Monday, February 13, 2017
Russian hackers pose increasing threat to UK's national security
A code associated with the
Russian hacking operation dubbed Grizzly Steppe by the Obama administration has
been detected within the system of a Vermont utility, according to U.S.
officials.
While the Russians did not actively use the code to
disrupt operations, according to officials who spoke on the condition of
anonymity to discuss a security matter, the discovery underscores the
vulnerabilities of the nation’s electrical grid. And it raises fears in the
U.S. government that Russian government hackers are actively trying to
penetrate the grid to carry out potential attacks.
The Cold War may be over, but cyber war
between Russia and the West is hotting up, per the Government’s new cyber-security chief.
Britain is increasingly being targeted by
Russian state-sponsored cyber-attacks, including attempts to steal top-secret
national security details and to intervene in the democratic process, claims
Ciaran Martin, who heads up GCHQ’s new National Cyber Security Centre (NCSC).
Mr Martin made his comments in an interview with The Sunday Times, warning
that Britain is being hit by 60 “significant” cyber-attacks each month, some of
which attempt to undermine the democratic process as well as national security.
Concern has been growing about the amount of so-called fake news coming from Russian
media outlets which is being a concerted disinformation campaign by the Kremlin to disrupt world
politics, including in the UK.
An attempt to disrupt the 2015 general election was thwarted by GCHQ in a cyber-attack
the security service said was the first of its kind.
“However, the level of sophistication is such that we keep very
vigilant and I expect that there will be a category 1 incident at some point in
the future.”
And he claimed that as well as trying to
uncover sensitive Government information, Russian and Chinese-sponsored hackers
were going for “soft targets” including charities and local councils for
personal data and universities for potentially lucrative research.
“We shouldn’t be defeatist about this — there’s plenty we
can do to strengthen defences at all levels.
“I want them to see the UK as the hardest
target (and they do) . . . and I want anyone who is hacking the UK to see us as
the hardest target.”
His comments come in the same week as it
was announced British schoolchildren are to be offered modules in cyber security
as part of the war against hacking.
Officials in government and the utility industry
regularly monitor the grid because it is highly computerized and any
disruptions can have disastrous implications for the country’s medical and
emergency services.
Burlington Electric said in
a statement that the company detected a malware code used in the Grizzly Steppe
operation in a laptop that was not connected to the organization’s grid
systems. The firm said it took immediate action to isolate the laptop and alert
federal authorities.
Friday night, Vermont Gov. Peter Shumlin (D) called on
federal officials “to conduct a full and complete investigation of this
incident and undertake remedies to ensure that this never happens again.”
“Vermonters and all
Americans should be both alarmed and outraged that one of the world’s leading
thugs, Vladimir Putin, has been attempting to hack our electric grid, which we
rely upon to support our quality-of-life, economy, health, and safety,” Shumlin
said in a statement. “This episode should highlight the urgent need for our
federal government to vigorously pursue and put an end to this sort of Russian
meddling.”
Sen. Patrick J. Leahy
(D-Vt.) said he was briefed on the attempts to penetrate the electric grid by
Vermont State Police on Friday evening. “This is beyond hackers having
electronic joy rides — this is now about trying to access utilities to
potentially manipulate the grid and shut it down in the middle of winter,”
Leahy said in a statement. “That is a direct threat to Vermont and we do not
take it lightly.”
Rep. Peter Welch (D-Vt.)
said the attack shows how rampant Russian hacking is. “It’s systemic,
relentless, predatory,” Welch said . “They will hack everywhere, even Vermont,
in pursuit of opportunities to disrupt our country. We must remain vigilant,
which is why I support President Obama’s sanctions against Russia and its
attacks on our country and what it stands for.”
American officials, including one senior administration
official, said they are not yet sure what the intentions of the Russians might
have been. The incursion may have been designed to disrupt the utility’s
operations or as a test to see whether they could penetrate a portion of the
grid.
Officials said that it is unclear when the code entered
the Vermont utility’s computer, and that an investigation will attempt to
determine the timing and nature of the intrusion, as well as whether other
utilities were similarly targeted.
