Posts Tagged ‘hackers’

Russian hackers: Conspiracy to interfere in the 2016 presidential election

July 17, 2018
Russian government hackers on American technology companies such as Twitter
Exactly seven months before the 2016 presidential election, Russian government hackers made it onto a Democratic committee’s network.

One of their carefully crafted fraudulent emails had hit pay dirt, enticing an employee to click a link and enter her password.

That breach of the Democratic Congressional Campaign Committee was the first significant step in gaining access to the Democratic National Committee network.

To steal politically sensitive information, prosecutors say, the hackers exploited some of the United States’ own computer infrastructure against it, using servers they leased in Arizona and Illinois. The details were included in an indictment released Friday by special counsel Robert Mueller, who accused the GRU, Russia’s military intelligence agency, of taking part in a wide-ranging conspiracy to interfere in the 2016 presidential election. The companies operating the servers were not identified in the court papers.
.

President Vladimir Putin looks at the Main Intelligence Directorate’s symbol while on a visit to its Moscow headquarters in 2006. The agency, known by its acronym GRU, has been blamed for embarking on information warfare campaigns as Russia tries to boost its influence.
President Vladimir Putin looks at the Main Intelligence Directorate’s symbol while on a visit to its Moscow headquarters in 2006. The agency, known by its acronym GRU, has been blamed for embarking on information warfare campaigns as Russia tries to boost its influence. PHOTO:DMITRY ASTAKHOV/ASSOCIATED PRESS

The Russians are accused of exploiting their access to inexpensive, powerful servers worldwide — conveniently available for rental — that can be used to commit crimes with impunity. Reaching across oceans and into networks without borders can obfuscate their origins.

The indictment painstakingly reconstructs the hackers’ movements using web servers and a complex bitcoin financing operation.

Two Russian hacking units were charged with tasks, including the creation and management of a hacking tool called “X-agent” that was implanted onto computers. The software allowed them to monitor activity on computers by individuals, steal passwords and maintain access to hacked networks. It captured each keystroke on infected computers and took screenshots of activity displayed on computer screens, including an employee viewing the DCCC’s online banking information.

From April to June 2016, the hackers installed updated versions of their software on at least 10 Democratic computers. The software transmitted information from the infected computers to a GRU-leased server in Arizona, the indictment said. The hackers also created an overseas computer to act as a “middle server” to obscure the connection between the DCCC and the hackers’ Arizona-based server.

Once hackers gained access to the DCCC network, it searched one computer for terms that included “hillary,” ‘’cruz,” and “trump” and copied select folders, including “Benghazi Investigations.”

In emails, the hackers embedded a link that purported to be a spreadsheet of Clinton’s favorability ratings, but instead it directed the computers to send its data to a GRU-created website.

Meanwhile, around the same time, the hackers broke into 33 DNC computers and installed their software on their network. Captured keystrokes and screenshots from the DCCC and DNC computers, including an employee viewing the DCCC’s banking information, were sent back to the Arizona server.

The Russian hackers used other software they developed called X-Tunnel to move stolen documents through encrypted channels to another computer the GRU leased in Illinois.

Despite the use of U.S.-based servers, such vendors typically aren’t legally liable for criminal activities unless it can be proved in federal court that the operator was party to the criminal activity.

A 1996 federal statute protects internet vendors from being held liable for how customers use their service, and except for a few exceptions, provides immunity to the providers. The law is considered a key part of the legal infrastructure of the internet, preventing providers from being saddled with the behemoth task of monitoring activity on their servers.

“The fact that someone provided equipment and or connectivity that was used to engage in data theft is not going to be attributed to the vendor in that circumstance,” Eric Goldman, a professor of law and co-director of the High Tech Law Institute at Santa Clara University School of Law, said. A notable exception, however, is if federal prosecutors are bringing a criminal charge for violations of a federal criminal law.

In that case, “we’re going to require a high level of knowledge of their activity or intent,” Goldman said.

.
Related image

When the DNC and DCCC became aware they had been hacked, they hired a cybersecurity firm, Crowdstrike, to determine the extent of the intrusions. Crowdstrike, referred to as “Company 1” in the indictment, took steps to kick the hackers off the networks around June 2016. But for months the Russians eluded their investigators and a version of the malware remained on the network through October — programed to communicate back to a GRU-registered internet address.

“We do not have any information to suggest that it successfully communicated,” said Adrienne Watson, the DNC’s deputy communications director.

