STE WILLIAMS

Australia’s federal opposition has pledged more money for the nation’s security agencies, and more online activity, and tied the latter increase to freeing up resources currently going towards dealing with “irregular maritime arrivals”.

Speaking yesterday at CeBIT Australia, Senator George Brandis said he is alarmed by the release of a report titled “Review of Administration and Expenditure No. 10 (2010 – 2011) – Australian Intelligence Agencies”, created by the Parliamentary Joint Committee on Intelligence and Security. Released on Monday May 27th, Brandis says that report (PDF) outlines degradation of the capacity of Australia’s security services. The report includes a comment from the Australian Security and Intelligence Organisation (ASIO) to the effect that it does not feel it can find the staff it needs without extra funds. Another un-named agency says it could not have achieved its goals without an extra injection of funding.

Brandis, who serves as Shadow Attorney-General, said an important pressure on ASIO is the extra work it has been asked to do on irregular maritime arrivals, bureacaratese for refugees who arrive in Australia on boats.

Such refugees are political dynamite in Australia, which is deemed by the opposition to have “lost control of its borders” inasmuch as around 25,000 arrived by boat last year. More “irregular” arrivals come by plane and Australia processes tens of millions of arrivals and departures each year. The “lost control” line is therefore not accurate but it is extraordinarily resonant in Australian politics, with the opposition pledging to “stop the boats” when next in office (which looks like being September 2013).

Making the ability to defend against an emerging threat – online attack – contingent on first dealing with the issue of asylum seekers arriving by boat therefore paints the government as failing on the first issue and negligently ignoring an emergent second threat.

In light of Monday’s allegation that plans to ASIO’s new office found their way to an entity traced to a Chinese IP address, the line that Australia lacks resources to defend itself online another potent weapon with which the opposition can attack the government.

Brandis said that, if elected, the opposition will restore funding to Australia’s spooks so they can build and operate better online defences.

The ultimate aim, he said, is to ensure Australia can defend itself against terrorism in all its forms, especially newfangled terrorism performed by state-sponsored entities that attack infrastructure. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/28/oz_opposition_says_to_stop_hackers_first_stop_refugee_boats/

The Australian government has responded to accusations that its spy agency ASIO is vulnerable after building plans were apparently accessed when a contractor’s network security was breached.

At the same time, communications vendor Codan has denied that its intellectual property has been compromised.

The accusations surfaced in the Australian Broadcasting Corporation’s program Four Corners. As The Register reported yesterday, the documents compromised by attackers included floor plans, wiring diagrams, and server room locations.

The ASIO headquarters hasn’t yet been completed, and is running behind time and over budget, leading to speculation that both the cost and delay are down to design changes to maintain security. The government has declined to respond to that speculation, but Attorney-General Mark Dreyfus insisted yesterday that the building remains secure.

The ABC now reports that Dreyfus told it “I conducted an inspection with the director-general of ASIO just last month, and I can assure everybody that this building is a very secure, state-of-the-art facility,” he said.

That report also states that the Chinese government denies any involvement in hacking.

A foreign ministry spokesman Hong Lei said the country opposes all forms of hacker attacks. “Though these reports seem solid, given that it is difficult to find the origin of such hacker attacks, I don’t see where the real evidence is for reports like this.

“Groundless accusations will not help solve this issue,” Lei said.

Meanwhile, Codan, the communications supplier the program said had been compromised, has issued a statement to the Australian Securities Exchange stating that while it is a target of attempted intrusions of its networks, it “has no evidence that any intellectual property in either its metal detection or communications business has been obtained by unauthorised third parties”. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/28/asio_still_secure_says_government/

Shadowy online money exchange Liberty Reserve has been shut down by the US feds, its dotcom website seized – and its founder arrested. He and six others are accused of running a $6bn global money-laundering operation, the biggest of its kind, according to prosecutors.

