Category Archives: Computer Viruses

NSA to hackers: We’re not prepared for major attack

Posted on by
Reply

Published: RT

National Security Agency Director Gen. Keith Alexander (Chip Somodevilla/Getty Images/AFP)

National Security Agency Director Gen. Keith Alexander (Chip Somodevilla/Getty Images/AFP)

TAGS: InternetInformation TechnologySecurity

 

On a scale of one to 10, American readiness to deflect a major cyber-attack on its infrastructure is “around three,” head of the National Security Agency and the US Cyber Command said in a rare speech at a hacker conference.

General Keith B. Alexander was attending on Thursday the Aspen Security Forum at the Aspen Institute, a major cyber-security event held for the 20th time this year.

The general said the US saw a 17-fold increase in computer attacks on its power grids, water utilities and other key facilities between 2009 and 2011. He said criminal gangs, hackers and foreign nations were responsible for the attacks.

The collective blame for the weakness lies with both the government and the IT industry, he said, even though it was the rapid development of technology that put America at cyber risk. He called for the two groups to work better as a team to address the issue.

Alexander advocated the passage of legislation, which would enable the NSA to set security standards for information infrastructure. The general expects “voluntary incentivized [sic] compliance” of those future standards. Earlier some civil rights croups expressed concerns about some of the cyber bills currently under consideration in the Congress over possible adverse effect on privacy they may cause.

As compared to the defensive part, Alexander said the US is “a little bit better” prepared to take military cyber action against possible targets. He said Cyber Command did perform those and that it is up to the president to decide on carrying out such operations.

At the same time he declined to comment on whether the US is behind StuxNet virus, which damaged Iranian uranium-enrichment facilities, and the Flame virus, which was engaged in a major sophisticated spying operation in the Middle East.

Homeland Security warns: Hackers targeting popular Niagara software

Posted on by
Reply

Published by RT

 

Millions of machines and devices over the Internet are managed through Niagara Framework. Now, the Department of Homeland Security is alerting organizations around the world that the software is vulnerable to hacker attacks.

Whether you are a business, a military organization or healthcare provider using Niagara to remotely control or monitor your medical devices, elevators, video cameras and security systems, you should immediately prohibit guest users, bolster passwords and cut off direct access to the Internet. These steps may prevent hackers from exploiting your configuration and software flaws, cybersecurity officials warned on Friday, according to the Washington Post.

The alert comes hot on the heels of Thursday’s report by the same newspaper describing the vulnerabilities of the Niagara software that were discovered by two security specialists, Billy Rios and Terry McCorkle. According to the report, potential intruders could access files containing user names and passwords using a common hacker technique known as “directory traversal attack.”

In a private alert, Niagara’s maker, the Richmond-based company Tridium, warned its customers last week about these potential security issues. It was only last Thursday that it first came up with a public alert – months after it was first notified of the potential problem.

Tridium’s parent company, Honeywell, issued its own statement on Friday in response to the alert.

“We’ve released a security alert guiding our customers how to verify that their system is properly configured to protect against directory traversal. In addition, we will soon be providing a software update that hardens those settings against inadvertent user changes,” says the statement.

In a blog post cited in the department’s cyberalert, Rios praised the DHS for its efforts but criticized Tridium for the delay. DHS officials explained, however, that they had delayed the warning to allow Tridium to work on fixing the problems.

Persian-Language Cyber Attacks on Iran Dubbed ‘Muslim Messiah’

Posted on by
Reply

An Israeli security firm says an ongoing cyber attack aimed mainly at Iran uses Persian and is named after the “Muslim Messiah.”

By Tzvi Ben Gedalyahu

First Publish: 7/17/2012, 10:13 PM
Computer

Computer
Israel news photo: Flash 90

An Israeli security firm says an ongoing cyber attack aimed mainly at Iran uses Persian language communications and is named after Mahdi, the “Muslim Messiah.”

Seculert, based in Israel, and Russia’s Kaspersky Lab said on Tuesday that they identified more than 800 victims of the operation, Reutersreported. “The targets include critical infrastructure companies, engineering students, financial services firms and government embassies located in five Middle Eastern countries, with the majority of the infections in Iran,” according to the news service.