As the company worked to kick them off, GRU officials allegedly searched online for information on Company 1 and what it had reported about its use of X-Agent malware and tried to delete their traces on the DCCC network by using commercial software known as CCleaner. Though Crowdstrike disabled X-agent on the DCCC network, the hackers spent seven hours unsuccessfully trying to connect to their malware and tried using previously stolen credentials to access the network on June 20, 2016.

The indictment also shows the reliance of Russian government hackers on American technology companies such as Twitter, to spread its stolen documents.

The hackers also accessed DNC data in September 2016 by breaking into DNC computers hosted on the Amazon Web Services’ cloud. The hackers used Amazon Web Services’ backup feature to create “snapshots” that they moved onto their own Amazon cloud accounts. Amazon also provides cloud computing services for various government agencies, including the Central Intelligence Agency.

___

Follow Tami Abdollah at https://twitter.com/latams

Associated Press

Advertisements

Russia, Putin, Hillary Clinton Get Everyone A Lesson in the Need for Cybersecurity: The Russian intelligence agents behind Guccifer 2.0

July 14, 2018

The latest Mueller indictment names the Russian intelligence agents behind the Guccifer 2.0 persona, the public face of the cyber break-in at the Democratic National Committee.

The big picture: Though the WikiLeaks email leaks got nearly all the attention, other press outlets — including The Hill, The Smoking Gun and Gawker — also received leaked documents from the hackers of the Democratic National Committee and Democratic Congressional Committee. Guccifer 2.0 was the persona used to leak those documents to the press — including me, then a reporter at The Hill.

Image result for hackers, photos

Axios

Flashback:

  • Guccifer 2.0 also released a smaller amount of documents on his own WordPress blog.
  • He interacted with people over Twitter direct messages, including — famously — Trump confidant Roger Stone.
  • New in the indictment, he also provided documents to a U.S. congressional candidate about his opponent.
  • We knew, from the files leaked to The Hill, that Guccifer 2.0 had stolen recruitment documents when the Democrats searched for candidates to run in various elections.

Who he is: Guccifer 2.0 borrowed his name from Guccifer, a famous Romanian hacker that struck celebrities — including Clinton insiders — in the past. The original Guccifer was obsessed with linking victims to the Illuminati.

  • Guccifer 2.0 claimed to be from Romania and ended his first WordPress post “F*ck the Illuminati and their conspiracies.” He soon dropped the Illuminati schtick.
  • Guccifer 2.0’s first leaks came immediately after a Washington Post story attributed the DNC hack to Russia, and most experts believe that the persona was an attempt to salvage what they could out of a blown operation.

What we know: Guccifer 2.0 always presented himself as a single apolitical hacker. It was pretty clear to most people who chatted with him that Guccifer 2.0 was actually more than one person. It was also fairly clear from security research, intelligence reports and the documents he selected for leaks that he was largely interested in sandbagging the Democratic campaign nationally, and especially in swing states.

Based on the indictment:

  • We now know who made up the team that procured and leaked the documents — Viktor Boris Ovich, Boris Alekseyevich Antonov, Dmitriy Sergeyevich Badin, Ivan Sergeyevich Yermakov, Aleksey Viktorovich Lukashev, Sergey Aleksandrovich, Nikolay Yuryevich Kozachek, Pavel Vyacheslavovich Yershov, Artem Andreyevich Malyshev, Aleksandr Vladimirovich Osad Chuk, Aleksey Aleksandrovich Potemkin and Anatoliy Sergeyevich Kovalev.
  • Russian intelligence operatives ran searches of several of the phrases in Guccifer 2.0’s first WordPress post hours before the post went live, implying some kind of advance knowledge.
  • One reporter who received documents — not me — asked about timing of when to publish.

The fallout: Washington Post columnist Josh Rogin tweeted after the Russia indictment that “American reporters who took stories from Guccifer 2.0 or DC Leaks have to wonder if they weren’t used as a tool of a foreign military intelligence operation against our country.”

  • We did wonder about thatAt The Hill, we always tried to make it clear that Guccifer 2.0 was likely a Russian asset. We never published full documents — though we did summarize some — and only printed stories we believed explained some aspect of Russia’s intent with the campaign.
  • With Kevin Collier, I was one of two reporters who had ThreatConnect perform forensic analysis on emails from Guccifer 2.0 that ultimately determined he used a Russian anonymity service known as a VPN. (I scrubbed the emails of any identifying information other than the IP address to protect my source’s anonymity).
  • The first reporter to conduct an interview with Guccifer 2.0, Motherboard’s Lorenzo Franceschi-Bicchierai, quickly established that Guccifer 2.0 did not speak Romanian.

