STE WILLIAMS

Six alleged hacktivists have been arrested in Canada following a series of attacks on Quebec government websites.

Neither the identity of the suspect nor information on the site they targeted or why have been released by tight-lipped Canadian authorities.

Five police forces – including the Royal Canadian Mounted Police, the Sûreté du Québec, and three municipal forces – carried out a series of raids that led to the arrests. Three of those arrested were minors. Police declined to say whether the suspects were part of Anonymous, citing the need to preserve the integrity of an ongoing investigation, Canadian Press news agency reports.

The Québec government has earned the ire of Anonymous over recently enacted anti-protest laws. The province’s education and Montreal police department websites were hacked in a series of attacks last month. The website of the provincial Liberal party also became a target in the same set of denial of service assaults.

Hacktivists also managed to get their hands on the personal details of spectators attending the Formula One car-race in Montreal before sending somewhat threateningly worded emails warning motor racing fans of possible trouble.

“If you intend to use a car, know that your road may be barricaded,” the ‘Notice to Grand Prix Visitors’ emailed by Anonymous warned.

“If you want to stay in a hotel, know that we may enter it. If you seek to withdraw money from a bank, know that the shattering glass may sting. If you plan on watching a race, know that your view may be obscured, not by exhaust fumes but by the smoke of the fires we set. Know that the evacuation order may not come fast enough.”

Police created barriers blocking access to certain public places or detained people suspected of planning to disrupt the 10 June Grand Prix, allowing the event to proceed normality while sparking some criticism from civil liberties activists over an allegedly heavy-handed approach towards dealing with dissent. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/20/quebec_hacktivist_arrests/

Flame was created by the US and Israel in order to collect intelligence on Iranian computer networks as part of the same covert operation that spawned Stuxnet.

Anonymous US officials told the Washington Post that Flame was created as part of of the secret programme codenamed Olympic Games. Flame was designed as a means to map Iranian networks, as part of a reconnaissance mission to map closed computer networks that served as a prelude to the sabotage of systems at Uranium nuclear enrichment facilities carried out by Stuxnet.

The news that the US and Israel were behind Flame follows weeks after a similar confirmation that the two countries cooked up Stuxnet. Neither revelation came as a particular surprise since both strains of malware bore the hallmarks of a state-sponsored attack, cooked up by intelligence agencies or perhaps military sub-contractors rather than anything that might have been developed by either cybercrooks or politically-motivated hacktivists.

Flame was developed around five years ago as part of a classified US-Israeli effort designed to slow down Iran’s nuclear programme, reducing the pressure for a conventional military attack that would undoubtedly inflame tension in the Middle East.

Stuxnet and Flame are both elements of a broader and ongoing cyber-assault, one former high-ranking U.S. intelligence official told the Washington Post. Although Stuxnet and Flame can be countered “it doesn’t mean that other tools aren’t in play or performing effectively,” he said.

Key agencies in the development of Stuxnet included the CIA’s Information Operations Center, the NSA and an Israel Defence Forces intelligence formation known as Unit 8200.

However despite working together to develop “cyberweapons” the US and Israel have not always co-ordinated their attacks. The Washington Post sources blame assaults on Iran’s Oil Ministry and oil-export facilities launched by Israel in April for the discovery of Flame. Israel was also blamed for changes in Stuxnet that meant it spread from the compromised laptop of an Iranian nuclear technician onto the internet.

Intelligence agencies from both Israel and the US are also using more conventional spycraft to screw up the supply of hi-tech components necessary to sustain Iran’s controversial nuclear program, for example by making sure the high speed centrifuges supplied to the country are often faulty.

Last week, researchers with Kaspersky Lab reported that Flame was created by a group that must have collaborated with whoever created Stuxnet. A component in an early build of Stuxnet appears in Flame as a plugin. Despite this link Stuxnet and Flame are not close relatives. However Stuxnet uses the same programming building blocks as Duqu, another information stealing cyberweapon.

Neither the US or Israel has claimed responsibility for the creation of Duqu, as yet. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/20/us_israel_flame/

Syrian activists are coming under attack from a new Trojan, based on a commercial spyware application.

