Is Our Back Door Open?

Gee, I wonder which computer component manufacturing country might be responsible for this? Hmmm, let me think.

(you might want to skip to 51:47)

U.S. Suspects Contaminated Foreign-Made Components Threaten Cyber Security

Some foreign-made computer components are being manufactured to make it easier to launch cyber attacks on U.S. companies and consumers, a security official at the the Department of Homeland Security said.

“I am aware of instances where that has happened,” said Greg Schaffer, who is the Acting Deputy Undersecretary National Protection and Programs Director at the DHS.

Schaffer did not say where specifically these components are coming from or elaborate on how they could be manufactured in such a way as to facilitate a cyber attack.

But Schaffer’s comment confirms that the U.S. government believes some electronics manufacturers have included parts in products that could make U.S. consumers and corporations more vulnerable to targeted cyber attacks.

A device tampered with prior to distribution or sale could act as a “Trojan horse” in the opening wave of an international cyberwar. Contaminated products could be used to jeopardize the entire network.

See also:
DHS: Imported Consumer Tech Contains Hidden Hacker Attack Tools
Tomorrow’s cyberwarfare may be carried out by pre-infected electronics: DHS
Malware Comes with Many Gadgets, Homeland Security Admits
Supply chain security – DHS finds imported software and hardware contain attack tools
U.S. official says pre-infected computer tech entering country
Homeland Security Admits Hidden Malware in Foreign-Made Devices
Homeland Security Finds Your Electronic Device Poses Risks?
Threat of destructive coding on foreign-manufactured technology is real
Homeland Security Official: Some Foreign-Made Electronics Compromise Cybersecurity
White House’s Cyberspace Policy Review (PDF)

So, Mr. Schaffer “did not say where specifically these components are coming from.” Well, here, let me help, it’s obviously China. There, how hard was that? The next question is, what are we doing about it?

Our national power grid, electronics infrastructure, you name it, very few of the critical components are manufactured in the U.S. anymore and if there exists a series of back doors, enabling a hostile country, like China, to preemptively take it all down at once, we’re in serious, catastrophic trouble territory, so far up the proverbial [expletive deleted] creek without a paddle we’re no longer visible. And we’d be down for the count too, because we don’t have the U.S. manufacturing capability to pick ourselves up off the canvas

/the end game scenario this revelation portends would make Pearl Harbor look like a sorority pillow fight

Advertisements

Night Dragon Strikes

How many intrusions by Chinese hackers does it take and how much technology data has to be stolen before U.S. companies start seriously defending themselves?

‘Sloppy’ Chinese hackers scored data-theft coup with ‘Night Dragon’

Chinese hackers who were “incredibly sloppy” still managed to steal gigabytes of data from Western energy companies, a McAfee executive said today.

“They were very unsophisticated,” said Dmitri Alperovitch, vice president of threat research at McAfee, speaking of the attackers. “They were incredibly sloppy, made mistakes and left lots of evidence.”

The attacks, which McAfee has dubbed “Night Dragon” and had tracked since November 2009, may have started two years earlier. They are still occurring.

Night Dragon targeted at least five Western oil, gas and petrochemical companies, all multinational corporations, said Alperovitch, who declined to identify the firms. Some are clients of McAfee, which was called in to investigate.

According to McAfee, the attacks infiltrated energy companies’ networks, and made off with gigabytes of proprietary information about contracts, oil- and gas-field operations, and the details on the SCADA (supervisory control and data acquisition) systems used to manage and monitor the firms’ facilities.

See also:
McAfee: Night Dragon Cyber-Attack Unsophisticated but Effective
‘Night Dragon’ Attacks From China Strike Energy Companies
Oil Firms Hit by Hackers From China, Report Says
Chinese hackers targeted energy multinationals, claims McAfee
Night dragon attacks petrol companies
China-based hackers targeted oil, energy companies in ‘Night Dragon’ cyber attacks, McAfee says
Hackers in China have hit oil and gas companies: McAfee report
Chinese hackers steal “confidential information” of five global oil companies: McAfee
Chinese Technician Denies Knowledge of Hacking
China Hacks Big Oil
Chinese hackers break into five oil multinationals
Chinese hackers ‘hit Western oil firms’

Repeat after me, China is not our friend. They don’t create innovative technology, they steal it. Hacking in China is a state-sponsored industry. Furthermore, the oil and gas industry is critical infrastructure, vital to our national security.

/these were unsophisticated attacks, meant only to steal data, and these energy companies couldn’t defend against them, what will happen when Chinese hackers unleash much more sophisticated attacks against our energy infrastructure, with the intent to inflict maximum damage and destruction?

