FBI Says Hackers Have Had Access to Government Systems Since 2011

While trying to gain access to iPhones and emails, the FBI are having to deal with a wholly different threat. Their own systems have been compromised and a group of hackers has had access to governments systems since 2011.

The report that has been raised shows that a group that security experts believe to be APT6 has managed to hack and steal government secrets for years without being noticed. The alert lists a range of websites used in order to launch phishing attacks against the networks and dates the activities as far back as 2011.

APT6 (Advanced Persistent Threat 6) is a codename that has been given to a group of hackers believed to work for the Chinese government and are known for their consistently advanced techniques and the results they provide.

While the controlled by the hackers were “suspended” in December last year, this doesn’t mean that the hackers have been removed from the network, or that they don’t have other ways to access the system after 5 years of unauthorised activity within it.

Michael Adams, an information security expert, spoke with Motherboard and seemed less than impressed with the latest report, going on to say that it “looks like they were in for years before they were caught, god knows where they are. Anyone who’s been in that network all this long, they could be anywhere and everywhere”. Adams showed disbelief that this could happen, even asking the question “how many times can this keep happening before finally realize we’re screwed?”

State sponsored or not, hackers in a secure network is a bad thing, unknown hackers in a secure network is beyond worrying about because of the kinds of systems that rely on and act as if the network should be secure.

Hacker Who Created Fake Game Listing On Steam Says More Vulnerabilities Will Be Found

Earlier this week Ruby Nealon became famous on the internet for managing to get a game onto Valve’s steam store without anyone at Valve even knowing about it. The Watch paint dry game raised concerns about the system Valve has in place when it comes to Steams content, with him saying that more vulnerabilities will be found on the platform.

Nealon states that it was an HTML-based attack that let him post the game without anyone at Valve approving or even seeing the game before it went live. With this exploit noted and fixed, Nealon went on to point out a way of inserting scripts into pages, potentially taking details from a Valve administrator who wanted to check out their games page. This second exploit was then fixed, although Nealon doesn’t seem too impressed with Steam’s website.

In discussions with ArsTechnica, Nealon told them that “it looks like their website hasn’t been updated for years” and even went on to say that “Compared to even other smaller Web startups, they’re really lacking. This stuff was like the lowest of the lowest hanging fruit.”.

Nealon wasn’t just upset with the website, though, saying that he won’t be hacking Steam’s platform anymore due to a lack of recognition from Valve on the matter. Nealon wrote on his site saying that the exploit he used for posting the “watching paint dry” game he had tried to contact Valve for months about, but it was only fixed when he publicly demonstrated its viability.

Nealon isn’t happy with Valve’s lack of a bug bounty system, a program where users are rewarded for alerting the company about bugs and issues in their software, something that even apps like Uber have started in recent weeks. In his “won’t be finding bugs anymore for Valve because there are plenty of companies that appreciate the time and effort put in by security researchers” and even went on to explain how the entire process had made him feel like “Valve were exploiting me”.

Steam isn’t a service that’s immune to hacks either, last year it was hacked and allowed people to bypass the two-factor authentication required to log into an account from a new machine. They’ve even accidentally exposed users details before, no external help required for that blunder.

Personally, I feel like anyone who puts time and effort into finding a problem and then revealing it to a company should be rewarded, not brushed under a matt and ignored until it becomes an issue the public are aware of.

Hacker Claims He Controlled The Outcome Of Mexico’s Election

We hear stories and watch movies about hackers, from the news that large companies like TalkTalk have their information accessed to hacking lottery terminals, we’ve heard it all. That was until a hacker who’s currently in jail has come forward saying he was even responsible for rigging the outcome of Mexico’s election.

Amongst his claims of controlling the outcome of Mexico’s election, Andrés Sepúlveda, a known hacker currently serving a 10-year sentence in prison for hacking Colombia’s 2014 presidential election, claims he was paid to ensure that Mexico’s Institutional Revolutionary (PRI) candidate won the country’s election back in 2012. Claiming to have hired a team of hackers he states that his team installed malware on the routers at the PRI main opponents headquarters, giving them access to emails, campaign schedules, and speeches before they were even complete.

