STE WILLIAMS

UK cybercops have claimed credit for preventing attempts to blast the official Royal Wedding website offline in April, following the arrest of a teenager suspected of masterminding the attack.

Detective Superintendent Charlie McMurdie said that preemptive action was taken to keep the site, dedicated to the marriage of Prince William and Kate Middleton on 29 April, up and running despite the connection onslaught. McMurdie declined to go into further details, other than to say that the Met had been asked to investigate the threat.

However a Scotland Yard spokesman told AP that a 16-year-old was arrested and questioned last month on suspicion of attempting to incite others into joining in with a distributed denial of service attack against the site. The teenager was released on police bail pending further inquiries, which El Reg can safely guess will involve the forensic examination of seized computer equipment.

McMurdie made her comments in passing during a conference on cybercrime organised by the Royal United Services Institute, a defence industry think tank. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/18/royal_wedding_ddos_thwarted/

The grids of white lines in China’s Gobi desert that have got the world’s conspiracy theorists in a lather for a week, are actually calibration targets used to help China’s spy satellites, says a NASA researcher.

Since the 65ft-wide white line patterns were spotted on Google Earth, it has been speculated that they were anything from missile testing sites to alien writing.

Now believed to be a satellite calibration target

But they are almost definitely images used to calibrate satellites according to Jonathon Hill, a research technician and mission planner at the Mars Space Flight Facility at Arizona State University who spoke to site LifesLittleMysteries.

Satellite cameras will focus on the grids to orient themselves in space. The large size of the grids discovered suggests that the cameras have relatively poor resolution according to Hill.

And they look like they’re paint too he says, explaining that the surface has little cracks in it which means it’s unlikely to be reflective metal. Chalk or dust would go streaky.

Another feature photoed by Google showed abandoned planes in a circular “Stonehenge” style pattern of bumps – and that’s most likely to be a radar test to see how visible military equipment is from the air. It could also allow the Chinese insights into picking out other countries’ hidden military bases.

Like the US and Britain, China has spy satellites in orbit around the earth so the discovery of these orientation and testing sites is no huge surprise. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/18/chinese_desert_mystery_sites_are_satellite_targets/

Plans to extend the London 39 bus route from Putney Bridge Station to Kabul are reportedly on hold after the number of shame caused a bit of a rumpus at a gathering of Afghan elders.

President Hamid Karzai convened the “loya jirga” to chew the fat over US-Afghan relations, but made the mistake of dividing the shindig into 40 committees.

Delegates assigned to committee 39 refused point-blank to take their chairs, lest they be tainted by association with the “pimp” number.

Regular readers will recall that 39 scuppered Kabul car sales earlier this year, as buyers shunned registration plates beginning with the numerals. Legend has it that the whole numerical kerfuffle began with an Iranian pimp nicknamed “39”, whose own number plate declared as much, and ever since the conservative Afghans have associated 39 with whoremongering.

A loya jirga participant explained to the Beeb: “I don’t want to return to my area and be called a pimp. I don’t care if it is true or not, but people out there believe in it. Look no one wants to have a vehicle with number plate 39. And yet, you want me to be in 39?”

Another delegate was less than impressed. He said: “It is sad to see delegates raise such issues at such an important meeting. We have more important things to deal with.”

In order to get the elders back to their important business, officials were obliged to formulate a cunning plan, and simply renumbered the offending committee to “41”. ®

Bootnote

El Reg spoke earlier today a 39-year-old man, who lives at 39 Chicken Street, Kabul. On condition of anonymity, he told us he was looking for a new house to lock himself in until his next birthday, and that he “certainly wouldn’t be listening to Queen’s A Night at the Opera for the foreseeable future”. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/18/afghan_rumpus/

Hackers destroyed a pump used by a US water utility after gaining unauthorized access to the industrial control system it used to operate its machinery, a computer security expert said.

Joe Weiss, a managing partner for Applied Control Solutions, said the breach was most likely performed after the attackers hacked into the maker of the supervisory control and data acquisition software used by the utility and stole user names and passwords belonging to the manufacturer’s customers. The unknown attackers used IP addresses that originated in Russia.

