Category Archives: CYBER ATTACKS

Machine learning can also aid the cyber enemy: Says NSA research chief

Smart cyber adversaries are starting to turn machine learning algorithms against the defence. But adversaries could be frustrated by deliberate cyber deception.

data-stealing-hand-representing-rookieai image www.intelagencies.com

Machine learning is one of the biggest buzzwords in cybersecurity in 2017. But a sufficiently smart adversary can exploit what the machine learning algorithm does, and reduce the quality of decision-making.

“The concern about this is that one might find that an adversary is able to control, in a big-data environment, enough of that data that they can feed you in misdirection,” said Dr Deborah Frincke, head of the Research Directorate (RD) of the US National Security Agency/Central Security Service (NSA/CSS).

Adversarial machine learning, as Frincke called it, is “a thing that we’re starting to see emerge, a bit, in the wild”. It’s a path that we might reasonably believe will continue, she said.

As one example, an organisation may decide to use machine learning to develop a so-called “sense of self” of its own networks, and build a self-healing capability on top of that. But what if an attacker gets inside the network or perhaps was even inside the network before the machine learning process started?

“Their behaviour now becomes part of the norm. So in a sense, then, what I’m doing is that I’m protecting the insider. That’s a problem,” Frincke said.

“What’s also interesting in the data science, is that if you are using a data-driven algorithm, [that algorithm] is what feeds the machine learning technique that you disseminate. Unless you keep that original data, you are not going to know what biases you built into your machine learning approach.

“You would have no way of that needle in the haystack, because you threw away the haystack, and all that’s left are the weightings and the neural networks and so on.”

Machine learning has other limitations too.

In 2016, for example, Monash University professor Tom Drummond pointed out that neural networks, one of the fundamental approaches to machine learning, can be led astray unless they’re told why they’re wrong.

The classic example of this problem dates back to the 1980s. Neil Fraser tells the story in his article Neural Network Follies from 1998.

The Pentagon was trying to teach a neural network to spot possible threats, such as an enemy tank hiding behind a tree. They trained the neural network with a set of photographs of tanks hiding behind trees, and another set of photographs of trees but no tanks.

But when asked to apply this knowledge, the system failed dismally.

“Eventually someone noticed that in the original set of 200 photos, all the images with tanks had been taken on a cloudy day, while all the images without tanks had been taken on a sunny day,” Fraser wrote.

“The military was now the proud owner of a multi-million dollar mainframe computer that could tell you if it was sunny or not.”

Frincke was speaking at the Australian Cyber Security Centre (ACSC) conference in Canberra on Wednesday. While she did point out the limits of machine learning, she also outlined some defensive strategies that the NSA has found to be effective.

Organisations can tip the cybersecurity balance of power more in their favour by learning to deceive or hide from the adversary, for example.

By its very nature, network defence is asymmetric. That imbalance is usually expressed as the defender having to close off every security vulnerability, while the attacker only has to be right once.

“On the face of it there should be something we should be able to do about that. You’d think there’d be some home-court advantage,” Frincke said.

Traditionally, organisations have tried to make their data systems as efficient as possible. It makes the network more manageable. But from an attacker’s point of view, it’s easy to predict what’s going on in any given system at any given time.

Taking a defensive deception approach, however, means building an excess capacity, and then finding ways to leverage that excess capacity to design in a deceptive or a changing approach. That way, an attacker can’t really tell where the data is.

If you process data in the cloud, then one simple example might be to duplicate your data across many more nodes than you’d normally use, and switch between them.

“If you’re trying to do an integrity attack, changing that data out from under me, you don’t know which of, say, those hundred nodes I’m using. Or I might be looking at a subset of those nodes, say three, and you don’t know which ones I’m using. So you could try to change them all at once [but] that’s a lot harder,” Frincke said.

The RD’s research has shown that this approach increases the attacker’s cognitive load and plays on their cognitive biases.

“We can try to lead them into making wrong decisions. In other words, we’re frustrating them. We’re trying to make them work too hard, to gain ground that they don’t need. And that will make it easier for us to find them,” Frincke said.

“It’s a little bit like the old honeypot [or] honeynet writ large, but designed into the system as an integral part of the way that it works, and not an add-on.”

The downside to defensive deception is that it’s harder to manage.

