ISSSource White Papers

Posts Tagged ‘intruder’

Monday, July 22, 2013 @ 05:07 PM gHale

Apple is now saying attackers breached its developer Web site.

As it is with any breach, Apple can’t rule out the theft of developers’ data, but the company said they encrypted all of the sensitive personal information.

Ubuntu Forums Password Breach
Stolen Combined Info a Hot Ticket
Browser Add-On Leaking Data
SMBs Need Data Breach Awareness

Apple posted a notice on its developer Web site and also sent an email to developers who have accounts with the company, saying as a result of the breach Apple is making some changes on its back end infrastructure and also is rebuilding the developer database.

“Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then,” the notice said.

“In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.”

Apple’s developer site serves as a resource for people who write apps for the company’s various platforms, including OS X and iOS. The site has been down since July 18, but it wasn’t until Sunday the company provided any information about the incident or what happened. Of late, Apple has been a frequent target for attackers, as has been its users and developers.

The company itself admitted earlier this year it suffered a hit by an intrusion from a group of attackers who used a Java Zero Day vulnerability. The same group had breached Facebook, as well.

Apple’s iTunes store has fallen victim of various attacks in recent years, as well.

Monday, February 13, 2012 @ 05:02 PM gHale

By Richard Sale
It wasn’t that long ago at an Air Force base in Rome, NY, when an intruder, using a computer from overseas, hacked into military computers that controlled logistics supply and swapped two order numbers from the files.

When the motor pool in one U.S. Air Force base ordered headlights, they ended up getting missiles, and when a fighter wing ordered missiles, it got headlights. While no lives were lost, it did cause a huge mess and after straightening out the red tape, the intrusion cost $500,000 in personnel and system time.

Cyber Report: Bad Guys Winning
Security Best Practices will Cut Downtime
Government Tries to Define Cyber Security
DHS Unveils Cyber Strategy Plan
Grid Ripe for Cyber Attacks

Yes, this was a military incident and not an industrial control system, but the issue still remains that staying vigilant and on top of all possible attack vectors remains paramount.

In light of the Stuxnet attacks on the Iran nuclear facilities and the potential for retaliation or attack from other well-funded nation states, the U.S. government is stepping up its cyber security posture.

That is why President Barack Obama last month signed into law the National Defense Authorization Act which will vastly boost U.S. cyber war capabilities, including approval of offense cyber warfare, according to Pentagon sources.

The U.S. Cyber Command, the U.S. Air Force, Army, Marine Corps and Navy components all embarked on new operations designed to thwart and baffle its adversaries. Under the Cyber Insider Threat (CINDER) plan, Defense Advanced Research Projects Agency (DARPA) will explore new approaches for improving the speed and accuracy of threat detection, seeking new proposals to identify and monitor intruder attacks.

Cooperation between the private sector and the Department of Defense (DoD) will also increase. More than 90 percent of the military communications infrastructure, platforms and programs currently consist of commercial software and network companies. Before stepping down late last year as deputy defense secretary, William Lynn outlined the Defense Industrial Base Cyber Pilot program whose aim is to bring together military and industry leaders to share knowledge of the best techniques for fighting cyber threats including the insertion of viruses and worms like Stuxnet, that can act to weaken U.S. ability wage modern war.

The new program will mean that DoD and the Department of Homeland Security (DHS) will work more closely together, and it requires annual reports on the Chinese military and an analysis of its cyber capabilities, thought to be the most formidable threat to the United States.

“The Chinese have already caused a lot of headaches – they shut down the White House site beginning in the 1990s, they recently were behind last year’s pillaging of U.S. Defense Department data,” said a former senior U.S. intelligence official. “The worry is that even in those operations we think they are not yet deploying their best stuff.”

New Chinese or Russian cyber offensives will attempt to attack the heart of U.S. information systems degrading, disrupting his supply information, and through deception crashing computers and planting false data, the source said.

The U.S. Air Force first discussed inserting mal worms and viruses as early as 1995, he said.