Weiss cited an official government report from the state where the regional water district was located. It was dated November 10, two days after the hack was discovered. The document indicates that the utility had been experiencing unexplained problems with its computerized system in the weeks leading up to the breach.

“Over a period of two to three months, minor glitches had been observed in remote access to the water district’s SCADA system,” Weiss said during an interview, in which he read a verbatim portion of the document to The Register. He said that the attackers were able to burn out one of the utility’s pumps by causing either the pump or the SCADA system that controlled it to turn on and off “repeatedly.”

Weiss said he obtained the report on the condition that the water utility and the state where it’s located aren’t disclosed. He published bare-bones details of the hack on Thursday because he wanted to bring attention to an incident he said raised serious concerns about the ability of the US government to secure critical infrastructure.

“This is really a big deal, and what’s just as big a deal is what isn’t being said or isn’t being done,” Weiss said. “What the hell is going on with DHS? Why aren’t people being notified?”

He said he’s unaware of any water utilities or other SCADA operators who know about the attack.

The Register was unable to verify the claims in the report, and Department of Homeland Security officials didn’t immediately respond to a request for comment. A security researcher with no affiliation to Weiss said there was no obvious reason to doubt the attack took place as described.

“It’s not surprising,” said Rick Moy, President and CEO of NSS Labs. “These things are connected to the internet in ways they shouldn’t be. It’s very plausible.”

Over the past few years, the vulnerability of the control systems used to operate power plants, gas refineries, and other industrial systems has been underscored by a variety of events. Chief among them was the Stuxnet computer worm that infiltrated SCADA systems in Iran and disrupted that country’s nuclear program. Earlier this year, security researcher Dillon Beresford disclosed bugs in widely used control systems that he said were “far reaching and affect every industrialized nation across the globe.”

More recently, researchers discovered highly sophisticated malware dubbed Duqu had infiltrated at least eight industrial facilities throughout the world by exploiting a previously unknown vulnerability in Microsoft Windows. Some researchers say it was created by people with close ties to Stuxnet.

Weiss said the possibility that attackers of the water utility obtained passwords for multiple customers of the SCADA manufacturer left open the possibility that other industrial facilities are also susceptible or may already have been breached. Many industrial control systems rely on passwords that are hard-coded, making it difficult to change stolen passcodes without causing serious problems.

Weiss said the objectives and identities of the attackers remain a mystery. Possibilities could include a nation state doing reconnaissance, recreational hackers looking for laughs, or a criminal gang setting up an elaborate extortion scheme.

“Until you find who did it, there’s no way to know what the motive is,” he said. ®

Follow @dangoodin001 on Twitter.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/17/water_utility_hacked/

Oil, gas and defense data has been boosted from computers in Norway, in what the country fears is its largest-ever data espionage case.

Details are still slim, but according to AP, phishing e-mails were sent with viruses designed to “sweep entire hard drives for data”.

Norway’s National Security Authority, NSN, which coordinates the country’s CERT activities, says attackers have sent industrial secrets from the targeted companies out of the country.

It’s not the first time Norway has suffered serious breaches of security. In March, shortly after its F-16s were involved in air strikes on Libya, a data-stealing trojan was e-mailed to military employees.

NSN spokesperson Kjetil Berg Veire told the Associated Press that more than one person appeared to have been involved in the attack. The NSN is also quoted in an AP running in The Australian as saying that “attacks often occurred when companies were negotiating large contracts”.

Norway has experienced repeated attacks this year, with the NSN identifying at least ten similar attacks targeting the same industries, and the number could be higher, since some victims may not be aware their systems have been compromised.

The Washington Post notes that the Nobel Institute has also been a target, after it gave Chinese activist Liu Xiabo the 2010 Nobel Peace Prize. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/17/noway_data_theft_attack/

A security researcher said that he has developed malware for Microsoft’s forthcoming Windows 8 operating system that’s able to load during boot-up when its run on older PCs.

