We use email every day, be it sending them for work or personal reasons or getting a thousand and one emails advertising everything from something you are interested in helping a foreign prince distribute their wealth. One way that you can be protected when sending emails is to send encrypted emails, something which has risen in use by 25% for Gmail users.
What caused this spur of encrypted emails? Google stated last year that they would start flagging up emails which were unencrypted, warning users which providers and emails were being sent from services that supported TLS encryption. This change came into effect in February this year, the end result of which was the 25% increase in encrypted emails that Gmail has reported in the last month.
Google isn’t acting alone on this, with Comcast, Microsoft, Yahoo and other companies in the industry looking to create SMTP, a new standard that could be used to help protect emails from man-in-the-middle attacks.
Combining all these with their recent push on security updates in Chrome and Android, including their use of two-factor authentication encryption and warning people about state-sponsored attacks on accounts, it’s becoming more and more clear that even in the digital world, companies want your private information to remain private.
When it was revealed I couldn’t believe my eyes. Someone walks up to a car and its locked, someone else walks up and can instantly get in and at the press of a button start the engine, no key required. Wireless key technology is now employed in cars all over the world and allows for users to avoid the hassle of finding their car keys, sadly it looks like a radio attack lets hackers do exactly the same thing without you even knowing.
A group of german vehicle security experts have studied how the radio hack uses your keys to break into your own key. The whole principle of wireless keys is that the engine and the doors will only work when the keys are within a certain range of the vehicle, this means that if you aren’t near your car it’s just an expensive piece of metal and technology.
Munich-based automobile club, ADAC, tested a hacking technique that uses the principle of “amplification” to fool your car into believing that the keys are actually closer than they actually are. In total, their study found 24 different vehicles were vulnerable, and it wasn’t just one manufacturer that was involved, 19 different manufacturers were vulnerable to the radio attack. What does this mean? Using this kind of attack someone can walk up to your car, and using a small pocket amplification device, unlock and drive away your car. No alarms,
What does this mean? Using this kind of attack someone can walk up to your car, and using a small pocket amplification device, unlock and drive away your car. The total cost of this hack? $225 for the device. Compare that to the cost of the Audi A3, A4 and A6, Ford Galaxy, Mitsubishi Outlander, Renaults Traffic and countless other models that are vulnerable to this attack.
The technique works by “amplifying” your keys signal. In reality, what happens is the key fobs signal is relayed through a pair of radios. Is this an example of technology being made too smart, at the cost of security, in order to save us a few seconds of inconvenience?
It is often easy to forget that while the majority of drones making the news are operated by hobbyists and amateurs, the US government is rolling out a number of more expensive UAVs for use by first responders and the police. Now, security researcher at IBM, Nils Rodday has potentially thrown a spanner in the works of this, by demonstrating that at least one model of these government standard drones has security vulnerabilities that allow it to be hacked from as far away as a mile, allowing an attacker to seize control of the craft for their own ends or simply cause it to drop from the sky.
The full extent of the vulnerability will be demonstrated by Rodday at the RSA conference this week where he will show how a $30,000 to $35,000 drone can be taken over or knocked out of the sky by a security flaw in its radio connection using just a laptop and a cheap radio chip connected via USB. Due to the fact that the connection between the operator and the drone are left unencrypted to allow commands to be processed more quickly, an attacker who can send the correct sequence of signals to the drone’s telemetry box can impersonate the true operator, locking them out of control of the drone. “You can inject packets and alter waypoints, change data on the flight computer, set a different coming home position,” Rodday says. “Everything the original operator can do, you can do as well.”
With the ongoing fear of irresponsible drone use by hobbyists, it is even more concerning that the expensive drones operated by official bodies are so vulnerable to attack. Should an attacker wish to cause serious harm, it would appear it could be done using a hacked police drone with surprising ease. “If you think as an attacker, someone could do this only for fun, or also to cause harm or to make a mess out of a daily surveillance procedure,” says Rodday.
DDoS attacks are becoming more prevalent each year, and a real nuisance for service providers trying to effectively run a network. The idea behind these attacks is to overwhelm a website or network service with traffic to cause temporary disruption. It’s unclear why people engage in these measures, but perhaps it’s some sort of protest against a website’s content or anger towards society. Whatever the case, DDoS attacks are a major problem and the latest State of the Internet report makes for some alarming reading. According to the data, DDoS attacks increased by a whopping 148.85 percent in Q4 2015 compared to Q4 2014.
Furthermore, there was a 168.82 percent increase in infrastructure layer 3 and 4 attacks. Interestingly, the quantity of DDoS attacks increased by 39.89 percent versus the last quarter which shows their rapid rise. There’s a lot of quick attacks being made and the average duration decreased from 29.33 hours to 14.95 hours. This is a reduction of 49.03 percent compared to Q4 2014. The report goes onto say:
“In other words, while the average gigabits per second per attack increased, the average number of packets per second decreased,”
“In fact, only three attacks exceeded 30 million packets per second in Q4, a statistic that has steadily decreased for several quarters.”