Go deeper:

https://www.axios.com/the-russian-intelligence-agents-behind-guccifer-20-271044ab-8768-4b79-ae87-bb4e36f5c992.html

See also:

How Russia Hacked the Democrats in 2016 (New York Times)

NYT:https://www.nytimes.com/interactive/2018/07/13/us/politics/how-russia-hacked-the-2016-presidential-election.html

 

Stolen U.S. Military Drone Documents Found for Sale on Dark Web, Researchers Say

July 11, 2018

Discovery comes amid heightened concern about how U.S. military secrets may be insufficiently protected from hackers

An MQ-9 Reaper drone in flight at Creech Air Force Base on Oct. 17, 2015, in Indian Springs, Nev.
An MQ-9 Reaper drone in flight at Creech Air Force Base on Oct. 17, 2015, in Indian Springs, Nev. PHOTO: SRA CORY PAYNE/ZUMA PRESS

An unidentified hacker tried to sell purported U.S. military documents containing information about combat drones last month, a cybersecurity research firm said, after they were allegedly stolen from an Air Force officer’s computer.

The hacker sought buyers for maintenance documents about the MQ-9 Reaper drone, a remotely controlled aerial vehicle used by the Pentagon and other parts of the government to conduct offensive strikes or reconnaissance and surveillance operations.

Discovery of the attempted sale of the stolen documents comes amid heightened concern about how U.S. military secrets may be insufficiently protected from hackers. Military officials said last month that the Defense Department’s inspector general was investigating a major security breach after Chinese hackers allegedly stole data pertaining to submarine warfare, including plans to build a supersonic antiship missile.

There was no evidence that the hacker who acquired the Reaper drone documents was affiliated with a foreign country, or that he was intentionally seeking to obtain military documents, said Andrei Barysevich, a senior threat researcher at Recorded Future, the U.S.-based cybersecurity firm that spotted the attempted sale. Instead, the hacker scanned large parts of the internet for misconfigured Netgear routers and exploited a two-year-old known vulnerability, involving default login credentials, to steal files from compromised machines.

Recorded Future said it has notified the Defense Security Service and the Department of Homeland Security about the hacker’s activities. A DHS spokesman said the agency was reviewing the information provided by Recorded Future but deferred further comment to the Air Force. The Air Force and DSS didn’t respond to requests for comment.

Posing as a potential buyer, researchers at the cyber firm contacted the seller, and during weeks of back-and-forth discussions were sent screenshots of the purportedly stolen documents. Those documents included the name of an Air Force captain stationed at the Creech Air Force Base in Nevada from whom the hacker is believed to have obtained the stolen drone files.

The hacker likely didn’t know the value of the documents he had obtained because he was attempting to sell them for as little as $150, Barysevich said. He added that the hacker communicated in flawed English but would occasionally slip into Spanish, which along with other indicators led some of the researchers to think he may be based in South America.

Criminal hackers often attempt to anonymously purchase and sell stolen data on the dark web, but those transactions typically involve information that can be monetized in fraud schemes, such as passwords, usernames or financial records. But the sale of military documents on an open forum is incredibly rare, Barysevich said.

“I’ve been personally researching dark web for 15 years, and I have never seen anything like this,” he said in an interview.

The documents shared by the hacker weren’t marked as classified but could be used by an adversary to evaluate the capabilities and potential weaknesses of the Reaper drone, Recorded Future said. Some of the files included a warning that the material included technical data that was subject to export control.

A U.S. Air Force officer passes in front of an MQ-9 Reaper drone at Kandahar Air Base, Afghanistan
A U.S. Air Force officer passes in front of an MQ-9 Reaper drone at Kandahar Air Base, Afghanistan PHOTO: OMAR SOBHANI/REUTERS

Barysevich said the hacker’s methods weren’t particularly sophisticated, and that his apparent success should raise concerns about what more advanced hacking groups may be stealing from the U.S. military.

The hacker also advertised the sale of another tranche of military documents that included a tank operation manual and training material on how to mitigate improvised explosive devices. It wasn’t clear how the hacker obtained those documents, but they likely were taken from the Pentagon or a U.S. Army official, Recorded Future said.

