Information Security News
The person who claims to have hacked an AOL e-mail account belonging to John Brennan, the director of the Central Intelligence Agency, has now released a small spreadsheet with alleged personal information for a number of former and current government officials. The sample includes phone numbers, social security numbers, e-mail addresses, and level of security clearance and employment status in some cases.
Ars has contacted several of the people on the list by phone, text, and e-mail, including Brennan and the former deputy director of intelligence at the CIA, Jami Miscik. A male voice responded to the number listed for Miscik, and when Ars asked for her, the voice said it was the wrong number and hung up. No others immediately responded.
Update (10/19, 5:45p CT): Twitter has suspended the @_CWA_ account through which the information was released.
Former White House Advisor: Marry Infosec To Economics
... Former cybersecurity advisor to the White House Melissa Hathaway says Western democratic nations' current use of data collection and surveillance technologies is "alarming" and that to improve Internet security, nations need to wed their infosec ...
by Sean Gallagher
Late last month, President Barack Obama and Chinese President Xi Jingping announced that they had reached an agreement that the two countries would not conduct economic espionage or hack commercial targets. But just one day later, China-based hackers attempted to breach the network of a US technology company, according to a report published today by the security firm CrowdStrike.
"Over the last three weeks, the CrowdStrike Falcon platform has detected and prevented a number of intrusions into our customers’ systems from actors we have affiliated with the Chinese government," Dimitri Alperovitch, the chief technology officer of CrowdStrike, wrote in a blog post today. "Seven of the companies are firms in the Technology or Pharmaceuticals sectors, where the primary benefit of the intrusions seems clearly aligned to facilitate theft of intellectual property and trade secrets, rather than to conduct traditional national-security related intelligence collection, which the Cyber agreement does not prohibit."
The White House fact sheet on the summary of agreements made during President Xi's visit states, "The United States and China agree that neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors."
Posted by InfoSec News on Oct 19http://www.networkworld.com/article/2994359/facebook-warns-users-of-potential-state-sponsored-attacks.html
The apps, which at most recent count totaled 256, are significant because they expose a lapse in Apple's vetting process for admitting titles into its highly curated App Store. They also represent an invasion of privacy to the one million people estimated to have downloaded the apps. The data gathering is so surreptitious that even the individual developers of the affected apps are unlikely to know about it, since the personal information is sent only to the creator of the software development kit used to deliver ads.
"This is the first time we've found apps live in the App Store that are violating user privacy by pulling data from private APIs," Nate Lawson, the founder of security analytics startup SourceDNA, told Ars, referring to the application programming interfaces built into iOS. "This is actually an obfuscated toolkit for extracting as much private information as it can. It's definitely the kind of stuff that Apple should have caught."
Posted by InfoSec News on Oct 19http://arstechnica.com/tech-policy/2015/10/us-charges-hacker-with-providing-isil-info-on-us-military-personnel/
Posted by InfoSec News on Oct 19http://www.defenseone.com/threats/2015/10/signs-point-china-us-research-facility-hack/122897/
Posted by InfoSec News on Oct 19http://nypost.com/2015/10/18/stoner-high-school-student-says-he-hacked-the-cia/
Posted by InfoSec News on Oct 19http://www.nextgov.com/cybersecurity/2015/10/making-case-cyber-defense-spending-local-government/122901/
Posted by InfoSec News on Oct 19http://www.wsj.com/articles/report-warns-of-chinese-hacking-1445227440
Posted by InfoSec News on Oct 19http://www.theregister.co.uk/2015/10/16/navy_engineer_attempted_espionage/
Last time I helped out someone with ransomware over at the Bleeping Computer forums, I was able to recover the ransomed JPEG files.
A first look at the file with the file command did not help me:
[email protected]: data
Neither did a look at the header with a hex editor tell me much more.
But when I analyzed the file with one of my tools to calculate byte statistics (byte-stats.py), I noticed something:
The file has a high byte entropy: 7.815519, thats almost the maximum (8.0). So the file appears to be a set of random bytes, e.g. an encrypted file.
But my program not only calculates the entropy for the whole file (along with other properties), but it also splits the file in buckets (10KB size by default) and calculates the entropy (and other properties) for each bucket. The second entropy value produced by the analysis (5.156678) is the lowest entropy calculated for the buckets (85 in total for this file). And an entropy of 5 is much lower than the entropy of encrypted or compressed data. So somewhere in this file there is data that doesn" />
Somewhere around position 0x5000, data doesn" />
The entropy of this file looks uniformly high.
I often look at the entropy when I analyze files. Many of my analysis tools include entropy calculations. For example, pecheck.py provides the entropy of each section of a PE file, allowing me to quickly identify packed sections.