Sign up for our Technology Newsletter 
Is Russia Behind Recent US Malware Attacks?
Comments Off on Is Russia Behind Recent US Malware Attacks?
It would appear that while the US has been blaming China for all its cyber break-ins it appears to be ignoring Tsar Putin’s elite hacking team for the last seven years.
For the past seven years, a cyberespionage group operating out of Russia on the orders of Tsar Putin have been conducting a series of malware campaigns targeting governments, political think tanks and other organizations.
Researchers at F-Secure have been looking into the antics of an outfit called “the Dukes” which has been active since at least 2008. The group has evolved into a methodical developer of “zero-day” attacks, pulling together their own research with the published work of other security firms to provide a more detailed picture of the people behind a long-running family of malware.
The Dukes specialize in “smash and grab” attacks on networks, but have also used subtle, long-term intrusions that harvested massive amounts of data from their targets.
The group’s targets do include criminal organisations operating in the Russian Federation, which suggest there is some form of policing element to it. But they are mostly interested in Western governments and related organisations, such as government ministries and agencies, political think tanks and governmental subcontractors.
F-Secure team wrote. “Their targets have also included the governments of members of the Commonwealth of Independent States; Asian, African, and Middle Eastern governments; organisations associated with Chechen terrorism; and Russian speakers engaged in the illicit trade of controlled substances and drugs.”
The group was named after its earliest-detected malware, known as PinchDuke. Its targets were associated with the Chechen separatist movement. Later that year they were going after Western governments and organisations in search of information about the diplomatic activities of the United States and the NATO.
Most of the attacks used spear phishing emails as the means of injecting malware onto targeted systems, one of their attacks have spread malware through a malicious Tor exit node in Russia, targeting users of the anonymising network with malware injections into their downloads.
The targets have always followed Russian government interests. There are a number of Russian-language artifacts in some of the malware, including an error message in PinchDuke. GeminiDuke also used timestamps that were adjusted to match Moscow Standard time.
Before the beginning of the Ukraine crisis, the group began using a number of decoy documents in spear phishing attacks that were related to Ukraine. They included a letter undersigned by the First Deputy Minister for Foreign Affairs of Ukraine.
However, after the crisis happened the attacks dropped off suggesting that it was an intelligence gathering operation. It is also a big operation, which, if operating in Russia would most likely require state acknowledgement, if not outright support.
Source-http://www.thegurureview.net/computing-category/is-russia-behind-us-malware-attacks.html
Are CCTV Cameras Hackable?
June 28, 2013 by admin
Filed under Around The Net
Comments Off on Are CCTV Cameras Hackable?
When the nosy British bought CCTV cameras, worried citizens were told that they could not be hacked.
Now a US security expert says he has identified ways to remotely attack high-end surveillance cameras used by industrial plants, prisons, banks and the military. Craig Heffner, said he discovered the previously unreported bugs in digital video surveillance equipment from firms including Cisco, D-Link and TRENDnet.
They could use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems. Heffner said that it was a significant threat as somebody could potentially access a camera and view it. Or they could also use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems.
He will show how to exploit these bugs at the Black Hat hacking conference, which starts on July 31 in Las Vegas. Heffner said he has discovered hundreds of thousands of surveillance cameras that can be accessed via the public internet.
1 In 5 U.S. PCs Have No Antivirus Protection
Comments Off on 1 In 5 U.S. PCs Have No Antivirus Protection
Nearly a fifth of Windows PCs in the U.S. lack any active security protection, an antivirus vendor stated on Wednesday, citing numbers from a year-long project.
“The scale of this is unprecedented,” argued Gary Davis, the director of global consumer product marketing for McAfee, talking about the scope of his company’s sampling of PC security.
McAfee took measurements from scans of more than 280 million PCs over the last 12 months, and found that 19.3% of all U.S. Windows computers browsed the Web sans security software. Owners of those systems downloaded and used McAfee’s free Security Scan Plus, a tool that checks for antivirus programs and enabled firewalls.
Globally, the average rate was 17%, putting the U.S. in the top 5 most-unprotected countries of the 24 represented in the scans.
Of the unprotected PCs in the U.S., 63% had no security software at all, while the remaining 37% had an AV program that was no longer active. The latter were likely trial versions of commercial antivirus software that had expired.
Antivirus trials are a fact of life in the Windows world. Most new machines come with security software that runs for a limited time. Some new Dell PCs, for example, come with a 30-day trial of McAfee’s Security Center program.
Symantec’s Virus Code Hacked
Symantec is looking into an Indian hacking group’s claims that it accessed source code used in the company’s flagship Norton Antivirus program.
A spokesman for the company on Thursday said that one claim by the group was false, while another is still being investigated.
Meanwhile, the Indian group, which calls itself Lords of Dharmaraja, has threatened to publicly disclose the source code very soon.
On Wednesday, the group posted on Pastebin what it claimed was confidential documentation related to Norton AntiVirus source code. A review of the material showed what appears to be a description of an application programming interface (API) for Symantec’s AV product.
The group also posted what it claimed was the complete source code tree file for Norton Antivirus. That document appears to have been taken down.
‘Yama Tough,’ the hacker who posted the documents, released at least two more on Google+ allegedly related to Symantec source code. One of the documents appears to be a detailed technical overview of Norton Anti-Virus, Quarantine Server Packaging API Specification, v1.0. The other document, from 2000, describes a Symantec Immune System Gateway Array Setup technology.
.