Sepúlveda claims that using hand-written accounts and 30,000 twitter bots he used the obtained information to adjust the playing field, giving the PRI candidate the upper hand. If that wasn’t enough, Sepúlveda states that they used fake 3am calls from rivals to help dissuade voters on the eve of the election.

Noting that some of the candidates he has helped over the year may not even be aware of his actions or the illegal methods used to obtain their upper hand, Sepúlveda now works on behalf of the government to help “track and disrupt drug cartels” as well as using his twitter skills to identify ISIS recruits on the social media site.

With a full account of his tale, Bloomberg has shared Sepúlveda’s story and have tried to validate what they can, including an anonymous source who “substantially confirmed Sepúlveda’s accounts” regarding the political consultant Juan José Rendón.

Ethical Hacker Site Has Been Caught Spreading Ransomware

Security isn’t as black and white as people think, sometimes people do the bad things for the right reasons. This is the area that ethical hackers deal with, testing websites by employing the same techniques that those who want to cause harm or profit from your information illegally. Imagine the surprise then when a site used to support these ethical hackers was caught spreading ransomware this week.

Ransomware is a particularly nasty version of malware (malicious software) that works by encrypting your data, meaning you either pay the fee they want or potentially lose access to your data forever. Recently it’s affected several hospitals and even the FBI say you should just pay.

EC-Council is responsible for administrating the ethical hacker program, a system by which people can become trained and certified that their hacks are for legitimate and protective reasons, rather than malicious and illegal.

The site started spreading TeslaCrypt on Monday and seems to be targeting specific people. Those who visit the site using Internet explorer and only when they are redirected from a search engine are affected. If this didn’t cause enough trouble the hack seems to also use people’s IP addresses to determine their geographic location, meaning it targets a narrow group of people and makes its behavior seem more erratic, and thus harder to track and fix.

Requesting 1.5 bitcoins (around £442), the redirect exploit that allowed the ransomware to be installed was published by FOX News on Thursday after attempts to alert them privately yielded no responses.

Ethical hacking is a difficult business, with some companies considering you more foe than friend, but the help they provide stops issues like this (ironically) from happening.

White Hat Hacker Tweaks Dridex Malware to Distribute Antivirus Software

The Dridex banking malware has been a huge headache for a large part of the financial and technology industries, but it seems there’s a white knight out there looking to turn the tables on this pesky infection. After a mysterious hijacking of the virus distribution servers, they’ve now started dealing out legitimate installers for Avira Free Antivirus, thus helping to remove the infection from systems and hopefully clearing up a few other issues along the way. The bonus being that anyone stupid enough to fall for the infection in the first place could technically come out cleaner on the other side.

The malware is most often spread through spam messages and malicious Word documents. Being one of the three most widely used trojans in the world, the malware targets online banking users and steals information before feeding it back to a server where it can be used to take money, as well as other information from your accounts. Agencies in the UK and US managed to disrupt the botnet last year, even going as far as indicting a man in Moldova who they believe was responsible for the attacks, but it did little, if anything, in the long run to prevent the botnet from distributing the software.

Researchers at Avira recently noticed that the Dridex distribution servers begin pushing an up-to-date Avira web installer instead of the trojan, which is obviously a great step in combatting the problem, although how long this will last remains to be seen.

“We still don’t know exactly who is doing this with our installer and why, but we have some theories,” said Moritz Kroll, a malware expert at Avira, via email. “This is certainly not something we are doing ourselves.”

The only theory that makes sense so far is that a white hat hacker has hijacked their servers and tried to turn the tables.

“I really think it is a hacker who has discovered how to do a good thing but perhaps with not strictly legal methods,” Kroll said. “If you think about it, there was a huge media announcement when Dridex was ‘taken down’ by the government authorities and a much smaller level of reporting on its return to the marketplace. That has got to be frustrating to some and might cause them to think: ‘The government tried to take it down, they could not, I can do something myself’.”