Cyberwar Fail

Okay, so it was pretend, could have been more realistic, and adding the natural disasters was a bit much, but today’s Cyber ShockWave proved a point, the United States is not ready to defend herself against an organized, large scale cyber-attack. The Chinese, Russians, and a myriad of other state and criminal entities probe our cyber-defenses 24 hours a day, seven days a week, looking for weaknesses. If one or more of these actors decided to launch a coordinated, sustained cyber-assault, we could be brought down to our economic knees in a crippling world of infrastructure cyberhurt.

Report: The Cyber ShockWave and its aftermath

When it comes to the protection of the nation’s infrastructure, the government is lacking in several areas. While they have the ability to act offensively, if they know who the enemy is, the trick is to collect enough information and retaliate without violating domestic and foreign policy and law. The Tech Herald was in Washington D.C. on Tuesday to witness Cyber ShockWave. Here’s what we walked away with.

What happened?

Cyber ShockWave started with a vulnerability in the operating systems used by various Smartphones. Thanks to a malicious application, celebrating the NCAA’s March Madness, Spyware was loaded onto Smartphones that included a keylogger and data intercept component. The application was then used to funnel millions of dollars to banks overseas. From there, the data and money snatching application morphs, and the malicious application turns the infected devices into bots and adds them to a telecommunications botnet.

The bots start to download videos showing The Red Army. The downloads and resulting spread of the video result flood the data networks of the major carriers, and slow them to a crawl before crippling them altogether. After that, the Malware on the Smartphones starts to replicate, thanks to sync programs linking information from the phone to a computer. Now that the computers are infected, the ISPs face the same issue the telecoms faced. In the end, both communications systems are crippled.

If this wasn’t enough, weather patterns resulting in a heat wave and hurricanes stress the electrical system. This is where things go south, on a major scale. A hurricane wrecks the petroleum refining and natural gas processing centers, and a stressed electrical grid is hurt more by Improvised Explosive Devices (IEDs) and what is assumed to be a Malware attack on the Secure Trade power trading platform.

Both incidents are deemed critical, and the former top US officials debated how to respond for most of the event. The problem is that by the end of the debates, during both sessions, there were no real answers.

Behold the confusion that is Cyber ShockWave

Can we nationalize the U.S. power system? Should the National Guard be called out? The FBI reports that they have traced the services used in the March Madness application to Russia, is retaliation called for? Two IEDs were detonated in two different power facilities, is it terrorism? According to a GNN (the news source for media information during the event), there was a cyber component to the electrical outage, later assumed to be related to patches on the Secure Trade software. Was this the work of an insider? These were the topics of note, and the confusion only led to more questions and few answers.

The downside to the ShockWave, as it were, is that there were just too many levels of attack at the same time. The Cyber ShockWave exercise was to create a possible attack scenario, but not one that is total chaos. However, by adding the botnet side to the telecom attack, adding in natural disasters as well as potential terrorism on and offline, they added too much to the “Perfect Storm” that they kept referring to it as.

The malicious application causing harm to telecom and ISP networks is one scenario that is highly likely, as more and more applications make it to market and more and more people switch to Smartphones. The odds of this happening at the same time that the power grid is attacked, and a hurricane kills off oil and gas production, is simply too high to compute.

The point of it all

The main point to take away from Cyber ShockWave, at least how we see it, is that there needs to be a solid level of cooperation inside the government first, and then after that, between the government and private sector. There is no “I” in team, and when it comes to protecting the assets within the backbone of the Internet, both private and government entities have a lot to look after.

One interesting point came up when debating the Russian server, the one the FBI said was linked to the telecom attacks. Why doesn’t the government simply shut it down? The reason is that doing so could be considered an act of war. No one knows, because there is no policy or precedence of such an action.

The mirror side to this would be the question, what if the Russian server was a jumping point to a server in the U.S.? If so, can we shut it down then? What would be the reasoning? While killing a server in a foreign country could be perceived as an act of aggression, doing so on our own soil could be a violation of various laws, unless a state of emergency is ordered. Once that happens, according to the panel, the President has a good deal of leeway.

There are few limits to what the government can do in response to a threat to national security. What limits that exist are those enforced by policy and U.S. law. What this means is that while there were several ideas passed around, many of them are without precedence, so they couldn’t be acted on.

For example there was a patch for the Smartphones, one that would fix the Malware issue. Yet, only 50-percent of consumers applied it. To prevent further attacks to the telecommunications system, you can ask the people to stop using phones, or simply force them to stop using them by turning them off. If the issue was forced, and the government did something to turn the phones off, then there would be serious consequences to deal with later.

