STE WILLIAMS

Rumors are flying after the Pirate Bay’s website took a dive on Monday just as news broke of a raid by Swedish police on its hosting company PRQ – but the group says the two facts are not related.

“Dear internet. We have not been raided. We are not shutting down. We like turtles, waffles and you,” the group said on its Facebook page. “Sorry for not fulfilling your pirate needs tonight. It’s ok if you cheat on us with another site, just once. We know that you still love us, deep down in your cursed pirate heart.”

The site’s problems appear to stem from a power outage on its servers rather than the boys in blue making their call. So far, the site has been down for around nine hours, and internet users looking to get their dose of purloined files will have to go to other providers.

While it is true that the Pirate Bay’s Swedish hosting company did receive a visit from local police, this does not appear to be the cause of the outage. In an interview with Nyheter24, the current owner of hosting firm PRQ Mikael Viborg said that the police had taken four servers, but at this point it isn’t clear what they contained.

“PRQ is known to host the things that no one else wants to host, and not ask any questions. It can be any of those that are targeted. Until we get more details about the servers, I will not speculate on it,” Viborg said.

In comparison with some of PRQ’s customer base, the Pirate Bay is about as offensive as puppies frolicking in beige flowers. The ISP, which is run by two of the Pirate Bay’s founders Gottfrid Svartholm and Fredrik Neij, believes in hosting all content, no matter what its interests, and as such carries content for groups such as South Park’s favorite pederasts, the North American Man/Boy Love Association (NAMBLA).

Cofounder Svartholm himself won’t know too much about this, of course. After a lengthy period of being incommunicado, Svartholm was tracked down in Cambodia, where he was arrested by the local police and deported to Sweden, where has will be facing charges related to the hacking of IT consultancy business Logica. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/10/02/pirate_bay_down_prq/

An espionage attack on Telvent – the maker of power-grid control systems and smart meters – has been linked to a prolific Chinese hacking crew.

Telvent, a division of Schneider Electric, has admitted hackers breached its corporate network, implanted malicious software and lifted sensitive project files. The raid spanned Telvent systems in the US, Canada and Spain according to a letter sent to the company’s customers this month.

Criminals can now study the documents for vulnerabilities in the systems, and potentially devise attacks to sabotage nations’ electricity distribution networks.

Telvent boasts that it has “built a customer base second to none in the energy industry”, adding: “Our systems now manage over 60 percent of the total hydrocarbon movements in North and Latin America and control transmission and distribution of over 140,000 GWh through worldwide electrical grids.”

Investigative reporter Brian Krebs, who first revealed the breach, said the blueprints described Telvent’s OASyS SCADA [supervisory control and data acquisition] product, a technology that offers power companies a means to bridge legacy systems to next-generation “smart grids”.

Clues such as references to particular domain names and malware left behind by the spies match the digital fingerprints of a Chinese hacking crew called the Comment Group, which is linked to previous cyber-espionage campaigns, according to researchers at Dell SecureWorks.

Telvent has cut data links between at-risk portions of its internal network and clients’ systems as a precaution while it probes the breach. Police have been called in to investigate the attack, according to this statement supplied to Sophos:

Telvent is aware of a security breach of its corporate network that has affected some customer files. Customers have been informed and are taking recommended actions, with the support of Telvent teams. Telvent is actively working with law enforcement, security specialists and its affected customers to ensure the breach has been contained.

Dale Peterson, founder and chief of industrial control security specialist Digital Bond, spelled out the kinds of information present in the lifted documents.

“Some project files contain the ‘recipe’ for the operations of a customer, describing calculations and frequencies at which systems run or when they should be turned on or off,” he told WiReD.

“If you’re going to do a sophisticated attack, you get the project file and study it and decide how you want to modify the pieces of the operation. Then you modify the project file and load it [onto a company’s control system], and they’re not running what they think they’re running.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/09/28/telvent_hack/

A computer scientist has come up with a proposal to replace cryptography’s Alice and Bob with characters from Hindu mythology.

