Posts Tagged ‘hackers’

Transportation strikes and university protests continue to shake France

April 17, 2018

© Gerard Julien, AFP | Public railways SNCF railworkers demonstrate against planned reforms of the French government on April 13, 2018 in Paris as strikes on France’s rail network continue.

France 24, AFP and AP

A new strike by Air France employees Tuesday will add to chaos in France, which is already reeling from strikes by rail workers and university students over proposed public sector reforms by President Emmanuel Macron.

To Macron’s dismay, the popular movements show no signs of slowing down.

The Air France tussle over salaries is separate from the larger and politically more significant stand-off between Macron’s centrist, business-friendly government and the public sector trade unions fighting its reform plans.

Rail unions are particularly up in arms over proposed reforms that they say would reduce job security. Students have been blocking several public universities over Macron’s plan to introduce more selective applications.

There is a general atmosphere of social discontent against Macron’s reforms, including protests and strikes by civil servants, energy workers and garbage collectors.

Recently, Economy Minister Bruno Le Maire admitted that, while he couldn’t produce numbers, it was clear that the strikes were impacting growth.

“We have already identified an impact in certain sectors, including hotel reservations, transportation and tourism,” he told French radio Europe 1.

FRANCE 24 takes a look at the latest on the three main strikes.

Air France

About 30 percent of Air France flights scheduled on Tuesday are expected to be canceled due to a strike over pay. Crews and ground staff, whose wages have been frozen since 2011, are seeking a 6percent pay rise. This will mark their eighth day of walkouts since February.

Some 45 percent of long-haul flights will be canceled along with 35 percent of medium-haul flights to and from Paris. According to Air France, the strikes could cost the company upwards of €220 million.

On Monday, Air France’s management offered a 2 percent rise this year followed by an increase totaling 5 percent over the following three years. Unions have until the end of the week to decide whether to accept the deal.

The pilots’ main union, SNPL Air France, said Tuesday the offer doesn’t meet its demands. Union President Philippe Evain called it “totally ridiculous and indecent”.

Check the Aéroports de Paris website for the latest flight information by clicking here.

SNCF

The fourth edition of an ongoing strike by workers at the French national rail carrier the SNCF was set to begin Tuesday evening as the National Assembly prepared to vote on a bill addressing rail sector reforms.

The main union, the CGT, has denounced the reforms and promised a major strike on April 18 and 19 in response.

The union also pledged its commitment to the rolling strike  which is set to continue until at least June 28, causing weeks of headaches for the network’s 4.5 million daily passengersTraffic will be disrupted two days out of every five.

The SNCF said it will post updates of train schedules on its website at 17:00 each day, letting commuters know which trains will be running. Below are the proposed dates for train strikes over the next three months:

April

  • Tuesday 3 and Wednesday 4
  • Sunday 8 and Monday 9
  • Friday 13 and Saturday 14
  • Wednesday 18 and Thursday 19
  • Monday 23 and Tuesday 24
  • Saturday 28 and Sunday 29

May:

  • Thursday 3 and Friday 4
  • Tuesday 8 and Wednesday 9
  • Sunday 13 and Monday 14
  • Friday 18 and Saturday 19
  • Wednesday 23 and Thursday 24
  • Monday 28 and Tuesday 29

June:

  • Saturday 2 and Sunday 3
  • Thursday 7 and Friday 8
  • Tuesday 12 and Wednesday 13
  • Sunday 17 and Monday 18
  • Friday 22 and Saturday 23
  • Wednesday 27 and Thursday 28

On strike days, national rail services will be severely impacted, with traffic almost halved. International rail travel will also be hit, with three out of four trains running.

In Paris, public transport will operate almost as normal. Regional trains, including the RER B (which connects the city to its main airport, Roissy Charles de Gaulle or CDG), will be impacted the most by the strike, with an average of three out of four trains running.

Check the SNCF website for updated travel information by clicking here.

Universities

Four different universities in France are still closed due to protests that started in February in response to a law proposing to restrict university access. Ten or 12 other sites have been partially blocked by students. The protests have meant that, in some locations, students are unable to sit their exams.

In an attempt to slash high failure rates among first-year undergraduates, a new law that passed in February seeks in part to personalise the admissions process, controversially chipping away at the principle of automatic entry for French high school graduates. Until now, places in the most popular courses of study have been attributed by drawing lots, without regard for a candidate’s grades or qualifications. For critics, any nudge towards “sélection” is sacrilege.

>> Masked men attack protesting students in Montpellier

One university in total shutdown is Nanterre, known as the birthplace of the famous student protests that ripped across France in May 1968.

On Monday there was a police intervention at Paul Valéry University in the southern town of Montpellier. Last week, someone hacked into the university’s servers, compromising its ability to hold exams.

