Posted by Avik Sarkar
On 2/12/2013 07:05:00 pm
President Obama & Congress Will Issue Long Awaited Executive Cyber Security Order
Last week we reported that Pentagon has declared that they are moving toward a major expansion of its cyber security force to counter increasing attacks on the nation’s computer networks, as well as to expand offensive computer operations on foreign adversaries. Just one week after this declaration another crucial movement came from the U.S. government. A secret legal review on the use of America’s growing arsenal of
cyber weapons has concluded that
President Obama has the broad power to order a pre-emptive strike if the United States detects credible evidence of a major digital attack looming from abroad. According to sources
President Barack Obama will issue a long-awaited
cyber security executive order this week. Two former
White House officials told the publication that the order is expected to be released after Tuesday night's State of the Union address.
Given his status as commander-in-chief, Obama seems to be the clear choice, but since
cyber warfare is such a new and unknown thing, the government hasn't actually figured out the rules of engagement yet. In the past couple of decades, the power to use America's
cyber weapons has been shared between the Pentagon and the various intelligence agencies. With the exception of a series of strikes on the computer systems that run Iran's nuclear enrichment facilities an attack that Obama ordered himself the U.S. hasn't launched any major
cyber attacks in recent memory, however. This probably won't be the case in the future. So the government is working on new rules of engagement, as it realizes that the capabilities of
cyber weapons are evolving at a startling rate. The rules will be not unlike the set that governs how drone attacks are ordered and who orders them.
Cyber warfare certainly stands to affect the average American more, though. On Capitol Hill this week, Rep. Dutch Ruppersberger (D-Md.) and Rep. Mike Rodgers (R-Mich.) are set to reintroduce the
Cyber Intelligence Sharing and Protection Act (CISPA) during a speech at the Center for Strategic and International Studies.
According to an exclusive report the
bill would allow the government to share classified
cyber threats with the private sector so that those companies can then protect their systems from
cyber attacks. The bill was killed last year due to
privacy concerns. Civil-liberty groups argued that the bill allows companies to exchange too much personal information back and forth without regulation.
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 1/01/2013 03:47:00 pm
‘Pervasive Vulnerability’ Found in The Robotic Aircraft of Drone Fleet
Unmanned aerial vehicle (UAV), widely known as a
drone has always been gone through with several controversies in case of both defense and cyber security. Yet again several question arises regarding the security system and the control algorithms of drone. According to the Pentagon’s premier science and technology division a a
“pervasive vulnerability” have been found in the robotic aircraft of drone. The control algorithms for these crucial machines are written in a fundamentally insecure manner, says
Dr. Kathleen Fisher, a Tufts University computer scientist and a program manager at the
Defense Advanced Research Projects Agency. There’s simply no systematic way for programmers to check for vulnerabilities as they put together the software that runs our drones, our trucks or our pacemakers.
In our homes and our offices, this weakness is only a medium-sized deal: developers can release a patched version of Safari or Microsoft Word whenever they find a hole; anti-virus and intrusion-detection systems can handle many other threats. But updating the control software on a drone means practically re-certifying the entire aircraft. And those security programs often introduce all sorts of new vulnerabilities. “The traditional approaches to security won’t work,” Fisher tells Danger Room.
Fisher is spearheading a far-flung,
$60 million, four-year effort to try to develop a new, secure way of coding and then run that software on a series of drones and ground robots. It’s called High-Assurance Cyber Military Systems, or
HACMS. For detailed information about this story click
Here.
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 10/20/2012 12:07:00 pm
HSBC Comeback Online After Prolonged DDoS Attack From Anonymous
According to HSBC newsroom- "On 18 October 2012 HSBC servers came under a denial of service attack which affected a number of HSBC websites around the world." But HSBC denied any sort of data loss. Fawkes Security claimed to have details of more than 20K cards, but in their release HSBC said "This denial of service attack did not affect any customer data, but did prevent customers using HSBC online services, including internet banking."
But now the whole situation is under control, websites belonging to British bank and financial services company HSBC are back online and working normally. According to an update posted on its website, HSBC restored all of its websites globally to full accessibility as of 3:00am UK time.
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 10/16/2012 07:35:00 pm
Iran Accused For Engaging Cyber Attacks Against Persian Gulf Oil & Gas Companies in U.S. (Full Story)
The conflict and tussle between Iran and United States continues, as U.S. authorities believe that Iranian-based hackers were responsible for cyberattacks that devastated Persian Gulf oil and gas companies. Just hours later the attack was discovered, Defense Secretary Leon Panetta said the cyberthreat from Iran has grown, and he declared that the Pentagon is prepared to take action if American is threatened by a computer-based assault.
