STE WILLIAMS

SafeNet has bought UK-based cloud-based authentication firm Cryptocard.  Financial terms of the deal, announced Monday, were not disclosed.

The deal will allow SafeNet’s existing server-based authentication technology to work alongside Cryptocard’s Blackshield cloud-based services. Cryptocard markets a range of SMS-based mobile, software and hardware token-based authentication products to ISPs and enterprises. It also markets credit cards with built-in one-time tokens.

Cryptocard snapped up GRIDsure’s GRID-based authentication technology last November, prior to being acquired itself.

SafeNet was established by former NSA spooks in the late 1980s. It began by developing Virtual Private Network, encryption and security technologies prior to becoming more involved in authentication and DRM, largely through the acquisition of Rainbow Technologies back in 2003. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/03/12/safenet_buys_cryptocard/

Cybercrime cops have arrested a bloke suspected of hacking into and defacing the website of Britain’s largest abortion provider.

The British Pregnancy Advisory Service (BPAS) site was compromised on Thursday by a hacker using the handle Pablo Escobar, who claimed an affiliation to the Anonymous hacktivist group.

Escobar boasted of extracting the names of women who had sought pregnancy counselling or other sexual health advice through the service – and threatened to release the data. The BPAS said the leaked data only involved details of people who had contacted the service and no medical information was taken. It added that it was the target of “about 26,000 attempts” to break into its website over a six-hour period.

Officers from the Police Central e-Crime Unit (PeCU) arrested the unnamed 27-year-old suspect in Wednesbury, West Midlands, on Friday. Detectives confirmed that the BPAS website was vandalised and “data compromised”, but stressed that no medical or personal information regarding women who have received treatment at the service was obtainable.

Police said the man, who was held on suspicion of offences under the Computer Misuse Act and quizzed at a West Midlands cop shop, claimed to have links to Anonymous.

Detective Inspector Mark Raymond from the MPS PeCU said: “We have taken rapid action to identify and arrest a suspect involved in hacking. This was done to prevent personal details of people who had requested information from the BPAS website being made public. It should be stressed that the stolen data did not contain the medical details of women who had received treatment or why individuals had contacted the British Pregnancy Advisory Service.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/03/12/anti_abortion_hack_arrest/

Hackers claim to have made off credit card records and other personal information after mounting a smash-and-grab raid on porn site Digital Playground.

A previously unknown group called the The Consortium claims to have extracted the user names, email addresses and passwords of 73,000 subscribers to the grumble flick portal. That’s potentially embarrassing enough by itself, but the crackers also claim to have extracted the numbers, expiry dates and security codes for 40,000 credit cards. The Consortium published a sample of the data it stole (login credentials, internal emails, software licence keys) as evidence of the hack, which seems to have been motivated more by mischief than profit-motivated cybercrime.

The Consortium, which claims affiliation to hacktivist group Anonymous, claims the Digital playground site was so riddled with security holes that it acted as a irresistable target. “We did not set out to destroy them but they made it too enticing to resist,” the group said in a statement posted online. “So now our humble crew leave lulz and mayhem in our path.”

Hacktivists claim that the credit card data they have swiped was unencrypted but this remains unconfirmed.

The Digital Playground site has been left online but the site has placed a moratorium on accepting new members while it investigates the hack.

The website is managed and run by Luxembourg-based firm Manwin, which told porn industry news site AVN that it only took on the management of the site on 1 March – possibly after the breach had actually taken place, the BBC reports. Digital Playground subscribers are been notified of the breach which at the very least will mean changing their passwords. It’s unclear if any instances of fraud have resulted from the breach.

Further coverage of the story can be found here. Security commentary via Sophos’ Naked security blog can be found here.

The breach is the latest in a growing list of security incidents to affect smut sites in recent weeks.

Coding errors that had lain dormant for years exposed the email addresses and passwords of YouPorn sex chat site, YP Chat, to all and sundry, it emerged last month.

In an unrelated breach last month, a teenage hacker broke into Brazzers, the hardcore porn portal, before making off with hundreds of thousands of user login details. Brazzers admitted the breach but stressed that no credit card data had been exposed. The self-declared perp uploaded data samples and claimed affiliation with Anonymous, a pattern repeated with the latest breach.

Anonymous splinter group LulzSec carried out a similar operation against smut site Pron.com last June. ®

Bootnote

Digital Playground, based in the San Fernando (porn) Valley region near Los Angeles is one of the biggest adult movie studios in the US. The operation prides itself on being something of a trailblazer for new technologies in the adult industry, for example pioneering the application of HD and three-dimension technology to porn. Digital’s chief executive Samantha Lewis told the BBC that many technology brands use the adult industry to test new markets, albeit in absolute secrecy.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/03/12/smut_site_hacked/

A 19-year-old computer science student has been named the UK’s Cyber Security Champion following months of competition.

