Blog: 2013 Ekoparty Security Conference

The Ekoparty Security Conference 2013 took place in the beautiful city of Buenos Aires (Argentina), from 25 to 27 September, this event, the most important conference on security in Latin America, is now in its ninth year and 1,500 people attended. The slogan of this year's Conference was that Somebody's watching.

Like every year, the event took place at the Konex, a cultural complex created from a plant and the oil tank used from 1920 to 1992, which gives it a unique atmosphere for hosting the event.

As Defcon and other security events, presentations cover a wide variety of topics and discussions, Ekoparty is a forum where many security professionals have diverse research and development in computer security.

Before the event, there are some training courses for companies and professionals of security, with the content in connection with the defensive security, Digital Forensics, analysis of Malware or Pentesting - among other topics. At this time, I had the opportunity to present the training implementation threat Intelligence in organizations, the implementation of monitoring strategies, detection and defence. It was attended by the staff of Bank security, e-commerce companies and Government.

The first day begins with a panel discussion on the State of cyber-attacks and cyber-defense in Latin America, with the participation of regional experts on this subject. The evening there were workshops with all auditoriums filled to maximum capacity. I presented the intelligence OSINT script workshop.

As with any security event, Ekoparty has its competition for CTF (Capture The Flag), but on this occasion, it has a component particular that make it different from others. In this case, the competition was based on scenarios of attack and defence in which the participants have not only earned points by capturing a flag, they could also lose points by not being able to defend themselves, or when several teams attack. In addition, a team could transfer points to another team, which turned into a strategy very interesting game.

On the second day that the presentations of the Conference began. All were very interesting and with a lot of content and research, so I will speak on some of them.

Corey present Kallenberg nene signed execution of the BIOS. He talked about how a system BIOS can be compromised beyond the protection of manufacturers. Later Harri Hursti this Vote early and vote often, his speech was very interesting because at that time many countries have already implemented electronic voting systems and others are testing prototypes for their deployment.

He showed a series of vulnerabilities in these systems, which could allow unauthorized access to display the results, the manipulation of information, or even the violation of the privacy of citizens. It has even shown the possibility that it was possible to generate attacks denial of Service against these systems, preventing people from voting.

Also the second day, Francisco Falc n and Nahuel Riva of Core Security has made the presentation do you know who is watching you?: a thorough review of the attack surface of IP cameras. They showed some of the vulnerabilities of web cameras from leading manufacturers and showed us the prospect of people choosing poorly how many times implemented solutions which may become a risk to the security and confidentiality.

Corey Kallenberg made a presentation, BIOS Chronomancy, how a system BIOS can be committed by malware persisted on some computers, compromising systems beyond the operating system and applications.

Finally, to close the event, Carlos Penagos and Lucas Apa of IOActive has presented an interesting talk, compromising industrial facilities 40 Miles Away, vulnerabilities in wireless with industrial SCADA systems sensors read, and inject data in these devices using radio frequency (RF) transceivers in a 65 km radius. In addition, they presented a POC in a simulator on how an attacker could manipulate the temperature of these sensors, causing a disaster in increasing or decreasing the temperature.

As with all major security events, we had good discussions and we have learned the news of the search for our colleagues. But Ekopary has a Latino flavor that makes it different. It was a great event and you may be interested to attend the next editions. You can really enjoy the city and of course a Asado with colleagues and friends :)

Exploit targeted

In September Microsoft published information about a new Internet Explorer vulnerability – CVE-2013-3893. The vulnerability affects IE versions 6 through 11 for platforms from Windows XP through Windows 8.1. Later in September, the company released a patch closing the vulnerability.

Cybercriminals are happy to exploit such vulnerabilities because they are easy to monetize – the Internet Explorer remains popular.

Top 5 browsers according to http://gs.statcounter.com

This type of vulnerability is very dangerous because it allows the execution of arbitrary code on the target system. In late September, we discovered an exploit for the vulnerability, which uses an attack of the Use After Free type against the Internet Explorer’s HTML rendering engine –mshtml.dll.

We have recently discovered that a modification of the exploit was used in targeted attacks against a number of high-profile organizations in Japan.

The vulnerability is exploited only on those computers which are part of specific subnets of the target organizations’ networks:

Defining subnets in which computers will be attacked

If a computer’s IP address belongs to one of the ranges defined by the cybercriminals, the vulnerability will be exploited after a user visits an infected web page.

The following information is obtained in the first stage of the attack:

Operating system versionInternet Explorer versionLanguage used by the OSWhether Microsoft Office is installed

The exploit selects the appropriate ROP chain and shellcode based on the data obtained in this stage:

Choice of ROP chain and shellcode

It is worth mentioning that the exploit will not work on those Windows 7 systems which do not have Microsoft Office installed.

Checking OS version and whether Microsoft Office is installed

This is because today’s operating systems include mechanisms that make exploiting vulnerabilities more difficult. One of such mechanisms is ASLR (Address Space Layout Randomization). The exploit uses a clever trick to evade the mechanism: it loads a module compiled without ASLR support into the context of the browser process – the hxds.dll library.

Code after executing which hxds.dll is loaded

The library, which is part of the Microsoft Office package, does not support ASLR. It is loaded at known addresses in memory, after which the attackers use the ROP technology to mark the memory containing shellcode as executable.

The following shellcode is executed after the vulnerability has been successfully exploited:

It can be seen in the figure above that the shellcode decrypts its main part using 0x9F as key.