The former government official, who is familiar with the investigation, said U.S. authorities believe the cyberattacks were likely supported by the Tehran government and came in retaliation for the latest round of American sanctions against Iran. Before Panetta's remarks on Thursday, U.S. officials had said nothing publicly about the Gulf attacks or the investigation. But Panetta described them in a speech to business leaders in New York City, saying they were probably the most destructive cyber assault the private sector has seen to date. A current U.S. official acknowledged Thursday that the Obama administration knows who launched the cyberattacks against the Gulf companies and that it was a state actor. U.S. agencies have been assisting in the Gulf investigation and concluded that the level of resources needed to conduct the attack showed there was some degree of involvement by a nation state, said the former official. The officials spoke on condition of anonymity because the investigation is classified as secret. While Panetta chose his words carefully, one cybersecurity expert said the Pentagon chief's message to Iran in the speech was evident.
It was all about what U.S. Authorities are claiming or in other word blaming, but like earlier; this time also Iran completely denies the whole matter, besides they blamed Israel & America for engaging cyber attacks on Iran's Nuclear System. Iranian officials denied any role in recent cyberattacks against oil and gas companies in the Persian Gulf and said they welcomed a probe of the case. Mahdi Akhavan Bahabadi, secretary of the National Center of Cyberspace, denounced as "politically motivated" American allegations of an Iranian link to the Shamoon virus that hit Saudi Arabian state oil company Aramco and Qatari natural gas producer RasGas, according to remarks carried by ISNA. "We interpret the issue politically and in light of U.S. domestic issues as well as the (U.S. presidential) election," he said. The Iranian official said Tehran has already offered help to boost the companies' cybersecurity, asIran has itself recently been the victim of cyberattacks on its offshore oil platforms. Iran periodically reports the discovery of viruses and other malicious programs in government, nuclear, oil and industrial networks. On Monday, Tehran said it had successfully blocked a cyberattack on the computer network of its offshore drilling platforms. It briefly shut down part of its oil facilities because of a cyberattack in May. Iran blames Israel and the United States for the attacks. Israel has done little to deflect suspicion it uses viruses against Iran.
While talking about the cyber attacks on Persian Gulf oil and other gas companies, we like to remind you that couple of weeks ago U.S. Authorities also blamed Iran for engaging cyber attacks on U.S. leading banking and financial sector. There also Iran official denies the attack and said "We officially announce that we haven't had any attacks,". So far its not clear whether these two attacks are linked or not. Whatever, for all the latest update on stories like this & also other updates on cyber domain stay tuned with VOGH.
-Source (MPR News & Yahoo)
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 9/30/2012 03:50:00 pm
Leading US Banking & Financial Sector Suffering From Massive DDoS Attack
Few days ago in a report we said that US National Security officials
accused the Iranian government for engaging cyber attacks against US Banks. The attack came just after
'anti Islamic' video was posted online. Attacks against the websites of leading banks in the United States have the banking and financial services industry on edge. The Financial Services ISAC (Information Sharing and Analysis Center) set its Threat Level to
“High” on Wednesday, September 19, indicating a high risk of
cyber attacks. Attacks against the websites of leading banks in the United States have the banking and financial services industry on edge. A Muslim hacking group calling itself
Izz ad-Din al Qassam Cyber Fighters took
responsibility for attacks on the
New York Stock Exchange, Bank of America and
Chase last week. This week brought attacks against
Wells Fargo,
US Bank and
PNC. Wells Fargo used its Twitter account to apologize for service interruptions on Wednesday and said it was working to
"quickly resolve this issue." Most of the targeted banks were back online and operational Thursday. The events prompted U.S. Senator Joe Lieberman (I-CT) to use an interview on C-SPAN to point the finger of blame at the Iranian government and its elite Quds Force.
Wheather it is
Iran Govt or that hacker group 'Izz ad-Din al Qassam Cyber Fighters' but the main issue of concern is that the Banking and financial sector has been highly disturbed since last few weeks. Though the situation came under control at last Thursday but still experts are predicting that this ongoing cyber attack is not over yet. In their statement the hacker group vows to engage more attack.
"These series of attacks will continue until the Erasing of that nasty movie from the Internet," said the hacker.
