U.S. Security Company Tracks Hacking To Chinese Army Unit {VIDEO}

The building housing Unit 61398 of the People’s Liberation Army is on the outskirts of Shanghai. A U.S. security firm claims that cyberattacks against more than 140 targets in the U.S. and other countries have been traced to the Chinese military unit in the building.

Cyberattacks on dozens of American companies have been traced to an area on the outskirts of Shanghai that houses a Chinese military unit, according to a report out Tuesday by Mandiant, a U.S. cybersecurity company.

The 60-page document, first reported by The New York Times, says the group behind the attacks — nicknamed “Comment Crew” — is the most prolific the company has ever tracked and has been hacking U.S. companies since at least 2006.

Mandiant says the hackers’ real identity is Unit 61398 of China’s People’s Liberation Army, or PLA.

READ MORE: http://www.npr.org/2013/02/19/172373133/report-links-cyber-attacks-on-u-s-to-chinas-military

 

34.519940 -105.870090

Experts Warn US Vulnerable To Cyber ‘Pearl Harbor’

Experts Warn US Vulnerable To Cyber ‘Pearl Harbor’.

34.519940 -105.870090

CHINA HACKS WHITE HOUSE FOR NUCLEAR COMMANDS

White House Hack Attack | Washington Free Beacon.

FBI COMPUTER VIRUS SWEEPING ACROSS NATION

 

New nasty demands $200 payment to ‘unlock’ PC

• Remove FBI DNS Changer.How to Remove DNS Changer Virus. FBI DNS Changer Removal Instructionwww.spywareremove.com

There’s a nasty computer virus going around that shocks users by putting on the screen a claim that the FBI and the federal government has taken control of the computer because it has been linked to illegal activity.

Further, it controls the computer’s Web camera and makes it look like an image of the user is being streamed to the government.

“It is scary. The first time we saw it we jumped back and said, ‘Hey, what is going on?’” Alex Diaz, with Top Tech Experts, told KTRK-TV in Houston.

The latest wave of attacks has hit the Republican National Convention in Tampa, where numerous computer users lined up at computer centers for help removing the malicious software.

Diaz told the Houston station the new FBI scam tries to convince users that they have done something wrong and have been caught.

It then demands that the user purchase a pre-paid debit card for $200 and enter the card number so the “fine” can be paid and the computer unlocked.

“With anything that you see with FBI warnings, you want to be alarmed and read it properly, but do not send any money,” Diaz advised the station. “The FBI is not taking money from you, or wanting any money from you in that manner.”

Federal investigators confirm it’s just a new twist on an old theme used by scammers – scaring people into sending them money.

But technical experts say the computer effectively is worthless until the virus can be cleaned.

The The Hillsboro, Kan., Star-Journal reported that local computer users were being threatened for “owning or distributing copyrighted material, pornography, or malware.”

The virus also threatens criminal action for those who fail to pay.

Several anti-virus program companies already were addressing the concerns, posting notices about the “FBI Moneypak Virus” and instructions on how to remove it. Spyware, spybot and other companies also posted warnings and advisories about the problem.

Officials with Geek Squad, Best Buy electronics company’s computer fixit shop, said the software is accurately described as a “ransomware, “which states the user’s computer is locked and requires payment via Moneypak cards.”

The company declined to comment on the number of cases its technicians have seen.

“We do encourage individuals to take the proper precautions, because it is dangerous from the perspective that if individuals purchase Moneypak cards and pay the ransom they have no way of getting the money back or filing a claim,” the company statement said.

The Kansas Better Business Bureau also is warning about the situation. And Agence France-Presse noted the worldwide impact of the scam.

“We’re getting inundated with complaints,” Donna Gregory of the U.S. Internet Crime Complaint Center said of the “Reventon ransomware.”

“Some people have actually paid the so-called fine,” she told AFP.

SOURCE

34.519940 -105.870090

Anonymous Invades Turkish Police, Intelligence Websites

International hacking organization Anonymous crashed websites belonging to the Turkish police and intelligence Thursday.