Either way, anything that slows this nasty bit of software is a good thing!

Security Firm Sued For Incorrect Forensics Report

Remember when you are watching those TV shows, you know the ones, where government agencies are trying to track down bad guys who have breached a “secure” network? Happens in real life too, with companies like Affinity Gaming finding out the hard way.

Affinity gaming is a Las Vegas-based casino operator who discovered back in 2013 that their network had been breached and people were able to get to the credit card data. Sounds familiar right? Affinity Gaming hired the security firm Trustwave to investigate and isolate the breach, effectively fixing the problem. At the end of the investigation, they claimed that the data breach was “contained”, then adding comments on how to “fend off future data attacks”.

Affinity Gaming then found that they were suffering another data breach, for which they hired the data security firm Mandiant to investigate. It was during Mandiant’s investigation that they worked out the work previously done was only on a “subset of Affinity Gaming’s data security”. This coupled with the fact that they “had failed to identify the means by which the attacker had breached” their systems meant that overall Affinity Gaming believes Trustwave was responsible for “misrepresentations and grossly negligent performance” which in turn they believe cost them “significant out of pocket losses”.

Listing 76 steps outlying their interactions between the three companies and now the complaint, you can see why if one company promised to protect your data and then was found to have failed this task, you would want your money back.

GTA Online Hacker With Green Hair Freaks Out Podcaster

Grand Theft Auto 5 has one amazing feature that is loved by millions of gamers and that is the online part. Play together with your friends or strangers in the awesome GTA universe. However, there is a large plaque on the game and that plaque is hackers. An issue that Rockstar doesn’t seem to care much about and certainly doesn’t do much against.

We can all agree that hacking and cheating is bad, especially in multiplayer games. The only thing you achieve is to show everybody else that you don’t have the skills to play it normally nor the morale to behave decently. But once in a while, a hacker comes along that doesn’t just create havoc, but also makes us laugh.

Nick Breckon, was playing the game online without a worry. He just wanted to have some fun. That was until weird things started to happen. Now a lot of what happens seems to be normal these days, but there were strange occurrences. At first he got a lot of money out of nowhere, then suddenly he had all weapons with maximum ammunition – for the rest, the game looked normal. A game bug, that was his first thought. But that was only until the weird psycho with green hair spawned on his back, actually piggy-backing the player, and started to stroke his neck, the GTA character’s neck that is. From there on it just got weirder and weirder and all that got turned into a podcast that is hilarious to watch all the way through. If you just want to watch the actual game footage, then you can skip forward until timeframe 10:11.

I’ll consider this 16 minutes well spent. Have you experience the annoyance of online hackers in Rockstar’s multi-million dollar game?

Thank You VG247 for providing us with this information

Hackers Find Serious 0day Vulnerability in Mozilla Firefox

Mozilla got word this Wednesday that a severe Firefox 0day vulnerability was being exploited by an ad on a Russian website. Although the company was swift in delivering a fix, they are now urging users to check that they are running version 39.0.3 or later to prevent hackers from gaining access to their sensitive data.

It looks like the vulnerability affected a non-privileged part of Firefox’s built-in PDF viewer, where hackers were able to inject JavaScript files. Since they are in the same origin policy as the local browser, hackers could then have the script search and upload data to a server located in Ukraine, as sources indicate.

Security specialists found that the exploit mainly targeted developer-focused content, though it was released to the general audience. However, the attack seems pretty neat because you can have a large number of audience on the website, but have data transferred from browsers with significant relevance. The guys looking into the hack found that it did not leave traces of it behind, which means that even experienced users may be unaware if they have been the victim of a hack or not.

Though the hack affected only Windows and Linux systems, Mac users should also be on guard, since the hack can also be modified to target Macintosh OS’ too.

Thank you Sci-Tech Today for providing us with this information

Image courtesy of Wikimedia

Four New Bugs Have Been Found in Internet Explorer

I know most of you don’t even use Internet Explorer and we all know how it was humiliated throughout the years. However, since the new Microsoft Edge might be using some IE code, it’s worth pointing this out anyway.