“Now I have to do more work as a system manager, and as a pro designer, I need to be sure I know which one of those three of the hundred I should use, otherwise I could end up shooting myself in the foot, especially if I’ve [been] deploying some kind of misleading changes for the adversary,” Frincke said.

www.spydrones.com

CLUB LIBIDO BANNER BRUNETTE I LOVE YOU SIGN

Henry Sapiecha

RUSSIAN HACKERS BUSY WITH ATTACKS ON THE NEW YORK TIMES & OTHER USA TARGETS

The sun peaks over the New York Times Building in New York August 14, 2013.  REUTERS/Brendan McDermid

The sun peaks over the New York Times Building in New York August 14, 2013. REUTERS/Brendan McDermid

The New York Times said on Tuesday its Moscow bureau was targeted by a cyber attack this month but that there was no evidence the hackers, believed to be Russian, were successful.

“We are constantly monitoring our systems with the latest available intelligence and tools,” Times spokeswoman Eileen Murphy told the newspaper. “We have seen no evidence that any of our internal systems, including our systems in the Moscow bureau, have been breached or compromised.”

Earlier on Tuesday, CNN, citing unnamed U.S. officials, reported that the Federal Bureau of Investigation and other U.S. security agencies were investigating cyber breaches targeting reporters at the Times and other U.S. news organizations that were thought to have been carried out by hackers working for Russian intelligence.

“Investigators so far believe that Russian intelligence is likely behind the attacks and that Russian hackers are targeting news organizations as part of a broader series of hacks that also have focused on Democratic Party organizations, the officials said,” CNN reported.

The FBI declined a Reuters’ request for comment. Representatives for the U.S. Secret Service, which has a role in protecting the country from cyber crime, did not reply to a request for comment.

A government official briefed on the inquiry told the Times the FBI was looking into the attempted cyber attack but was not carrying out similar investigations at other news organizations.

The Times had not hired outside firms to investigate the attempted intrusion, contrary to the CNN report, Murphy said.

News of the cyber attack comes amid a wave of similar attacks targeting major U.S. political parties that have surfaced in recent weeks ahead of the Nov. 8 presidential election.

The Democratic National Committee, Democratic presidential nominee Hillary Clinton’s campaign and the party’s congressional fundraising committee have all been affected.

Hackers have also targeted the computer systems of Republican presidential nominee Donald Trump and Republican Party organizations, sources have told Reuters.

A breach at the Times would not be the first time foreign hackers infiltrated a news organization. Media are frequently targeted in order to glean insights into U.S. policies or to spy on journalists.

In 2013, a group of hackers known as the Syrian Electronic Army attacked the Times and other media outlets. Chinese attackers also infiltrated the Times that year.

(Reporting by Dustin Volz, John Walcott, Mohammad Zargham and Eric Walsh in Washington, and Jessica Toonkel in New York; Writing by Susan Heavey and Eric Walsh; Editing by Frances Kerry and Peter Cooney

 

Confirmed_Profile_1_300_250

Henry Sapiecha

 

HERE IS HOW THE INFIDELITY SITE ASHLEY MADISON LET THEIR CLIENTS DOWN WITH THEIR LACK OF ADEQUATE SECURITY

Joint investigation by the Australian and Canadian privacy commissioners finds infidelity website fabricated security qualifications, was storing passwords in plain text.

ASHLEY MADISON DATE SITE SCREEN IMAGE www.intelagencies.com

AshleyMadison used inadequate privacy and security technology while marketing itself as a discreet and secure way for consenting adults to have affairs, the Office of the Privacy Commissioner of Canada says.

In a report Tuesday, the privacy watchdog says the Toronto-based company violated numerous privacy laws in Canada and abroad in the era before a massive data breach exposed confidential information from their clients to hackers.

The hack stole correspondence, identifying details and even credit card information from millions of the site’s users. At the time of the breach in July 2015, AshleyMadison claimed to have 36 million users and took in more than $100 million in annual revenue.

The resulting scandal cost the company about a quarter of its annual revenues from irate customers who demanded refunds and cancelled their accounts.

Working with a similar agency in Australia, the privacy group says the company knew that its security protocols were lacking but didn’t do enough to guard against being hacked. The company even adorned its website with the logo of a “trusted security award” — a claim the company admits it fabricated.

Poor habits such as inadequate authentication processes and sub-par key and password management practices were rampant at the company, the report found.