Jonathan Millican emerged victorious from finals held over the weekend at the end of a six-month challenge designed to get talented people to consider a career in cyber-security.

The final showdown (Masterclass) in the Hack Idol exercise pitted six five-strong teams against each other in a series of challenges hosted by HP Labs in Bristol on Saturday.

Exercises included advising a start-up on cyber security during a role-playing exercise and fending off a 15-minute-long simulated cyber attack. Millican’s team finished in second spot but he caught the judges eye as the most talented of the 30 participants, earning him the coveted overall title. Millican – a first year student University of Cambridge originally from North Yorkshire – has been offered sponsorship for a masters degree at Royal Holloway, University of London as a prize.

Russ Taylor, a technician in the RAF, was the runner up.

Representatives of sponsors – HP, management consultants PricewaterhouseCoopers, BT, and defence firms Cassidian and QinetiQ – judged the competition.

This year was the second year that the Cyber Security Challenge was held. Last year’s event was won by Dan Summers, a postman from Leeds, who has gone on to work for Royal Mail’s cyber-security team.

Organisers plan to run the competition again next year in a slightly revamped form that will provide the first opportunity for professionals within the industry to pits their wits against new bloods. Established professionals will not be eligible for prizes and will be charged a fee, which will be used to help fund the ongoing work of the Cyber Security Challenge. There’s also plans to run a four-day cyber camp for younger candidates in the 18 to 25 age group, possibly hosted by Lancaster University, though nothing has been confirmed on this front. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/03/12/hack_idol_2012/

NATO’s most senior military official has come under a concerted cyber attack from hackers believed to be operating from the People’s Republic of China.

The Observer reported on Sunday that cyber fiends had targeted Supreme Allied Commander Europe (SACEUR) Admiral James Stavridis by opening fake Facebook accounts in his name in an attempt to trick colleagues, friends and family into giving away his personal secrets on the social network.

Social engineering via platforms such as Facebook can be one of the early stages of an advanced persistent threat (APT), the latest buzz word on the information security scene and a technique commonly linked to cyber spies operating from China.

As such, the attackers may have been looking for information they could use to guess Stavridis’ email or other log-in credentials which they could subsequently use to infiltrate NATO systems and steal sensitive military information.

NATO confirmed to the paper that Stavridis had been targeted several times in the same way over the past two years, with Facebook co-operating in taking down the offending fake SACEUR pages.

Although NATO itself said it wasn’t clear who was responsible for the cyber snooping attempt, the Observer spoke to “security sources” who had no hesitation in blaming China.

“The most senior people in Nato were warned about this kind of activity. The belief is that China is behind this,” one of them is quoted as saying. One possible reason why the hackers decided to use Facebook as its initial attack vector is that Stavridis is an avid social media user and, unusually considering his senior position, is pretty vocal on Facebook.

In October, for example, he announced the end of NATO operations in Libya via his Facebook page.

While the attack has some of the hallmarks of a state-sponsored espionage attempt, it does appear somewhat less sophisticated than some of the APT-style attacks which have come to light in recent years.

These include Operation Aurora, which targeted Google and scores of other western firms, as well as Operation Night Dragon, the series of attacks on global energy firms in 2011.

Despite its protestations of innocence, the People’s Republic has time and again been singled out by officials in the UK and US as one of the main actors in cyber space when it comes to state-sponsored snooping.

Just last week US defence contractor Northrop Grumman released a 136-page report which pointed to China arming its military with information warfare capabilities which could prove a “genuine risk” to US military operations. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/03/12/nato_chinese_hacker_facebook/

The FBI’s DNSChanger deadline extension has been approved by a US Federal Court, buying infected punters more time to clean up their systems.

The move means that machines riddled with the Trojan will still be able to use temporary DNS servers to resolve internet addresses until 9 July. Before the order was granted, infected machines would not have been able to surf the web or handle email properly after 8 March, the previous expiry date of the safety net.

Deployed initially by cyber-crooks, DNSChanger screwed with infected systems’ domain name system (DNS) settings to direct surfers to rogue servers – which hijacked web searches and redirected victims to dodgy websites as part of a long-running click-fraud and scareware distribution scam.

The FBI stepped in and dismantled the botnet’s command-and-control infrastructure back in November, as part of Operation GhostClick.

