Shuyuan Mary Ho Metcalfe

Hackers have run rampant through the networks of at least five oil and gas firms for years, reveals a report compiled by security firm McAfee which details the methods and techniques the hackers used to gain access.

Via a combination of con tricks, computer vulnerabilities and weak security controls, the attackers gained access and stole secrets, it says.

The hacker group behind the attack targeted documents detailing oil and gas exploration and bidding contracts.

Greg Day, director of security strategy at McAfee, said that the attacks used to break into all the networks were built around code and tools widely available on the net’s underground.

As such, he said, they were not very sophisticated but that did not dent their effectiveness.

In its report detailing what it dubbed the Night Dragon attacks, McAfee said the series of co-ordinated attempts to penetrate at least a dozen multinational oil, gas and energy companies began in November 2009. Five firms had confirmed the attacks, said McAfee.

In a long-running campaign, the attacks continued and the hackers methodically worked to penetrate the computer networks of these firms.

The first stage of the attack was to compromise the external server running a company’s website. Hacker tools were then loaded on the compromised machine and used to lever open access to internal networks. Then, cracking tools were used to gather usernames and passwords and get deeper access.

Once embedded, the hackers disabled internal network settings so they could get remote access to machines on the corporate networks. Via this route, sensitive documents, proprietary production data and other files were found and pilfered.

McAfee said the information stolen was “tremendously sensitive and would be worth a huge amount of money to competitors”.

The concerted attacks on oil firms resemble other specific attacks such as Stuxnet which targeted Iran Mr Day said that although corporates were under attack all the time, the Night Dragon attack was no run of the mill incident.

“What makes this different is the very specific ongoing targeting of specific organisations with a very distinct purpose to what they were trying to achieve,” he said.

In that sense, he added, the attacks seemed to have a motive in common with that behind the Operation Aurora attacks on Google in China and the Stuxnet virus, which targeted industrial plant and machinery, and is thought to have been designed to attack Iran’s nuclear programme.

It was not clear if the Night Dragon attacks were state-sponsored, said Mr Day. Circumstantial evidence, such as the fact that all the attack activity took place during the Chinese business day, suggested China was involved but it was by no means conclusive.

Equally, the fact that during its investigation McAfee uncovered the identity of one individual based in China who provided invaluable aid and computer resources to those behind the attacks did not mean everything was backed by China.

The clues could be misdirection, said Mr Day.

“The attackers did not seem to be at all careful in covering their trail,” he said. “Was that just they were not that skilled or were they trying to leave a bread crumb trail to paint a false picture?”

Corporates were going to have to get much better at analysing the attacks hitting them, said Mr Day, if they were to avoid falling victim in a similar way.

“We have had a decade of cyber crime all about ‘write it, randomly spray it and see who falls foul’,” he said. “In the next decade many attacks will have a more specific purpose and they will keep going until they are successful.”

From the BBC: http://www.bbc.co.uk/news/technology-12416580

OSLO (Reuters) – Anti-secrecy website WikiLeaks has been nominated for the 2011 Nobel Peace Prize, the Norwegian politician behind the proposal said on Wednesday, a day after the deadline for nominations expired.

The Norwegian Nobel Committee accepts nominations for what many consider as the world’s top accolade until February 1, although the five panel members have until the end of the month to make their own proposals.

Norwegian parliamentarian Snorre Valen said WikiLeaks was “one of the most important contributors to freedom of speech and transparency” in the 21st century.

“By disclosing information about corruption, human rights abuses and war crimes, WikiLeaks is a natural contender for the Nobel Peace Prize,” Valen said.

Members of all national parliaments, professors of law or political science and previous winners are among those allowed to make nominations. The committee declined to comment on the WikiLeaks proposal or any other nominations.

Washington is furious at WikiLeaks and its founder Julian Assange for releasing tens of thousands of secret documents and diplomatic cables which it says have harmed U.S. interests abroad, including peace efforts.

Assange, An Australian, faces extradition to Sweden from Britain for questioning in a sex case which he and his supporters say is a smear campaign designed to close down WikiLeaks, a non-profit organization funded by the public and rights groups.

Awarding WikiLeaks the prize would be likely to provoke criticism of the Nobel Committee, which has courted controversy with its two most recent choices, jailed Chinese pro-democracy activist Liu Xiaobo and President Barack Obama a few months after his election.