It looks like security experts have encountered and disclosed four new vulnerabilities in Microsoft’s browser. The researchers have noted the issues through Hewlett-Packard’s Zero Day Initiative, a program which creates detection signatures and also reports them to their respective vendors.

Microsoft has already been notified, however, ZDI gives 120 days to the vendor to fix them. So, since Microsoft is more focused on Windows 10, the issues were not resolved and limited information about them have been released to the public. By limited information, it means that the actual code affected has not been released for the wise guys to figure out an actual working exploit.

However, one of the four exploits seems to have been disclosed in more detail. This is because at one of ZDI’s contest back in November, a hacker used the exploit and provided ZDI with the necessary information on how to take advantage of the vulnerability. If you’re curious, the exploit can be found here.

The remaining vulnerabilities are just theoretical at this point, but Microsoft should look into patching them as soon as possible before someone else manages to find a way to exploit them further.

Thank you PCWorld for providing us with this information

See How Hackers Can Take Control of Your Chrysler Vehicles

I know that there have been a lot of movies where hackers can take control of vehicles and crash them, but can it really be done in real life? Well, a pair of hackers have just demonstrated this with a Chrysler using a zero-day exploit they found.

The hackers apparently demonstrated the hack having Wired’s Andy Greenberg in the actual vehicle. He was not told about the hack, but was warned not to panic. So, as he was travelling down a busy highway, the hackers started slowly taking control, first by turning on the air conditioning system, then the radio and finally the windshields.

As Greenberg drove on, the hackers moved to something more serious. They proceeded to cut the transmission, having Greenberg watch the RPM go up, but the car slowly losing speed. To demonstrate the hack even further, they found an empty car lot, where the hackers were able to show how they can kill the engine, apply brakes or even cut the brakes entirely. The latter apparently sent Greenberg into a ditch, as shown in the pic above.

The attack is really terrifying,since a lot of vehicles out there are vulnerable to the attack. However, the hackers stated that they plan on releasing the exploit on the Internet at the same time they are to give a talk at the Black Hat security conference in Las Vegas next month.

Thank you WIRED for providing us with this information

See How Many Popular Apps Failed to Protect Your Password

When using an app developed by a big company, you might think that it is trustworthy and ensures your security and privacy. Well, a recent test proved how easy and vulnerable a lot of popular iOS and Android apps are to crack and have your passwords nabbed.

According to security firm AppBugs, a huge number of popular apps are allowing users to make a large number of login attempts without any type of restrictions. Why is this so important? Well, hackers may as well try to guess your passwords this way. There are a lot of methods involving apps that can randomly generate and test passwords, and since we are talking about mobile devices, I don’t think people will use something they can barely remember, yet alone type, as their passwords.

AppBugs found that out of 100 apps, 53 were found vulnerable. Apps such as Songza, Pocket, Wunderlist, iHeartRadio, WatchESPN, Expedia, Dictionary, CNN, Domino’s Pizza USA, Zillow, AutoCAD 360, Slack, SoundCloud, Kobo and Walmart are just a few of the one found. The security firm gave the developers 30 days to fix the issues, but only a couple of the latter mentioned apps were actually patched. The full list of vulnerable apps will be revealed on the 30th of July, according to AppBugs.

If you wish to protect your data further, users are encouraged to start considering using apps that manage all your stored passwords if you forget them, or even activate 2-factor authentication in apps, if it’s available.

Thank you 9to5mac for providing us with this information

Here’s How a Hack Took Down Other ‘Legitimate’ Hackers

Before we continue, you might be wondering how could there be ‘legitimate’ hackers. Well, companies such as the one that got hacked, by the name of Hacking Team, exist out there. They usually sell their hacks and services to governments or secret agencies, which make them a key ally and are allowed to continue their work. However, the latest hack proved that even they can be taken down.

Hacking Team is known for selling its services to agencies such as the FBI, DEA, Australian police, or even countries such as Bahrain, Ethiopia, and Sudan. However, the latter could not be proven since they could easily pin everything on their contractors and we all know how good governments and agencies are at denying allegations. Also, they had the ability to keep their code as well as other exploits they used in software products secure, so targeted individuals, companies or even other governments could not do anything about it.