 IsraelNationalNews

By Rachel Hirshfeld

First Publish: 7/19/2012, 5:18 PM

Websites

Reuters

International hacking organization Anonymous crashed websites belonging to the Turkish police and intelligence Thursday in a show of support for the socialist RedHackgroup, Hurriyet daily news reported.

The website www.egm.gov.tr, which belongs to the Turkish Police Directorate, was rendered inaccessible, while the website of Turkey’s National Intelligence Agency (MİT), www.mit.gov.tr, could be accessed but subpages could not load.

RedHack announced on its Twitter account that Anonymous had taken down the websites to support the socialist group, which was identified as a terroristorganization by authorities after it hacked into the Turkish Foreign Ministry servers, revealing the identities of foreign diplomatic personnel working in Turkey.

Anonymous started the hashtag #OpSupportRedHack on Twitter, announcing it was targeting Turkish government websites in a show of “solidarity” with RedHack.

34.519940 -105.870090

Homeland Security warns: Hackers targeting popular Niagara software

Published by RT

Photo from http://www.dunbarmechanical.com

 

Millions of machines and devices over the Internet are managed through Niagara Framework. Now, the Department of Homeland Security is alerting organizations around the world that the software is vulnerable to hacker attacks.

Whether you are a business, a military organization or healthcare provider using Niagara to remotely control or monitor your medical devices, elevators, video cameras and security systems, you should immediately prohibit guest users, bolster passwords and cut off direct access to the Internet. These steps may prevent hackers from exploiting your configuration and software flaws, cybersecurity officials warned on Friday, according to the Washington Post.

The alert comes hot on the heels of Thursday’s report by the same newspaper describing the vulnerabilities of the Niagara software that were discovered by two security specialists, Billy Rios and Terry McCorkle. According to the report, potential intruders could access files containing user names and passwords using a common hacker technique known as “directory traversal attack.”

In a private alert, Niagara’s maker, the Richmond-based company Tridium, warned its customers last week about these potential security issues. It was only last Thursday that it first came up with a public alert – months after it was first notified of the potential problem.

Tridium’s parent company, Honeywell, issued its own statement on Friday in response to the alert.

“We’ve released a security alert guiding our customers how to verify that their system is properly configured to protect against directory traversal. In addition, we will soon be providing a software update that hardens those settings against inadvertent user changes,” says the statement.

In a blog post cited in the department’s cyberalert, Rios praised the DHS for its efforts but criticized Tridium for the delay. DHS officials explained, however, that they had delayed the warning to allow Tridium to work on fixing the problems.

34.519940 -105.870090

Persian-Language Cyber Attacks on Iran Dubbed ‘Muslim Messiah’

An Israeli security firm says an ongoing cyber attack aimed mainly at Iran uses Persian and is named after the “Muslim Messiah.”

 IsraelNationalNews

By Tzvi Ben Gedalyahu

First Publish: 7/17/2012, 10:13 PM

Computer

Israel news photo: Flash 90

An Israeli security firm says an ongoing cyber attack aimed mainly at Iran uses Persian language communications and is named after Mahdi, the “Muslim Messiah.”

Seculert, based in Israel, and Russia’s Kaspersky Lab said on Tuesday that they identified more than 800 victims of the operation, Reutersreported. “The targets include critical infrastructure companies, engineering students, financial services firms and government embassies located in five Middle Eastern countries, with the majority of the infections in Iran,” according to the news service.

The cyber attack malware is believed to have begun approximately eight months ago, and whoever is behind it is “for sure somebody who is fluent in Persian,” said Seculert Chief Technology Officer Aviv Raff.

Scarlet and Kaspersky say the Trojan is called “Madhi,” a word that refers to the ultimate redeemer of Islam, because the cyber attackers used a folder with that name.”In Islamic eschatology, the Mahdi is the prophesied redeemer of Islam who will rule for seven, nine or 19 years before the Day of Judgment and will rid the world of wrongdoing, injustice and tyranny. In Islam Ahmadiyya, the terms ‘Messiah’ and ‘Mahdi,’” according to Wikipedia.

