The stories you want. The opinions that matter.
No, thanks
Tag: cyber hacking
Exclusive: Probe Of Leaked NSA Hacking Tools Examines Operative’s ‘Mistake’

Exclusive: Probe Of Leaked NSA Hacking Tools Examines Operative’s ‘Mistake’

SAN FRANCISCO/WASHINGTON (Reuters) – A U.S. investigation into a leak of hacking tools used by the National Security Agency is focusing on a theory that one of its operatives carelessly left them available on a remote computer and Russian hackers found them, four people with direct knowledge of the probe told Reuters.

The tools, which enable hackers to exploit software flaws in computer and communications systems from vendors such as Cisco Systems and Fortinet Inc, were dumped onto public websites last month by a group calling itself Shadow Brokers.

The public release of the tools coincided with U.S. officials saying they had concluded that Russia or its proxies were responsible for hacking political party organizations in the run-up to the Nov. 8 presidential election. On Thursday, lawmakers accused Russia of being responsible.

Various explanations have been floated by officials in Washington as to how the tools were stolen. Some feared it was the work of a leaker similar to former agency contractor Edward Snowden, while others suspected the Russians might have hacked into NSA headquarters in Fort Meade, Maryland.

But officials heading the FBI-led investigation now discount both of those scenarios, the people said in separate interviews.

NSA officials have told investigators that an employee or contractor made the mistake about three years ago during an operation that used the tools, the people said.

That person acknowledged the error shortly afterward, they said. But the NSA did not inform the companies of the danger when it first discovered the exposure of the tools, the sources said. Since the public release of the tools, the companies involved have issued patches in the systems to protect them.

Investigators have not ruled out the possibility that the former NSA person, who has since departed the agency for other reasons, left the tools exposed deliberately. Another possibility, two of the sources said, is that more than one person at the headquarters or a remote location made similar mistakes or compounded each other’s missteps.

Representatives of the NSA, the Federal Bureau of Investigation and the office of the Director of National Intelligence all declined to comment.

After the discovery, the NSA tuned its sensors to detect use of any of the tools by other parties, especially foreign adversaries with strong cyber espionage operations, such as China and Russia.

That could have helped identify rival powers’ hacking targets, potentially leading them to be defended better. It might also have allowed U.S officials to see deeper into rival hacking operations while enabling the NSA itself to continue using the tools for its own operations.

Because the sensors did not detect foreign spies or criminals using the tools on U.S. or allied targets, the NSA did not feel obligated to immediately warn the U.S. manufacturers, an official and one other person familiar with the matter said.

In this case, as in more commonplace discoveries of security flaws, U.S. officials weigh what intelligence they could gather by keeping the flaws secret against the risk to U.S. companies and individuals if adversaries find the same flaws.

Critics of the Obama administration’s policies for making those decisions have cited the Shadow Brokers dump as evidence that the balance has tipped too far toward intelligence gathering.

The investigators have not determined conclusively that the Shadow Brokers group is affiliated with the Russian government, but that is the presumption, said one of the people familiar with the probe and a fifth person.

One reason for suspecting government instead of criminal involvement, officials said, is that the hackers revealed the NSA tools rather than immediately selling them.

The publication of the code, on the heels of leaks of emails by Democratic Party officials and preceding leaks of emails by former U.S. Secretary of State Colin Powell, could be part of a pattern of spreading harmful and occasionally false information to further the Russian agenda, said Jim Lewis, a cybersecurity expert at the Center for Strategic and International Studies.

“The dumping is a tactic they’ve been developing for the last five years or so,” Lewis said. “They try it, and if we don’t respond they go a little further next time.”

(Reporting by Joseph Menn in San Francisco and John Walcott in Washington; Editing by Jonathan Weber and Grant McCool)

IMAGE: An illustration shows the logo of the U.S. National Security Agency on the display of a phone in Berlin, June 7, 2013. REUTERS/Pawel Kopczynski 

FBI’s Comey Says Cybercrime A Top Priority After China Attacks

FBI’s Comey Says Cybercrime A Top Priority After China Attacks

By Richard A. Serrano, Tribune Washington Bureau

WASHINGTON — James B. Comey, the new FBI director, was visiting the bureau’s field office in Indiana recently and was struck by how the invention of the automobile gave old-time Midwest bank robbers like John Dillinger a faster getaway.

Today, Comey’s FBI is more concerned with cybercrime, and it is that murky world of Internet theft that gave the director pause Wednesday to imagine a new kind of thief who can steal fortunes from the comfort of his own bedroom.

