Issue No. 3 | March 2014
Cyber security monthly newsletter
In late February, Sergey Zheleznyak, a member of the United Russia party and vice speaker of the State Duma, proposed a bill to limit Internet access not only to films, but also to any pirated content online.
Russian Federal Service for Technical and Export Control issues draft order
The Russian Federal Service for Technical and Export Control (FSTEK) has issued a draft order approving information security requirements for automated business and production process management systems used at critical and hazardous facilities, as well as at facilities exposed to risks that may result in catastrophic health and environmental damages.
Legislative news and regulatory recommendations
A DoS, or DDoS, attack can be best explained with an analogy. Several times a week, the world’s oceans may produce single, abnormally huge waves that are unlike regular waves. They occur spontaneously, reaching as high as 100 feet (30 metres) on a calm sea. When bumping against a vertical wall of water, a ship, however big, is unlikely to stay afloat (disaster film Poseidon illustrates a similar situation). The Internet, with its waves of information, is similar to an ocean. Similarly, a website can get caught in a storm as a result of a DoS attack. Such attacks are often referred to as flooding attacks.
The situation with mobile application keyloggers is getting more attention in the mobile world. Jailbroken mobile devices with IOS 7 have been known for some time to be vulnerable to keyloggers, who register user gestures and button presses and transfer this information to miscreants. Now, non-jailbroken IOS devices also fall under this threat.
In 2013, SplashData published the annual top 25 most common passwords leaked onto the Internet. Adobe's "leaky" database has also contributed to this list. 'Password' is now only second to '123456', a second-time top winner.
The Russian Federation Council held a parliamentary session to discuss hot issues related to child safety on the Internet.
According to Microsoft's Security Advisory 2953095 (SA 2953095), hackers may carry out targeted attacks by exploiting a new memory-corruption cross-Word (2003-2007-2010-2013) 0day vulnerability (CVE-2014-1761) to remotely execute a malicious code. A specially crafted Rich Text Format (RTF) is used to execute the code, via either a flawed MS Word version or as a user views an MS Outlook message containing the malicious RTF. Although attackers have used MS Word 2010 exploits, the remote code execution flaw also exists in Microsoft Word 2003, 2007, 2013, Word Viewer and Office for Mac 2011.
Today, it is almost impossible to guarantee the safety of either corporate or user data kept on e-mail services, PCs and cloud storage. An e-mail service can be hacked. Data from a laptop, either yours or your colleague's, can be copied and used by other employees for their own purposes. Is there a way to protect your information? Although no company can give you an iron-clad guarantee of the safety of your data, there is still a way forward: you can use encryption to protect your data.
I would like to briefly discuss here the standard recently issued by the Bank of Russia (also discussed in my report). The standard explains that the life cycle of a banking software system consists of seven stages, spanning from system specifications to decommissioning. In my report, I use real-life stories about attacks to show how trends related to these attacks could have been reversed if banks had started to apply this standard earlier.
Alfa Bank's Internet resources are unavailable. There are also issues with its ATM network. According to information published by Alfa Bank on its official Facebook page, the problem is due to "issues on the provider side."
The antivirus industry reports increased malicious activities targeting online banking services. According to antivirus experts, bank websites have seen an increase not only in hacking but also in DDoS attacks.
Having launched large-scale stress tests for 128 of the largest Eurozone banks, the European Central Bank is now concerned about how to maintain the confidentiality of the test results. In particular, Eurozone bankers are concerned about potential leaks that may take place before the official reviews of balance sheets are published, giving rise to speculations and complicating life for investors, according to a Banki.ru reporter in Brussels.
QIWI, a payment system provider, has found that 687 of its user accounts have been hacked, with 88 million rubles stolen by hackers.
A hacking group claiming that it represents Anonymous in Ukraine has leaked data from 7 million holders of Visa, MasterCard, American Express and Discover cards, including names, online. The hackers wrote about the data dump on their Twitter blog. After downloading the leaked files, Vedomosti, a Russian business daily, noted that the files contained information looking like credit card data.
Internet and telecommunications
The CEO of Meetup received a rather unusual e-mail message saying "your competitor has asked me for a DDoS attack at your website. I can stop it for USD 300. Let me know if you are interested." Before the CEO could read the message, a 8.2 Gbps DDoS attack launched against the site, causing it to crash.