-Source (Naked Security)
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 9/26/2012 01:36:00 am
Iran Accused of Carrying out Cyber Attacks Against US Banks Over Anti Islamic Movie Issue
Since last few days, the conspiracy with the 'Anti Islamic Movie' was the headline in every where. We have seen global violence and a mass protest mainly came from Muslim brotherhood. This protest was also touched the internet, and as expected Muslim hackers joined the movement, which cost many damages for the cyber fence. Thousands of websites became victim of cyber attack, and among them several US banks also faced huge disturbance. This protest takes a new direction when Govt of Iran announced the blockage of Google Inc's search engine and its email service. "Google and Gmail will be filtered throughout the country until further notice," an official identified only by his last name, Khoramabadi, said, without giving further details. The Iranian Students' News Agency (ISNA) said Google ban was connected to the anti-Islamic film posted on the company's YouTube site which has caused outrage throughout the Muslim world.
This stand of Iran Govt created a controversy, which make them responsible for carrying out cyber attacks against US banks. According to NBC news report US National Security officials accused the Iranian government for engaging cyber attacks against US Banks mainly Bank of America. But when the ball goes to Iran's side then they completely denies the blame, while saying "We officially announce that we haven't had any attacks," This statement came from the Head of Iran's civil defense agency Gholam Reza Jalali when he was asked about the report. The western media reports alleged on Friday that Muslim hackers have repeatedly attacked Bank of America Corp, JPMorgan Chase & Co and Citigroup Inc over the past year as part of a broad cyber campaign targeting the United States. Security sources told Chicago Tribune and NBC News that the attacks on the three largest US banks originated in Iran, but it is not clear if they were launched by the state, groups working on behalf of the government, or "patriotic" citizens.
Here we want to refresh your memory while digging up a story, when Iran Govt decided a permanent Internet ban in Iran, where Iran Government has announced its plans to establish a National Intranet within five months. The Iranian minister for Information and Communications Technology, announced the setting up of a national Intranet and the effective blockage of services like Google, Gmail, Google Plus, Yahoo and Hotmail, in line with Iran's plan for a "clean Internet." And that five months is almost over, so may be the blockage of Google came due to that reason, or may be not. We suggest our readers that, it will be better if you ask yourself, that whether Iran was indeed responsible for the cyber attack or not??!!
-Source (Reuters, NBC & FARS News Agency)
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 9/15/2012 04:01:00 pm
A Tribute to The 10 Most Infamous Student Hackers of All Time
Since last two years, we the
VOGH team has been covering all the latest cyber security updates. But today lets do some thing different. One of our frequent reader and fan
Katina Solomon has requested us to share a fantastic article. Everyday VOGH draws headlines of hackers around the world and their activities. While trying to maintain speed with time, we usually forgot our past. Today we will take you into the past, where we will discuss about those heroes, who are always been ill treated by the society & the system while revamping those heroes into cyber-criminals or infamous hackers. Its our question to our humanity
"Did the system has done justice with them??"
Hacking has always been inherently a young person’s game. The first usage of the word “hacker” was to describe pranksters meddling with the phones at MIT. Many hackers have cited boredom, a desire for change, or the thrill of going somewhere one is not supposed to go as their motivation for hacking, all of which could apply to scores of common activities on college campuses. While today’s hacking scene is dominated by large hacking groups like Anonymous and Masters of Deception, many of the greatest hacks ever have been pulled off by college, high school, and even middle school kids who rose to infamy armed only with a computer and the willingness to cross the bounds of legality.
- Sven Jaschan:
In the words of one tech expert,
“His name will always be associated with some of the biggest viruses in
the history of the Internet.” The viruses: the Sasser and NetSky worms
that infected millions of computers and have caused millions of dollars
of damage since their release in 2004. The man behind the viruses proved
to be not even a man at all, legally. Seventeen-year-old hacker Sven
Jaschan, a student at a computer science school in Germany, claimed to
have created the viruses to become a hero by developing a program that
would eradicate the rampaging Mydoom and Bagle bugs. Instead he found
himself the subject of a $250,000 bounty courtesy of Microsoft, for which some of his classmates turned him in.
- Jonathan James:
In 2000, at the age of 16, James, or “C0mrade” as he was known in
the hacker community, infamously became the first juvenile federally
sentenced for hacking. The targets of his notorious hack jobs were a
wing of the U.S. Department of Defense called the Defense Threat
Reduction Agency, NASA, and the Marshall Space Flight Center in
Huntsville, Ala. (By hacking the latter James gained the ability to
control the A/C in the International Space Station.) All of these were
pulled off “for fun” while James was still a student at Palmetto Senior
High in Miami. Unfortunately, the fun ran out when James was tied into a
massive identity theft investigation. Though insisting he was innocent, James took his own life, saying he had “no faith in the justice system.”
