preso autor de ataque DDoS gigante contra a Spamhaus

A British police investigation into the massive DDoS attack against internet watchdog Spamhaus has led to the arrest of a 16-year-old London schoolboy who, it is claimed, is part of an international gang of cyber-crooks.

"The suspect was found with his computer systems open and logged on to various virtual systems and forums," says the police document shown to the London Evening Standard. "The subject has a significant amount of money flowing through his bank account. Financial investigators are in the process of restraining monies."

The young miscreant was arrested in April at the same time as a 35 year-old Dutchman (thought to be Sven Kamphuis – the owner of hosting firm Cyberbunker) as part of an investigation into the Spamhaus attack by British police dubbed Operation Rashlike. The arrest was kept secret, and the boy has been released on bail pend a trial later in the year.

The police document states that the Spamhaus attack in March was the "largest DDoS attack ever seen," and claims the performance of the London Internet Exchange was hard hit. The attack caused "worldwide disruption of the functionality" of the internet, it states.

Certainly the attack was a biggie. On March 18, Spamhaus and its networking partner CloudFlare started getting DDoSed at around 90Gbps. When that failed to take the site offline, the attackers went upstream to ISPs and internet exchanges in Amsterdam and London (even El Reg's own Trevor Potts inadvertently took part), and by March 22 over 300Gbps was hitting the Spamhaus servers.

Maiores ciber-ameaças segundo a ENISA

ENISA today presented its list of top cyber threats, as a first “taste” of its interim Threat Landscape 2013 report. The study analyses 50 reports, and identifies an increase in threats to: infrastructure through targeted attacks; mobile devices; and social media identity thefts carried out by cyber-criminals over Cloud services.
   
Some key trends identified in the study are:

  • Cyber-criminals increasingly using advanced methods to implement attack techniques (vectors) that are non-traceable and difficult to take down. Anonymisation technologies and peer-to peer systems (so called distributed technologies) play an important role in this.  It is clear that mobile technology is increasingly exploited by cyber-criminals. Threats of all kinds that were encountered in the more traditional arena of IT will affect mobile devices and the services available on these platforms.
  • The wide spread of mobile devices leads to an amplification of abuse based on knowledge/attack methods targeting social media.
  • The availability of malware and cyber-hacking tools and services, together with digital currencies (e.g. Bitcoins) and anonymous payment services is opening up new avenues for cyber-fraud and criminal activity.
  • There is a real possibility of large impact events when attacks combining various threats are successfully launched.
  • As reported by ENISA in its report on major cyber attacks (2013/07/20), cyber-attack is the sixth most important cause of outages in telecommunication infrastructures, and it impacts upon a considerable number of users. Taking into account these incidents, and denial of service threat developments, we observe an increase in infrastructure threats in 2013.


The study identifies the following top threats with major impact since 2012.

  • Drive-by-exploits: browser-based attacks still remain the most reported threats, and Java remains the most exploited software for this kind of threat.
  • Code Injection: attacks are notably popular against web site Content Management Systems (CMSs). Due to their wide use, popular CMSs constitute a considerable attack surface that has drawn the attention of cyber-criminals. Cloud service provider networks are increasingly used to host tools for automated attacks.
  • Botnets, Denial of Services, Rogueware/Scareware, Targeted Attack, Identity Theft and Search Engine Poisoning are the other trending threats.

A full ENISA Threat Landscape 2013 report is due by the end of the year.
(...)

For full report; ENISA Threat Landscape mid year 2013

mais hackers sob contrato...

... mas desta vez do outro lado da lei (ou não).

Meet Hacking Team, the company that helps the police hack you
The Verge

In 2001, a pair of Italian programmers wrote a program called Ettercap, a "comprehensive suite for man-in-the-middle attacks" — in other words, a set of tools for eavesdropping, sniffing passwords, and remotely manipulating someone’s computer. Ettercap was free, open source, and quickly became the weapon of choice for analysts testing the security of their networks as well as hackers who wanted to spy on people. One user called it "sort of the Swiss army knife" of this type of hacking.