After decryption, the code searches for functions needed to download and launch the payload, finding them by their hashes:

Hashes of the functions used

When the search for the addresses needed is completed, the following activity takes place:

a malicious object named “runrun.exe” is downloaded from the attackers’ server:

Downloading the payload

Since the module downloaded is encrypted, the shellcode reads it from disk and decrypts it using 0x95 as key, after which the decrypted module is launched:

Decrypting the module downloaded

As mentioned above, the targeted attack used only one modification of the exploit for CVE-2013-3893. At the same time, the total number of modifications discovered to date amounts to 21. Attacks using this exploit have mostly been detected in Taiwan:

We have the following information on the servers from which the exploit’s payload has been downloaded:

A brief analysis of one of the payload’s variants (md5 - 1b03e3de1ef3e7135fbf9d5ce7e7ccf6) has shown that the executable module has encrypted data in its resources:

Encrypted data in the payload’s resources

The executable module extracts the data and converts it to a DLL module:

Extracting encrypted data

The DLL created by converting the data extracted from the payload is written to disk using the following path:
TempPath\tmp.dll (md5 - bf891c72e4c29cfbe533756ea5685314).

The library exports the following functions:

Functions exported by tmp.dll

When the library has been written to disk, it is loaded into the process’s address space and the ishk exported function is called:

Calling the ishk exported function

The library itself performs an injection into another process’s address space.

After launching, the malware communicates to a server in South Korea. The following requests are sent from the infected machine:

Requests sent from the infected machine

Kaspersky Lab detects the payload downloaded as Trojan-Dropper.Win32.Injector.jmli.

We detect the exploit as HEUR:Exploit.Script.Generic. 

Cyber course soldiers of Great Britain: he hired warriors to its Cyber working group

Military courses of Britain Cyber-Warriors: MoD to hire hundreds of Cyber geniuses and professionals for their Cyber military units.

British Ministry of defence announced that they are preparing a military team of cyber and welcomed protected more the professionals to join the units as the recruitment process is from October.

The British Government is segment a section of the military budget to develop a cyber-offensive unit by recruiting many cyber hackers, and experts. The announcement was made Sunday by the Secretary of defense of the country, Philip Hammond.

It is for the first time that UK will undergo a cyber-Warriors team official who will be assigned different tasks.

Hammond was reported by AFT saying "In response to the growing threat of cyber, we develop a full-spectrum cyber military capacity, including a strike capability, to improve the military capabilities of the United Kingdom".

The Secretary of defense said that a unit of cyber security simple is not enough scenarios in the cyber world are more offensive and security requirements become complex. In an interview with The Daily Mail, he said:

"We are going to build in Britain a cyber-strike capability so we can hit back in cyberspace against enemies who attack us, featuring cyber alongside the land, sea, air and space as a public military activity." "Our commanders can use cyber weapons alongside conventional weapons in future conflicts."

Hammond also said that this possibility is an excellent for all geniuses Cyber there because it will allow them to use their skills on a larger platform for the good of the nation.

Enchanting a patriotic slogan is a strategic step to attract computer geeks in Cyber army unit. Hammond added that these guards National Cyber will not have to go through tests of territorial fitness for the army. He added that the army of scanning is going to be a major reform.

The plan for the cybernetic unit was declassified by Hammond, when he gave information to reporters. Maintenance or briefing was conducted in the nuclear Bunker of MOD and that makes Hammond, first Secretary to the defence which has been interviewed or photographed it.

"Cyber weapons offer the enticing possibility to paralyze the enemy without inflicting lasting damage on them. No cities to do rebuild, no infrastructure to rebuild. "Hammond said, adding that innovation was quite in tune with the attitudes in the United States. "One of my American colleagues put to me like this: why would you want to bomb the airfield of someone if you could just stop it with a cyber-attack?"

In March this year, the US also announced that they prepare 40 new teams of cyber or units and they have stated that the reason for this decision is cyber-attacks that have been conducted by Iranian and Chinese pirates. General Keith Alexander who heads cyber command of the United States and the NSA officially announced 13 on forty units cyber dedicated solely for the purpose of offensive operations.

After the United States, Israel also announced its fight against Cyber training program a few months ago.

The report by the National Audit Office which was published in February questioned the ability of Britain to launch its own cyber units. The report said that Britain does not have enough Cyber geniuses who would be able to counter cyber attacks that are becoming more and more frequent.

The report also criticized the Government officials that they were not effective or tilted towards the promotion of technology, science and it also experts in education cited saying that it may take us "up to 20 years for the competence of the gap at all levels of education."

Members of the Great Britain also gave a warning message to the Government that they are very vulnerable to cyber attacks because of the reason for which our military depends much on communication cyber systems.

GlobalPost Twitter and site hacked by Syrian electronic army

The hardcore supporters of President Bashar Assad of Syrian electronic army Ul (sea) have hacked Web site the basis of new official Web site of the US Global Post and his Twitter account online.

Reason for hacking GlobalPost was mentioned by hackers in the Tweets sent via the official Twitter account of the site, whereby the GlobalPost found publication of the names of the alleged members of the sea.

Hackers left a message on website and the account Twitter of GlobalPost with a final warning. The message expressed in the following terms:

"Think twice before publishing unreliable information about the Syrian electronic Army (SEA). This time, stop us your Web site and take down your Twitter account, next time that you start to look for new jobs. »

GlobalPost has confirmed that its website and twitter account all the two were briefly hacked for the first time since the company began in January 2009.

The published article, the website and twitter account GlobelPost has been restored. However, the article with the names of the alleged members of sea was still available on the site. "We will delete not news and cover all aspects of ongoing, Syria war" said the GlobalPost.

GlobalPost is an American online news company that focuses on international news based on January 12, 2009.

Last month, I had shared a deep analysis on possible Cyber Armageddon where the sea can paralyze the defense down and the financial system of the United State. Notch of today is a peek on the sea how easily choose target and he hacks without any difficulty.

