FBI Says Hackers Have Had Access to Government Systems Since 2011

While trying to gain access to iPhones and emails, the FBI are having to deal with a wholly different threat. Their own systems have been compromised and a group of hackers has had access to governments systems since 2011.

The report that has been raised shows that a group that security experts believe to be APT6 has managed to hack and steal government secrets for years without being noticed. The alert lists a range of websites used in order to launch phishing attacks against the networks and dates the activities as far back as 2011.

APT6 (Advanced Persistent Threat 6) is a codename that has been given to a group of hackers believed to work for the Chinese government and are known for their consistently advanced techniques and the results they provide.

While the controlled by the hackers were “suspended” in December last year, this doesn’t mean that the hackers have been removed from the network, or that they don’t have other ways to access the system after 5 years of unauthorised activity within it.

Michael Adams, an information security expert, spoke with Motherboard and seemed less than impressed with the latest report, going on to say that it “looks like they were in for years before they were caught, god knows where they are. Anyone who’s been in that network all this long, they could be anywhere and everywhere”. Adams showed disbelief that this could happen, even asking the question “how many times can this keep happening before finally realize we’re screwed?”

State sponsored or not, hackers in a secure network is a bad thing, unknown hackers in a secure network is beyond worrying about because of the kinds of systems that rely on and act as if the network should be secure.

Juniper Releases Second Patch To Fix Flaws

Juniper has been in the news a lot recently, after discovering that their firewalls exposed virtual private networks ‘secure’ data. It was then revealed that this went one step further, with groups like the NSA and GCHQ working together to hack Junipers firewalls. If this wasn’t bad enough, Juniper fell silent on the matter before it was revealed that the software that was vulnerable was still located within their software.  This is set to change though with Juniper releasing a second patch, designed to remove the software responsible for their “insecure” software.

In a post titled “Advancing the Security of Juniper Products“, the use of Dual_EC and ANSI X9.31 will be replaced with a different number generator, one that is used in other products. Dual_EC is the software that is considered flawed and therefore, the greatest security risk, even though it was only added to the software a year after the issues were publically revealed.

This action comes as part of a “detailed investigation” of their software’s code, resulting in patches and the removal of “unauthorized code”. While these actions are well welcomed the questions remain as to why this all started. Where did the “unauthorized code” come from and if Stephen Checkoway, a computer science lecturer from the University  of Illinois in Chicago, is correct, the addition of Dual_EC actually reduced the security on Juniper’s software, making it easier to access it through a backdoor.

Juniper Still Hasn’t Removed Backdoor Vulnerability from Its Software

Last month, Juniper Networks – a company that supplies security software to the likes of AT&T, Verizon, NATO, and the US Government – reported that it had found what it described as “unauthorised code” – effectively a backdoor – in its NetScreen firewall software, through which it was possible for a third-party to decrypt data sent through it using an encrypted VPN (Virtual Private Network), and that had existed since at least 2012.

Now, Wired reports that Juniper has fallen silent on the matter, refusing to discuss an insecure encryption algorithm within the software that essentially allowed the backdoor to be inserted. Juniper refuses to explain why Dual_EC, a pseudo-random number generator, was included in NetScreen, or why it still exists within the software even after the backdoor revelation.

Stephen Checkoway, a Computer Science lecturer from the University of Chicago, discovered that Juniper knowingly added the insecure Dual_EC to its software, despite having a more secure ANSI algorithm in place. Dual_EC was added to NetScreen version 6.2.0 in either 2008 or 2009, while the vulnerabilities in Dual_EC were revealed in 2007.

Even more explicably, Juniper then changed the nonce (random number string) size within the algorithm, from 20 bytes to 32 bytes. 32 bytes was the optimal size for exploitation by hackers, according to the data revealed in 2007.

“The more output you see [from the generator], the better [it is to crack the encryption],” Checkoway said. “Anything you see over 30 bytes is very helpful. Anything you see less than 30 bytes makes the attack exponentially harder. So seeing 20 bytes makes the attack basically infeasible. Seeing 28 bytes makes it doable, but it takes an amount of time, maybe hours. Seeing 32 bytes makes it take fractions of a second.”

While it was Juniper that revealed the existence of this backdoor, it seems that it facilitated its creation, and has done nothing to fix it since.

WatchGuard Firebox T30 And T50 UTM Now Available

We’ve seen a lot of attacks in the recent months where both online technology resellers as well as universities and even the DNS Root Servers being attacked. In such a time you’ll want the best possible protection for your connected devices and Wick Hill just announced the shipping of their WatchGuard T30 and T50 Firebox appliances for enterprise-strength unified threat management (UTM). The Firebox T30 and T50 are aimed at small and medium-sized enterprises (SMEs) and distributed enterprises and are essential a hardware firewall and VPN connection.