- Michael Calce:
Yahoo. CNN. Ebay. Amazon. Dell.com. One by one in a matter of days,
these huge websites crashed at the hands of 15-year-old Canadian high
school student Michael Calce, aka “MafiaBoy.” Armed with a
denial-of-service program he called “Rivolta” that overloaded servers he
targeted, the young hacker wreaked $7.5 million in damages, according to court filings.
Calce was caught when he fell victim to a common ailment of teenage
boys: bragging. The cops were turned on to him when he began boasting in
chat rooms about being responsible for the attacks. On Sept. 12, 2001,
MafiaBoy was sentenced to a group facility for eight months on 56 counts
of cybercrime.
- Kevin Mitnick:
Before performing hacks that prompted the U.S. Department of Justice
to declare him “the most wanted computer criminal in United States
history,” Kevin Mitnick had already made a name for himself as a hacker
in his school days, first at Monroe High School in LA and later at USC.
On a dare, Mitnick connived an opening into the computer system of
Digital Equipment Corporation, which some fellow hackers then used to steal proprietary source code
from the company before ratting on him. While still on probation for
that crime, Mitnick broke into the premises of Pacific Bell and had to
go on the run from police in the aftermath, during which time he hacked
dozens of systems, including those of IBM, Nokia, Motorola, and Fujitsu.
- Tim Berners-Lee:
“Scandalous” is a synonym for “infamous,” and for this legendary
computer scientist, knight of the British Empire, and inventor of the
World Wide Web to have been a hacker in his school days is certainly a
juicy factoid. During his time at Oxford in the mid-’70s, Sir Tim was
banned from using university computers after he and a friend were caught
hacking their way into restricted digital areas. Luckily by that time
he already knew how to make his own computer out of a soldering iron, an old TV, and some spare parts. And also luckily for him, he will always be revered as the father of the Internet.
- Neal Patrick and the 414s:
In the early ’80s, hacking was still a relatively foreign concept to
most Americans. Few recognized the enormous power hackers could hijack
with a few strokes on a keyboard, which explains why a young group of
hackers known as the 414s (after a Milwaukee area code) were virtual
celebrities after they hacked into the famous Los Alamos National
Laboratory, the Memorial Sloan-Kettering Cancer Center, and elsewhere.
While today hacking a lab where classified nuclear research is conducted
could earn you a one-way ticket to Guantanamo, the 17-year-old
ringleader and high school student Neal Patrick was on the cover of Newsweek. The group members got light sentences but prompted Congress to take a stronger role in cybercrime.
- Robert T. Morris:
The first ever Internet worm, the Morris Worm derived its name from
Cornell grad student Robert Tappan Morris. In 1988, Morris released the
worm through MIT’s system to cover his tracks, which would seem to
contradict his claims that he meant no harm with it. But that’s exactly
what resulted: the worm spread out of control, infecting more than 6,000
computers connected to the ARPANET, the academic forerunner to the
World Wide Web. The damages reached as high as an estimated $10 million,
and Morris earned the ignominious distinction of being the first person
prosecuted under the Computer Fraud and Abuse Act. Morris got community
service but was apparently not considered too infamous to be offered
his current job as a professor at MIT.
- George Hotz:
To some, George Hotz (aka “geohot,” aka “million75,” aka “mil”) is a
public menace, a threat to electronic businesses everywhere. To many,
Hotz is a hero. The high-schooler shot to fame/infamy in 2007 at the
tender age of 17 by giving the world its first hacked, or “jailbroken”
iPhone. He traded it for a new sports car and three new iPhones, and the
video of the hacking received millions of hits. Apple has had to
grudgingly come to terms with jailbreaking, seeing as the courts have declared it legal,
but Sony Corp. is definitely not OK with such tampering. When Hotz
hacked his PlayStation 3 and published the how-to on the web, the
company launched a vicious lawsuit against him. In turn, the hacker
group Anonymous launched an attack on Sony, stealing millions of users’
personal info.