NOBEL DEFINITION STRETCHED

The prize was endowed by Alfred Nobel, the Swedish inventor of dynamite, who said in his will it was to be awarded to whoever “shall have done the most or the best work for fraternity between nations, for the abolition or reduction of standing armies and for the holding and promotion of peace congresses.”

In past decades the committee, appointed by the Norwegian parliament, has stretched Nobel’s definition to include human rights, climate activism and even micro-financing, which have been a source of criticism from Nobel traditionalists.

Nobel watchers say a prize for WikiLeaks would highlight the growing role of specialist Internet sites and broad access social media in bringing about world change.

Sites such as Twitter and YouTube have played important roles in mobilizing people in countries with a tight grip on official media, such as Egypt where mass anti-government protests have been taking place.

Kristian Berg Harpviken of the PRIO peace think tank in Oslo agreed that innovative use of “new tools for bringing about peace” could be a major theme in this year’s Nobel, but he said he expected the prize to go to a woman after a series of male recipients.

His strongest tip was the Russian human rights group Memorial and its leader, Svetlana Gannushkina.

The nomination deadline may make it difficult for Middle East nominees should mass protests there produce peace.

Egypt’s Mohamed ElBaradei won the prize in 2005 as head of the International Atomic Energy Agency, the U.N. nuclear watchdog. Although theoretically possible, no individual has won the peace prize twice. The Red Cross has won three times.

From Talkingpointsmemo.com: http://www.talkingpointsmemo.com/news/2011/02/wikileaks_among_nominees_for_nobel_peace_prize.php?ref=fpa

Cyber criminals and state adversaries pose a threat to both national security and our economy by threatening infrastructure, defense systems and global communications. Criminals and hackers probe U.S. government computer networks millions of times every day, about 9 million Americans have their identities stolen each year and cyber crime costs large American businesses $3.8 million a year. More than $1 trillion worth of and intellectual property has already been stolen from American businesses.

Yesterday Senate Democrats introduced a bipartisan bill to stop state actors, criminals and terrorists in cyberspace determined to harm America’s economy and national security by attacking our technology infrastructure. The bill is sponsored by Senate Majority Leader Harry Reid and the chairs of seven committees of jurisdiction, Chairs Joe Lieberman, Jay Rockefeller, Carl Levin, Patrick Leahy, Dianne Feinstein, John Kerry and Jeff Bingaman.

“Today we rely more heavily than ever on technology to run everything from power plants to missile systems to personal computers,” Sen. Reid said. “Cyber attack could, for example, bring down our nation’s air traffic control system in a matter of seconds, with devastating impact on the economic vitality of tourist destinations throughout Nevada and our country. We must strengthen security to ensure that never happens.”

The Lieberman-Collins measure isn’t designed or intended to give broad new authority to the executive branch (nor establish an “Internet Kill Switch”). Instead, it was designed to, with the help of the industry, to determine which infrastructure was actually critical and how to best protect it to prevent a catastrophic event and mitigate the fallout from one based on existing authority.

From the Democratic Senators website: http://democrats.senate.gov/newsroom/record.cfm?id=330568&

Glenn Duffie Shriver from Michigan was sentenced to 48 months in prison for conspiring to provide national defense information to intelligence officers of the People’s Republic of China (PRC).

On Oct. 22, 2010, Shriver pleaded guilty to a one-count criminal information charging him with conspiracy to communicate national defense information to a person not entitled to receive it.

“Mr. Shriver sold out his country and repeatedly sought a position in our intelligence community so that he could provide classified information to the PRC,” said U.S. Attorney MacBride.

According to a statement of facts filed with his plea agreement, Shriver is proficient in Mandarin Chinese and lived in the PRC both as an undergraduate student and after graduation.

While living in Shanghai in October 2004, Shriver developed a relationship with three individuals whom he came to learn were PRC intelligence officers. At the request of these foreign agents, Shriver agreed to return to the United States and apply for positions in U.S. intelligence agencies or law enforcement organizations.

Shriver admitted in court that he knew that his ultimate objective was to obtain a position with a federal department or agency that would afford him access to classified national defense information, which he would then transmit to the PRC officers in return for cash payments.