In the end, the Bipartisan Policy Center, who put Cyber ShockWave together, had hoped that the gaps existing within the law and government policy related to cybercrime and cyberattacks would be exposed. The got their wish, as gaps in both areas were exposed. But when it comes to balance between the private and government sectors and security, it takes more than policy to make it work.

It would have added a ton of weight to the exercise if there was some sort of consultation with energy companies or telecom representatives. They were absent during the mock attacks, and their absence was felt when you consider that by the time the President was “briefed”, there was no solid plan of action as to how to deal with and recover from the incidents.

There were some smart and skilled people on the panel. Yet, the scripting made the panel come off as clueless when it came to the reach, intelligence, and overall skill of foreign attackers. The current cyber capacities of the various international terrorist groups were left completely off the table.

Overall, the Cyber ShockWave was more media hype than actual intelligence and insight. We had hoped to see some of the political heavyweights on the panel act with their full capacity and experience, but they either couldn’t or opted not to. If anything, the federal employees who attended learned that managing IT in the public world, and dealing with threats there, is nothing like attempting the same feat within the federal government.

See also:
U.S. Isn’t Prepared for Massive Cyber Attack, Ex-Officials Say
War game reveals U.S. lacks cyber-crisis skills
In a doomsday cyber attack scenario, answers are unsettling
Washington Group Tests Security in ‘Cyber ShockWave’
US networks and power grid under (mock) cyber-attack
Cyberattack simulation highlights vulnerabilities
Former officials war-game cyberattack
Former Government Officials Gather to Rehearse Cyberwar
Former top U.S. officials hold cyberattack exercise
Cyber ShockWave cripples computers nationwide (sorta)
Cyber Shockwave : Cyber-Attack to Test Government Response
Is The U.S. Ready For A Cyberwar?
25 ways to better secure software from cyber attacks
It’s Your Cyberspace Too, So Take Care Of It
Bipartisan Policy Center

/remember, this was only a test, had this been an actual emergency we would have been seriously [expletive deleted]

The Cyberwar Rages 24/7

Corporations’ cyber security under widespread attack, survey finds

Around the world, corporations’ computer networks and control systems are under “repeated cyberattack, often from high-level adversaries like foreign nation-states,” according to a new global survey of information technology executives.

The attacks include run-of-the-mill viruses and other “malware” that routinely strike corporate defenses, but also actions by “high-level” adversaries such as “organized crime, terrorists, or nation states,” a first-time global survey by the Center for Strategic and International Studies (CSIS) in Washington has found. More than half of the 600 IT managers surveyed, who operate critical infrastructure in 14 countries, reported that their systems have been hit by such “high-level” attacks, the survey concludes.

A large majority, 59 percent, said they believed that foreign governments or their affiliates had already been involved in such attacks or in efforts to infiltrate important infrastructure – such as refineries, electric utilities, and banks – in their countries.

Such attacks, the survey said, include sophisticated denial-of-service attacks, in which an attacker tries to so overwhelm a corporate network with requests that the network grinds to a halt.

But they also include efforts to infiltrate a company. Fifty-four percent of the IT executives said their companies’ networks had been targets of stealth attacks in which infiltration was the intent. In two-thirds of those cases, the IT managers surveyed said company operations had been harmed.

The IT managers also believed that these “stealthy” attacks were conducted by “nation states” targeting their proprietary data, says the survey’s main author, CSIS fellow Stewart Baker, in a phone interview. Mr. Baker is a cybersecurity expert formerly with the Department of Homeland Security and National Security Agency.

“It’s all the same kind of stuff – spear-phishing, malware, taking over the network and downloading-whatever-you-want kind of attack,” he says. “Over half of these executives believe they’ve been attacked with the kind of sophistication you’d expect from a nation state.”

The CSIS report describes such attacks as “stealthy infiltration” of a company’s networks by “a high-level adversary” akin to a “GhostNet,” or large spy ring featuring “individualized malware attacks that enabled hackers to infiltrate, control and download large amounts of data from computer networks.” The GhostNet attacks, which Canadian researchers attributed to Chinese state-run agencies, bear similarities to recent attacks on Google and other high-tech companies, Baker says. Google attributed attacks on it to entities in China.

Read the report:
In the Crossfire: Critical Infrastructure in the Age of Cyber War

See also:
In the Crossfire: Critical Infrastructure in the Age of Cyber War
Report: Critical Infrastructures Under Constant Cyberattack Globally
Utilities, Refineries and Banks Are Victims of Cyber Attacks, Report Says
Critical Infrastructure under Siege from Cyber Attacks
Critical Infrastructure Vulnerable To Attack
Critical Infrastructure Security a Mixed Bag, Report Finds
Report shows cyberattacks rampant; execs concerned
Key infrastructure often cyberattack target: survey
Critical infrastructure execs fear China
SCADA system, critical infrastructure security lacking, survey finds

Ironically, the more dependent we become on interconnected network technology, the more vulnerable we become too.