“Sites offering booter tools are purportedly set up to allow administrators to load test their own sites. However, many of the sites are used as DoS-for-hire tools, relying on reflection attacks to generate traffic.”
Other data shows DNS-based traffic rose by 92 percent, chargen traffic went up by 52 percent and udp grew by 20 percent. There was even one attack which reached 309Gbps, and five instances of attacks over 100GBps. This is down though from Q4 2014’s figure of five. As you can see, DDoS attacks are really becoming problematic especially from the Chinese region. It looks like this trend will continue and increase at a scary pace.
Back in December 2015, 225 thousand people in Ukraine were without power, which a US report has now blamed on hackers. This would make it the first known successful hack against utilities. The report was created by the US Department of Homeland Security, based on a number of interviews with members of staff at Ukrainian organizations that handled the aftermath.
According to the report, the attack was made up of multiple stages, with hackers initially planting malware on computer systems operated by Ukrainian power generation firms, distributed by email in a technique known as “spear phishing”. From there, the hackers were able to remotely access the computers, allowing them to remotely flip circuit breakers to as many as 80,000 customers of Ukraine’s Prykarpattyaoblenergo. The hackers then locked up the customer service lines with a vast number of fake calls, aiming to stop legitimate customers from reporting the power outage.
The report is entirely based on interviews, and the writers of the report, the cyber-emergency response team in the Industrial Control Systems arm of the DHS, had not been able to independently review any technical evidence at the time of writing. While no group or nation was named as responsible in the report, evidence suggests that a well-known Russian hacker group committed the attack.
There has been a huge explosion of online ransomware within the last year or two which has seen a huge number of consumer’s, unfortunately, falling victim to this ever present and growing technique. Now, there is a new technique which is being served to consumers via the PopAds network and it contains the Magnitude exploit kit via pop-under ads.
For those who are unfamiliar with a Pop-under ad, this is a type of online advertisement that appears behind the main browser window and remains open until the user manually closes it. Consumers who failed to update their version of Flash Player (which we are constantly being informed to do) were immediately infected with the CryptoWall ransomware.
The infection campaign began around the 1st January 2016 with ads being placed within avenues that included both NSFW and also video streaming sites. Below is an image to convey the geographic location of infections that have been caused by this new technique, as you can see, Spain is in the lead with 14.3% with the Netherlands, France and Poland that are next and are level with 11.4% each. The spread of countries according to this data is mostly within Europe, although an exception to this is South Korea.
Once a user has been infected they will typically see a CryptoWall ransom page window that will state the following as conveyed by the image below, it is a bit of an insult to say “Congratulations, you have become a part of large community Cryptowall” Users will need to pay a ransom as is commonly associated with these typical types of ransomware infections.
These cases highlight the need for a strong and reliable backup system which will help to mitigate in the event that your hard drive is encrypted, also, it is always essential to keep your browser, plugins and various system updates current for your OS. If you wish to add further defenses then it may be worthwhile to either disable or uninstall Flash Player as well as running an up to date Anti-Virus and Malware scanner.
These types of infections will become more and more advanced and also very common in 2016 and vigilance is required by users in order to help to avoid such attacks.
The mechanical gaming keyboard is quite busy these days, but we’ve seen quite a few fantastic keyboards from Cougar recently and I’m eager to see what their latest has to offer. The Attack X3 features a fully mechanical design, with a choice of four Cherry MX switches, red, brown, blue and black, so finding one that suits your personal preferences should be an easy task.
“The COUGAR Attack X 3 is a pro gamer’s dream, come true. Cherry MX Switches, fully configurable key functions (including macros), strong red backlight and a durable and visually stunning aluminum design. No superfluous buttons or additions, only what true gamers need.”
There’s a whole host of features that will appeal to gamers, starting with a durable and rather stylish brushed aluminium frame, high-end mechanical switches, 10 programmable keys, full backlighting, multimedia keys, NKRO and more.
The box has a nice image of hte keyboard on the front, as well as details of the Cherry MX switches and the latest Cougar UIX software.
Around the back, a much more detailed feature breakdown, covering the various switches available, N-Key rollover, built-in memory and more.
The Attack X3 comes hard-wired with a hard-wired USB cable, which is nice and long, making it easily placed if you have a large desk.
The development of self-driving cars promises to offer consumers an exciting future, now, regulators in the sprawling metropolis known as California have published draft proposals aimed at paving the way for consumers to legally use self-driving cars on the road.
