STE WILLIAMS

Eugene Kaspersky thinks Huawei’s products contain “some doors, they are not back doors, but somewhere in-between”, but that overall “there is nothing really wrong with Huawei”. Th Russian security supremo is nonetheless taking steps to ensure his company doesn’t experience the same less-than-welcoming reception Huawei has found in the US market.

Kaspersky offered his opinion to Vulture South yesterday. Kaspersky breezes into Australia most years and behaves an awful lot like a Russian Richard Branson, putting on a stunt of some sort for the press^*, revealing extra-curricular adventures (a trip to Antarctica with horrifying instagram-over-satphone charges) and offering plenty of knowing winks that hint at his history of association with Russia’s security apparatus and unusual proximity to the digital underground.

Throw in the big hair and he puts on quite a show, making him a source of quotable quotes (he’s adopted the term “SCADAgeddon” coined by local provocateur Stilgherrian to describe a likely outcome of online warfare) but also not quite ever appearing entirely serious.

How much weight to place then, on Kaspersky’s claims of grey areas in Huawei products?

“We are not going to detect Huawei software as malicious,” he said. “And it is not just Huawei that has this grey area in their products. There was a very famous story about Sony rootkits,” he pointed out, before adding that he feels Huawei’s troubles in the USA and beyond can be attributed to the detection of some suspicious behaviour in its products and the knowledge of those issues being politicised.

Kaspersky didn’t want to talk politics, but did say his company is alive to the fact it can hurt his its prospects.

“In the USA, Australia and Western Europe we are facing similar issues of trust,” he said, and outlined plans to address those issues before they fester.

“We are entering the United States and we are about to have second backup and compiling systems in the States,” he said. “US citizens will have access to source code and we will be very open to disclose the source code in case of requests.”

Eugene Kaspersky, some moderately-famous bridge and an inconvenient light

“We need to prove that we are from the other side of the world, but you can trust us, and we will do our best to confirm it and to prove it. If we have any questions like Huawei questions about our technology, we will explain it to you, we will prove there is nothing wrong in our products and technologies.”

His tone while detailing those plans? Deadly serious and delivered with all the weight of a CEO with his eye on growth. But also, as seems always to be the case with Kaspersky, also with an eye on the next party. ®

^*2012 saw Kaskpersky invite media to play paintball. At the end of the session he declared “I kill so many journalist today”. Given the fate of some members of the profession in his home nation, it was hard to know just what he meant by the remark. This year access to the man was offered in a waterside restaurant with stunning views of Sydney Harbour Bridge.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/30/kaspersky_plans_source_code_reveal_to_avoid_huawei_taint/

The world’s fourth most populous country, Indonesia, is fed up with getting hacked and wants to build a special military defence force to protect the state against online attacks.

A senior defence ministry official revealed that the government is proposing a new law which would allow such a force to defend against and disrupt the increasing number of attacks hurled at government systems, Xinhua reported.

Indonesia has some pretty strict penalties which can be levied against domestic hackers but nothing that would sanction the creation of a specialised military unit such as those which exist in the US and China.

The unit will apparently be manned by specially trained uniformed soldiers from the country’s army, navy and air force, with the Communication and Information ministry providing equipment and training.

Communications and Information minister Tifatul Sembiring said that the country has suffered over 36 million attacks in the past three years and is currently building out a National Cyber Security strategy to protect critical infrastructure and government assets.

It’s unclear how many of those attacks came from outside the country, but some of the most high profile over the past year or two have been the work of home-grown miscreants.

East Javan internet café worker Wildan Yani Ashari, 22, was arrested by police in January for defacing the homepage of president Susilo Bambang Yudhoyono (SBY) and could face up to 12 years in jail.

If and when the military defence unit finally is set up, let’s hope a name is chosen carefully – even a cursory search online will reveal the Indonesian Cyber Army is the moniker of a rather prolific hacking group, as well as the name of what appears to be an info-security training outfit. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/30/indonesia_military_unit_defends_cyber_attack/

In a rather embarrassing slip, the personal email account of Christopher Kojm, chairman of the US National Intelligence Council (NIC), has become the latest victim of been the cracker known as Guccifer.

According to screenshots seen by The Smoking Gun, Guccifer grabbed email exchanges with 9/11 Commission members, banking information, personal correspondence, and documents covering the latest Obama administration’s transition earlier this year.

