Implementing Intrusion (Cyber) Kill Chain -A Plenary Overview

Implementing an Intrusion (Cyber) Kill Chain 

The Intrusion (Cyber) Kill Chain is a phrase popularized by infosec industry professionals and introduced in a Lockheed Martin Corporation paper titled; “ Intelligence Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains”. 

The intrusion kill chain model is derived from a military model describing the phases of an attack. The phases of the military model are: find, fix, track, target, engage, and assess. The analyses of these phases are used to pinpoint gaps in capability and prioritize the development of needed systems. The first phase in this military model is to decide on a target (find). Second, once the target is decided you set about to locate it (fix). Next, you would surveill to gather intelligence (track). Once you have enough information, you decide the best way to realize your objective (target) and then implement your strategy (engage). And finally, you analyze what went wrong and what went right (assess) so that adjustments can be made in future attacks.

Lockheed Martin analysts began by mapping the phases of cyber attacks. The mapping focused on specific types of attacks, Advanced Persistent Threats (APTs) - The adversary/intruder gets into your network and stays for years– sending information, usually encrypted – to collection sites without being detected. Since the intruder spent so much time in the network, analysts were able to gather data about what was happening. Analysts could then sift through the data and begin grouping it into the military attack model phases. Analysts soon realized that while there were predictable phases in cyber attacks, the phases were slightly different from the military model.  The intrusion (cyber) kill chain shown below, describe the phases of a cyber attack.

The chain of events or activities are as follows:

  

Link in the Chain	Description
1.  Reconnaissance	Research, identification and selection of targets- scraping websites for information on companies and their employees in order to select targets.
2.  Weaponization	Most often, a Trojan with an exploit embedded in documents, photos, etc.
3.  Delivery	Transmission of the weapon (document with an embedded exploit) to the targeted environment.  According to Lockheed Martin's Computer Incident Response Team (LM-CIRT), the most prevalent delivery methods are email attachments,websites, and USB removable media.
4.  Exploitation	After the weapon is delivered, the intruder's code is triggered to exploit an operating system or application vulnerability, to make use of an operating system's auto execute feature or exploit the users themselves.
5.  Installation	Along with the exploit the weapon installs a remote access Trojan and/or a backdoor that allows the intruder to maintain presence in the environment
6.  Command and Control	Intruders establish a connection to an outside collection server from compromised systems and gain 'hands on the keyboard' control of the target's compromised network/systems/applications.
7.  Actions on Objective	After progressing through the previous 6 phases, the intruder takes action to achieve their objective.  The most common objectives are:  data extraction, disruption of the network, and/or use of the target's network as a hop point.

Lockheed Martin's analysts also discovered while mapping the intruder's activities, that a break (kill) in any one link in the chain would cause the intrusion to fail in its objective. This is one of the major benefits of the intrusion kill chain framework as security professionals have traditionally taken a defensive approach when it comes to incident response. This means that intrusions can be dealt with offensively too.

Lockheed Martin's case studies reveal that knowledge about previous intrusions and how they were accomplished allow analysts to recognize those previously used tactics and exploits in current attacks.  For example, mapping of three intrusions revealed that all three were delivered via email, all three used  very similar encryption, all three used the same installation program and connected to the same outside collection site. All of the intrusions were stopped before they accomplished their objective.

How did they do this? How can my company utilize this approach?

Monitoring and mapping is the key.

The following list contains some of the necessary components (not in any particular order) needed to do intrusion mapping and setting up the kill.

·         Network Intrusion Detection (NIDS)

·         Network Intrusion Prevention (NIPS)

·         Host Intrusion Detection (HIDS)

·         Firewall access control lists (ACL)

·         Full packet inspection

·         A mature IT asset management system

·         A mature and comprehensive Configuration Management Database (CMDB)

·         Device and system hardening

·         Secure configurations baselines

·         Website inspection

·         Honeypots

·         Anti-virus and anti-malware

·         Verbose logging – network devices, servers, databases, and applications

·         Log correlation

·         Alerting

·         Patching

·         Email and FTP inspection and filtering

·         Network tracing tools

·         Information Security staff trained in tracking and mapping events end-to-end

·         Coordination and partnering with IT, Application Owners, Database Administrators, Business Units and Management both in investigation and communicating the mapped intrusions.