Write to Dustin Volz at Dustin.Volz@wsj.com

https://www.wsj.com/articles/stolen-u-s-military-drone-documents-found-for-sale-on-dark-web-researchers-say-1531301401

Deadly attacks feared as hackers target industrial sites

May 31, 2018
Deadly attacks feared as hackers target industrial sites
© Getty

The hacking threat to critical infrastructure in the United States and beyond is growing larger, with nation states and other malicious actors looking to gain a foothold in sensitive technologies to conduct espionage and potentially stage disruptive or destructive attacks.

Dragos, a firm that specializes in industrial cybersecurity, has released new research asserting that a hacker group responsible for deploying highly sophisticated, destructive malware to an industrial plant in the Middle East last year has begun to expand its operations beyond its initial targets.

“This is no longer about data theft or business disruption. Someone can get hurt. It’s about physical consequences,” said Dan Scali, senior manager for FireEye’s industrial control system security consulting practice.

Last week, researchers at Dragos released new details about a threat group they call “Xenotime.” They said the group has developed hacking tools to compromise and disrupt industrial safety instrumented systems — hardware and software controls that are used to ensure the safe operations of large-scale nuclear, chemical and other industrial plants and allow for emergency stops to take place.

The group, whose origins are not publicly known, deployed malware to an industrial plant in the Middle East last year that specifically targeted Triconex safety systems manufactured by Schneider Electric. The attack caused the plant to shut down.

Now Dragos says that the actors have expanded their operations, making their way into networks of industrial organizations beyond the Middle East. The group has also demonstrated capabilities to potentially disrupt safety systems other than Triconex.

The developments have raised concerns that Xenotime could be moving to carry out destructive attacks, such as triggering chemical explosions.

“It is the most dangerous cyber threat in the world, period,” said Sergio Caltagirone, director of threat intelligence at Dragos.

“Really, there has been no malware in the world so far that has actually put lives at risk, demonstrably,” Caltagirone said. “This adversary is.”

Dragos has provided little technical details about the group’s behavior, and has not divulged the countries now affected by the activity, though CyberScoop reported that U.S. companies were among those breached. Dragos said it has alerted U.S. officials and other foreign governments to the threat.

The Department of Homeland Security, which is responsible for engaging with owners and operators of critical infrastructure to help them guard against cyber sabotage, did not return a request for comment.

Concerns about cyber threats to critical infrastructure from nation states like Russia have been mounting in Washington, particularly in light of twin attacks that knocked out power in Ukraine in 2015 and 2016.

Industrial organizations have stepped up monitoring of their control networks to detect potentially nefarious activity, offering security professionals new insight into malicious actors looking to target critical infrastructure systems around the globe.

“It’s hard to say that we’re seeing specifically a trend because we are working with small numbers,” Scali said.

“But we’ve seen an escalation in attackers capability and also willingness to conduct these types of attacks over time,” Scali added.

Forms of malware specifically designed to target industrial systems — used to power elements of the electric grid, water systems, and other critical services — are rare. The malware associated with Xenotime was only the fifth known malware family targeting these systems since the “Stuxnet” virus was used against Iranian nuclear power plants in 2010.

Both FireEye and Dragos identified the malware in December. While researchers have not publicly identified the breach victim, The New York Times reported it was a petrochemical plant in Saudi Arabia. While the attack inadvertently caused operations at the plant to shut down, experts warn the consequences could have been far worse.

“If you’re attacking the safety instrumented system and trying to make changes to how it operates, you’re trying to hurt or kill someone, damage equipment, cause some other physical consequence or impact on the environment,” Scali said. “There’s a level of audacity around attacking a safety system.”

The activity associated with Xenotime has not been traced to a particular country, though experts suspect the group is linked to a nation state. Private actors don’t have the financial incentive to stage destructive attacks, nor do they possess the significant resources that are needed to hone such capabilities.

Dragos also suspects that the hackers are working with another, unidentified hacking group that first gained access to industrial networks through spearphishing and watering hole attacks and then passed that access to Xenotime.

In most cases, hackers spent between nine months and multiple years inside these networks, conducting intelligence on industrial operations, Caltagirone said.

“Basically, they are learning to become operators themselves inside this environment,” he said.

There have been other signs of nation-state cyber actors conducting reconnaissance on systems powering critical services.

In March, U.S. officials revealed that Russian hackers had staged a multi-year intrusion campaign against companies in the energy sector and other critical services.

In some cases, hackers gained access to energy sector networks and moved laterally in order to gather intelligence on industrial control systems and supervisory control and data acquisition systems — information that could provide a foundation for developing capabilities to stage attacks against targets in the energy sector.