Kojm is a foreign policy wonk who heads the NIC and advises the executive on intelligence matters. Classified information doesn’t appear to have been compromised, although no doubt there are some embarrassing tidbits to be had.

“Good night America where ever you are,” Guccifer said in a “lengthy, rambling note” attached to the images. In it he calls President Obama “The Black Angel” and mocks the attempts of the Secret Service to find out his identity.

This is the latest political scalp for Guccifer, a cracker who has made a habit of subverting the accounts of the rich and powerful for fun. The cracker’s debut was getting into the personal email account of the 41st US President, George HW Bush.

“Out, damn’d spot! out, I say!”

That instance uncovered a welter of personal information and contact information for the Bush clan and also introduced the world to the artistic ambitions of his son, the 43rd president. A series of self-portraits show that the younger Bush seems to spend a lot of time scrubbing himself down in the bathroom.

Other political targets have included US Senator Lisa Murkowski, General Colin Powell, former advisor to Bill Clinton Sidney Blumenthal, and two staff at the Council on Foreign Relations. Author Candice Bushnell and actor Rupert Everett are also claimed victims. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/29/national_intelligence_council_boss_hacked/

A potentially nasty security hole has apparently been found in the PlayStation 3 that allows miscreants to execute commands on a player’s console if they preview a booby-trapped saved game.

The flaw affects firmware version 4.31 in Sony’s gaming rig, according to the Vulnerability Laboratory Research Team which claims to have unearthed the coding error.

The bug – ranked 6.5 out of 10 in the Common Vulnerability Scoring System (PDF) – can be triggered from a saved game on a USB stick, for example, and exploited to compromise the device. Specifically, the firmware fails to securely validate input data when listing previews of saved games. Successful attacks, which are non-trivial to pull off, open the way to PlayStation Network (PSN) session hijacking or worse, we’re told.

Vulnerability Laboratory researcher Benjamin Kunz Mejri produced proof-of-concept exploit code to underline his concerns about the apparent security flaw. Even so it took three attempts and several months to get Sony to respond to his findings.

Chris Boyd (AKA PaperGhost), a senior threat researcher at ThreatTrack Security and an expert in gaming security, said the vulnerability was potentially dangerous in practice in-game phishing poses a greater risk.

“While the listed attacks – persistent phishing and PSN session hijacks, to name but two – are certainly serious, this exploit requires the attacker to have local access to the PS3, or perhaps convince a PS3 user to download and store a game save onto a USB stick,” Boyd told El Reg.

“As game saves typically need to be resigned to work with another PSN account, we’re now talking about the attacker resigning malicious saves, storing them on a free file host which may prompt caution on the part of the victim (resigning can be a complicated process, so more often than not they’re posted to dedicated gaming or modding sites, which can smell a rogue a mile away) and hoping the gamer follows the instructions to effectively nuke their own machine from orbit.

“As the most popular form of attack on the majority of gaming accounts we see is phishing, one might ask why doing all of the above to phish somebody (for example) is worth it when simply sending an in-game phish link would be simpler,” said Boyd.

“However, it’s a good reminder to be cautious if downloading save games from the internet and it remains to be seen how creatively this vulnerability could be used.”

Describing the problem in some more detail, the Vulnerability Laboratory wrote in its original advisory:

The attacker synchronizes his computer (to change the USB context) with USB (Save Game) and connects to the network (USB, computer, PS3), updates the save game via computer and can execute the context directly out of the PS3 savegame preview listing menu (SUB/HD). The exploitation requires local system access, a manipulated .sfo file, and a USB device. The attacker can only use the given byte size of the saved string (attribute values) to inject his own commands or script code.

The PS3 filter system of the SpeicherDaten (DienstProgramm) module does not recognize special characters and does not provide any kind of input restrictions. Attackers can manipulate the .sfo file of a save game to execute system specific commands or inject malicious persistent script code.

Successful exploitation of the vulnerability can result in persistent but local system command executions, PSN session hijacking, persistent phishing attacks, external redirect out of the vulnerable module, stable persistent save game preview listing context manipulation.

The bug has apparently been fixed in firmware version 4.41, which should be downloaded and installed on PS3s. The fix was released at the end of last month – six months after Vulnerability Labs said it reported the issue to Sony. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/29/ps3_firmware_flaw/

China is set to hold its first ever digital war games, amidst growing US concerns about alleged Chinese espionage focused on military technology.