“The Mahdi Trojan lets remote attackers steal files from infected PCs and monitor emails and instant messages,” according to Reuters, which quoted the two companies. “It can also record audio, log keystrokes and take screen shots of activity on those computers.”

It is not certain whether individuals or countries are behind the malicious software, while the Flame virus discovered last year was attributed to a country or countries. Israel and/or the United States frequently has been considered the source.

Seculert said that is was able to track variants of malware last December. “The malware communicated with the same domain name, but the server was located in Tehran,” the firm stated on its website.

After Kapersky announced in May it had discovered the Flame virus, Seculert contacted the Russian company.

“We collaborated in the weeks that followed [and] we were able to identify over 800 victims,” the Israeli security firm added. “While we couldn’t find a direct connection between the campaigns, the targeted victims of Mahdi include critical infrastructure companies, financial services and government embassies, which are all located in Iran, Israel and several other Middle Eastern countries.”

Kaspersky explained in a blog post that one of the PowerPoint variants displays “a series of calm, religious themed, serene wilderness, and tropical images, confusing the user into running the payload on their system….

“[W]hile PowerPoint presents users a dialog that the custom animation and activated content may execute a virus, not everyone pays attention to these warnings or takes them seriously, and just clicks through the dialog, running the malicious dropper.”

34.519940 -105.870090

DEFENSE SECRETARY: CYBERATTACKS HAVE ‘THE POTENTIAL FOR ANOTHER PEARL HARBOR’

THEBLAZE

  Liz Klimas

Defense Secretary Leon Panetta speaks with a congressional subcommittee on budget cuts Wednesday. (Photo: DOD/Glenn Fawcett)

In pleading with Congress Wednesday against automatic defense budget cuts, Defense Secretary Leon Panetta also warned of another crippling situation like Pearl Harbor. It won’t come in the form of bombers and torpedo planes though but as hackers and worms of the cyber variety with the ability to cripple U.S. infrastructure.

CNS News reports Panetta saying that those with the capability to launch a cyberattack would be able to “paralyze” the United States. Sen. Lindsey Graham (R-S.C.) asked Panetta to clarify:

“You said something that just kind of went over everybody’s head, I think, that there’s a Pearl Harbor in the making here. You’re talking about shutting down financial systems, releasing chemicals from chemical plants, releasing water from dams, shutting down power systems that can affect the very survival of the nation. What’s the likelihood in the next five years that one of these major events will occur?”

To this Panetta responded simply by saying that the “technological capability” to send our country into a mode like that of Pearl Harbor in a surprise attack is already available now. Panetta’s references to “the next Pearl Harbor” echo sentiments he shared last year with regard to cyberattacks, according to CNS news.

In June 2011, while being confirmed as Defense Secretary, Panetta said to the panel, “The next Pearl Harbor we confront could very well be a cyber attack that cripples our power systems, our grid, our security systems, our financial systems, our governmental systems.”

Continuing to probe on Wednesday, Graham asked about the risk level, which Panetta said was high, especially as the technology develops and the “will” to use it becomes more apparent.

“I’m very concerned that the potential in cyber to be able to cripple our power grid, to be able to cripple our government systems, to be able to cripple our financial system would virtually paralyze this country,” Panetta said. “And, as far as I’m concerned, that represents the potential for another Pearl Harbor as far as the kind of attack that we could be the target of using cyber.”

Those in the United States — both the government and private industry — are already the targets of thousands of attacks per day, according to Panetta. With that, he notes the importance of improving safety of systems in not only the defense sector but the private sector as well.