For decades, techniques to encrypt and decrypt communications have been explained using two imaginary characters, Alice and Bob, and potential eavesdropper Eve. Alice sends a message to Bob, and Eve is always trying to intercept it – the little sneak. Alice and Bob first came to light in 1978 in a groundbreaking paper [PDF] on the RSA algorithm for public-key cryptography.

Dr S. Parthasarathy, a part-time lecturer and full-time employee of Indian biz Algologic Research Solutions, suggests a cast change in the dramatis personae of cryptography with Sita and Rama, two central characters in the Hindu mythological epic Ramayana. The proposed sacking-and-hiring also replaces Eve with Ravana the rogue, as the doctor explains [PDF] here:

The statement Sita wants to send a message to Rama is inspired from the episode in Sundara Kanda (lit. beautiful book) of Ramayana, where Sita, who was kidnapped by Ravana, is isolated and kept confined to a forest. She is seated under an ashoka tree, when the monkey-God Hanuman, sent by Rama, reaches her. Desperate Sita wants to send a message to Rama through Hanuman (an honest man). We also have the usual man-in-the-middle Ravana (a rogue), who is waiting to sabotage any communication between Sita and Rama. In addition to the aptly chosen names, this entire episode has some striking similarities to modern cryptography. This choice is very effective in teaching cryptography, because the Ramayana story is widely known, and is retained in memory easily for a longer time.

Ditching Alice and Bob with Sita and Rama makes sense because the first letters of the latter pair’s names, S and R, hint at sender and receiver respectively. The only disadvantage of the Hindu alternative is the name of Ravana, the man-in-the-middle, also begins with R, so there’s potential confusion with receiver. Dr Parthasarathy acknowledges this point: “We propose Badmash (lit. bad man), although he is not part of Ramayana,” he suggests.

The poetic Hindu alternative to traditional cryptography characters also has the benefit of adding Hanuman (honest man) as the trusted medium for carrying the message in a otherwise hostile environment. “When Hanuman approaches Sita and presents himself as Rama’s emissary, Sita does not believe him. She asks him to prove his credentials. Hanuman does this by presenting the ring which Rama usually wears. This may be compared to a digital certificate,” Dr Parthasarathy added.

There are more neat analogies presented by the tale of Ramayana, and its application as a metaphor for cryptography. Dr Parthasarathy concluded:

Cryptography is a fairly complex subject. The number of entities involved, and the strategies they adopt are not easy to visualise. Teaching such a subject can be challenging, and requires the use of some innovative approaches and props. The “Alice and Bob” approach has a much better and more effective alternative: the “Sita and Rama” approach. Of course, analogies often involve some amount of exaggeration and distortion and limitations, and so, should be used with caution.

The Ramayana story may be widely known in India, but not in the West. Perhaps an alternative recasting could draw from Greek mythology – which, after all, lent the concept of the Trojan horse to information security. Maybe there’s something in Jason and the Argonauts to forge an analogy to cryptography, though nothing immediately springs to mind.

Looking further afield, modern cryptographic technology essentially relies on complex mathematics, and Persian and Arab scholars made huge early contributions to the abstract science. As a tip of the hat, we could do worse than draw on Middle East folk tales and recast Bob as Aladdin and Alice as Princess Badroulbadour (perhaps better known as Princess Jasmine thanks to Disney) together with Ali Baba as the information-intercepting rogue. Admittedly we’re mixing up characters from different yarns here.

Reg readers are invited to come up with their own analogies.

The storied history of Alice and Bob is explained by crypto-guru Bruce Schneier in this video. Eve’s alternative point of view is illustrated in this XKCD cartoon strip. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/10/01/crypto_analogies/

Tired of bad press, Bitcoin advocates have launched a new foundation aimed at both promoting the electronic currency and funding infrastructure to maintain its momentum.

The Bitcoin Foundation is the brainchild of Gavin Andresen, who says he modeled it after the Linux Foundation, the non-profit organization that “promotes, protects, and advances” the open source OS.