Targeted attacks surreptitiously install the BlackShades Trojan onto compromised machines, an advisory by the EFF and Citizen Lab warns. The Trojan is been distributed in via compromised Skype accounts of Syrian activists in the form of a “.pif” file purporting to be an important new video that is actually a malicious executable file. Opening the file on a Windows machine drops a key-logger onto infected machines.

The use of remote surveillance software against activists has been going on amidst the conflict in Syria since February, if not earlier.

Previous attacks have involved a phishing campaign targeting the YouTube or Twitter credentials of high profile Syrian opposition figure and malware tainted files posing as documents regarding the foundation of a Syrian revolution leadership council. Another attack punted infected documents supposedly detailing a plan to assist the city of Aleppo.

Most of these attacks have pushed the Dark Comet Trojan while other less commonplace attacks have featured the Xtreme Trojan. Successful attacks allow hackers to attackers to plant key-loggers or extract data from infected machines. Other attacks include remote desktop remote desktop viewing, webcam spying, audio-eavesdropping and more.

Dark Comet has also been pushed through attacks supposed offering a Skype encryption add-on. In reality, Skype traffic is already encrypted and the supposed utility is secretpoliceware designed to get around this technology to spy on activists. Another attack punting the Xtreme Trojan was seeded using the Skype accounts of recently arrested activists.

All these attacks, as well as the most recent BlackShades assault, are blamed on the Syrian government.

A detailed technical description of the BlackShades Trojan-based attack can be found in a blog post by Citizen Lab here.

Citizen Lab is an interdisciplinary research team based at the Munk School of Global Affairs, at the University of Toronto, Canada. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/20/syrian_skype_trojan/

Apple have patented the idea of using data clones to hide from surveillance: data clones that will browse the internet under your name but will look at basket-weaving sites instead of porn.

In one of the stranger Apple patents that we’ve seen in recent months, author Stephen R Carter details a way of stopping eavesdroppers snooping on users by creating user clones. Patent 8,205,265, called Techniques to pollute electronic profiling was awarded by the Patent Office today.

Apple won seventeen patents today, but this one really sticks out: The other sixteen deal with items of smaller scope such as the design of docking stations, power adaptors and techniques for dynamic shading. The electronic profiling is a bit more futuristic.

How a goody two-shoes clone would distract snoopers and let you ogle smut in peace

We’re all getting snooped all the time, says Carter explaining the background to the patent, and it’s impossible to stop people doing it. He uses George Orwell to describe our modern world of data snooping:

Concerns about the government and its knowledge about its citizenry is often referred to in a derogatory sense as actions of “Big Brother” who is omnipresent and gathering information to use to its advantage when needed. The electronic age has given rise to what is now known as thousands of “Little Brothers,” who perform Internet surveillance by collecting information to form electronic profiles about a user not through human eyes or through the lens of a camera but through data collection. This form of Internet surveillance via data collection is often referred to as “dataveillance.” In a sense, thousands of “Little Brothers” or automated programs can monitor virtually every action of users over the Internet. The data about a user can be accumulated and combined with other data about the user to form electronic profiles of the users.

The patent mentions the current technologies for evading tracking including the use of anonymisers and spyware-killers, but argue that they can never completely hide a user on the Internet: “even the most cautious Internet users are still being profiled over the Internet via dataveillance techniques from automated Little Brothers” Carter says.

How Apple would clone you

Apple’s idea is to create a data clone that would appear believable enough to divert snoopers from the real person’s activities, confusing or “polluting” electronic profiling.

Firstly the patent details the idea of cloning the real person’s digital identity to create a clone configured on a device. Areas of interest would be associated with the clone that may different to those of the actual person. The clone would be able to carry out “actions” in line with those areas of interest.

Secondly the patent details adding genuine identity information to the clone to make it seem more believable to eavesdroppers, such as having the same date of birth and gender as the real person.

And thirdly and fourthly the patent details adding feigned information to the clone including feigned emails and bank details so that eavesdroppers will be diverted from collecting the true information.

The patent explains how this cunning ploy would work in practice:

for example, the cloning service may process an area of interest that is divergent from that of the principal such as an interest in basket weaving. This particular interest may be associated with its own lexicon and actions associated with particular Internet websites, products, services, and/or books. Actions may be defined that permit the cloning service to appear to be the principal [real person] and visit specific basket weaving websites, issue Internet searches related to basket weaving, and the like. This activity by the cloning service may be picked up by an eavesdropper and may be used to generate a polluted profile about the principal that suggests the principal is interested in basket weaving, when in fact this is not the case.