- Donncha O’Cearbhaill:
According to the FBI, this 19-year-old freshman at Trinity College
Dublin is one of the top five most wanted hackers in the world. Well, he
was; now that he’s been arrested he’s not really “wanted” anymore. The
Feds contend the young man is a VIP member of the Anonymous and LulzSec
hacking groups that have already been mentioned and whose targets have
included the FBI, the U.S. Senate, and Sony (in the Hotz backlash). It
seems “Palladium” (O’Cearbhaill) took the liberty of listening in on a
conference call between the FBI and several international police forces
who were discussing their investigations of the hacking groups. He could
be sentenced to up to 15 years in prison if convicted for that hack
alone.
- Nicholas Allegra:
Just as George Hotz moved on from the Apple hacking game, Brown
University student Nicholas Allegra is also hanging up his jersey.
“Comex,” as he is known to millions of rooted iPhone fans, created the
simple-to-use Apple iOS jailbreaking program JailbreakMe in 2007 and has since released two newer versions of it. However, Comex seems to have gone over to the dark side, accepting an internship
with the very company whose products he became famous exploiting.
Still, Allegra’s hacking skills are so advanced (one author puts him
five years ahead of the authors of the infamous Stuxnet worm that
corrupted Iran’s nuclear facilities) and so many people availed
themselves of his talents, he will forever live in hacking infamy.
We want to dedicate the above post to the legendary hacker, who left us -
Jonathan James aka
“C0mrade”. Also the post is a tribute to all the so called 'infamous hackers'. You are our heroes and inspiration, you will always be there in our soul.
Team VOGH salutes you......
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 7/05/2012 06:27:00 pm
Iran's State TV Accused BBC For Hacking & Changing Result of Iran's Nuclear Program
The British Broadcasting Corporation (BBC) has been charged for hacking its website to change the results of a poll about Iran's nuclear program. On Wednesday Iran's state TV accused BBC regarding this issue, but BBC completely denied their allegation and charges. The West suspects Iran may be aiming to produce nuclear weapons. Iran insists its nuclear program is for peaceful purposes like energy production. The British broadcaster's Farsi language service reported that the
poll showed 63 percent of those who took part favored halting uranium enrichment in exchange for an end to Western economic sanctions. The TV report Wednesday said the actual figure was
24 percent, and the rest favored retaliation against the West with measures like closing the strategic Strait of Hormuz, a key to exporting oil from the Gulf. In a statement, the BBC said the claims were
"both ludicrous and completely false, and the BBC Persian Service stands by its reporting." "There is a significant audience within Iran which depends on BBC Persian to provide impartial and trusted news, and we are confident they are familiar with the state media's tactics," it said. The poll was taken off Iran TV's website on Tuesday.
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 6/30/2012 03:26:00 pm
Drone Fleets Are Vulnerable to GPS Spoofing & Can Be Hijacked By Terrorist
Spying drones have always gone through with several controversies along with a lots of technical & security issues. Yet again a team at the University of Texas has managed to find a vulnerability in drones that allows an attacker to gain control of the unmanned vehicle and change its course. Professor Todd Humphreys and the team spoof GPS receivers in order to take control of the drones.
According to an exclusive report of Fox News - A small surveillance drone flies over an Austin stadium, diligently following a series of GPS waypoints that have been programmed into its flight computer. By all appearances, the mission is routine. Suddenly, the drone veers dramatically off course, careering eastward from its intended flight path. A few moments later, it is clear something is seriously wrong as the drone makes a hard right turn, streaking toward the south. Then, as if some phantom has given the drone a self-destruct order, it hurtles toward the ground. Just a few feet from certain catastrophe, a safety pilot with a radio control saves the drone from crashing into the field.
Last year we came to know that a
stealthy key-logger has hit the U.S. Drone logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other war zones. Later Iran took
responsibility of that cyber attack. But
spoofers are a new problem for GPS-guided drones, allowing hackers to trick navigation systems with false information. Humphreys and the team have designed a device costing less than $1,000 that sends out a GPS signal stronger than the ones coming down from orbiting satellites. At first, the rogue signal mimics the official one in order to trick the drone, and once it’s accepted new commands can be sent to the UAV. US government says its aware of the potential dangers of spoofing, and officials from the FAA and Department of Homeland Security have seen Humphreys’ demonstration first hand. The Department of Homeland Security reportedly has a program in place to try and solve the problem of GPS interference, but it’s aimed at trying to deal with jammed signals, not spoofed ones.