/so keep your fingers crossed and your computers patched against hacking and intrusion, at least you can do your part to avoid being part of the problem

Peek A Boo, China Is Waging Undeclared War On You

Is your computer acting squirrelly, your internet connection spotty? It might not be Microsoft after all, it could be Chinese military sponsored hackers.

Congressional commission focuses on China’s cyberwar capability

In war and possibly in peace, China will wage cyberwar to control the information flow and dominate the battle space, according to a new report compiled for a congressional commission.

Chinese military strategists see information dominance as the key to overall success in future conflicts and will continue to expand the country’s computer network exploitation capabilities, according to the report, titled “Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation.” The report was prepared for the U.S.-China Economic and Security Review Commission under contract by Northrop Grumman’s Information Systems Sector.

In a conflict, China will likely target the U.S. government and private industry with long-term, sophisticated computer network exploitation and intelligence collection campaigns, the report concludes. U.S. security agencies can expect to face disciplined, standardized operations; sophisticated techniques; high-end software; and a deep knowledge of the U.S. networks, according to the report (PDF).

The strategy employed by the People’s Liberation Army–China’s military organization–is to consolidate computer network attacks with electronic warfare and kinetic strikes, creating “blind spots” in enemy systems to be exploited later as the tactical situation warrants, according to the report. The strategy, which has been adopted by the world’s other technologically inclined armies, is referred to by the PLA as “Integrated Network Electronic Warfare,” the report stated.

The emphasis on information warfare has forced the PLA to recruit from a wide swath of the civilian sector, according to the report. As is the case with the U.S. military and its new Cyber Command, the PLA looks to commercial industry and academia for people possessing the requisite specialized skills and pasty pallor to man the keyboards. And although it hints broadly at it, the report offers no evidence of ties between the PLA and China’s hacker community.

The U.S.-China Economic and Security Review Commission reports and provides recommendations to Congress on the national security implications of the bilateral trade and economic relationship between the United States and the People’s Republic of China.

China Expands Cyberspying in U.S., Report Says

The Chinese government is ratcheting up its cyberspying operations against the U.S., a congressional advisory panel found, citing an example of a carefully orchestrated campaign against one U.S. company that appears to have been sponsored by Beijing.

The unnamed company was just one of several successfully penetrated by a campaign of cyberespionage, according to the U.S.-China Economic and Security Review Commission report to be released Thursday. Chinese espionage operations are “straining the U.S. capacity to respond,” the report concludes.

See also:
Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation
Evidence Points To China In Cyber Attacks
Report: China building cyberwarfare capabilities
Security report finds Chinese cyberspying threat growing
U.S. report says China engages in cyber warfare
China fingered in cyberattack on mystery high tech co.
‘Huawei continues to receive preferential funding from China’s army’, says US Commission
United States-China Economic and Security Review Commission

/I sure hope Obama and company are putting at least as much time and energy into fighting this undeclared cyberwar with China as they are prosecuting their childish, whiny, crybaby media war against Fox News

North Korea And Friends Want To Play Computer Games

I can only hope we’re winning this game and not playing nice while doing it.

U.S., South Korea Targeted in Swarm Of Internet Attacks

U.S. and South Korean authorities yesterday were investigating the source of attacks on at least 35 government and commercial Web sites in the two countries, officials said.

In the United States, the attacks primarily targeted Internet sites operated by major government agencies, including the departments of Homeland Security and Defense, the Federal Aviation Administration and the Federal Trade Commission, according to several computer security researchers. But The Washington Post’s site was also affected.

South Korea’s main spy agency, the National Intelligence Service, said in a statement that it thought the attacks were carried out “at the level of a certain organization or state” but did not elaborate. The South Korean news agency Yonhap and the JoongAng Daily, a major newspaper in Seoul, reported that intelligence officials had told South Korean lawmakers that North Korea or its sympathizers were prime suspects. A spokesman for the intelligence service said that it could not confirm the report.

The attacks were described as a “distributed denial of service,” a relatively unsophisticated form of hacking in which personal computers are commanded to overwhelm certain Web sites with a blizzard of data. The effort did not involve the theft of sensitive information or the disabling of crucial operational systems, government and security experts said. But they noted that it was widespread, resilient and aimed at government sites.