From 2005 to 2010, Shriver attempted to gain employment as a U.S. Foreign Service Officer with the Department of State and as a clandestine service officer with the Central Intelligence Agency.

Shriver admitted that, during this time, he maintained frequent contact with the PRC intelligence officers and received more than $70,000 in three separate cash payments for what the officers called his “friendship.”

From HelpNet Security: http://www.net-security.org/secworld.php?id=10484

The uncovering of a Russian spy ring in the U.S. demonstrates that while the Cold War may have thawed, international espionage continues to thrive.

Russia is fielding an army of spies in the U.S. that is at least equal in number to the one deployed by the old, much larger Soviet Union, security experts say. The Bear is indeed back without the restraints of the Cold War and it’s easier than ever for Russian intelligence officers to meet, develop and recruit Americans.

In a plot right out of a spy novel, the Russian “illegals” lived for more than a decade in American cities and suburbs where they seemed to be ordinary couples working ordinary jobs. Experts on Russian intelligence expressed astonishment at the scale, longevity, and dedication of the “sleeper” program.

None of this is a surprise for KGB veteran Major General Oleg Kalugin who will be among an impressive faculty of speakers from industry and government sharing their insights and expertise at NSI’s IMPACT ’11 Conference and Expo on April 4-6, 2011 in Chantilly, VA.

General Kalugin will discuss the state of Russia’s security and intelligence organization today explaining the shift in foreign intelligence emphasis to economic, military and technological espionage with the United States viewed officially as Priority #1 rather than Enemy #1. He will share his insights into today’s Russia, the resurgence of the KGB and how Russia is targeting our nation’s most valuable secrets.”

From the National Security Institute: http://nsi.org/Impact11/Info3.html

Two men have been charged today with allegedly hacking AT&T’s servers to obtain the information of 120,000 iPad users, including some boldface names like Hollywood mogul Harvey Weinstein, New York Mayor Michael Bloomberg and President Obama’s former chief of staff.

File photo of an AT&T Wireless store July 23, 2008 in San Francisco, California. U.S. prosecutors accused two men of hacking AT&T Inc.â??s computer servers to steal e-mail addresses and personal data of about 120,000 Apple Inc. iPad users. Then they allegedly bragged about it.

The hack attack occurred during the initial release of Apple’s tablet computer, court documents state.

According to the complaint filed by the FBI in Newark, Spitler and Auernheimer allegedly used a “brute force” hack tactic over several days last June on AT&T servers to uncover email addresses related to iPad accounts.

From ABC News Media: http://abcnews.go.com/TheLaw/att-network-ipad-hack/story?id=12639585

Modern smart keys use radio frequencies to let drivers unlock and start a vehicle without fumbling with a key fob. Now European researchers have found such systems can be hacked, letting thieves easily steal your car.

While many of the hacks require access to the car’s diagnostic port, one team was able to wirelessly set off faults through tire pressure sensors.

The research by the team from the Swiss Federal Institute of Technology targeted a new weakness; the smart key fobs common on luxury vehicles and spreading to mainstream models that allow a driver to unlock doors and start a vehicle without touching the fob. Using radio signals, the fob and vehicle send encrypted signals to each other over short distances, and while other researchers had suggested the fobs could be vulnerable, no one had put the idea to a test.  The research paper is here: http://eprint.iacr.org/2010/332.pdf

A booby-trapped Kama Sutra-themed presentation will plant a backdoor when run on Windows machines, security watchers warn.

From the Register (UK): http://www.theregister.co.uk/2011/01/12/powerpoint_backdoor_trojan_wheeze/

The supposed PowerPoint presentation file – called Real kamasutra.pps.exe* – supposedly demonstrates different sexual positions. The file does include a NSFW slideshow of 13 different positions, but this is just a decoy.

The real purpose of the distribution is to install a Trojan called AdobeUpdater.exe, and identified by net security firm Sophos as Bckdr-RFM. Compromised machines might be used to send spam or spy on users, among other malicious purposes.

Hackers would be able to update compromised machines with other strains of malware, so all manner of badness might be possible, as explained in a blog entry by Sophos’s (appropriately monikered, especially in this case) Naked Security blog here. ®

*The malicious file uses the old double extension ruse, a mainstay of virus writing for many years. While a casual glance might fool users into thinking it is a PowerPoint document, the file is actually an executable.