Syrian electronic army is on the list of terrorist groups of the FBI since September last for hacking US military

 

Israeli defence contractor ISPRA site hacked by AnonGhost

The hacktivist online with the AnonGhost handle was hacked and defaced a site belonging to a base of Israel defense contractor ISPRA Israel Web product Research Co. Ltd. dealing with developing, manufacturing and marketing of non-lethal riot control devices, crowd management, anti terror material gear and the police.

Hacker left a page for as well as a message on the site hacked against the State of Israel and in support of the Palestinian liberation movement. The message expressed in the following terms:

Hack is well known that the contractor is a direct supplier of Israeli Government after a page from the cache of the Israeli Ministry of defence.

Targeted and its mirror site link is available below:

http://www.ispraltd.com/
http://zone-h.org/mirror/ID/20886514

Produces Israel ISPRA Research Co. Ltd. was founded in 1969 is a private company, operating from two sites in Israel in the center of plant and R & D based in Zichron Yaakov of manufacturing, management and sales offices in Herzelia with customers everywhere in the world.

This is not the first time when AnonGhost has hacked an Israeli defense contractor, in past a Provider of Communication, the Israeli army had their website defaced by the same hacker.

At the time of the publication of that article, the site has been restored and work online.

John McAfee: My new Gadget will defeat NSA and protect the privacy of users

John McAfeewho is the founder of the antivirus McAfee said that it will unveil a gadget that would allow internet users protect their activities and private life of the eyes of the NSA spying.

He named the gadget such as D-central and said it will be designed with a cost of less than $ 100. He gave an interview Saturday at the convention center in San Jose McEnery. He said that "this device would be able to communicate with the tablets, Smartphones and other devices, cell phone and will create a chain of decentralized networks""." McAfee said, "because that these networks essentially floating around in the world of the web as private, networks it is almost impossible to nail them down".

During the conversation, McAfee acknowledged the fact that such a device could be used for the purpose of carrying out some wicked activities, but he took any criticism by simply adding "the telephone is used to detrimental effect".

The interview can be viewed on below, taking into account the Youtube link:

McAfee was the subject of some controversy over the period of the last 12 months. He is considered a legend in Silicon Valley because it succeeded in building his own company antivirus in a prominent consulting firm in the industry. However, it was the main suspect of a controversy last year when he was questioned by the authorities in Belize for the shooting of his neighbor. He said in an interview Saturday that he had nothing to do with the murder, and he flew from Belize just to avoid the $ 2 million bribe which he was to pay.

McAfee was the subject of some controversy over the period of the last 12 months. He is considered a legend in Silicon Valley because it succeeded in building his own company antivirus in a prominent consulting firm in the industry. However, it was the main suspect of a controversy last year when he was questioned by the authorities in Belize for the shooting of his neighbor. He said in an interview Saturday that he had nothing to do with the murder, and he flew from Belize just to avoid the $ 2 million bribe which he was to pay.

Keeping all things side, D-Central might be that move the most controversial ever did it. He said that he was brainstorming his mind on this idea for a few years now and has accelerated its efforts to design the gadget after the revelations that were made by Edward Snowden (the former contractor's NSA). Edward Snowden as we all know have escaped many classified information and documents of the NSA spy program. It is quite possible that the US Government may not allow him to sell the gadget in the United States. However, he is not worried about such restriction because he said that it may sell D-Central in many other countries of the world.

McAfee said "It is coming and can not be stopped".

He refused to give any information on this gadget, but a site of tender more information on this subject will be launched in 174 days.

 

U.S. says Iran hacked our marine computers

Some Navy officials said that some hackers of Iran entered computer networks unclassified US navy.

December 6, 2012, I reported that the Navy facing 110 000 cyber attacks every hour. Now, the Wall Street Journal has published a report on 27 September in which they said that the hacks against the United States Navy computers were made by some Iranian hackers. The report did not reveal the names of American officials who have developed such a claim against the Islamic Republic of Iran.

The report further stated that although U.S. Army officials have received a presentation on the recent intrusion, the Pentagon is denying all this hack.The allegation has emerged on the scene in the cyber-world at a time when the Iran itself is an important target of hacker attacks.

The Washington Post in 2012 published a report in which they affirmed that Israel and the USA helped each other to develop a computer virus of flame for spying against the Iran. The report also added that the cooperation to develop the virus was conducted between the CIA and the army of Israel.

The New York Times also published a report in June 2013, where they mentioned that President Barack Obama gave orders to launch a Cyber-attack against the nuclear program of Iran to the point the Stuxnet virus. The paper also added that this virus has been created by the United States through cooperation with Israel intelligence unit.

The malicious software was however detected by experts before Iran it could cause serious damage to the country's industrial site resources.

Attacks, the Iranian Government launched seat of defence which is goal for counter and negate any cyber attacks or to which are designed to damage or steal information from their nuclear facilities, security networks, banks, data centres and power stations.

Attacks, the Iranian Government launched seat of defence which is goal for counter and negate any cyber attacks or to which are designed to damage or steal information from their nuclear facilities, security networks, banks, data centres and power stations.

Website of Ministry of Agriculture in the United States remaining after 1st stop of the Government

The official website of the United States Department of Agriculture (USDA) http://www.usda.gov/fundinglapse.htm has been turned off until further notice by the Government said United. It is not a kind of cyber-attack, but a measure taken following judgment given by the Government.

At the moment the site displays a message explaining the reason to pick up the site. The message is expressed in the following terms:

Because of the lapse in funding from the federal Government, this site is not available. We sincerely regret the inconvenience. After funding has been restored, please allow some time this website become available.

To see more on the United States Department of the Agriculture Agency Contingency plans, click here.

