Newsletter
IT and Cyber Security News Update from
Centre for Research and Prevention of Computer
Crimes,
Courtesy - Sysman Computers Private Limited, Mumbai (www.sysman.in)
Since June 2005 January
09, 2015 Issue
no 1528
Tenth year of
uninterrupted publication
Todays edition
REACT : Mumbai Police blocks over 650 social media posts
featuring Charlie Hebdo cartoons
ECONOMY : Underground hacker markets are thriving reports
Dell's SecureWorks Counter Threat Unit
STOLEN : Hackers have stolen $5 million to
Bitstamp Bitcoin exchange
WAR : Why
we're losing the war for cyber security
(Click on heading above to jump to related item. Click on Top to be back here)
REACT : Mumbai Police blocks over
650 social media posts featuring Charlie Hebdo
cartoons
By
Vikas SN
January
9, 2015
http://www.medianama.com/2015/01/223-mumbai-police-social-posts-block/
Mumbai
Police has blocked over 650 posts and pages on a popular social networking
site for allegedly uploading the controversial cartoons featured in the French
magazine Charlie Hebdo, reports The Hindustan Times.
Mumbai police spokesperson Dhananjay Kulkarni told
the publication that they are blocking every controversial post that they come
across.
Whats
particularly worrying though is that Kulkarni says
they are in constant touch with the authorities managing the servers of a
popular USA-based networking site to immediately block such controversial posts
and provide us with IP address of the account holders. Its currently not
clear as to which site is Kulkarni referring, but it
does raise serious privacy concerns for users in the country.
Citing
sources, the report also says that Mumbai Polices social media lab was
directed to search through various handles and posts to find those putting up
these controversial cartoons, following the Charlie Hebdo
attack earlier this week.
Censoring
the web
This
development comes at a time when blocking websites without providing a reason
has become the norm rather than an exception and theres been a significant
increase in the government actions to censor the web.
Police
departments are also issuing warnings or even arresting users over sharing or
even liking objectionable content on the Internet. In June last year, we
witnessed two incidents of arrest: an MBA student was arrested for allegedly
sending an offensive message on Facebook-owned WhatsApp while another person in Mumbai was arrested for
posting on the Goa+ Facebook Group, that if elected
to power, Modi would unleash a holocaust. (Also read: On 66A, Palghar was not an abuse of power. The law itself is
abusive; Notes from the Supreme Court)
#CharlieHebdo #newyorktimes #cartoon (via @wallaceme ) pic.twitter.com/zJe7ll1BGl
saskia
jungnikl (@sjungnikl)
January 7, 2015
The
Karnataka Government had also passed a legislature in August last year, that
allows the authorities to arrest a person even before he/she has committed an
offence under the IT Act (Read: You could be labelled
a goonda in the eyes of the State Bangalore
Mirror).
Cartoonist
Aseem Trivedis arrest: This incident also reminds us of the arrest of the
Cartoonist Aseem Trivedi
who was arrested on sedition charges in September 2012, for displaying
allegedly offensive cartoons at a Jan Lokpal
agitation in Mumbai in December 2011 and on his website,
CartoonsagainstCorruption.com. He was released from jail three days later.
IN MEMORY OF MY COLLEAGUES AND FRIENDS FROM
CHARLIE HEBDO, a cartoon for the International New York Times
pic.twitter.com/2v21S7ZmGJ
Chappatte
Cartoons (@PatChappatte) January 7, 2015
Lack
of transparency from social networking sites
There
is also the issue of lack of transparency from social networking sites
regarding these blocks. Commenting on the Charlie Hebdo
attack, Facebook co-founder & CEO Mark Zuckerberg said that:
Facebook has always been a place where people across the world
share their views and ideas. We follow the laws in each country, but we never
let one country or group of people dictate what people can share across the
world. Im committed to building a service where you can speak freely without
fear of violence.
However,
the company doesnt provide any information on why a specific content or a
specific page is blocked in the country, although it reinstates pages when
there is a public outcry as we saw in the instance of Kiss of love protests.
