Hayden: Russian cyber sophistication derives from criminal groups

Russia is one of the most sophisticated nation-states in cyberspace in part because of its ability to enlist cyber-criminal groups to do its bidding, said retired Gen. Michael Hayden, former head of the CIA and National Security Agency.

“The Chinese have scale, the Russians have skill,” Hayden said May 24 at a conference in Washington hosted by Gigamon. That assessment echoes what Adm. Michael Rogers, the current NSA director, has told Congress.

Hayden likened Russian President Vladimir Putin’s alleged sponsorship of criminal hackers to the patronage Don Vito Corleone provides associates in the popular film The Godfather.

“Don Vladimir has allowed the criminal gangs to survive and flourish without legal interference as long as they go outward,” Hayden said. “And from time to time the Don then has need of their services.”

Analysts and U.S. lawmakers have pointed to close ties between the Russian government and cybercriminal groups to the point of blurring the lines of attribution. Some have blamed Russia for a December hack of the Ukrainian power grid, which affected 225,000 customers.

The different bilateral relationships Washington has with Moscow and Beijing have dictated different U.S. policy responses to alleged state-sponsored cyber operations.

The U.S. and China last September agreed to not “knowingly support cyber-enabled theft of intellectual property,” something U.S. lawmakers have long accused China of doing. But with the U.S. government already heavily sanctioning Russia, such a bilateral agreement with Moscow seems unlikely.

“The relationship with Russia is such [that] I don’t know how you do that,” Hayden said.

In an April Senate hearing, Rogers, the current NSA director, told lawmakers that of nation-states, Russia “probably has the most active criminal element with … the greatest capability.” Asked if the Russia government was doing anything to combat cyber criminals on its turf, Rogers replied with a smile, “I would only say it doesn’t appear to be getting much better.”

Analysts such as NSS Labs CEO Vikram Phatak have argued that in a relatively lawless field, the U.S. government should embrace hackers who otherwise wouldn’t pass a background check. Although U.S. military and intelligence agencies have talented personnel, they don’t have “the kind of operational experience that the Russian mob has or the Chinese mob has,” Phatak told FCW earlier this year.

When asked if the U.S. government should give its computer operatives freer rein to go after Russian targets, Hayden was circumspect. “You cannot create symmetric effects in the Russian economy compared to what they can do in our economy,” he told FCW after his remarks.

Stuxnet a ‘poster child’ for certain hacks

Hayden’s remarks underscored the legal and normative ambiguity in cyberspace.

The United States is “incredibly aggressive in the cyber domain. We steal other nations’ data,” but not for commercial gain, he said.

U.S. officials suspect Chinese hackers were behind the breach of at least 22 million U.S. government records at the Office of Personnel Management. Hayden indicated he was jealous of that data heist.

“If I could have done this against a comparable Chinese database when I was director of NSA, I would have done it in a heartbeat,” the former Air Force general said.

During his remarks, Hayden described Stuxnet, the computer worm reportedly developed by the U.S. and Israel to destroy Iran’s nuclear centrifuges, as the “poster child” for hacks with physical-world implications. He told FCW afterward that the distributed-denial-of-serviceattacks that hit the U.S. financial sector from 2011 to 2013, which were allegedly carried out by Iranian hackers, were retribution for Stuxnet.

Hayden declined to confirm or deny U.S. involvement in Stuxnet, but said the net trade off — hampered Iranian centrifuges versus financial loss inflicted by the DDOS attacks — was in U.S. interests. Banks spent tens of millions of dollars in response to those attacks, according to the FBI.

Source:  https://fcw.com/articles/2016/05/24/hayden-russia-cyber.aspx

  • 0

Anonymous Announces #OpSilence, Month-Long Attacks on Mainstream Media

Members of the Ghost Squad Hackers team, one of most active Anonymous sub-divisions, have carried out DDoS attacks on CNN and FOX News as part of a new hacktivism campaign.

Called OpSilence, the campaign’s goal is to attack all mainstream media that fails to report on the Palestine war or the true crimes happening in Syria, one of the hackers told Mic.

#OpSilence will take place during the entire month of June 2016

The operation will be run similarly to #OpIcarus, a month-long series of attacks that took place in the month of May against various banks around the world.

Any hacktivism group is welcomed to join, and the campaign comes on the heels of OpIcarus, which just ended yesterday.