In short, in order to implement intrusion kill chain activity a company needs to have a mature inter-operating and information security program. Additionally, they need trained staff that can investigate, map and advise 'kill' activities, keep a compendium of mapped intrusions, analyze and compare old and new intruder activity, code use, and delivery methods to thwart current and future intrusions.

The intrusion (cyber) kill chain is not an endeavor that can be successfully implemented in place of a comprehensive Information Security Program, it’s another tool to be used to protect the company's data assets.

The good news is if your company doesn't have a mature information security program there is a lot you can do while making plans to introduce an intrusion kill chains in your department's arsenal.

·         Educate your employees to watch for suspicious emails. For instance, emails that seem to be off – such as, someone in accounting receiving an invitation to attend a marketing conference. Let them know that they shouldn't open attachments included in email like this.

·         Make sure you have anti-virus and anti-malware software installed and up to date.

·         Start an inventory of your computing devices, laptops, desktops, tablets, smartphones, network devices and security devices.

·         You have an advantage over intruders. You know your network and what is normal and usual, they don't.  Notice user behavior that is not usual and look into it.  For example, a login at 2am for someone who works 9 to 5. Or an application process that normally runs overnight that is kicking off during the day.

·         Keep your security patches up to date.

·         Create and monitor baseline configurations.

·         Write, publish and communicate information security policies and company standards.

·         Turn on logging and start collecting and keeping logs. Start with network devices and firewalls and then add servers and databases.  Set up alerts for things such as repeated attempts at access.

·         Spend some time using search engines from outside your network to see how much information can be learned about your company from the Internet.  You'd be surprised how much you can find including sensitive documents.

All of these practices and activities give you more information about your computing environment and what is normal and usual. The more you know about your environment, the more likely it is that you will spot the intruder before any damage is done.

Disclaimer:- Before conclusion, on behalf of Team VOGH, I would like to personally thank Mr. Adrian Stolarski for sharing this remarkable article with our readers. I would also like to thank Ryan Fahey  of Infosec Institute for his spontaneous effort. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Implementing Intrusion (Cyber) Kill Chain -A Plenary Overview "https://www.voiceofgreyhat.com/2014/02/implementing-intrusion-cyber-kill-chain.html</a>

Taith North Wales Transport & Travel Planning of UK Govt Hacked By Pakistani Hacker

Taith North Wales Transport & Travel Planning (Govt of UK), Few Other High Profile Websites Hacked By 'KHAN' (Pakistani Hacker)

A hacker from Pakistan going by the nick name of 'KHAN' has targeted a several high valued website of United Kingdom. The cyber attack happened few days ago where 'Khan' has hacked into the websites of Taith North Wales Transport and Travel Planning of UK Government. Taith is a joint committee of six county authorities from North Wales that handles transport and travel planning.

Sources revealed that the hacker belongs from Italy has managed to gain access into one the server of UK govt, and thus he successfully hack and change the index page with customized message saying- "today i am again with same message uk goverment deciding Ban Hijab for muslim womens what the hell is this! when your womens wear underware and come out of home beaches, road, you said this is freedom ? this is no problem ? but when our ladies , sisters , mothers wear hijab you said this is problem . so you call this justice ? i will fight for our right like a legend till i die .. We Want Freedom For Our Religion. You can kill us but cant kill our idea!" The hacker also claimed that not only defacement, but also he managed to breach the database of  the website. As soon as the security breach get spotted the authorities of Taith North Wales Transport Dept, took immediate steps and restored the site. While the time of writing this news, Taith Transportation portal has come back to online to its normal format. Also in his deface page 'Khan' took the responsibility of intrusion against Customs of Russia' official website. This slew of hacking rampage also affected several other high profile website of UK such as Hotel Black Boy Inn, Buckley Industry, Groes News, Spirit Models, Livetech, ByteBack Training & few more.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Taith North Wales Transport & Travel Planning of UK Govt Hacked By Pakistani Hacker"https://www.voiceofgreyhat.com/2013/12/taith-govt-uk-hacked-by-khan.html</a>

