Thursday, January 28, 2010

Hackers Taking Aim at Vital Infrastructure

An AP newswire article by Jordan Robertson, via, reports that:

More than half of the operators of power plants and other "critical infrastructure" say in a new study that their computer networks have been infiltrated by sophisticated adversaries. In many cases, foreign governments are suspected.

The findings come in a survey released Thursday that offers a rare public look at the damage computer criminals can do to vital institutions such as power grids, water and sewage systems, and oil and gas companies. Manipulating the computer systems can cause power outages, floods, sewage spills and oil leaks.

The report was based on a survey completed by 600 executives and technology managers from infrastructure operators in 14 countries. The report was prepared by McAfee Inc., which makes security software, and the Center for Strategic and International Studies in Washington, which analyzed the data and conducted additional interviews. The respondents aren't named and specifics aren't given about what happened in the attacks.

The report comes as concerns are growing about state-sponsored hacking and threats to critical infrastructure.

More here.

U.S. House Leaders Ask for Investigation Into Hackings

Nancy Gohring writes on PC World:

Two lawmakers criticized the Web services company that may have enabled the hacking of almost 50 government Web sites on Wednesday.

In a letter, House Speaker Nancy Pelosi, a California Democrat, and U.S. Representative John Boehner, an Ohio Republican, asked the U.S. House of Representatives' Chief Administration Officer to immediately assess how hackers managed to deface the Web sites of nearly 50 house members and committees.

The attack seemed to predominantly target Democrats and occurred around the same time that President Barack Obama gave his first State of the Union address. The hackers removed the regular content on the sites, replacing it with rude comments toward the president.

Pelosi and Boehner referred to a previous request to the CAO to review and tighten cybersecurity on the sites. "However, last night's actions indicate that further review of security procedures are needed," the letter reads.

More here.

U.S. Congressional Websites Defaced After Obama Speech

Jeremy Kirk writes on

More than two dozen Congressional websites have been defaced by the Red Eye Crew, a group known for its regular attacks on websites.

The sites, some of which were using the Joomla content management system (CMS), were wiped of their regular content and replaced with a message coarsely expressing disapproval for US President Barack Obama.

Democrats seemed to be predominantly targeted. The attacks came around the same time as Obama gave his first State of the Union address on Wednesday night.

The Red Eye Crew has defaced thousands of websites, and some of the attacks have been recorded by Zone-H, a website that keep tracks of defacements, according to the blog of the Praetorian Security Group. The latest attacks had not been listed by Zone-H yet.

More here.

Wednesday, January 27, 2010

Cambridge Researchers Knock 'Verified by Visa'

Tom Espiner writes on ZDNet UK:

The 'Verified by Visa' credit-card check has come under criticism from Cambridge University researchers, who said it is training online shoppers to adopt risky security habits.

The feature, which is used to authenticate online financial transactions, confuses users by not displaying security cues, security engineering researchers Ross Anderson and Steven Murdoch said in a paper [.pdf] published on Tuesday.

"The technical design of Verified by Visa trains people in appallingly bad security habits," Anderson told ZDNet UK. "It gives the wrong signals."

The protocol underlying Verified by Visa, as well competitor MasterCard's SecureCode service, is 3-D Secure (3DS). The protocol is implemented as an iframe pop-up box, said Anderson. The pop-up does not display any commonly used markers, such as a colour-coded browser bar or 'https' in the URL, that demonstrate the box has been secured using the Transport Layer Security (TLS) protocol.

Because of this, online buyers have no visual verification that the box is a valid part of the credit-card transaction. If they enter their password when asked without knowing for certain it is protected, that is a bad security habit, the paper's authors argue.

More here.

Tuesday, January 26, 2010

Texas Bank Sues Customer Hit by $800,000 Cyber Heist

Brian Krebs:

A machine equipment company in Texas is tussling with its bank after organized crooks swiped more than $800,000 in a 48-hour cyber heist late last year. While many companies similarly victimized over the past year have sued their banks for having inadequate security protection, this case is unusual because the bank is preemptively suing the victim.