(FRANCE 24 with AFP, REUTERS and AP)

Advertisements

Chinese Hackers Hit U.S. Firms Linked to South China Sea Dispute

March 17, 2018

 

 Image may contain: ocean, sky, outdoor and water
China has militarized the South China Sea — even though they have no legal claim. This is Mischief Reef, now an extensive Chinese military base — one of seven Chinese military bases near the Philippines

Bloomberg

By David Tweed

 Updated on 
  • Victims are in maritime industries with South China Sea ties
  • Hackers ‘most likely’ operating on behalf of a government

Chinese hackers have launched a wave of attacks on mainly U.S. engineering and defense companies linked to the disputed South China Sea, the cybersecurity firm FireEye Inc. said.

The suspected Chinese cyber-espionage group dubbed TEMP.Periscope appeared to be seeking information that would benefit the Chinese government, said FireEye, a U.S.-based provider network protection systems. The hackers have focused on U.S. maritime entities that were either linked to — or have clients operating in — the South China Sea, said Fred Plan, senior analyst at FireEye in Los Angeles.

 No automatic alt text available.

“They are going after data that can be used strategically, so it is line with state espionage,” said Plan, whose firm has tracked the group since 2013. “A private entity probably wouldn’t benefit from the sort of data that is being stolen.”

The TEMP.Periscope hackers were seeking information in areas like radar range or how precisely a system in development could detect activity at sea, Plan said. The surge in attacks picked up pace last month and was ongoing.

Increased Attacks

While FireEye traced the group’s attacks to China, the firm hasn’t confirmed any link to Chinese government entities or facilities. FireEye declined to name any targets. Although most were based in the U.S., organizations in Europe and at least one in Hong Kong were also affected, the firm said.

Ministry of Foreign Affairs spokesman Lu Kang told a briefing Friday in Beijing that China opposed all kinds of cyber attacks. “We will continue to implement the important consensus on cybersecurity reached in 2015,” he said.

Plan said suspected Chinese cyber-attacks on U.S. targets has picked up in recent months, after both sides agreed not to attack civilian entities. The 2015 deal to tamp down economic espionage was hammered out between then-U.S. President Barack Obama and President Xi Jinping.

The U.S. indicted five Chinese military officials in 2014 on charges that they stole trade secrets from companies including Westinghouse Electric Co. and United States Steel Corp. after hacks were detected by Mandiant, a unit of FireEye. China denies the charges and argues the country is a victim rather than an instigator of cybersecurity attacks.

Strategic Data

Data sought in the latest incidents could be used, for instance, to determine how closely a vessel could sail to a geographical feature, Plan said. “It is definitely the case that they can use this information for strategic decision-making,” he said.

The U.S. Navy sometimes conducts so-called freedom of navigation operations to challenge Chinese claims to more than 80 percent of the South China Sea — one of the world’s busiest trading routes. China has reclaimed some 3,200 acres (1,290 hectares) of land in the waters and built ports, runways and other military infrastructure on seven artificial features it has created.

China has been involved in other attacks related to the South China Sea. In 2015, during a week-long hearing on a territorial dispute in the water, Chinese malware attacked the website of the Permanent Court of Arbitration in the Hague, taking it offline.

The latest attacks were carried out using a variety of techniques including “spear-phishing,” in which emails with links and attachments containing malware are used to open back doors into computer networks. In some examples, the emails were made to look as if they originated from a “big international maritime company,” Plan said.

FireEye said in a separate report that government offices, media and academic institutions have been attacked, along with engineering and defense companies. Plan declined to comment when asked whether the U.S. Navy was among the targets.

“Given the type of organizations that have been targeted — the organizations and government offices — it is most likely the case that TEMP.Periscope is operating on behalf of a government office,” Plan said.

— With assistance by Dandan Li, Peter Martin, and Andy Sharp

.
Related:
.
.

.

.
We’ve heard 白痴國家 (Means “Idiot Nation”)

.
.
.
.
.
.

.

.

No automatic alt text available.

China has long had its eye on James Shoal and may move toward the island unless Malaysia or Indonesia protest…

.

No automatic alt text available.

China says it has sovereignty over all the South China Sea north of its “nine dash line.” On July 12, 2016, the Permanent Court of Arbitration  in The Hague said this claim by China was not valid. But China and the Philippine government then chose to ignore international law.

Hackers tried to cause Saudi petrochemical plant blast: NYT

March 16, 2018

AFP

© AFP/File | Energy giant Saudi Aramco, whose Shaybah plant is seen here, was among firms hit by an earlier cyber-attack in 2012

WASHINGTON (AFP) – Cyber-attackers tried to trigger a deadly explosion at a petrochemical plant in Saudi Arabia in August and failed only because of a code glitch, The New York Times reported.Investigators declined to identify the suspected attackers, but people interviewed by the newspaper unanimously said that it most likely aimed to cause a blast that would have guaranteed casualties.

A bug in the attackers’ code accidentally shut down the system instead, according to the report.

The cyber-attack — which could signal plans for other attacks around the world — was likely the work of hackers supported by a government, according to multiple insiders interviewed by the newspaper.