In a string of dramatic events,

• On Friday, cops in Costa Rica raided offices linked to the underground payment service, which is alleged to be favoured by cyber-crooks. The police pulled the plug on the Latin America-based website when they grabbed servers during the swoop, effectively freezing all the service’s customer accounts.
• Meanwhile, the website’s founder Arthur Budovsky, 39, was cuffed in Spain. Further arrests were made in Costa Rica and New York.
• Then this afternoon, Budovsky and six others were indicted in the US on charges of money laundering, conspiracy to operate an unlicensed money transmitting business and operating an unlicensed money-transmitting business.
• And the website’s domain name, libertyreserve.com, was seized by the US Global Illicit Financial Team, which has cleared the site and replaced it with a takedown notice and government logos. Before that, the site’s DNS records were briefly updated to resolve to Shadowserver.org, a community effort geared to fighting cybercrime.

Liberty Reserve asked for just an email address, a name and a date of birth from its users when they wished to transfer cash electronically: the money was converted into “Liberty Reserve Dollar” or “Liberty Reserve Euro” digital currencies and quickly moved with minimal bureaucracy and transfer fees no higher than $3 a transaction. These features apparently made the service popular with criminals – at least 55 million transactions were carried out – according to US prosecutors who led the investigation into Liberty Reserve.

During a press conference on Saturday, soon after the web money service went dark, Costa Rican state prosecutor Jose Pablo Gonzalez said a number of suspects as well as Budovsky were under investigation over alleged money laundering.

Today’s US indictment, issued by the New York’s southern district attorney’s office, also links Exchangezone.com, Swiftexchanger.com, MoneyCentralMarket.com, AsianaGold.com and EuroGoldCash.com to the Liberty Reserve operation.

The official paperwork claims “the defendants [operated] an international online digital currency service and money transfer system called Liberty Reserve … which was incorporated in Costa Rica in 2006 [and] is extensively used by cybercriminals around the world for distributing, storing and laundering the proceeds of their criminal activity”.

The Feds further alleged that Budovsky and his co-conspirators knowingly operated “a criminal business venture” that moved tens of millions of dollars around the world through a network of shell companies – a move to keep the cash beyond the reach of American and European investigators, it is claimed.

Budovsky was indicted in 2006 on similar charges of operating an illegal money business, called GoldAge Inc, from a New York apartment. The Feds alleged that the service transferred $30m during a four-year operation prior to its closure. Budovsky and co-defendant Vladimir Kats were found guilty and sentenced to five years’ probation in 2007. However Budovsky failed to see out his punishment and fled to Costa Rica, where he set up Liberty Reserve. He also renounced his US citizenship and became a Costa Rican national.

Today’s indictment charges Budovsky, Vladimir Kats, Ahmed Yassine Abdelghani, Allan Esteban Hidalgo Jimenez, Azzeddine El Amine, Mark Marmilev and Maxim Chukharev. The defendants are presumed innocent unless and until proven guilty. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/28/liberty_reserve_titsup/

Anonymous member Jeremy Hammond has pleaded guilty to the headline-making December 2011 hack on private intelligence company Stratfor, at a court appearance in New York.

Hammond, 27, of Chicago, Illinois, has been held on remand since his arrest in March 2012. He pleaded guilty to one count of violating the computer fraud and abuse act as part of a plea-bargain agreement that means he will not become a co-operating witness and will be free from further federal prosecution for computer hacking offences. He can be expected to face a sentence of up to 10 years behind bars for his part in the Stratfor hack and other Anonymous-inspired operations.

The FBI said that alleged LulzSec ringleader Hector Xavier Monsegur – who agreed to act as an informant following his arrest in June 2011 – had tried to persuade the hackers who carried out the raid to store emails looted from Stratfor on a server controlled by the Feds. Information coaxed out of Hammond by Monsegur led directly to Hammond’s arrest, the FBI has since revealed.

Hammond explained, in a message released through his official support website, that he decided to cop a plea rather than contest his case so as to avoid a potential nightmare of continuous subsequent trials even if he was acquitted of this particular offence.

Now that I have pleaded guilty it is a relief to be able to say that I did work with Anonymous to hack Stratfor, among other websites. Those others included military and police equipment suppliers, private intelligence and information security firms, and law enforcement agencies. I did this because I believe people have a right to know what governments and corporations are doing behind closed doors. I did what I believe is right.