Included within the recommendations from the Department of Motor Vehicles is the stipulation that a fully licensed human driver must be present behind the wheel in case the technology fails or decides to drive into the nearest hedge. I understand the fully licensed bit, but I would have thought the whole point of a self-driving car is for people to easily travel from A – B in the car. The new regulations also stipulate that users must undergo “special training” and manufacturers must monitor the cars use.
Technology giant Google has experimented to the point whereby a vehicle does not even need a steering wheel or pedals, this sounds impressive, albeit slightly dangerous, for the foreseeable future at least. So much so that the DMV recommends all self-driving vehicles to be equipped with traditional controls. The draft regulations also provide requirements for self-driving cars to be protected from cyber attacks; it will be interesting to see how manufacturers respond to this considering very little is immune from hacks in the digital age.
Many fans and experts alike envisage a future whereby a driving licence is obsolete and even non-drivers are able to metaphorically drive, sounds good until you factor in the many issues including longer traffic jams as more people are able to use a vehicle, only time will tell as to the path with which this new breed of tech will follow.
The hacking group, Lizard Squad targeted the poor security on Xbox Live and PlayStation Network last year and caused major disruption during the holiday period. This meant many new console owners couldn’t play games online with their friends and spoilt the festive cheer for three long days. In the past year, the National Crime Agency has made arrests and targeted Lizard Squad’s cyber criminal activities. However, being anti-establishment can inspire other disaffected people to create a similar organization. Sadly, this is the case, and a new group entitled, Phantom Squad is threatening to shut down Xbox Live and PlayStation Network during Christmas:
Not only that, the group plans to switch the servers offline for a week and ruin people’s excitement to play games during their time off. This really is pathetic, and illustrates how petty human beings can be. I’m not entirely convinced if the group can perform this hack as it might just be trolls engaging in attention seeking. Although, if any kind of mass outage occurred, both Microsoft and Sony have to answer questions about their investment in online security. Hopefully, this isn’t a sign of things to come and only shows how bitter some people are in the modern world. If you’re frustrated with society, trying to ruin other people’s lives to make your own self-image improve is a flawed line of thinking.
On Friday, a number of Twitter users received a notification from the social networking platform, explaining that their accounts had been the target of state-sponsored actors. Unsurprisingly, the supposed targets of these attacks were mass surveillance researchers and security professionals.
The incident was surprising for users of Twitter, as until the notifications went out at 17:30 EST, Twitters notification service regarding state-sponsored attacks had never before been seen, let alone mentioned by Twitter. Fortunately for those affected, Twitter assures in the notification email that they believe that only email addresses, IP addresses, and phone numbers could have been taken by a breach, and even then, could not confirm that any data had been taken. The compromising of a single social media account can be a big deal though, with some users holding multiple Twitter accounts for different purposes, and using personal details and account credentials could yield access to other sites too.
Twitter is yet to release any further information beyond the notification letter, however people have begun theorizing what could be taking place, with Jacob Appelbaum, a key member of the Tor Project taking the effort to keep up a list of sorts of the individuals receiving the notifications. He questioned in a tweet whether Twitter had been “owned” or hacked. More information and theorycrafting on the topic has come under the hashtag #StateSponsoredActors which also discusses Twitter’s blocking of a number of accounts used through the Tor service.
Twitter is not the only online service with warnings against incidents with state attackers, with Google having one in place and Facebook having launched theirs back in October, which immediately identified attacks on US Government employees.
Someone actually tried the impossible on two separate occasions, to take down the internet’s backbone. They did ultimately fail for multiple reasons, but at the same time, they actually got a surprisingly good result out of their attack.
Early last week the Internet’s DNS Root Servers, that are the authoritative reference for mapping domain names to IP addresses, were hit with a flood of as many as 5 million queries per second for up to three hours with the goal to crash the servers. The Distributed Denial of Service (DDoS) attack took place on November the 30th and December the 1st.
The DDoS attack effectively managed to take 3 of the 13 DNS Root Servers offline for a couple of hours which in itself is quite impressive. It does however not have any real effect on the world due to the nature of DNS’ structure. DNS servers are built up in a mesh structure which means that you’ll need to take down all of them at the same time to have any real effect. And that includes the thousands of DNS servers that users connect to from their ISPs as well as all the public ones. Should the request to one DNS server fail, another will jump in and you’ll merely have a minor delay and no breakdown.
According to an analysis published by the root server operators on Tuesday, each attack fired up to 5 million queries per second per DNS root name server, and that was enough to flood the network and cause timeouts on the B, C, G, and H root servers.
At this time, there is no indication of who or what was behind this large-scale DDoS attacks. The source IP addresses used in the attacks were very well distributed and randomized across the entire IPv4 address space, so there is no clue to go by. The same goes for the motive, maybe it was a ‘let’s see if we can do it’ thing.