The President will direct the new threat program and is subject to the laws of the war and the War Powers Resolution. The goal is not necessarily to develop new ways of detecting individual malicious insiders, but, instead, DARPA wants to read tell-tale signs of network activities that users should monitor before any disruption occurs.

Included in the act is a push toward standardization across the military’s security information and event management systems in an effort to improve Cyber Command’s ability to see and correlate data across the military’s disparate cyber security systems.

The act directs the secretary of defense to acquire more advanced cyber security capabilities to “discover and isolate” successful attacks for which signatures haven’t been developed including scanning emails, databases and file transfers.

The U.S. military seeks to block any unauthorized software and constantly monitors system settings to detect any deviations. At the gateway level, the military must capture and analyze network traffic and Cyber Command will set how much data these systems must capture and store.

“It will take time to ramp up these measures and enemies are already way ahead,” said another U.S. government expert.
Richard Sale was United Press International’s Intelligence Correspondent for 10 years and the Middle East Times, a publication of UPI. He is the author of Clinton’s Secret Wars and Traitors.

Wednesday, January 25, 2012 @ 11:01 AM gHale

There is video conferencing equipment that connects to the Internet without a firewall and automatically answers incoming video calls which can allow an intruder to monitor audio and video with little or no indication to the victim.

“The interesting part of this research is who it affects; these units can cost anywhere from a few hundred dollars (used) to tens of thousands of dollars for high-end room systems,” said Rapid7 Chief Security Officer HD Moore in his blog post. “It is rare to find a high-end video conferencing system in an unimportant location. Examples identified by this research include corporate boardrooms, inmate-lawyer consultation areas, venture capital firms, and research facilities.”

Malware with Customer Support
New Software Cuts Costs, Risk
Scanner Email Hides Malware
Motivated Hacker Always Gets In

In his 3-month long research, Moore, the creator of Metasploit, focused on equipment that spoke the H.323 protocol. Of the 250,000 systems identified with this service, just under 5,000 were configured to automatically receive incoming calls.

“There are an estimated 150,000 systems on the Internet as a whole affected by this issue,” Moore said in his blog. “This does not count the hundreds of thousands of video conferencing systems exposed on the internal networks of large corporations.

“Even cheap video conferencing systems provide an incredible level of visual acuity and audio reception,” Moore said. “In the Rapid7 lab, we were able to easily read a six-digit password from a sticky note over 20 feet away from the camera. In an otherwise quiet environment, it was possible to clearly hear conversations down the hallway from the video conferencing systems. In most cases, the remote user has the ability to drive the camera — controlling pan, tilt, and zoom — providing visibility into areas far away from where the system is actually installed. A separate test confirmed the ability to monitor a user’s keyboard and accurately capture their password, simply by aiming the camera and using a high level zoom. Another test demonstrated the ability to read a user’s email on their laptop screen. If the system is connected to a television set that has not been powered on, the only indicator that a call is active will be the movement of the camera itself or a small light on the base of the system. Many of the high-end models do not include a visual indicator of a call in progress on the camera at all.”

One way to see if the system is susceptible is to scan the network using Metasploit. Metasploit, originally created by Moore and now managed by Rapid7, contains modules for scanning for H.323 services.

“All shipping Metasploit editions contain a scanner module for quickly identifying H.323-enabled systems that accept incoming calls,” Moore said in his blog. “This module is in the default discovery mode of Metasploit Pro (free trial) and can scan a large network to identify affected systems. This process also works for the free Metasploit Community Edition.

The process for using Metasploit Pro to discover exposed H.323 devices is:
1. Login to the web interface on https://metasploit:3790/
2. Create a new Project
3. Choose the Scan option
4. Expand “Advanced Options” and enter “1720” into the Custom TCP Ports parameter
5. Uncheck UDP and SNMP discovery options to increase scanning speed
6. Launch the Scan task
7. Once complete, browse to Analysis -> Services
8. Enter “h323″ into the Search box on the upper right

“Video conferencing systems are one of the most dangerous but least-known exposures to organizations conducting business of a sensitive nature,” Moore said. “Although many vendors provide some security measures, these tend to be ignored in the real world, by both IT staff and security auditors.”

Archived Entries