-Source (FOX News, Slashgear)
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 6/12/2012 02:30:00 am
Department of Homeland Security (DHS) Said -Cyber Crime is As Threatening As al Qaeda
The number of organized cyber crime has already kisses the sky. Keeping this scenario in mind Janet Napolitano, Secretary of Homeland Security, said that "the greatest threats in actual activity we've seen aimed at the West and the United States has been in the cyber-arena", in addition to "al Qaeda and al Qaeda-related groups" The comments highlight the increasing trend of political sparring and espionage proliferating on the Web. The Flame virus, believed to be driven by a western government, continues to grab headlines, while he also claimed that Google has introduced a tool to warn users of state-sponsored attacks on their accounts. Though gmail completely denied this blame while saying that Govt hired State-Sponsored attackers who ware accessing millions of Gmail accounts illegally. Napolitano also said the government is taking steps to be "proactive instead of reactive" in combating the new threats, adding that the worldwide cost of tackling cyber-crime - an estimated $388 billion (£250 billion) - is "already outstripping [the cost of tackling] traditional narcotics".
A White House plan code-named Olympic Games was launched to infect Iran's nuclear program at the beginning of the Obama administration, though Washington denies the Flame virus, also targeting Iran, was part of the project, after it was found to have existed for a number of years.
-Source (IT Portal)
.
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 6/11/2012 05:08:00 am
U.S. Navy With American Defense Contractor Raytheon Will Install Linux on its Drones
Last year we came to know that a
stealthy key-logger has hit the U.S. Drone logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other war zones. Later Iran took
responsibility of that cyber attack. So keeping those attack in mind now U.S. govt is enhancing more security, as per resources U.S. Navy has signed a reported
$28 million deal with major
American defense contractor Raytheon to install the
Linux operating system on its vertical take off and landing drones. The U.S. Navy’s contract with Raytheon will call for a Linux transition on the tactical control system software of the MQ-8B Fire Scout. The Navy’s MQ-8B Fire Scout has already been deployed in the Caribbean to detect illegal drug shipments. The Navy reportedly has plans of duplicating the Fire Scout to a fleet of around 168 drones. The Navy also said that the drones has also be fitted with 70mm rockets for special missions.
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 5/29/2012 02:30:00 am
Flamer/Skywiper Stuxnet- Newly Found Cyber-Weapon Discovered by Iran National CERT (MAHER)
After "Duqu" now The Iranian Computer Emergency Response Team (MAHER) claims to have discovered a new targeted Stuxnet attacking the country's internal system. This newly found Stuxnet have been dubbed Flame (also known as Flamer or Skywiper). The name “Flamer” comes from one of the attack modules, located at various places in the decrypted malware code. In fact this malware is a platform which is capable of receiving and installing various modules for different goals. At the time of writing, none of the 43 tested anti viruses could detect any of the malicious components. Nevertheless, a detector was created by Maher center and delivered to selected organizations and companies in first days of May.
Key Features of “Flamer” :-
- Distribution via removable medias
- Distribution through local networks
- Network sniffing, detecting network resources and collecting lists of vulnerable passwords
- Scanning the disk of infected system looking for specific extensions and contents
- Creating series of user’s screen captures when some specific processes or windows are active
- Using the infected system’s attached microphone to record the environment sounds
- Transferring saved data to control servers
- Using more than 10 domains as C&C servers
- Establishment of secure connection with C&C servers through SSH and HTTPS protocols
- Bypassing tens of known antiviruses, anti malware and other security software
- Capable of infecting Windows Xp, Vista and 7 operating systems
- Infecting large scale local networks
For additional information about "Flamer" click Here
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 4/26/2012 02:02:00 pm
Iran Took Responsibility of Hacking into U.S. Spy Drone
Last year we came to know that a
stealthy key-logger has hit the U.S. Drone logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones. The key-logger was was capable of capturing data and transfer that to the attacker. Now its come to know that Iran has reportedly hacked the software of an advanced US spy drone, which came down its territory last year and has started building its own copies of the aircraft. Commander of Iran's Islamic Revolution Guards Corps Brig General Amir Ali Hajizadeh gave details of the aircraft's operational history as proof that their engineers had successfully probed its records. "Had we not accessed the plane's soft wares and hard discs, we wouldn't have been able to achieve these facts. We have decoded all this [information] and we now have an infinite amount of intelligence," said Hajizadeh.
The state media report also said that Iran had 'started manufacturing models of the captured US spy plane'. The unarmed drone was shown on Iranian state television, apparently looking intact, after coming down 140 miles inside Iranian territory in December. Iran claimed it brought down the drone by an electronic attack after it took off from an American base inside Afghanistan, but US officials said the aircraft crashed due to a malfunction.