Peter Kleissner said Stoned Lite, as the latest version of his bootkit is called, doesn’t bypass defenses that will be available to people using Windows 8 on newer machines. Specifically, he said in a series of Twitter messages, it doesn’t bypass a protection known as UEFI, short for Unified Extensible Firmware Interface, which scans boot drives for malware prior to starting up. Stoned Lite also doesn’t attack a low-level security feature know as Secured Boot that will also be available in the upcoming OS.

A previous boot kit – which Kleissner called Stoned – works on Windows 2000 through Windows 7 and is able to load before Windows starts by attaching itself to the master boot record of a targeted PC’s hard drive. Stoned Lite is able to do the same thing for Windows Server 2008 and Windows 8, the Vienna-based developer and researcher said. It works by bypassing the Windows User Account Control, and with a footprint of just 14KB, it can easily be unleashed from a USB or CD drive.

Kleissner said he plans to release further details at next week’s Malcon conference in India.

Microsoft’s announcement in September that it planned to use UEFI was almost immediately met with suspicion from open-source boosters, who claimed the feature could make it impossible to run Systems such as Linux and FreeBSD on computers that adopted the alternative to the BIOS ROM firmware. Microsoft has denied such claims, but many critics still aren’t convinced.

Whatever the merits are of that argument, the inability of Stoned Lite to penetrate UEFI and Secured Boot are the strongest endorsements to date that the features work as advertised. At least for now. ®

Follow @dangoodin001 on Twitter.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/18/windows_8_bootkit/

Visa USA has launched its new logo, with service to follow next year, securing online payments by hosting your wallet in the Visa cloud.

The idea is that you upload details of your payment cards to Visa, even if they’re not Visa-branded, and Visa will process the payment without ever revealing your card details to the merchant. Basically it’s like using PayPal, only merchants have to be registered with Visa and there’s no stored value, but it also maintains the protection inherent in using a credit card.

Just stare at the logo… don’t you feel more secure already?

The “V.me” service won’t launch until next year, but the website is up and accepting enquiries from merchants and developers. Merchants who register with the service just add a line or two of JavaScript and the V.me logo will appear on their site. Users who have already uploaded their card details then click on the logo to make the payment and enter a username and password in the (Visa-served) window which pops up.

The point here is that the merchant just gets a message from Visa’s server saying the transaction has been approved; they don’t get to see the card details or even know what card was used.

RBS WorldPay already offers something very similar, with a UK offering costing £75 in setup fees plus a monthly subscription of £15 as well as a few per cent of every transaction depending on the volume of traffic, and that still requires the user to type their card details in every time. V.me is trying to get those card details entered once, and then secured with a username and password within its cloud.

That’s much closer to the PayPal model, which links accounts to email addresses but stores credit card details in much the same way. But working through PayPal removes much of the consumer protection that paying by credit card provides: the payment is made to PayPal, not to the final merchant, so any dispute must be resolved with PayPal rather than the credit-card issuer.

V.me isn’t acting as an intermediary, so should maintain one’s fraud protection, though to what extent we won’t know until the service launches next year. We do know that the whole V.me is just a precursor to Visa’s planned electronic wallet – something akin to Google Wallet which will allow cards to be installed into an NFC handset and used at every Visa-PayWave-equipped till, probably using the same logo. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/17/v_me_logo_visa_online_shopping/

Malware operators are once again trying to generate profits from the cloud, this time by stealing the resources of infected computers and selling them to a new distributed-computing network, researchers from Kaspersky said.

After infecting a computer, the malware downloads and installs the MetaTrader 5 Tester Agent, software that uses spare CPU cycles to test custom-written software used in financial trading systems. Operator MetaQuotes Software Corp. has more details about how to participate in its MQL5 Cloud Network here. Trojan-Downloader.Win32.MQL5Miner.a, as Kaspersky has christened the malware, sets up an account controlled by the attackers that gets credited.

With hundreds of millions of computers sitting idle on desktops around the world, there’s an untold number of petaflops worth of resources that go unused each day. Legitimate software developers, such as those behind the SETI Project, have been tapping these spare CPU cycles for years. Botnet operators do much the same thing when they use infected computers to send spam or wage denial-of-service attacks.

