Blog

  • Lucy Parsons: Never be deceived...

    posted by Keito
    2012-09-29 17:56:05
  • The Looming Revolt

    posted by Keito
    2012-09-29 17:49:32
  • Major banks hit with biggest cyberattacks in history

    posted by Keito
    2012-09-29 16:57:00
    'There's a good chance your bank's website was attacked over the past week.

    Since Sept. 19, the websites of Bank of America (BAC, Fortune 500), JPMorgan Chase (JPM, Fortune 500), Wells Fargo (WFC, Fortune 500), U.S. Bank (USB, Fortune 500) and PNC Bank have all suffered day-long slowdowns and been sporadically unreachable for many customers. The attackers, who took aim at Bank of America first, went after their targets in sequence. Thursday's victim, PNC's website, was inaccessible at the time this article was published.

    Security experts say the outages stem from one of the biggest cyberattacks they've ever seen. These "denial of service" attacks -- huge amounts of traffic directed at a website to make it crash -- were the largest ever recorded by a wide margin, according to two researchers.

    Banks get hit by cyberattackers all the time and typically have some of the best defenses against them. This time, they were outgunned.

    "The volume of traffic sent to these sites is frankly unprecedented," said Dmitri Alperovitch, co-founder of CrowdStrike, a security firm that has been investigating the attacks. "It's 10 to 20 times the volume that we normally see, and twice the previous record for a denial of service attack."

    To carry out the cyberattacks, the attackers got hold of thousands of high-powered application servers and pointed them all at the targeted banks. That overwhelmed Bank of America and Chase's Web servers on Sept. 19, Wells Fargo and U.S. Bank on Wednesday and PNC on Thursday. Fred Solomon, a spokesman for PNC, confirmed that a high volume of traffic on Thursday was affecting users' ability to access the website, but he declined to go into more detail.

    Denial of service attacks are an effective but unsophisticated tool that doesn't involve any actual hacking. No data was stolen from the banks, and their transactional systems -- like their ATM networks -- remained unaffected. The aim of the attacks was simply to temporarily knock down the banks' public-facing websites.

    To get hold of all the servers necessary to launch such huge attacks, the organizers needed to plan for months, Alperovitch said. The servers had to be compromised and linked together into a network called a "botnet."

    That level of pre-planning is a deviation from the kinds of denial of service attacks launched at banks in the past by so-called "hacktivists." Typically, hacktivists use home PCs infected with malware to amass their botnets. Attacks on this scale would be impossible to carry out with home PCs -- users too frequently turn them off or disconnect them from the Internet.

    The Islamist group Izz ad-Din al-Qassam Cyber Fighters publicly claimed responsibility for the attacks in what it called "Operation Ababil", but researchers are divided about how seriously to take their claims. The group has launched attacks in the past, but those have been far less coordinated than the recent batch.

    Sen. Joe Lieberman, an Independent from Connecticut, said in a C-SPAN interview on Wednesday that he believed the attacks were launched by Iran.

    "I don't believe these were just hackers who were skilled enough to cause disruption of the websites," he said. "I think this was done by Iran ... and I believe it was a response to the increasingly strong economic sanctions that the United States and our European allies have put on Iranian financial institutions."

    A call requesting comment from the Department of Homeland Security's cybersecurity office was not immediately returned.

    A cybersecurity firm following the attacks also expressed doubt about the connections between the Cyber Fighters and the bank attacks. On social networks and chat forums, the group urged its followers to use a mobile "low orbit ion cannon" -- a software tool typically used by Anonymous and other hacktivist groups to direct a massive flood of traffic at a targeted site.

    That tool was not used in the attack, according to Ronen Kenig, director of security products at network security firm Radware.

    "Supporters of this group didn't join in the attack at all, or they joined in but didn't use that tool," said Kenig. "The attack used a botnet instead." He doesn't think the Cyber Fighters would have access to a botnet as advanced as the one used by the attackers.

    But CrowdStrike's Alperovitch said he is "quite confident" the perpetrator was the Izz ad-Din al-Qassam Cyber Fighters, since they announced each attack well before it was carried out, and the attack wasn't that sophisticated -- it just took significant planning. PNC was the last target on the lists the Cyber Fighters have circulated, but more attacks could still be coming.

    Both researchers agree that the controversial anti-Muslim YouTube video was not the initial impetus for the attacks, as the Cyber Fighters claimed in messages recruiting volunteers to join in. Before the video was even released, the group claimed responsibility for similar attacks.

    "The video is simply an excuse," Alperovitch said. "It's a red herring."'


    http://money.cnn.com/2012/09/27/technology/bank-cyberattacks/
  • The photo that speaks a thousand words...

    posted by Keito
    2012-09-18 20:44:35
  • Malware inserted on PC production lines, says study

    posted by Keito
    2012-09-13 19:44:47
    'Cybercriminals have opened a new front in their battle to infect computers with malware - PC production lines.

    Several new computers have been found carrying malware installed in the factory, suggests a Microsoft study.

    One virus called Nitol found by Microsoft steals personal details to help criminals plunder online bank accounts.

    Microsoft won permission from a US court to tackle the network of hijacked PCs made from Nitol-infected computers.

    ---Domain game---

    In a report detailing its work to disrupt the Nitol botnet, Microsoft said the criminals behind the malicious program had exploited insecure supply chains to get viruses installed as PCs were being built.

    The viruses were discovered when Microsoft digital crime investigators bought 20 PCs, 10 desktops and 10 laptops from different cities in China.

    Four of the computers were infected with malicious programs even though they were fresh from the factory.

    Microsoft set up and ran Operation b70 to investigate and found that the four viruses were included in counterfeit software some Chinese PC makers were installing on computers.

    Nitol was the most pernicious of the viruses Microsoft caught because, as soon as the computer was turned on, it tried to contact the command and control system set up by Nitol's makers to steal data from infected machines.

    Further investigation revealed that the botnet behind Nitol was being run from a web domain that had been involved in cybercrime since 2008. Also on that domain were 70,000 separate sub-domains used by 500 separate strains of malware to fool victims or steal data.

    "We found malware capable of remotely turning on an infected computer's microphone and video camera, potentially giving a cybercriminal eyes and ears into a victim's home or business," said Richard Boscovich, a lawyer in Microsoft's digital crimes unit in a blogpost.

    A US court has now given Microsoft permission to seize control of the web domain, 3322.org, which it claims is involved with the Nitol infections. This will allow it to filter out legitimate data and block traffic stolen by the viruses.

    Peng Yong, the Chinese owner of the 3322.org domain, told the AP news agency that he knew nothing about Microsoft's legal action and said his company had a "zero tolerance" attitude towards illegal activity on the domain.

    "Our policy unequivocally opposes the use of any of our domain names for malicious purposes," Peng told AP.

    However, he added, the sheer number of users it had to police meant it could not be sure that all activity was legitimate.

    "We currently have 2.85 million domain names and cannot exclude that individual users might be using domain names for malicious purposes," he said.'

    http://www.bbc.co.uk/news/technology-19585433