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 4/24/2012 11:08:00 pm
Iran Oil Terminal Face Malware Attack, Internal System Also Get Affected
The official website of Iranian oil ministry and national oil company became the victim of malware attack. The computer virus is believed to have hit the internal computer systems said BBC. Authorities sent those sites offline immediately after the attack took place. Equipment on the Kharg island and at other Iranian oil plants has also been disconnected from the net as a precaution. However the Ministry website was back in action on Monday but the oil company site has remained unreachable. The semi-official news agency, Mehr, reported that information about users of the websites had been stolen, but no sensitive data had been accessed. Iran's Revolutionary Guard claims to have created a "hack-proof" network for all sensitive data. We have yet to see a hack-proof network and if they have convinced themselves it's true, perhaps that is part of the problem. Iran is reported to have mobilised a "cyber crisis committee" to handle the aftermath of the attack and bolster defences. One thing is clear, whether you are an oppressive regime, or simply an average small business, anyone who depends upon the internet will face malware threats and hacking attempts.
-Source (BBC & Sophos)
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 4/18/2012 11:25:00 pm
3 Million Bank Accounts Hacked To Prove Vulnerability in Banking System of Iran
A security geek from a payment service provider (PSP) company, has hacked accounts of three million bank customers to prove vulnerability in the banking security systems. That PSP offers a number of Iranian banks online services for accepting electronic payments & the guy found major security issue in the electronic payment system. The Central Bank of Iran issued a statement on Sunday advising the bank customers to change the passwords of their bank cards to prevent possible credit card fraud. An official at the Central Bank of Iran told Iranian news agency IRNA that no one has illegally accessed people's bank accounts. According to sources the hacker had provided the managing directors of the targeted banks with information about the bank accounts of 1,000 customers in the previous Iranian calendar year (ended on March 19) to warn them about the susceptibility of their computer systems and networks to cyber threats. After this security breach Govt assured Bank customers that there will be no harm in their bank balance. "It is possible that certain individuals have some information but they cannot use this information until the bank cards are not in their possession," Said the authority.
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 4/11/2012 06:36:00 pm
Duqu is Still in Operation, Researcher Found New Duqu Variant
Last month researchers at Kaspersky Lab managed to solve the Duqu Mystery. They discovered that this dangerous stuxnet was written by custom object oriented C called “OO C”. But was the sufficient to stop this dangerous cyber weapon? The answer is big no, and today a new Duqu variant rise up, which clearly indicating that the attacks are still ongoing and still security experts failed to put a solid brick between Duqu & cyber space. The latest Duqu driver was compiled in February 2012, more than four months after Duqu was first flagged as a unique piece of malware “striking similarities” to Stuxnet, the mysterious computer worm that targeted nuclear facilities in Iran. Symantec identified the newly compiled Duqu driver as mcd9×86.sys and said it contains no new functionality beyond spying and collecting data from infected machines. Kaspersky Lab’s Costin Raiu says the latest variant has been engineered to escape detection by the open-source Duqu detector toolkit released by CrySyS Lab.
-Source (ZDnet)
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 4/10/2012 02:13:00 pm
Permanent Internet Ban in Iran, Govt Launching National Intranet Service
The Iran Government has announced its plans to establish a
National Intranet within five months. As a result
millions of Internet users in Iran will be permanently denied access to the World Wide Web (WWW) and cut off from popular social networking sites, email services & so on. The government is set to roll out the first phase of the project in May, following which Google, Hotmail and Yahoo services will be blocked and replaced with government Intranet services like
Iran Mail and
Iran Search Engine. At this stage, however, the World Wide Web, apart from the aforementioned sites, will still be accessible. Iran government has already started the
registration procedure to apply for procuring Iran Mail ID, which mandates
authentic information pertaining to a person's identity, including national ID, address and full name. Registration will be approved only after verifying it against the government data on the particular applicant. The second and final stage of the national Intranet will be launched in August, which will permanently deny Iranians access to the Internet. "All Internet Service Providers (ISP) should only present National Internet by August," Taghipour said in the statement. Iranian ISPs already face heavy penalties if they fail to comply with the government filter list. By establishing the Intranet, the government control is set to become stricter. Foreign sites can still be accessed over the Intranet provided they are mentioned in a
"white list" set up by the government. The government is also believed to be planning for better control on proxy servers which allow users to access banned sites. Accordint to statement of Reza Taghipour, the Iranian minister for Information and Communications Technology, announced the setting up of a national Intranet and the effective blockage of services like Google, Gmail, Google Plus, Yahoo and Hotmail, in line with Iran's plan for a
"clean Internet."