“As the Bitcoin economy has evolved, we have all noticed barriers to its widespread adoption – botnets that attempt to undermine the network, hackers that threaten wallets, and an undeserved reputation stirred by ignorance and inaccurate reporting,” reads a statement on the Foundation’s website. Just how it plans to mitigate those threats, however, is not entirely clear.

Bitcoin-mining botnets are big business for fraudsters. Most recently, Sophos estimated that the ZeroAccess botnet could potentially bring in more than $100,000 per day.

Stories of hacks and heists have dogged the digital currency since its inception, too. Just this month, an unknown thief managed to pilfer 24,000 Bitcoins from trading exchange Bitfloor – a sum equivalent to $297,000 in real-world cash at today’s exchange rate.

And while El Reg can speak to neither ignorance nor inaccurate reporting, it’s true that Bitcoin has garnered a rather tarnished reputation. In 2011, the US Senate called for an investigation into the online currency over alleged links to money laundering, tax evasion, and other criminal activity. Even the libertarian-leaning Electronic Freedom Foundation has distanced itself from it.

But although Bitcoin Foundation chair Peter Vessenes agrees that there are schemers and criminals who try to exploit the Bitcoin community and that there remain legal issues to be addressed in various jurisdictions, he feels the legal climate around the currency has been entirely misrepresented.

“We occasionally hear threatening statements from government representatives that don’t seem to understand the law, much less how great Bitcoins are for the world,” Vessenes writes in an open letter to the Bitcoin community.

To address this problem, the Bitcoin Foundation has planned a number of activities aimed at promoting Bitcoin and raising the perception of its legitimacy in the mainstream media. These include organizing a Bitcoin conference, creating an opt-in certification process for Bitcoin businesses, and publishing a set of best practices for companies who wish to trade in the currency.

In addition, one of the Foundation’s immediate goals is to raise money to provide a salary and some budget for Andresen, who so far has been working as the lead developer of the core Bitcoin software without any compensation.

To that end, the Foundation is offering memberships at various levels. Premier Industry Memberships go for 10,000 Bitcoins per year ($124,000), and Bitcoin exchange Mt. Gox has already signed on. The Foundation has also signed up BitInstant and CoinLab for Industry memberships, which go for 2,500 Bitcoins per year ($31,000).

Individuals can join for 2.5 Bitcoins per year ($31) or 25 Bitcoins ($310) for a lifetime membership, and the Foundation also accepts donations – in Bitcoins, naturally.

“This sort of support before launch is super encouraging,” Vessenes writes. “I look forward to seeing more participation as we launch and get the word out.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/09/29/bitcoin_foundation_launched/

Hackers responsible for an ongoing series of attacks against US banks over the past week may be tapping into botnets to power their assaults, according to security researchers. Meanwhile, the Financial Services ISAC (Information Sharing and Analysis Center) continues to advise banks to be prepared for attack.

Bank of America, Citigroup, US Bancorp, JPMorgan Chase, Wells Fargo and PNC have all been hit by DDoS attacks for which hacker group the Izz ad-Din al-Qassam Cyber Fighters took credit via a series of posts to PasteBin. The hacktivist group claimed its actions had been prompted by indignation over the Innocence of Muslims, an amateur anti-Islamic film whose trailer had appeared on YouTube. The same film has also provoked riots and attacks on Western diplomatic missions across the world.

The DDoS attacks have been responsible for intermittent disruption and slowdowns for bank customers trying to use the targeted websites.

The group has rallied for more hacktivists to back the cause. One of the posts calls for volunteers to visit sites which then generate attacks from visitors’ PCs which are directed at targeted US banking sites. Jaime Blasco, a security researcher at AlienVault, told The New York Times that this attack method alone doesn’t account for the severity of cyber assaults that have been directed against US banks.

Blasco said attackers “must have had help from other sources” such as someone with access to botnet networks of compromised PCs or contacts in a well-resourced group, such as a nation state. One of the members of infamous hacktivist crew LulzSec allegedly owned a botnet used in its attacks, providing a zombie attack precedent of sorts.

