What you need to know for your personal cyber security life…
Number Twelve in a series of semi-regular daily current and topical computer threats that may affect your online, or even offline, digital and real life. Why cyber-security on SurvivalRing? Because EVERYTHING you do in your life everyday now is a part of the cyber world…even your offline plans. So, be aware, and pay attention. The bad guys WILL eventually get around to YOU…personally…so be prepared for it, by staying in the loop.
# # #
“The Mask” Espionage Malware
- By Bruce Schneier
- February 11, 2014
We’ve got a new nation-state espionage malware. “The Mask” was discovered by Kaspersky Labs:
The primary targets are government institutions, diplomatic offices and embassies, energy, oil and gas companies, research organizations and activists. Victims of this targeted attack have been found in 31 countries around the world — from the Middle East and Europe to Africa and the Americas.
The main objective of the attackers is to gather sensitive data from the infected systems. These include office documents, but also various encryption keys, VPN configurations, SSH keys (serving as a means of identifying a user to an SSH server) and RDP files (used by the Remote Desktop Client to automatically open a connection to the reserved computer).
“Several reasons make us believe this could be a nation-state sponsored campaign. First of all, we observed a very high degree of professionalism in the operational procedures of the group behind this attack. From infrastructure management, shutdown of the operation, avoiding curious eyes through access rules and using wiping instead of deletion of log files. These combine to put this APT ahead of Duqu in terms of sophistication, making it one of the most advanced threats at the moment,” said Costin Raiu, Director of the Global Research and Analysis Team (GReAT) at Kaspersky Lab. “This level of operational security is not normal for cyber-criminal groups.”
It’s been in operation, undetected, for at least seven years.
As usual, we infer the creator of the malware from the target list.
We counted over 380 unique victims between 1000+ IPs. Infections have been observed in: Algeria, Argentina, Belgium, Bolivia, Brazil, China, Colombia, Costa Rica, Cuba, Egypt, France, Germany, Gibraltar, Guatemala, Iran, Iraq, Libya, Malaysia, Mexico, Morocco, Norway, Pakistan, Poland, South Africa, Spain, Switzerland, Tunisia, Turkey, United Kingdom, United States and Venezuela.
Based on the prevalence of Spanish-speaking victims, the number of infected victims in Morocco, and the fact that Gibraltar is on the list, that implies Spain is behind this one. My guess is that soon countries will start infecting uninteresting targets in order to deflect blame, but that they still think they’re immune from discovery. So Spain, if it is you, attack a few sites in the Falklands next time — and use a separate tool for Morocco.
# # #
Qatar to establish cyber security committee
- By Courtney Trenwith
- 6 February 2014
Qatar has announced it will establish a national cyber security committee to oversee the country’s fight against cyber crime and prevention strategies.
The committee, which has been approved by the Cabinet, also would be involved in the protection of vital infrastructure and information, communication services and associated database technology.
It will be responsible for safeguarding the nation’s security, financial and economic interests and improve Qatar’s competitiveness capabilities, as well as advise companies, institutions and individuals.
The draft law also requires institutions to establish individual frameworks for dealing with cyber security and to allocate funding within their budgets.
# # #
White hat hackers to gather in Tokyo
- February 10 2014
Computer security experts from Japan and abroad will gather in Tokyo later this month to discuss cutting-edge measures against cyberattacks.
The Code Blue conference will be held February 17 and 18, attended by world-class computer security experts often called “white hat hackers”.
It will be the first such international gathering initiated by Japan, with the exception of corp orate-sponsored conferences. Japanese experts planned the event amid growing concern over a rapid increase in cyberattacks, to present and share information on computer and information security.
The Black Hat is well known among similar international gatherings, attracting nearly 10,000 people every year to listen to presentations by famous hackers. First held in Las Vegas in 1997, the Black Hat meetings are also held in Europe and other countries, but there has not been one in Japan since 2008.
The Code Blue conference was planned by Japanese information security experts and others aiming to hold an event equivalent to the Black Hat in this country. Keynote speeches will be made by Jeff Moss, a legendary hacker who founded the Black Hat and belongs to the US Department of Homeland Security’s Advisory Council, and Chris Eagle, a senior lecturer of computer science at the Naval Postgraduate School in Monterey, California.
# # #
Spy Chief Says Snowden Took Advantage of ‘Perfect Storm’ of Security Lapses
By DAVID E. SANGER and ERIC SCHMITT
- The New York Times
- FEB. 11, 2014
WASHINGTON — The director of national intelligence acknowledged Tuesday that nearly a year after the contractor Edward J. Snowden “scraped” highly classified documents from the National Security Agency’s networks, the technology was not yet fully in place to prevent another insider from stealing top-secret data on a similarly large scale.
The director, James R. Clapper Jr., testifying before the Senate Armed Services Committee, said Mr. Snowden had taken advantage of a “perfect storm” of security lapses. He also suggested that as a highly trained systems administrator working for Booz Allen Hamilton, which provides computer services to the agency, Mr. Snowden knew how to evade the protections in place.
“He knew exactly what he was doing,” Mr. Clapper said. “And he was pretty skilled at staying below the radar, so what he was doing wasn’t visible.”
But Mr. Clapper confirmed the outlines of a New York Times report that the former N.S.A. contractor had used a web crawler, a commonly available piece of software, to sweep up a huge trove of documents.
Mr. Clapper also said, for the first time, that some of the information Mr. Snowden is believed to possess could expose the identities of undercover American operatives as well as foreigners who have been recruited by United States spy agencies. The information Mr. Snowden has released so far through several newspapers and a new digital news organization that began publishing on Monday has not revealed the names of agents or operatives, and it is unclear how much of that information he took with him when he fled the United States. He is now in Russia.