Earlier this year, a number of South Korean news organizations reported that North Korea was running a cyberwarfare unit targeting military networks in South Korea and the United States. And North Korea, along with other countries, is known to be looking into U.S. cybersecurity capabilities and vulnerabilities, said Daniel T. Kuehl, an expert on information warfare at National Defense University.

See also:
US and S Korea fall victim to cyber-attack
US officials eye North Korea in cyber attack
North Korea a suspect in cyber attacks in US
North Korea may be behind White House cyberattack
Cyber Attack Finds More Targets
The U.S.-South Korea Cyberattack: How Did It Happen?
How a Brute-Force Cyberattack Works
National Intelligence Service
National Intelligence Service (South Korea)
National Defense University
National Defense University
Why Are We Not Stomping North Korea’s Guts Out?

Gee, with all their belligerent shenanigans lately, you’d think North Korea was really anxious to get their asses kicked.

/the question is, will we oblige them?

Powered By Microsoft Windows

With Bill Gates and crew protecting our ATMs with Windows, just thank God your bank accounts are insured by the FDIC up to $250,000.

ATM Vendor Halts Researcher’s Talk on Vulnerability

An ATM vendor has succeeded in getting a security talk pulled from the upcoming Black Hat conference after a researcher announced he would demonstrate a vulnerability in the system.

Barnaby Jack, a researcher with Juniper Networks, was to present a demonstration showing how he could “jackpot” a popular ATM brand by exploiting a vulnerability in its software.

Jack was scheduled to present his talk at the upcoming Black Hat security conference being held in Las Vegas at the end of July.

But on Monday evening, his employer released a statement saying it was canceling the talk due to the vendor’s intervention.

“Juniper believes that Jack’s research is important to be presented in a public forum in order to advance the state of security,” the statement read. “However, the affected ATM vendor has expressed to us concern about publicly disclosing the research findings before its constituents were fully protected. Considering the scope and possible exposure of this issue on other vendors, Juniper decided to postpone Jack’s presentation until all affected vendors have sufficiently addressed the issues found in his research.”

In the description of his talk on the conference web site, Jack wrote that, “The most prevalent attacks on Automated Teller Machines typically involve the use of card skimmers, or the physical theft of the machines themselves. Rarely do we see any targeted attacks on the underlying software. This presentation will retrace the steps I took to interface with, analyze, and find a vulnerability in a line of popular new model ATM’s. The presentation will explore both local and remote attack vectors, and finish with a live demonstration of an attack on an unmodified, stock ATM.”

Jack did not disclose the ATM brand or discuss whether the vulnerability was found in the ATM’s own software or in its underlying operating system. Diebold ATMs, one of the most popular brands, runs on a Windows operating system, as do some other brands of ATMs.

Diebold did not respond to a call for comment.

Earlier this year, Diebold released an urgent alert (.pdf) announcing that Russian hackers had installed malicious software on several of its Opteva model ATMs in Russia and Ukraine. A security researcher at SophosLabs uncovered three examples of Trojan horse programs designed to infect the ATMs and wrote a brief analysis of them. Last month another security research lab, Trustwave’s SpiderLabs, provided more in-depth analysis of malware used to attack 20 ATMs in Russia and Ukraine of various brands.

According to SpiderLabs, the attack required an insider, such as an ATM technician or anyone else with a key to the machine, to place the malware on the ATM. Once that was done, attackers could insert a control card into the machine’s card reader to trigger the malware and give them control of the machine through a custom interface and the ATM’s keypad.

The malware captured account numbers and PINs from the machine’s transaction application and then delivered it to the thief on a receipt printed from the machine in an encrypted format or to a storage device inserted in the card reader. A thief could also instruct the machine to eject whatever cash is inside the machine. A fully loaded ATM can hold up to $600,000.

It’s unclear if the talk Jack was scheduled to give addresses the same vulnerability and malware or a new kind of attack.

See also:
Juniper Nixes ATM Security Talk
ATM vendor gets security talk pulled from conferences
Researcher barred from demoing ATM security vuln
Jackpotting ATM Machines courtesy of the Jolly Roger
Barnaby Jack
Barnaby Jack
Embedded Problems
Exploiting Embedded Systems, Blackhat 2006 (Barnaby Jack)
Black Hat ® : The World’s Premier Technical Security Conference
Black Hat ® Technical Security Conference: USA 2009
Juniper Networks
SophosLabs
SpiderLabs — About Us — Trustwave
Diebold

Jackpotting ATMs, kind of like playing a slot machine where you win first time, every time and it pays out in twenties.

/all I can say is that I’m sure glad Barnaby Jack is one of the good guys