The National Crime Agency embarked on an appalling advertising campaign yesterday“aimed at educating the parents of 12-15 year old boys” who might be proponents of cyber-crime. Already we can see the ignorance flowing here, as focusing on the male gender is incorrect, and targeting such a narrow age range seems completely ludicrous. Not only that, the organization created a checklist for parents to help investigate their own children and see if they are engaging in illegal activity. This is a prior warning, the compiled list is possibly the biggest pile of nonsense I’ve read in years.
“Warning signs of cyber crime
The following behaviours may indicate a young person is at risk of getting involved in cyber crime:
Is your child spending all of their time online?
Are they interested in coding? Do they have independent learning material on computing?
Do they have irregular sleeping patterns?
Do they get an income from their online activities, do you know why and how?
Are they resistant when asked what they do online?
Do they use the full data allowance on the home broadband?
Have they become more socially isolated?
If a young person is showing some of these signs try and have a conversation with them about their online activities. This will allow you to assess their computer knowledge proficiency so you can understand what they are doing, explain the consequences of cyber crime and help them make the right choices.”
There’s so much wrong with the questions above that I really don’t know where to start. The idea that children spending time online is a negative concept is unbelievably outdated, and laughable. The internet is an integral part of daily life from educational activities to keeping up with friends on various social media platforms. Additionally, human beings don’t all have to be brash, loudmouth extroverts, and social isolation isn’t anything to be suspicious off. In reality, many socially isolated people are very creative and struggle to communicate with people. Anxiety is a terrible condition to deal with its impossible for non-sufferers to understand the daily torment. That’s why it’s incredibly hurtful to judge people and be suspicious of them just because they want alone time.
On another note, the one key profession society will need in the future is programmers, and they are in short supply at the high skill level. We should be actively encouraging children to attain coding skills and make their interest in this field flourish. To insinuate this passion as a negative aspect is frankly, embarrassing.
Hilariously, the NCA contradicts themselves and goes onto say:
Ways to use cyber skills positively
Skills in coding, gaming, computer programming, cyber security or anything IT-related are in high demand and there are many careers and opportunities available to anyone with an interest in these areas.”
According to their impeccable logic (insert sarcasm here), coding is a suspicious trait but it’s a way to use skills in a positive manner. If anyone can explain what the marketing team has been drinking, I’d love to know. This entire campaign makes zero sense and is a complete farce. While some feel the need to ridicule it, I find it very worrying that people in power have such an idiotic and uneducated viewpoint on the subject matter. As previously mentioned, the government, the actors, and anyone else involved in this mess should feel ashamed.
If you’re brave enough, here’s the cringe-worthy video in full:
Anonymous started a new offensive against ISIS following the terrible attacks on Paris and while we all like that part, it’s hard for me to take them serious in any way. They surely have a few talented people with skills and connections in their group, but for the most part, their skills go as far as pressing a button in a pre-built application in order to launch DDoS attacks on a specific target.
We’ve recently learned that their offensive isn’t going all that good and now they’ve come out and accused CloudFlare of protecting pro-ISIS websites. CloudFlare makes software which prevents denial of service attacks which is the preferred method of attack from the Anonymous group, so this doesn’t come as a big surprise. Terrorists might live with a stone-age mentality, but they do know how to use modern technology. CloudFlare faced similar accusation from the group back in 2013 when they launched an offensive against Al-Qaeda websites.
CloudFlare naturally defends itself against the accusation and as they say, it wouldn’t be a good business model for them. Groups like that will most likely pay with stolen credit card credentials and that is not good for a business. The company also stated that they would cooperate with any law enforcement agency when presented with a legal warrant or court order regarding any of their customers. So maybe Anonymous should forward their evidence to those instances instead of whining on social media about a normal service used by thousands of websites and that works as intended.
It has come to light that earlier this month, popular children’s computer company VTech were the victims of an attack by an unnamed hacker. The hacker was able to gain access to around 5 million user’s credentials, including the 200,000 children whose data was stored by VTech’s Learning Lodge online service.
The data was leaked as parts of the credentials may include details such as their names, email addresses and home addresses. Additionally included in the leak were the security questions and answers of the users, meaning cracking of the users passwords would not be necessary to compromise accounts and if the same password reset information was used on another site, those accounts would also be vulnerable. The scariest part is that the details of the children recorded by VTech included their names, birth dates and genders and could be used to link them to their parent’s accounts, providing those with sinister motives access to the locations of countless children. According to the site Have I Been Pwned, a reputable repository of data breaches, this breach is the fourth largest leak of consumer data to date.
