Friday, July 19, 2013

Android Malware that Gives Hackers Remote Control is Rising (Technical but important news.)

via... Sean Gallagher - Ars Technica 
Remote access tools have long been a major part of targeted hacker attacks on individuals and corporate networks. RATs* have been used for everything from hacking the e-mail boxes of New York Times reporters to capturing video and audio of victims over their webcams. Recently, wireless broadband and the power of smartphones and tablets have extended hackers’ reach beyond the desktop. In a blog post yesterday, Symantec Senior Software Engineer Andrea Lelli described the rise of an underground market for malware tools based on Androrat, a remote administration tool that can give an attacker complete control over devices running the Android OS.

Androrat was published on GitHub in November 2012 as an open source tool for remote administration of Android devices. Packaged as a standard Android application (in an APK file), Androrat can be installed as a service on the device that launches at start-up or as a standard “activity” application. Once it’s installed, the user doesn’t need to interact with the application at all—it can be activated remotely by an SMS message or a call from a specific phone number.

The app can grab call logs, contact data, and all SMS messages on the device, as well as capture messages as they come in. It can provide live monitoring of call activity, take pictures with the phone’s camera, and stream audio from the phone’s microphone back to its server. It can also post “toasts” (application messages) on the screen, place phone calls, send text messages, and open websites in the phone’s browser. If it is launched as an application (or “activity”), it can even stream video from the camera back to the server.

Hackers have taken Androrat’s code and run with it. Recently, underground marketplaces for malware have begun to offer Androrat “binder” tools, which can attach the RAT to the APK files of other legitimate applications. When a user downloads what appears to be a harmless app that has been bound to Androrat, the RAT gets installed along with the app without requiring additional user input, sneaking past Android’s security model. Symantec reports that analysts have found 23 instances of legitimate apps that have been turned into carriers for Androrat. The code has also been incorporated into other “commercial” malware, such as Adwind—a Java-based RAT that can be used against multiple operating systems.

Lelli said that Symantec has detected “several hundred” cases of Androrat-based malware infections on Android devices, mostly in the US and Turkey. But now that binders are available to anyone willing to pay for them, the potential for infection to spread is growing rapidly. (more)


*Spybusters Countermeasure: Android app SpyWarn detects RAT spyware activity. (http://tinyurl.com/SpyWarnApp)

New Jersey Supreme Court Restricts Police Searches of Phone Data

Staking out new ground in the noisy debate about technology and privacy in law enforcement, the New Jersey Supreme Court on Thursday ordered that the police will now have to get a search warrant before obtaining tracking information from cellphone providers.

The ruling puts the state at the forefront of efforts to define the boundaries around a law enforcement practice that a national survey last year showed was routine, and typically done without court oversight or public awareness. With lower courts divided on the use of cellphone tracking data, legal experts say, the issue is likely to end up before the United States Supreme Court. (more)

Thursday, July 18, 2013

If You Think The NSA Is Bad, Wait To You See South Korea’s Surveillance State

SEOUL, South Korea — Americans are apparently blasé about government eavesdropping.

In the days after former National Security Agency contractor Edward Snowden revealed that Washington spies extensively on its own citizens, polls found that about half of Americans have no problem with such snooping, as long as it protects them from terrorism.

But a scandal unfolding here in South Korea illustrates how such domestic snooping can easily harm a democracy. The imbroglio has sparked student protests and candlelight vigils around Seoul... (more)

NSA Leak Highlights the Power of Spying - Irish Eyes Aren't Smiling

Ireland - Entrepreneurs are worried. Not because they have something to hide from US authorities, but for fear of breaking contractual liability

"I'm currently setting up two businesses here," said Jude Braden, who employs 12 people in Dublin-based data-related businesses. "My problem is that under Irish and EU law, I have a duty to protect the data of my clients. I can potentially be sued if my clients' data gets out into the public domain. But the events of recent weeks and months puts me in a position where I may not be able to fulfill the terms of that obligation."
 Espionage and industrial skullduggery have long been connected, said Conor Flynn, founder of Isas, a Dublin- IT security firm... "There has always been suspicions among American industrialists when they travel to China that they would be monitored for espionage purposes.

Dublin-based IT security expert Brian Honan agrees. "You don't bug German embassy offices if you're looking for Al-Qai'da," said Honan. "When the US plants bugs in EU embassies it is clearly targeted at trade talks and industrial interests."


Conor and Brian are correct. Industrial skullduggery, and bugging, are key espionage tactics – and, they are not the tools of governments alone. Tried and true spy methods still work in the business world.  (more)

Tuesday, July 16, 2013

Bremont Codebreaker Crypto Watch Turns Position of Earth into a Usable Measurement

The Bremont Codebreaker is a limited edition chronograph that uses original artifacts from the famous cryptographic facility to commemorate British code breaking efforts during the Second World War.