Assuming that the
country was, indeed, responsible for the attack on our nation's democracy, the
answer to the above question should be simple to most Americans. Very, very
wrong indeed. Undermining the democratic rights of a sovereign nation in an
attempt to conduct cyber espionage is a very serious offense, not to mention
far below the standards of moral politics. But in accusing Russia for its
interference in the 2016 Presidential Election, we forget one key point,
Russia didn't hack the election, it hacked the voters. While that may sound
like a minor distinction to some, to others it makes a great deal of difference.
The
DHS and FBI also publicly posted information about the malware Thursday as part
of a joint analysis report,
saying that the Russian military and civilian services’ activity “is part of an
ongoing campaign of cyber-
enabled operations directed at the U.S. government and its citizens.”
enabled operations directed at the U.S. government and its citizens.”
Another senior administration official, who also spoke on
the condition of anonymity to discuss security matters, said in an email that
“by exposing Russian malware” in the joint analysis report, “the administration
sought to alert all network defenders in the United States and abroad to this
malicious activity to better secure their networks and defend against Russian
malicious cyber activity.”
According to the report by the FBI and DHS, the hackers
involved in the Russian operation used fraudulent emails that tricked their
recipients into revealing passwords.
Russian hackers, U.S. intelligence agencies say, earlier
obtained a raft of internal emails from the Democratic National Committee,
which were later released by WikiLeaks during this year’s presidential
campaign.
President-elect Donald Trump has repeatedly questioned
the veracity of U.S. intelligence pointing to Russia’s responsibility for hacks
in the run-up to the Nov. 8 election. He also has spoken highly of Russian
President Vladimir Putin, despite President Obama’s suggestion that the
approval for hacking came from the highest levels of the Kremlin.
Trump spokesman Sean Spicer said it would be “highly
inappropriate to comment” on the incident given the fact that Spicer has not
been briefed by federal authorities at this point.
Obama has been criticized by lawmakers from both parties
for not retaliating against Russia before the election. But officials said the
president was concerned that U.S. countermeasures could prompt a wider effort
by Moscow to disrupt the counting of votes on Election Day, potentially leading
to a wider conflict.
Officials said Obama also was concerned that taking
retaliatory action before the election would be perceived as an effort to help
the campaign of Democratic presidential nominee Hillary Clinton.
On Thursday, when Obama announced new economic measures
against Russia and the expulsion of 35 Russian officials from the United States
in retaliation for what he said was a deliberate attempt to interfere with the
election, Trump told reporters, “It’s time for our country to move on to bigger
and better things.”
Trump has agreed to meet with U.S. intelligence officials
next week to discuss allegations surrounding Russia’s online activity.
Russia has been accused in the past of launching a
cyberattack on Ukraine’s electrical grid, something it has denied.
Cybersecurity experts say a hack in December 2015 destabilized Kiev’s power
grid, causing a blackout in part of the Ukrainian capital. On Thursday,
Ukrainian President Petro Poroshenko accused Russia of waging a hacking war on
his country that has entailed 6,500 attacks against Ukrainian state
institutions over the past two months.
Since at least 2009, U.S. authorities have tracked
efforts by China, Russia and other countries to implant malicious software
inside computers used by U.S. utilities. It is unclear if the code used in
those earlier attacks was similar to what was found in the Vermont case. In
November 2014, for example, federal authorities reported that a Russian malware
known as BlackEnergy had been detected in the software controlling electric
turbines in the United States.
The Russian Embassy did not immediately respond to a
request for comment. Representatives for the Energy Department and DHS declined
to comment Friday.
"The DHS statement is a restatement of already
known public information, a series of technical indicators that are intended
for use by cybersecurity professionals in finding and remediating APT28 malware
on private sector networks, and some generic advice for companies as to how to
improve their network security," said Matt Tait, founder of the U.K.-based
security consultancy Capital Alpha Security.
APT28 refers to one of the hacking groups
affiliated with Russian intelligence believed to have infiltrated the DNC.
The U.S. report, known as a “Joint Analysis Report”
or JAR, refers to the Russian hacking campaign as “Grizzly Steppe.”