In further details it explains that the clone could be set to never look at porn or engage with pirated material. The cloning system would even be configured not to go online at times when the “real person” would not be online – eg scheduled holidays. This would be in order to prevent the detection of it as a clone.

In the wacky futuristic scenarios sketched out by Carter, attempts to make the clone appear realistic would include your basket-weaving digital clone sending emails, engaging in online chats and even buying things online – in order to appear more believable:

In some embodiments, at 160, the cloning service may perform a wide range of automated actions consistent with the assigned areas of interest. Examples of these actions may include, but are not limited to, performing an Internet search on a given area of interest; activating selective results that when analyzed conform semantically to the area of interest; activating advertisement banners in web pages; filling out electronic surveys; sending an email; engaging in rudimentary online chat discussion by using techniques similar to Eliza (an automated chat engine); activating embedded links within a document that conforms semantically to the area of interest; registering for services associated with the area of interest; purchasing goods or services related to the area of interest, etc.

Apple’s Motivation

Filed relatively recently on 11 October 2011, we note that the patent application comes several months after Apple landed in a load of trouble for tracking – and storing – very detailed information about the location of iPhone users.

It could be that Apple wants to use this patent as a way to protect its users from malevolent tracking outsiders. It could be that Apple wants to track its own users and has now locked down a way that they could use to evade it. Any use of such techniques would potentially violate Cupertino’s new patent.

All we know for sure is that it’s going to be quite weird when basket-weaving kits that your anti-surveillance cloneware has ordered on eBay start arriving at your house. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/19/apple_data_clone_patent/

Comment The British government is keen for more public data and private transactions with taxpayers to be pushed online at precisely the same time as the Home Secretary demands more powers for security services to effectively snoop on communications traffic with the help of telcos and social networks.

Add to that the fact that spooks are constantly trying to interrupt encrypted sites that – they argue – are used by organised criminals and terrorists.

Then factor in the European Commission’s vice president Viviane Reding’s efforts to convince the EU parliament to pass a new data protection law because she and many others believe that the one written in 1995 is out of date.

Reding has repeatedly reminded audiences of computer academics and internet players, whom she has lobbied hard with her draft DP bill, that Facebook founder Mark Zuckerberg was only 11 when the previous legislation came into being.

Viviane Reding continues to lobby for rewrite of Euro data protection law

Indeed, that justification for overhauling the law was bandied around again by the Brussels’ justice commissioner earlier this week when she was speaking at the inaugural Digital Enlightenment Forum in Luxembourg.

Google, she added, was in 1995 still three years away from being incorporated and its young execs were still working in a garage office in California.

Reding’s views were met, in the main, with a positive response from the gathered crowd, many of whom expressed a sense of the digital world moving too fast.

This shifting sands attitude was pervasive at the event in which many experts on the topic of data protection and online identity were in agreement that legislation needs to happen, and that it needs to happen quickly.

The word “enlightenment” was somewhat cringingly used to help explain that sense of urgency. Some considered that we are in fact living through a kind of Enlightenment 2.0 – with the engine behind that apparent radical change in thinking being the internet and how society operates on it.

Facebook’s dominant social data farm has seemingly proved to be the trigger for many of these thinkers.

Google – a startup born in the late 90s that became the world’s biggest ad broker with billions of dollars of revenue – never got the sort of attention in Luxembourg this week that was lavished on data hoarder-extraordinaire, Facebook, with its modest sales garnered from an ad business model that still looks amateurish compared with that of Google’s.

And many experts in the field of identity couldn’t help but look on in awe at Zuck’s vast 900-million-people-strong siloed estate.

Some contended that a new “social contract” was required that would put the user in charge of accountability when it comes to what data is stored online.

It’s precisely the kind of contract that the UK’s Cabinet Office is mulling over as part of its proposals to farm out the handling of taxpayers’ online identities to the private sector.

A move which, as the Reg has previously reported, would eventually require primary legislation and regulations implemented in the same way that banks are scrutinised.

Some of the proposals the Cabinet Office has put forward were aired at the forum – that included holding up the principles of user control, transparency, governance, certification and, among other things, portability.

