Is the US Waging Cyberwar Against Our French Allies?
French website L’Express has a story about the sophistication of the attack. It’s clear from this description that the attack doesn’t fit China’s MO.
Instead of sheer brute force, the attack used social engineering tactics to gain access to accounts held by top French leaders. From there, computers were then infected with an advanced virus that is described as similar to the US-Israeli attack on Iran’s nuclear program.
Of course, the United States is denying involvement. The Verge has received an outright denial from the US Embassy in France: “We categorically deny these allegations from unnamed sources, published in L’Express, that the United States government has participated in a cyberattack against France.”
It doesn’t make much of a difference, though. Regardless of guilt, the US would undoubtedly react the same way. It’d be quite silly for the US to cop to an attack on an ally publicly. This might even be a case of the right hand purposefully not knowing what the left is doing. Some black ops squad of hackers attacking an ally would almost certainly be well hidden from the rest of the government.
(via Tensions rise as the US is accused of cyberwarfare with France | ExtremeTech)
White House Confirms Successful Spearphishing Attack:
Hackers Linked to China the intrusion “took place earlier this month and involved unidentified hackers — believed to have used computer servers in China — who accessed the computer network used by… the president’s military office in charge of some of the government’s most sensitive communications, including strategic nuclear commands.” Politico reported this morning that an unnamed White House official confirmed the intrusion, but downplayed its impact, saying no damage had been done and no classified networks appear to have been breached. …If the reports are accurate, this intrusion would be the latest round in a clandestine cyberwar that has been raging for the last few years between the United States and China.
I have two very cynical, mutually-contradictory responses to this report.
China has reportedly pwned half of all private networks in the US, yet the US’ top cybersecurity priority is …Iran? Is this strategic leaking domestic psyops to create a causus belli to justify expanded operations against China?
(via White House confirms ‘spearphishing’ intrusion | Security & Privacy - CNET News)
PlaceRaider Malware Hijacks Smartphone Camera to Render 3D Model of Victim’s Location
Malware called PlaceRaider, developed by academics at the Naval Surface Warfare Centre in Indiana and at Indiana University, takes control of a smartphone’s camera, relaying information about the target’s physical environment back to the thief.
The PlaceRaider malware could be hidden inside a custom-made, innocuous-looking app, something like Instagram or Hipstamatic that would be downloaded by a large number of users, the researchers say.
Capturing information from the camera continuously would generate tens of megabytes of data every minute, quickly overwhelming the phone’s communication channels, filling up its storage space and preventing any further monitoring. Instead, the researchers, led by Robert Templeman from the Naval Surface Warfare Centre, use the device’s gyroscope and accelerometer to instruct the malware to take pictures only when it will be useful to the attacker, avoiding recording when the phone is still and upside down in a person’s pocket, for instance.
The malware then sends those collected images to the PlaceRaider command and control centre, where the images are knitted into a 3D model that the thief can examine at their leisure to find valuable objects or information.
To make sure the victim is unaware their smartphone is snapping away, PlaceRaider mutes the telltale sounds of the shutter closing and also covers up the preview picture that normally appears when a photo has been taken.
(via One Per Cent: Hijacked smartphone camera spies on your world)
State-Sponsored Malware Serving as Template For New Civilian Attacks
“They are copying the design philosophy,” says Schouwenberg, adding that one now-popular technique found in conventional “criminal malware” was inspired by the discovery of Stuxnet.
For example, Stuxnet installed fake device drivers using digital security certificates stolen from two Taiwanese computer component companies, allowing them to sneak past any security software. Other malware now uses fake certificates in a similar way to hide malicious software from antivirus programs.
“Stuxnet was the first really serious malware with a stolen certificate, and it’s become more and more common ever since,” says Schouwenberg. “Nowadays you can see use of fake certificates in very common malware.”
Aviv Raff, chief technology officer and cofounder of Israeli computer security firm Seculert, agrees. “Design features of Stuxnet, Duqu, and Flame are appearing in opportunistic criminal malware,” he says.
(via Stuxnet Tricks Copied by Computer Criminals - Technology Review)
Laws of war do apply to cyberattacks, US says
The State Department’s chief legal adviser said Tuesday that the U.S. government believes cyberattacks are subject to international humanitarian law and the rules of war, according to a report in the Marine Corps Times.
Cyberwar is a developing battle front, one that has been evolving quickly over the past few years, the article stated. Actions within this unfolding battleground has even prompted talk of a “code of conduct” for those engaged in such warfare.