It comes as part of a slate of retaliatory measures against Russia
issued Thursday by the Obama administration in response to the hacks, and
expands on a joint statement issued by the two agencies in October, formally
attributing the attacks to Russia.
In the October statement, officials described the
the hacks and subsequent publication of stolen emails on WikiLeaks as an
attempt to “interfere” with the U.S. election that is “consistent with the
Russian-directed efforts,” but provided no evidence to support their
assessment.
President-elect Donald
Trump has denied that Russia was involved in the hacks, and
Obama has been under pressure to provide proof.
It's unclear whether Thursday's report will satisfy
critics. The administration is in the process of preparing a more detailed
classified review of Russian interference, to be delivered to Congress before
Trump takes office on Jan. 20.
"That this document doesn't engage with the
question of attribution seems, to me, to be quite deliberate," Tait noted.
"It's purpose is to act as a measure against Russia (by adding a U.S.
stamp of approval to private sector information, and making life harder for
APT28 by exposing some of their malware), not to persuade the public that the
DNC hack was by Russia."
1.5M Unpatched WordPress Sites Hacked
Experts
say that the attackers have taken a liking to content-injection vulnerability
that is disclosed last week which is patched in WordPress 4.7.2. It has been
exploited to used to deface 1.5M sites so far.
This issue has evolved into “one of the known worst
WordPress related vulnerabilities to come up in some time,” researchers
at WordFence, a Seattle-based firm that makes WordPress security plugins, said
on Thursday.
WordPress has silently patched this issue.
An unauthenticated privilege escalation vulnerability in the REST API endpoint,
which is when it pushed version 4.7.2 on Jan. 26. A core developer with in
the CMS said the following week that they waited to disclose this vulnerability
to ensure that millions of more sites could deploy this update. WordPress has a
feature which automatically updates the CMS on the majority number of sites,
but some users choose not to use it and test updates before applying them.
Mark
Maunder, the WordFence’s Chief Executive Officer, said that researchers have
seen the biggest spike in attacks on this Tuesday when the company has blocked
roughly 13,000 attacks from campaigns which are 20 and different.
The reason for the influx,
Maunder said, is because at the beginning of the week attackers refined their
attacks to bypass a rule that WordFence and other companies had implemented.
While WordFence was quick to engineer a new rule to prevent the bypass,
attackers were still able to succeed in infecting a slew of sites–more
than 800,000 over a 48-hour period from Tuesday to Wednesday–he said.
In some instances, hackers
are competing to compromise sites that haven’t yet applied the fix. WordFence
researchers claim they’ve come across some sites where multiple hackers attempt
to take credit on multiple pages for hacking them. The defacing and re-defacing
will likely continue until those sites apply the 4.7.2 fix, Maunder says.
Anonymous Hackers Took down over 10,000 Dark Web Sites
Dark Web is right now going through a very rough time.
Just two days ago, a hacker group affiliated with Anonymous broke into the servers of Freedom Hosting II and took down more than 10,000 Tor-based .onion dark websites with an alarming announcement to its visitors, which said:
"Hello, Freedom Hosting II, you have been hacked."
Freedom Hosting II is the single largest host of underground websites accessible only through Tor anonymising browser that hosts somewhere between 15 and 20 percent of all sites on the Dark Web, anonymity and privacy researcher Sarah Jamie Lewis estimated.
Just two days ago, a hacker group affiliated with Anonymous broke into the servers of Freedom Hosting II and took down more than 10,000 Tor-based .onion dark websites with an alarming announcement to its visitors, which said:
"Hello, Freedom Hosting II, you have been hacked."
Freedom Hosting II is the single largest host of underground websites accessible only through Tor anonymising browser that hosts somewhere between 15 and 20 percent of all sites on the Dark Web, anonymity and privacy researcher Sarah Jamie Lewis estimated.
Besides defacing all Dark Web sites hosted on Freedom Hosting II with the same message and stealing its database, the hackers also demanded a ransom for 0.1 Bitcoin (just over $100) to return the compromised data to the hosting service.