Portability is of course a concept that Facebook does not approve of. It has long held on to its users’ data and declined to let the likes of Google tap into that information. The recently floated company does allow its users to take chunks of their data with them if they choose to leave the social network, but that data does not easily flow into competing websites.

What was fascinating at this conference was the fixation, not with Google or even Microsoft – a company behind, for example, the previous UK government’s online “gateway” system for taxpayers to access services online – but with that of upstart Facebook.

Zuck continues to dig deep for ad revs

Perhaps that’s not unreasonable given how many people are sharing their lives on Facebook. Zuckerberg has previously floated the smug notion that his userbase could be considered the world’s third largest country.

Indeed, it has done what others including Google have failed to do – amass fine-grained, near real-time data that ought to be an advertiser’s dream come true.

One speaker at the event naively likened today’s social networks to US analogue television broadcasters of the 1950s and 1960s because TV audiences back then understood the commercial contract involved. Of course, that relationship was arguably much more benign than the interplay of Facebook with our lives today.

But making Facebook a major catalyst for an overhaul of European data protection law that many might hope will be expected to stand up to the tests of time better than the one written in 1995 could yet prove to be a huge, short-sighted error. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/20/data_protection_the_facebook_effect/

Japanese boffins at the National Institute of Information and Communications Technology (NICT) have been showing off a new real-time alert system designed to help security teams spot and visualise cyber attacks more effectively.

The DAEDALUS (Direct Alert Environment for Darknet And Livenet Unified Security) system has been in the making for several years, and detects threats via large-scale monitoring of the internet’s unused IP addresses, which NICT calls the ‘darknet’.

Here’s an explanation from a 2009 research paper:

We propose a novel application of large-scale darknet monitoring that significantly contributes to the security of live networks. In contrast to the conventional method, wherein the packets received from the outside are observed, we employ a large-scale distributed darknet that consists of several organisations that mutually observe the malicious packets transmitted from the inside of the organisations. Based on this approach, we have developed an alert system called DAEDALUS.

DAEDALUS is able to alert security teams when an active IP address in the organisation is trying to send packets to an unused IP address on the darknet – a sure sign that a virus is beginning to spread internally.

The real whizz-bangery is in the 3-D user interface which represents this data.

Users are presented with a giant blue globe at the centre of the screen representing the internet, with a series of circles suspended around it in orbit – these are the networks under observation, as pictured below.

Each circle displays in blue the proportion of the network containing active IP addresses and in black those that are not used.

Alerts are also displayed and can be clicked through to present more information, for example on which IP address they are spreading from, the time and type of threat.

NICT currently monitors 190,000 IP addresses in Japan but the potential for use internationally is obvious.

The technology will be made available for free to Japanese universities, but local tech firm Clwit is the big winner as it will reportedly be given commercial access to the tool to wrap into a new product dubbed SiteVisor.

Check out the video courtesy of Japanese tech site DigInfo. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/20/daedalus_nict_cyber_alert_system/

WikiLeaks founder Julian Assange™ – who is currently holed up in the Ecuadorian Embassy in London – has breached his UK bail conditions, Scotland Yard confirmed this morning.

As we reported yesterday, the 40-year-old Australian is seeking political asylum in Ecuador, after his attempts to appeal against extradition to Sweden to face allegations of rape, coercion and sexual molestation failed in the Supreme Court last week.

Assange was cuffed by Met police on a European Arrest Warrant in December 2010. He was later granted conditional bail by London’s High Court with a bond of £200,000, collected from Assange’s celebrity supporters.

One of those conditions was that Assange had to adhere to an overnight curfew at his bail address between 22.00 and 08.00.

Scotland Yard said in a statement to The Register that Assange had breached one of the conditions after seeking political asylum at the Ecuadorian Embassy – which is a flat in Knightsbridge, London – on Tuesday night.

“He is now subject to arrest under the Bail Act for breach of these conditions,” the Met said. “Officers are aware of his location at The Ecuador Embassy in Hans Crescent, London.”

The UK’s Foreign Office confirmed this morning that the government of Ecuador was currently mulling over Assange’s request. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/20/assange_plea_for_political_asylum_breaks_bail_condition/

Google has revealed a new analysis of five years’ worth of data gathered by its Safe Browsing service.