I have already spent 15 months in prison. For several weeks of that time I have been held in solitary confinement. I have been denied visits and phone calls with my family and friends. This plea agreement spares me, my family, and my community a repeat of this grinding process.

WikiLeaks began publishing emails from Stratfor in February 2012 to expose “how a private intelligence agency works, and how they target individuals for their corporate and government clients”.

The whistleblowing site declined to explain how it came by the “Global Intelligence Files” from Stratfor. The dates covered by the emails run from from July 2004 to late December 2011. Hammond and his fellow hacktivists ransacked Stratfor in December 2011. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/28/hammond_strafor_anon_plea/

Symantec retires low-end security software

PC Tools’ security wares won’t make it into post-PC era, but PC-tuners safe

By Simon Sharwood, APAC Editor • Get more from this author

Posted in Security, 28th May 2013 06:26 GMT

Watch Now : Virtual Machine Movement with Hyper-V

Symantec has quietly retired its PC Tools range of security products.

Acquired in 2008, PC Tools offered consumer-and-micro-business-grade anti-virus and network security tools dubbed “Spyware Doctor”, “Internet Security” and “Spyware Doctor with Antivirus”. Buying the Australian company that created the products gave Symantec a low-end brand to make its main Norton mark look posh.

That strategy seems now to be out of vogue, with Symantec saying PC Tools is now pining for the fjords “as we focus on streamlining our product range to provide fewer, better solutions for our customers.”

A “special offer” will herd encourage PC Tools users to adopt a Norton product. Those who wish to keep using PC Tools products will continue to receive updated virus signatures until their subscriptions expire.

While the three security products mentioned above are no more, PC Tools’ “Registry Mechanic” and “Performance Toolkit” products live on.

Symantec’s retirement announcement and FAQ for users can be found here. ®

Watch Now : Virtual Machine Movement with Hyper-V

• Send corrections
• 9 commentsPost a comment

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/28/symantec_retires_lowend_security_software/

Top Google engineer Tavis Ormandy has slammed Microsoft for apparently treating security bug hunters with “great hostility”.

He blasted Redmond’s behaviour towards those who report vulnerabilities as he publicly revealed a new unpatched security hole in the Windows operating system – a bug that can be exploited to crash systems or gain administrator privileges. The vulnerable driver is present in “all currently supported versions” of Windows, according to the Googler.

Ormandy discovered the flaw in the bezier curve-handling bit of the Win32k.sys kernel-level driver in March. However, triggering Microsoft’s programming cock-up was difficult and at first the results were unpredictable.

In short, the “next” pointer in a double-linked list of graphical objects is not initialised by the kernel. By putting the Windows memory allocator under pressure, so that it reuses memory previously edited by the user, it is possible to prime this vulnerable “next” pointer so that the kernel follows it into a block of user-controlled memory. Exploiting this to write arbitrary data to sensitive areas of the system, to elevate privileges for example, is left as an exercise for the reader.

After documenting the bug, he posted his initial findings to the Full Disclosure mailing list, and published a complete dossier last week.

In a related post on his personal blog, Ormandy invited others to look into the flaw, before finishing the essay with trenchant criticism of Redmond’s attitude towards computer security professionals.

“Note that Microsoft treat vulnerability researchers with great hostility, and are often very difficult to work with. I would advise only speaking to them under a pseudonym, using Tor and anonymous email to protect yourself,” he warned.

The Windows software giant is understood to be investigating the Win32k.sys issue highlighted by Ormandy. It’s unclear if or when a possible patch may arrive. The corporation declined to respond to Ormandy’s criticism, which although sincere is out of step with the opinion of many bug hunters we’ve spoken to over recent years: while Microsoft is praised for eventually engaging the computer security community, it’s usually Oracle and Apple that are spoken about through gritted teeth.

Vulnerability management specialists Secunia warned that the flaw discovered by Ormandy can be used to launch denial-of-service assaults or elevate a local user’s privilege. The danger is that the bug could be combined with other security flaws to carry out attacks remotely. Secunia classified the flaw as “less critical”, which is towards the bottom end of its scale of severity.