All sources declined to name the company operating the plant as well as the countries suspected to have backed the hackers, The New York Times said.

Security experts however told the newspaper that Iran, China, Russia, Israel and the United States had the technical capacity to launch an attack of that magnitude.

There was no immediate comment from Saudi Arabia, which has come under frequent cyber-attacks, including “Shamoon”, the aggressive disc-wiping malware that hit the Saudi energy sector in 2012.

Saudi Aramco, the world’s biggest oil company, was among the firms hit by Shamoon, which was believed then to be the country’s worst cyber-attack yet.

US intelligence officials at the time said they suspected a link to the kingdom’s regional rival Iran.

But the August attack was “much more dangerous” than Shamoon, according to The New York Times, and likely aimed to send a political message — investigators said the code had been custom-built with no obvious financial motive.

Tasnee, the Saudi Arabian industrialisation company, had also been attacked by hackers in January 2017, according to Tasnee officials and researchers with the Symantec cybersecurity company interviewed by the newspaper.

The attack destroyed the company’s hard drives, wiped all data and replaced it with the now-iconic image of Aylan Kurdi, the Syrian boy in a red T-shirt who washed up dead on the Turkish coast.

Saudi Arabia was also hit by Powershell malware targeting government computers in November.

See also:

A Cyberattack in Saudi Arabia Had a Deadly Goal. Experts Fear Another Try.

NYT:https://www.nytimes.com/2018/03/15/technology/saudi-arabia-hacks-cyberattacks.html

 

In a first, U.S. blames Russia for cyber attacks on energy grid

March 16, 2018

WASHINGTON (Reuters) – The Trump administration on Thursday blamed the Russian government for a campaign of cyber attacks stretching back at least two years that targeted the U.S. power grid, marking the first time the United States has publicly accused Moscow of hacking into American energy infrastructure.

Beginning in March 2016, or possibly earlier, Russian government hackers sought to penetrate multiple U.S. critical infrastructure sectors, including energy, nuclear, commercial facilities, water, aviation and manufacturing, according to a U.S. security alert published Thursday.

The Department of Homeland Security and FBI said in the alert that a “multi-stage intrusion campaign by Russian government cyber actors” had targeted the networks of small commercial facilities “where they staged malware, conducted spear phishing, and gained remote access into energy sector networks.” The alert did not name facilities or companies targeted.

United States officials and private security firms saw the Russian attacks as a signal by Moscow that it could sabotage the West’s critical facilities in the event of a conflict. CreditSpencer Platt/Getty Images

The direct condemnation of Moscow represented an escalation in the Trump administration’s attempts to deter Russia’s aggression in cyberspace, after senior U.S. intelligence officials said in recent weeks the Kremlin believes it can launch hacking operations against the West with impunity.

It coincided with a decision Thursday by the U.S. Treasury Department to impose sanctions on 19 Russian people and five groups, including Moscow’s intelligence services, for meddling in the 2016 U.S. presidential election and other malicious cyber attacks.

Russia in the past has denied it has tried to hack into other countries’ infrastructure, and vowed on Thursday to retaliate for the new sanctions.

‘UNPRECEDENTED AND EXTRAORDINARY’

U.S. security officials have long warned that the United States may be vulnerable to debilitating cyber attacks from hostile adversaries. It was not clear what impact the attacks had on the firms that were targeted.

But Thursday’s alert provided a link to an analysis by the U.S. cyber security firm Symantec last fall that said a group it had dubbed Dragonfly had targeted energy companies in the United States and Europe and in some cases broke into the core systems that control the companies’ operations.

Malicious email campaigns dating back to late 2015 were used to gain entry into organizations in the United States, Turkey and Switzerland, and likely other countries, Symantec said at the time, though it did not name Russia as the culprit.

The decision by the United States to publicly attribute hacking attempts of American critical infrastructure was “unprecedented and extraordinary,” said Amit Yoran, a former U.S. official who founded DHS’s Computer Emergency Response Team.

“I have never seen anything like this,” said Yoran, now chief executive of the cyber firm Tenable, said.

A White House National Security Council spokesman did not respond when asked what specifically prompted the public blaming of Russia. U.S. officials have historically been reluctant to call out such activity in part because the United States also spies on infrastructure in other parts of the world.

News of the hacking campaign targeting U.S. power companies first surfaced in June in a confidential alert to industry that described attacks on industrial firms, including nuclear plants, but did not attribute blame.

“People sort of suspected Russia was behind it, but today’s statement from the U.S. government carries a lot of weight,” said Ben Read, manager for cyber espionage analysis with cyber security company FireEye Inc.

ENGINEERS TARGETED

The campaign targeted engineers and technical staff with access to industrial controls, suggesting the hackers were interested in disrupting operations, though FireEye has seen no evidence that they actually took that step, Read said.