Thankfully, in an interview with Motherboard, the hacker, when asked what he intended to do with the data replied with “nothing”. And while he intends to do nothing with it, warned that others may have extracted data from the site before him, due to the ease of attack. The technique used to break into the site was an SQL injection, an old and simple way of attacking vulnerable websites, typically executed by inputting malicious code into the forms on a website, to manipulate it into performing an attackers desired operations. After using this to gain full access to the systems and databases, the attacker had free access to all of the data within.
And while VTech has responded to the breach by promising to “look at additional ways to strengthen our Learning Lodge database security.” However, this may not be enough. Following the attack, security expert Troy Hunt, as well as examining the data to assess the extent of the leak, went on to do a cursory security review of Vtech’s Learning Lodge site. He warned that the lack of encryption anywhere on the site as well as the site’s databases and APIs had the tendency to leak data mean that there didn’t even need to be a data breach for user information to be at risk.
If you are a user of the Learning Lodge site and wish to enquire further with VTech, they have set up a series of email accounts to handle them, which can be found here.
It should be considered fortunate that the perpetrator of this attack was willing to bring the breach to light and has no ill intentions for the data acquired, however, it is still unacceptable for a company that handles data, especially on vulnerable parties such as children, to engage in such poor security practice.
In a development that is likely to place more pressure on the technology sector, reports are coming out that the perpetrators of the recent Paris attacks used Sony PS4s to communicate and coordinate their attack. This comes after authorities have taken away the PS4s from the attackers homes and Belgian home affairs minister has said that the PS4 was chosen due to its difficulty to track.
Games and consoles have always been on the radar for authorities in monitoring suspects. After all, Edward Snowden revealed that the NSA and GCHQ had agents embedded into MMORPG World of Warcraft and Second Life in order to monitor suspects. XBox Live was monitored and part of the reason many were hesitant about the always on functions of the new consoles and the once mandatory Kinect.
At that time, PSN, the Sony’s Playstation Network was not mentioned as a target for monitoring. If it turns out the PS4 was used, authorities will likely start looking into PSN communications as well. Given the myriad number of ways players can communicate with each other in game, the large volume of communications and the importance of context, whether or not extra monitoring would help remains to be seen.
To be fair, Twitter isn’t the most accurate basis of judging mass opinion and usually revolves around the angry minority. However, in this case, I think TalkTalk’s arrogant management really is underestimating the scale of this problem and how damaging it’s been from a PR perspective. Harding weighed in on the company’s future and said the ISP is:
“very confident in the medium term future of TalkTalk”.
“Yesterday’s security might have been good enough but it’s not going to be good enough tomorrow,”
“I expect we will take security considerably more seriously than ever.”
@TalkTalkCare to which he then replied “do you want the installation or not?” Following this he grabbed his tools and stormed off
I honestly think customers are struggling to take these promises seriously and there’s a great deal of apprehension regarding network security. The company claims many people decided not to cancel their contract. Although, this might be because leaving their current contract leads to hefty fines. Additionally, a large quantity of TalkTalk’s audience doesn’t feel comfortable switching providers and needs to assistance of someone technically minded. Whatever the case, the cyberattack has dramatically altered people’s perceptions towards TalkTalk and I can’t see that changing anytime soon.
Just over a week ago, TalkTalk’s website fell victim to a cyber-attack and revelations have emerged regarding the company’s poor security infrastructure. It seems these attacks are becoming more prevalent as today, Vodafone admitted a data breach involving 1827 customers’ personal information. This include their bank details and telephone number. A spokesperson from Vodaphone confirmed the attack, and reaffirmed that it wasn’t due to their security measures:
“This incident was driven by criminals using email addresses and passwords acquired from an unknown source external to Vodafone. Vodafone’s systems were not compromised or breached in any way.”
“Whilst our security protocols were fundamentally effective, we know that 1,827 customers have had their accounts accessed, potentially giving the criminals involved the customer’s name, their mobile telephone number, their bank sort code, the last four digits of their bank account,”
“Our investigation and mitigating actions have meant that only a handful of customers have been subject to any attempts to use this data for fraudulent activity on their Vodafone accounts.”
A number of sources on Twitter have suggested the attack came from The Dark Web:
Vodafone says seen attempts to access 1,827 customers accounts after data theft – but says data came from dark web, no breach of its systems
The spokesperson went on to discuss the data loss’ ramifications and said:
“However, this information does leave these 1,827 customers open to fraud and might also leave them open to phishing attempts,”
“These customers’ accounts have been blocked and affected customers are being contacted directly to assist them with changing their account details.”
I do find Vodafone’s excuse to be fairly laughable and they have to take responsibility for the data loss. Professionals aren’t going to hack a major network without some form of protection and will make it difficult to trace. The information gathered is more than enough to cause chaos in terms of a person’s bank balance and can be used to help find other details like an email address.