Independent US Senator Joe Lieberman told NBC during a television interview that he believed Iranian government sponsored hackers were involved in the attacks, suggesting the country’s involvement was motivated by a desire to retaliate against Stuxnet and related attacks against Iran’s nuclear programme. Gholam Reza Jalali, the head of Iran’s Passive Defense Organization, who is in charge of the country’s cyber programme, has denied these claims, which remain unsubstantiated.

Hacktivist statements associated with the ongoing attacks on US banks demand the erasure of the Innocence of Muslims from the interwebs.

The Financial Services ISAC raised its cyber threat level to “high” on 19 September, around the time of the first attacks targeting Bank of America, and the net attack risk outlook remains at the organisation’s second-highest state of alert.

Dan Holden, director of research at Arbor’s Security Engineering and Response Team (ASERT), said the attacks were almost certainly powered by botnets.

“This attack has generated enormous amount of attention because it was telegraphed in advance, putting these firms on notice,” Holden told El Reg. “That has led to great media interest and frankly, some pretty wild speculation about motives and attack techniques.

“Arbor does not believe that this was an opt-in only attack, but one driven heavily by botnets as well. This incident shows the need for businesses to take a proactive approach to the issue of network availability. Trying to fix your roof when it’s raining is not pleasant experience.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/09/28/us_banks_ddos_update/

An espionage attack on Telvent – the maker of power-grid control systems and smart meters – has been linked to a prolific Chinese hacking crew.

Telvent, a division of Schneider Electric, has admitted hackers breached its corporate network, implanted malicious software and lifted sensitive project files. The raid spanned Telvent systems in the US, Canada and Spain, according to a letter sent to the company’s customers this month.

Criminals can now study the documents for vulnerabilities in the systems, and potentially devise attacks to sabotage nations’ electricity distribution networks.

Telvent boasts that it has “built a customer base second to none in the energy industry”, adding: “Our systems now manage over 60 percent of the total hydrocarbon movements in North and Latin America and control transmission and distribution of over 140,000 GWh through worldwide electrical grids.”

Investigative reporter Brian Krebs, who first reported the breach, said the blueprints described Telvent’s OASyS SCADA [supervisory control and data acquisition] product, a technology that offers power companies a means to bridge legacy systems to next-generation “smart grids”.

Clues such as references to particular domain names and malware left behind by the spies match the digital fingerprints of a Chinese hacking crew called the Comment Group, which is linked to previous cyber-espionage campaigns, according to researchers at Dell SecureWorks.

Telvent has cut data links between at-risk portions of its internal network and clients’ systems as a precaution while it investigates the breach. Police have been called in to investigate the attack, according to this statement supplied to Sophos:

Telvent is aware of a security breach of its corporate network that has affected some customer files. Customers have been informed and are taking recommended actions, with the support of Telvent teams. Telvent is actively working with law enforcement, security specialists and its affected customers to ensure the breach has been contained.

Dale Peterson, founder and chief of industrial control security specialist Digital Bond, spelled out the kinds of information present in the lifted documents.

“Some project files contain the ‘recipe’ for the operations of a customer, describing calculations and frequencies at which systems run or when they should be turned on or off,” he told WiReD.

“If you’re going to do a sophisticated attack, you get the project file and study it and decide how you want to modify the pieces of the operation. Then you modify the project file and load it [onto a company’s control system], and they’re not running what they think they’re running.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/09/28/telvent_hack/

Adobe has revealed an attack that compromised some of its software development servers, resulting in its code signing certificate being used to disguise malware as Adobe software.

The attackers compromised a build server, Adobe says in this statement, which had “access to the Adobe code signing infrastructure”. The build server had been put into service even though “the details of the machine’s configuration were not to Adobe corporate standards”.

The company is now revoking the certificates, which had been used to sign at least pwdump7 v7.1, which extracts password hashes from Windows; libeay32.dll, which works in conjunction with pwdump; and myGeeksmail.dll, which it describes as a malicious ISAPI filter.