But their operation came to and end, having their systems compromised by a hack that took over 400 GB of data, including their own source codes used for creating the spyware. This means that other developers can now use the data and patch or protect their systems in the future. Hacking Team is said to have been forced to close their company down until further notice, but it’s highly likely they will be operational again in the near future.

There is no official confirmation about who hacked the spyware company, but it is said that Wikileaks focused on latter companies in the past, so nobody can rule out their implications in this. However, sources say that the hack was performed by an independent freelance hacker, so this makes it even harder to pinpoint the attacker.

Thank you The Verge for providing us with this information

This Is Why New Software Comes With Old Flaws

You are probably wondering why we hear that legacy flaws are still present in new software. Well, the answer is simple. Developers have a habit of reusing old code for most of their projects and the code is not reviewed for all potential flaws, but rather the approach tends to be similar to the slang ‘if it works, then don’t try to fix it’.

This does not mean that developers are lazy. The approach is favourable even by top-notch programmers because of the tight deadlines they have to meet, so time will always be above everything else when shipping new software.

However, this comes at a hefty price. While we hear of many hacking incidents, only a few of them are complex enough to break even the most impenetrable systems. Most of them were done by exploiting the already ‘implanted’ flaws in all software products. Everything except the operating systems can be deemed ‘hackable’ by most people with some knowledge of hacking.

The flaws go so deep that even some government departments are at high risk. Security analyst found out that some software in government departments is still based on older programming languages. But is this the future of programming? Of course not.

Security analysts in the field say that the problems with legacy flaws may likely increase, but they don’t have to. The real problem is that, by focusing exclusively on shoving new software on the market, companies forget about security completely. A better approach here is to split project development into two major components, development and testing, which could work in parallel. This way, a lot of bugs could be fixed and major security bugs flagged before the software hits the market.

Thank you CNET for providing us with this information

Image courtesy of nikopik

iOS Flaw Makes it Easier than Ever to Steal Your Apple ID

Apple’s iOS is widely recognised as one of the most secure mobile operating systems on the market today but is that really true? Well, maybe it is, but what I can tell you for sure is that nothing is unhackable in today’s world.

A security researcher claimed that it is now easier than ever to get hold of any iPhone or iPad user’s Apple ID account with a simple HTML injection. The security specialist claims to have built a tool that would allow just about anyone to make use of a well-known flaw in an Apple’s iOS Mail app and trick the user into giving his or her Apple ID credentials.

The tool mentioned above is said to create an HTML popup that mimics Apple’s own popup that asks you to re-enter your Apple ID credentials. As a regular iPhone user, you are likely to be so used to it that you won’t notice the difference and just type in your credentials as usual.

Once you tap OK on the popup, the credentials are sent to the hacker’s remote server. This likely puts everyone using an iPhone or iPad at risk, so do take care and remember that the Apple ID prompt appears only when you perform an action that requires your authorisation and not just out of the blue.

The issue is said to have been filed and acknowledged by Apple, but no fix has been released just yet. So how worried are you? Will you think twice before entering your Apple ID credentials?

Thank you BGR for providing us with this information

China May Have Hacked the US Government Again

Hacking is something we see on a regular basis, but news about such events start cropping up more and more lately. But since we do have constant leaks from Edward Snowden, it is natural for news to be centred around US government officials now. The latest points to another hack that led to a big data leak in the US government.

US officials have confirmed at the beginning of May that a big chunk of data, namely about 4 million US citizens, may have been compromised. The data comes from the US Government’s Office of Personal Management and is now deemed one of the biggest hacks in history. But who to suspect are the culprits? Well, the US thinks China has been involved yet again.

But this is not your ordinary hack challenge or small-time theft. While some government servers hold a variety of information, the OPM servers hold sensitive data of about 1.5 million US military personnel, which makes matters a bit worrying, especially for the latter individuals. This is why federal agencies around the country have been on high alert since the servers got hacked.