A former senior DHS official familiar with the government response to the campaign said that Russia’s targeting of infrastructure networks dropped off after the publication in the fall of Symantec’s research and an October government alert, which detailed technical forensics about the hacking attempts but did not name Russia.

The official declined to say whether the campaign was still ongoing or provide specifics on which targets were breached, or how close hackers may have gotten to operational control systems.

“We did not see them cross into the control networks,” DHS cyber security official Rick Driggers told reporters at a dinner on Thursday evening.

Driggers said he was unaware of any cases of control networks being compromised in the United States and that the breaches were limited to business networks. But, he added, “We know that there is intent there.”

It was not clear what Russia’s motive was. Many cyber security experts and former U.S. officials say such behavior is generally espionage-oriented with the potential, if needed, for sabotage.

Russia has shown a willingness to leverage access into energy networks for damaging effect in the past. Kremlin-linked hackers were widely blamed for two attacks on the Ukrainian energy grid in 2015 and 2016, that caused temporary blackouts for hundreds of thousands of customers and were considered first-of-their-kind assaults.

Senator Maria Cantwell, the top Democrat on the Senate Energy and Natural Resources Committee, asked the Trump administration earlier this month to provide a threat assessment gauging Russian capabilities to breach the U.S. electric grid.

It was the third time Cantwell and other senators had asked for such a review. The administration has not yet responded, a spokesman for Cantwell’s office said on Thursday.

Last July, there were news reports that the Wolf Creek Nuclear Operating Corp, which operates a nuclear plant in Kansas, had been targeted by hackers from an unknown origin.

Spokeswoman Jenny Hageman declined to say at the time if the plant had been hacked but said that there had been no operational impact to the plant because operational computer systems were separate from the corporate network. Hageman on Thursday said the company does not comment on security matters.

John Keeley, a spokesman for the industry group the Nuclear Energy Institute, said: “There has been no successful cyber attack against any U.S. nuclear facility, including Wolf Creek.”

Reporting by Dustin Volz and Timothy Gardner, additional reporting by Jim Finkle; Editing by Tom Brown, Alistair Bell and Cynthia Osterman

See also: New York Times

Cyberattacks Put Russian Fingers on the Switch at Power Plants, U.S. Says

NYT:https://www.nytimes.com/2018/03/15/us/politics/russia-cyberattacks.html?hp&action=click&pgtype=Homepage&clickSource=story-heading&module=first-column-region&region=top-news&WT.nav=top-news

94% of health organizations have been victims of cyber attacks — Nuclear facilities need more cyber defense, Israeli group says

February 1, 2018
BY YONAH JEREMY BOB
 FEBRUARY 1, 2018 13:59

 

‘The battlefield is now in the civilian arena.’

Dr. Erel Margalit, founder of the JVP Foundation, speaking at the Cybertech conference in Tel Aviv.

Dr. Erel Margalit, founder of the JVP Foundation, speaking at the Cybertech conference in Tel Aviv.. (photo credit: DROR SITAHKOL)

Without taking cyber defense to a new level, the world is already in danger of being hit by a cyber pharmaceutical plague and a series of nuclear facility meltdowns, hi-tech entrepreneur Erel Margalit said Wednesday.

Speaking at the Cybertech Conference in Tel Aviv, the Jerusalem Venture Partners chairman and former MK noted, “Europe has 65 nuclear energy facilities that drills have shown to be vulnerable, and which could be hacked in ways that could cause a major issue.”

Margalit said pharmaceutical companies all over Europe were hacked in a massive cyber attack in June 2017, and that the hackers, presumed to be Russian, “could have changed the makeup of chemicals in the manufacturing of drugs… which could have brought a cyber plague to Europe.”

Instead, the hackers just stole IP addresses, but he said that did not change what they could have done or what other hackers might do in the future if companies do not up their cyber defense game.

Margalit discussed the sophistication of Israel and the West’s cyber adversaries. He said that Iran has “an army of hackers” operating in different countries in 11 independent groups with different code names.

“The Iranian nuclear threat is a future threat, but the Iranian cyber threat is an immediate threat, and Israel’s civil infrastructure is exposed and vulnerable. Eleven Revolutionary Guard strike groups attack Israeli nuclear researchers and civilian infrastructure on a daily basis,” he said.

Echoing Margalit’s warning, retired IDF Brig.-Gen. and current top Rafael cyber official Ariel Karo said, “Some hackers work like a commando unit. They collect intelligence, do advance planning, split into different units and use decoys.”

“The battlefield is now in the civilian arena,” he said, adding that only “a national level project” could “deal with all of the different kinds of threats.”

Karo said part of what made the cyber battlefield so difficult was that the only competent defense was to simultaneously multi-task with groups working on cybersecurity in real time and with others that are analyzing attacker strategies offline.

Noting that his company produced the Iron Dome missile-defense system, he said it also aspires to form a “Cyberdome” by going beyond the common threats that many are focused on and preparing for rarer military-level cyber threats.