The Washington Post Server Breached! Chinese Hackers Apprehend For This Cyber Attack

The Washington Post Server Hacked! Suspected That Chinese Hackers Are Behind This Cyber Attack 

Last week the story of Chinese eavesdropping on European ministries and diplomats at G20 summit draws the attention of the entire cyber world and made headlines. Yet again another breathtaking issue came in-front where also China found responsible for security breach that effected The Washington Post - the most widely circulated newspaper published in Washington, D.C. Sources reveled that hackers broke into The Washington Post’s servers and gained access to employee user names and passwords. Mandiant, a cyber security contractor that monitors The Washington Post’s networks, said the intrusion was of relatively short duration. The extent of the loss of company data was not immediately clear, still the matter of relief is that the company passwords are stored in encrypted form, hackers in some cases have shown the ability to decode such information. although to avoid any further mishap Washington Post have planned to ask all employees to change their user names and passwords on the assumption that many or all of them may have been compromised. Officials at Washington Post said that they saw no evidence that subscriber information, such as credit cards or home addresses, was accessed by the hackers. Nor was there any sign that the hackers had gained access to The Post’s publishing system, e-mails or sensitive personal information of employees, such as their Social Security numbers. Post officials found that this hack is more-recent than the 2011 one. They also said, began with an intrusion into a server used by The Post’s foreign staff but eventually spread to other company servers before being discovered. “This is an ongoing investigation, but we believe it was a few days at most,” said Post spokeswoman Kris Coratti. 

China not only targeted Washington Post,  If you look at the story of major cyber attacks of this year we will find that the name of China has been involved several times for engaging cyber attacks against several high profile news organization of U.S. including New York Times, NBC and so on. So far Chinese Government have not responded to this issue, also none of Chinese hacker community take the responsibility of this breach. For upcoming updates on this story stay tuned with VOGH. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">The Washington Post Server Breached! Chinese Hackers Apprehend For This Cyber Attack "https://www.voiceofgreyhat.com/2013/12/washington-post-hacked-by-chinese-hackers.html</a>

Cupid Media Network Breach Exposes 42 Million Passwords in Plain Text

Cupid Media Network Breach Exposes 42 Million Passwords in Plain Text (Uunencrypted)

Cupid Media one of the leading niche online dating network that have more than 35 large online dating website, faced a massive intrusion that effects more than 42 million of its registered users. From an exclusive report of Kerbs On Security we came to know that the breach was taken earlier in this year. Where the hackers managed to gain access into the crucial servers belongings to Cupid Media network. According to the managing director of Cupid Media, Mr Andrew Bolton - "In January we detected suspicious activity on our network and based upon the information that we had available at the time, we took what we believed to be appropriate actions to notify affected customers and reset passwords for a particular group of user accounts.” After a preliminary investigation it has been found that the purloined database of Australia-based niche dating service Cupid Media was found on the same server where hackers had amassed tens of millions of records stolen from Adobe. More than 42 million peoples' unencrypted names, dates of birth, email addresses and passwords have been found from the pinched database. I am very much wearied to see that a high value site like Cupid is unconcerned about the basic security counter measure. Even their confidential tables remained unencrypted which allows the hacker to gain the personal information in plain text. Like the Cupid Media security team, the registered users also found very much inadvertent and unaware of basic security measures. I am saying this because of the leaked passwords, almost two million picked "123456", and over 1.2 million chose "111111". "iloveyou" and "lovely" both beat out "password", and while 40,000 chose "qwerty", 20,000 chose the bottom row of the keyboard instead - yielding the password "zxcvbnm". 