Similarly,
Twitter has also blocked several accounts in the past, but hasnt provided any
reason for these blocks. We feel these companies should work on increasing
their transparency on these issues. People need to know what was blocked, why
it has been blocked, who has taken the decision to block it, and if it is my
page or account, what is the process of getting the block removed.
ECONOMY : Underground hacker markets
are thriving reports Dell's SecureWorks Counter
Threat Unit
By
Michael Kassner
January
7, 2015
A
December 2014 security report finds that the internet's underground hacker
economy is booming. This economy is doing so well that it's becoming a buyer's
market.
Dell
SecureWorks published in November 2013 the results of
a remarkable project taken on by its Counter Threat Unit (CTU) Director of
Malware Research Joe Stewart and independent Network Security Analyst David
Shear: The Underground Hacking Economy is Alive and Well. Their research
uncovered an extensive and virile underground market for hackers and digital
ne'er-do-wells. The duo listed available bad-guy tools, hacker services, and
their associated costs. For example, the ever-popular US Fullz
sold for $25 US. That may seem like a lot, but the buyer gets a lot --
typically all of the following victim's personally-identifiable information:
·
Full name,
address, phone numbers, and email addresses (with passwords)
·
Date of birth,
SSN, or Employee ID Number (EIN)
·
Bank account
information (account number, routing number, and account type)
·
Online banking
credentials (varying degrees of completeness)
·
Credit-card
information (including full track 2 data and any associated PINs)
Additional
services offered in the hacker markets include:
·
Credit/debit
cards from around the world
·
Infected
computers ($20 US buys 1,000 bots)
·
Exploit kits
·
Hacker services
(rent a DDoS attack for $100 US a day)
The
Dell SecureWorks CTU had been following hacker
markets for several years prior to 2013, allowing them to delineate changes in
the underground economy. "In 2011, the CTU saw hackers selling US bank
account credentials with balances of $7,000 for $300," the paper mentions.
"Now, we see accounts with balances ranging from $70,000 to $150,000 go
for $300 and less, depending on the banking institution where the account is located."
Why
the drop in prices? The paper mentions, "There is no shortage of hackers
willing to do about anything, computer related, for money, and they are
continually finding ways to monetize personal and business data."
Fast
forward to December 2014
Stewart
and Shear are back, and the word in the Dell SecureWorks
December 2014 report, Underground Hacker Markets (PDF), is more of the same.
"The most significant difference between the current hacker underground
markets and those of 2013, is that the markets are booming
with counterfeit documents to further enable fraud, including new identity
kits, passports, utility bills, social security cards and driver's
licenses," mentions the 2014 paper. "Of course, these types of
documents are required to commit many kinds of in-person fraud, whether it is
buying high-end purchases with duplicated credit or debit cards at a retail
outlet; applying for bank loans; committing check fraud; or attempting
government fraud."
For
the curious, a fake US driver's license sells for around $150 US, scans of US
Social Security cards including name and address go for $250 US, and $100 US
adds a utility bill to make the fraud attempt less suspicious.
Hacker
tutorials
It
seems, in 2014, the digital underground decided there is a market for training
aids. Hacker markets already provide services such as DDoS
attacks. So, it is not much of a leap to include how-to tutorials, for a fee of
course. Stewart and Shear note a manual containing several tutorials sells for
$30 US.
100%
guarantee
Another
trend seen by the researchers seemed inevitable. What do businesses do in order
to stand out from the crowd -- offer something unique.
In the case of the hacker markets, that appears to be guarantees.
Dell
SecureWorks ends the report with a list of security
precautions companies and individual users should have in place. The following
safeguards are the more notable ones:
·
Reconcile your
banking and credit card statements, often, with online banking and/or credit
card activity to identify potential anomalies.
·
Do not use
"trial versions" of antivirus products as your source of protection.
Trial versions do not get updates.
·
Be cautious about
installing software deemed too good to be true, as it likely contains malware.
·
Subscribe to a
credit monitoring service, and set up alerts to warn you of any changes or
credit checks.
As
the bad guys get more sophisticated, it seems we must as well.