State news agency Xinhua reported that the People’s Liberation Army will be holding exercises next month to “test new types of combat forces including units using digital technology amid efforts to adjust to informationalised war”.

The war games will be held late in June at China’s Zhurihe Combined Tactics Training Base, the largest military training area in Inner Mongolia. Exercising troops will focus on “combat forces including digitalised units, special operations forces, army aviation and electronic counter forces”, the agency reported.

The news comes as the US government becomes increasingly agitated about China’s alleged cyber activities, in particular the country’s theft of intellectual property through hack attacks.

Just this week, the Washington Post reported that a Pentagon task force had found that the designs for most of America’s advanced weapons systems and platforms had been hacked, including the Patriot missile system and the F-35 Lightning II jet, which the UK is jointly procuring along with the US.

When asked about the report, White House spokesperson Jay Carney said that President Barack Obama would be discussing cybersecurity with his Chinese counterpart Xi Jinping when they meet in California next week.

“I would refer you to the Pentagon for specifics about the potential hacking of weapon systems,” Carney said. “But I would note, as you’ve heard from the President, his National Security Advisor and others, as well as myself, cybersecurity is a key priority of this administration.

“It is a key concern that we have. It is an issue that we raise at every level in our meetings with our Chinese counterparts and I’m sure will be a topic of discussion when the President meets with President Xi in California in early June.

“It was certainly a topic of conversation when National Security Advisor Donilon was having meetings in China, from which he is just returning now.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/29/china_announces_digital_war_games/

Chinese spies have allegedly hacked into the designs of many of the United States’ advanced weapons systems and platforms, including those for F/A-18 Hornet fighter jets, the Patriot missile system and Black Hawk helicopters.

According to the Washington Post, a “confidential section” of a report prepared for the Pentagon seen by the paper makes the claims. The confidential section alleges that 25 of these hacked designs were in programmes critical to American missile defences, combat aircraft and ships.

The Defence Science Board has already warned in the public part of the report (PDF), released in January, that the Pentagon wouldn’t be able to defend itself in the event of a full-scale cyber-conflict.

“After conducting an 18-month study, this Task Force concluded that the cyber threat is serious and that the United States cannot be confident that our critical Information Technology (IT) systems will work under attack from a sophisticated and well-resourced opponent utilising cyber capabilities in combination with all of their military and intelligence capabilities (a ‘full spectrum’ adversary),” the report said.

However, the report also included a confidential list of compromised weapons, which included the US Army’s system for shooting down ballistic missiles, the Terminal High Altitude Area Defence, and the US Navy’s Aegis Combat System, also designed to defend against ballistic missiles.

According to the WP, sensitive design information for aircraft and ships was also illicitly accessed, including: the V-22 Osprey tiltrotor transport aircraft; the US Navy’s new Littoral Combat Ship, designed to patrol close to shore; and the F-35 Joint Strike Fighter, which the UK is procuring to fly from its two new Queen Elizabeth-class aircraft carriers.

The Defence Science Board didn’t claim that Chinese agents were behind the cyber attacks, but top military and industry sources who knew about the breaches told the paper that the hacks were part of a growing Chinese campaign of espionage.

The US has been increasingly vocal about what it claims is increased espionage by the Chinese government and Chinese-controlled corporations. The White House has made it clear that cyber-security is a top concern, and has accused both China’s government and Chinese companies of continuous attacks aimed at stealing intellectual property.

China has consistently denied any charges of cyber-snooping on American agencies or companies and has flung back accusations against the US government, claiming that it is using cyber-espionage techniques against China. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/29/us_weapons_systems_hacked/

Critical Communications World While consumers have access to 4G networks, emergency services are still stuck with 2G – and it’s going to take more than rebranding their annual conference to bring LTE to the uniformed masses.

The conference used to be called TETRA World, but in an attempt to imitate its consumer equivalent (which successfully flipped from “3GSM” to “Mobile World Congress”) TETRA World has rebranded itself as “Critical Communications World”.

TETRA is still the main focus. It is already providing voice communications to everyone from traffic wardens to military police. The future, however, is high-speed mobile broadband standard LTE, the preferred 4G technology around the world. There’s much talk of migration paths, extending the existing LTE standard and, most importantly, lobbying governments for free radio spectrum.