In American politics, a decision of the Government is a situation in which the Government ceases to provide all but "essential" services In general, federal services which continue despite a judgment include the National Weather Service and its parent agencies, medical services at federal facilities, the postal service, armed forces, air traffic management and corrections (the penal system). A judgment of Government is similar to a lock-out in the private sector.

Effects:

A closure of Federal causes a large number of federal employees to be placed on leave. The military and key employees are not put on leave, but may not be paid as scheduled.

At the time of publishing this article of United States Department of Agriculture (USDA) website has been down.

Ad more instead of AdBlock Plus

This is one of those scenarios in which the user seeks protection but only discovered problems. Sergio de los Santos, a friend of mine, has shared with me a link to a fake App that pretends to be AdBlock Plus, the well known and useful application that many users have in their web browser. At the time of downloading, the application has been active in the game Google and all those which are downloaded instead of the application of blocking unwanted on their web browser, received more accurate opposite ads and more problems related to the confidentiality of the data.

I say this because its code analysis, could point out that it is actually an adware. Kaspersky Anti-virus detects as Hour: AdWare.AndroidOS.Starsys.b

But what exactly does this do malicious application, once installed on the victim s device? The answer is that he made many things, among which are:

android.permission.READ_LOGS (read archive of your device logs, which include sensitive personal data of the user)
android.permission.BLUETOOTH (interacts with the bluetooth configuration to be able to edit it and allow incoming connections from other devices that are in the s Protocol reach)
android.permission.INTERNET (provides applications need access to Internet)
android.permission.RECEIVE_SMS (interacts with SMS messages, reads them and can even remove them without the consent of the victim s)
android.permission.READ_CONTACTS (has access to all contacts in your diary)

Adware is monetized by RevMob https://www.revmobmobileadnetwork.com
The same RevMob page explains how it works:

A simple and effective ad unit prompts the user to download a free application. You get paid for clicks and installs. ?

It comes from the use, that Adblock Plus creators have reserved this fake App. Fortunately, of that writing this post, the $ $ malicious app had already been removed.

Declassified Documents show NSA spied on Martin Luther King Jr., Muhammad Ali and Art Buchwald to be critical of the war

A declassified NSA document reveals that the Agency spied on communications of Muhammad Ali, Art Buchwald and MLK.

During the middle of the protest against the Viet Nam war, NSA has done some spying activities. Some classified NSA documents have been show this Wednesday declassified as they revealed that the NSA agents tapped communications overseas who were current among some critics of the war. The names include Muhammad Ali, Senator Frank Church and Martin Luther King Jr. It also includes the name of the Washington Post humor columnist i.e. Art Buchwald.

During the middle of the protest against the Viet Nam war, NSA has done some spying activities. Some of the declassified NSA classified documents as they were revealed Wednesday show that officials of the NSA on interception of communications that were underway overseas between critics of the war. The names include Muhammad Ali, Senator Frank Church and Martin Luther King Jr. It also includes the name of the Washington Post humor columnist i.e. Art Buchwald

According to the documents, Howard Baker, another Senator, who was among the supporter of the war was also included in the list of targets to be subjected to monitoring. Surveillance includes communications overseas through telephone calls, traffic of cable and telex. The list, which includes almost 1600 names remained active in the period from 1967 to 1973.

Is no hidden fact that the Government was spying on the obvious war protesters and proponents of civil rights since the 1960s and 1970s. However, this last revelation of the secret history of the NSA, which has been released by the national security Archives has opened new chapters of NSA respect the communications of Americans. Well it really happened for some time.

Is no hidden fact that the Government was spying on the obvious war protesters and proponents of civil rights since the 1960s and 1970s. However, this last revelation of the secret history of the NSA, which has been released by the national security Archives has opened new chapters of NSA respect the communications of Americans. Well it really happened for some time.

The country burned in flames in 1967 as written in the notes of the internal history of the NSA. Johnson was taking steps to make sure if the nationwide protest that raged against the war was financed by an external force. The army and the CIA initially showed concerns about reservations expressed by the President and the FBI has prepared a list of names for this purpose. Listen job has been given to the NSA and he nicknamed the Minaret of the program in 1969.

Documents that have been revealed this Wednesday gave 7 names that includes Larry King and his compatriot Whitney Young who was a civil rights leader, Muhammad Ali, boxing legislators Baker champion and the Church, a columnist for the New York Times Tom Wicker and Buchwald.

Matthew M. Aid, who is a historian of the analyst and deals with the study of the history of NSA intelligence has said that "it has no knowledge on why Artie Buchwald and Tom Wicker were there in the list."

According to documents, counsel of the NSA, who later went on to examine the program says that people who have been involved in the list appear to have an idea that the program was disreputable.

According to William Burr and aid, Buchwald, at that time wrote some very scathing columns in the Viet Nam war-related. One of the columns by Buchwald suggested it had cost about 332,000 US dollars for killing a single soldier. He argued in the column that he would have been less expensive and effective if the Government would have offered Cong defectors, a House with a value of $ 25000, a television and education of children.

The aid is of the column was not sufficient to give NSA the right to Buchwald on the list.

 

India heavily touted by NSA, collected highly confidential Internet and data phone

Among the list of those countries which are considered a top target by the NSA's monitoring program, India has-beens up there in that list for collecting internet and telephone data.

The list of those countries which are being spied by the NSA under their surveillance program, India is in the fifth place as a huge amount of internet and telephonic data has been collected from it over the span of last 30 days.

It is again the whistle blower Edward Snowden, a former official of the NSA program, who has given some confidential documents to an Indian newspaper with details about the intelligence activities that the USA has been conducting in India. The documents says that two different programs are being run for this purpose. One of the program is known Boundless Informant which keeps a track on the number of email and calls that have been collected by the agency.