Adobe says it has set up an interim signing service for all components signed with the impacted key since July 10, 2012. New certificates will be issued on October 4, the company says.

On this page, Adobe provides information for users of its software to determine whether they need to take any action.

The breach “only affects the Adobe software signed with the impacted certificate that runs on the Windows platform and three Adobe AIR applications that run on both Windows and Macintosh”, the statement says. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/09/27/adobe_cert_revoked/

Advisory firm Forrester Research questioned 2,383 IT workers from five countries for a report called Understand The State Of Data Security And Privacy: 2012 To 2013, but only 56 per cent of those surveyed in North America and Europe said that they were aware of their employers’ current data security policies, according to a media reports.

“It’s not simply just a matter of having the appropriate tools and controls in place,” the Forrester paper said, according to a report by PC World. “It’s worth noting that only 56 percent of information workers in North America and Europe say that they are aware of their organisation’s current security policies.”

“Consider employee awareness to be another layer of security, and realize that educating employees is also internal PR outreach for the security group,” Forrester Research analyst Heidi Shey wrote in the paper, according to a report by Security Week.

The Forrester report also outlined that the majority of data breaches the survey respondents experienced in the last 12 months were caused by company employees. Only 25 per cent of the data breaches stemmed from actions by external attackers, according to a report by PC World.

Nearly a third (31 per cent) of data breaches were caused by loss or theft of information, whereas 27% of incidences experienced resulted from the inadvertent misuse of data by employees. On 12 per cent of occasional data breaches were caused by acts by malicious insiders, according to PC World.

“Given all the media attention on data and privacy breaches, hacking, and advanced persistent threats today, it’s easy to assume that all the major threats to your organisation come from external actors,” Shey said in the Forrester report, according to Security Week. “Not completely true.”

“Insiders and business partners also have access to data and information that they compromise. Whether their actions are intentional or unintentional, insiders cause their fair share of breaches. Other common sources of breach include loss or theft of corporate assets, such as laptops or USB drives, and external attacks that target corporate servers or users,” she said.

Personal data breaches accounted for 22 per cent of the cases reported in the Forrester survey, with breaches relating to intellectual property and user’s login details occurring on 19 per cent and 11 per cent of occasions respectively, according to the PC World report.

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/09/27/it_staff_half_do_not_know_about_data_security_policies_of_employer/

A US congressmen has been left incensed after miscreants installed Linux on computers at his campaign office, possibly thrashing some data in the process.

Michael Grimm, a Republican who represents a district in New York covering Staten Island and parts of Brooklyn, has slammed the weekend break-in to his offices on as a “politically motivated” crime against the democratic process.

“Whoever did this, the people responsible are very ignorant [sic], and they don’t understand that this is not just an attack against me or my campaign,” Grimm told the Staten Island Advance. “This is an attack against a federal campaign office, which is an attack on our democracy as a whole. It’s an attack against what we stand for, for free elections.”

Police sources told the New York Daily News that in the absence of evidence of forced entry to Grimm’s campaign headquarters, the case is being investigated as an act of criminal mischief rather than a burglary. Three windows were broken at the offices, which were not fitted with a security alarm, on Saturday night. The damage was discovered by campaign staff on Sunday morning (23 September).

According to a statement by the Grimm campaign, large stones and concrete were thrown through the campaign office windows during or around the same time miscreants “corrupted and erased the hard-drive of the campaign computer server, which contains confidential campaign files and polling data”, by installing Linux*.

Fortunately staff reportedly backed up hard drives hours before the crime. Staten Island Advance added that Linux was installed on the office computers without revealing the flavour of open-source OS the perps used or the number of machines affected.

The Grimm campaign said it keeps the personal information of its volunteers, such as addresses and phone numbers, at a separate location, so that information was not stolen or compromised.

Grimm characterised the break-in as cowardly and suggested it might be part of some wider dirty tricks campaign.