“The vulnerability is caused due to an error within ‘win32k.sys’ when processing certain objects and can be exploited to cause a crash or execute arbitrary code with the kernel privilege,” Secunia noted in its advisory.

“The vulnerability is confirmed on a fully patched Windows 7 x86 Professional (win32k.sys version 6.1.7601.18126) and reported on Windows 8. Other versions may also be affected,” it added.

Ormandy has had dust-ups with other vendors over security bugs in the past. Three years ago he publicly disclosed a zero-day Windows XP Help Center security bug that he had notified Microsoft about only five days before. The flaw was far more serious than this latest coding blunder. In any case, Ormandy’s antipathy towards Redmond’s security gnomes is not a recent development.

Last year Ormandy went out of his way to criticise Sophos for “poor development practices and coding standards” after he found a number of vulnerabilities in its security software. Two years ago he accused Adobe of “trying to bury” scores of bugs in its Flash Player software. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/28/google_engineer_slams_microsofts_handling_of_0day_windows_bug_bug/

Defence Signals Directorate assistant secretary for cyber-security John Franzi said little new in an address to CeBIT Australia, but for some reason, either the conference organisation or the DSD saw fit to try to bar journalists from the presentation.

The leaky dam around Frenzi’s presentation was either ineffective or selective, and seemed to depend on whether the media were recognised at the door or had the correct lanyard colour.

The Register identified at least four journalists – including Vulture South’s hack – that weren’t stopped at the door, in nearly equal number to those that were.

As it turned out, there was little new to be had from the presentation: Franzi reiterated the DSD’s firm belief in its “don’t be stupid” principle of security (articulated here), and re-stated that the top four items on that list will mitigate

He claimed that in spite of the increasing number of attempted intrusions, government organisations that have done a good job of following the DSD’s safety advice “have not yet been compromised”.

He noted that while the organisation’s Cyber Security Operations Centre saw a 42 percent increase in reported attacks to Australian government services between 2011 and 2012 (from 1,260 up to 1,790), this should be seen in the context of the CSOC’s own growing sophistication and maturity, as well as that of the “target” organisations. In other words, more attacks were reported because more were discovered and because the target organisations were more willing to report that they had been targeted.

Frenzi also said the DSD is hopeful that it will be able to attract private sector interest and partnerships in the Cyber Security Centre announced by the government earlier this year. The new operation will start by concentrating the existing CSOC participants – the DSD, ASIO, AusCERT and others – under a single roof.

However, Frenzi said, the DSD hopes to see input from industry, academia and other policy-oriented areas of government into the future.

Exactly why any of this, in a room of fifty or more conference attendees, most with smartphones and some with computers, should be considered a secret to be kept from the media, is a mystery to The Register. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/28/dsds_dont_be_stupid_mitigation_strategies_still_work/

In an environment that’s increasingly hostile to Chinese tech companies, Huawei has put forward its case for attitudes to be revised.

Speaking to the CeBIT Australia conference in Sydney, the company’s global cyber security officer John Suffolk said there’s little difference between Huawei and any other major vendor: its products come from a host of suppliers in a huge number of countries.

Seventy percent of the hardware found in Huawei’s equipment comes from outside China, Suffolk claimed, and 32 percent of it comes from American suppliers. A similar tale can be told for software, he said, with contributions from around the world.

“We go, as all companies do, to where we can find the best researchers, the best talent around the world,” he said. “We go where we have talent, where the economic conditions are right.”

He described relocation of operations to follow services as “a core competency of every company”, something which underlines the need for any vendor to treat security as a global issue that flows all the way through every supply chain.

Noting that the world contains many, many places where any product could be compromised, he added that it’s easier in general to bribe an insider than to launch a concerted and successful attack from the outside.

He also called on customers – particularly governments and large enterprises – to be far more activist in what they demand form vendors.

“If you, as governments or large enterprises, don’t say to your vendors ‘this is what good security looks like’, don’t expect the vendors to do anything about it,” he said.