Ghost Squad Hackers didn’t wait for June to start to begin their attacks, and they’ve already hit the email servers of FOX News and CNN. The group has been changing tactics lately, switching from DDoSing public websites to attacking mail servers, as they did most recently against the Bank of England.

Other hackers have taken a pro-Palestine stance before

Taking a pro-Palestine stance isn’t something strange for hackers, many others supporting this cause as well. The previous group that did so was CWA (Crackas With Attitude), whose hacked targets include CIA Director John Brennan’s personal AOL email account, FBI Deputy Director Mark Giuliano, US National Intelligence Director James Clapper, and President Barack Obama’s Senior Advisor on science and technology John Holdren.

The group is also responsible for hacking the JABS US national arrests database. They also leaked details for 2,400 US government officials, 80 Miami police officers, 9,000 DHS employees, and 20,000 FBI staffers.

Back in February, the group’s leader, a sixteen-year-old boy, was arrested in East Midlands, England.

External Source: http://www.ddosattacks.net/anonymous-announces-opsilence-month-long-attacks-on-mainstream-media/

 

Internal source:  http://news.softpedia.com/news/anonymous-announces-opsilence-month-long-attacks-on-mainstream-media-504760.shtml

  • 0

Anonymous vigilantes expose cheating firms who inflate their value on the stock market

The hackers’ collective, Anonymous, seems to be slowly changing how they do things, to the extent that one division is now hacking for trading financial reports in order to expose firms in the US and China that are trying to cheat on the stock market. This particular group of hackers goes by the name Anonymous Analytics.

According to Softpedia, the division was formed in 2011 by ex-Anonymous hackers who got tired of launching Distributed Denial of Service (DDoS) attacks and hacking into companies to make a point.

In order to find the hidden information about companies that might be inflating their values, Anonymous Analytics spend their time analysing the stock market and searching the internet for clues.  This is often done using techniques that might not be legal or ethical.  And once they have the information, this group of hackers will publish financial reports exposing companies. This has caused at least one company’s stock price to fall. So far, Anonymous Analytics has compiled publicly available financial reports on 11 firms, most of which are from China and the US.

Anonymous Analytics efforts in releasing the truth has damaged buyers’ confidence in the stocks belonging to a Chinese lottery machine service provider and games developer called REXLot Holdings.  This company along with others had inflated its revenue and the amount of cash it had from interest earned on its balance sheet before being caught by the Anonymous Analytics.

  

Bringing down stock market cheats

On 24 June 2015, Anonymous Analytics published a report on REXLot’s activities, which caused the stock price to plummet from $HK0.485 (4p, 6¢) down to $HK0.12, before the firm completely suspended its shares from trading. Bloomberg reported on the incident at the time but RexLot refused to respond despite repeated attempts.

When REXLot decided to return to the stock market on 18 April and they submitted a 53-page report about their financial status. Anonymous Analytics read the report and decided to publish a countering report. The second report was even worse and advised investors to urgently sell their stock, causing the company’s stock price to fall again by 50%.

A week after the report which exposed REXLot was released, the company had to admit in a report to the Hong Kong stock exchange that it could not honour all the bond redemptions requested by holders; which amounted to HK$1.85bn, due to the fact that it just didn’t have sufficient cash resources.

In fact, REXLot said it was trying to gain the bondholders’ consent to let it have more time to dispose of some assets in order to generate the cash needed to make the payments.

While it is a rather unusual approach for the hacking collective, Anonymous Analytics’ efforts seem to having a much greater impact than its attempts to troll Islamic State with Rick Astley music videos or DDoS-ing random companies in different countries to make a point.

Source:  http://www.ibtimes.co.uk/anonymous-vigilantes-expose-cheating-firms-who-inflate-their-value-stock-market-1562458

  • 0

Popular VPN service fights back against DDoS ransom demand

But today — a full five days before the ransom demand came due — the company struck back, going public with the demand and promising to withstand any attack criminals attempted. “We apologize for any disruption as a result of these attacks; please know that we will do everything in our power to thwart them,” the company wrote in a blog post today. “But let us reiterate: no matter what happens, we simply will not pay these garden-variety thugs.” (The line was later removed.)

It’s a common scheme for web criminals, who often see small services as more likely to comply with the demands. In recent years, similar attacks have targeted Meetup, Feedly, Fastmail, and even Greek banks, often demanding higher and higher sums the longer sites wait to pay. There are a number of paid and open-source protections against denial-of-service attacks, but unpatched servers and other devices have made it easy for criminals to keep pace, ever larger attacks in recent years.