Faster internet connections make decentralized organizations more flexible, but connecting all the branches with each other in a secure fashion can be a challenge, and that is where the Firebox comes into play. It is easy to deploy and can be preconfigured before deployment. WatchGuard’s T-series of tabletop UTM are ideal for remote branches where there isn’t a dedicated server room. They are small and have versatile placement options away and out of sight. The are also easily expandable with Wi-Fi access points of security cameras thanks to the built-in POE port.

Both the T30 and T50 feature AC1200 wireless network abilities with UTM security speeds up to 165 Mbps. The Advanced Malware Detection can catch malware that signature-only AV solutions miss. Next-generation sandboxing in the cloud with full system emulation (CPU and memory) provides visibility into every instruction that malware executes and not just the operating system calls That exposes evasive behavior that other sandbox solutions might not see. The WatchGuard series also features a centralised real-time view into all network activity with the power to take immediate action against harmful sites and users. The UTM also features a crypto co-processing unit for SHA-2.

The WatchGuard Firebox T30 starts around €620 and the T50 starts out around €1000, both prices without VAT.

Donald Trump Wants To ‘Close Up’ The Internet

Donald Trump is known for a wide range of things, from his running as a presidential candidate, his viewpoints on certain issues and even in the UK for blocking proposals of new electric wind farms. The latest idea from Trump though is even more worrying; he wants to close off the internet.

At a campaign rally, Trump starts by saying “we are losing a lot of people because of the internet”. before going on to say that he would ring up people like Bill Gates and the others who “really understand what’s happening” and begin discussions to close up the internet. The idea behind this scheme is to prevent U.S. citizens from being recruited into acts of domestic terrorism and other groups, mainly based abroad, such as ISIS who may use the internet as a recruitment medium.

Trump goes on to say that after closing up the internet you will get people saying “freedom of speech” to which he suggested that those people are “foolish”.

Trump could be suggesting a giant firewall, similar to that in place in China and Thailand, Either way people will state that such an action goes against freedom of speech, a concept that is held very high in the United States and has seen many days in court recently.

Dells Security Affects More Than Just Your PC!

Recently Dell has received a lot of attention regarding their security, to be more precise it was due to a digital certificate. These are small pieces of code that are used to encrypt the traffic between your system and any website or online system you use, remember that little padlock in your URL bar on the browser? That means that it’s used a certificate to verify that this is a legitimate website and not a fake website.

The problems started when Dell shipped their systems with a certificate, private encryption key included, on their systems. This is like giving somebody the mold to create their own keys, or even conduct man-in-the-middle attacks, where you are able to act as a midway point for communication, and with the encryption details you could easily read the information being sent.

When Duo Security, a digital security company, continued to search they found at least 24 IP addresses which had certificates with the a different digital fingerprint but the same name, eDellRoot. Different lock, same name.

The problem with this is that some of the systems appear to be SCADA (Supervisory Control and Data Acquisition), a system seen as pretty important given it is often used in energy and manufacturing industries. While these systems are normally closed off from the internet, no access = minimal risk, the systems could have been misconfigured but still have a potential risk.

Dell has posted stating that they would post instructions on how to fix the eDellRoot problem, which can be found here.

With problems like this, public knowledge and learning from the mistake are the best ways to prevent this affecting both companies and the public in the future.

Thailand Wants To Set Up Its Own Great Firewall

Hadrians Wall, The Great Wall of China. These things have one thing in common, they were built to stop people accessing a certain area. In this day and age we can travel easily enough, but our data has even greater freedom to travel, with the ability to navigate from one side of the world to the other in the blink of an eye. This is quite a scary concept and certain countries are afraid of this, so the ‘great firewall’s were created. Every piece of communication that comes into a country or wants to leave it has to pass through this central point. China is famous for using it to monitor and control what people are able to see, even forcing people to use specific sites or reject people from seeing certain results on search engines. Thailand is the latest to announce plans for their own great firewall.

Prime Minister Prayut Chan-o cha, with his cabinet, has requested the help of the National Police, Ministry of Justice and the Ministry of Information and Communications to set up a single internet gateway, which would in effect funnel all communication in and out of Thailand through a single government controlled point.

This doesn’t come as a surprise as they requested earlier in the month any laws that may need changing or being created in order to make this step as legal as possible.

While a great tool for checking for anything illegal or dangerous, people are always afraid of steps like this and the control and possibility of the government misusing all that information. How would you feel if your government created their own ‘great firewall’?

Thank you CNet for the information.

Image courtesy of VPNAnswers.

Internet Watershed For Saucy eBooks

Have you ever contemplated if governments, authorities, and anyone who debates, writes and passes laws around the world genuinely understands the notion of the Internet? Over the years Pepperidge Farms has wondered this and so have I. A variety of experts have defended politicians stating that after analysing the results, there seems to be a logic, common sense if you will.

