STE WILLIAMS

The Japanese government has uncovered an advanced Trojan attack which may have lain undiscovered on its networks leaking confidential data for over two years.

The Finance Ministry told the local Kyodo news service that the first infection came in January 2010, with the most recent taking place in November 2011, after which the attacks apparently stopped.

However, the infections were only discovered last week as part of an on-going security audit of the ministry’s IT systems begun by a contracted firm in May.

So far, 2,000 machines have been checked and a disconcertingly high number – 123 – were found to be infected by Trojan, the report said.

The government is trying to play down the incident by claiming that confidential information such as taxpayers’ details has not been leaked, and that the infected computers belonged mainly to junior staff, although the malware may have accessed documents related to ministry meetings.

The report references hacktivists Anonymous, which last month launched denial of service attacks and web defacements of several government and political sites including the Finance Ministry, although this Trojan attack appears at first sight not quite to fit the MO of the group.

The Trojan was apparently undetected by the anti-virus software installed on the government PCs and lay undetected for a long period of time – hallmarks of a more sophisticated advanced persistent threat-style attack.

The ministry has yet to identify exactly how the PCs became infected and has replaced the hard disks on all affected computers, the report said.

Last October, a Trojan attack on the machines of several Japanese lawmakers was uncovered.

The data-stealing malware arrived as a dodgy attachment and caused hijacked machines to communicate with a server located in China. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/25/japan_finance_ministry_trojan_attack/

Anonymous is preparing to reveal 40GB of data its members say came from an Australian internet service provider (ISP) and contains “600k+” of customer data.

The Reg understands a “sample leak” will be released later today and that the organisation will take care to protect individuals’ personal details.

The activist collective yesterday took credit for a series of defacements of Queensland government websites and has since contacted other media outlets, telling them that it intends to release customer data from an Australian ISP.

The @Op_australia Twitter feed recently promised it is “almost there” on “something big”. Comments on an Anonymnous-aligned IRC channel offered the mention of 600,000 customers and references to the sample leak

The 600,000 figure means the data almost certainly comes from one of Australia’s largest ISPs. Telstra and Optus are both known to have millions of subscribers, while iiNet has stated it has 1.3 million.

Among smaller ISPs, TPG’s most recent half year report says it has 567,000 subscribers, placing it ahead of the likes of Exetel, Adam Internet and Netspace. iPprimus is probably also below the 600,000 customer threshold, making it likely that Anonymous will embarrass Telstra, Optus or iiNet … with TPG also a chance of hitting the headlines for all the wrong reasons. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/25/anonymous_isp_data/

India has cemented its position as the world’s biggest fire hose of spam email, according to new figures.

Hacked computers in the republic working on behalf of crooks spewed more than one in ten of the globe’s spam mails in the last quarter, reported web security firm Sophos.

India is home to 5.3 per cent of the world’s internet users, but it plays an oversized role in the global junk mail epidemic. Apparently, lax security leaves the country’s PCs prone to viruses, which press-gang machines into remote-controlled zombie armies to do the bidding of criminals – such as flooding inboxes with dodgy advertising spam.

Asian countries disgorged 49.7 per cent of the world’s junk email last quarter, compared with 8.6 per cent of spam fired off from North America, according to the stats from Sophos. The security biz also pegged China in eighth place this time around; it’s believed the huge authoritarian state’s Great Firewall, and the fact that citizens need a licence to run an email server in the nation, play a part in limiting .cn-sourced spam.

Greater availability of internet access in Asia is continuing to fuel the increase in spam from that continent. Only a year ago the US topped Sophos’s Dirty Dozen list of spam-relaying countries, but these figures have been turned on their head: India has topped the list of shame for the past two quarters.

The actual content of spam messages have remained largely unchanged, and the identities of gangs responsible for commanding zombie botnets remain unknown.

“The spam itself, of course, doesn’t have to promote Indian goods,” commented Graham Cluley, senior technology consultant at Sophos. “Chances are that most of the spammers who are relaying their messages through compromised Indian computers are not based in the country at all – and just taking advantage of zombie computers that have been unwittingly recruited into a botnet.” ®

Top 12 spam-relaying countries for April to June 2012, according to Sophos

1. India: 11.4 per cent
2. Italy: 7.0 per cent
3. S Korea: 6.7 per cent
4. USA: 6.2 per cent
5. Vietnam: 5.8 per cent
6. Brazil: 4.4 per cent
7. Pakistan: 3.7 per cent
8. China: 3.2 per cent
9. France: 3.1 per cent
10. Russia: 2.9 per cent
11. Poland: 2.7 per cent
12. Taiwan: 2.6 per cent

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/25/spam_relay_villains/

Black Hat 2012 The 2012 Black Hat conference is kicking off in Las Vegas, and this year’s session will see Apple presenting for the first time, as well as a reunion of some of the team behind the first briefings 15 years ago.

