Security Technology

Josh Chin The Chinese hackers who breached Google's corporate servers 41 months ago gained access to a database containing classified information about suspected spies, agents, and terrorists under surveillance by the US government, according to a published report. The revelation came in an article published Monday by The Washington Post, and it heightens concerns about the December, 2009 hack. When Google disclosed it a few weeks later, the company said only that the operatives accessed Google "intellectual property"—which most people took to mean software source code—and Gmail accounts of human rights activists. Citing officials who agreed to speak on the condition that they not be named, Washington Post reporter Ellen Nakashima said the assets compromised in the attack also included a database storing years' worth of information about US surveillance targets. The goal, according to Monday's report, appears to be unearthing the identities of Chinese intelligence operatives in the US who were being tracked by American law enforcement agencies. Read 7 remaining paragraphs | Comments

In an effort to unmask a leaker who fed a reporter classified information about North Korea, FBI investigators tracked the journalist's movements in and out of a government building, obtained copies of his phone records and personal e-mails and also ...

The Blackhole Exploit Kit (BHEK) spam run has already assumed various disguises during its course. Some variants have taken various forms, such as official bank notice, cable provider email update, social networking email, and fake courier notification. Lately, we have seen a slew of spam crafted as a notice from the popular retail chain Walmart. However, this spam run offers something different. Figure 1. Notice supposedly from Walmart In this campaign, some of the URLs lead to Cyrillic domain names.  These domains were translated into the English alphabet through punycode. Punycode is a way to convert Unicode characters into a smaller character set. URLs in punycode have to be decoded first in order to see its original format. The use of international domain names (IDNs) can pose additional security risks to users. Users can be redirected to a phishing page that appears to have the same URL as a legitimate site. IDNs also allow spammers to create more spam domains not limited to English characters. This can make blocking malicious sites more difficult. This technique is not new, but seeing punycode used in a BHEK email campaign is unusual. Users who click the links are redirected to several sites, until they are lead to the site hosting a malware (detected as TROJ_PIDIEF.SMXY), which exploits a in Adobe Reader and Acrobat (CVE-2009-0924) to download and execute other malware onto the vulnerable system. This attempt at evading detection is not surprising, given how 2013 is shaping up to be the year of refining existing tools. In our 1Q 2013 Security Roundup, we already noticed how dated threats like Asprox and banking Trojans like CARBERP were returning to the scene with new and improved features. We can expect this trend to continue this year, though new threats can always appear anytime soon. Whether facing old or newly-improved threats, several computing practices can provide your best defense. Always be cautious of email messages before clicking the links or downloading attached files. Always verify with the vendor to check if these emails are legitimate. Regularly install the latest security updates from software vendors to avoid threats targeting dated vulnerabilities. We’re trying to make the Security Intelligence Blog better. Please take this survey to tell us how. Post from: Trendlabs Security Intelligence Blog - by Trend MicroBlackhole Spam Run Evades Detection Using Punycode

All of the anti-counterfeiting features of the new Canadian $100 bill are resulting in people not bothering to verify them. The fanfare about the security features on the bills, may be part of the problem, said RCMP Sgt. Duncan Pound. "Because the polymer series' notes are so secure ... there's almost an overconfidence among retailers and the public in terms...

A website that accepts payment in exchange for knocking other sites offline is perfectly legal, the proprietor of the DDoS-for-hire service says. Oh, it also contains a backdoor that's actively monitored by the FBI. Ragebooter.net is one of several sites that openly accepts requests to flood sites with huge amounts of junk traffic, KrebsonSecurity reporter Brian Krebs said in a recent profile of the service. The site, which accepts payment by PayPal, uses so-called DNS reflection attacks to amplify the torrents of junk traffic. The technique requires the attacker to spoof the IP address of lookup requests and bounce them off open domain name system servers. This can generate data floods directed at a target that are 50 times bigger than the original request. Krebs did some sleuthing and discovered the site was operated by Justin Poland of Memphis, Tennessee. The reporter eventually got an interview and found Poland was unapologetic. Read 3 remaining paragraphs | Comments

Technically, it's a cuttlefish and not a squid. But it's still nice art. I posted a photo of a real striped pyjama squid way back in 2006. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

In the episode that aired on May 9th, about eight or nine minutes in, there's a scene with a copy of Applied Cryptography prominently displayed on the coffee table. This isn't the first time that my books have appeared on that TV show....

Botnet operators are using a domain-generation algorithm to conceal their command-and-control center. And once they knew security researchers were on to their tricks, they got even slicker.

F-Secure Stealthy Mac OS X spyware that was digitally signed with a valid Apple Developer ID has been detected on the laptop of an Angolan activist attending a human rights conference, researchers said. The backdoor, which is programmed to take screenshots and send them to remote servers under the control of the attackers, was spread using a spear phishing e-mail, according to privacy activist Jacob Appelbaum. Spear phishing is a term for highly targeted e-mails that address the receiver by name and usually appear to come from someone the receiver knows. The e-mails typically discuss topics the two people have talked about before. According to AV provider F-Secure, the malware was discovered during a workshop showing freedom of speech activists how to secure their devices against government monitoring. The malware was signed with a valid Apple Developer ID allowing it to more easily bypass the Gatekeeper feature Apple introduced in the Mountain Lion version of OS X. If it's not the first time Mac malware has carried such a digital assurance, it's certainly among the first. Both F-Secure and Appelbaum said the backdoor, identified as OSX/KitM.A, is new and previously unknown. For its part, AV provider Intego said the malware is a variant of a previously seen trojan known as OSX/FileSteal. Intego continued: Read 3 remaining paragraphs | Comments

Prototype of a system for preventing ATM theft. Reuters A criminal serving a five-year sentence "for supplying gadgets to an organized crime gang used to conceal ATM skimmers" has invented a device that prevents ATMs from being susceptible to such thefts, Reuters reported today. Valentin Boanta, who is six months into his sentence in a Romanian prison, developed what he calls the SRS (Secure Revolving System) which changes the way ATM machines read bank cards to prevent the operation of skimming devices that criminals hide inside ATMs. Boanta's arrest in 2009 spurred him to develop the anti-theft device to make amends. "When I got caught I became happy. This liberation opened the way to working for the good side," Boanta told Reuters. "Crime was like a drug for me. After I was caught, I was happy I escaped from this adrenaline addiction. So that the other part, in which I started to develop security solutions, started to emerge." Read 5 remaining paragraphs | Comments