This tall tale with which I am going to write is 100% factual, this has not been lifted from a Disney book but rather has been reported by a respected outlet within a European Country. Apparently, I am not making this up; the Youth Protection Authority within Germany has handed down a law stating that Saucy eBooks cannot be sold on the Internet by German resellers until the hours of 10pm – 6am. This effectively means a law states that a watershed must exist on the Internet with the aim of content only being available from a specific time.

These kinds of Adult eBooks which I am told exist, fall within German telemedia and therefore infringe upon the Youth Media Protection State Treaty, therefore any youth endangering eBooks, not my words, the words of Heise.de, IT News online website, or more factually, the words of Google Translate as I don’t speak German cannot be sold until 10pm at night.

These statements aimed at protecting Children have become more and more ludicrous, the notion of an Internet which upon command can be walled off for certain hours of the day is astonishing, it’s also not clear if this content will magically appear again at 10pm or not and if so, anyone who shouldn’t be viewing such content will just, erm, stay up past their bed time. Great firewall of China? No, what you really want is a great watershed wall of Germany, think Berlin wall that disappears at night.

Thank You heise.de for providing us with this information

Image Courtesy of Good E Reader

Gmail Has Been Blocked in China

Google’s popular email service, Gmail, has finally been blocked in China. GreatFire.org says that China’s ‘Great Firewall’ had finally kept citizens from accessing the service altogether, after months of incomplete attempts at blocking it.

It’s said that the service was blocked on Friday, with users completely unable to get in. The news comes following evidence of intermittent blocking over the past number of months, but throughout users have been able to access their accounts in some form or another. Reuters says that many could still receive their mail “via protocols like IMAP, SMTP and POP3” using email clients on smartphones and PCs.

China’s ‘Great Firewall’ has been a great source of controversy in the country regarding freedom of speech. The ruling Communist Party has always utilised its web blocking power to prevent the spread of dissident messages in opposition of their rule. They’ve also sought to prevent the rise and dominance of Western companies like Google, in an effort to give Chinese equivalents, like Baidu and Alibaba, the edge.

Source: Reuters

Hackers Use ‘The Cloud’ to Control Malware and Botnets

Security firm Trend Micro has apparently revealed new evidence of botnets and malware not only being hosted in the cloud, but also being remotely controlled from cloud servers. The main goal for hackers has been revealed to be disguising their malicious software as regular traffic between corporate end points and cloud services.

Trend Micro has revealed in a blog post a case where hackers were using DropBox in order to host the command and control instructions for malware and botnets, which eventually made it past corporate firewalls. While the news is not new, the cloud has apparently increased in popularity as well as security risk. In the past, small files needed to be controlled by a command and control (C&C) system, which was usually hosted by hackers or placed on servers easily identified as suspicious.

With cloud-based systems however, hackers can now place the C&C on cloud servers and communicate with the botnets and malware like ‘normal traffic’, making it harder to be identified. The company has emphasized that any cloud-based solution can eventually be used as a host for C&C software. Companies not using any type of cloud-based solution but receive traffic spikes from any of them have some type of warning and are encouraged to investigate the activity.

However, this does not mean that every company using cloud-based solutions is now infected. Trend Micro has just shed some light on how hackers are able to and could try infecting corporate systems using the technique described above. A good counter-technique for security specialists in order to prevent such hacking practices is to closely monitor all traffic between end-point users and cloud-based solution, marking anomalies and suspicious activities as threat until otherwise proven to be ‘safe’.

Thank you Network World for providing us with this information
Image courtesy of LifeHacker

People Are Spying On You And Hacking Your Computer

How safe are you while you are on the computer? Using your anti-virus, and your firewall, perhaps other methods of keeping you safe, like keeping all of your software up to date will keep you fairly secure. Not everyone does this though, not keeping software up to date, or even your operating system. If you don’t update some vital software that you run on your computer when there is an update it can compromise all security on your machine, giving a hacker full access to your system, even giving them the ability to hack your webcam and see you while you are sitting at your computer.

https://www.youtube.com/watch?v=Yb9b_LzM1U8

Mark Ward of the BBC wrote an article showing us one vulnerability that some people have when they don’t keep Java up to date. You can view his article Licensed to hack: Cracking open the corporate world HERE. He shows us how he was able to inject coding into a website which notified him when someone had viewed the page and then gave him full access to their computer. This isn’t just for some kid sitting in their moms basement writing code, or anything, this is also for big corporations which have loads of hits each day. Corporations are able to easily gain control of users computers, accessing files, spying on them, and giving them an inside edge to their customer base.

The only suggestion I can give you to prevent this from happening is to make sure that your computer, and everything running on your computer is 100% up to date, though it doesn’t seem like that will prevent someone from gaining access to your computer, it is just one preventative measure that you are able to take.

Image courtesy of  Security Blog

Source