The hack has also affected 1% of the US population, which although may seem a small percentage, it does pose a significant threat to the country and its security. Since then, the hackers are said to have operated on a weekly basis, but on small-scale attacks. But will we see another big one in the future? What are they targeting this time? Let us know your concerns in the comments below.

Thank you TechRadar for providing us with this information

Lizard Squad Teen Guilty Of 23 Charges Of Online Harassment and Swatting

Lizard Squad was once an unknown name among a lot of people, however, this changed when both the Playstation Online and Xbox Gold systems were taken offline over the Christmas Period. The group claiming responsibility, Lizard Squad, then began selling their services to hack and DOS (denial of service attack, in which a web site is forced offline by a barrage of traffic sent to the website companies). At one point they even claimed a bomb had been planted on the plane which John Smedley, Sony Online Entertainments Boss, was about to depart on. A teenager in British Columbia (Canada), a member of Lizard Squad, has pleaded guilty to 23 charges against him.

Due to his age the defendant cannot be named, but his actions have been described in a day-long hearing. The defendant specifically  targeted young female gamers and their parents, adding the girls on League Of Legends or Twitter. If the girls in question declined his friend request he would turn malicious, even resorting to doxxing (posting someone’s personal information online) or swatting (calling the police pretending that someone is being held hostage in their property or has been killed).

One woman he swatted, a student at the University of Arizona in Tucson, left her course after armed police dragged away family members during the second swatting of that week. He then continued to brag about his exploits, both on twitter and during an eight-hour live stream on Youtube in which he was seen to be swatting numerous people, during which viewers reported him to the police.

Several Lizard Squad members have been arrested, two of which were from the UK, one formally charged with Swatting and being involved in the Christmas hacks against Playstation and Xbox.

Personally I have no love for people who decided to ruin other people’s lives and experiences for laughs or personal gain, especially when people are quite often traumatised by swatting incidents. If you ever doubt how serious these actions are, you can watch a Runescape streamers reaction to a swatting that occurred on his channel (Be warned, this video is extremely emotional, you can watch it here). With sentencing due on the 29th June, it will be interesting to see the verdict of this trial and how it impacts future cases.

Thank you Eurogamer and for the information.

Image Courtesy of the Independent.

Swedish Man Faces up to Two-Years Prison and Fines for Leaking Music

Premature release of new material, or material never intended for release, is considered some of the most damaging by artists and record labels, and while it can create a buzz, it robs the artists of their choice of when and what to release. Such leaks can happen anywhere in the supply chain and usually they happen at the end, during mass production of the physical disks and close to the release date.

The current case against a Swedish man is a little bit different as the accused man didn’t work in the industry like so many other leakers, but rather hacked the email addresses of major record labels including Sony, Warner, and Universal and obtained unreleased songs. Some of the named artists include Nicki Minaj, Chris Brown and Mary J Blige.

The accused then sold the stolen tracks to DJs around the world, after which they started to turn up in the public. The FBI got involved in the case and they tracked the money wires and IP tracks to Sweden where the local authorities arrested the 25-year-old man.

The prosecution claims that the man, who denies the charges, made around $12,000 from sales of the tracks. He will go on trial in Sweden next month and will face fines and up to two years in prison. There isn’t really any doubt that the record companies will be back after the trial seeking damages they believe has been done to them.

Thanks to TorrentFreak for providing us with this information

Image courtesy of RigaPortal

Intelligence Agencies Point to Russian Involvement in Recent White House Hacking

The recent White House power outage has turned into being something more than that. CNN reports that US officials have admitted that the White House’s network has been hacked in the process, but the affected computers were part of a non-classified network serving the executive office.

Still, the attackers were able to access sensitive information, such as the president’s real-time daily schedule. CNN also reports that the attackers used an account on the State Department network to phish their way into the White House.

“We’re constantly updating our security measures on our unclassified system but we’re frankly told to act as if we need not put information that’s sensitive on that system. In other words, if you’re going to do something classified, you have to do it on one email system, one phone system.” Ben Rhodes, Deputy National Security adviser, told CNN.