He said Rafael had an “advantage” as it “is under attack all of the time,” helping it gain lots of experience in what high-powered cyber adversaries might try.

Other top cyber officials with military backgrounds also gave a grave picture of cyber threats.

Assuta Medical Center CEO and retired IDF Col. Ari Shamiss said that 94% of health organizations have been victims of cyber attacks. He said 88% of ransomware victims (groups locked out of their systems until they pay a ransom) were in the healthcare industry, recently costing the US $2.6 billion.

Shamiss pointed out that the dangers in the medical arena were more than just being locked out or having private information exposed, but were potentially lethal.

He said that implantable devices, such as cardiac pacemakers, could be disabled or have their functions altered to kill people.

.

http://www.jpost.com/Jpost-Tech/Cyber-officials-warn-of-unipharm-plague-nuke-meltdown-future-dangers-540402

TAGS:

Apple to issue fix for iPhones, Macs at risk from ‘Spectre’ chip flaw

January 5, 2018

Reuters

SAN FRANCISCO (Reuters) – Apple Inc will release a patch for the Safari web browser on its iPhones, iPads and Macs within days, it said on Thursday, after major chipmakers disclosed flaws that leave nearly every modern computing device vulnerable to hackers.

Browser makers Google, Microsoft Corp and Mozilla Corp’s Firefox all confirmed to Reuters that the patches they currently have in place do not protect iOS users. With Safari and virtually all other popular browsers not patched, hundreds of millions of iPhone and iPad users may have no secure means of browsing the web until Apple issues its patch.

Apple stressed that there were no known instances of hackers taking advantage of the flaw to date.

 Apple to issue fix for iPhones and Macs at risk from 'Spectre' chip flaw https://t.co/4Mv7SZpvcX

On Wednesday, Alphabet Inc’s Google and other security researchers disclosed two major chip flaws, one called Meltdown affecting only Intel Corp chips and one called Spectre affecting nearly all computer chips made in the last decade. The news sparked a sell-off in Intel’s stock as investors tried to gauge the costs to the chipmaker.

In a statement on its website, Apple said all Mac and iOS devices were affected by both Meltdown and Spectre. But the most recent operating system updates for Mac computers, Apple TVs, iPhones and iPads protect users against the Meltdown attack and do not slow down the devices, it added, and Meltdown does not affect the Apple Watch.

Macs and iOS devices are vulnerable to Spectre attacks through code that can run in web browsers. Apple said it would issue a patch to its Safari web browser for those devices “in the coming days.”

Shortly after the researchers disclosed the chip flaws on Wednesday, Google and Microsoft released statements telling users which of their products were affected. Google said its users of Android phones – more than 80 percent of the global market – were protected if they had the latest security updates.

Apple remained silent for more than a day about the fate of the hundreds of millions of users of its iPhones and iPads. Ben Johnson, co-founder and chief strategist for cyber security firm Carbon Black, said the delay in updating customers about whether Apple’s devices are at risk could affect Apple’s drive to get more business customers to adopt its hardware.

“Something this severe gets the attention of all the employees and executives at a company, and when they go asking the IT and security people about it and security doesn’t have an answer for iPhones and iPads, it just doesn’t give a whole lot of confidence,” Johnson said.

Reporting by Stephen Nellis; Editing by Cynthia Osterman and Susan Fenton

Handcuffed by sanctions, North Korea seeks cash via cyber theft

December 20, 2017

Some of the 7,000 hackers trained by Pyongyang pose as beautiful women on Facebook, strike online conversations and then send malicious ransom ware files

A man is reflected on a screen showing exchange rates of cryptocurrencies at an exchange in Seoul on December 20, 2017.
(AFP PHOTO / JUNG Yeon-Je)

A man is reflected on a screen showing exchange rates of cryptocurrencies at an exchange in Seoul on December 20, 2017. (AFP PHOTO / JUNG Yeon-Je)

SEOUL, South Korea (AFP) — The messages are alluring, the pictures are attractive. But the women seeking to beguile South Korean Bitcoin executives could actually be hackers from Pyongyang in disguise, experts warn.

In the face of sanctions over its banned nuclear and ballistic missile programs, the cash-strapped North is deploying an army of well-trained hackers with an eye on a lucrative new source of hard currency, they sa

Its cyber warfare abilities first came to prominence when it was accused of hacking into Sony Pictures Entertainment to take revenge for “The Interview,” a satirical film that mocked its leader, Kim Jong-Un.

But it has rapidly expanded from political to financial targets, such as the central bank of Bangladesh and Bitcoin exchanges around the world, with Washington this week blaming it for the WannaCry ransomware that wreaked havoc earlier this year.

Screenshot of a ransomware exploit (Courtesy)

And a South Korean crypto currency exchange shut down on Tuesday after losing 17 percent of its assets in a hacking — its second cyber attack this year — with the North accused of being behind the first.

