the security features built into these disposable ticketing systems may be inadequate in a world where NFC-enabled smartphones are commonplace.

“One of the items we also raised in our talk is that full card emulation on smartphones is likely to happen soon,” the researchers write. “When this does, it could cause a number of NFC based access control systems to be re-evaluated.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/09/24/nfc_transit_ticket_hack/

The stealthy ZeroAccess botnet commands a zombie army of more than one million machines, according to new research.

A study by Sophos published last week reveals that the latest version of the malware, which is designed for either click fraud or Bitcoin mining, has infected more than 9 million machines over its lifetime. The infected population accessible to unknown botherders at any one time is estimated at around one million. Machines are lost to the botnet through clean-up action by users. But that’s only a small concern to cybercriminals, who are raking in plenty of revenue through the zombie network they control.

“If running at maximum capacity, the ZeroAccess botnet is capable of making a staggering amount of money: in excess of $100,000 a day,” Sophos estimates.

ZeroAccess first appeared on the scene around two years ago, in November 2010. Previous versions of the malware used URLs associated with the infamous Russian Business Network to spread hard-to-clean and stealthy rootkit functionality.

The latest variant of the malware differs from the previous versions in dropping some of the rootkit-style features. Even so, a white paper by James Wyke of Sophos on the botnet, “The ZeroAccess Botnet – Mining and fraud for massive financial gain, concludes that ZeroAcess is a persistent threat that is likely to hang around as an irritant for years to come.

“Although the network is peer-to-peer based, centralised servers are used to record installations and keep tabs on active infections. The authors take great pains to disguise network traffic to these servers as innocuous, ordinary traffic,” Wyke concludes.

“Many aspects of ZeroAccess display the authors’ fondness [for] fall-back options and backups. There is always more than one way for ZeroAccess to start up on an infected machine; the droppers phone home in two different ways during installation; each time specific functionality needs a server address there is usually a backup address if the first cannot be reached.”

A map of ZeroAccess botnet infections in Western Europe and the US, compiled by F-Secure, can be found here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/09/24/zeroaccess_botnet/

Iran has denied computers on its soil were behind denial-of-service attacks against American banks.

US national security officials allege the websites of JPMorgan Chase, Citigroup and Bank of America were slowed by assaults launched from Iran. The G-men didn’t say whether the attackers were backed by the Middle Eastern nation’s government or patriotic Iranian citizens.

Iran’s Head of Civil Defense Organization Gholam Reza Jalali stepped forward to dismiss the accusation on Sunday. “Iran has not hacked the US banks,” he told the semi-official Fars News Agency, upgrading the act of flooding a web server with traffic to full-blown hacking.

Jalali added that the reports were an attempt to demonise Iran and paint the country as a threat to global tech security.

Separately Iran is reportedly planning to block Gmail and other Google services after the incendiary Innocence Of Muslims film, an anti-Islam vid that has sparked protest across the Middle East, was uploaded to YouTube, The Guardian reports. It’s unclear whether or not the blockade is in place at the time of writing.

Internet access in Iran has been routinely censored for years, a restriction many in the country attempt to circumvent by using proxy servers or VPN technology. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/09/24/iran_denies_us_bank_ddos_attacks/

Virus writers are experimenting with Google’s Go as a programming language for malware.

The Encriyoko Trojan uses components written in Go, a compiled language developed by the search giant. It first emerged from the Chocolate Factory in 2009. Once installed on a Microsoft Windows PC, the Trojan attempts to use the Blowfish algorithm to encrypt all files matching various criteria including particular document types and a range of file sizes. The key used to encrypt the data is either pulled from a particular file on the D: drive or is randomly generated. This renders the data useless to its owner if the cipher cannot be recovered.

“Restoration of the encrypted files will be difficult, if not impossible,” Symantec warns in a blog post about the Trojan.

The malware is circulating in the wild, and disguises itself as a tool to “root” Samsung Galaxy smartphones – a process that would otherwise allow customised operating systems to be installed on the phones. The Symantec bods reckon that VXers are probably experimenting with the Google’s Go, which is not to be confused with the Japanese board game of the same name. It’s possible the unknown virus writers are simply using a programming language they’ve taken a liking to.