Both the victim corporation – Plano based Hillary Machinery Inc. – and the bank, Lubbock based PlainsCaptial, agree on this much: In early November, cyber thieves initiated a series of unauthorized wire transfers totaling $801,495 out of Hillary’s account, and PlainsCapital managed to retrieve roughly $600,000 of that money.

PlainsCaptial sued Hillary on Dec. 31, 2009, citing a letter from Hillary that demanded repayment for the rest of the money and alleged that the bank failed to employ commercially reasonable security measures. The lawsuit asks the U.S. District Court for the Eastern District of Texas to certify that PlainsCapital’s security was in fact reasonable, and that it processed the wire transfers in good faith. The documents filed with the court allege that the fraudulent transactions were initiated using the defendant’s valid online banking credentials.

More here.

Monday, January 25, 2010

U.S. Oil Industry Hit by Cyber Attacks in 2008

Mark Clayton writes on The Christian Science Monitor:

At least three US oil companies were the target of a series of previously undisclosed cyberattacks that may have originated in China and that experts say highlight a new level of sophistication in the growing global war of Internet espionage.

The oil and gas industry breaches, the mere existence of which has been a closely guarded secret of oil companies and federal authorities, were focused on one of the crown jewels of the industry: valuable “bid data” detailing the quantity, value, and location of oil discoveries worldwide, sources familiar with the attacks say and documents obtained by the Monitor show.

The companies – Marathon Oil, ExxonMobil, and ConocoPhillips – didn’t realize the full extent of the attacks, which occurred in 2008, until the FBI alerted them that year and in early 2009. Federal officials told the companies proprietary information had been flowing out, including to computers overseas, a source familiar with the attacks says and documents show.

The data included e-mail passwords, messages, and other information tied to executives with access to proprietary exploration and discovery information, the source says.

While China’s involvement in the attacks is far from certain, at least some data was detected flowing from one oil company computer to a computer in China, a document indicates. Another oil company’s security personnel privately referred to the breaches in one of the documents as the “China virus.”

More here.

Chinese Human Rights Sites Hit by DDoS Attacks

Owen Fletcher writes on ComputerWorld:

Five Web sites run by Chinese human rights activists were attacked by hackers over the weekend, as a separate row continued between Google and China over political cyberattacks.

The Web site of Chinese Human Rights Defenders, an advocacy group, was hit by a distributed denial of service (DDoS) attack that lasted 16 hours starting Saturday afternoon, the group said in an e-mailed statement today.

More here.

Report: Attackers Sent Google Workers IMs From 'Friends'

Elinor Mills writes on C|Net News:

People behind the China-based online attacks of Google and other companies looked up key employees on social networks and contacted them pretending to be their friends to get the workers to click on links leading to malware, according to a published report on Monday.

"The most significant discovery is that the attackers had selected employees at the companies with access to proprietary data, then learnt who their friends were," the Financial Times reported. "The hackers compromised the social network accounts of those friends, hoping to enhance the probability that their final targets would click on the links they sent."

"We're seeing a lot more up-front reconnaissance, understanding who the players are at the company and how to reach them," George Kurtz, chief technology officer at security firm McAfee, told the Financial Times. "Someone went to the trouble to backtrack: 'Let me look at their friends, who I can target as a secondary person.'"

The attackers used a popular instant-messaging program to distribute the malware link to target employees, Kurtz said. The malware exploited a hole in Internet Explorer that Microsoft patched just last week.

More here.

Sunday, January 24, 2010

Programming Note: Off to Taipei... Again

Taipei, Taiwan, and the Taipei 101 Skyscraper

Blogging will be mostly non-existent this wek (beginning today) while business calls me away to Taiwan -- again.

My biggest regret -- sadly -- is that I'll miss my NY Jets playing the Indianapolis Colts in the AFC Championship game today. Fingers crossed for the J-E-T-S!

I'll be back on Saturday, so blogging should get back to normal (whatever that is) soon thereafter.

Thanks for reading.


- ferg