Jason Hart of famous data protection firm Safenet said "The true impact of the breach is likely to be huge. Yet, if this data had been encrypted in the first place then all hackers would have found is scrambled information, rendering the theft pointless."

This security breach of Cupid Media reminds us  the decent history of breach where we have seen a slew of attacks against the following sites: Drupal.org  Scribd, Guild Wars 2, Gamigo, Blizzard, Yahoo, LinkedIn, eHarmony, Formspring, Android Forums, Gamigo,  Nvidia,Blizzard, Philips, Zynga, VMWare, Adobe,  Twitter,  New York Times, Apple and so on. While covering this story on behalf of VOGH, I am warning our readers across the globe to use strong alphanumeric passwords to avoid such disaster. Also the webmasters and security administrator are highly recommended to use salted encryption in their database to prevent fortuitousness cyber attack. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Cupid Media Network Breach Exposes 42 Million Passwords in Plain Text "https://www.voiceofgreyhat.com/2013/11/cupid-media-breach-exposes-42million-plaintext-passwords.html</a>

Pirate Bay Co-Founder Svartholm Warg Accused For Hacking, Fraud & Attempt to Steal Money From Bank

Pirate Bay Co-Founder Svartholm Warg Accused For Hacking, Fraud & Attempt to Steal Money From Swedish Bank 

The Pirate Bay also known as TPB is the most infamous website providing torrent files and magnet links to facilitate peer to peer file sharing. It is fact that many of us love the website, but it is also undeniable that if you are in the core team to run TPB then you are definitely sitting on the edge of legality. Many of you have already started terrifying! But I have the news which will not frighten you but surely will surely frighten Gottfrid Svartholm Warg, the co-founder of Pirate Bay. Gottfrid might get mercy if he could limited himself only into Pirate Bay, but in reality he did not and crossed all the lines. The 27-year-old’s Gottfrid widely known as 'Anakata' has been charged for hacking several Swedish companies and stealing their personal data. He and three others are also accused of attempting to make illegal online money transfers. Prosecutors claim Warg  along with three others—hacked IBM mainframes belonging to tax firm Logica and the bank to transfer money from various bank accounts. In total, the four men reportedly attempted to transfer just over US$900,000. Warg has also been accused of hacking into the databases of several Swedish businesses and the government’s federal taxing agency.

In his statement prosecutor Henrik Olin said - "A large amount of data from companies and agencies was taken during the hack, including a large amount of personal data, such as personal identity numbers (personnummer) of people with protected identities. I'd say that Svartholm Warg is the main person and brains behind the hacker attack. We've had a lot of theories but I can't find a motive in the evidence. What I can say is that we're talking about an incredibly technically advanced hack against a large server environment considered to have very high security and that can boost one's status in certain circles" 

Three other people have been indicted along with Svartholm Warg. They are all charged with serious fraud, attempted aggravated fraud, and aiding attempted aggravated fraud. According to the indictment, authorities seized a computer and chat transcripts of Svartholm Warg and the other suspects. Olin claims that it is the biggest investigation into a data intrusion ever conducted in the country. 

Here we want to remind you that Svartholm Warg, 27, was arrested in Cambodian and deported to Sweden in September last year due to an arrest warrant issued for him in relation to his conviction in the Pirate Bay trial. Since December, Svartholm Warg has been held in a prison in Mariefred in central Sweden where he is serving out a prison sentence related to his activities with The Pirate Bay.