The cyber attack malware is believed to have begun approximately eight months ago, and whoever is behind it is “for sure somebody who is fluent in Persian,” said Seculert Chief Technology Officer Aviv Raff.

Scarlet and Kaspersky say the Trojan is called “Madhi,” a word that refers to the ultimate redeemer of Islam, because the cyber attackers used a folder with that name.”In Islamic eschatology, the Mahdi is the prophesied redeemer of Islam who will rule for seven, nine or 19 years before the Day of Judgment and will rid the world of wrongdoing, injustice and tyranny. In Islam Ahmadiyya, the terms ‘Messiah’ and ‘Mahdi,’” according to Wikipedia.

“The Mahdi Trojan lets remote attackers steal files from infected PCs and monitor emails and instant messages,” according to Reuters, which quoted the two companies. “It can also record audio, log keystrokes and take screen shots of activity on those computers.”

It is not certain whether individuals or countries are behind the malicious software, while the Flame virus discovered last year was attributed to a country or countries. Israel and/or the United States frequently has been considered the source.

Seculert said that is was able to track variants of malware last December. “The malware communicated with the same domain name, but the server was located in Tehran,” the firm stated on its website.

After Kapersky announced in May it had discovered the Flame virus, Seculert contacted the Russian company.

“We collaborated in the weeks that followed [and] we were able to identify over 800 victims,” the Israeli security firm added. “While we couldn’t find a direct connection between the campaigns, the targeted victims of Mahdi include critical infrastructure companies, financial services and government embassies, which are all located in Iran, Israel and several other Middle Eastern countries.”

Kaspersky explained in a blog post that one of the PowerPoint variants displays “a series of calm, religious themed, serene wilderness, and tropical images, confusing the user into running the payload on their system….

“[W]hile PowerPoint presents users a dialog that the custom animation and activated content may execute a virus, not everyone pays attention to these warnings or takes them seriously, and just clicks through the dialog, running the malicious dropper.”

Experts: U.S. Cyber War on Iran Has Just Begun

Posted on by
Reply

Experts believe a U.S. cyber war against Iran’s nuclear program has only just begun and could escalate.

By Elad Benari, Canada

First Publish: 7/14/2012, 2:15 AM
Hackers (illustrative)

Hackers (illustrative)
Flash90

A U.S. cyber war against Iran’s nuclear program may have only just begun and could escalate with explosions triggered by digital sabotage, experts told AFP on Friday.

Although the Iranian regime remains vulnerable to more cyber attacks in the aftermath of the Stuxnet wormthat disrupted its uranium enrichment work, Tehran may be receiving help from Russian proxies for its digital security, some analysts said.

According to David Albright, president of the Institute for Science and International Security, the Islamic Republic’s nuclear program is “really not that well protected” from more digital assaults and Iran will be hard-pressed to safeguard its uranium enrichment efforts from tainted software.

“With Stuxnet, they lost about a year. And it caused a lot of confusion. They really didn’t know what hit them,” Albright told AFP. “It looks like a viable way to disrupt their program.”

The United States, which reportedly masterminded the Stuxnet operation along with Israel, has every incentive to press ahead with a cyber campaign to undermine Iran’s atomic ambitions, according to analysts.

The next cyber attack, possibly in combination with more traditional spycraft, could shut off valves or issue incorrect orders that might cause an explosion at a sensitive site.

“I think that it could get more violent,” Albright told AFP. “I would expect more facilities to blow up.”

“There is of course the possibility of sending in a team to modify a system in a way that would make it vulnerable, and then use a cyber weapon at a later date as a trigger event,” said David Lindahl, research engineer at the Swedish Defense Research Agency.

A new wave of cyber attacks could involve inserting hardware with infected chips into the industrial process, possibly through an agent or a duped employee, or penetrating diagnostic software used to gauge uranium enrichment or other work, Lindahl toldAFP.

Some cyber security experts suspect Russian proxies could be assisting Iran with its digital defenses, and possibly helped Tehran trace the origins of Stuxnet.

“The part that we probably miscalculated on in Stuxnet was the (possible) assistance of the Russians in attribution,” James Lewis, senior fellow at the Center for Strategic and International Studies, told AFP.