In order to keep nobbled computers working properly, legitimate servers were set up by the Feds to replace the rogue DNS servers, under the authority of a temporary court order that has now been extended, but this effort did nothing by itself to clean up infected machines.

As many as 4 million computers were infected as the peak of the botnet’s activity.

An updated study by security firm Internet Identity revealed that there has been a “dramatic decrease” in the number of Fortune 500 companies and US federal agencies that have machines infected with DNSChanger on their networks.

IID found at least 94 of all Fortune 500 companies and three out of 55 major government entities had at least one computer or router that was infected with DNSChanger as of 23 February, 2012. The figures have shown a sharp drop from the 250 out of 500 Fortune 500 companies found to be infected a few weeks prior to its latest survey – providing evidence that the clean-up operation has finally clicked into gear.

More information on how to clean up infected machines, and other resources, can be found on the DNS Changer Working Group website here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/03/09/dnschanger_safety_net_extended/

Security researchers are appealing for help after discovering that part of the Duqu Trojan was written in an unknown programming language.

Duqu is a sophisticated Trojan reckoned to have been created by the same group behind the infamous Stuxnet worm. While the finely tuned Stuxnet worm was designed to home in on specific industrial control systems – namely systems controlling high-speed centrifuges used by Iran’s controversial nuclear enrichment plants – Duqu was created to fulfil the slightly different role of a backdoor where intruders could slip into SCADA-based systems and nick confidential information.

Securo-boffins at Kaspersky Lab have discovered during their research that Duqu uses the mystery code to communicate with its Command and Control (CC) servers once it infects a compromised machine. Researchers at the Russian anti-virus firm have named this unknown section the “Duqu Framework”.

Unlike the rest of Duqu, the Duqu Framework is not written in C++ and it’s not compiled with Microsoft’s Visual C++ 2008. The Kaspersky research team has gone some way in unravelling the mystery language used by the Duqu Framework, but still needs addition help. So far, the researchers have worked out what the mystery code does, but are still mostly in the dark about the grammar and syntax of the programming language, they said.

Kaspersky Lab researchers explained:

It is possible that its authors used an in-house framework to generate intermediary C code, or they used another completely different programming language. However, Kaspersky Lab researchers have confirmed that the language is object-oriented and performs its own set of related activities that are suitable for network applications.

The language in the Duqu Framework is highly specialised. It enables the Payload DLL to operate independently of the other Duqu modules and connects it to its dedicated CC through several paths, including Windows HTTP, network sockets and proxy servers. It also allows the Payload DLL to process HTTP server requests from the CC directly, stealthily transmit copies of stolen information from the infected machine to the CC and even distribute additional malicious payload to other machines on the network, creating a controlled and discreet form of spreading infections to other computers.

Having gone as probably as far as they can, Kaspersky Lab is appealing to the programming community for support in analysing the mystery language used to build the malware. It wants to hear from coders who recognise either a framework, toolkit or a programming language that can generate similar code.

The creation of a dedicated programming language to construct the communications module shows how skilled the developers were, as well as providing evidence that significant financial resources were ploughed into developing the Duqu Trojan project.

“Given the size of the Duqu project, it’s possible that an entirely different team was responsible for creating the Duqu Framework as opposed to the team that created the drivers and wrote the system infection exploits,” explained Alexander Gostev, chief security expert at Kaspersky Lab. “With the extremely high level of customisation and exclusivity that the programming language was created with, it is also possible that it was made not only to prevent external parties from understanding the cyber-espionage operation and the interactions with the CCs, but also to keep it separate from other internal Duqu teams who were responsible for writing the additional parts of the malicious program.”

Duqu was first detected in September 2011, but Kaspersky Lab reckons the first trace of Duqu-related malware dates all the way back to August 2007. The Russian security firm has logged more than a dozen incidents of Duqu infection, with the vast majority of victims located in Iran.

More details about the Duqu Trojan and its mystery communications modules can be found on Securelist, Kaspersky Lab’s research site, here. Researchers at Kaspersky, which has carried out a great deal of top-notch analysis work on the topic, were the first to find the “smoking code” linking Stuxnet and Duqu. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/03/08/duqu_trojan_mystery_code_riddle/

CanSecWest Google has released a patch a day after Sergey Glazunov hacked its browser with a pair of zero-day flaws. The update covers Windows, Mac OS X, Linux and Chromium OS.

Google’s Chrome fell to two separate attacks on Wednesday evening, both based on previously unknown vulnerabilities during competitions at the CanSecWest conference.