“The advantage for VXers could be that they are more familiar with that specific language as opposed to some other languages and the language itself may offer some degree of flexibility in coding terms,” Paul Wood, a security researcher at Symantec told El Reg.

“It also might be more resilient to reversing attempts by researchers as Go isn’t really mainstream. The latter may be more a perception by the coders than in reality.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/09/24/google_go_trojan/

Boffins at Cambridge University have uncovered shortcomings in ATM security that might be abused to create a mechanism to clone chip-and-PIN cards.

The security shortcoming might already be known to criminals and creates an explanation for what might have happened in some, otherwise baffling, “phantom” withdrawal cases.

Each time a consumer uses their chip-and-PIN card, a unique “unpredictable number” is created to authenticate the transaction. Mike Bond, a research associate at the University of Cambridge Computer Lab, explains that elements of these “unique” transaction authentication numbers appear to be predictable.

The cryptographic flaw – the result of mistakes by both banks and card manufacturers in implementing the EMV* protocol – creates a means to predict that authentication code (the “unpredictable” number).

For example, if a crook had access several other authentication codes generated by the particular card (in their paper, Bond and his associates posit a scenario where a programmer is sitting behind the till at a mafia-owned shop), it would be possible for the miscreant to extract sensitive data off a chip-and-PIN cards, thus allowing the compromised smart card to be cloned. Bond explains further in a blog post (extract below).

An EMV payment card authenticates itself with a MAC of transaction data, for which the freshly generated component is the unpredictable number (UN). If you can predict it, you can record everything you need from momentary access to a chip card to play it back and impersonate the card at a future date and location. You can as good as clone the chip. It’s called a “pre-play” attack. Just like most vulnerabilities we find these days some in industry already knew about it but covered it up; we have indications the crooks know about this too, and we believe it explains a good portion of the unsolved phantom withdrawal cases reported to us for which we had until recently no explanation.

The security weakness might also be used (with somewhat greater difficulty) to run man-in-the-midddle attacks or they might be used in conjunction with malware on an ATM or Point of Sale terminal, Bond adds.

Bond discovered the security shortcoming almost by accident, while studying a list of disputed ATM withdrawals relating to someone who had their wallet stolen in Mallorca, Spain. The consumer’s card was subsequently used to make five withdrawals, totaling €1,350, over the course of just an hour.

While studying EMV numbers for each transaction, Bond realised that the numbers shared 17 bits in common while the remaining 15 digits appeared to be some sort of counter, rather than a random number.

In the course of their research, the Cambridge boffins examined data from previous disputed ATM transactions as well as fresh data from ATM machines and retail Chip-and-PIN terminals – altogether 1,000 transactions at 20 different ATMs and POS terminals. This ongoing research has already “established non-uniformity of unpredictable numbers in half of the ATMs we have looked at,” according to the researchers.

‘We’ve never claimed chip-and-PIN is 100 per cent secure’

The idea that debit and credit cards fitted with supposedly tamper-proof chips might be vulnerable to a form of cloning sits awkwardly with assurances from the banking sector that the technology is highly reliable, if not foolproof.

In a statement, the UK’s Financial Fraud Action told El Reg:

We’ve never claimed that chip and PIN is 100 per cent secure and the industry has successfully adopted a multi-layered approach to detecting any newly-identified types of fraud. What we know is that there is absolutely no evidence of this complicated fraud being undertaken in the real world. It is a complicated attack. It requires considerable effort to set up and involves a series of co-ordinated activities, each of which carries a certain risk of detection and failure for the fraudster. All these features are likely to make it less attractive to a criminal than other types of fraud.

We are confident that banks are refunding customers and upholding the law – this clearly states that the innocent victim of fraud should have their money reimbursed promptly.

Bond and his colleagues were due to present a paper (PDF) based on their research at the Cryptographic Hardware and Embedded System (CHES) 2012 conference in Leuven, Belgium this week. The paper explains how the cryptographic howler might be exploited in practice.