Bletchley Park was one of the best kept secrets of the Second World War and remained so for decades after until the story was made public in 1974. The ancient estate with its Victorian mansion was the headquarters for the Government Code and Cipher School (GC&CS), where 9,000 scientists, mathematicians and others were tasked with decrypting enemy ciphers from the German Enigma and Lorenz machines. It was where Alan Turing laid the foundations for modern computer science and artificial intelligence and was the birthplace of Colossus, the world’s first programmable electronic computer.

The efforts of the team at Bletchley Park were perhaps the greatest single strategic advantage of the Allies and may have shortened the war by two years. The Codebreaker is meant to not only act as a commemoration piece, but also a physical container of some of that story. According to Bremont, the Codebreaker was Inspired by a classic 1940’s officers watch and that 240 steel Codebreaker watches will be created along with 50 rose gold watches. Each numbered watch has a flyback Chronograph GMT automatic movement and is made from materials directly related to the code breaking efforts. (more)

Keeping the NSA in Perspective

by George Friedman, Stratfor
In June 1942, the bulk of the Japanese fleet sailed to seize the Island of Midway. Had Midway fallen, Pearl Harbor would have been at risk and U.S. submarines, unable to refuel at Midway, would have been much less effective. Most of all, the Japanese wanted to surprise the Americans and draw them into a naval battle they couldn't win.

The Japanese fleet was vast. The Americans had two carriers intact in addition to one that was badly damaged. The United States had only one advantage: It had broken Japan's naval code and thus knew a great deal of the country's battle plan. In large part because of this cryptologic advantage, a handful of American ships devastated the Japanese fleet and changed the balance of power in the Pacific permanently. (more)
 

George Friedman is the Chairman of Stratfor, a company he founded in 1996 that is now a leader in the field of global intelligence.

Hackers Turn Verizon Box into Spy Tool

Researchers at iSec hacked into a Verizon network extender, which anyone can buy online, and turned it into a cell phone tower small enough to fit inside a backpack capable of capturing and intercepting all calls, text messages and data sent by mobile devices within range...

"The level of technical skill that you need to break into one of these, people are learning college. 

A malicious person could put one of these, with a battery, in a backpack, and go downtown - to a place like Times Square or Wall Street...

Frankly, these devices scare us. It is not the NSA tapping ordinary people. It is about ordinary people attacking ordinary people." (more)

Note: Verizon says they fixed this particular issue.

Warning: Femtocells in general, however, offer a new playground to hackers and criminals alike. Cut back on your confidential transmissions in densely populated areas.

Saturday, July 13, 2013

Attack of the Cyber Mercenaries

A British intelligence report says that other nations are hiring hackers to launch attacks against their enemies, a trend it described as particularly worrying.

Have board, will travel. ~K3y5LingR
The warning over cyber mercenaries came in an annual report published by Britain's Intelligence and Security Committee, a watchdog body of senior lawmakers that oversees Britain's spy agencies. (more)

Friday, July 12, 2013

Watergate Redux

The Dallas, Texas offices of law firm Schulman & Mathias were broken into two weeks ago by two burglars caught on surveillance camera. The two stole three computers. Damon Mathias, a partner at the firm, said

Attorneys said the burglars may have been hired to steal documents related to State Department whistleblower Aurelia Fedenisn, who is represented by the firm...


In early June, Fedenisn gave CBS News a draft State Department Inspector General report which offered the details of allegations that alleged sex crimes involving diplomats — including one U.S. ambassador who allegedly visited prostitutes — were ignored by State Department top officials. (more)

Time to sweep the office.

Monday, July 8, 2013

Free Webinar - Corporate Espionage via Mobile Device

Corporate Espionage via Mobile Device
Wednesday, July 10, 2013
02:00 PM Eastern DT (11:00 AM Pacific)
Duration: 45 Min

We discuss the topic of mobile risk and espionage via compromised mobile device. viaForensics' Director of R&D Thomas Cannon recently demonstrated "Corporate Espionage via a Mobile Device" as a proof of concept attack. In this demonstration, an innocent application is leveraged to harbor malware and exfiltrate data from a mobile device. The attacker is able to remotely activate phone features such as the camera and microphone, and the device can be used to bypass corporate defenses and infiltrate a corporate network. (Register)

Saturday, July 6, 2013

How Eavesdropping Was Punished in Medieval Times

via - theweek.com 
The problem of eavesdropping dates back to the 1370s, according to one historian.