“Violence is violence. Throwing large stones and concrete through the window is an act of violence, and we’ve got to take it seriously,” Grimm said. The incident follows the theft of lawn signs promoting Grimm’s re-election bid as well as a “mysterious computer shutdown in the middle of the night” at Grimm campaign HQ.

First term congressman Grimm, 42, a former FBI agent and Marine, is running for re-election in November against Democrat Mark Murphy. A Murphy spokesman condemned the break-in.

In addition to the NYPD, US Capitol Police have also been notified about the break-in.

Grimm is the subject of a federal investigation into fundraising that took place during his successful 2010 campaign. Rival Murphy has called on Grimm to return controversial campaign contributions obtained via an Israeli businessman, which Murphy alleged had been extorted from the congregation of Rabbi Yoshiyahu Pinto. ®

Bootnote

*Data from the congressman’s computer would probably be recoverable, even after Linux was installed, according to data recovery experts. Simon Steggles, a director of UK-based computer forensics and data recovery firm Disklabs, said that data would be recoverable “unless the data on the hard drive has been overwritten… in which case, it will be impossible to recover.”

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/09/26/vandals_install_linux_on_congressman_office_computers/

Hacktivists once again poked fun at Symantec after previously leaked source code for Symantec’s Norton Utilities 2006 software was made available as a torrent on Monday. Symantec downplayed the significance of the leak, saying it only involved obsolete code that had already been exposed.

AntiSec tacked a mocking note onto the release of a 52MB file, which was uploaded to The Pirate Bay and other torrent tracker sites on Monday. “Anyhow with this release is nothing really to prove, just stop making shitty software in the name of god! Your [sic] are only killing our CPU’s! [sic]”

“Respect greetings to @AnonymousIRC @Par_AnoIA.”

Back in January, a hacking group calling itself The Lords Of Dharmaraja boasted about stealing the source code for Symantec’s security products from Indian government systems.

The security giant initially blamed the leak of source code for older enterprise products on a breach at the network of an unnamed third party, before later admitting that the source code of pcAnywhere and consumer products had also been exposed. It also confessed that the leak was actually down to an earlier (previously undetected) breach of its own systems back in 2006.

It said source code for the 2006-era versions of the following products had been exposed: Norton Antivirus Corporate Edition; Norton Internet Security; Norton SystemWorks (Norton Utilities and Norton GoBack); and pcAnywhere.

Symantec took the highly unusual step in early February of advising customers of pcAnywhere to suspend use of the older versions of remote control desktop management software pending the release of a patch. Shortly after the patch became available, The Lords Of Dharmaraja leaked portions of pcAnywhere source code, together with an invitation for hackers everywhere to pour over the code in order to identify exploits against systems running Symantec’s remote control software.

In a statement, Symantec said this week’s release is tied to the earlier breach but is less significant than the pcAnywhere leak because it involves only obsolete code.

“Symantec is aware of the claims made online that a group has posted the source code for Norton Utilities 2006. We have analyzed the code that was posted and have concluded that it is the same code that was already posted by another group in January 2012.

As we stated at that time, the 2006 version of Norton Utilities is no longer sold or supported. The current version of Norton Utilities has been completely rebuilt and shares no common code with Norton Utilities 2006. The code that has been posted for the 2006 version poses no security threat to users of the current version of Norton Utilities. Furthermore, we have no indications that the posting of this old code impacts the functionality or security of any other Symantec or Norton solutions.

Independent security experts, such as Imperva, have described the Lords Of Dharmaraja hack and subsequent source code leak saga as more of a trophy scalp for hacktivists than a serious risk to Symantec’s customers.

“The implications of the anti-virus code leakage will not keep the Symantec folks awake too late at night, and certainly not their customers,” Rob Rachwald, director of security strategy at Imperva, wrote at the time. “After all, there isn’t much hackers can learn from the code which they hadn’t known before [because] most anti-virus product is based on attack signatures.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/09/26/symantec_source_code_leak/