Luzsec Portugal ataca

Hackers divulgam dados pessoais de 107 polícias de Lisboa e ameaçam toda a PSP
29.11.2011 - 08:10 Por José Bento Amaro

Um grupo intitulado Lulzsec Portugal terá acedido ilegalmente aos computadores do Ministério da Administração Interna (MAI), copiado e divulgado os dados pessoais de mais de uma centena de efectivos da PSP a trabalharem em três esquadras de Lisboa. Num texto resumido, acompanhado do endereço onde os dados pessoais podem ser consultados, os hackers ameaçam vir a divulgar os elementos de todo o efectivo da PSP, argumentando que tal acontece como represália pelos actos de violência que terão sido praticados contra pessoas que, no dia 24, participaram, em frente à Assembleia da República, no protesto da greve geral.

Os dados pessoais (nome, posto, número de identificação, local de trabalho e cargo desempenhado, número de telefone e contacto e-mail) de 107 polícias começaram a ser divulgados na noite de domingo. Ontem de manhã muitos polícias contactados pelo PÚBLICO, incluindo diversos sindicatos, desconheciam a eventual intromissão e violação da Rede Nacional de Segurança de Segurança Interna, sistema no qual se incluem ainda os dados pessoais de outras forças tuteladas pelo MAI, nomeadamente a GNR e os bombeiros. Feito o contacto telefónico para a assessoria de imprensa do ministério, não foi negada a quebra de segurança, mas recusaram fazer qualquer comentário sobre a situação.

No curto texto do Lulzsec Portugal é dito: "Em resposta às detenções e violência sobre civis desarmados iremos divulgar os dados de todos os agentes da PSP, esquadra a esquadra, indivíduo a indivíduo, a começar pela esquadra de Chelas". Para Hélder Andrade, presidente da Associação Sindical dos Oficiais da Polícia (ASOP), o texto em causa é motivo mais que suficiente para "pedir esclarecimentos à Direcção Nacional [da PSP]".

...

Notícia completa no site do Público: http://www.publico.pt/Sociedade/hackers-divulgam-dados-pessoais-de-107-policias-de-lisboa-e-ameacam-toda-a-psp-1523008


Hackers querem ataques colectivos a partir de 1 de Dezembro
29.11.2011 - 17:37 Por João Pedro Pereira

Num texto publicado hoje, o LulzSec Portugal afirma que vai juntar-se ao Anonymous Portugal (ambos inspirados nos grupos internacionais homónimos), para dar início ao que chamam a operação #AntiSecPT (mais uma vez, inspirada numa operação semelhante a nível internacional).

Os autores do texto incitam os “auto-didatas, e hackers a espalharem pelo nosso país, assinando anonimamente em nome do movimento #AntiSecPT, em defacements [alterações a sites], ataques DDOS [ataques que visam tornar um site inacessível] e leaks [fugas de informação], que exponham online a corrupção”.

A mensagem encoraja ainda acções fora da Internet: “Apelamos que seja espalhado em graffitis pelas paredes, pela música, por vídeos e textos o combate à corrupção em nome do movimento #AntiSecPT”. Os autores, porém, fazem um apelo ao afastamento das acções de rua: “Convidamos os Anonymous com conhecimentos de informática a afastarem se das manifestações e a juntarem se a nós para uma ‘desobediência civil’ online”.

O texto foi publicado no site TugaLeaks, que tem vindo a divulgar informação sobre este género de acções em Portugal.

De acordo com a mensagem, o principal motivo da operação agendada para o próximo mês parecem ser os incidentes com a polícia ocorridos durante o dia da greve geral. “Houve denúncias e houve testemunhas que presenciaram agentes policiais à paisana a agredir e a prender injustamente um jovem, mas as inter-redes não ficaram em silêncio. Iremos denunciar os chefes policiais que obrigam a polícia no terreno a agredir os seus irmãos e irmãs que protestam pacificamente.”