(Related: ‘Counterterrorism czar’ says every U.S. company has been infiltrated by China)

Earlier this year, the Cyber Intelligence Sharing Protection Act (CISPA) was introduced as proposed legislation that would put in place the infrastructure for private companies to share information with the federal government on the Internet to help prevent electronic attacks from cybercriminals, foreign governments and terrorists. The Cybersecurity Act of 2012, sponsored by Sens. Joseph Lieberman (I-Conn.) and Susan Collins (R-Maine) was mentioned as well. At this point, CISPA has been passed with bipartisan support in the House and still awaits a Senate vote. The Cybersecurity Act of 2012 has not yet been voted upon.

CISPA has been met with some backlash with those against the proposed legislation saying the language is overly broad and they fear violations of the anti-trust law by the government.

Chairman of the Joint Chiefs of Staff Gen. Martin Dempsey weighed in his support of CISPA during Wednesday’s hearing but also said the military is looking to develop “rules of engagement” to respond to cyberattacks and threats, according to CNS News.

Watch CNS’ footage of the dialogue here:

http://cnsnews.com/sites/all/modules/contrib/flowplayer/flowplayer/flowplayer.swf

The Pentagon faces cuts of about $500 billion in projected spending over 10 years on top of the $492 billion that President Barack Obama and congressional Republicans already agreed to in last summer’s deficit-cutting budget.

Dempsey said the cuts would mean fewer troops, the possible cancellation of major weapons and the disruption of operations around the world.

The Associated Press contributed to this report. 

34.519940 -105.870090

Israel Encrypts UAVs As Cyberwar Widens

 

 

http://www.upi.com

 

---

 

Israel’s military is expected shortly to take delivery of an advanced model of the Skylark 1 unmanned aerial vehicle that will be equipped with electronic jammers that will block efforts to intercept surveillance data.

The move comes amid a sharp escalation in Israel’s cyber operations against Iran’s highly secret nuclear program, which the Jewish state believes is aimed at developing nuclear weapons, and growing Iranian expertise in counter-measures.

A senior officer in Israel’s military intelligence warned Monday Israel’s foes were stepping up their efforts to gather electronic intelligence on Israel’s armed forces and military capabilities, The Jerusalem Post reported.

“We’re seeing an improvement by the other side in its ability to gather intelligence … the ability of a number of groups with varying capabilities to work against us,” the officer said.

The 13-pound Skylark 1, developed by Elbit Systems, one of Israel’s top electronic warfare specialists, has been supplied to army battalions as part of the Sky Rider Program aimed at providing combat unit commanders with real-time aerial surveillance capabilities.

The Skylark operation is part of a military-wide process to encrypt UAVs amid growing indications Israel’s enemies can now hack into surveillance signals.

That process was initiated in 2010 after it became evident Hezbollah, the Iranian-backed Shiite movement in Lebanon and one of Israel’s most formidable foes, had succeeded in intercepting Israeli drone data.

This was used to ambush an Israeli Special Forces raid inside Lebanon in September 1997.

When the Israeli commandoes of Flotilla 13, the navy’s Special Operations unit, were ambushed near Ansariya in south Lebanon, the military believed Hezbollah had gotten lucky but did not have any advance warning of the raid.

Eleven of the raiders, including the unit commander, Lt. Col. Yossi Korakin, were killed in a running battle. The handful of survivors were rescued by helicopters.

It wasn’t until August 2010, when Hezbollah leader Hassan Nasrallah, claiming Israel had been involved in the February 2005 assassination of former Lebanese Prime Minister Rafik Hariri, publicly unveiled surveillance footage from an Israeli UAV in operation at the time of the Ansariya raid.

The Israeli military concluded the footage Hezbollah showed was genuine and had been intercepted during Israeli surveillance of the target zone prior to the actual nighttime raid that Hezbollah hailed as a major victory.

Nasrallah also displayed what he said were Israeli aerial surveillance tapes of routes used by Hariri between his Beirut residence and Parliament, claiming these indicated Israeli involvement in the assassination of Lebanon’s most prominent statesman.

A U.N.-mandated special tribunal has indicted four members of Hezbollah, including two senior figures, for the suicide bombing that killed Hariri and 22 other people.