According to multiple South Korean reports citing Seoul’s intelligence agency, North Korean hackers approach workers at digital exchanges by posing as beautiful women on Facebook, striking online conversations and eventually sending files containing malicious code.

They also bombard executives with emails posing as job seekers sending resumes — with the files containing malware to steal personal and exchange data.

Moon Jong-Hyun, director at Seoul cybersecurity firm EST Security, said the North had stepped up online honeytrap tactics targeting Seoul’s government and military officials in recent years.

“They open Facebook accounts and maintain the online friendship for months before backstabbing the targets in the end,” Moon told a cybersecurity forum, adding that many profess to be studying at a US college or working at a research think tank.

A computer screen at the Cboe Global Markets exchange (previously referred to as CBOE Holdings, Inc.) shows Bitcoin futures prices and trades on December 19, 2017 in Chicago, Illinois. (Scott Olson/Getty Images/AFP)

Simon Choi, director of Seoul cybersecurity firm Hauri, has accumulated vast troves of data on Pyongyang’s hacking activities and has been warning about potential ransomware attacks by the North since 2016.

The United States has reportedly stepped up cyberattacks of its own against Pyongyang.

But Choi told AFP, “The North’s hacking operations are upgrading from attacks on ‘enemy states’ to a shady, lucrative moneymaking machine in the face of more sanctions.”

Pyongyang’s hackers have shown interest in Bitcoin since at least 2012, he said, with attacks spiking whenever the crypto currency surges — and it has soared around 20-fold this year.

Illustrative: Staff monitoring the spread of ransomware cyberattacks at the Korea Internet and Security Agency (KISA) in Seoul, May 15, 2017. (AFP/ YONHAP)

US cybersecurity firm FireEye noted that a lack of regulations and “lax anti-money laundering controls” in many countries make digital currencies an “attractive tactic” for the North.

Crypto currencies, it said in a September report, were “becoming a target of interest by a regime that operates in many ways like a criminal enterprise.”

It documented three attempts by the North to hack into Seoul cryptocurrency exchanges between May and July as a way to “fund the state or personal coffers of Pyongyang’s elite.”

In October, Lazarus, a hacking group linked with the North, launched a malicious phishing campaign targeting people in the bitcoin industry with a fake but lucrative job offer, according to US cybersecurity firm Secureworks.

Hacking attacks targeting digital currencies are only the latest in the long list of alleged online financial heists by the North.

The North is blamed for a massive $81 million cyber-heist from the Bangladesh Central Bank (BCB) in 2016, as well as the theft of $60 million from Taiwan’s Far Eastern International Bank in October.

Map locates top 20 countries affected in the first hours of the global ransomware cyberattack in May 2017. (AP)

Although Pyongyang has angrily denied the accusations — which it described as a “slander” against the authorities — analysts say the digital footprints left behind suggest otherwise.

The attack on the BCB was linked to “nation-state actors in the North,” cyber security firm Symantec said, while the Taiwanese bank theft had some of the “hallmarks” of Lazarus, according to the British defense firm BAE Systems.

Proceeds from such actions are laundered through casinos in the Philippines and Macau or money exchanges in China, said Lim Jong-In, a cyber-security professor at Korea University in Seoul, making it “virtually impossible” to trace.

The global WannaCry ransomware attack in May infected some 300,000 computers in 150 nations, encrypting their files and demanding hundreds of dollars from their owners for the keys to get them back.

Experts say that young hacking talents are handpicked at school to be groomed at elite Kim Chaek University of Technology or Kim Il Sung Military University in Pyongyang, and now number more than 7,000.

This file photo taken on August 9, 2017, shows pedestrians walking past a huge screen in Tokyo displaying news footage of North Korean leader Kim Jong-Un. (AFP PHOTO / Kazuhiro NOGI)

They were once believed to be operating mostly at home or in neighboring China, but analysis by cyber security firm Recorded Future noted “significant physical and virtual North Korean presences” in countries as far away as Kenya and Mozambique.

FireEye CEO Kevin Mandia put the North among a quartet of countries — along with Iran, Russia and China — that accounted for more than 90 percent of cybersecurity breaches the firm dealt with.

Its hackers, he said, were “interesting to respond to and hard to predict.”

https://www.timesofisrael.com/handcuffed-by-sanctions-north-korea-seeks-cash-via-cyber-theft/

READ MORE:

Cyber Attacks “More Complex, Dangerous” Threaten Critical Infrastructure — Breached safety systems — Middle East nuclear, electrical, industrial infrastructure

December 17, 2017

REUTERS

 Image may contain: outdoor
The FireEye logo is seen outside the company’s offices in Milpitas, California, in 2014. | REUTERS

Hackers likely working for a nation-state recently breached safety systems at a critical infrastructure facility, in a watershed attack that halted plant operations, according to cyberinvestigators and the firm whose software was targeted.

FireEye Inc. disclosed the incident on Thursday, saying it had targeted Triconex industrial safety technology from Schneider Electric SE.