The other program is named as PRISM which involves the interception and collection of actual data from various networks. Where boundless program has been active in collecting the data related to emails and phone calls, the PRISM program has been gathering information related to non-terrorism issues through web-services and programs such as Facebook, YouTube, Microsoft and Google.

When a spokesman of the intelligence agency of the USA was asked by an Indian newspaper that why a friendly nation like Indian has been subjected to such a massive surveillance, he replied that USA will respond to all its allies and partners through diplomatic channels. We are not going to publicly how it all the specific intelligence activities carried out NSA, and the USA has already declared its policy that we only gather information which is normally gathered by intelligence agencies of all the countries. The spokesman gave no. reply was asked that how have they managed to collect pieces of data totaling around 13.5 trillion, and have they established any sort of cooperation with the telecom companies in India.

However the higher officials in India have been denying these revelations of the document that was provided to the Indian newspaper. Salman Khurshid who is the Minister for External Affairs went on to defend the surveillance program of the NSA by giving the statement that "snooping is not what they do". On the other hand, the documents that have been received stated that the Boundless informing program not only keeps a track of the calls and the emails aim also uses such data to give out summaries to the managers of the secret agency, and this forms the basis of the operations of this intelligence agency.

All internet the related data such as emails and the telephonic data of calls is stored in an archive of the NSA which is called as GM-PLACE.

Experts say that gathering metadata is quite a serious business and this data can be used to construct detailed information of professional and private activities of individual year. This Metadata basically involves the phone numbers of both the caller and the recipient, the serial numbers of all the phones that are involved, the call duration, and the location of both the container and the caller. The same is the case when it comes to metadata in the form of emails. The metadata is contained is around 6.2 trillion in just 30 days which means that NSA has been collecting information of around millions of messages, emails and calls from India on a daily basis.

The classified and highly confidential document which has been obtained by an Indian newspaper also reveals that the Boundless Informant program of NSA is basically a tool which they utilize for their Global Access Operations. The motto of this program is that "The Mission Never sleeps". The document also signifies towards the ability of the tool to present a huge amount of data through charts and maps without any human intervention. It is the DNR and the DNI record metadata which is basically used to gather such a huge amount of information from both the internet and through intercepting telephonic communications.

The GAO's map presentations that have been revealed in the document have shown that India has been quite extensively targeted by the NSA surveillance program, and especially in March when they have gathered a huge amount of data.

All the BRICS nations that include Brazil, Russia, India and China have been extensively targeted under the surveillance program.

Internet the monitoring reports which have been s the heat maps of the classified documents show that Iran is the country from which the largest amount of intelligence has been gathered. At number 2 spot has-beens Pakistan. Jordan and Egypt stands at the 3rd and 4th spot while India stands at fifth spot with 6.3 trillion information pieces in just 30 days.

The outcome of this monitoring program was raised by India on 24th June when John Kerry, the State Secretary of USA, visited New Delhi for strategic dialogues. However the New Delhi officials were quite inclined towards accepting the statement that the secretary gave when he said that, no. information has been extracted gold received through email.

It is a fact that Boundless Informant collects and intercepts information, but the classified document which was received by the Indian newspaper suggests that the NSA tool not only focuses on such collection, but also categorizes the information, records it and retrieves it. This information is used by the intelligence agents to construct and abstract the identities of people and to track them down.

Because the metadata record that is collected by NSA is readable thorough machine, it makes it easily searchable and is used for vast scale monitoring as it contains email logs, telephone records, websites visited etc. This means that all the data is available to the agents for tracking people and that too without any court order or warrant. Gathering metadata is considered by many human rights organizations as a big violation of privacy of an individual. The metadata that is collected can be processed to know a great deal about any individual. Putting all the social media interactions and the phone records together can enable to keep a track on the movements of an individual, with whom he/she interacts and what runs their lives.

U.S. Senator asks if the FBI can get iPhone 5 s fingerprint data via the Patriot Act

Since the Senator. Al - Franken became a part of the United States Senate, he was the President of the judiciary Senate Subcommittee which deals with issues related to privacy, technology and the law. It was very clear in its position, which was to raise and address issues related to monitoring and technology which he feels are unfair, a bad or merely questionable for any reason any.

The launch of new iPhone 5 s Apple featuring the fingerprint scanning technology has made the Senator. Franken aware that a question needs to be asked here. He wrote a letter to the CEO of Apple, Tim Cook in him asking to give a rationale for the integration of these technologies.

He wrote that passwords are more dynamic and more secret, while fingerprints are permanent and public. No one can know your password unless you tell them, and where it is hacked, you can change at your disposal several times. On the other hand, fingerprints fingerprint cannot be changed and you have only ten to use. You leave your fingerprints when you touch something, and this makes it quite public and subject to be determined. He also adds that if an attacker gets your thumbprint, they can easily make your identity and can use it against you.

Well Mr Franken is not the only one here who is concerned by the question of the fingerprint, as some people have respected a premium of approximately 16000 US Dollars for the hacker who can enter the ID of contact for the new edition of Apple.

Some other specific questions were also asked in the letter:

1: Is the fingerprint data recorded in the convertible aircraft Visual or digital format to be used by a third party?

2: The fingerprint data is accessible through the iPhone? If yes than if this access can be done remotely, or only through physical access?

3: According to the intelligence of the right of United States, the FBI can ask for any tangible material such as books, records, documents or other items where they consider this data to be used in a counter-intelligence investigation. The issue here is that if Apple determines that the fingerprint data as a tangible element according to the guidelines of the USA Patriot Act?

Well the issues will be addressed under different forums but the Patriot Act does not seem to come into play, because Apple does not use the cloud to store the fingerprint data.