The issue has become so important that the Air Force recently concluded its first cyberweapons instructor course at Nellis Air Force Base, a rigorous six-month program that produced a cadre of specialist who will become future instructors and advisers to military leaders.
(via Stars and Stripes, ht infoneer-pulse)
Air Force Issues Formal RFP for Cyber Weapons
Cyber Warfare becomes official US policy
In a recent broad agency announcement—a public document issued by any agency usually requesting something from the private sector or notifying the world at large that there are contracts up for grabs—the Air Force Life Cycle Management Center (AFLCMC) called on contractors to submit proposals for specific “cyberspace warfare operations” (CWO) capabilities, including “cyberspace warfare attack.” It doesn’t get much more explicit than that.
More specifically, the BAA outlines “cyberspace warfare attack” as those capabilities that would allow the Air Force to “destroy, deny, degrade, disrupt, deceive, corrupt, or usurp the adversaries ability to use the cyberspace domain for his advantage,” Threatpost reports.
It also requests “cyberspace warfare support” capabilities, which are basically the means to intercept enemy cyber attacks, open doors to their networks, and otherwise locate both sources of access and sensitive areas within enemy networks that are ripe for attack.
Israel will probably continue to act as a semi-official US proxy in this regard, but I imagine the Pentagon is keen to beef up its own capabilities.
(via The U.S. Air Force is Officially Seeking Cyber Weapons | Popular Science)
In Push to Standardize, Routinize Cyberwarfare, DARPA's "Plan X" Is Google Analytics for Malware
Darpa spent years backing research that could shore up the nation’s cyberdefenses. “Plan X” is part of a growing and fairly recent push into offensive online operations by the Pentagon agency largely responsible for the internet’s creation. In recent months, everyone from the director of Darpa on downhas pushed the need to improve — and normalize — America’s ability to unleash cyberattacks against its foes.
That means building tools to help warplanners assemble and launch online strikes in a hurry. It means, under Plan X, figuring out ways to assess the damage caused by a new piece of friendly military malware before it’s unleashed. And it means putting together a sort of digital battlefield map that allows the generals to watch the fighting unfold, as former Darpa acting director Ken Gabriel told the Washington Post: “a rapid, high-order look of what the Internet looks like — of what the cyberspace looks like at any one point in time.”
(ht infoneer-pulse)
![Frankenstein Virus Assembles Malware Payload in Real Time by Remixing Snippets of Benign, Legitimate Code
Previous research has shown that it is theoretically possible, given enough gadgets, to construct any computer program.
Mohan and Hamlen set out to show that Frankenstein could build working malware code by having it create two simple algorithms purely from gadgets. “The two test algorithms we chose are simpler than full malware, but they are representative of the sort of core logic that real malware uses to unpack itself,” says Hamlen. “We consider this a strong indication that this could be scaled up to full malware.”
Frankenstein follows pre-written blueprints that specify certain tasks - such as copying pieces of data - and swaps in gadgets capable of performing those tasks. Such swaps repeat each time Frankenstein infects a new computer, but with different gadgets, meaning that the malware always looks different to antivirus software, even if its ultimate effects are the same.
The research was part-funded by the US air force, and Hamlen says that Frankenstein could be particularly useful for national security agencies attempting to infiltrate enemy computer systems with unknown antivirus defences.
“It essentially infers what the [target computer’s] defences deem permissible from the existing files on the system to help it blend in with the crowd,” he says.
(via Frankenstein virus creates malware by pilfering code - tech - 20 August 2012 - New Scientist)](http://25.media.tumblr.com/tumblr_m927246gEn1qgpcs1o1_400.jpg)
Frankenstein Virus Assembles Malware Payload in Real Time by Remixing Snippets of Benign, Legitimate Code
Previous research has shown that it is theoretically possible, given enough gadgets, to construct any computer program.
Mohan and Hamlen set out to show that Frankenstein could build working malware code by having it create two simple algorithms purely from gadgets. “The two test algorithms we chose are simpler than full malware, but they are representative of the sort of core logic that real malware uses to unpack itself,” says Hamlen. “We consider this a strong indication that this could be scaled up to full malware.”
Frankenstein follows pre-written blueprints that specify certain tasks - such as copying pieces of data - and swaps in gadgets capable of performing those tasks. Such swaps repeat each time Frankenstein infects a new computer, but with different gadgets, meaning that the malware always looks different to antivirus software, even if its ultimate effects are the same.