September 11th, 2001 is a date in history which will always be remembered as the moment when global terrorism came to the doorsteps of ordinary US citizens. The morally repugnant attack shocked the world and demonstrated how unsafe modern society can be. Whatever you’re political affiliation or beliefs about American foreign policy, you cannot forget the innocent people who died on that fateful day. As a student of history, it’s important to look at atrocities and not shy away from the events of the past. This is so we can educate others to avoid future mistakes.
However, this has to be conducted in a respectful manner which puts academic interests first. Unbelievably, a game has been created for virtual reality devices entitled 8:46 which puts you in the footsteps of someone trapped in one of the Twin Towers. According to the project’s creative director, the game is designed:
“As a tribute to the victims of our generation-shaping experience.”
Realistically, 8:46 won’t be a commercial endeavor so the developer isn’t making any money from 9/11. Although, this doesn’t sit right with me as you hear the screams ringing throughout the buildings. Currently, you can download the game for free but it requires a VR device such as the DK2.
“And 9/11, on a global scale, changed as much our social interactions as our geopolitical context.”
“We worked with a lot of references, from an interview with a survivor to plans of the floors or journalistic works … to be precise about the events and the human dynamics in the towers,”
Clearly, this is a controversial release and one which divided opinion among some people. In my view, it is quite disrespectful to those who died in 9/11 and almost trivializes what transpired. Although, other opinions are just as valid, and it could be argued that the game finds a way to discuss 9/11 among modern audiences. Whatever the case, it’s certainly an eye-opening project.
Are you offended by this game or do you think it’s an interesting historical tool? To reiterate, we welcome a lively discussion but please refrain from political arguments as this is a technology site first and foremost.
You can try the sites yourself, but popular up-time checker Down for Everyone is showing similar reports. We’ve even seen Chillblast reporting on Twitter that their services have been down, but seem to be back up at the moment.
What’s weird about this attack is that its specifically PC system integrators and retail websites in the UK, so it seems someone has picked this market as flavour of the week. Scan have reported that they received an email asking for Bitcoins if they want their service restored, but it seems that none of the sites hit so far as stupid enough to pay, as that would open the door for further attacks, nor guarantee their recovery in the first place.
Could this be the same? It certainly seems so and we’ll be keeping an eye on the situation as it develops.
Have you noticed any major UK tech websites down today? Let us know in the comments section below.
Facebook has revealed a new feature that will notify users if it suspects their account has been hacked by parties “working on behalf of a nation-state,” including the US. If your account has potentially been compromised, a message reading “Please Secure Your Accounts Now. [User], we believe your Facebook account and other online accounts may be the target of attacks from state-sponsored actors,” will be displayed the next time you log in. Seeing such a message means that your account specifically has been compromised, rather than Facebook itself.
“While we have always taken steps to secure accounts that we believe to have been compromised,” writes Alex Stamos, Facebook’s Chief Security Officer, “we decided to show this additional warning if we have a strong suspicion that an attack could be government-sponsored. We do this because these types of attacks tend to be more advanced and dangerous than others, and we strongly encourage affected people to take the actions necessary to secure all of their online accounts.”
“It’s important to understand that this warning is not related to any compromise of Facebook’s platform or systems,” he adds, “and that having an account compromised in this manner may indicate that your computer or mobile device has been infected with malware. Ideally, people who see this message should take care to rebuild or replace these systems if possible.”
While Stamos says that Facebook cannot reveal the methods it uses to detect such attacks to maintain their integrity, he assures users that they will never appear frivolously. If you see such a message, take it seriously and change your password. Using log-in verification is also advised. Stamos adds that Facebook “will continue to improve our ability to prevent and detect attacks of all kinds against people on Facebook.”
We all know various connected infrastructure defences are vulnerable; these include recent attacks on high-profile websites and also communication arms of governments and well-known individuals. Technically anything can be hacked and therefore robust implementations need to be focused on securing data within organizations. Nuclear facilities are one such example and a new report warns of an increasing threat of a cyber attack that focuses on these plants.
The report by the influential Chatham House think tank studied cyber defences in power plants from around the world over an 18-month period; its conclusions are that “The civil nuclear infrastructure in most nations is not well prepared to defend against such attacks”. It pinpoints “insecure designs” within the control systems as one of the reasons for a possible future breach, the cause of this is most likely the age of the facilities and the need for modernization.
The report also disproves the myth surrounding the belief that nuclear facilities are immune from attacks due to being disconnected from the Internet. It said that there is an “air gap” between the public internet and nuclear systems that was easy to breach with “nothing more than a flash drive” Great, in theory that little USB drive could cause a nuclear holocaust. The report noted the infection of Iran’s facilities was down to the Stuxnet virus that used the above route.