He said that “highly variable” responses from vendors are an indication that they don’t have good security procedures in place, but rather are “making it up as they go along”. Such are the opportunities to compromise a product, in a global supply chain, that no vendor can offer secure products “unless you have repeatable, standard processes.”

Transparency, he said, is vital to security and information assurance, and he claimed that Huawei is “the most audited company in the world … we can trace 96 percent of all our components, except non-tech things like cables and batteries”.

Customers should ask vendors “can you trace everything from a requirement through to code and back again?” Suffolk added.

“We welcome being audited, inspected, poked and prodded and probed,” he said. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/28/huawei_trust_us_we_are_being_transparent/

Security researchers have discovered that specific music, lighting, vibrations or magnetic fields could all be used as infection channels to trigger the activation of mobile malware on a massive scale.

The paper, titled Sensing-Enabled Channels for Hard-to-Detect Command and Control of Mobile Devices, was presented in the eastern Chinese city of Hangzhou earlier this month by researchers at the University of Alabama at Birmingham (UAB).

The research describes at length how hard-to-detect non-internet channels can be used to trigger malware hidden in smartphones and other mobile devices from up to 55 feet away.

“When you go to an arena or Starbucks, you don’t expect the music to have a hidden message, so this is a big paradigm shift because the public sees only emails and the internet as vulnerable to malware attacks,” said UAB professor Ragib Hasan in a canned statement.

“We devote a lot of our efforts towards securing traditional communication channels. But when bad guys use such hidden and unexpected methods to communicate, it is difficult if not impossible to detect that.”

On the audio front, the report claimed that “command and control trigger messages” could be sent over 55 feet indoors and 45 feet outdoors, even using “low-end PC speakers with minimal amplification and low-volume”.

It speculated that malware could be activated with messages hidden in TV or radio programmes, background music and even musical greeting cards.

The light channel works best at night or in places with low illumination but could be relayed to a large number of devices and over “reasonably long distances” using large screen TVs, the report said.

The magnetic channel was described as having the shortest range although with the added advantage for the attackers of being able to work whether the device is being carried in the hand or inside a pocket.

“This kind of attack is sophisticated and difficult to build, but it will become increasingly easier to accomplish in the future as technology improves,” said UAB doctoral student Shams Zawoad, in a separate canned statement.

“We need to create defences before these attacks become widespread, so it is better that we find out these techniques first and stay one step ahead.”

A trip to the local Starbucks may never be the same again… ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/28/light_sound_magnetic_malware_hidden_trigger/

Australia is in the grip of a hacking scare, with its national broadcaster airing claims that Chinese attackers obtained copies of the plans for its new spooks’ headquarters.

According to the Australian Broadcasting Corporation’s Four Corners program, copies of plans for the Australian Security Intelligence Organisation’s new headquarters were obtained via a third-party contractor. The $AU631 million “secret” building (that is, what’s inside is secret, the building itself is too big to miss and its location, between Constitution Avenue and Parkes Way in Canberra, is public knowledge) is nearing the end of its long and budget blow-out-ridden construction process, and is due for completion late in 2013.

“What’s inside” is, however, exactly what Four Corners says was copied by the attackers, with complete plans for the building – including floor plans, cabling plans, security systems and server room locations.

The identity of the contractor wasn’t given by the program.

The program also “reveals” that other government departments and Australian companies have been targeted by attackers – which is like reading someone’s palm and telling them they had a difficult time at age 13, since practically every business and government Internet connection in the world gets regular intrusion attempts.

Plans copied by attackers: ASIO’s new HQ in Canberra

More seriously, the program also alleges that designs for military radio systems have also been accessed, this time from an unnamed Australian-based manufacturer. Four Corners aired fears that this could compromise secret communications both in Australia and among its allies.

It also alleges breaches of undefined severity in the departments of Defence, Prime Minister and Cabinet, and Foreign Affairs and Trade. A breach might, however, mean anything from black-hats wandering through networks at will to someone carelessly clicking on the link and needing to get trojans cleaned from their machines. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/27/asio_building_plans_accessed_in_chinese_hack/