Hezbollah’s ability to intercept Israeli UAV surveillance data undoubtedly benefited from major technological support provided by intelligence units of Iran’s Islamic Revolutionary Guard Corps, which maintains cells in Lebanon and inside Hezbollah.

The Shiite movement, which fought the Israeli army to a standstill in a 34-day war in the summer of 2006, is armed and heavily funded by Tehran.

Iran is Israel’s primary adversary in the ever-expanding intelligence war and has been targeted in several cyberattacks, widely blamed on Israel and the United States, that began in 2009.

These began with the Stuxnet computer worm that sabotaged Iran’s uranium enrichment process at its Natanz facility.

The most recent attack attributed to U.S.-Israeli intelligence was in April, when a more advanced super-virus, dubbed W.32 Flame, hit the control systems of Iran’s oil export terminals.

Cyber experts say Flame, the most complex computer worm so far detected, is able to steal vast amounts of data.

U.S. officials say the cyberattacks are part of a systematic offensive by the U.S. Central Intelligence Agency and Israel’s intelligence establishment against Iran.

But the Iranians are clearly making major advances in their cyber capabilities, suggesting Israel — and the United States — face a more sophisticated foe.

Iran captured an advanced U.S. UAV in December 2011, claiming it hacked into the craft’s GPS guidance system and forced it to land.

The CIA-operated RQ-170 Sentinel is one of the United States’ most valuable intelligence assets, crammed with advanced electronic systems.

Gen. Amir Ali Hajisadeh, commander of the IRGC’s aerospace division, said April 23 his teams had cracked the U.S. codes and were building an Iranian version of the spy craft.

34.519940 -105.870090

Cyber War: North Korea Is Getting Dangerously Good At Knocking Out Networks

Walter Hickey

 

AP

North Korea’s abilities to wage a devastating cyber war are behind only those of the United States and Russia, after the isolated nation has devoted more than thirty years toward development and research, a South Koreanexpert has claimed. 

All that prep is finally paying off for the North Koreans. 

That declaration, by information security  professor Lee Dong-hoon, comes in the wake of two weeks of devastating attacks on GPS signals which interfered with signals throughout the Korean peninsula.

The GPS jamming, which was carried out unabated by North Korea’s Reconnaissance General Bureau, were carried out from April 28 to May 13, Stars and Stripes reported. 

That agency is quickly becoming the bane of the world’s cyber-defense industry. 

The Reconnaissance General Bureau is the overseer of all North Korean sabotage and espionage operations, and has been recruiting and training a generation of cyber warriors. The bureau has developed a nurturing mentality toward information disruption specialists, creating one of the most dominant digital warfare groups on the planet.

They’ve made a culture of hacking.

The Bureau has units devoted to cyber attacks on the South Korean military, propaganda dissemination across the greater internet, and hacking operations.

This isn’t the first time they’ve landed success ful hits, not by a long shot.

In 2009, South Korean military sites suffered a massive Distributed Denial of Service (DDoS) attack, an cyber strategy wherein a group of antagonists bombard a target website with such a volume of hits and requests that the site is knocked down, rendering it unusable for people who actually need it.

That attack, likely carried out by Pyongyang Computer Technology University, knocked out 26 South Korean and foreign governmental websites.

But this latest attack had sweeping, real-world impacts.

The latest hit, against the GPS signal in South Korea, cause national disruption and confusion in air traffic control and maritime transit. Moreover, the North Korans have been devoted to hacking South Korean defense systems, and their dedication is still causing problems.

The South Korean military remains woefully unprepared for mounting counterattacks in this active cyber war.

They don’t even have a cyber unit, training, or command, and what they do have in the information security sector amounts to recruits from telecom colleges.

With them up against an adversary with a culture of cyber war ingrained in their strategy, on their own the South Koreans are woefully out-gunned on that front.

Read more: http://www.businessinsider.com/cyber-war-north-korea-is-getting-dangerously-good-at-knocking-out-networks-2012-6#ixzz1xGn0aq3B

34.519940 -105.870090