The first hack was demonstrated by a team representing Vupen Security within the first five minutes of the Pwn2Own contest, organised by HP Tippingpoint. The second hack was performed by Glazunov, who demonstrated a “full Chrome exploit” in the Google-sponsored Pwnium contest.

HP TippingPoint’s well-established Pwn2Own competition has been around since 2007, but this was the first year that the separate, Google-funded Pwnium ran at CanSecWest. Google had previously offered up cash prizes for any Pwn2Own participant who could hack Chrome, but it launched its own competition this year following musical differences that emerged late last month. Google wanted info on the vulnerabilities and exploit developed, something the more established Pwn2Own competition didn’t offer, prompting Google to withdraw its planned sponsorship and set up the parallel competition.

Google’s Pwnium has a prize pool of $1m (£600,000), the biggest cash prize of which is $60,000 (£38,071), which was snapped up by Glazunov. He apparently bypassed Chrome’s sandbox using native Chrome code.

Pwn2Own – which ran under a different format this year, most notably excluding mobile browsers from the target list – challenges security researchers to develop browser exploits in order to hack into PCs. Target systems include Windows and Mac machines running Internet Explorer, Apple Safari, Google Chrome and Mozilla Firefox. Teams compete to accumulate points that translate into ten of thousands of dollars in prizes.

Chrome was a big scalp for hackers in previous editions of Pwn2Own, but the separate competition made it even more of a target this year.

The successful attack on the browser developed by the Vupen Security team took advantage of bugs in an Adobe Flash plugin to break out of the Chrome sandbox on a Windows 7 system. “Last year, we saw a lot of headlines that no one could hack Chrome. We wanted to make sure it was the first to fall this year” Vupen Security chief exec, Chaouki Bekrar, told H Security.

Both competitions continue for the rest of the CanSecWest conference, which ends on Friday. You can follow the progress of Pwn2Own via the competition’s Twitter feed here. ®

L337note

Google also tosses out bundles of cash ranging from $500 to $1,337 for finding bugs for its Chromium Bug Tracker during the rest of the year.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/03/09/pwn2own_pwnium_cansecwest/

Police in South Korea have arrested five men working as sub-contractors for the country’s two biggest mobile companies. The men were nabbed on suspicion of snarfing personal information and location data from potentially hundreds of thousands of mobile users and selling it on to private detectives.

The Korea Herald reported that the men had been subcontracted to manage online friend tracking services for SK Telecom and KT, which between them have close to 90 per cent of the mobile market in the country.

However, the men allegedly developed software designed to harvest personal user information and location data without the knowledge of the user and then sold it on for up to 300,000 won (£168) per set of information.

As well as the two alleged data thieves, police reportedly arrested a private detective agency owner and a man who acted as broker – buying data from the hackers and selling it on to the agencies for up to 500,000 won (£280).

The detective agencies then sold the data on again to individual clients, the report alleged.

The illegal software was used in close to 200,000 cases, according to the police.

“The program had been used for commercial reasons for three months since August last year. But it is assumed that not all the tracking cases were tracked in violation of the law,” a police official is quoted as saying.

“We plan to further expand related investigations because we have found that as many as 1,000 clients requested information tracking and the destinations of the leaked information have not been disclosed.”

The incident calls to mind a well-publicised case from 2009 when T-Mobile was forced to admit that staff had been making significant sums on the side by selling on customer data to competitors.

In the case of KT and SK Telecom, both of whom reportedly knew nothing of the illegal activity going on until the arrests, it highlights the need for companies to practice good data security and carry out strict vetting checks on any subcontractors. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/03/09/south_korea_phone_hackers/

The Council of Registered Ethical Security Testers (CREST) has opened a local chapter, with help from Australia’s Federal Government.

CREST certifies ethical hackers, giving them a shinier CV. Outfits who hire certified staff gain confidence that they’re shelling out for someone with both integrity and solid skills.

A press release emitted by Federal Attorney General Nicola Roxon says CERT Australia will work hand in hand with CREST and will send folks to “various CREST sub-committees alongside business members.” She also says having a local CREST is a fine idea as it will mean local businesses can hire white hackers without all the “trust me, I would never hack you or sell your secrets to a rival” nervousness associated with hiring white hats.

Alastair MacGibbon, currently Director of the Centre of Internet Safety at the University of Canberra and the former Director of the AFP Australian High Tech Crime Centre, will be the founding Chief Executive Officer of CREST Australia.

Australia’s CREST is affiliated with CREST Great Britain.

®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/03/09/crest_australia/