Recently, a problem has been found with a Norwegian telecommuncations carrier NextGenTel, making the I-will-hunt-you-down-by-your-IP threat quite real. Software installed on NextGenTel routers exploited user IPs to show telephone numbers in a browser.
A massive DDoS attack has been waged on thousands of WordPress-driven websites.
According to news from the Intercept, an online publication, the U.S. National Security Agency has used Facebook to infect users' computers.
If you try to access the home page at Lenta.ru, you come up against a message telling you that the "website is unavailable." The website is now functional; however, some pages may occasionally fail when accessed.
On 15 March, Saturday evening, hacker group CyberBerkut attacked NATO's websites, protesting against "NATO's invasion" into Ukraine. The attackers wrote about the attack on their webpage.
According to a report by the New York Times, the NSA has had access to the servers of Chinese company Huawei for several years.
The Russian Internet, known as RuNet, has started a real-time map service that shows cyber threats as they occur across the world. Kaspersky Lab's press service, which is responsible for launching the map, says that the interactive map will show the activity of e-mail and online antivirus tools, as well as vulnerabilities and network attacks as they are identified.
Industry and services
According to messages published on Twitter and Cyberguerrilla.org on 6 March, hackers who claim to be part of the Anonymous movement have published the internal archives of state-owned company RusOboronExport (Russian Defense Export).
The Delhi police have had no complaints from citizens for 8 years, and it is not because of their perfect track record: a lost password prevented them from accessing their complaint data base the entire time.
According to Google, its Gmail team has decided to start encryption for Gmail traffic between its data centers. The encryption is generally aimed at protecting personal user data from being spied on by North Korea, the NSA, and similar intelligence services engaged in traffic interception and analysis.
In Seattle, the FBI has arrested Alexey Kibkalo, a Russian programmer suspected of disclosing Microsoft trade secrets.
The Syrian Electronic Army has leaked interesting information that the FBI seems to pay Microsoft, whose invoices have been obtained by the hackers, for each information request about Microsoft customers.
This article offers a review of CAdES (CMS Advanced Electronic Signatures). It is based on both my personal theoretical research and my experience with implementation and verification of CAdES signatures.
Cell tower setup costs comprise a significant portion of a carrier's expenditure, which is why carriers seek to lower costs incurred to build and operate 3G/4G networks. They can also do so by using new technology: Networks have evolved ATM connectivity to SDH/SONET, DSL, IP/MPLS and metro Ethernet.
Apple has recently made a serious mistake, leaving an excessive unconditional 'goto' command in the middle of the SSLVerifySignedServerKeyExchange function that verifies a server signature when setting up an SSL connection. The result was that the function completed its operation successfully without actually verifying the signature.
This post is about finger-written signatures used to authenticate individuals. This technology has been attracting huge interest as touchscreen mobile devices become more widespread. Just imagine opening an e-mail and putting down your finger signature so that you instantly have a legally valid document ready to be sent back to your addressee. While in other countries this technology has been around for quite some time, in Russia the only trusted form of signature is either a hand-written signature put on a paper document or an officially registered digital signature on an electronic document.
FEAL may be even more robust than DES. Unlike DES with its 56-bit key, FEAL has an increased key length of 64 bits, making key search more difficult. Unlike DES, FEAL offers an additional advantage: almost random cyphertext distribution.
Learn something new: cyber security technology updates
A Team of US researchers at UC Berkeley conducted a study on the HTTPS traffic analysis of ten widely used HTTPS-secured Web sites with surprising results.
Mark Sparshott, director at Proofpoint, explained that cybercrime manages phishing emails using techniques similar to those used by the marketing industry.
The Military Cyber Spending reserved by the Pentagon for cyber operations next year is $5 Billion, part of the comprehensive $496 billion fiscal 2015 budget.
TURBINE is the codename for a sophisticated hacking platform to take control of C&C servers managed by cybercrime. The NSA has been hijacking the botnets managed by cybercrime to its own purpose, this is the last revelation on questionable activities of the agency.
Hackers brought down several public NATO websites, the alliance said on Sunday, in what appeared to be the latest escalation in cyberspace over growing tensions over Crimea.
Once modest of pay and profile, risk experts are being reborn as rock stars of the banking world - their status and salaries soaring as regulators force financial institutions to clean up.
A group of enterprising cyber criminals have figured out how to get cash from a certain type of ATM -- by text message. The latest development was spotted by security vendor Symantec, which has periodically written about a type of malicious software it calls "Ploutus" that first appeared in Mexico.