Many ATMs and point-of-sale terminals have seriously defective random number generators. These are often just counters, and in fact the EMV specification encourages this by requiring only that four successive values of a terminal’s “unpredictable number” have to be different for it to pass conformance testing. The result is that a crook with transient access to a payment card (such as the programmer of a terminal in a Mafia-owned shop) can harvest authentication codes which enable a “clone” of the card to be used later in ATMs and elsewhere.

More commentary on the information security aspects on the potential plastic card security weakness identified by the Cambridge boffins can be found in a blog post by Sophos here. ®

Bootnote

*EMV, also known as “Chip-and-PIN”, is used in debit and credit cards issued throughout Europe and much of Asia. The technology is also beginning to be introduced in North America. The Cambridge team estimates 1.34 billion cards issued worldwide already rely on the technology, which is primarily designed to prevent card cloning, relatively straightforward with previous magnetic-strip cards.

EMV stands for Europay, MasterCard and Visa – the three backers of the technology.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/09/13/chip_and_pin_security_flaw_research/

Hot on the heels of an update that fixed the recent zero-day flaw discovered in Internet Explorer versions 7, 8, and 9, Microsoft has released a separate patch that solves issues related to the Adobe Flash Player component of Internet Explorer 10.

The current Flash vulnerabilities only affect IE 10 running on Windows 8 and Windows 2012 server, meaning most Windows users are in the clear. But although Redmond’s latest operating systems have yet to ship to retail customers, they are already available to volume licensees and subscribers to Microsoft’s MSDN and TechNet programs.

Previous versions of IE displayed Flash content using Adobe’s Flash Player plugin. But in IE 10, Microsoft has made Flash an integral part of the browser, with the goal of providing a “plugin-free” browsing experience. As a result, Flash security fixes for IE 10 must come from Microsoft, not Adobe.

Initially, Microsoft said it wouldn’t offer a patch for the flaws until after Windows 8’s official launch date, but it recanted after it drew criticism from users who worried that the delay meant IE 10 patches would lag behind Adobe’s own bug fix cycle.

Yunsun Wee of Microsoft’s Trustworthy Computing group tried to allay those fears on Friday with a blog post announcing both the fix and Redmond’s security strategy with regard to IE 10 and Flash.

According to the post, Microsoft will “coordinate” with Adobe to release IE 10 patches in conjunction with Adobe’s regular, quarterly update cycle. In addition, Redmond says it may issue emergency updates outside of its own monthly security bulletin cycle, should the “threat landscape” require it.

The current fix is being made available via Windows Update, so most Windows 8 and Windows Server 2012 users should receive it without taking any action, unless they’ve disabled automatic updates. Users who want to install the update manually, on the other hand – for whatever reason – can download it from Microsoft’s Knowledge Base. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/09/22/win8_ie10_flash_fix/

Microsoft has released a 26.9MB patch which fixes five vulnerabilities, including the zero day flaw that is cracking Windows systems via the most common versions of Internet Explorer.

The MS12-063 update provides a fix for the flaw, which is in use by hackers against some companies. The patch also has four more flaw-fixes, which have not been spotted in the wild, according to Redmond.

“The majority of customers have automatic updates enabled and will not need to take any action because protections will be downloaded and installed automatically. For those manually updating, we encourage you to apply this update as quickly as possible,” said Yunsun Wee, director of Microsoft Trustworthy Computing in a blog post.

The flaw was rated as critical or moderate risk, depending on which browser and operating system you are running, but would allow full remote code execution on systems running IE 7,8 and 9 running Adobe Flash on fully-patched Windows XP, Vista and 7 machines, using malware embedded in a web page.

It was discovered by security researcher Eric Romang on an Italian hacking tools site, but there have been reports that it has been used to distribute the Poison Ivy Trojan by the same group that exploited the Java zero-day flaw found in the last month.

So far the automatic update service appears to be running a little slow, at least in El Reg offices, but a manual search picks up the patch. As well as being a fairly hefty download size, the fix also requires a total restart (Linux users can look smug now.)

Microsoft will hold an hour-long webcast to discuss the flaw and its implications at 1200 PT (2000 UT) on Friday. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/09/21/microsoft_patches_zero_day_flaw/