Black Hat, and the associated DefCon sessions which follows it, is probably the largest collection of hardcore computer security experts on the planet, and features the latest updates on hacking opportunities and serious vulnerabilities. Nearly 10,000 people are expected to attend and share or use the knowledge gleaned to protect – or crack – systems.

While Apple has had security staff among the attendees for many years, the company has never actually made a presentation until this year. The recent spate of attacks on its products, however, appears to have engendered a new awareness that it can’t go it alone – and so the delightfully named Dallas De Atley, manager of the platform security team at Apple, will deliver a talk on iOS security.

Microsoft recognized the importance of Black Hat relatively early, and has been sending staff since the late 1990s, although Redmond’s problems with security make Apple’s recent public failings look like a mere flea bite by comparison. A session on Windows 8 vulnerabilities is scheduled that should prove both enlightening and worrying for Redmond – given we’re getting close to the launch of the new OS.

There’s also a reunion of some of the first Black Hat attendees. Jeff Moss, who started the conference before selling it, will join a panel with security guru Bruce Schneier, Adam Shostack, Marcus Ranum, and Jennifer Granick. The talk, entitled “Smashing the future for fun and profit”, will look at how things have developed in the last decade and a half, as well as considering what the next hot targets will be.

Another regular, Dan Kaminsky, will also be addressing the crowds on the latest naughtiness he’s proved possible. Kaminsky, who was instrumental in proving the need for and implementing DNSSEC as well as fixing SSL, is fast becoming one of the regulars at the show after deciding to go totally legitimate because, as he told us in 2010, he “didn’t want his mother to have to visit him in prison.”

While Black Hat is always informative, it also engenders a certain level of risk. Already someone has sent out a bogus password reset email to some attendees, and cracking the organizers is something many of the more mischievous attendees try – and anyone attending the show, including your Reg reporter, is considered fair game.

This year the organizers have warned attendees to avoid using Wi-Fi or other radio connections in the conference venue, steer clear of ATM machines (after a bogus one was set up near the venue in 2009), shield RFID-equipped cards and passports, and advises that all passwords are changed after the show.

“Wear a tinfoil hat,” the advisory email states. “OK, kidding about this one … although I do see one every show.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/25/black_hat_introduction/

Google has altered the comments system on YouTube to encourage those who wish to share their views to step up and identify themselves.

Under the new system anyone trying to leave a comment on YouTube will be asked if they would like to identify themselves using a Google+ account. It’s not compulsory, but those that decline this option are shown a new page asking why they chose to remain behind a cloak of anonymity.

Sadly no “Because I’m an immature coward” option

There’s also an option to backdate the identification option to past posts, but this can be applied selectively if you don’t want to assign your name to that drunken comment about President Obama’s birthplace.

Having commentators identify themselves should make them think a little bit more about what they write, but the changes are unlikely to bring about any serious cleanup of the site’s commentary zone, since it’s not compulsory. That said, the new query pages could get annoying enough after a while to encourage the flamers to move on.

YouTube has long been recognized as having one of the noisiest and rambunctious user commentary areas, where politeness is a collection of syllables and Godwin’s Law just a suggestion. Internet court jester Randal Munroe even suggested an elegant application fix for the YouTube commentard problem. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/24/google_youtube_comments/

The UK Home Secretary is due to decide by mid-October whether or not to order Gary McKinnon’s extradition to the US, a hearing at the High Court heard on Tuesday.

The hearing followed a decision by McKinnon and his legal team to decline to undergo a Home Office medical test by a doctor, Professor Thomas Fahy, whom McKinnon’s legal team said lacked specialist skill in assessing the mental state of people with Asperger’s. Experts in autism, including Doctor Jan Vermeulen who carried out a face-to-face assessment of McKinnon, have warned that McKinnon is at severe risk of committing suicide if faced with the prospect of a US trial on computer hacking charges.

An assessment of his suicide risk will be a key factor in the deliberations of Home Secretary Theresa May.

McKinnon, 46, admits hacking into US military and NASA computers during 2001 and 2002 with the aim of hunting for suppressed evidence about UFOs. But he denies causing damage and has consistently sought a trial in the UK since extradition proceeding began in late 2005, three years after his arrest by UK police.