“You need not only to compromise the systems, you also need knowledge of the industrial process,” Scali said. “The more information and reconnaissance that you can do ahead of time … that makes the attacker’s job easer and fills in that missing information that a hacker would need to cause a physical disruption.”

Dragos will release research on Thursday detailing the activities of a threat group the firm calls Covellite, which has breached networks associated with electric companies in Europe, East Asia and North America to gather intelligence on internal industrial operations.

Last September, the group carried out a spearphishing campaign against a small number of U.S. electric companies, though researchers say the hackers have significantly scaled back operations against North American targets.

The hacker group’s techniques have the hallmarks of those used by North Korea’s army of hackers, a force known to U.S. officials as “Hidden Cobra,” though it is unclear exactly how the two are related.

As adversaries continue to evolve in cyberspace, officials are on high alert for attacks that could compromise critical services. Jeanette Manfra, a top Homeland Security cyber official, told The Hill earlier this year that she is keenly focused on working with industry to prevent attacks that could disrupt essential services, from the financial sector to the electric grid.

“I really believe that that is where the risk is,” Manfra said.

Meanwhile, experts anticipate an uptick in cyber activity targeting industrial control systems going forward.

“The ability to affect industrial control systems as part of a potential cyber war and larger kinetic or digital war environment is very high up on the list of many countries,” said Caltagirone. “We expect that, not only is our ability to find them going to get better … but we also know that there is going to be more adversaries entering in this space in the mid- to long-term.”

The Hill

Afghan diplomats in Pakistan targeted by ‘state-backed hackers’

May 27, 2018

Afghan diplomats in Pakistan have been warned they are believed to be victims of “government-backed” digital attacks trying to steal their email passwords.

Afghan embassy sources told the BBC two staff members and a generic account received alerts from Google this month.

No automatic alt text available.

Last week Amnesty International detailed attempts to install malware on computers and phones of activists critical of Pakistan’s military.

The army did not comment on allegations intelligence services were to blame.

After the Google warning alerts were sent out, another Afghan diplomat’s email account was hacked and made to send out emails, without his knowledge, containing suspicious attachments.

Google alert received by Afghan diplomat
Afghan diplomats received this warning from Google

The emails purported to contain photographs of rallies by protesters known as the Pashtun Protection Movement (PTM). In fact the attachments appear to contain malicious files, although it was not possible to download and examine them.

The PTM movement has accused the Pakistani military of committing human rights abuses in the country’s fight against terrorism. Protests have been non-violent but controversial due to their unusually direct criticism of the Pakistani intelligence services.

Why were the emails sent?

Supporters of the Pakistani military have accused the PTM of working on behalf of the Afghan intelligence services – the two countries regularly accuse each other of working to undermine the other’s security.

A source in the Afghan embassy told the BBC he was concerned that recipients of the emails sent out from the diplomat’s account could believe the Afghan embassy was linked to the movement.

Pakistani members of the Pashtun Protection Movement (PTM) and student activists gather during a demonstration in Lahore on April 22, 2018.AFP
PTM rallies have attracted thousands of protesters

The email was sent to addresses publicly linked to a number of political figures in Pakistan. They include a former information minister, and a former law minister.

It was also sent to a former senator from a Pashtun nationalist party, Bushra Gohar. Ms Gohar told the BBC: “I know for a fact that all my accounts are being observed… this is condemnable.”

She added: “Parliament needs to form a committee and look into what is going on.”

Have there been other cyber-attacks?

An employee of the Afghan embassy and a former member of staff were also both targeted by a fake Facebook profile linked to cyber-attacks.

A report by Amnesty International released last week revealed that the profile, “Sana Halimi”, had repeatedly sent malware to a human rights activist in Lahore.

One of the Afghan embassy staff members befriended by “Sana Halimi” told colleagues “she” had engaged him in conversation pretending to be an Afghan woman from the city of Herat.

A screenshot of Sana Halimi's Facebook profileDIEP SAEEDA
The pictures of “Sana Halimi” were stolen from the account of a 21-year-old chef in Lahore

The Facebook account also befriended a number of other human rights activists. One told the BBC it had messaged him in a “flirtatious” manner.

In a report released last week, mobile security company Lookout documented “Sana Halimi” sending out malware via Facebook Messenger on at least two occasions.

The incidents form part of an investigation they carried out into the successful hacking of devices by a team they describe as “likely” being run by the Pakistani military. Their report examined around 30GB of stolen data, a significant part of which appeared to have been taken from Afghan officials.

Who was ‘Sana Halimi’?