STOLEN : Hackers have stolen $5
million to Bitstamp Bitcoin
exchange
by Pierluigi Paganini
January 6th, 2015
http://securityaffairs.co/wordpress/31858/cyber-crime/hackers-stolen-5-million-bitstamp.html
The UK-based Bitcoin exchange Bitstamp has
temporarily suspended its service in the wake of a major cyber attack against
company online systems.
The UK-based Bitcoin exchange Bitstamp has
temporarily suspended its service in wake of compromise. Bitstamp
announced that its systems suffered a major cyber attack,
which lead to the theft of less than 19,000 BTC.
We
have temporarily suspended Bitstamp services. Bitstamp customers can rest assured that their bitcoins held with us prior to temporary suspension of
services on January 5th (at 9am UTC) are completely safe and will be honored in
full. On January 4th, some of Bitstamps operational
wallets were compromised, resulting in a loss of less than 19,000 BTC. states
the official statement issued by company on its website.
As incident response, Bitstamp has immediately disclosed the news of the cyber attack and as a
security precaution it is informing the customers that they should no longer
make deposits. While the investigation is going on, Bitstamp
has frozen customers accounts and blocked any activity, including deposits and
other every transaction.
Upon
learning of the breach, we immediately notified all customers that they should
no longer make deposits to previously issued bitcoin
deposit addresses. To repeat, customers should NOT make any deposits to
previously issued bitcoin deposit addresses. As an
additional security measure, we suspended our systems while we fully
investigate the incident and actively engage with law enforcement officials.
The breach seems have
impacted just a small fraction of Bitstamps total Bitcoin reserves, meanwhile the majority of the virtual
coins the firm manages is held in secure offline cold
storage systems.
WAR : Why we're losing the war
for cyber security
By David
Shipley
Jan
6, 2015
https://www.linkedin.com/pulse/why-were-losing-war-cyber-security-david-shipley
2014
was an abysmal year for cyber security. JP Morgan Chase, Home Depot, Sony - the
list goes on and on.
And
2015 promises to be even worse.
The
recent massive DDOS attacks over the Christmas holidays against Sony's Playstation network and Microsoft's xBox
Live service demonstrates how much damage a small
group can do with easily accessible tools - disrupting services to tens of
millions of years just for "lulz" or
laughs.
On
top of these commodity security issues, there's the more serious,
state-sponsored attacks on critical infrastructure such as what was revealed by
Cylance with its report on hacking activities
attributed to an Iranian team.
The
cost of losing
Arriving
at a precise price tag for the cost of cyber attacks and cyber crime isn't
possible, but reasonable estimates from firms such as Intel Security (formerly
McAfee) put the cost of cyber crime at between 15 and 20 percent of the overall
value of the Internet economy, which was between two to three trillion dollars.
Bleeding
hundreds of billions of dollars through lost reputation, service outages,
expensive lawsuits and more isn't a sign we're winning.
To
add insult to injury, on top of the costs of cyber attacks and cyber crime, come the long-term erosion in consumer trust in the Internet
economy, which may cause even more damage as more and more firms fall victim to
such attacks.
The
wild west
The
Internet economy and cyber security is in its Wild West phase. The breaches of
major financial institutions and retailers are the great train robberies of our
age. They are the digital equivalent of high seas privacy and companies are ill
prepared to deal with these activities.
Just
as ill-equipped are our police forces. In Canada, the RCMP have
acknowledged that criminals are increasingly turning to the Internet to ply
their trade. Yet at the same time our ability in Canada to identify cyber
criminals, let alone successfully prosecute them, is woefully inadequate.
According to police reported criminal reports, only six percent of
property-related cyber crimes had an identified suspect in 2012, the most
recent year data is available.
Our
laws and our investment in digital capabilities for police have simply not kept
pace with the threat. Similarly, our military capabilities have lagged when it
comes to cyber security and cyber defence.
A
losing strategy
Cyber
security often leverages key terms and ideas from military history, such as
ideas around defence in depth when it comes to
network and device security.
But
there are fundamental lessons that stretch back thousands of years. Chinese
military strategist Sun Tzu once said that if you "Know the enemy and know
yourself and you can fight 100 battles without defeat (Zhi
ji ahi bi, bai zhan bu dai)".