The researchers for the report had also found evidence of virtual networks and other “links to the public internet on nuclear infrastructure networks. Some of these were forgotten or simply unknown to those in charge of these organisations”.
It was found by the report that search engines that sought out critical infrastructure had “indexed these links” and thus made it easy for attackers to find ways into networks and control systems.
This report has cheered me right up, it is noted that nuclear facilities are stress tested to withstand a variety of long-standing scenarios, though there does need to be a better understanding from staff in charge of the infrastructure in order to limit any potential damage a breach could inflict. The industry needs to adapt, gone are the days of one or two experts who could hack into a system, from state-sponsored cyber attacks to a teenager in their bedroom, the knowledge base is growing day by day and many companies are paying the price for poor security.
Let’s hope it’s not a nuclear power plant,
Thank youbbc for providing us with this information.
WinRAR has a base of some 500 million users worldwide, those same users might want to take a look at a new Zero Day Vulnerability which has been detected within the newest version of the software. According to Mohammad Reza Espargham, who is a security researcher at Vulnerability – Lab, the stable version of WinRAR 5.21 for Windows computers is vulnerable to a “remote code execution (RCE) flaw”. Let’s digest this flaw by breaking it down and having a closer look.
The vulnerability works by being implemented by an attacker with the aim of inserting a malicious HTML code inside the “Text to display in SFX window” section when the user is creating a new SFX file. Below is a video which conveys a test that proves the existence of this flaw, albeit in a controlled environment.
The annoying flaw with SFX files is they will start auto functioning the moment a user clicks on them, therefore, consumers cannot identify or verify if the compressed .exe file is a genuine WinRAR module or a malicious one. As of writing, there is yet to be a patch released for this flaw and Windows users are advised to refrain from clicking on any files from unknown sources. If you wish to protect yourself further, then by all means use an alternative archiving product or use strict authentication methods to secure your system.
The knock on effect of any exploit can be harmful to users, especially when a product has a consumer base which is substantial in size.
Cyber attacks are an increasing and dangerous threat which is perpetrated by groups and countries alike, these attacks are a substantial threat to free speech, livelihoods of website operators and also the whole infrastructure of the Internet. It’s no surprise to learn that a huge DDoS attack against a target website resulted in 650,000 devices being unwittingly enrolled into a giant cyber attack which overwhelmed its target.
And where did this attack originate from? That’s right, our friends over at the democracy-suppressing Truman Show style country that is China. The attack transmitted a staggering 4.5 billion separate requests for data in one day to the target destination. Below is an image which analyses the log timeframe of HTTP requests per hour, as you can see, requests for data ramped up dramatically within only a relatively small period of time before dissipating.
Since the attack had been levelled at a client of US Company CloudFlare, they were able to “write a dedicated script and were able to further analyze 17M log lines, about 0.4% of the total requests” They found that 99.8% of the flood was originating from China while 0.2% was labelled as “Other” They were also able to determine that 80% of the requests came from mobile devices .
Think of this speculated but plausible scenario like this, while a user was browsing the Internet or through an app, he or she was served an iframe which contained an advertisement. This ad had been requested from an ad network who then forwarded the request to a third-party that won the ad auction. This meant that either the third-party was the “attack page” or it forwarded the user to an attack page, by doing this the user was served a page containing malicious Java Script which then launched a flood of XHR requests against CloudFlare servers.
CloudFlare have declined to name the company which had their server attacked but are warning against future cyber attacks with the same level of intensity. It’s a worrying trend which has many outlets including the Darth Vader weapon of choice “The Great Cannon.” This is also not serving the long-established technique of serving ads to consumers via the Internet, if advertisements are increasingly being injected with malicious code, consumers are going to use extensions to block them.
The Internet connects the world and is seen as a necessity and therefore a human right by powerful individuals, what countries want you to see on the net, well, that’s a whole different ball game.
The State of the Internet report from Akamai has revealed an alarming statistic concerning the prevalence of DDOS attacks. Shockingly, there was a 7 percent increase compared to the last quarter and up 132 percent from the same time last year. More worryingly, Q2 2015 contained, 12 “mega attacks” which features a peak of 1,000 gigabits per second and 50 million packets per second. One example lasted a total of 13 hours at 240 Gbps whilst most attacks revolve around a time period of 2-3 hours.
Interestingly, the data pinpoints the main source of DDOS attacks to China followed by the USA. Attackers are prioritizing their focus on online gaming networks and trying to cause utter destruction. More specifically, 35 percent of DDOS victims experienced attacks whilst using a gaming network such as Xbox Live. John Summers, VP of the Cloud Security Business Unit at Akamai said,
“The threat posed by distributed denial of service (DDoS) and web application attacks continues to grow each quarter,”
“Malicious actors are continually changing the game by switching tactics, seeking out new vulnerabilities and even bringing back old techniques that were considered outdated.”