The BBC has learnt that the pictures of “Sana Halimi” were in fact stolen from the social media accounts of a 21-year-old chef in Lahore called Salwa Gardezi with no connection to Afghanistan.

Ms Gardezi is a close relative of a prominent political commentator, Ayesha Siddiqa, known for her work critiquing the Pakistani military. It is not clear if her photographs were used because of this connection.

Ms Gardezi said she had only realised her pictures had been copied from her Facebook and Instagram accounts after a BBC article on the malware attacks last week. She told the BBC it was “shocking” her images had been used in this way, and that she had “no connection” to political work at all.

She added that she is planning to lodge a complaint with Pakistan’s Federal Investigations Agency as she is concerned she could wrongly be mistaken as being linked to the cyber attackers.

“I want to clear my image,” she said.

http://www.bbc.com/news/world-asia-44250769

Kidnappers demand bitcoin ransom for S.African teen

May 22, 2018

A gang who kidnapped a South African teenager from a playground at the weekend have demanded a ransom in bitcoin cryptocurrency worth about $123,000, police said Tuesday.

The 13-year-old boy was taken in the eastern province of Mpumalanga while he was playing with friends near his home and was driven away by captors in a car.

© AFP | Bitcoin is a virtual currency that operates over the internet, without a central bank or single administrator in charge

“We are investigating a case of kidnapping that happened on Sunday in Witbank (town),” police spokesman Leonard Hlathi told AFP.

“There was a demand that was made that the parents should deposit cash in bitcoins,” he said, declining to give further details.

Local media said the ransom note was left at the scene.

“We demand ransom of 15 bitcoins to be paid into the below bitcoin wallet address to secure your child’s safe release — non negotiable,” read the reported note.

This case appears to be the first ransom demand in South Africa made in virtual currency.

In March, US hackers demanding a ransom payable in bitcoin attacked computers of the Atlanta city government in the southern state of Georgia.

Police in South Africa, where violent crime is common, have reported a recent rise in kidnappings, although it is often wealthy business people who are targeted.

AFP

New warning to WhatsApp users after hackers strike

May 22, 2018

Saudi users of the popular messaging platform WhatsApp have been warned to be on their guard against hackers after a spate of cyberattacks.

CITC is trying to raise awareness regarding fraudulent messages that come via WhatsApp.
.
“Users are advised to enable two-step verification to protect their accounts from any digital breakthroughs,” the Communications and Information Technology Commission (CITC) said.
.
“Also do not click on any link until you have verified the source of the link, and make sure you do not disclose your personal information and phone number to any untrusted sites.”
.
A large number of WhatsApp users in Saudi Arabia have recently had their accounts hacked, and in some cases have suffered financial losses as a result. “CITC tweeted this warning to raise awareness regarding many fraudulent messages through WhatsApp,” spokesman Adel Abu Haimed told Arab News.
.
Attached to the CITC tweet was an infograph to clarify to users how to enable two-step verification.
.
Many people shared their thoughts on social media about the subject.
.
To enable two-step verification and keep your account safe, open WhatsApp Settings then select Account then two-step verification then select Enable then enter a six-digit PIN.
.
Upon enabling this feature, you can also optionally enter your email address. This email address will allow WhatsApp to send you a link via email to disable two-step verification in case you ever forget your six-digit PIN, and also to help safeguard your account.
.
Arab News
.
http://www.arabnews.com/node/1307156/media

Hackers steal $15 million from Mexico financial system

May 17, 2018

Hackers who targeted Mexico’s interbank payment system made off with more than $15 million in the past several weeks, the Bank of Mexico said Wednesday.

Mexican authorities say an investigation is under way, without indicating if the suspected hackers were domestic or international. (AFP)
.
AFP
.
The amount of funds involved in the irregular activity totaled “approximately 300 million pesos ($15.3 million),” central bank governor Alejandro Diaz de Leon told reporters.
.
He said commercial bank customers’ accounts were never in danger.
.
An investigation is under way, the governor said, without indicating if the suspected hackers were domestic or international.
.
The interbank payments system allows banks to make real-time transfers to each other.
.
They connect via their own computer systems or an external provider — the point where the attacks appear to have taken place, Lorenza Martinez, director general of the corporate payments and services system at the central bank, said on Monday.
.
Martinez revealed that at least five attacks had occurred but, at that time, said the amount taken was still being analyzed.
.
After the attacks were detected, banks switched to a slower but more secure method.
.
http://www.arabnews.com/node/1304286/world

Transportation strikes and university protests continue to shake France

April 17, 2018

© Gerard Julien, AFP | Public railways SNCF railworkers demonstrate against planned reforms of the French government on April 13, 2018 in Paris as strikes on France’s rail network continue.