His case was the topic of unsuccessful appeals that went all the way up to the House of Lords and the European Court of Human Rights before McKinnon was diagnosed with Asperger’s Syndrome, in August 2008. Labour Home Secretary Alan Johnson allowed McKinnon’s extradition despite medical evidence but extradition was later blocked pending a judicial review. This review was adjourned after the UK’s incoming Home Secretary, Theresa May, decided to re-examine the medical evidence back in May 2010.

Last week a Home Office spokesman said May was close to making a decision. “The Home Secretary will make a decision as soon as possible: this is a complex case, in a complex area of the law, and a large amount of material has been submitted, some of it relatively recently,” he said.

McKinnon’s case for trial in the UK has been supported by numerous public figures including Sting, David Gilmour, Stephen Fry, Terry Waite, Tony Benn, and numerous politicians of all hues. The issue has spawned debate in Parliament and reviews of the extradition laws between the US and UK, which critics argue are one-sided and unfair. Efforts to come to a diplomatic agreement about the case have been fruitless.

May’s decision in October is unlikely to be the last word on the case, if past form is any guide. And a further judicial review is more than likely if this review goes against McKinnon. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/24/mckinnon_extradition_review/

More than eight million email addresses, usernames and password hashes from German gaming website Gamigo have been dumped online, months after the site was hacked.

A 500MB file containing 8.2 million Gamigo user login credentials was uploaded and publicised via a post to password-cracking forum Inside Pro, according to the data breach alert service PwnedList. The file was pulled last week but the damage may already have been done.

The gaming site has been around since 2001, and focuses on free-to-play massively multiplayer online role-playing games, offering about 20 games which are published all across Europe and “since 2010, also in North America”, according to its website. Some of its more popular titles include the Civilization-esque Cultures Online and battle epic Last Chaos.

Tim “TK” Keanini, chief technology officer at network security firm nCircle and avid online gamer, said Gamigo made the mistake of using a weak encryption algorithm, leaving password open to brute force attacks.

“Gamigo is the new poster child for bad password security for two reasons: this is largest leak this year in terms of number of hashes, and they used MD5 Digest, a very weak encryption algorithm,” Keanini said. “MD5 has been known to be ineffective since 1996. There’s no excuse for using encryption this weak; it’s just bad security.

“For all practical purposes, MD5 is almost as bad as storing passwords in clear text. Given rainbow tables and other crypto-analysis techniques, breaking this encryption is child’s play. This should never be an option for password encryption,” he added.

Gamigo, which is owned by German publishing firm Axel Springer AG, applied a password reset after it told users about a password security breach that took place in late February. The danger remains that since the weak password hashes were exposed, many users are likely to have used their Gamigo password credentials on other more sensitive websites, such as webmail or e-banking.

The spilled data included 3 million US accounts, 2.4 million German accounts, and 1.3 million French accounts. Although the hacker who uploaded the password data claimed to have credentials from 11 million user accounts, the list contained a substantial proportion of duplicate email addresses, so 8.2 million is a more accurate figure, Forbes reports.

It’s unclear why the person who uploaded the list waited so long to spill the goodies after the original breach. It may be that the hacker and the dumper are two different individuals, and the dumper only recently came into possession of the leaked data, but this is only one of several possible explanations.

The original breach was pulled off by a hacker using the moniker 8in4ry_Munch3r, while the notice of the upload was posted to Inside Pro by “-=lebed=-“, Zdnet’s ZeroDay blog notes.

The security snafu joins the growing list of password security breaches this year from organisations including LinkedIn, eHarmony, Last.fm, Yahoo! Voices, Formspring, and Nvidia, among many others. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/24/gamigo_password_breach/

People operating under the name “Anonymous” claim to have defaced several websites in the Australian state of Queensland, in protest against draft Australian policies on data retention.

The Twitter handle @Op_Australia makes the claim in this tweet. A webchat channel at anonops.com named opAustralia referenced in other tweets is active, and offers a link to newswire story about the government’s proposed data retention policies. Those policies would see the government able to store and access up to two years worth of data about individuals and businesses, and enjoy easier access to social networks without user consent, in the name of national security.

Anonymous has claimed responsibility for the defacements in an email sent to News.com.au, which reports the attack was timed to coincide with the appearance of Prime Minister Julia Gillard in a Google+ Hangout. A Facebook page named Anonymous Australia links to that story and lists web sites the group says it defaced.

None of the websites Anonymous says it has defaced were still damaged at the time of writing, but createitmakeitliveit.qld.gov.au/ and smartawards.qld.gov.au/ each returned a redirect loop error and would not load.

It is of course hard to know if the defacements, Twitter account and webchat channel mentioned above really are run by Anonymous, because as Wired recently detailed various individuals and groups have donned the Guy Fawkes mask at different times.