But
too few organizations truly understand who they're fighting - because if
they're like my university, opponents range from bored teenagers with access to
DDOS tools to petty criminals looking for quick wins with online scams, to
organized cybercriminal syndicates with sophisticated malware to
state-sponsored hacking teams looking to steal valuable intellectual property
or leverage our assets to attack others.
The
threat keeps changing.
The
good news for my university is that we've made some progress by understanding
who and what we're up against and investing in short, medium and long-term
plans to mitigate and minimize threats. It's the best we can do - for now - but
it's a far cry from winning.
A
more modern military and business analogy highlights why the current approach
to reactive cyber security cannot win. Known as the OODA loop, the concept was
developed by US Air Force Colonel John Boyd as he studied US pilot combat
performance in Korea. Boyd observed that the American pilots had significantly
higher kill ratios over their North Korean opponents at the time who had jets that should have outperformed the American
equipment. But the Americans had a crucial advantage - a much better canopy
that allowed for greater pilot visibility.
This
led to the decision model known as OODA - observe, orient, decide and act. As
an individual or group goes through the OODA cycle, they iteratively improve
and are able to make decisions faster. Meanwhile, opponents reacting to those
decisions find their OODA loops getting larger or slower.
in the
case of cyber security, companies are always on the losing end of an OODA
battle when faced with sophisticated opponents (and sometimes even with ones
who are not all that sophisticated).
To
win, we're going to need better tools to identify threats as they happen and as
they're in the planning stages.
Bigger
digital Maginot lines aren't the answer
We
can't defend ourselves out of this dilemma. There is a need for the ability to
respond to threats proactively, not merely to attempt to limit the extent of
the damage such attacks can do.
The
argument I'm making isn't that security investments such as next generation
firewalls, endpoint protection, network access control, VPNs, malware detection
tools, applications security detection and more aren't necessary. It's that
they're not enough.
Ultimately
we need a combination of better policing and military resources to deal with
the larger scale threats. But we also need the capability and ability to
proactively monitor for threats and when necessary take steps to stop them in
their tracks, either in conjunction with law enforcement or unilaterally. For
example, firms should have the right to investigate the source of DDOS attacks
and with sufficient evidence, take offensive steps to shut down the source(s)
of such attacks, when and where possible.
In
terms of digital defences, we need tools that
integrate together and work to create rapid responses to threats at machine
speed, rather than human speed. We need to move towards a digital immune system
model.
It
was the best of times, it was the worst of times
2015
is going to be a difficult year for cyber security. But in that adversity, I'm
hoping we'll not only see new technologies (though arguably cyber security
tools and hacking tools are caught in a perpetual digital arms race) but
changes in attitudes towards the importance of developing better policing and
military responses as well as better approaches for each individual
organization's proactive security.
Docking Station
A docking station, or dock, is a device that connects a
laptop to multiple peripherals. It provides a single connection point that
allows a laptop to use a connected monitor, printer, keyboard, and mouse. This
allows a laptop to function like a desktop computer.
Laptop manufacturers often build custom docking stations
for their laptops. These docks usually have a proprietary input port that
connects to a matching port on specific laptop models. Early docks, such as
those built in the 1990s, included serial ports for connecting input devices,
parallel ports for connecting printers and scanners, and VGA ports for
connecting monitors. In recent years, laptop docking stations have become more
standardized, with USB ports for connecting most peripherals and DVI ports for
connecting displays.
While modern docks provide standardized I/O ports, many
docking stations still use a proprietary dock connector, which means when you
buy a new laptop, you may need to buy a new dock. Fortunately, the Thunderbolt
connector, first used in Apple's MacBook laptops,
eliminates the need for a docking station. A single Thunderbolt connection can
support USB, FireWire, Ethernet, and DisplayPort
connections. Therefore, a Thunderbolt hub serves the same purpose as a laptop
dock and is compatible with any computer that has a standard Thunderbolt
connection.
NOTE: Docking stations may also refer to hardware used to
connect tablets, smartphones, and other portable
devices to one or more peripherals. However, these devices are generally called
"docks" and typically have fewer I/O connections than a laptop dock.
I am not blaming those who
are resolved to rule, only those who show an even greater readiness to submit.
Thucydides
Note -