-Source (The Local, RT)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Pirate Bay Co-Founder Svartholm Warg Accused For Hacking, Fraud & Attempt to Steal Money From Bank"https://www.voiceofgreyhat.com/2013/04/TPB-Co-Founder-Svartholm-Warg-Accused-For-Hacking.html</a>

'Scribd' World's Largest Document Sharing Website Admits Security Breach

'Scribd' World's Largest Document Sharing Website Admits Security Breach 

Scribd- San Francisco-based document sharing site have fallen victim of cyber attack. Such kind of massacre is no doubt very much shameful for one of the world largest document sharing website which have more than 100 million of registered user. Like other largest companies, Scribd acknowledged the attack. In their official security announcement the company said that the operations team of Scribd have discovered and blocked suspicious activity on Scribd's network that appears to have been a deliberate attempt to access the email addresses and passwords of registered Scribd users. But the matter of relief is that only the 1% of its registered users have been affected during the hack. Immediately after this intrusion get spotted Scribd security team have emailed every user whose password was potentially compromised with details of the situation and instructions for resetting their password.  So, if you are a Scribd user and you did not receive such email from Scribd, then you are most likely unaffected.  If you still wish to check, you can use this web tool to determine if your account was among those affected. From the official announcement of Scribd, we came to know that the inertial investigation have already take place, which indicates that no content, payment and sales-related data, or other information were accessed or compromised. It has been  believed that the information accessed by the hackers was limited to general user information, which includes usernames, emails, and encrypted passwords.  Even though this information was accessed, the passwords stored by Scribd are encrypted (in technical terms, they are salted and hashed). Most of the users were therefore unaffected by this; however, the analysis shows that a small percentage may have had their passwords compromised. In an abundance of caution, it has been highly recommended for those affected users to reset their password and to change their password on any other services they might have used it on. 

At conclusion of the note, Scribd team did serious apology to its users while saying -"we would like to sincerely apologize for our failure to live up to our users' expectations in this instance. We’re incredibly disappointed that this happened and are committed to doing everything we can to prevent this from happening again. We will work harder than ever to ensure that we deserve the trust that our users place in us." 

While talking about big cyber attacks against large companies we would like to remind you in the last year we have been a slew of attacks against the following sites: Guild Wars 2, Gamigo, Blizzard, Yahoo, LinkedIn, eHarmony, Formspring, Android Forums, Gamigo,  Nvidia,Blizzard, Philips, Zynga, VMWare, Adobe,  Twitter  New York Times, Apple and so on. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">'Scribd' World's Largest Document Sharing Website Admits Security Breach"https://www.voiceofgreyhat.com/2013/04/Scribd-Admits-Security-Breach.html</a>

3 Russian Cyber Criminal Who Was The Master Mind of Banking Trojan 'Gozi' Charged in New York

3 Russian Cyber Criminal Who Was The Master Mind of Banking Trojan 'Gozi' Charged in New York 

Yet again another serious issue of cyber crime get resolved when the FBI tracked and figured out the master mind of infamous 'Gozi banking Trojan' which effected more than millions of system world wide, including a handful at NASA, leading to tens of millions of dollars in lost banking funds and damages to computer systems and networks. Three alleged international cyber criminals from Russia, responsible for creating and distributing 'Gozi' that infected over one million computers and caused tens of millions of dollars in losses charged in Manhattan Federal Court. Mihai Ionut Paunescu aged 28, a Romanian, Deniss Calovskis, 27, a Latvian, and Nikita Vladimirovich Kuzmin, 25, of the Russian Federation, are charged with computer intrusion, conspiracy to commit bank and wire fraud and access device fraud. Federal authorities said the three were arrested last week; Kuzmin is being held in New York, while Paunescu is in custody in Romania and Calovskis in Latvia. 

According to the press release of FBI -Deniss Calovskis, a/k/a “Miami,” a Latvian national who allegedly wrote some of the computer code that made the Gozi virus so effective, was arrested in Latvia in November 2012. Mihai Ionut Paunescu, a/k/a “Virus,” a Romanian national who allegedly ran a “bulletproof hosting” service that enabled cyber criminals to distribute the Gozi virus, the Zeus trojan, and other notorious malware and to conduct other sophisticated cyber crimes, was arrested in Romania in December 2012. 