“The Iranians never would have figured this out on their own,” he added.

The elaborate Stuxnet malware, which was reportedly introduced using a thumb drive, contained malicious code that caused centrifuges used to enrich uranium to spin out of control. The worm, meanwhile, sent back signals to operators indicating the centrifuges were operating normally.

After the malware was discovered in 2010, at least a thousand centrifuges had to be removed and analysts estimate Tehran’s program was set back by at least a year.

AFP noted that U.S. officials clearly view the risks associated with digital strikes as dwarfed by the dangers of an all-out war with Iran.

Bombing raids are “more likely to explode the region and certainly could lead to a conflict with Iran, and that would be very messy,” said Lewis. “Cyber is much cleaner.”

Another sophisticated computer virus, Flame, struck Iranian computer systems in May. The virus collected critical intelligence in preparation for cyber-sabotage attacks aimed at slowing Iran’s ability to develop a nuclear weapon.

Iran admitted that its oil industry was briefly affected by Flame, but claimed that Iranian experts had detected and defeated the virus.

Security researchers later said that they found a direct link between the Stuxnet worm and Flame, indicating that the two teams cooperated and collaborated. Western officials claimed that the U.S. and Israel jointly developed Flame.

(Arutz Sheva’s North American Desk is keeping you updated until the start of Shabbat in New York. The time posted automatically on all Arutz Sheva articles, however, is Israeli time.)

Pentagon Says Bureaucracy Is Getting In The Way Of Cyber Defense

Posted on by
Reply

The current head of the Pentagon‘s cyber attack response team told the American Enterprise Institute that war is coming, and that the United Statesremains unprepared for the worst. 

General Keith Alexander said he expects that cyberattacks will soon become legitimately destructive at the rate they’re outpacing the United States defenses.

There’s one big problem holding all of this back, according to Alexander.

The responsibility to defend and respond to cyber attacks lies variously with the FBI, Homeland Security, and the Department of Defense.

Alexander said that unless Congress consolidates that sprawling cyber-defense infrastructure, the U.S. will not be able to fend off the increasingly likely major successful attack.

What’s the kicker from the speech is this: all that stands between the United States and the coordinated attacks on it is a sprawling, disorganized group of feds without a centralized command and each working for different goals.

And worst of all, the only entity that can solve it is Congress.

Read more: http://www.businessinsider.com/pentagon-says-bureaucracy-is-getting-in-the-way-of-cyber-defense-2012-7#ixzz20NfPrNdY

DEFENSE SECRETARY: CYBERATTACKS HAVE ‘THE POTENTIAL FOR ANOTHER PEARL HARBOR’

Posted on by
Reply

Defense Secretary Leon Panetta Says Cyberattacks Could Paralyze the Country Like Another Pearl Harbor

Defense Secretary Leon Panetta speaks with a congressional subcommittee on budget cuts Wednesday. (Photo: DOD/Glenn Fawcett)

In pleading with Congress Wednesday against automatic defense budget cuts, Defense Secretary Leon Panetta also warned of another crippling situation like Pearl Harbor. It won’t come in the form of bombers and torpedo planes though but as hackers and worms of the cyber variety with the ability to cripple U.S. infrastructure.

CNS News reports Panetta saying that those with the capability to launch a cyberattack would be able to “paralyze” the United States. Sen. Lindsey Graham (R-S.C.) asked Panetta to clarify:

“You said something that just kind of went over everybody’s head, I think, that there’s a Pearl Harbor in the making here. You’re talking about shutting down financial systems, releasing chemicals from chemical plants, releasing water from dams, shutting down power systems that can affect the very survival of the nation. What’s the likelihood in the next five years that one of these major events will occur?”

To this Panetta responded simply by saying that the “technological capability” to send our country into a mode like that of Pearl Harbor in a surprise attack is already available now. Panetta’s references to “the next Pearl Harbor” echo sentiments he shared last year with regard to cyberattacks, according to CNS news.

In June 2011, while being confirmed as Defense Secretary, Panetta said to the panel, “The next Pearl Harbor we confront could very well be a cyber attack that cripples our power systems, our grid, our security systems, our financial systems, our governmental systems.”