The Americans have already given 20MHz of spectrum at around 700MHz to nationwide emergency services comms provider FirstNet, along with a $2bn in subsidy towards the $7bn FirstNet promises to spend on a national LTE network for use by the US First Responder community (police, ambulance, fire and so forth).

Earlier this week the UAE also promised its emergency services some gratis spectrum at 700MHz. It has become an article of faith that other governments will follow suit, but, just to be sure, the industry is lobbying the EU hard to standardise a single band for LTE use – before Ofcom has has the chance to flog it all off.

Ofcom isn’t big on allocated spectrum. The UK regulator’s remit is to fill the airwaves with as many signals as possible, not hand over significant chunks of radio spectrum to be left empty in case of an emergency which may never happen.

Blighty already has a 14MHz block allocated to TETRA, given to Airwave, from which emergency services lease voice connectivity, but the industry is asking for at at least another 20MHz to realise its dream of multimedia-equipped rescue workers and telemedicine delivered to a moving ambulance, so it is working hard to justify that request.

Helping that effort was Todd Early from the Texas Department of Public Safety, who got an FCC licence and put his workers onto an LTE network. His demonstration scenarios included a cinema shooting, where CCTV from inside the building was streamed to the control room. Hostages texted photographs of the perpetrator while floorplans were sent directly to officers planning an assault.

Impressive stuff, though one has to ask: couldn’t the same thing be done over a (suitably-encrypted) commercial network?

Early was adamant that the answer is no. He pointed out that when you’re relocating three million people within 36 hours (as Texas has had to do in the past thanks to natural disasters) commercial networks are quickly overwhelmed as everyone tells everyone else what’s happening. Thus the security forces need a dedicated network, and dedicated spectrum, to keep them organised. But he also admitted that his patrols roam onto the commercial Verizon network when outside the reach of his current deployment.

Not that new spectrum is necessarily needed. Cassidian has been busy squeezing LTE into the existing TETRA bands for the German army. They’ve supplied a number of fixed and vehicle mounted base stations which can flick between LTE and TETRA at the flip of a switch, providing broadband data or backwards compatible voice as needed, though not at the same time.

Which is a shame, as the importance of uninterrupted voice will prevent refarming of TETRA spectrum in most markets, so new spectrum will be required to provide broadband data alongside existing voice services.

The arguments are backed by claims that every pound spent on public safety will be repaid five times over, that every murder results in 70 people leaving a city, and that one can’t put a price on public safety. All this in the hope that governments will hand over the spectrum and let the industry flog kit (at great expense, naturally) to those for whom the spectrum has been set aside.

The problem, for the industry, is that there isn’t yet much evidence that rolling out broadband to foot-mounted plod will reduce crime, or that a firefighter able to stream video from his phone will be able to put out fires faster, or even that the surgeon sitting in the hospital will be able to diagnose the passenger in the ambulance.

With that in mind, it looks very much like the industry is seizing on any evidence it can to justify itself. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/29/critical_comms/

A tech-savvy China-based Redditor has spotted a hassle-free way of ensuring he or she is always able to bypass the Great Firewall, even when out and about, using the Raspberry Pi to connect to a virtual private network (VPN).

VPNs are a necessity for foreigners living in the People’s Republic who want to access sites prohibited by the country’s ubiquitous internet censorship apparatus – business users and consumers alike have come to rely on them to connect to a banned site.

However, although there’s no shortage of foreign VPN providers to choose from, it can be time-consuming to choose, install and open a client if out and about and using machines which are not your own.

Spotted by TechInAsia, a Reddit user going under the name JaiPasInternet revealed a relatively straightforward solution using the popular single-board computer:

I set my Raspberry to automatically connect to my VPN server through OpenVPN, and then share the connection with a wifi dongle, using hostapd software. I use it on a daily basis with my iPhone and Android tablet (way better than the included VPN client) but the good thing is that, wherever I go, I just bring my Raspberry, plug it into ethernet and to any usb plug, and after a few minutes, I have my censor-free Wi-Fi hotspot.

The Redditor claims set-up is fairly simple to do using information on a Wikipedia page and a blog post on Hostapd, and claimed it’s more straightforward than installing OpenVPN on a DD-WRT router.

Although connection to the user’s own VPN server in France takes a long time, it is apparently “stable for hours”.