Contactados por email, os responsáveis pelo texto não responderam até à hora de publicação deste artigo. Na sexta-feira passada, os LulzSec escusaram-se a responder a questões do PÚBLICO, “Neste momento não estamos dispostos a dar entrevistas”, disseram.

Ao PÚBLICO, o advogado Manuel Lopes Rocha, especializado na área das tecnologias de informação, explicou que os ataques registados recentemente aos sites portugueses, e que são do mesmo género daqueles a que os LulzSec agora incitam, podem ser punidos ao abrigo da Lei do Cibercrime, que, entre outros, prevê crimes de sabotagem informática, dano de sistemas informáticos e de acesso ilegítimo. Nos casos mais graves, a pena pode ir até aos dez anos de prisão.

http://www.publico.pt/Tecnologia/hackers-portugueses-apelam-a-operacao-conjunta-a-partir-de-1-de-dezembro-1523102

Vulnerabilidade grave no Apache

A newly discovered flaw in Apache web servers could allow attackers to use servers configured as "reverse proxies" to gain access to or attack systems hidden from public view. The bug in Apache's reverse proxy mode only affects servers that have been configured incorrectly, but that error isn't an obvious one, since it doesn't interfere with normal operations. The flaw could be used by attackers to reach Web-enabled resources on other servers connected to the same network as the proxy.(...)

The security hole, discovered by Qualys Security Labs' Prutha Parikh, allows attackers using a specially crafted HTTP GET request to alter the universal resource indicator (URI) created by Apache's remote proxy module, diverting it from the destination set in rules and allowing the attacker to access other systems on the network.

Notícia completa na ArsTechnica

SAMATE Reference Dataset (SRD), version 4.0

O SRD é uma base de dados de excertos de software vulneráveis muito interessante. Saiu a versão 4:

Computer scientists at the National Institute of Standards and Technology (NIST) have dramatically enlarged a database designed to improve applications that help programmers find weaknesses in software. This database, the SAMATE Reference Dataset (SRD), version 4.0, is a freely available online tool aimed at helping programmers fortify their creations against hackers. (...)

"The SRD is for companies that build static analyzers, whose use is expanding within the software industry," says SRD project leader Michael Koo. "It will help their products catch the most common errors in the software they are supposed to check. It brings rigor into software assurance, so that the public can be more confident that there are fewer dangerous weaknesses in the software they use."

Hackers tenta atacar sites Finanças, Administração Interna e PSP

Hackers tentaram entrar nos sites das Finanças, Administração Interna e PSP

25.11.2011 - 14:09 Por Maria José Oliveira

"Um ou mais grupos de hackers tentaram entrar na quinta-feira nos sites dos ministérios das Finanças e da Administração Interna e também no da PSP. Ao que o PÚBLICO apurou, os hackers não são portugueses e pertencem a movimentos anarquistas localizados no Sul da Europa."

Ver a notícia completa no site do Público: http://www.publico.pt/Pol%C3%ADtica/hackers--tentam-entrar-nos-sites-das-financas-administracao-interna-e-psp-1522548

Pela descrição, que refere que a PT teve de "limitar a banda", deve ter sido uma ataque DDoS, não uma tentativa de "entrar".

Hackers destroem bomba de água

Este caso é interessante por diversas razões (tanto quanto é possível perceber): 1) foi um ataque real a uma infraestrutura crítica (rede pública de distribuição de água); 2) foi um ciber-ataque mas causou danos físicos (a destruição de uma bomba de água); 3) a intrusão prolongou-se por meses sem ser detectada. Oh brave new world...

Water utility hackers destroy pump, expert says
SCADA breach 'a really big deal'
The Register, Dan Goodin, 17th November 2011 22:03 GMT

Hackers destroyed a pump used by a US water utility after gaining unauthorized access to the industrial control system it used to operate its machinery, a computer security expert said.

Joe Weiss, a managing partner for Applied Control Solutions, said the breach was most likely performed after the attackers hacked into the maker of the supervisory control and data acquisition software used by the utility and stole user names and passwords belonging to the manufacturer's customers. The unknown attackers used IP addresses that originated in Russia.