 

Source:

http://www.theverge.com/2016/4/20/11471862/cloak-vpn-ddos-ransom-demand

  • 0

UK teen relieved after light sentence on hacking charges

A 19-year-old U.K. man said he was relieved after receiving probation for pleading guilty to four hacking-related charges in connection with a large distributed denial-of-service attack on the Metropolitan Police Service’s website.

Jordan Lee Jones, who lives in Stockton-on-Tees, U.K, pleaded guilty to four counts of impairing the function of a computer, a violation of the Computer Misuse Act of 1990.

Jones was sentenced to 12 months probation after a judge in Teeside Magistrates Court on Wednesday concluded he acted as part of a group that encouraged malicious activity but that he has since stopped.

“The reason why the judge decided to set me free was partly because since my arrest last year I made efforts to redeem myself by working with different organizations and helping them identify security flaws in their security systems,” he said via an interview over instant message on Friday.

He could have faced up to 10 years in prison.

“It has taken a lot of stress off me now,” Jones said.

Jones wrote a Python script that when used in combination with a DDoS tool called the “Low Orbit Ion Cannon” can be used to send overwhelming amounts of traffic to a website. The tool, which had widely been used in attacks perpetrated by the loose-knit group Anonymous, was used by Jones to attack the Metropolitan Police’s website in October 2013.

He was also expecting charges for taking advantage of SQL injection vulnerabilities in the website of a major bank and entertainment company, gaining internal access to their systems. But Jones said it appears those charges will be dropped since he informed the companies of the issues.

Earlier this year Jones reported several vulnerabilities to eBay that he found in its website and has continued to be an independent computer security penetration tester.

Jones was studying IT at Stockton Riverside College, but dropped his courses a few months ago to take some time off. He has since reapplied, but the college has declined his application, which he thinks might be connected to his legal situation. He said he would like to attend university.

Source: http://www.pcworld.com/article/2844892/uk-teen-relieved-after-light-sentence-on-hacking-charges.html

  • 0

Distributed Denial of Service ‘DDoS’ prevention market on big growth curve

The distributed denial of service (DDoS) prevention market is set to explode in the coming years as the frequency and intensity of attacks continues to spiral.

Infonetics Research predicts that the global market will grow 24 per cent this year. By 2016, the analyst forecasts that annual spending on DDoS prevention will reach $420m (£270m).

Currently Arbor Networks is the dominant market leader, accounting for almost 60 per cent of total revenue. But Radware is putting up a stiff challenge in the government sector, according to Infonetics.

The datacentre segment of the market is growing quickly and its worth is expected to exceed the carrier transport sector by the end of this year. The mobile networks arena is the DDoS prevention space’s fastest expanding area, with a forecast compound annual growth rate of 30 per cent for the 2011 to 2016 period.

Jeff Wilson, principal analyst for security at Infonetics, predicted that the core DDoS market players would be increasingly challenged by hosted offerings of hardware with embedded security.

He pointed to the recent Arbor Networks-Alcatel-Lucent tie-up, which saw a router from the comms vendor combined with a DDoS mitigation blade from the security specialist. Wilson also cited F5’s recent release of a datacentre firewall which incorporates DDoS prevention.

“We expect other major security vendors to build specialised security platforms with integrated DDoS prevention that will go head to head with mid-range offerings from the dedicated DDoS appliance vendors,” added Wilson.

Source: http://www.channelweb.co.uk/crn-uk/news/2190423/ddos-prevention-market-growth-curve

  • 0

Anonymous defense: DDoS attack not criminal but a digital sit-in

A lawyer representing an alleged member of the notorious, nebulous, international Internet hacktivist collective known as Anonymous will argue that a Distributed Denial of Service (DDoS) attack is not a crime, but a form of legal protest, a digital sit-in, and protected speech.

Jay Leiderman, a lawyer representing alleged Anonymous hacktivist Commander X, aka Christopher Doyon, argues that today’s DDoS attacks are the cyber equivalent of yesterday’s sit-in at the lunch counter at Woolworth’s during the civil rights movement.
Wednesday, Leiderman, speaking to TPM, said:
There’s no such thing as a DDoS attack. A DDoS is a protest, it’s a digital sit-it. It is no different than physically occupying a space. It’s not a crime, it’s speech.Nothing was malicious, there was no malware, no Trojans. This was merely a digital sit-in. It is no different from occupying the Woolworth’s lunch counter in the civil rights era.