Now, it has been reported that the stolen database from Freedom Hosting II has publicly been released online to a site hosted on the Tor network, which includes the email details of nearly 381,000 users, 'Have I Been Pwned' tweeted.
According to the Anonymous hackers, more than 50 percent of all files hosted on Freedom Hosting II servers were related to child pornography.
Those illegal websites were using gigabytes of data when Freedom Hosting II officially allows no more than 256MB per site, the Anonymous hacker claimed.
In addition to dark sites user details, the data dump also contains backups of website database, most of which are based on popular, free, open source content management systems and forums like WordPress and PHPBB.
In an interview with Motherboard, an Anonymous hacker who claimed responsibility for the hack said this was his first hack ever, and he never intended to take down the hosting provider.
But when he allegedly discovered several large child pornography websites using more than Freedom Hosting II's stated allowance, he decided to take down the service. The hacker claimed to have downloaded 74GB of files and a users database dump of 2.3GB.
Lewis has been analyzing the leaked data and reported that the database contains Dark Web users' numerous plain text emails, usernames, and hashed passwords from forum websites hosted by Freedom Hosting II.
While it's bad news for users who joined one of those forums providing their genuine personal details, law enforcement would be happy, as in a separate case, the FBI used location-tracking malware to infiltrate Dark Web porn sites and track individual users.
Apple Going to Start New Company In Bangalore, India
Tech companies to
meet on legal challenge to Trump immigration order
fter months of negotiations, Apple
is set to start manufacturing iPhones in the Indian tech hub Bangalore, a
government official says.
The state of Karnataka, where Bangalore is located,
has reached an agreement in principle with
Apple said Priyank Kharge, the state's information
technology minister.
Kharge told CNNMoney on Friday
that iPhone assembly could start as soon as April at a plant on the outskirts
of Bangalore. The plant will be operated by Wistron, an Apple supplier that's headquartered
in Taiwan.
Apple would neither confirm
nor deny the Indian official's remarks. The company said in a statement last
week that it has been talking to the Indian government about "expanding" its local
operations
.
The U.S. tech giant currently sells iPhones and
other products in India through local distributors, but it lags far behind Samsung and Chinese brands such as Xiaomi, Oppo and Lenovo in
terms of market share.
Apple has been hampered by a
rule that prevented it from opening its own retail stores in the country.
Foreign retailers can only sell products if 30% of the raw materials used to
make them are sourced locally. The Bangalore manufacturing unit could pave the
way for the first Apple stores in India.
Setting up a new plant in India would also be at
odds with President Trump's call for American companies to create manufacturing
jobs at home. But it looks like Apple has decided India's rapidly ballooning
smartphone market is too tempting to resist.
The South Asian nation
currently has more than 300 million smartphone users, and is poised to overtake
the U.S. as the world's second largest market for the devices this year.
The government said discussions are on with Apple for collaborations in other areas too. It did not specify what these areas are, but the government is said to be pushing for manufacture of some phone components too, so as to create a manufacturing ecosystem in the city.
In May, Apple had announced a design and development accelerator in the city to grow the iOS developer community and also guide Indian developers to leverage Apple's programming language Swift and build apps for Apple TV and Apple Watch.
"We made concerted efforts to reach out to Apple directly. We want to create a conducive environment for global majors like Apple so that we emerge as their preferred partner in their India growth story," Kharge told TOI. Gujarat, Maharasthra and Telangana too were competing for the Apple facility.
Apple uses a fairly complex supply chain. The parts for the iPhone, iPad, iPod and Mac are manufactured, mostly by third parties, across 28 countries. It has 766 suppliers, of which 346 are based in China, 126 in Japan, and 69 in the US. There is one in India, a unit of Flextronics in Sriperumbudur in Tamil Nadu.
Tech companies to meet on legal challenge to Trump immigration order
A group of technology companies plans to meet on Tuesday
to discuss filing an amicus brief in support of a lawsuit challenging U.S.
President Donald Trump's order restricting immigration from seven
Muslim-majority countries, said a spokesperson for a company organizing the
gathering.