The analysis, as any discussion of online security seems obliged to, includes lots of Scary Big Numbers^TM, such as the 9500 malware-infected sites the Chocolate Factory says it finds every day or the 12-14 million warnings it offers users to avoid sources of various threats.

There’s also some good news, as the study also shows that the prevalence of infected sites peaked in 2009.

That welcome data point is tempered, however, by a resurgence in dedicated attack sites, which Google believes are on the comeback after a 2011 dip in numbers. Such sites use all sorts of nefarious tricks to mask their true intent, which is to drop a steaming load of malware into any endpoint they can compromise. Google feels many now use social engineering as their preferred weapon, as technical exploits are becoming harder to perpetrate.

Phishing is also becoming more prevalent, as this graph of phishing site findings shows.

Google modestly attributes some of the better results recorded above to its own efforts, and says the data above “has become the de facto base of comparison for academic research in this space.”

Yet with criminals clearly adapting to even the Chocolate Factory’s efforts, there’s a certain “war on drugs” feel of futility about the research, as plainly even the best efforts of one of the Web’s mightiest companies is not reducing the incentive to have a crack at criminal activity online. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/20/google_security_data/

Consumer Affairs Victoria has claimed Apple’s App Store houses “counterfeit or ‘cloned’ apps” that “look like real apps but don’t have the same kind of security as those made by established software programmers” and “can expose personal data to malware or predatory, virus-like software which can be used to steal personal information.”

The agency makes that claim in a consumer advisory to Apple customers, urging them to change their passwords given increasing levels of ID fraud in the app store. Such incidents see criminals obtain users passwords, then run up large bills on iTunes and in the App Store.

Consumer Affairs Victoria has flagged its concern about such incidents of fraud following queries from irate customers whose accounts have been compromised, resulting in large bills for content and apps. The agency says it is aware that criminals are selling Apple IDs for as little as AUD$33, and that such sales are the source of the fraud. It therefore recommends, Apple customers change their passwords frequently, and steer clear of apps with few reviews. It also quotes Apple as saying customers should contact their financial institution to sort things out, seeing as the fraudulent purchases land on punters’ credit cards.

The consumer advocate then makes the claim that predatory software lurks in the App Store, a statement that is at odds with Apple’s assurances of a tough vetting process which excludes apps that send personal data to murky destinations.

We’ve therefore asked Consumer Affairs Victoria just what it means by “counterfeit or ‘cloned’ apps”. A spokesperson has already told she feels the passage about counterfeit apps may not be particularly well-written. We’ll let you know once she clarifies if the passage needs further clarification. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/19/apple_hacked_downunder/

Security guru Bruce Schneier has questioned some of the excuses coming from the antivirus industry as to why it is taking them so long to pick up advanced malware like Flame and Stuxnet.

Schneier’s scolding was inspired by a mea culpa published in Wired by F-Secure’s top security man, Mikko Hypponen. He admitted that when Flame was discovered F-Secure back-checked and found samples of the malware from two years ago and in the cases of both Stuxnet and DuQu the code had been in circulation for a year before being picked up.

“The truth is, consumer-grade antivirus products can’t protect against targeted malware created by well-resourced nation-states with bulging budgets,” he wrote. “They can protect you against run-of-the-mill malware: banking trojans, keystroke loggers and e-mail worms. But targeted attacks like these go to great lengths to avoid antivirus products on purpose.”

The kind of zero-day holes used by such malware are unknown by definition, he said, and the fact that such malware was being pretested against the most current commercial antivirus software meant that it wasn’t a “fair war.”

“I don’t buy this,” said Schneier. “It isn’t just the military that tests their malware against commercial defense products; criminals do it, too. Virus and worm writers do it. Spam writers do it. This is the never-ending arms race between attacker and defender, and it’s been going on for decades.”

While it’s likely that the Flame developers had a bigger budget than your common-or-garden cybercriminal, that wasn’t the issue he argued. There’s nothing particularly stealthy about the code itself. What makes Flame, Stuxnet et al more stealthy is that they are distributed in a slow, small-scale manner and are therefore considered either false-positives or not worth investigating.

“It seems clear that conventional non-military malware writers that want to evade detection should adopt the propagation techniques of Flame, Stuxnet, and DuQu,” he concluded. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/19/schneier_flame_malware_antivirus/