The Secret Service and Intelligence Agencies are already investigating the matter, but it looks like clues point to Russia being behind the attack, or at least the hackers originate from the aforementioned country.

The attackers are said to have covered their tracks by routing their activity through a lot of servers throughout the world.

Thank you Endgadget for providing us with this information

Dyre Wolf Attack Reels in over $1 Million in Wire Transfers

IBM’s Security division has been researching a malware attack they have named ‘The Dyre Wolf’ which is said to have been responsible for stealing over $1 million.

It is said that the hacking campaign uses targeted spear phishing emails, malware and a phone conversation on organisations that use wire transfers.

IBM stated that the attack starts with a single user opening an infected email attachment, having it contacting the attacker’s website and downloading the Dyre malware that hijacks the user’s address book and mails itself through the organisation.

After the infection mentioned above takes place, if a user attempts to log into a banking site, it loads up a new screen that says the site is experiencing issues and shows a phone number for the user to call and make their transaction.

Once the attacker has all the user’s details, a wire transfer is made that runs through a series of international banks. IBM recommends that companies train their employees not to open suspicious attachments or links and remind them that banks do not request their banking credentials in any way.

Thank you Engadget for providing us with this information

China Admits Having an ‘Army of Hackers’ to Help with Cyberwars

China has finally admitted that it has cyber warfare units after its government previously denied having any organised cyber warfare elements in an investigation blaming the People’s Liberation Army as being the source for hacking attacks on the US.

Expert on Chinese military strategy at the Center for Intelligence Research and Analysis, Joe McReyolds, stated that this is the first time China admitted that it has digital weapons teams “on both the military and civilian-government sides.”

McReyolds believes that China has split its cyber warfare units into three categories, one being the military operational units, another in civilian organisations with hacking authorisation from the PLA, and another “third-party” category, which sounds more like a hacker-for-hire approach.

“It means that the Chinese have discarded their fig leaf of quasi-plausible deniability,” McReynolds said. “As recently as 2013, official PLA [People’s Liberation Army] publications have issued blanket denials such as, ‘The Chinese military has never supported any hacker attack or hacking activities.’ They can’t make that claim anymore.”

Though analyst have always assumed that China was lying about its cyber warfare units, this may be a small step forward to a more transparent PLA. However, the updated version of The Science of Military Strategy came out back in 2013, but it hadn’t been available to foreign experts up until now.

Thank you Gizmodo for providing us with this information

Sony Reportedly ‘Spooked’ It Could Be Victimized by Cyberattack Again

Sony Pictures Entertainment is still trying to recover from a major data breach that saw several movies leaked online, personal employee data stolen, and confidential emails published for the world to see.

It looks like the company is worried it could be victimized again after the scheduled Christmas release of “The Interview,” which features Seth Rogen and James Franco. Considering the FBI noted that 90 percent of companies would likely fall victim to the same type of attack, it will be curious to see if Sony is able to quickly improve its defenses.

“They are spooked,” according to an anonymous government source, when speaking of Sony’s recent experiences following the data breach. The Department of Justice’s National Security Division is investigating the breach, indicating the federal government wants to verify if a foreign state government could be involved.

The FBI hasn’t been able to determine what hacker group is behind the breach, while a group called the “Guardians of Peace” claimed credit. Alleged ties to North Korea, which haven’t been verified, continue to seem like a possible source involved in the attack.

(Image courtesy of The Huffington Post)

Hacker Dodges “440 Year” Sentence

A hacker, charged with 44 felony counts of computer fraud and cyberstalking in the US, has avoided a whopping 440 years in prison.

Fidel Salinas, a 28-year old hacker with links to Anonymous, faced a maximum 10 years in prison for each of his 44 crimes, adding up to a cumulative sentence of 440 years, but prosecutors in the Southern District of Texas have agreed a plea deal with the accused. Under the deal, Salinas will plead guilty to one misdemeanour count of computer fraud, for which he will be liable to pay $10,000 in restitution.