Ettercap was so powerful that its authors, ALoR and NaGA, eventually got a call from the Milan police department. But the cops didn’t want to bust the programmers for enabling hacker attacks. They wanted to use Ettercap to spy on citizens. Specifically, they wanted ALoR and NaGA to write a Windows driver that would enable them to listen in to a target’s Skype calls.

That’s how a small tech security consultancy ended up transforming into one of the first sellers of commercial hacking software to the police. ALoR’s real name is Alberto Ornaghi and NaGA is Marco Valleri. Their Milan-based company, Hacking Team, now has 40 employees and sells commercial hacking software to law enforcement in "several dozen countries" on "six continents."

notícia completa em The Verge

Hidden Lynx: hackers sob contrato


A hacking team with unusual skill and persistence has penetrated more than 100 organizations around the world, including US defense contractors, investment banks, and security companies whose sole purpose is to defend against such attacks, according to a detailed report.

One of the best known exploits of the so-called Hidden Lynx group was the devastating compromise of security firm Bit9 in 2012. The Waltham, Massachusetts, company provides an "application whitelisting" service that allows customers to run only a small set of approved software on their PCs and networks. By hacking into the company's servers and stealing the private cryptographic keys Bit9 used to digitally sign legitimate apps, the intruders were able to infect more valuable targets inside military contracting firms who used the service.

Notícia na ArsTechnica

Relatório da Symantec

Quem escreve o Linux

Google and Samsung soar into list of top 10 Linux contributors
And Microsoft's days of major Linux contributions have come to a halt.
ArsTechnica

mais empresas do que o mítico voluntário:



FBI recorre a malware

O FBI usou malware para descobrir a identificação de utilizadores de uma loja da rede Tor chamada Freedom Hosting (que, como é fácil imaginar, não vendia propriamente produtos legais). O ataque é um típico drive-by download: quando alguém acedia à dita loja, via uma página que continha um script escrito em Javascript que explorava uma vulnerabilidade na versão do Firefox usada na rede Tor.

Um excerto do script está na figura.

Artigo completo na Wired: FBI Admits It Controlled Tor Servers Behind Mass Malware Attack

Hackers tremam se faltar a electricidade

Do Público de hoje (o sublinhado é nosso):

A partir do quarto, jovem argentino desviava mais de 37 mil euros por mês

Um argentino de 19 anos foi detido por suspeita de liderar um esquema de fraude informática através da qual desviava mensalmente cerca de 50 mil dólares por mês (37.600 euros). O jovem, que já foi apelidado pela polícia argentina de “superhacker”, era investigado há mais de um ano.

Os alvos preferidos do hacker eram empresas do país especializadas em jogos e transferências de dinheiro online, indica o jornal argentino Clarín. A polícia investiga agora se empresas fora da Argentina sofreram também desvios e se o jovem tinha como cúmplices o irmão menor e os próprios pais.

O diário avança ainda que a polícia federal investigava o agora detido há mais de um ano, depois de uma denúncia de uma empresa de hosting. A empresa alegava que tinha havido interferências nas ordens de pagamento dos seus clientes e que algum do dinheiro nunca chegava ao destino.

Na última sexta-feira, dia da detenção, a polícia ordenou que fosse cortado o abastecimento de electricidade na zona da residência do suspeito em San Cristóbal, um bairro em Buenos Aires, para impedir que este destruísse provas que pudessem levar à sua acusação.

Nas buscas realizadas à casa do suspeito a polícia apreendeu vários computadores no quarto do suspeito, bem como routers e mais de 14 discos rígidos. “Acreditamos que ele e o seu irmão montaram um negócio tão lucrativo que os seus pais optaram por não perguntar o que estavam a fazer”, confidenciou ao diário um dos investigadores envolvidos no processo.

A polícia suspeita que o dinheiro desviado era depositado numa conta em Rosario, a cerca de 300 quilómetros da capital argentina. Através de ataques malware (vírus informáticos), o jovem criou uma rede de computadores que desviava dinheiro de contas de terceiros, sem deixar qualquer rasto da operação.