Weiss cited an official government report from the state where the regional water district was located. It was dated November 10, two days after the hack was discovered. The document indicates that the utility had been experiencing unexplained problems with its computerized system in the weeks leading up to the breach.

“Over a period of two to three months, minor glitches had been observed in remote access to the water district's SCADA system,” Weiss said during an interview, in which he read a verbatim portion of the document to The Register. He said that the attackers were able to burn out one of the utility's pumps by causing either the pump or the SCADA system that controlled it to turn on and off “repeatedly.”

Weiss said he obtained the report on the condition that the water utility and the state where it's located aren't disclosed. A statement issued by the US Department of Homeland Security indicated the utility was located in Springfield, Illinois. Weiss published bare-bones details of the hack on Thursday because he wanted to bring attention to an incident he said raised serious concerns about the ability of the US government to secure critical infrastructure.

“This is really a big deal, and what's just as big a deal is what isn't being said or isn't being done,” Weiss said. “What the hell is going on with DHS? Why aren't people being notified?”

He said he's unaware of any water utilities or other SCADA operators who know about the attack.

In an email sent several hours after this article was first published, DHS spokesman Peter Boogaard wrote: "DHS and the FBI are gathering facts surrounding the report of a water pump failure in Springfield Illinois. At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety."

(a notícia completa aqui)

Segurança

Ciber-ataque causa explosão no Irão?

No passado dia 12 de Novembro uma explosão decapitou o programa nuclear iraniano, pouco depois de IAEA ter dito que o programa tinha fins militares e não apenas civis. Agora surgiu a suspeita de que essa explosão tenha sido causada através de um ciber-ataque, possivelmente usando o Stuxnet:

Suspicion in Iran that Stuxnet caused Revolutionary Guards base explosions 
DEBKAfile Exclusive Report November 18, 2011, 2:29 PM (GMT+02:00)
Tags:  Stuxnet   Iran nuclear   Iran's Revolutionary Guards   missiles   Duqu
Iran's Sejil 2 ballistic missile.

Is the Stuxnet computer malworm back on the warpath in Iran?

Exhaustive investigations into the deadly explosion last Saturday, Nov. 12 of the Sejil-2 ballistic missile at the Revolutionary Guards (IRGC) Alghadir base point increasingly to a technical fault originating in the computer system controlling the missile and not the missile itself. The head of Iran's ballistic missile program Maj. Gen. Hassan Moghaddam was among the 36 officers killed in the blast which rocked Tehran 46 kilometers away.
(Tehran reported 17 deaths although 36 funerals took place.)

Since the disaster, experts have run tests on missiles of the same type as Sejil 2 and on their launching mechanisms.

debkafile's military and Iranian sources disclose three pieces of information coming out of the early IRGC probe:
1.  Maj. Gen. Moghaddam had gathered Iran's top missile experts around the Sejil 2 to show them a new type of warhead which could also carry a nuclear payload. No experiment was planned. The experts were shown the new device and asked for their comments.
2.  Moghaddam presented the new warhead through a computer simulation attached to the missile. His presentation was watched on a big screen. The missile exploded upon an order from the computer.

The warhead blew first; the solid fuel in its engines next, so explaining the two consecutive bangs across Tehran and the early impression of two explosions, the first more powerful than the second, occurring at the huge 52 sq. kilometer complex of Alghadir.

3.  Because none of the missile experts survived and all the equipment and structures pulverized within a half-kilometer radius of the explosion, the investigators had no witnesses and hardly any physical evidence to work from.

Iranian intelligence heads entertain two initial theories to account for the sudden calamity: a) that Western intelligence service or the Israeli Mossad managed to plant a technician among the missile program's personnel and he signaled the computer to order the missile to explode; or b), a theory which they find more plausible, that the computer controlling the missile was infected with the Stuxnet virus which misdirected the missile into blowing without anyone present noticing anything amiss until it was too late.


(....)