France 24, AFP and AP

A new strike by Air France employees Tuesday will add to chaos in France, which is already reeling from strikes by rail workers and university students over proposed public sector reforms by President Emmanuel Macron.

To Macron’s dismay, the popular movements show no signs of slowing down.

The Air France tussle over salaries is separate from the larger and politically more significant stand-off between Macron’s centrist, business-friendly government and the public sector trade unions fighting its reform plans.

Rail unions are particularly up in arms over proposed reforms that they say would reduce job security. Students have been blocking several public universities over Macron’s plan to introduce more selective applications.

There is a general atmosphere of social discontent against Macron’s reforms, including protests and strikes by civil servants, energy workers and garbage collectors.

Recently, Economy Minister Bruno Le Maire admitted that, while he couldn’t produce numbers, it was clear that the strikes were impacting growth.

“We have already identified an impact in certain sectors, including hotel reservations, transportation and tourism,” he told French radio Europe 1.

FRANCE 24 takes a look at the latest on the three main strikes.

Air France

About 30 percent of Air France flights scheduled on Tuesday are expected to be canceled due to a strike over pay. Crews and ground staff, whose wages have been frozen since 2011, are seeking a 6percent pay rise. This will mark their eighth day of walkouts since February.

Some 45 percent of long-haul flights will be canceled along with 35 percent of medium-haul flights to and from Paris. According to Air France, the strikes could cost the company upwards of €220 million.

On Monday, Air France’s management offered a 2 percent rise this year followed by an increase totaling 5 percent over the following three years. Unions have until the end of the week to decide whether to accept the deal.

The pilots’ main union, SNPL Air France, said Tuesday the offer doesn’t meet its demands. Union President Philippe Evain called it “totally ridiculous and indecent”.

Check the Aéroports de Paris website for the latest flight information by clicking here.

SNCF

The fourth edition of an ongoing strike by workers at the French national rail carrier the SNCF was set to begin Tuesday evening as the National Assembly prepared to vote on a bill addressing rail sector reforms.

The main union, the CGT, has denounced the reforms and promised a major strike on April 18 and 19 in response.

The union also pledged its commitment to the rolling strike  which is set to continue until at least June 28, causing weeks of headaches for the network’s 4.5 million daily passengersTraffic will be disrupted two days out of every five.

The SNCF said it will post updates of train schedules on its website at 17:00 each day, letting commuters know which trains will be running. Below are the proposed dates for train strikes over the next three months:

April

  • Tuesday 3 and Wednesday 4
  • Sunday 8 and Monday 9
  • Friday 13 and Saturday 14
  • Wednesday 18 and Thursday 19
  • Monday 23 and Tuesday 24
  • Saturday 28 and Sunday 29

May:

  • Thursday 3 and Friday 4
  • Tuesday 8 and Wednesday 9
  • Sunday 13 and Monday 14
  • Friday 18 and Saturday 19
  • Wednesday 23 and Thursday 24
  • Monday 28 and Tuesday 29

June:

  • Saturday 2 and Sunday 3
  • Thursday 7 and Friday 8
  • Tuesday 12 and Wednesday 13
  • Sunday 17 and Monday 18
  • Friday 22 and Saturday 23
  • Wednesday 27 and Thursday 28

On strike days, national rail services will be severely impacted, with traffic almost halved. International rail travel will also be hit, with three out of four trains running.

In Paris, public transport will operate almost as normal. Regional trains, including the RER B (which connects the city to its main airport, Roissy Charles de Gaulle or CDG), will be impacted the most by the strike, with an average of three out of four trains running.

Check the SNCF website for updated travel information by clicking here.

Universities

Four different universities in France are still closed due to protests that started in February in response to a law proposing to restrict university access. Ten or 12 other sites have been partially blocked by students. The protests have meant that, in some locations, students are unable to sit their exams.

In an attempt to slash high failure rates among first-year undergraduates, a new law that passed in February seeks in part to personalise the admissions process, controversially chipping away at the principle of automatic entry for French high school graduates. Until now, places in the most popular courses of study have been attributed by drawing lots, without regard for a candidate’s grades or qualifications. For critics, any nudge towards “sélection” is sacrilege.

>> Masked men attack protesting students in Montpellier

One university in total shutdown is Nanterre, known as the birthplace of the famous student protests that ripped across France in May 1968.