 

Fake ad tricks 'Waterproof IPhone' users in iOS7 update and destroy their smartphones

Yesterday I updated you with New York police activity where it was found a campaign, asking users to update their iPhone and iPad to newly released iOS7.

An announcement is now gone viral, asking Apple users to update their iPhone iOS newly released 7 to make their devices fully waterproof, but according to reports, the ad is false and prompting users to break their phones.

The announcement is spreading across the social networking sites that looks pretty catchy and closing to Apple's type of marketing.

Here is how the advertisement misled Apple users:

"Update to iOS 7 and become impervious to water" says announcement (see below) explaining that "' in an emergency, a smart switch will cut phone power and matching components to avoid damage to the delicate circuitry of your iPhone." "

Those who fall for the trick are updating their devices and ending with broken gadgets. Some abuse of the unknown for urging an update.

Here is a screenshot of what say the people on Twitter about the issue:

Apple says that, after the release of its new update, more than 200 million users have already upgraded to iOS 7. However, from now it does not say a word about the false announcement.

Call a conspiracy theory or the misuse of technology, there is something fishy on the new iOS software 7 update also just a couple of days NYPD found encouraging people to to update their iPhone and iPad iOS 7.

Apple reportedly admits: iPhone 5 s Fingerprint Database to be shared with NSA

The report which follows was taken from a source of independent information, the original report is available @ National report. We at HackRead do not take responsibility for the authenticity of this news.

As technology becomes more sophisticated and more, users are increasingly concerned about their privacy problem. They want their gadgets to be sure any kind of bug or breakage that can violate their privacy or imposes certain responsibilities.

With regard to the sharing of fingerprints issue with the NSA, Apple had no position clear knowledge if they will share the database of fingerprints with NSA or not. After hours and hours of trying by phone, I finally managed to get through and had a conversation with an employee of Apple and got some answers to my questions.

iPhone 5s, fingerprint sensor has already been hacked, Apple users have something more to worry about. An article published by National report says apple has admitted the fact that he will share the database of fingerprints with the NSA because there is nothing unconstitutional on this subject.

The source cited by the National report is allegedly Tim Richardson, the district of North America Department Apple's marketing director, stated that "of course the merger between the database of fingerprints and the NSA database will be". The concept of having such a safety device in the new Apple Phone came from someone within the Government. NSA has worked on a database to make it compatible with new technology iPhone 5 s the Apple'.

The iPhone 5 comes with an emergency power supply device that prevents it from closing. This feature coupled with GPS which is integrated will allow the police track the exact location of a criminal. Officials are of the opinion that the suspects will be be apprehended in a month after what they have done an act.

The Director of marketing when asked about the concerns of privacy that people have, he said that "If anyone can be foolish enough to allow the use of such specific details by some unknown companies or officials, then we are not the only one to blame here. In fact, it is something of fact to promote overall good. "Criminals that officials are waiting to catch through it are very dangerous".

"To elsewhere if we have a look at the constitution, it does no such stipulation which allows the use of the fingerprints of the public against themselves while they submitted fingerprints voluntarily. ''

While the NSA and Apple have full rights to use these data voluntarily submitted by customers, some consumers are not particularly happy with this idea. A conversation with an old man who is an iPhone user, and he said that "he likes the novelty because it is not good to remember passwords because of his age. "He also said that despite the ease of the new feature, it comes with a concern to be stringed with murders that I could have done in the 1970s... well this is not actually the freedom and its certainly not America".

Let us know what you think of the issue? are you satisfied with your fingerprints being shared with the NSA?

[Via: National report]

Analysis: Spam in August 2013

The percentage of spam in email traffic in August was down 3.6 percentage points and averaged 67.6%.The level of phishing increased tenfold compared with July, and averaged 0.013%.Malicious attachments were found in 5.6% of all emails, an increase of 3.4 percentage points compared to the previous month.

In August 2013, spam became much more dangerous: the number of fraudulent and malicious emails increased significantly against a noticeable drop in the overall percentage of spam.

In the run-up to the new school year, ‘Back to School’ became one of the most popular themes for the spammers – in August we detected adverts for all kinds of school supplies. There was also a lot of spam relating to sports and healthy lifestyles. Auto traders also resorted to the spammers’ services with car sales, along with related services and accessories, also prominent in mass mailings.

For many people an automobile is not just a means of transportation – it’s almost a way of life, demanding substantial time and money. Spammers are eager to exploit people’s interest in cars: in August, we registered a number of promotional mass mailings which, in addition to the standard offers of sales and repairs, included some very original auto-related offers. For example, the authors of one mass mailing invited recipients to join a master class on making cakes in the shape of a car.

However, English-language spam most often contained advertisements of cheap car rental services and sales of leading auto brands.

On the first Monday of September the United States celebrates Labor Day. Most Americans consider it the symbolic end of the summer and a traditional time for summer sales and discounts. Of course, spammers are quick to take advantage: throughout August, they actively spread emails advertising discounts on cars and medications. To attract more attention and convince users not to postpone a purchase, the spammers sent out messages containing a special code promising an extra discount.

As might be expected, for spammers around the world August’s motto was "Back to School". The beginning of the new school year became the theme of the month as all kinds of school supplies were promoted online.

However, in some cases, the advertised goods had nothing to do with the education process – the spammers simply used this topic to attract attention to whatever it was they were advertising. For example, we registered a mass mailing offering skincare products. Perhaps looking to ensure the yummiest of mummies on the school run, spammers offered fast-working cosmetics which claimed to effect miraculous changes before the first bell rang. These emails contained a long link which redirected users to a site where they were asked to select the region of delivery. In turn, the selection of the region activated a page with the seller’s contact details. At the same time, the domains used in the redirections did not operate for more than one week after the launch of the mass mailing.