Any DDOS attack is difficult to contest with and they’re starting to become an epidemic. Some websites are hit for political reasons, and others appear to be from vindictive people wanting to leave their mark. Whatever the motive, DDOS attacks are on the rise and a major problem for internet users.
Denial Of Service (Or DDoS) attacks have become more and more frequent in recent years with the expansion of the internet and the speeds it can deliver information. A denial of service attack is pretty simple, you find the device you wish to disrupt and send as much data as you can to it, this means that the device quickly becomes overwhelmed and unresponsive, this can be anything from your home router to a world championship tournament.
Level 3 Communications is an American telecommunications and internet service provider company and is considered one of the main bodies for internet within the US. Their chief security officer, Dale Drew, has warned that people may have figured out how to abuse Portmap services to conduct a new form of DDoS attack, one which could have the “potential to be very, very bad”.
Portmap is an open source utility used on both Unix and windows systems, meaning that all operating systems will potentially be open to this new kind of attack. Portmap works by mapping a location and port number to essentially bind and access anything from a networked hard drive to accessing your computer from work over the internet. Either way when someone says that these ports are often left open, you can understand why being able to send lots of unwanted information to a home system could become a problem.
When ports are queried they tend to respond with lots of information about the system or just why it’s saying “NO!”. The problem you often have though is that when you get a response, groups are able to redirect this information to other networks, causing the DDoS attack, all the while the information is coming from your average family router at home.
This particular type of attack is aptly called a DDoS amplification attack, as you can probably tell, it will often result in a lot of people being affected, normally by abusing systems which a lot of people don’t realise are doing anything bad.
Level 3 has contacted ISP’s and forwarded details of those running open Portmap servers, hoping that this way they can quickly resolve the issue before it’s abused too much.
Mozilla got word this Wednesday that a severe Firefox 0day vulnerability was being exploited by an ad on a Russian website. Although the company was swift in delivering a fix, they are now urging users to check that they are running version 39.0.3 or later to prevent hackers from gaining access to their sensitive data.
Security specialists found that the exploit mainly targeted developer-focused content, though it was released to the general audience. However, the attack seems pretty neat because you can have a large number of audience on the website, but have data transferred from browsers with significant relevance. The guys looking into the hack found that it did not leave traces of it behind, which means that even experienced users may be unaware if they have been the victim of a hack or not.
Though the hack affected only Windows and Linux systems, Mac users should also be on guard, since the hack can also be modified to target Macintosh OS’ too.
A security engineer has found a vulnerability in popular pirate movie application Popcorn Time that could leave users’ devices open to being hacked by a “man-in-the-middle” attacker. Antonios Chariton (aka ‘DaKnOb’), a Security Engineer & Researcher living in Greece, found the vulnerability in at least one fork of Popcorn Time’s code, and warn users that using the software in its present form could be a risky proposition.
“There are two reasons that made me look into Popcorn Time,” Charlton said. “First of all, I know many people who have installed this application on their personal computers and use it, and second of all, by pure accident: I was setting up my computer firewall when I noticed the network traffic initiated by Popcorn Time.”
Popcorn Time uses Cloudflare to bypass ISP-level blocking in the UK – “a really smart” technique, according to Charlton – but the lack of layered security on top of that system is what leaves Popcorn Time open to attack.
“First of all, the request to Cloudflare is initiated over plain HTTP. That means both the request and the response can be changed by someone with a Man In The Middle position (Local Attacker, Network Administrator, ISP, Government, etc.),” Chariton explained. “The second mistake is that there is no input sanitization whatsoever. That means, there are no checks in place to ensure the validity of the data received. The third mistake is that they make the previous two mistakes in a NodeJS application.”
Charlton exploited this vulnerability as a proof-of-concept, performing a “content spoofing” attack which changed the name of movie Hot Pursuit to Hello World:
Using the same technique, Charlton could change any other information in Popcorn Time, but chose a method by which he could demonstrate the trick easily.
Next, he launched an XSS attack:
So, what can be done to protect users? Nothing on the user-end, sadly, but Charlton has some advice for Popcorn Time’s developers. “HTTP is insecure,” he warned. “There’s nothing you can do to change this. Please, use HTTPS everywhere, especially in applications that don’t run inside a web browser. Second, sanitize your input. Even if you receive something over TLS v1.2 using a Client Certificate, it still isn’t secure! Always perform client-side checks of the server response.”
Popcorn Time has responded to the threat, saying:
“This attack requires that the attacker is either inside the local network, inside the host machine, or has poisoned the DNS servers.
In any case, there are far more valuable attacks than simply hitting Popcorn Time. Especially because it does not run with elevated privileges and won’t let the attacker install new programs for example.”