What is certain, however, is that Australians aren’t happy with their government’s policies regarding internet freedom. A proposed Internet filter, ostensibly aimed at preventing child pornography reaching the island nation, drew wide protests before the 2010 election and an attack from Anonymous.

The filter is now in legislative limbo, and has not been put before the Parliament for some time. The new data retention proposals have also been widely criticised. The Federal government’s response to that criticism has been to point out that the proposals are only drafts and that the public has a chance to comment on them before the August 6th conclusion of a consultation process. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/24/anonymous_hits_australia/

The grubby practice of allowing UK-stamped surveillance tech to be shipped to brutal regimes could land the British government in court to answer allegations of aiding human rights breaches.

London-based NGO Privacy International has repeatedly asked the UK to exercise existing powers under the Exports Control Act 2002 to help put a stop to commercialised made-in-Britain spook spyware being used to facilitate social and political repression.

But PI said today that its polite requests had so far been ignored. As a result, the organisation’s lawyer has written a letter to Secretary of State for Business Innovation and Skills (BIS) Vince Cable demanding action from the government.

“Privacy International has given the government 21 days to respond,” the NGO said.

“If the government has failed to act by the time this deadline expires, Privacy International will file for judicial review and if appropriate seek an urgent injunction preventing British companies from maintaining and updating systems already previously sold to repressive regimes, and stopping any new exports in their tracks.”

The Register asked Cable’s office to respond to this story, but no one at the BIS had got back to us at time of publication.

It’s likely, however, that PI’s demands for a “substantive response” will be brushed aside, which means the matter could end up in court.

The charity’s head of research, Eric King, said:

British companies have been peddling their wares to repressive regimes for years now. Publicly condemning the abuses of dictators like al-Assad while turning a blind eye to the fact that British technologies may be facilitating these abuses is the worst kind of hypocrisy. The government must stop exports of British surveillance technologies to despotic regimes before more harm is done.

A six-month PI investigation concluded late last year, exclusively covered by El Reg, showed how the practice of selling, installing and managing surveillance tech and comms control kit for vicious regimes had turned into a lucrative market.

The probe revealed some 150 international companies were now trading in that nascent sector. The majority of those outfits either did not exist 10 years ago, or else punted other products besides electronic snooping tools. PI estimated that the industry now commands a global price tag of around £3bn each year. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/24/privacy_international_legal_action/

The home affairs committee has welcomed plans by the UK Border Agency (UKBA) to create a National Allegations Database to manage information provided by the public on possible immigration violations.

In a report (PDF) on the UKBA’s work between December 2011 and March 2012, the committee says that overall, only 4 per cent of the intelligence reports received from the public resulted in enforcement. Outlining the figures, the document says that out of 25,600 allegations about possible illegal immigrants or other immigration violations received from the public between 9 December and 29 March, just 900 resulted in an enforcement visit.

It explains that although the agency is performing well in assessing tip-offs from the public quickly, with 98 per cent of the 25,600 allegations during December 2011 and March 2012 being assessed in 48 hours, it is still interested in the “low yield” of actionable intelligence that results from these tip-offs.

“We will be asking the agency to identify the main reasons for this. We understand it may be the result of the quality of the information reported to the agency and we expect to hear from the agency what its plan is to improve the quality of the information it receives when the database goes live,” says the document.

Previous reports by the committee have highlighted an inconsistent approach by the agency to recording and following up on intelligence leads. The committee believes that the launch of the database will help the agency improve its performance in following up on tip-offs from citizens.

“We note the fact that the agency is having discussions over how feedback can be provided to those who report allegations when requested and appropriate, this will help to give the public confidence that genuine concerns are being investigated,” says the report.

“We repeat our previous recommendation which is that people who make genuine complaints need to be told about the outcome.”

The report says that the UKBA has confirmed the design of the database has been agreed, funding secured and an assessment has been made of staffing and operational requirements needed. The committee says it will be monitoring the progress of the database.

A spokesman for the Home Office told Government Computing that testing was still being carried out on the system and that it is expected to go live in September.

In its report on the UKBA, the committee also raises concerns about a huge backlog of 276,000 immigration cases, which it says is “larger than the population of Newcastle upon Tyne”. The committee describes this level of backlog as unacceptable and says that it will be monitoring the numbers closely and expects to see them decline quickly.

This article was originally published at Government Computing.

Government Computing covers the latest news and analysis of public sector technology. For updates on public sector IT, join the Government Computing Network here.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/24/ukba_to_launch_allegations_database/