On Monday there was a police intervention at Paul Valéry University in the southern town of Montpellier. Last week, someone hacked into the university’s servers, compromising its ability to hold exams.

(FRANCE 24 with AFP, REUTERS and AP)

Chinese Hackers Hit U.S. Firms Linked to South China Sea Dispute

March 17, 2018

 

 Image may contain: ocean, sky, outdoor and water
China has militarized the South China Sea — even though they have no legal claim. This is Mischief Reef, now an extensive Chinese military base — one of seven Chinese military bases near the Philippines

Bloomberg

By David Tweed

 Updated on 
  • Victims are in maritime industries with South China Sea ties
  • Hackers ‘most likely’ operating on behalf of a government

Chinese hackers have launched a wave of attacks on mainly U.S. engineering and defense companies linked to the disputed South China Sea, the cybersecurity firm FireEye Inc. said.

The suspected Chinese cyber-espionage group dubbed TEMP.Periscope appeared to be seeking information that would benefit the Chinese government, said FireEye, a U.S.-based provider network protection systems. The hackers have focused on U.S. maritime entities that were either linked to — or have clients operating in — the South China Sea, said Fred Plan, senior analyst at FireEye in Los Angeles.

 No automatic alt text available.

“They are going after data that can be used strategically, so it is line with state espionage,” said Plan, whose firm has tracked the group since 2013. “A private entity probably wouldn’t benefit from the sort of data that is being stolen.”

The TEMP.Periscope hackers were seeking information in areas like radar range or how precisely a system in development could detect activity at sea, Plan said. The surge in attacks picked up pace last month and was ongoing.

Increased Attacks

While FireEye traced the group’s attacks to China, the firm hasn’t confirmed any link to Chinese government entities or facilities. FireEye declined to name any targets. Although most were based in the U.S., organizations in Europe and at least one in Hong Kong were also affected, the firm said.

Ministry of Foreign Affairs spokesman Lu Kang told a briefing Friday in Beijing that China opposed all kinds of cyber attacks. “We will continue to implement the important consensus on cybersecurity reached in 2015,” he said.

Plan said suspected Chinese cyber-attacks on U.S. targets has picked up in recent months, after both sides agreed not to attack civilian entities. The 2015 deal to tamp down economic espionage was hammered out between then-U.S. President Barack Obama and President Xi Jinping.

The U.S. indicted five Chinese military officials in 2014 on charges that they stole trade secrets from companies including Westinghouse Electric Co. and United States Steel Corp. after hacks were detected by Mandiant, a unit of FireEye. China denies the charges and argues the country is a victim rather than an instigator of cybersecurity attacks.

Strategic Data

Data sought in the latest incidents could be used, for instance, to determine how closely a vessel could sail to a geographical feature, Plan said. “It is definitely the case that they can use this information for strategic decision-making,” he said.

The U.S. Navy sometimes conducts so-called freedom of navigation operations to challenge Chinese claims to more than 80 percent of the South China Sea — one of the world’s busiest trading routes. China has reclaimed some 3,200 acres (1,290 hectares) of land in the waters and built ports, runways and other military infrastructure on seven artificial features it has created.

China has been involved in other attacks related to the South China Sea. In 2015, during a week-long hearing on a territorial dispute in the water, Chinese malware attacked the website of the Permanent Court of Arbitration in the Hague, taking it offline.

The latest attacks were carried out using a variety of techniques including “spear-phishing,” in which emails with links and attachments containing malware are used to open back doors into computer networks. In some examples, the emails were made to look as if they originated from a “big international maritime company,” Plan said.

FireEye said in a separate report that government offices, media and academic institutions have been attacked, along with engineering and defense companies. Plan declined to comment when asked whether the U.S. Navy was among the targets.

“Given the type of organizations that have been targeted — the organizations and government offices — it is most likely the case that TEMP.Periscope is operating on behalf of a government office,” Plan said.

— With assistance by Dandan Li, Peter Martin, and Andy Sharp

.
Related:
.
.

.

.
We’ve heard 白痴國家 (Means “Idiot Nation”)

.
.
.
.
.
.

.

.

No automatic alt text available.

China has long had its eye on James Shoal and may move toward the island unless Malaysia or Indonesia protest…

.

No automatic alt text available.

China says it has sovereignty over all the South China Sea north of its “nine dash line.” On July 12, 2016, the Permanent Court of Arbitration  in The Hague said this claim by China was not valid. But China and the Philippine government then chose to ignore international law.