Like other OpenVPN users, JaiPasInternet was forced to use the slower TCP version after the Chinese authorities effectively blocked access to UDP as part of a renewed crackdown on foreign VPNs in December.

However, services using other VPN protocols PPTP and L2TP have largely been unaffected as they are too tricky to block without shutting down the entire internet, as explained here.

The cat and mouse game between the Chinese government and internet users in the country took another turn back in March with the launch of the VPN Gate Academic Experiment Project – a free public relay VPN service from Japan claiming to offer “strong resistance to firewalls”. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/29/raspberry_pi_helps_hassle_free_circumvention_great_firewall/

Computer-hacking collective Anonymous‬ claims it has leaked online the personal details of the far-right English Defence League’s members.

The hackers’ list – the authenticity of which has not been independently verified – includes the names and addresses of more than 200 supposed members of the controversial protest organisation, as well as the mobile phone numbers of its senior figures.

The English Defence League (EDL), which opposes what it claims is the spread of Islamism in Blighty, staged a number of rallies in the wake of the horrific murder of Lee Rigby in south London by two thugs who had apparently converted to Islam.

The group’s demonstrations were accompanied by counter-protests by anti-fascist campaigners, who oppose the EDL’s Islamophobia and anti-immigrant agenda. In one reported case, a York mosque successfully quelled an EDL protest with tea, biscuits and football.

Now Anonymous UK has accused the EDL of taking “advantage of moments of fear and terror to spread hatred and animosity” in a YouTube message accompanying the leak; the activists also threatened the start of a broader campaign – codenamed Operation EDL – aimed at bringing down the group.

It’s not clear where the leaked data came from but two hacktivist crews – ZHC (ZCompany Hacking Crew) from Pakistan and TeaMp0isoN – claim to have lifted membership lists after cracking into the EDL’s website and forum, respectively. An EDL clothing web store has also been hacked, resulting in the leak of name and addresses of its customers, we’re told.

There are several EDL-supporting pages on Facebook and one of main ones boasts more than 132,000 members. The leaked list reportedly focusses on cash donors to the EDL.

There are UK precedents for this type of leak. In 2008, a list of more than 10,000 British National Party members was splashed all over anti-fascist blogs. Months afterwards it emerged that two disgruntled party insiders, rather than hostile hackers, were responsible. At least some of the entries turned out to be inaccurate.

Leaks of supposed EDL members are not new either. Two years ago a school received hatemail targeting its caretaker after he was wrongly identified as a fascist by English Defence League opponents, based on data stolen from an EDL site. The caretaker had donated £1 via PayPal after reading about “poppy burning or about the disruption of a military funeral” to “support our troops” without knowing that the funds were destined for the EDL. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/29/anon_edl_list_leak/

Microsoft is plugging its security intelligence systems into Azure so that service providers and local authorities can get near-realtime information on botnets and malware detected by Redmond.

The new Windows Azure-based Cyber Threat Intelligence Program (C-TIP) was unveiled on Tuesday by Microsoft as an extension of its crime-busting Microsoft Active Response for Security (MARS) program.

C-TIP will let ISPs and Computer Emergency Response Teams (CERTS) get a direct link between their servers and Windows Azure to ingest near-realtime data on malware-infected computers tracked by Microsoft. Previously, these organizations would get MARS data via emails from Microsoft.

“Participation in this system allows these organizations almost instant access to threat data generated from previous as well as future MARS operations.” Microsoft’s director of security for its Digital Crimes Unit TJ Campana, wrote.

“While our clean-up efforts to date have been quite successful, this expedited form of information sharing should dramatically increase our ability to clean computers and help us keep up with the fast-paced and ever-changing cybercrime landscape,”

ISPs and CERTS plugging into C-TIP will get updated threat data for their specific country or network every 30 seconds, Microsoft said. The Spanish CERT, INTECO, will be one of the first organizations to get C-TIP data, Microsoft said, along with CERTS, CIRCL and govCERT in Luxembourg. Several other unnamed CERTs and ISPs have signed up as well.

Project MARS was started in 2010 as a way for Microsoft to share data on infected PCs with CERTs and ISPS. Mars has helped take down numerous botnets including Bamital, Waledac, Rustok, Kelihos, and Nitol.

Microsoft did not disclose whether C-TIP will use all of Azure’s data centers and edge locations or merely those located in the US. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/28/microsoft_azure_ctip_security/