Schneider confirmed that the incident had occurred, and that it had issued a security alert to users of Triconex — which cyberexperts said is widely used in the energy industry, including at nuclear facilities and oil and gas plants.

FireEye and Schneider declined to identify the victim, industry or location of the attack. Cybersecurity company Dragos said the hackers targeted an organization in the Middle East, while a second firm, CyberX, said it believed the victim was in Saudi Arabia.

It marks the first report of a safety system breach at an industrial plant by hackers, who have in recent years placed increasing focus on breaking into utilities, factories and other critical infrastructure, cyberexperts said.

Compromising a safety system could let hackers shut them down in advance of attacking other parts of an industrial plant, potentially preventing operators from identifying and halting destructive attacks, they said. Safety systems “could be fooled to indicate that everything is okay,” even as hackers damage a plant, said Galina Antova, co-founder of cybersecurity firm Claroty.

“This is a watershed,” said Sergio Caltagirone, head of threat intelligence with Dragos. “Others will eventually catch up and try to copy this kind of attack.”

In the incident, hackers used sophisticated malware to take remote control of a workstation running a Schneider Electric Triconex safety shutdown system, then sought to reprogram controllers used to identify safety issues. Some controllers entered a fail-safe mode, which caused related processes to shut down and caused the plant to identify the attack, FireEye said.

FireEye believes the attackers’ actions inadvertently caused the shutdown while probing the system to learn how it worked, said Dan Scali, who led FireEye’s investigation. The attackers were likely conducting reconnaissance to learn how they could modify safety systems so they would not operate in the event that the hackers launched an attack that disrupted or damaged the plant, he said.

The U.S. government and private cybersecurity firms have issued public warnings over the past few years about attempts by hackers from nations including Iran, North Korea and Russia and others to attack companies that run critical infrastructure plants, in what they say are primarily reconnaissance operations.

CyberX Vice President Phil Neray said his firm found evidence that the malware was deployed in Saudi Arabia, which could suggest that Iran may be behind the attack.

Security researchers widely believe that Iran was responsible for a series of attacks on Saudi Arabian networks in 2012 and 2017 using a virus known as Shamoon.

Schneider provided Reuters with a customer security alert, dated Wednesday, which said it was working with the U.S. Department of Homeland Security to investigate the attack.

Image result for U.S. Department of Homeland Security, signs, signage

“While evidence suggests this was an isolated incident and not due to a vulnerability in the Triconex system or its program code, we continue to investigate whether there are additional attack vectors,” the alert said.

Department of Homeland Security spokesman Scott McConnell said the agency was looking into the matter “to assess the potential impact on critical infrastructure.”

The malware, which FireEye has dubbed Triton, is only the third type of computer virus discovered to date that is capable of disrupting industrial processes.

The first, Stuxnet, was discovered in 2010 and is widely believed by security researchers to have been used by the United States and Israel to attack Iran’s nuclear program.

The second, known as Crash Override or Industroyer, was found last year by researchers who said it was likely used in a December 2016 attack that cut power in Ukraine.

https://www.japantimes.co.jp/news/2017/12/15/world/crime-legal-world/hackers-invade-safety-system-halt-mideast-plant-operations-watershed-cyberattack/#.WjY3tt-nGUk

Singapore: Defence Minister to invite hackers to break into its Internet-connected systems to detect weaknesses

December 12, 2017

ST VIDEO: ALPHONSUS CHERN

SINGAPORE – In a first for the Singapore Government, the Ministry of Defence (Mindef) will be inviting about 300 international and local hackers to hunt for vulnerabilities in its Internet-connected systems next year, in a bid to guard against ever-evolving cyber threats.

From Jan 15 to Feb 4, these selected experts will try to penetrate eight of Mindef’s Internet-facing systems, such as the Mindef website, the NS Portal and LearNet 2 Portal, a learning resource portal for trainees.

These registered hackers can earn cash rewards – or bounties – between $150 and $20,000, based on how critical the flaws discovered are. Called the Mindef Bug Bounty Programme, it will be the Government’s first crowdsourced hacking programme.

This follows an incident earlier this year when Mindef discovered that hackers had stolen the NRIC numbers, telephone numbers and birth dates of 854 personnel through a breach of its I-Net system.

One of the systems being tested, Defence Mail, uses the I-Net system for Mindef and SAF personnel to connect to the Internet.

On Tuesday (Dec 12), defence cyber chief David Koh announced the new programme after a visit to the Cyber Defence Test and Evaluation Centre (CyTEC) – a cyber “live-firing range” where servicemen train against simulated cyber attacks – at Stagmont Camp in Choa Chu Kang.

On the significance of the “Hack Mindef” initiative, he told reporters: “The SAF is a highly networked force. How we conduct our military operations depends on networking across the army, navy, air force and the joint staff.