-Source (IB Times)
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 3/22/2012 05:40:00 pm
National Nuclear Security Administration Under Massive Cyber Attack (10 Million Times Per Day)
National Nuclear Security Administration (NNSA) became the victim of a large numbers of cyber attacks. NNSA confirmed that its computer systems are attacked as many as 10 millions times a day. Thomas D'Agostino, department head of NNSA's security systems are constantly being probed by all sorts of hackers, from different parts of the world. He told "The nuclear labs are under constant attack, the Department of Energy is under constant attack."
Thankfully, the agency's security systems are already pretty robust, however, "Of the security significant events, less than one hundredth of a percent can be categorized as successful attacks against the Nuclear Security Enterprise computing infrastructure," D'Agostino continued.
That means that there could be as many as a 1000 attacks, every day, that successfully penetrate these systems but that number is unlikely. "The numbers are kind of inflated on that front," Adam Segal, a cyber-security expert with the Council on Foreign Relations, says. He thinks much of that traffic is from botnets "constantly scanning the Internet looking for vulnerabilities."
-Source (Gizmodo)
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 3/13/2012 11:51:00 pm
Jonathan Millican - 19 Years Old U.K. Student Won GCHQ "Cyber Security Champion” Award
Jonathan Millican, a 19 years old U.K. student has won the "Cyber Security Champion” after winning a competition showcasing Internet security intelligence. He has been awarded after a six-month-long challenge designed to attract talented people to the cyber defense industry. Judges at the competition said Millican had demonstrated knowledge “years beyond his time” of the subject.
He won the competition after taking part in a final series of challenges hosted by HP Labs, which pitted six five-person teams against each other on Saturday.
During the competition, teams had to advise a start-up company on how to best protect itself from hackers, and then reconfigure a computer network during a 15-minute long simulated attack. Although Millican’s team was beaten by a rival, judges determined that he deserved the top prize.
“He showed great leadership, strong technical abilities and also demonstrated that he understood the impact what he was doing would have on a business,” Adam Thompson, the chief judge who works for Hewlett Packard’s security team, told Media.
The competition was sponsored by the intelligence agency GCHQ, as well as telecoms giant BT, defense firm Cassidian and security technology maker Qinetiq. Millican has been offered a paid follow-up masters degree at Royal Holloway, University of London. He has also been invited to visit communications intelligence agency GCHQ’s Cheltenham base. Baroness Pauline Neville-Jones, the competition’s patron and the Prime Minister’s special representative to business on cybersecurity, said she hopes events like this would encourage children to put their computer skills to constructive use. Millican said he was most interested in the challenges posed by complex cyber attacks, like the Stuxnet work that is notorious for attacking Iran’s nuclear systems.
-Source (RedOrbit)
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 2/20/2012 09:38:00 pm
Iran Preparing Stronger Cyber Defense
While looking at the rise of cyber crime not only US and UK also Iran is preparing a strong cyber defense. According to the Iran's Press TV report - During the recent years cyber security has been high on the agenda in Iran. Tehran says that the reason for its special attention towards the issue is due to the growing number of attacks on Iran’s cyber space by US and Israel. That’s why the first national conference on cyber security kicked off in Iran’s interior ministry. The event which hosted high ranking executive and defense officials and experts, aimed at discussing ways to further strengthen the Iranian cyber space against any attacks.
Less than four months ago Iran launched a cyber defense headquarters with the help of its defense and communications ministries. The office categorizes Iran’s national assets to three parts including physical, human and cyber assets. The headquarters says that its responsibility is to protect the three categories with special emphasis on the country’s cyber assets.
Experts say that lack of enough security in a country’s cyber space is like sleeping in a house without locking the door. In 2009 some of Iran’s Uranium enrichment facilities were targeted by a computer worm called Stuxnet. Blaming the US and Israel, Iran managed to neutralize the cyber attack. In 2011 Iran’s
nuclear program comes under another cyber threat with ‘
Duqu'. Also hacker collective group
Anonymous targeted Iran while performing massive
DDoS attack on the 1st may last year.
The main task of cyber defense is to prevent computer worms or as some call it cyber weapons from breaking into or stealing data from the countries maximum security networks. These areas include nuclear facilities, power plants, data centers and banks. Iran has also established its own laws and definitions of cyber crime. Today there are several laws in dealing with the issue and a special branch of the police force is dedicated to patrolling Iran’s cyber space.
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