The research was part-funded by the US air force, and Hamlen says that Frankenstein could be particularly useful for national security agencies attempting to infiltrate enemy computer systems with unknown antivirus defences.
“It essentially infers what the [target computer’s] defences deem permissible from the existing files on the system to help it blend in with the crowd,” he says.
(via Frankenstein virus creates malware by pilfering code - tech - 20 August 2012 - New Scientist)
Cyber Security Experts Crowdsource Crack for Flame/Stuxnet variant Gauss' "Encrypted Warhead"
The encrypted file is contained in a Gauss module that attaches itself to USB drives. When plugged in, the malware collects a variety of system information and uses a cryptographic hash of that data as a decryption key. They key is the result of the system data being passed through the MD5 algorithm, and its hash in turn being passed through the same algorithm 10,000 more times, making it infeasible for researchers to deduce the initial value needed to unlock the malicious code.
Researchers believe the mechanism allows Gauss to remain dormant except on a specific system that was targeted in advance. Stuxnet, which was used to disrupt Iran’s nuclear program, contained a similar mechanism that targeted computer systems at the Natanz Uranium enrichment facility, although Stuxnet didn’t use encryption to conceal its contents.
![Chinese Telecoms Companies Working With Western Intelligence Services to Allay Fear of Backdoors and Trojans
the “Cyber Security Evaluation Centre” set up [in Banbury, UK] by Huawei, a Chinese telecoms giant, in 2010 marks a new way of persuading purchasers, and the British government, that equipment from the manufacturer that runs it can be trusted.
It operates in close co-operation with GCHQ, Britain’s signals-intelligence agency, located conveniently just over the Cotswolds in Cheltenham. Its security-cleared staff, some of whom used to work for GCHQ, are responsible for making sure that the networking equipment and software that the Chinese firm wishes to sell to British telecoms companies are reliable, will only do what customers want them to do and cannot be exploited by cybercriminals or foreign spies—including Chinese ones.
Over the past ten years or so, Chinese telecoms firms such as Huawei and ZTE, another telecoms-equipment provider, have expanded from their vast home market to become global players. This is a worry not just for the rich-world incumbents under threat but also for those responsible for the integrity of critical infrastructure such as phone systems.
They fear that the companies’ networking gear and software could be used by China’s spooks to eavesdrop on sensitive communications, or that it might contain “kill switches” which would allow China to disable the systems involved in the event of a conflict. “I think it’s ridiculous to allow a Chinese company with connections to the Chinese government and the People’s Liberation Army (PLA) to have access to a network,” says Dmitri Alperovitch of CrowdStrike, a web-security outfit.
(via Huawei: The company that spooked the world | The Economist ht KurzweilAI.net)](http://25.media.tumblr.com/tumblr_m8c7ay6fVq1qgpcs1o1_500.jpg)
Chinese Telecoms Companies Working With Western Intelligence Services to Allay Fear of Backdoors and Trojans
the “Cyber Security Evaluation Centre” set up [in Banbury, UK] by Huawei, a Chinese telecoms giant, in 2010 marks a new way of persuading purchasers, and the British government, that equipment from the manufacturer that runs it can be trusted.
It operates in close co-operation with GCHQ, Britain’s signals-intelligence agency, located conveniently just over the Cotswolds in Cheltenham. Its security-cleared staff, some of whom used to work for GCHQ, are responsible for making sure that the networking equipment and software that the Chinese firm wishes to sell to British telecoms companies are reliable, will only do what customers want them to do and cannot be exploited by cybercriminals or foreign spies—including Chinese ones.
Over the past ten years or so, Chinese telecoms firms such as Huawei and ZTE, another telecoms-equipment provider, have expanded from their vast home market to become global players. This is a worry not just for the rich-world incumbents under threat but also for those responsible for the integrity of critical infrastructure such as phone systems.
They fear that the companies’ networking gear and software could be used by China’s spooks to eavesdrop on sensitive communications, or that it might contain “kill switches” which would allow China to disable the systems involved in the event of a conflict. “I think it’s ridiculous to allow a Chinese company with connections to the Chinese government and the People’s Liberation Army (PLA) to have access to a network,” says Dmitri Alperovitch of CrowdStrike, a web-security outfit.
(via Huawei: The company that spooked the world | The Economist ht KurzweilAI.net)