Over the past few months, crooks have expanded the revenue potential of infected machines by using their spare resources to perform legitimate tasks. A variety of titles, including Infostealer.Coinbit,, use a hijacked PC’s GPU and other resources to mine the digital currency known as Bitcoin.

“When it comes to making money, cybercriminals don’t miss a trick,” Kaspersky Lab Expert Vyacheslav Zakorzhevsky wrote. “That includes exploiting the resources of infected computers without their owners’ knowledge or consent.”

The malware appears to spread through email attachments. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/17/malware_milks_cloud/

Despite a run of high-profile security breaches, almost half of UK corporate laptops remain unprotected against theft and data loss, according to a survey of British businesses published on Thursday.

Only 52 per cent of 320 UK public and private sector IT managers polled in the survey use data encryption on their corporate laptops. Half (50 per cent) fail to protect removable media (USB sticks and DVDs).

The study, commissioned by corporate network and device security firm Check Point, showed that data encryption usage on UK business laptops has grown significantly in the past year. Laptop encryption up 12 points from 40 per cent last year to 52 per cent this year. Consumerisation of IT, the trend where workers use their own smartphones or computers at work as an alternative to using more staid corporate-supplied kit, emerged as a key concern among survey participants.

Only 17 per cent of the organisations quizzed said they insisted on deploying security on personal devices used for work purposes. A further 42 per cent restrict access to corporate networks to corporate devices only. Many of those quizzed (42 per cent) worked for organisations with no security policy in the area.

A substantial minority (13 per cent) of those quizzed reported a breach due to a lost or stolen laptop and a further 7 per cent reported a lost or stolen USB stick or removable storage device. Around one in 12 (8 per cent) reported a breach from an email being accidentally sent to the wrong recipients. Only a third (32 per cent) of those quizzed used data-leak prevention, a type of security technology sold by Check Point and other vendors as a means to prevent just this type of rogue email mishap.

A laptop encryption growth rate of 12 points over just a year sounds like great progress to us, suggesting that deployment of the long-established technology has stepped up a gear. Check Point’s UK boss still isn’t satisfied with these results however, describing the rate of growth as “slow”.

Terry Greer-King, Check Point’s UK managing director said: “It’s encouraging that more UK firms are protecting their laptops and data, but the rate of growth is slow, and nearly half of organisations still do not secure their data on portable computers and devices. At the same time, new threats such as consumerisation are emerging, and many organisations haven’t established measures to secure the use of personal laptops and smartphones in the workplace.”

“These threats need to be addressed by a combination of education and technology so that organisations can protect their data, their business and their employees against the risks of security breaches,” he concluded. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/17/encryption_deployment_survey/

Ten British MPS are calling on the UK.gov to make it easier for companies to report cybercrime to the relevant authorities.

Members from a whole bunch of parties – two MPs from the Labour, Conservative and Lib Dem parties and one each from the DUP, SDLP, Plaid Cymru and one Independent – are backing the early day motion that hopes to get Parliament to debate the current lack of an efficient method for businesses to let the right people know when they have been the victim of a cybercrime.

According to the motion, 40 per cent of cybercrimes committed against firms currently go unreported, but 85 per cent of businesses in Scotland and England say they would report the incidents if “they felt that there was a sufficient and dedicated mechanism to do so”.

The MPs also said that although the Met in London has a dedicated e-crime unit, there was no direct access for assistance or reporting by companies and “standard methods of reporting are proving ineffective”.

The politicians want the government to set up a way for businesses and individuals to report cybercrime to the most appropriate bodies and establish forums for companies to meet and discuss the issue and how to best protect themselves.

Early day motions are the first sign that any topic might get a place in Parliamentary debate, but a lot of the ideas fall by the wayside if they don’t get enough support. However, considering that this motion went from three supporters on Monday to 10 on Wednesday, it just might get its day. ®

Bootnote

It seems that technology is preying on the mind of Lib Dem MP for Colchester Bob Russell, since his name is attached to this cybercrime motion as well as the motion that expressed deep concern over video game Call of Duty: Modern Warfare 3, particularly in reference to scenes in which a London Underground train is bombed.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/17/mp_call_for_easier_cybercrime_reportage/