The meeting is being called together by GitHub, which
makes software development tools.
Alphabet Inc's Google, Airbnb Inc and Netflix Inc are among
the companies invited, a separate person familiar with the situation said.
The Trump administration says the rules will increase national safety and are
well within its powers.
Spokespeople for Box and AdRoll said they would attend the
meeting. An Etsy spokeswoman said the company received Github's invite but
could not confirm if it would move forward with the group.
Ed Black of the Computer &
Communications Industry Association said that the "hasty executive order
is unlikely to achieve the desired goal and instead damages the principles that
make this country a place immigrants aspire to work."
Gary Shapiro of the Consumer
Technology Association said that "blocking access en masse of employees of
US companies who are lawful visa and green card holders based on religion or
national origin raises constitutional issues, hurts our nation -- both morally
and economically -- and runs counter to our country's longstanding values."
Toshiba prepares to unveil nuclear hole, other perils threaten
[TOKYO]
Toshiba Corp will on Tuesday detail a writedown of close to $6 billion after
bruising cost overruns at its US nuclear arm, turning investor attention to the
Japanese group's efforts to fix that and other balance sheet headaches.
The
TVs-to-construction conglomerate warned of a potential multi-billion dollar
nuclear writedown in December, a year after a US$1.3 billion accounting
scandal.
The TVs-to-construction conglomerate warned of a
potential multi-billion dollar nuclear writedown in December, a year after a
$1.3 billion accounting scandal.
Sources familiar with the matter say the final
charge, to be detailed alongside quarterly earnings, will be as high as 700
billion yen ($6.2 billion), a sum which alone would wipe out the company's
shareholder equity.
Toshiba, which has seen its market value almost
halve since the prospect of a writedown emerged in December, is also expected
to outline the prospects for its nuclear arm and update investors on efforts to
raise capital, including through the sale of a stake in its flagship memory
chips business.
"The question for Toshiba is how is it going
to move forward," said Masahiko Ishino, analyst at Tokai Tokyo Research
Center.
He added Toshiba would need to show how it could
stay competitive in the cash-generating but capital-intensive memory chip
industry, given its battered balance sheet
Very High Changes of Google Removing Torrents from Google Search Engine
Google Search engine will no longer
show results of torrents, they are against piracy, so each and every torrent gonna
be banned from google search engine, which will decrease 90% of piracy.
One of the biggest
downfalls for the entertainment industry is piracy. Time and again production
houses and people from the industry have held search engines such as Google
accountable for the ease in searching for torrents. In its latest effort to
curb the practice, Google has reportedly decided to ban torrent site links from
its search results.
The internet is
flooded with such websites and portals which promote piracy and offer content,
including movies, shows, and music, from which the entertainment industry
earns. When such content is made freely available to users, it in turn impacts
the revenue of the industry and is also in violation of the copyright and intellectual
property rights of those behind the creation of the content. While there are
trove of such websites, it is believed that through search engines such as
Google, these websites are easily discoverable, thereby promoting piracy.
Every year the
industry loses billions owing to online piracy. Game of Thrones, which is one
of the most popular and widely watched HBO original series, has been recorded
as the most illegally downloaded show for the fifth consecutive year in 2016.
As the series is originally telecast over the weeks, given the gripping nature
of the storyline, viewers find it difficult to hold their patience and hence
move to alternative sources to download it illegally and watch it.
Piracy will not just end
Even though google
stops piracy, there are many more search engines all over the web, not everyone
will stop torrents, so when google stops showing torrents in search results
other search engines standards will increase gradually in search of torrents.
As per the report, UK
wants the Bill to come into effect from June 1, this year. Buscombe also said
that the search engines involved in this work “have been very co-operative,
making changes to their algorithms and processes, but also working bilaterally
with creative industry representatives to explore the options for new
interventions and how existing processes might be streamline”.
Conclusion:
It’s not Finalized
yet, decision’s still pending. Even though this is not going to happen fast,
but will happen eventually. Even though you don’t find torrents on search
engine, you can still visit them by directly going to website
Subscribe to:
Posts
(
Atom
)