The cases are being handled by the Complex Frauds Unit of the United States Attorney’s Office. Assistant United States Attorneys Sarah Lai, Nicole Friedlander, and Thomas G.A. Brown, along with Trial Attorney Carol Sipperly of the Computer Crime and Intellectual Property Section of the Department of Justice on the Paunescu case, are in charge of the prosecution. The charges contained in the Indictments are merely accusations, and the defendants are presumed innocent unless and until proven guilty.

Defendant	Age and Residence	Charges	Maximum Penalty
Nikita Kuzmin	25; Moscow, Russia	Conspiracy to commit bank fraud; bank fraud; conspiracy to commit access device fraud; access device fraud; conspiracy to commit computer intrusion; computer intrusion	95 years in prison
Deniss Calovskis	27; Riga, Latvia	Conspiracy to commit bank fraud; conspiracy to commit access device fraud; conspiracy to commit computer intrusion; conspiracy to commit wire fraud; conspiracy to commit aggravated identity theft	67 years in prison
Mihai Ionut Paunescu	28; Bucharest, Romania	Conspiracy to commit computer intrusion; conspiracy to commit bank fraud; conspiracy to commit wire fraud	60 years in prison

Brief About Gozi:-
The Gozi virus is malicious computer code, or “malware,” that steals personal bank account information, including usernames and passwords, from the users of affected computers. It was named by private sector information security experts in the U.S. who, in 2007, discovered that previously unrecognized malware was stealing personal bank account information from computers across Europe on a vast scale, while remaining virtually undetectable in the computers it infected. To date, the Gozi virus has infected over one million victim computers worldwide, among them at least 40,000 computers in the U.S., including computers belonging to the National Aeronautics and Space Administration (NASA), as well as computers in Germany, Great Britain, Poland, France, Finland, Italy, Turkey, and elsewhere, and it has caused tens of millions of dollars in losses to the individuals, businesses, and government entities whose computers were infected.

The Gozi virus was distributed to victims’ computers in several different ways. In one method, the virus was disguised as an apparently benign .pdf document which, when opened, secretly installed the Gozi virus on the victim’s computer. Once installed, the Gozi virus—which was intentionally designed to be undetectable by anti-virus software—collected data from the infected computer in order to capture personal bank account information including usernames and passwords. That data was then transmitted to various computer servers controlled by the cyber criminals who used the Gozi virus. These cyber criminals then used the personal bank account information to transfer funds out of the victims’ bank accounts and ultimately into their own personal possession.

For Detailed Information Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">3 Russian Cyber Criminal Who Was The Master Mind of Banking Trojan 'Gozi' Charged in New York"https://www.voiceofgreyhat.com/2013/02/MasterMind-of-Banking-Trojan-Gozi-Charged.html</a>

Master Card Blog Hacked & defaced By Syrian Electronic Army

Master Card Payments Perspectives Blog Hacked & defaced By Syrian Electronic Army

It's became a very common scenario that hackers targets banks, payment gateway and other financial sectors. Sites like Paypal, Visa, Master Card were among those common victims who used to face massive round of cyber attacks. Past two years hacktivist managed to interrupt the service of those websites many times. Here also in the beginning of 2013 almost same situation took place, when the official blog of Master Card get hacked and defaced.  It was the Saturday evening when a hackers collective group named "Syrian Electronic Army" managed to breach and get access inside Master Card blog. I am sure that all our readers will be shocked after hearing the way of intrusion. In the platform of the blog, Master Card was using an older version of WordPress (Ver. 3.3.2) which has several critical vulnerabilities like XSS, file uploading, CSRF and so on. Exploiting those loopholes the hacker managed to get access inside the blog and defaced one of the page of the giant in international financial services company's blog. Though WordPress have released a security patch and also version 3.5, but it's quite unfortunate and shocking that Master Card did not even patched their older version for which their system get penetrated. It is truly unbelievable that sites like Master Card is so careless about basic security and counter measure of cyber attack. According to sources Syrian Electronic Army used  the CSRF exploit of WordPress which is said to be available on the Internet and allows an attacker to add a new administration user. This is a possible explanation of how the Syrian Electronic Army managed to hack and deface the blog. After this incident occurs Master Card immediately updated the version of WP and closed those back doors. Still the the defaced and cached version of the  blog can be viewed on Google’s Web Cache. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Master Card Blog Hacked & defaced By Syrian Electronic Army"https://www.voiceofgreyhat.com/2013/01/MasterCard-Blog-Hacked-By-Syrian-Electronic-Army.html</a>