A Distributed Denial of Service (DDoS) attack is an orchestrated attempt to make a computer resource unavailable to its intended users. Multiple users send repeated requests to a website, thus blocking the proverbial door way, lunch counter, etc.
It is important to distinguish between a voluntary DDoS attack, the type of attack Anonymous is known for, and the involuntary DDoS atack. The involuntary DDoS attack involves using “botnets” made up of slave computers infected with malware, all done without the knowledge or permission of the computer’s owner.
The voluntary type of DDoS attack is what Anonymous is known for. The voluntary DDoS attack involves a high volume of computer users all voluntarily participating, requesting information from the same targeted server in unison, and thus making the selected computer resource unavailable to intended users, just as a sit-in blocks access to a particular site or resource.
There are several similar, Anonymous related cases headed for court across the country. Whether or not a judge and jury will accept the sit-in defense remains to be seen. Yet one thing seems certain, charging those who in good conscience participated in such a relatively harmless cyber protest like a voluntary DDoS attack should not be subject to felony charges.
  • 0

Anonymous and LulzSec case: police fly to US to gather hacking evidence

British officers hope to gain more evidence to use in prosecution of UK teenagers suspected of carrying out online attacks

 

British police officers have flown to the US to gather evidence of computer hacking that could be used in the prosecution of two UK teenagers suspected of carrying out online attacks on behalf ofAnonymous and LulzSec.

Jake Davis, 18, from the Shetland Islands, and Ryan Cleary, 19, from Wickford, in Essex, will appear in January before Southwark crown court in London charged with attacks on websites including the Serious Organised Crime Agency (Soca).

While neither Davis nor Cleary were at Southwark crown court for a short hearing on Tuesday morning, Judge Nicholas Lorraine-Smith said the co-defendants would need to appear at the court for a plea and case management hearing on 27 January.

Davis, who was arrested earlier this month, and Cleary, who was arrested in June, are remanded on police bail, prohibited from accessing the internet via a computer or phone, and have restrictions on their movements.

It is believed the UK authorities are having to trawl through a large amount of forensic evidence to build their cases.

The FBI declined to comment on whether it has sought the extradition of the pair, whose arrests form part of an ongoing international investigation into a number of online attacks by members of the hacking collective Anonymous and the smaller group LulzSec.

Cleary is charged with offences under the Computer Misuse Act, including conspiring with other people to create a remotely controlled network of zombie computers, known as a “botnet”, which crashes websites. He is also alleged to have carried out attacks against Soca, the British Phonographic Industry’s website and the International Federation of the Phonographic Industry’s website, and with making, adapting or supplying a botnet for a distributed denial of services (DDoS) attack, which brings down sites by bombarding them with repeated requests to load webpages.

Davis is accused of offences under the Computer Misuse Act, the Serious Crime Act, and the Criminal Law Act, including unlawfully gathering data from NHS computers, being involved with attacks on News International and being part of an attack that crashed the Soca’s website.

LulzSec has claimed responsibility for online attacks against Soca and the Sun newspaper, as well as targeting US authorities such as the Senate and the CIA.

Peter David Gibson, a 22-year-old student from Hartlepool, was charged in connection with online attacks related to Anonymous last Thursday. US authorities have so far arrested more than 16 people there as part of their investigation into the groups.

  • 0

More protests expected after San Francisco cyberattack

San Francisco’s mass transit system prepared for renewed protests Monday, a day after hackers angry over attempts to thwart earlier protests broke into a website and posted company contact information for more than 2,000 customers.

The action by a hacker group known as Anonymous was the latest showdown between anarchists angry at perceived attempts to limit free speech and officials trying to control protests that grow out of social networking and have the potential to become violent.

Anonymous posted people’s names, phone numbers, and street and email addresses on its own website, while also calling for a disruption of the Bay Area Rapid Transit’s evening commute Monday.

BART officials said Sunday that they were working a strategy to try to block any efforts by protesters to try to disrupt the service. Spokesman Jim Allison said BART police will be staffing stations and trains and that the agency had already contacted San Francisco police.

The transit agency disabled the affected website, myBART.org, Sunday night after it also had been altered by apparent hackers who posted images of the so-called Guy Fawkes masks that anarchists have previously worn when showing up to physical protests.