Continuing to probe on Wednesday, Graham asked about the risk level, which Panetta said was high, especially as the technology develops and the “will” to use it becomes more apparent.

“I’m very concerned that the potential in cyber to be able to cripple our power grid, to be able to cripple our government systems, to be able to cripple our financial system would virtually paralyze this country,” Panetta said. “And, as far as I’m concerned, that represents the potential for another Pearl Harbor as far as the kind of attack that we could be the target of using cyber.”

Those in the United States — both the government and private industry — are already the targets of thousands of attacks per day, according to Panetta. With that, he notes the importance of improving safety of systems in not only the defense sector but the private sector as well.

(Related: ‘Counterterrorism czar’ says every U.S. company has been infiltrated by China)

Earlier this year, the Cyber Intelligence Sharing Protection Act (CISPA) was introduced as proposed legislation that would put in place the infrastructure for private companies to share information with the federal government on the Internet to help prevent electronic attacks from cybercriminals, foreign governments and terrorists. The Cybersecurity Act of 2012, sponsored by Sens. Joseph Lieberman (I-Conn.) and Susan Collins (R-Maine) was mentioned as well. At this point, CISPA has been passed with bipartisan support in the House and still awaits a Senate vote. The Cybersecurity Act of 2012 has not yet been voted upon.

CISPA has been met with some backlash with those against the proposed legislation saying the language is overly broad and they fear violations of the anti-trust law by the government.

Chairman of the Joint Chiefs of Staff Gen. Martin Dempsey weighed in his support of CISPA during Wednesday’s hearing but also said the military is looking to develop “rules of engagement” to respond to cyberattacks and threats, according to CNS News.

Watch CNS’ footage of the dialogue here:

http://cnsnews.com/sites/all/modules/contrib/flowplayer/flowplayer/flowplayer.swf

The Pentagon faces cuts of about $500 billion in projected spending over 10 years on top of the $492 billion that President Barack Obama and congressional Republicans already agreed to in last summer’s deficit-cutting budget.

Dempsey said the cuts would mean fewer troops, the possible cancellation of major weapons and the disruption of operations around the world.

The Associated Press contributed to this report. 

Israel Encrypts UAVs As Cyberwar Widens

Posted on by
Reply

 


 

http://www.upi.com

 

 

Israel’s military is expected shortly to take delivery of an advanced model of the Skylark 1 unmanned aerial vehicle that will be equipped with electronic jammers that will block efforts to intercept surveillance data.

The move comes amid a sharp escalation in Israel’s cyber operations against Iran’s highly secret nuclear program, which the Jewish state believes is aimed at developing nuclear weapons, and growing Iranian expertise in counter-measures.

A senior officer in Israel’s military intelligence warned Monday Israel’s foes were stepping up their efforts to gather electronic intelligence on Israel’s armed forces and military capabilities, The Jerusalem Post reported.

“We’re seeing an improvement by the other side in its ability to gather intelligence … the ability of a number of groups with varying capabilities to work against us,” the officer said.

The 13-pound Skylark 1, developed by Elbit Systems, one of Israel’s top electronic warfare specialists, has been supplied to army battalions as part of the Sky Rider Program aimed at providing combat unit commanders with real-time aerial surveillance capabilities.

The Skylark operation is part of a military-wide process to encrypt UAVs amid growing indications Israel’s enemies can now hack into surveillance signals.

That process was initiated in 2010 after it became evident Hezbollah, the Iranian-backed Shiite movement in Lebanon and one of Israel’s most formidable foes, had succeeded in intercepting Israeli drone data.

This was used to ambush an Israeli Special Forces raid inside Lebanon in September 1997.

When the Israeli commandoes of Flotilla 13, the navy’s Special Operations unit, were ambushed near Ansariya in south Lebanon, the military believed Hezbollah had gotten lucky but did not have any advance warning of the raid.

Eleven of the raiders, including the unit commander, Lt. Col. Yossi Korakin, were killed in a running battle. The handful of survivors were rescued by helicopters.

It wasn’t until August 2010, when Hezbollah leader Hassan Nasrallah, claiming Israel had been involved in the February 2005 assassination of former Lebanese Prime Minister Rafik Hariri, publicly unveiled surveillance footage from an Israeli UAV in operation at the time of the Ansariya raid.