Much of the company’s efforts to monitor its own security were “focused on detecting system performance issues and unusual employee requests for decryption of sensitive user data,” the report found.

The company also inappropriately retained some personal information after profiles had been deactivated or deleted by users and did not adequately ensure the accuracy of customer email addresses, the report said. This meant that some people who had never signed up for Ashley Madison were included in databases published online after the hack, it said.

“Handling huge amounts of this kind of personal information without a comprehensive information security plan is unacceptable,” privacy commissioner Daniel Therrien said in a statement. “This is an important lesson all organizations can draw from the investigation.”

The company co-operated with the privacy watchdog’s investigation and has agreed to a compliance agreement. That means if it is found later to have ignored any of the report’s recommendations, it could be held liable in court.

“The company continues to make significant, ongoing investments in privacy and security to address the constantly evolving threats facing online businesses. These investments are the cornerstone of rebuilding consumer trust over the long term,” company CEO Rob Segal said in a statement.

www.mylove-au.com

www.club-libido.com

www.clublibido.com.au

With files from The Canadian Press and Reuters

Beautiful_Russian_5_300_250

Henry Sapiecha

 

Snowden: Exposure of Alleged NSA Tools May Be Warning to U.S.

nsa-logo-sign image www.intelagencies

National Security Agency leaker Edward Snowden says the exposure of malicious software allegedly linked to his former employer may be a message from Moscow, adding a layer of intrigue to a leak that has set the information security world abuzz.

Technical experts have spent the past day or so picking apart a suite of tools purported to have been stolen from the Equation Group, a powerful squad of hackers which some have tied to the NSA. The tools materialized as part of an unusual electronic auction set up by a group calling itself “Shadow Brokers,” which has promised to leak more data to whoever puts in a winning bid.

In a series of messages posted to Twitter, Snowden suggested the leak was the fruit of a Russian attack on an NSA malware server and could be aimed at heading off U.S. retaliation over allegations that the Kremlin was trying interfere in America’s electoral process.

“Circumstantial evidence and conventional wisdom indicates Russian responsibility,” Snowden said. “This leak is likely a warning that someone can prove U.S. responsibility for any attacks that originated from this malware server. That could have significant foreign policy consequences. Particularly if any of those operations targeted U.S. allies. Particularly if any of those operations targeted elections.”

Snowden did not immediately return messages seeking additional comment. The NSA did not immediately return emails seeking comment on his claim. Messages sent to an address registered by the Shadow Brokers were not returned.

The Equation Group was exposed last year by antivirus firm Kaspersky Lab, whichdescribed it at the time as a “God of cyberespionage.” Many have since speculated that the NSA is behind the group, although attribution in the field of cyberespionage is a notoriously tricky issue.

Meet_Russian_300_250

Henry Sapiecha

Phishing, sophisticated attacks most troubling to IT security pros

Staffing, training, budget shortfalls impact ability to protect organization.

black-hat-attendee-survey-graphic-2016 image www.intelagencies.com

www.scamsfakes.com

www.crimefiles.net

IT security professionals fear phishing and sophisticated attacks the most, but worry that staffing, training and budget shortfalls will hinder their ability to protect their organizations.

Adding to the anxiety, 72% of respondents said they felt it is likely their organizations would face a major data breach in the next 12 months. Fifteen percent said they had “no doubt” they would face a major security breach in the next year.

Those results are part of the findings of the 2016 Black Hat Attendee Survey, which was conducted in June with 250 security professionals. The annual Black Hat USA conference kicks off next week in Las Vegas.

The looming threat that eats at IT is phishing and other social engineering attacks. According to this year’s 2015 Verizon Data Breach Investigations Report, 30% of phishing messages were opened by the target recipient, up from 23% just last year. In addition, 12% clicked on the attachment that launched the malicious attachment, up from 11% in 2014.

Those numbers point to another finding in the Black Hat Attendee Survey, 28% of IT security pros said end-users who violate security policy are the weakest part of the corporate security chain. It’s a familiar refrain and a reality that today can come with damaging consequences.

On top of these concerns, the survey showed that companies are facing a serious shortage of qualified security pros. In the survey, 74% of respondents said they don’t have enough staff to deal with the threats they expect to see in the next 12 months.