Notícia completa

Actualização a 01/12/2011: uma fonte alega que a explosão é obra da Mossad: http://www.ionline.pt/mundo/irao-mossad-tera-sabotado-uma-central-quartel

Operation Ghost Click

The proprietors of shadowy online businesses that have become synonymous with cybercrime in recent years were arrested in their native Estonia on Tuesday and charged with running a sophisticated click fraud scheme that infected with malware more than four million computers in over 100 countries — including an estimated 500,000 PCs in the United States. The law enforcement action, dubbed “Operation Ghost Click,” was the result  of a multi-year investigation, and is being called the “biggest cybercriminal takedown in history.”

Estonian authorities arrested six men, including Vladimir Tsastsin, 31, the owner of several Internet companies that have been closely associated with the malware community for many years. Tsastsin previously headed EstDomains Inc. a domain name registrar that handled the registrations for tens of thousands of domains associated with the far-flung Russian Business Network.

Reporting for The Washington Post in September 2008, I detailed how Tsastsin’s prior convictions in Estonia for credit card fraud, money laundering and forgery violated the registrar agreement set forth by the Internet Corporation for Assigned Names and Numbers (ICANN), which bars convicted felons from serving as officers of a registrar. ICANN later agreed, and revoked EstDomains’ ability to act as a domain registrar, citing Tsastsin’s criminal history.

Ler o resto da notícia em Krebs on Security

Microsoft Security Intelligence Report vol. 11

Saiu o Microsoft Security Intelligence Report vol. 11: http://www.microsoft.com/security/sir/ Além do relatório completo, está disponível um resumo em português.


"With a collection of data from Internet services and over 600 million computers worldwide, the Security Intelligence Report (SIR) exposes the threat landscape of exploits, vulnerabilities, and malware. Awareness of threats is a preventive step to help you protect your organization, software, and people.
Worldwide Threat Assessment is an analysis of the global impact while Regional Threat
Assessment
provides detailed telemetry by location. Protection methods appear in Managing Risk. SIR volume 11 provides data from January to June 2011 and features the ZeroDay article."

Ciber-guerra: a chegar ou nunca chegará?

Depende de a quem se pergunte.

A chegar:

Security Expert Warns of Cyber World War

A leading Internet security expert warned Tuesday that a cyber terrorist attack with "catastrophic consequences" looked increasingly likely in a world already in a state of near cyber war.

Speaking outside a global conference on Internet security in London, Eugene Kaspersky, a Russian math genius, told Sky News the threat was a real and present danger.

"I don't want to speak about it. I don't even want to think about it," he said. "But we are close, very close, to cyber terrorism. Perhaps already the criminals have sold their skills to the terrorists -- and then ... oh, God."
Kaspersky, who founded an Internet security empire with a global reach, said he believed that cyber terrorism was the biggest immediate threat confronting nations as diverse as China and the U.S.

"There is already cyber espionage, cyber crime and hacktivisim [when activists attack networks for political ends] -- soon we will be facing cyber terrorism," he said.

U.K. Prime Minister David Cameron, talking at the London Cyber Conference, added to the growing chorus of world leaders sounding the cyber alarm.

"We are here because international cyber security is a real and pressing concern," he said. "Let us be frank. Every day we see attempts on an industrial scale to steal government secrets -- information of interest to nation states, not just commercial organizations.

"Highly sophisticated techniques are being employed ... These are attacks on our national interest. They are unacceptable."


Nunca chegará:

Cyber War Will Not Take Place

For almost two decades, experts and defense establishments the world over have been predicting that cyber war is coming. But is it? This article argues in three steps that cyber war has never happened in the past, that cyber war does not take place in the present, and that it is unlikely that cyber war will occur in the future. It first outlines what would constitute cyber war: a potentially lethal, instrumental, and political act of force conducted through malicious code. The second part shows what cyber war is not, case-by-case. Not one single cyber offense on record constitutes an act of war on its own. The final part offers a more nuanced terminology to come to terms with cyber attacks. All politically motivated cyber attacks are merely sophisticated versions of three activities that are as old as warfare itself: sabotage, espionage, and subversion.

 Artigo completo