The cyberattack came in response to the BART’s decision to block wireless service in several of its San Francisco stations Thursday night as the agency aimed to thwart a planned protest over a fatal shooting by transit police. Officials said the protest had been designed to disrupt the evening commute.

“We are Anonymous, we are your citizens, we are the people, we do not tolerate oppression from any government agency,” the hackers wrote on their own website. “BART has proved multiple times that they have no problem exploiting and abusing the people.”

BART spokesman Jim Allison described myBART.org as a “satellite site” used for marketing purposes. It’s operated by an outside company and sends BART alerts and other information to customers, Allison said.

The names and contact info published by Sunday came from a database of 55,000 subscribers, he said. He did not know if the group had obtained information from all the subscribers, he said, adding that no bank account or credit card information was listed.

Allison said that BART’s main website was protected from attacks as well.

Violation of free speech?

BART’s decision to shut down wireless access was criticized by many as heavy handed, and some raised questions about whether the move violated free speech.

The contretemps began Thursday night when BART officials blocked wireless access to disrupt organization of a demonstration protesting the July 3 shooting death by BART police who said the 45-year-old victim was wielding a knife.

Activists also remain upset by the 2009 death of Oscar Grant, an unarmed black passenger who was shot by a white officer on an Oakland train platform. The officer quit the force and was convicted of involuntary manslaughter after the shooting.

Facing backlash from civil rights advocates and one of its own board members, BART has defended the decision to block cellphone use, with Allison saying the cellphone disruptions were legal because the agency owns the property and infrastructure.

“I’m just shocked that they didn’t think about the implications of this. We really don’t have the right to be this type of censor,” Lynette Sweet, who serves on BART’s board of directors, said previously. “In my opinion, we’ve let the actions of a few people affect everybody. And that’s not fair.”

BART officials on Sunday were also working a strategy to try to block plans by protesters to try to disrupt service Monday.

“We have been planning for the protests that are said to be shaping up for tomorrow,” Allison said. He did not provide specifics, but said BART police will be staffing stations and trains and that the agency had already contacted San Francisco police.

Laura Eichman was among those whose email and home phone number were published by the hackers Sunday.

Data breach ‘completely unjustified': victim

“I think what they (the hackers) did was illegal and wrong. I work in IT myself, and I think that this was not ethical hacking. I think this was completely unjustified,” Eichman said.

She said she doesn’t blame BART and feels its action earlier in the week of blocking cellphone service was reasonable.

“It doesn’t necessarily keep me from taking BART in the future but I will certainly have to review where I set up accounts and what kind of data I’m going to keep online,” Eichman said.

Michael Beekman of San Francisco told the AP that he didn’t approve of BART’s move to cut cellphone service or the Anonymous posting.

“I’m not paranoid but i feel like it was an invasion of privacy,” he said. “I thought I would never personally be involved in any of their (Anonymous’) shenanigans.”

The group Anonymous, according to its website, does “not tolerate oppression from any government agency,” and it said it was releasing the User Info Database of MyBart.gov as one of many actions to come.

“We apologize to any citizen that has his information published, but you should go to BART and ask them why your information wasn’t secure with them. Also do not worry probably the only information that will be abused from this database is that of BART employees,” the statement said.

  • 0

DDoS bot masquerades as Java update

An especially virulent Trojan variant with DDoS capabilities has been spotted masquerading as a regular Java update and is being served both from legitimate and malicious sites, says BitDefender’s Loredana Botezatu.

The Trojan uses a number of infection techniques to assure itself of being spread far and wide – it can spread via USB drives, LANs, P2P networks, MSN and even send itself via email if Outlook Express is present on the computer.

Botezatu says that this particular Trojan is likely being used by bot herders who offer the services of their botnets in exchange for money.

In order to keep the victims from suspecting that their computer is infected, it uninstalls other bots (Cerberus, Blackshades, CyberGate, or OrgeneraL DDoS Bot Cryptosuite) if it finds them on the targeted computer.

It also adds itself to the list of authorized applications in the Windows Firewall so as not to trigger it, and tries to kill alerts issued by antivirus solutions (if present).

The communication between the bot and its master is executed via private messages. The bot master can schedule the activity of the Trojan by sending instructions detailing the hour and intensity of the attack and the targeted URL.

  • 0