And it gets worse. Those same IT security pros says they are not spending enough time on the things that most concern them, but instead are tasked with “measuring risk (35%), managing compliance with industry and regulatory requirements (32%), and troubleshooting security vulnerabilities in internally developed applications (27%).”

The survey indicated the gap between concerns and day-to-day actions is growing, and respondents said they were fearful that they are losing the war against cyber crime

Beautiful_Russian_1_300_250

Henry Sapiecha

 

Bank joins Interpol cyber-crime fighting centre

Barclays Bank is the first bank to have an analyst working alongside cyber-crime experts at Interpol’s research and development facility.

lock-hacked-security-symbol image www.intelagencies.com

Barclays is to become the first bank to have a cybercrime analyst working full-time alongside police at Interpol’s Cyber Fusion Centre to improve information-sharing and response to imminent security threats

OPM data breach’s big question: What’s fingerprint data worth in future cyber attacks?

Federal agencies and the intelligence community will form a working group to examine how fingerprint data can be used in future attacks.

Interpol’s centre in Singapore allows law enforcement, the private sector, and academia to work together, sharing threat information and developing responses.

The Barclays cybercrime analyst will join other experts from Cyber Defense Institute, Kaspersky Lab, LAC, NEC, SECOM, Trend Micro, the University of South Australia, and the University of Waikato in New Zealand who are already based at the Interpol Global Complex for Innovation (IGCI).

“The scale and complexity of today’s cyberthreat landscape means cooperation across all sectors is vital,” said Noboru Nakatani, the IGCI’s executive director.

Interpol said its agreement with Barclays will broaden joint efforts in cybersecurity through intelligence sharing, training, and awareness about cyber threats mitigation, and providing recommendations for public and private institutions on strengthening their cyber-resilience.

Barclay’s Group Chief Information Security Officer Troels Oerting said: “Preventing cybercrime and keeping our citizens safe from being victims of crime in cyberspace is a global task and cannot be done without the involvement of Interpol.”

Banks are among the businesses most commonly targeted by cyber criminals. Last month HSBC said it had defended itself against a major DDoS (Distributed Denial of Service) attack and was working closely with law enforcement authorities to pursue the criminals responsible.

Beautiful_Russian_4_300_250

Henry Sapiecha

www.crimefiles.net

www.scamsfakes.com

 

Hacker claims to be selling millions of Twitter account details

The hacker has links to the MySpace, LinkedIn, & Tumblr “mega breaches.”

twitter-offices-signage image www.intelagencies.com

A hacker, who has links to the recent MySpace, LinkedIn, and Tumblr data breaches, is claiming another major tech scalp — this time, it’s said to be millions of Twitter accounts.

A Russian seller, who goes by the name Tessa88, claimed in an encrypted chat on Tuesday to have obtained the database, which includes email addresses (and sometimes two per person), usernames, and plain-text passwords.

Tessa88 is selling the cache for 10 bitcoins, or about $5,820 at the time of writing.

The seller said they obtained 379 million accounts as early as 2015. That would be far more than its 310 million monthly active users, but could account for cumulative accounts, such as inactive users.

An analysis of the database by LeakedSource, a breach notification site which received the database from the seller on Wednesday, showed there are in fact over 32 million purported accounts in the database, after duplicates were removed.

LeakedSource said in a blog post that it was unlikely that Twitter was breached, and pointed to malware as the culprit.

“The explanation for this is that tens of millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter,” the blog post said.

The group said it was able to verify the passwords associated with 15 users. LeakedSource shared a portion of the database with me. Two colleagues whose email addresses were in the database were able to verify their password. A third colleague said they had not used the email address found in the database to join Twitter.

LeakedSource said that the passwords were likely “stolen directly from consumers, therefore they are in plaintext with no encryption or hashing.” The groups said it did not believe that Twitter stored data in plain-text at the time the data was taken, thought to be around 2014.

“These credentials however are real and valid,” said the group. “The lesson here? It’s not just companies that can be hacked, users need to be careful too.”

As we’ve seen in recent data breaches, the most common password was “123456,” with the third and fourth password being “qwerty” and “password” respectively.

A Twitter spokesperson said in prepared statement: “We are confident that these usernames and credentials were not obtained by a Twitter data breach — our systems have not been breached. In fact, we’ve been working to help keep accounts protected by checking our data against what’s been shared from recent other password leaks.”