"Are you still brown bagging school lunches?" read the header of another mailing. This mailing exploited the school theme to advertise special packages designed to keep food fresh. The authors of the message promised that the pack could keep food cold and fresh for up to 10 hours. The links in the emails consisted of single domains created within the previous month.

In August, we continued to register mass mailings advertising online education. But instead of the mailings from previous months which offered master’s and doctoral programs, the run-up to the new school year saw offers for failed pupils to complete their high school studies online.

The authors of the unsolicited emails highlighted flexible schedules and the opportunity to work from home as the key advantages of online education. For more information, the recipients were redirected to a foreign website where, in addition to degree programs, other non-educational services were presented.

A significant share of August’s spam contained health-related messages.  Weight-loss pills remain one of the most popular themes. Last month we came across mass mailings linked to these both on the RuNet and on the English-language Internet.

English-language mass mailings advertising weight-loss pills typically contained a link based on a recently created domain. This link varied from email to email. By clicking the link the user was redirected to a site with detailed information about the pills, the purchase terms, etc. The text came with a promotional video which demonstrated the miraculous properties of the pills and offered endorsements from people who had allegedly tried them.

Russian-language messages generally contained a short link redirecting the user to an advertising site. They often provided contact data for ordering goods.

In August 2013, the Top 3 sources of worldwide spam looked like this: China remained in 1st place with 21% of all distributed spam, a decline of 2.4 percentage points from the previous month; the USA came 2nd, having distributed 19% of world spam, an increase of 1 percentage point compared to July; South Korea was 3rd, averaging 15.4% (+0.4 percentage points). In total, these three countries accounted for 55% of global spam.

As in July, Taiwan occupied 4th place, contributing 5.5% to the world spam flow, up 0.1 percentage point. Russia’s share grew by 2 percentage points, accounting for 4.3% and moving it from 10th to 5th overall.

Japan (1.8%) also moved up five places after a rise of 0.9 percentage points lifted it to 11th. If that growth trend continues in the coming month, Japan might break into the top 10 most active distributors of global spam.

The other Top 10 members maintained their positions in the rating with negligible fluctuations in their contributions.

In August, South Korea remained the leading source of spam sent to European users (60%): its share grew by 2.6 percentage points. It was followed by Taiwan (4%) and the US (3.9%).

Russia (2.8%) occupied 4th position in August’s rating: its share grew by 1.8 percentage points - enough to climb 10 places. Vietnam’s contribution (2.7%) fell 0.7 percentage points compared with the previous month and meaning it fell to 5th place in the rating.

The Top 10 also included Indonesia (1.7%) which was in 8th position in August while Romania (1.4%) left the rating having dropped from 6th to 11th place. Germany (1.5%) came 10th with almost no change from the previous month.

In August the spam flows from the Asian region became slightly more active, seeing Thailand (0.9%), Singapore (0.6%) and Japan (0.6%) enter the rating of the 20 leading sources of spam sent to European users.

In August, Asia (55.2%) remained the leading regional spam source. As in the previous month, the Top 3 also included North America (21%) and Eastern Europe (14%): there was no serious change in the amount of spam originating from these countries except for North America where the share grew by nearly 1 percentage point. Western Europe (4.6%) and Latin America (3%) came 4th and 5th respectively.

In August, malicious attachments were detected in 5.6% of emails, an increase of 3.4 percentage points from July.

Trojan-Spy.html.Fraud.gen remained the most widespread malicious program (8.1%). It appears in the form of HTML pages which imitate the registration forms of well-known banks or e-pay systems and are used by phishers to steal user credentials for online banking systems.

Our August rating included four Trojan-Ransom.Win32.Blocker modifications. Three of them – Trojan-Ransom.Win32.Blocker.byxx (3%), Trojan-Ransom.Win32.Blocker.bzbh (1.8%) and Trojan-Ransom.Win32.Blocker.bysg (1.4%) – occupied 2nd, 5th and 7th positions respectively. These malicious programs are designed for blackmailing and extorting money from users. They block the work of the operating system and display a banner that gives instructions on how to unblock the computer. For example, the user is told to send a text message with a specific text to a premium-rate number.

Email-Worm.Win32.Bagle.gt (2.3%) ended the month in 3rd place. This mail worm is distributed in the form of an email attachment which sends itself to the addresses in the victim’s contact list. It can also download other malicious programs onto a user’s computer.

Fourth palce was occupied by Trojan-Spy.Win32.Zbot.nyis (2.2%), a modification of one of the most popular Trojan-spies Zbot (ZeuS) designed to steal confidential information including credit card details.

Worm.Win32.Mydoom.m (1.4%) remained 8th in August’s rating. In addition to self-proliferation it sends hidden search requests to search engines thus increasing the traffic and ratings of sites downloaded from the fraudsters’ servers.

Yet another modification of the Mydoom family, Email-Worm.Win32.Mydoom.l (1.4%), completed the Top 10 most widespread malicious programs. This worm is distributed via the Internet in the form of an email attachment. Its main functionality is to harvest email addresses from infected computers so they can be used for further mass mailings. It also has backdoor capabilities.

In August, Germany (12.3%) topped the rating of countries most often targeted by malicious emails pushing the previous month’s leader, the USA (10.1%), into 2nd place. The UK came 3rd with an 8.7% share of antivirus detections.

India (6.08%) dropped from 3rd to 5th position. Russia (3.48%) gained 1 percentage point and finished in 9th place in August. Australia’s share declined and averaged 4%. Canada completed the Top 10 with 2.2% of antivirus detections.

The share of antivirus detections for other countries did not vary significantly.