Salinas’ defense attorney, Tor Ekeland, accused prosecutors of misreading the law when their case implied a 440-year sentence, saying, The more I looked at this, the more it seemed like an archetypal example of the Department of Justice’s prosecutorial abuse when it comes to computer crime. It shows how aggressive they are, and how they seek to destroy your reputation in the press even when the charges are complete, fricking garbage.”

Sentencing is scheduled for 2nd February. Salinas could be given a maximum one-year jail sentence, but Ekeland is confident that the restitution will be the only punishment her client will face.

Source: Wired

UK National Crime Agency Arrests Five in Cybercrime Sweep, While Threats Continue

As part of an international operation targeting cybercriminals using remote access tools (RATs) to hijack computers, five people were arrested in the UK. There is an international effort to promote cybersecurity for both consumers and businesses, along with trying to crack down against cybercriminals.

The National Crime Agency (NCA) arrested the five suspects on Nov. 19 and Nov. 20, with a 20-year-old, one 30-year-old, two 33-year-olds, and a 40-year-old suspect detained in the national sweep.

Here is what Andy Archibald, director of the NCA’s National Cyber Crime Unit, said (via press statement):

“This operation demonstrates once again that all of UK law enforcement is working to respond effectively to cyber crime, and together we will continue to collaboratively target those who use technology to misuse other people’s devices, steal their money, or unlawfully access confidential information. Anyone who is tempted to get involved in this type of crime should understand that it can result in prison time, and substantial restrictions on your life afterwards.”

The first layer of protection against installing RAT software, and malware, is to be careful when clicking on links and attachments in emails – or while browsing the Internet. However, cyberattacks are increasing in sophistication, as the criminals behind these operations perfect their craft, with serious money available to them when successful.

Peter Goodman, from the East Midlands Deputy Chief Constable, had this to say:

“Cybercriminals are using very sophisticated technology to breach online security systems and to conceal their digital tracks. However, the police forces in the UK and overseas have the expertise to identify and disrupt those who are determined to access computers in order to steal data or to commit serious offences, wherever they are in the world.”

(Thank you to the NCA for providing us with this information. Image courtesy of NCA Twitter)

Hacker Diverts Traffic from 19 ISPs to Steal a Large Sum of Bitcoins

It is said that researchers over at Dell’s SecureWorks security division have uncovered a series of hacking attempts in which a bitcoin thief redirected a portion of online traffic from 19 ISPs, including data from Amazon, DigitalOcean and OVH, in order to steam digital currency from a group of bitcoin users.

The hijack said to have lasted just 30 seconds, but the hacking attempt is said to have been performed 22 times. On each attempt, the hacker gained control of the processing power of a group of bitcoin miners, redirecting their mining activity towards his private pool. Security researchers say that the hacker was able to pocket a flow of bitcoins and other digital currencies worth roughly $9,000 through the hijacking.

“With this kind of hijacking, you can quite easily grab a large collection of clients,” said Pat Litke, one of the Dell researchers. “It takes less than a minute, and you end up with a lot of mining traffic under your control.”

A technique called BGP is said to have been used, exploiting the border gateway protocol. The hacker took advantage of a staff user account at a Canadian ISP to periodically broadcast a spoofed command that redirected traffic from other ISPs from February throughout May this year. The command, along with miners not checking their rigs to notice the ‘new’ settings, led to the hacker pocketing $83,000 worth of cryptocurrency.

“Some people are more attentive to their mining rigs than others,” said Joe Stewart, a Dell researcher whose own computers were caught up in one victimized mining pool. “Many users didn’t check their setups for weeks, and they were doing all this work on behalf of the hijacker.”

The BGP hijacking method has been discussed as a potential threat to the internet security since 1998. Back then, a group of hackers known as L0pht stated that they could use the attack to take down the entire Internet in 30 minutes. The discussion was followed at the DefCon security conference in 2008 and was later used in 2013 to temporarily redirect a portion of US internet traffic to Iceland and Belarus.

Thank you Wired for providing us with this information