The Israeli military concluded the footage Hezbollah showed was genuine and had been intercepted during Israeli surveillance of the target zone prior to the actual nighttime raid that Hezbollah hailed as a major victory.

Nasrallah also displayed what he said were Israeli aerial surveillance tapes of routes used by Hariri between his Beirut residence and Parliament, claiming these indicated Israeli involvement in the assassination of Lebanon’s most prominent statesman.

A U.N.-mandated special tribunal has indicted four members of Hezbollah, including two senior figures, for the suicide bombing that killed Hariri and 22 other people.

Hezbollah’s ability to intercept Israeli UAV surveillance data undoubtedly benefited from major technological support provided by intelligence units of Iran’s Islamic Revolutionary Guard Corps, which maintains cells in Lebanon and inside Hezbollah.

The Shiite movement, which fought the Israeli army to a standstill in a 34-day war in the summer of 2006, is armed and heavily funded by Tehran.

Iran is Israel’s primary adversary in the ever-expanding intelligence war and has been targeted in several cyberattacks, widely blamed on Israel and the United States, that began in 2009.

These began with the Stuxnet computer worm that sabotaged Iran’s uranium enrichment process at its Natanz facility.

The most recent attack attributed to U.S.-Israeli intelligence was in April, when a more advanced super-virus, dubbed W.32 Flame, hit the control systems of Iran’s oil export terminals.

Cyber experts say Flame, the most complex computer worm so far detected, is able to steal vast amounts of data.

U.S. officials say the cyberattacks are part of a systematic offensive by the U.S. Central Intelligence Agency and Israel’s intelligence establishment against Iran.

But the Iranians are clearly making major advances in their cyber capabilities, suggesting Israel — and the United States — face a more sophisticated foe.

Iran captured an advanced U.S. UAV in December 2011, claiming it hacked into the craft’s GPS guidance system and forced it to land.

The CIA-operated RQ-170 Sentinel is one of the United States’ most valuable intelligence assets, crammed with advanced electronic systems.

Gen. Amir Ali Hajisadeh, commander of the IRGC’s aerospace division, said April 23 his teams had cracked the U.S. codes and were building an Iranian version of the spy craft.


OH NO YOU DIDN’T: MOSSAD AGENTS CLAIM OBAMA LYING ABOUT STUXNET

Posted on by
1

Israeli officials who were placed at risk by the Obama administration’s leaks about the Stuxnet virus are disputing American claims that the cyber-weapon was jointly developed by the U.S. and Israel. Rather, they say, Israeli intelligence first started developing cyberspace warfare against Iran, only convincing the U.S.–with some difficulty–to join in. The Israelis allege that President Barack Obama claimed credit for Stuxnet to boost his re-election campaign.

The source for the new claim is Yossi Melman, a journalist for Israel’s left-wingHa’aretz daily (via Israel Matzav):

The Israeli officials actually told me a different version. They said that it was Israeli intelligence that began, a few years earlier, a cyberspace campaign to damage and slow down Iran’s nuclear intentions. And only later they managed to convince the USA to consider a joint operation — which, at the time, was unheard of. Even friendly nations are hesitant to share their technological and intelligence resources against a common enemy…

Yet my Israeli sources understand the sensitivity and the timing of the issue and are not going to be dragged into a battle over taking credit. “We know that it is the presidential election season,” one Israeli added, ”and don’t want to spoil the party for President Obama and his officials, who shared in a twisted and manipulated way some of the behind-the-scenes secrets of the success of cyberwar.”

The Obama administration’s pattern of leaks to mainstream media outlets–of which the Stuxnet virus is only one example–prompted bipartisan outrage from Congress and the appointment of two special prosecutors. While the leaks jeopardized U.S. national security–allegedly for the political purpose of burnishing President Obama’s image as commander-in-chief–they may also have been exaggerated, if the new reports from Israel are accurate.

Computer Experts Discover Flame and Stuxnet Related

Posted on by
1

Posted by 

Kurt Nimmo
Infowars

If research conducted by Kaspersky Labs is correct, the Flame virus is related to a previous malware virus developed by Israel and the United States.