The vacation season may have been winding down, but the scammers kept up a continuous bombardment of fake messages announcing non-existent airline and hotel reservations, with the spammers using some of the biggest names in these industries. Well-known companies such as booking.com and Delta Air Lines are constantly being imitated by spammers and in August we recorded more fraudulent mailings with fake notifications from these companies. The senders’ addresses often look very convincing, which can result in recipients opening this type of email.

The email sent allegedly on behalf of booking.com informed the user that his hotel booking was confirmed and provided the order details including the date of check-in and check-out as well as the total cost of the hotel room. This scam email was designed in the style of the official website which distinguished it from a similar one imitating notifications from Delta Air Lines informing the recipient that his credit card payment had been accepted and also provided the details of the number, date and cost of the flight. Recipients were asked to click the link to print out a ticket but if they did so, a malicious file was downloaded onto the computer. The message, allegedly sent from booking.com contained a malicious file in the attachment. In both cases these were malicious files of the Trojan-PSW.Win32.Tepfer family used to steal usernames and passwords.

In August, after a long lull the scammers started sending out malicious notifications again from the Royal Caribbean International cruise line. The fraudulent email informed users that the e-documents for an allegedly ordered cruise were ready. These documents contain "important information" the passenger should know before boarding the ship and should be kept and taken on board together with the passenger’s passport and documents. In fact, the email contained the malicious Backdoor.Win32.Androm.qt file, a Backdoor.Win32.Androm modification used to secretly control the user's computer and add it to a botnet.

Fake notifications often utilize the names of popular international delivery services such as FedEx, UPS and DHL. They tell recipients that a courier failed to deliver their parcel due to an incorrect delivery address. To get the parcel, the recipient should print out the attached document and call the company’s office or confirm specified data, including the delivery address. Malicious files can also hide in fake documents supposedly containing detailed information about the parcel, which does not in fact exist. Spammers try to make their fake notifications look legitimate and typically use not only an apparently real sender’s address but provide non-existent order information, genuine contact details from official websites and a copy of a privacy notification letter.

The attached archives usually contain malicious files from different families. For example, the archive FedEx Invoice copy.zip attached to the fake FedEx notification contained the executable file FedEx Invoice copy.exe with a Trojan from the ZeuS/Zbot family. This malicious program is used to steal users’ personal information and passwords for their payment and banking accounts. The fake notifications sent on behalf of UPS contained Trojan-PSW.Win32.Tepfer.pnfu, designed to steal user logins and passwords. Yet another malicious program belonging to the Backdoor.Win32.Androm family was discovered in a mass mailing allegedly spread on behalf of DHL. The fraudsters used it to get full access to the victim's computer.

August saw a decline in business activity so  spammers got fewer orders for advertising and enthusiastically switched to fraudulent messages. As a result, the percentage of phishing emails in global spam traffic increased tenfold compared with July, reaching 0.013%.

Distribution of the Top 100 organizations targeted by phishers, by category*

This rating is based on Kaspersky Lab's anti-phishing component detections, which are activated every time a user attempts to click on a phishing link, regardless of whether the link is in a spam email or on a web page.

The most attractive targets for phishing attacks did not vary significantly in August. Social Networking Sites continued to top the list, with that category’s share not changing from July – 29.6%.

Email and Instant Messaging Services (17.2%) remained second: the share of attacks on this category decreased by 0.4 percentage points. Meanwhile, the figure for Search Engines (16.1%) grew slightly which saw that category remain in 3rd place.

Financial and E-pay Services (13.8%), IT vendors (8.4%), Telephone and Internet Service Providers (7.8%), Online Stores and E-auctions (5.4%) and Online Games (0.7%) occupied positions 4-8.

In August, Apple found itself among the main phishing targets. We frequently came across emails that supposedly came from the official address of the company, but which in fact were phishing messages designed to deceive users and steal their logins and passwords. For example, some emails gave the user 48 hours to confirm the details of an iTunes account. To unblock the account, the recipient had to click the link in the email and follow the instructions on the site. The spammers tried to lull the user into a false sense of security, pointing out that the message had been created automatically. However, both the request to confirm the account information on third-party sites and the absence of a personal address should alert users to the risk of fraud.

In August, the proportion of world spam dropped to 67% which might have been caused by the annual decline in business activity during the summer period and a decrease in the amount of advertising spam. However, we registered a lot of mass mailings dedicated to renting or selling cars, and to medicine and healthy lifestyles. In addition, spammers exploited the themes of the new school year and the US Labor Day holiday to advertise the sales of various goods.

During the summer, spam becomes more criminalized and the number of fraudulent messages containing malicious files increases. In August, Trojan spies designed to steal financial information were widespread in malicious spam traffic. However, the Trojan-Ransom.Win32.Blocker family of worms was also very popular with the scammers and several modifications could be found among the most frequently detected malicious programs.

During the holidays spammers continued to actively spread fake messages on behalf of companies involved in booking hotel and airline tickets. Courier firms also attracted the fraudsters’ attention, with their names being used for both phishing and spreading malware.

Phishers used popular Apple products and services to steal user logins and passwords. On the RuNet, scammers used spam to create and promote online services imitating the official services of public organizations in order to extort personal information and money from users.

August’s rating of the most attractive targets for phishing attacks did not vary significantly. As expected, Social Networking Sites and Email and Instant Messaging Services maintained their leading positions. In the last month of summer the activity of school children and students on social networking sites and email services remained high and ensured that phishers remained interested in this sector. However, in September when business activity starts recovering this interest will pass from social networking sites back to financial institutions and the number of attacks on the banking sector will increase. At the same time, the proportions of fraudulent and malicious mailings will most likely decrease.