O jovem está agora acusado de três crimes e se for condenado poderá ter que cumprir uma pena de prisão de mais de dez anos.

NSA e criptografia na internet

Um excelente artigo sobre o tema: On the NSA, Matthew Green, Johns Hopkins University

Um par de excertos:

The TL;DR is that the NSA has been doing some very bad things. At a combined cost of $250 million per year, they include:

  • Tampering with national standards (NIST is specifically mentioned) to promote weak, or otherwise vulnerable cryptography.
  • Influencing standards committees to weaken protocols.
  • Working with hardware and software vendors to weaken encryption and random number generators.
  • Attacking the encryption used by 'the next generation of 4G phones'.
  • Obtaining cleartext access to 'a major internet peer-to-peer voice and text communications system' (Skype?)
  • Identifying and cracking vulnerable keys.
  • Establishing a Human Intelligence division to infiltrate the global telecommunications industry.
  • And worst of all (to me): somehow decrypting SSL connections.
(...)


there are basically three ways to break a cryptographic system. In no particular order, they are:
  • Attack the cryptography. This is difficult and unlikely to work against the standard algorithms we use (though there are exceptions like RC4.) However there are many complex protocols in cryptography, and sometimes they are vulnerable.
  • Go after the implementation. Cryptography is almost always implemented in software -- and software is a disaster. Hardware isn't that much better. Unfortunately active software exploits only work if you have a target in mind. If your goal is mass surveillance, you need to build insecurity in from the start. That means working with vendors to add backdoors.
  • Access the human side. Why hack someone's computer if you can get them to give you the key?

Várias cifras quebradas pela NSA?

Report: NSA defeats many encryption efforts

The agency has been working since 2000 to circumvent encryption through a variety of methods, a news report says

By Grant Gross
September 05, 2013 — IDG News Service — The U.S. National Security Agency has been circumventing many online encryption efforts through a combination of supercomputers, back doors built into technology products, court orders and other efforts, according to a new report from The New York Times and ProPublica.

The NSA has cracked much of the encryption that protects global commerce, banking, trade secrets and medical records, according to the report, which cites documents leaked by former NSA contractor Edward Snowden. The NSA has invested billions of dollars in efforts to defeat encryption since 2000, according to the report.

In addition to deploying supercomputers to crack encryption, the NSA has worked with U.S. and foreign technology companies to build entry points into their products, the report said. The agency spends more than US$250 million a year on its Sigint Enabling Project, which engages the IT industry in an effort to get companies to make their commercial products "exploitable," the report said, citing documents from Snowden.

The report did not name companies that have cooperated with the NSA.

Representatives of the NSA and the U.S. Office of Director of National Intelligence didn't immediately respond to a request for comments on the news report.

In addition, British intelligence agency GCHQ, likely working with the NSA, has been attempting to hack into the protected traffic at Google, Yahoo, Facebook and Microsoft's Hotmail, the report said. GCHQ had developed "new access opportunities" into Google's system, according to a document from Snowden.

The NSA has also been working for years to weaken international encryption standards, the report said. NSA memos appear to confirm that the agency planted vulnerabilities in an encryption standard adopted in 2006 by the U.S. National Institute of Standards and Technology, the report said.

The NSA sees the ability to decrypt information a vital capacity, and the U.S. competes with China, Russia and other countries in that area, according to the documents referenced in the report.


Wi-Fi is watching you

Dois trabalhos apresentados na conferência ACM SIGCOMM 2013 (uma das conferências de topo de redes) mostram como usar Wi-Fi para obter informação sobre localização e movimento de pessoas. A informação é obtida através da perturbação que as pessoas introduzem no sinal de Wi-Fi, por isso não exige que as potenciais vítimas transportem qualquer tipo de dispositivo vulnerável.

* See Through Walls with Wi-Fi! (artigo completo)

* Whole-Home Gesture Recognition Using Wireless Signals (demonstração)