Alexander Gostev, an expert at Kaspersky Labs, said in an email that the Russian cyber security software company discovered a similarity between a subset of the code used in Flame and code used in the Stuxnet virus.

Stuxnet was developed collaboratively between Israel and the United States for the explicit purpose of disabling computer networks in Iran, although Israeli intelligence denies this, according to Mossad agentswho say they created the malware and Obama is taking credit for unleashing it against Iran’s fledgling nuclear program as propaganda in his re-election bid.

According to author David E. Sanger, Obama decided to accelerate cyberattacks initiated during the Bush administration. Sanger says the project’s codename was Olympic Games and it began in 2006.

Flame is described as the most sophisticated malware to date. After it infecting a Microsoft Windows computer, it can record audio and keyboard activity, take screenshots and monitor network traffic. Flame can record Skype conversations and grab data via Bluetooth from nearby devices like cellphones.

Like Stuxnet, Flame was specifically deployed on computer systems in the Middle East. Kaspersky’s research reveals that “a huge majority of targets” were within Iran.

“Currently there are three known classes of players who develop malware and spyware: hacktivists, cybercriminals and nation states,” Kaspersky’s chief malware expert Vitaly Kamluk told the BBC in late May.

“Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group… The geography of the targets and also the complexity of the threat leaves no doubt about it being a nation-state that sponsored the research that went into it.”

Over the last few years, the U.S. government has hyped an emerging cyber threat in near apocalyptic terms and the establishment media has echoed the supposed threat incessantly. The so-called defense industry – the military-industrial complex president Eisenhower warned about as he left office – has exploited the cyber threat and turned it into a multi-billion dollar industry.

Lockheed Martin, Boeing, Northrop Grumman and related defense and tech companies have vigorously lobbied the federal government about “growing cyberthreats to national security and corporate America, but they also make millions of dollars each year selling a variety of cybersecurity programs, tools and solutions to government and business,” Politico reported on May 30.

Israel and the United States – the CIA and Mossad – represent the vanguard of the emerging cyber securitythreat. Considering the history of government and its array of clandestine and self-serving false flag attacks, this reality is hardly surprising. It demonstrates that like al-Qaeda, the cyber threat is designed to create a crisis that can only be addressed by government and the military industrial complex.

Flame Virus ‘Told to Vanish’, Say Experts

Posted on by
Reply

U.S. computer security researchers say the Flame computer virus has gotten orders to vanish, leaving no trace.

By Elad Benari

First Publish: 6/11/2012, 6:45 AM
Hackers (illustrative)

Hackers (illustrative)
Flash90

U.S. computer security researchers said on Sunday that the Flame computer virus, which struck at least 600 specific computer systems in Iran, Syria, Lebanon, Egypt, Sudan,Saudi Arabia and the Palestinian Authority, has gotten orders to vanish, leaving no trace.

AFP reported that anti-virus company Symantec said in a blog post that late last week that some Flame “command-and-control servers sent an updated command to several compromised computers.”

“This command was designed to completely remove (Flame) from the compromised computers,” said the statement.

The discovery of the Flame virus immediately sparked speculation that it had been created by U.S. and Israeli security services to steal information about Iran’s controversial nuclear program.

Kaspersky Lab, one of the world’s biggest producers of anti-virus software, said the Flame virus was “about 20 times larger than Stuxnet,” the worm which was discovered in June 2010 and used against the Iranian nuclear program.

Kaspersky called the virus a “cyber-espionage worm” designed to collect and delete sensitive information, primarily in Middle Eastern countries. Experts said it was aimedat stealing Iranian-Russian blueprints, presumably of nuclear facilities.

Iran later admitted that its oil industry was briefly affected by Flame, but claimed that Iranian experts had detected and defeated the virus.

Computers infected with malware are typically programmed to reach out on the Internet to get updated orders from command servers controlled by hackers.

In this case, AFP reported, it appeared that Flame masters gave an order for the malware to vanish, leaving behind no trail that investigators might be able to follow or clues to its origin.

The self-destruct command was evidently sent after Flame was exposed and investigations commenced.

Infected computers that got the command went on to delete an array of files and then cram disks with random characters to thwart recovery of original code, according to security researchers cited by AFP. It was unknown how many infected computers received the self-destruct command.