“Every day, we see new cyber attacks launched by malicious actors who are constantly seeking new ways to breach our systems… Clearly, this is a fast-evolving environment and increasingly, you see that it is one that is of relevance to the defence and security domain.”

The bigger picture is that cyberspace is emerging as the next battlefield, said Mr Koh, who is also deputy secretary for special projects at Mindef.

“Some countries have begun to recognise cyber as a domain similar to air, land and sea. Some have even gone so far as to say that the next major conflict will see cyber activity as the first activity of a major conflict,” he added.

Servicemen at the Cyber Defence Test and Evaluation Centre at Stagmont Camp on Dec 12, 2017. ST PHOTO: ALPHONSUS CHERN

 

While there will be some risks in inviting hackers to test the systems, such as an increase in website traffic and the chance that these “white hat” hackers will turn over discovered vulnerabilities to the dark Web, measures will be put in place.

“(If) we can’t even manage the increase in traffic, that in itself would be a vulnerability that we would need to address,” said Mr Koh.

White-hat hackers are those who break into protected systems to improve security, while black-hat hackers are malicious ones who aim to exploit flaws.

The programme conducted by US-based bug bounty company HackerOne is expected to cost about $100,000, depending on the bugs found. But Mr Koh noted that this would be less than hiring a dedicated vulnerability assessment team, which might cost up to a million dollars.

Mr Teo Chin Hock, deputy chief executive for development at the Cyber Security Agency (CSA), said: “By embarking on a bug bounty programme, companies have the advantage of uncovering security vulnerabilities on their own by harnessing the collective intelligence and capabilities of these experts and addressing these vulnerabilities before the black hats do.”

In a statement, he added that the CSA is currently in discussions with some of Singapore’s 11 designated critical information infrastructure sectors which have expressed interest in exploring a similar programme for their public-facing systems.

Major Yiew Pie Ling (centre) taking Mr David Koh, deputy secretary (Special Projects), Mindef, and chief executive of the newly created Cyber Security Agency (CSA) of Singapore, through a demonstration of a mock cyber attack at the Cyber Defence Test and Evaluation Centre at Stagmont Camp on Dec 12, 2017. ST PHOTO: ALPHONSUS CHERN

Large organisations, such as Facebook and the United States Department of Defence, have embarked on similar initiatives with some success.

For instance, a similar Hack the Pentagon programme, also conducted by HackerOne, was launched by the US defence department in 2016. A total of 138 bugs were found by more than a thousand individuals within three weeks.

The initiative caps a year in which Singapore has been gearing up for the battlefront in cyberspace.

In March, it was announced that the Defence Cyber Organisation will be set up to bolster Singapore’s cyber defence, with a force of cyber defenders trained to help in this fight.

http://www.straitstimes.com/singapore/defence-ministry-to-invite-300-hackers-to-hack-its-internet-connected-systems

Hackers could get even nastier in 2018: researchers

November 29, 2017

AFP

© AFP/File | Report by the security firm McAfee said hackers will develop new strategies in 2018 and target connected devices which offer less security than computers and smartphones

WASHINGTON (AFP) – After a year marked by devastating cyber attacks and breaches, online attackers are expected to become even more destructive in 2018, security researchers said Wednesday.A report by the security firm McAfee said the ransomware outbreaks of 2017 offer just a taste of what’s to come as hackers develop new strategies and “business models.”

McAfee researchers said that as ransomware profitability fades in the face of new defenses, hackers will turn to new kinds of attacks that could involve damage or disruption of computers and networks.

Attackers will also look to target wealthy individuals and aim at connected devices which offer less security than computers and smartphones.

“The evolution of ransomware in 2017 should remind us of how aggressively a threat can reinvent itself as attackers dramatically innovate and adjust to the successful efforts of defenders,” said Steve Grobman, McAfee’s chief technology officer.

McAfee also predicted wider use of cyber attacks “as a service,” allowing more hackers for hire to have an impact.

Raj Samani, chief scientist at McAfee, said the events of 2017 showed how easy it is to commercialize hacking services.

“Such attacks could be sold to parties seeking to paralyze national, political and business rivals,” Samani said.

McAfee’s 2018 Threats Predictions Report also said privacy is likely to be eroded further as consumer data — including data involving children — is gathered and marketed by device makers.

“Connected home device manufacturers and service providers will seek to overcome thin profit margins by gathering more of our personal data — with or without our agreement — turning the home into a corporate store front,” the McAfee report said.

The report said parents “will become aware of notable corporate abuses of digital content generated by children,” as part of this effort to boost profitability.

McAfee said it expects some impact for the May 2018 implementation of the European Union’s General Data Protection Regulation, which limits how data is used and sold and which would affect companies with operations in the EU.

The GDPR regulation “makes 2018 a critical year for establishing how responsible businesses can pre-empt these issues, respecting users’ privacy, responsibly using consumer data and content to enhance services, and setting limits on how long they can hold the data,” said McAfee vice president Vincent Weafer.