EU Opens The Door of European Cybercrime Centre (EC3) To Protect Europe From Cyber Threat

EU Opens The Door of European Cybercrime Centre (EC3) To Protect Europe From Cyber Threat

We all are aware of FBI's Internet Crime Complaint Center also known as IC3, which is protecting U.S. citizen from cyber criminals and attacks. But the cyber world is not limited to U.S. so as cyber criminals, and to get rid of this and while protecting every countries digital fence safe and secure there need to be organizations like IC3. All the growing and developing countries across the globe are in rush to ensue maximum digital and cyber security. This same rush and impact also applies for Europe countries and the result is in front of us. As the fight against cyber crime in Europe has got a new home. The European Cybercrime Centre (EC3) officially open its doors from this January 11, at the European Police Office, Europol in the Hague. In the middle of last year European Commission declared that are preparing a cybercrime center to fight against cyber threats. And after an effort of six months they made it possible and live for the people of Europe. Such organization will surely enhance the cyber security of European countries.  In the official press release EUROPA said "EC3 will be up and running to help protect European citizens and businesses from cyber-crime." 

EC3 officially commenced its activities on 1 January 2013 with a mandate to tackle the following areas of cybercrime: 

• That committed by organised groups to generate large criminal profits such as online fraud
• That which causes serious harm to the victim such as online child sexual exploitation
• That which affects critical infrastructure and information systems in the European Union

According to the press release of European Commission - "The Cybercrime Centre will give a strong boost to the EU's capacity to fight cybercrime and defend an internet that is free, open and secure. Cybercriminals are smart and quick in using new technologies for criminal purposes; the EC3 will help us become even smarter and quicker to help prevent and fight their crimes", said Commissioner Malmström.

"In combatting cybercrime, with its borderless nature and huge ability for the criminals to hide, we need a flexible and adequate response. The European Cybercrime Centre is designed to deliver this expertise as a fusion centre, as a centre for operational investigative and forensic support, but also through its ability to mobilise all relevant resources in EU Member States to mitigate and reduce the threat from cybercriminals wherever they operate from", said Troels Oerting, Head of the European Cybercrime Centre

Investigations into online fraud, child abuse online and other cybercrimes regularly involve hundreds of victims at a time, and suspects in many different parts of the world. Operations of this magnitude cannot be successfully concluded by national police forces alone.

The opening of the European Cybercrime Centre (EC3) marks a significant shift in how the EU has been addressing cybercrime so far. Above all, the approach of the EC3 will be more forward-thinking and inclusive. It will pool expertise and information, support criminal investigations and promote EU-wide solutions.

The EC3 will focus on illegal online activities carried out by organised crime groups, especially attacks targeting e-banking and other online financial activities, online child sexual exploitation and those crimes that affect the critical infrastructure and information systems in the EU.

The Centre will also facilitate research and development and ensure capacity building among law enforcement, judges and prosecutors and will produce threat assessments, including trend analyses, forecasts and early warnings. In order to dismantle more cybercrime networks and prosecute more suspects, the EC3 will gather and process cybercrime related data and will provide a Cybercrime Help desk for EU countries' law enforcement units. It will offer operational support to EU countries (e.g. against intrusion, fraud, online child sexual abuse, etc.) and deliver high-level technical, analytical and forensic expertise in EU joint investigations. 