“John Dillinger couldn’t do a thousand robberies in the same day in all 50 states in his pajamas halfway around the world,” Comey told the Senate Judiciary Committee. “That’s the challenge we now face with the Internet.”

On Monday, the FBI and Justice Department announced indictments against five Chinese military officials, charging them with economic espionage by hacking into corporate computer systems in the U.S. and stealing private data. The case, with more indictments expected soon, signals that the FBI views cybercrimes as the new rob-and-run bank heists of the 1930s.

Comey said a top priority is hiring new agents with cutting-edge computer and other technical skills.

“These cases illustrate our commitment to reach around the world to make clear to people that we’re not going to put up with this,” he said. “We’re going to treat these burglaries for what they are. We’re going to treat them as seriously as we would someone kicking in your door to steal your stuff, to steal your ideas, to steal your identity.”

Photo: O.maloteau via Flickr

Chinese Hackers Allegedly Used ‘Spearphishing’ To Steal Secrets

Chinese Hackers Allegedly Used ‘Spearphishing’ To Steal Secrets

By Robert Faturechi, Los Angeles Times

Much of the damage allegedly inflicted by the Chinese military officers charged with economic espionage this week came via email scams.

But the strategy, as described in a federal indictment, was far more sophisticated than the common “Nigerian prince” email blast.

Instead of sending out thousands of generic scam messages, the Chinese hackers were allegedly “spearphishing.” That’s a twist on traditional email phishing, in which bad guys entice victims with official-looking mail from, say, a bank or an online retailer. Those attacks are usually crude and sent out in bulk. Spearphishing is tightly targeted toward an individual or specific corporate unit.

Although the ruse is not commonly known, sophisticated scammers willing to put in the time and effort to learn more about their target have used it for years.

Unlike the usual email scammers, the spearphisher “thrives on familiarity” and “knows your name, your email address and at least a little about you,” according to a report by Norton, the malware prevention and removal service. “The salutation on the email message is likely to be personalized: ‘Hi Bob’ instead of ‘Dear Sir.'”

Spearphishers often scan Facebook and other social media sites to glean details about users’ friends to make messages look more legitimate. The emails might refer to a recent online purchase or a mutual friend, causing users to let down their guard and be more willing to click a link or provide user names, passwords or banking information.

In one instance highlighted in the indictment, a Chinese officer allegedly emailed roughly 20 U.S. Steel employees purporting to be their company’s chief executive. The message included a link that installed malware that gave the alleged Chinese hackers backdoor access to the company’s computers, just weeks before the release of a report on an important trade dispute. Several employees took the bait and clicked the link.

As spearphishing attacks increase, businesses are struggling to erect defenses. Adam Wosotowsky, a researcher at McAfee Labs, said it’s not enough for employees to simply check that the email comes from an in-house address. Virtually everything visible in an email, he said, can be forged, including the sender’s listed address.

What can’t be forged, Wosotowsky said, is the IP address the email is coming from — so businesses can block all messages ostensibly from their company’s email domains but not from authorized IP addresses.

Beyond that, “you have to make sure people have proper training to recognize it, especially if you realize you’re being targeted, because they’re going to try again and again,” Wosotowsky said. “If the payoff is $10 million in intellectual property, that single guy can send one email a day, maybe five emails a day, for two years and he just needs one to go through for it to be worth it.”

Among the red flags employees should be watching for is bad grammar and requests for user names and passwords. Specific types of attachments are also a concern, particularly files that end with .ser or .exe, which cause the computer to launch into a set of tasks.

Wosotowsky said spearphishing is still rare compared with traditional phishing, but appears to be growing in popularity as the money in traditional spamming dries up because of better protection against mass emails.

Jon Heimerl, a strategist for security services provider Solutionary, said he had one client, a company CEO, who bought a new BMW every three years. A hacker found out that the CEO was looking to buy and sent him an email purporting to be from a local BMW dealer, asking him to fill out a survey in exchange for a discount. Heimel said that after his client used his personal email account to comply, a virus opened on his work computer.

The virus then sent out an email from the CEO’s work account to everyone in the company. The subject line, Heimerl said, was something about the company getting acquired, which prompted nearly everyone to open it.

“It pretty much shut them down for the better part of three days,” he said.

The consequences of not being careful can be severe. The alleged scammers from China are accused of successfully hacking into the computers of U.S. companies involved in nuclear energy, steel manufacturing and solar energy.

One of the alleged Chinese spearphishers, according to the indictment, was able to steal host names and descriptions for more than 1,700 company servers, including those that controlled physical access to the company’s facilities and mobile access to its networks.

Photo: Akasped via Flickr