When people live together in small communities, they can be a great source of comfort and support to each other — but they can also really get on each other's nerves. Every community must figure out the best way to keep conflict to a minimum. In the late middle ages, English village courts tried to maintain equilibrium by imposing punishment for eavesdropping, scolding, and noctivagation (aimless night wandering), three offenses, as Marjorie McIntosh explains in her book Controlling Misbehaviour in England, 1370-1600, "often said in local records to be damaging to local harmony, goodwill, and peaceful relations between neighbors."

The term "eavesdropping" originally came from Anglo-Saxon laws against building too close to the border of your land, lest the rain running off your roof, the yfesdrype or "eaves drip," mess up your neighbor's property. "Eavesdropper" became the word for a person who stands within range of the eaves drip — too close — in order to listen in on what was going on inside the house...

Eavesdropping was best carried out under cover of darkness, hence the suspicion under which noctivagators, or "nightwalkers," were held. Anyone found to be wandering round at night without a good reason was assumed to be eavesdropping...


 
The problem with eavesdropping wasn't so much about notions of rights to privacy as about people who "perturbed the peace" by using the information they gained through eavesdropping to sow discord. Getting the goods on your neighbors might lead to scolding — verbally attacking, berating, stirring things up. Where eavesdropping might get you fined, the punishment for scolding could be much worse. Repeat scolders might get dunked in the water on the "cucking-stool" until they were thoroughly soaked and humiliated, or made to wear a "scold's bridle," an iron muzzle with a spiked gag to keep the tongue from moving.

..."for a good two hundred years, beginning in the 1370s, the medieval cocktail of eavesdropping and tale-telling comprised about 8 percent of all social crimes." (more)

"That ain't my phone." (Extra penalty point.)

Maryland Terrapins running back Wes Brown was arrested on charges of second-degree assault, theft under $1,000, and illegal use of wiretapping on Wednesday, Baltimore Police confirmed.

Police were attempting to question Brown as a person of interest in the investigation of a non-fatal shooting, police say, when the sophomore assaulted the officer and ran away. They say Brown was recording his conversation with the officer on a cellphone in his pocket, without the officer’s knowledge – a felony in the state of Maryland.

University of Maryland Police say the cell phone Brown used to record the officer was stolen. (more)

Living in La La Land - Where Nobody Spies

Canada's top corporate executives remain relatively unconcerned that their businesses are vulnerable to cyber attacks.

The latest C-Suite survey of business leaders shows that cyber-security is not a serious worry for a majority of those sitting in the nation’s corner offices.


Only 40 per cent say they are very or somewhat concerned about cyber-security threats to their companies. Even fewer say they think that businesses like theirs will likely be a target of an attack on the corporate computer system. 

And more than 90 per cent of those who responded are confident in their organization’s efforts to protect their business from these threats... (more)

A voice in the wind...
Greg Hawkins, CEO of Yellowhead Mining Inc., agrees that companies should not be complacent... Firms that think they have the situation completely under control “are living in la la land,” he said.

Friday, July 5, 2013

TSCM Bug Sweep Cost Question & Infrared Instrumentation Example

Security Director: "When I ask for TSCM bug sweep quotes I get some prices which seem incredibly low. Shouldn't everyone be in the same ballpark?"

Answer: There are many reasons for this. Most revolve around skimping by the vendor — on everything from insurance to training to instrumentation.

Let's look at one representative example, thermal imaging...

Most TSCM providers these days offer thermal imaging as a detection technique. The skimpers use ineffective, cheap cameras – just so they can claim this capability. It is a dishonest marketing ploy which lets skimpers "say" they are in the game.

Cost:
• Outdated and low-end utility thermal cameras are available on ebay for less than $2,000.
• High-sensitivity / resolution thermal cameras cost between $25,000-$50,000.

DIY Test:
A TSCM-capable infrared thermal camera will clearly show heat from a fingerprint after an object has been lightly and briefly, touched.

Generally speaking, low-cost equals low probability of detection. Effective TSCM service costs are driven by capital / educational investment... and sincere commitment.

Moral: A cheap sweep is worse than no sweep. Bugs aren't eliminated, just your sense of caution, and budget.

[sotto voce] If you like cartoons, hire a clown.

Security Alert: 'Master key' to Android Phones Uncovered

If exploited, the bug would give attackers access to almost any Android phone.

A "master key" that could give cyber-thieves unfettered access to almost any Android phone has been discovered by security research firm BlueBox.


Upon hearing the bad news Android wets itself.
The bug could be exploited to let an attacker do what they want to a phone including stealing data, eavesdropping or using it to send junk messages.

The loophole has been present in every version of the Android operating system released since 2009.

Google said it currently had no comment to make on BlueBox's discovery...


The danger from the loophole remains theoretical because, as yet, there is no evidence that it is being exploited by cyber-thieves. (more)

The race is on between Google and The Cyber-thieves. We'll keep you posted. ~Kevin