For Detailed Information Please Visit The Official Website of Europol's EC3 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">EU Opens The Door of European Cybercrime Centre (EC3) To Protect Europe From Cyber Threat"https://www.voiceofgreyhat.com/2013/01/European-Cybercrime-Centre-EC3.html</a>

Official Website of Senator Vicente C. Sotto III Hacked By Anonymous Philippines

Official Website of Senator Vicente C. Sotto III Hacked By Anonymous Philippines

Philippines rampage of hacktivist Anonymous continues, as this hacker collective group strikes again and blown the official website of Senator Vicente C. Sotto III. This attack carried under the banner of 'OccupyPhilippines' where the hacker group hacked into server of Senator Tito Sotto and defaced the index page. According to the hacker, the cyber attack was to stand against the controversial "Cybercrime Prevention Act of Philippines" widely known as Republic Act No. 10175. The hacker group believed that, if this bill did not get revised, then the freedom of speech in cyber space will be restricted. During this attack the hacker tried to send his message to the Senator, and that is - 

"It's been a long time, Tito Sen! Deny us our freedom of speech and of expression through R.A. 10175 

and we will deny you your cyberspace. You cannot shut us up, you cannot shut us down. 

And you shall not see us rest until R.A. 10175 is revised.

We are all waiting, we are all ready.

We are Anonymous, we are legion.

We do not forgive and we do not forget.

Expect Us

Protect our Right to Freedom of Expression!..."

The attack took place in yesterday evening, as soon as the intrusion was spotted the site was sent offline for a certain period. And today morning, the whole thing get restored and it came back to its normal format. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Official Website of Senator Vicente C. Sotto III Hacked By Anonymous Philippines"https://www.voiceofgreyhat.com/2013/01/Senator-Tito-Sotto-Hacked-By-Anonymous.html</a>

‘Pervasive Vulnerability’ Found in The Robotic Aircraft of Drone Fleet

 ‘Pervasive Vulnerability’ Found in  The Robotic Aircraft of Drone Fleet

Unmanned aerial vehicle (UAV), widely known as a drone has always been gone through with several controversies in case of both defense and cyber security. Yet again several question arises regarding the security system and the control algorithms of drone. According to the Pentagon’s premier science and technology division a a “pervasive vulnerability” have been found in the robotic aircraft of drone. The control algorithms for these crucial machines are written in a fundamentally insecure manner, says Dr. Kathleen Fisher, a Tufts University computer scientist and a program manager at the Defense Advanced Research Projects Agency. There’s simply no systematic way for programmers to check for vulnerabilities as they put together the software that runs our drones, our trucks or our pacemakers.

In our homes and our offices, this weakness is only a medium-sized deal: developers can release a patched version of Safari or Microsoft Word whenever they find a hole; anti-virus and intrusion-detection systems can handle many other threats. But updating the control software on a drone means practically re-certifying the entire aircraft. And those security programs often introduce all sorts of new vulnerabilities. “The traditional approaches to security won’t work,” Fisher tells Danger Room.

Fisher is spearheading a far-flung, $60 million, four-year effort to try to develop a new, secure way of coding and then run that software on a series of drones and ground robots. It’s called High-Assurance Cyber Military Systems, or HACMS. For detailed information about this story click Here. 

While talking about drone and its security we would like to give you reminder that in 2011 we came to know that a stealthy key-logger has hit the U.S. Drone logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other war zones. Later Iran took responsibility of that cyber attack. Also in 2012 drone was in controversy where researcher have figured out that drone fleets are vulnerable to GPS spoofing and it can be hijacked by any malicious attacker or terrorist. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href="> ‘Pervasive Vulnerability’ Found in The Robotic Aircraft of Drone Fleet"https://www.voiceofgreyhat.com/2013/01/Pervasive-Vulnerability-Found-in-Drone.html</a>