In a recent tweet, the company also said that it periodically checks its data against recent password leaks to ensure that accounts stay secure.

Given the high-profile Twitter account takeovers in recent days — which included Facebook co-founder Mark Zuckerberg — it would be an easy assumption to make that Twitter had been hacked.

But Zuckerberg’s account was not in the database obtained by LeakedSource, the blog post said.

The hackers who took over Zuckerberg’s account said at the time they acquired his “dadada” password from the LinkedIn breach.

When asked, a LinkedIn spokesperson declined to comment, pointed to a recently-updated company blog post, but ruled out any new breach, and advised users to change any re-used passwords on other sites.

f6

Henry Sapiecha

Nearly all companies still can’t spot incoming cyber attacks

Almost all organisations are vulnerable to hackers due to lack of cyber security staff or tools, report states.

cybersecurity-with-lock symbol image www.intelagencies.com

Businesses know of cyberthreats – but lack the resources to adequately monitor them

Four out of five businesses lack the required infrastructure or security professionals with relevant skills to spot and defend against incoming cyberattacks.

According to a new report by US cybersecurity and privacy think tank Ponemon Institute on behalf of cybersecurity firm BrandProtect, 79 percent of cybersecurity professionals say that their organisations are struggling to monitor the internet for the external threats posed by hackers and cybercriminals.

Just 17 percent of respondents say that they have any sort of formal process in place for intelligence gathering which is applied across the whole company.

The report found that 38 percent of organisations don’t have any policy on threat intelligence gathering at all, while 23 percent have an approach that is ‘ad hoc’ at best. A further 18 percent say they do have a formal process in place, but it isn’t applied across the entire enterprise.

The Ponemon Institute claimed that businesses are on average experiencing more than one external cyberattack a month, with these repeated security breaches resulting in an annual average cost of around $3.5m.

But while many companies are failing to properly monitor external threats, the majority do recognise that they should be carrying out activities such as monitoring mobile apps, looking out for social engineering and phishing attempts, and keeping an eye on cyber threats – around 60 percent of respondents listed these activities as essential or very important to their business.

So why aren’t more organisations actively pursuing these leads in the interests of protecting themselves against hacks and data breaches? The study reported that there’s an insufficient awareness of risk across whole organisation.

Half of respondents suggested that this was one of the main barriers to achieving effective cybersecurity, while almost as many described a lack of knowledgeable staff and a lack of tools as barriers to this goal – echoing previous reports of a severe lack of cybersecurity professionals and understanding of the risks caused by poor defences.

f4y

Henry Sapiecha

Fault Lines – Cyber-war video report

Cyberwar. A conflict without footsoldiers, guns, or missiles.

Instead the attacks are launched by computer hackers. Digital spy rings. Information thieves. Cyberarmies of kids, criminals, terrorists – some backed by nation states.

In the US there Is a growing fear that they pose a massive threat to national security, and a conviction that the world’s military superpower must prepare for the fight ahead.

At stake: Crucial national infrastructure, high value commercial secrets, tens of billions of dollars in defence contracts, as well as values like privacy and freedom of expression.

In this episode of Fault Lines, Josh Rushing enters the domain of “cyber” and speaks to a former US national security official turned cybersecurity consultant, a Silicon Valley CEO, a hacker, and those who warn of a growing arms race in cyberspace.

He asks: Is the US contributing to the militarisation of cyberspace? Are the reports of cyber threats being distorted by a burgeoning security industry? And are the battles being waged in cyberspace interfering with the Internet as we know it?

People featured in this film include: Josh Rushing, John Fraize, Darrel Covell, Rsignia, Keith Alexander, Redbeard, John Verdi, Jay Rockefeller, Olympia Snowe, Jim Lewis, Enrique Salam, Michael Chertoff.

DDG

Henry Sapiecha

Cybersecurity: The Real Cyber-war is all around you! Say experts in this video presentation

Published on Mar 10, 2015

In this video, Edward Rietscha, the Cyber security director for U.S. Army Training and Doctrine Command, discusses Cyber warfare and methods to identify weaknesses and protect ourselves from cyber attack. This is another presentation in TRADOC’s monthly civilian professional development series hosted by Ellen Helmerson, TRADOC G1-4 director. Jan. 20, 2015.

www.scamsfakes.com

www.crimefiles.net

www.ispysite.com

XCC

Henry Sapiecha