Information Security News
If it looked like the beginning of the Digital Pearl Harbor scenario pundits have been predicting for more than a decade, you probably were in good company. Earlier Wednesday, the New York Stock Exchange suddenly halted all trading, citing unexplained technical problems, while United Airlines grounded all flights, and The Wall Street Journal website returned a 504 error indicating there was something seriously wrong with the news organization's servers.
Within a couple of hours, operations at both United and WSJ.com were back to normal. Airline officials reportedly cited a network connectivity issue resulting from a faulty router and said they were working to get flights back on schedule. The WSJ, meanwhile, redirected visitors to a temporary site before eventually restoring the regular one. Officials at the news organization have yet to comment on the cause of the outage.
By that point, there was already good reason to suspect the outages weren't the work of malicious hackers, but that didn't stop officials at the White House, the Department of Homeland Security, and the NYSE from issuing statements saying the outages were not part of some sort of cyber attack. Shortly thereafter, at a little after 3pm New York time, the exchange finally reopened, nearly four hours after all trades had been suddenly halted. News organizations citing unnamed sources said the unprecedented outage was the result of a faulty software update that was installed before trading began Wednesday morning.
by Cyrus Farivar
Many years before his corporate e-mails would be plastered all over the Internet following a major security breach of his company, a young David Vincenzetti often posted to various Usenet groups, generally espousing his own pro-crypto views.
"The saving of privacy will be a very significant issue (and also a business) in the near future," he wrote, responding to a December 1999 article about then-presidential candidate Steve Forbes' speech on privacy and removing export controls on crypto.
The post is merely one of many retroactive discoveries happening as security onlookers revisit Vincenzetti's Usenet writings from the '90s in the wake of Sunday's Hacking Team breach. The file obtained from that hack—400GB of information distributed via BitTorrent (and published here)—reportedly includes not only various employee e-mails but also source code, financial documents, and more. And as the Daily Dot wryly observed early this week, Vincenzetti's online past indicates that “a younger Vincenzetti might as well have been coding a program to beat out his older self.”
Adobe Systems has updated its Flash media player to patch a vulnerability that attackers started exploiting soon after attack code leaked from the devastating Hacking Team breach.
As Ars reported Tuesday morning, the previously unknown Flash vulnerability was part of some 400 gigabytes of data dumped on the Internet by unknown attackers who hacked Hacking Team over the weekend. By Tuesday afternoon, the critical flaw was being targeted in the wild by an array of malware titles, including the Angler and Nuclear exploit kits, as first reported by Malwarebytes (and later documented by the security researcher known as Kafeine). The exploit has also been folded in to the Metasploit hacking framework.
The vulnerability is cataloged as CVE-2015-5119 and is active in Flash versions 18.104.22.168 and earlier. According to security firm Rapid 7, it stems from a use-after-free bug that can be exploited while Flash is handling ByteArray objects. The update is available for Windows, Mac OS X, and Linux systems. Adobe has credited Google's Project Zero and Morgan Marquis-Boire, director of security, First Look Media, for reporting the critical bug and working to protect Flash users.
In February 2013, Twitter detected a hack attack in progress on its corporate network. "This attack was not the work of amateurs, and we do not believe it was an isolated incident," a Twitter official wrote when disclosing the intrusion. Sure enough, similar attacks were visited on Facebook, Apple, and Microsoft in the coming weeks. In all four cases, company employees were exposed to a zero-day Java exploit as they viewed a website for iOS developers.
Now, security researchers have uncovered dozens of other companies hit by the same attackers. Alternately known as Morpho and Wild Neutron, the group has been active since at least 2011, penetrating companies in the technology, pharmaceutical, investment, and healthcare industries, as well as law firms and firms involved in corporate mergers and acquisitions. The developers of the underlying surveillance malware have thoroughly documented their code with fluent English, and command and control servers are operated with almost flawless operational security. The take-away: the threat actors are likely an espionage group in a position to profit on insider information.
"Morpho is a skilled, persistent, and effective attack group which has been active since at least March 2012," researchers from security firm Symantec wrote in a report published Wednesday. "They are well resourced, using at least one or possibly two zero-day exploits. Their motivation is very likely to be financial gain and given that they have been active for at least three years, they must be successful at monetizing their operation."
by Cyrus Farivar
Not one person has been fired at Hacking Team as a result of the significant breach of its servers on Sunday, according to Eric Rabe, a company spokesman.
"I don't know, I wouldn't anticipate that happening, but maybe if somebody was found to be negligent," he told Ars by phone early Wednesday morning from the company’s headquarters in Milan, Italy, where he was summoned shortly after the epic hack.
A 400GB file, distributed via BitTorrent, reportedly includes not only various employee e-mails but also source code, financial documents, and more. In recent years, Hacking Team sold its spyware—designed to combat criminal activity—to various governments globally (including American federal law enforcement). The company has even presented to Swiss and Canadian authorities.