http://freebeacon.com/chinese-hackers-suspected-in-cyber-attack-on-council-on-foreign-relations/
Chinese Hackers Suspected in Cyber Attack on Council on Foreign Relations
Advanced cyberespionage attack employed 'drive-by' method on CFR website
BY:
Computer hackers traced to China carried out an advanced cyberespionage attack against one of America’s most elite foreign policy web groups – the website of the Council on Foreign Relations (CFR).
According to private computer-security forensic specialists, the hacking incident involved a relatively new type of ploy called a “drive-by” website cyber attack that was detected around 2:00 p.m. on Wednesday.
The specialists, who spoke on condition of anonymity, said the attack involved penetrating the computer server that operates the New York City-based CFR’s website and then using the pirated computer system to attack CFR members and others who visited or “drove by” the site.
The activity ended on Thursday and the specialists believe the attackers either removed their malicious software to prevent further details of the attack from being discovered, or CFR was able to isolate the software and remove it.
The FBI was notified of the attack and is said to be investigating.
FBI spokeswoman Jennifer Shearer declined to comment when asked about the attack. But she told the Washington Free Beacon: “The FBI routinely receives information about threats and takes appropriate steps to investigate those threats.”
However, David Mikhail, a Council on Foreign Relations spokesman, confirmed the attack. “The Council on Foreign Relations’ website security team is aware of the issue and is currently investigating the situation,” Mikhail said in an email. “We are also working to mitigate the possibility for future events of this sort.” He provided no details.
According to the computer security specialists, the cyber espionage attack represents a new level of sophistication by foreign hackers seeking government and other secrets by computer.
The method used in a “drive-by” attack requires hackers to covertly plant malicious software in the CFR computer system. Then, they used the software and the web site to attack visitors to the site by infecting their computers in a hunt for secrets and other valuable information. One of the specialists said the attack also involved using the CFR site for what is called a “watering hole” attack, when people who visit the website are infected.
One of the victims who visited the CFR’s website, cfr.org, discovered the attack and alerted computer security specialists on Wednesday.
In response, a small group of private security specialists launched an investigation into the activity and found that it only targeted computer users using the web browser Windows Internet Explorer 8 and higher versions. The attackers were able to exploit a security flaw in the browser software called a “zero-day” vulnerability – a previously unknown flaw that allows computer hackers to gain access to a targeted computer.
A similar Internet Explorer vulnerability was behind the major Aurora cyber attack on Google and other U.S. corporations that began in 2009 and was traced to China’s government.
Investigators said the computer attackers that targeted CFR were able to set up a covert network capable of identifying, encrypting, and sending stolen information found in targeted and infected computers back to a secret command and control computer.
In the case of the CFR hack, the malicious software involved software that included Mandarin Chinese language, the specialists said. Also, the attackers limited their targeting to CFR members and website visitors who used browsers configured for Chinese language characters – an indication the attackers were looking for people and intelligence related to China.
“This was a very sophisticated attack,” said one of the specialists. “They were looking for very specific information from specific people.”
The extent of the damage is not known but CFR members who visited the website between Wednesday and Thursday could have been infected and their data compromised, the specialists said.
The CFR is one of the most elite foreign policy organizations in the United States with a membership of some 4,700 officials, former officials, journalists, and others. Its members include NBC anchor Brian Williams, Hollywood actress Angelina Jolie, and former Sen. Chuck Hagel, President Obama’s embattled but as yet un-nominated choice for secretary of defense.
Current Secretary of State Hillary Clinton and Assistant Secretary of State Kurt Campbell, the Obama administration’s senior Asian affairs policy maker, also are CFR members. Senate Intelligence Committee Chairman Sen. Dianne Feinstein (D., Calif.) is also a member, as is Secretary of State-designate Sen. John Kerry.
Its board and members include a who’s who of U.S. foreign policy and national security elites, including former U.S. Central Command commander Army Gen. John Abizaid, and former Secretaries of State Madeleine K. Albright, Colin Powell, and Henry Kissinger.
Fox News CEO Roger Ailes also is a member, as is News Corp. chairman and CEO Rupert Murdoch. Former Presidents George W. Bush and Bill Clinton are members, as is former CIA Director and former Defense Secretary Robert M. Gates and former CIA Director David Petraeus.
The CFR cyberstrike is not the first strategic drive-by cyber attack.
The computer security website Dark Reading reported in May that the Center for Defense Information, and the Hong Kong chapter of the human rights group Amnesty International (AIHK), along with several other organizations, also were attacked using similar drive-by methods.
“The weapon of choice for a cyberspy or advanced persistent threat (APT) actor gaining a foothold inside its target traditionally has been the socially engineered email with a malicious link or attachment,” DarkReading stated. “But cyberspies are increasingly targeting specific, legitimate websites and injecting them with malware in hopes of snaring visiting victims from organizations from similar industries and sectors.”
and.......
http://www.esecurityplanet.com/hackers/hackers-breach-u.s.-army-database.html
Hackers Breach U.S. Army Database
Approximately 36,000 records were accessed, including names and Social Security numbers.
According to The Asbury Park Press' Bill Bowman, hackers recently accessed the personal data of approximately 36,000 people who either worked with or visited Army commands formerly located at Fort Monmouth. The breach was discovered on December 6, and the affected databases were immediately taken offline.
Bowman reports that U.S. Army CECOM spokesperson Andricka Thomas said the breach "may have affected CECOM, C4ISR (Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance) and nongovernmental personnel as well as persons who may have visited Fort Monmouth."
"The information included 'a mix of full names, dates and places of birth, Social Security numbers, home addresses, and salaries' that were stored in databases maintained by the CECOM located at Aberdeen Proving Ground, Md., Thomas said," Bowman writes. "She said that at a minimum, names and Social Security numbers were accessed."
"A letter from CECOM commander, Maj. Gen. Robert S. Ferrell indicated that the information had been obtained from CECOM files at the Software Engineering Center and Fort Monmouth's visitor records," writes TechNewsDaily's Ben Weitzenkorn. "Both CECOM and C4ISR have since been relocated to Aberdeen Proving Ground in Maryland. The army will offer free credit-monitoring services to those affected."
http://www.esecurityplanet.com/hackers/hacker-claims-to-have-stolen-verizon-customer-data.html
Hacker Claims to Have Stolen Verizon Customer Data
In response, the company says its systems have not been hacked.
Hacker TibitXimer (whose Twitter account was suspended following his announcement) claims to have stolen data on more than 3 million Verizon FiOS customers -- though Verizon says its systems have not been hacked. The hacker, who says the breach took place on July 13, recently posted 300,000 records on Pastebin.
"A fraction of the downloaded data has been published to code-sharing site Pastebin after Verizon failed to fix the vulnerability in its network, Tibit said, noting that the data was stored in plain text and did not require decryption," write ZDNet's Charlie Osborne and Zack Whittaker. "The hacker said that after he informed Verizon of the exploit, the company 'ignored my report,' and did not comment. Tibit said he worked alone, and while he supports Anonymous, he is not directly associated with the hacking collective."
In response, Verizon spokesman Alberto Canal told ZDNet, "Our systems have not been hacked. ... We reported this incident to the authorities when we first learned of it months ago and an investigation was launched. Many of the details surrounding this incident are incorrect and exaggerated. No Verizon systems were breached, no root access was gained, and this incident impacted a fraction of the number of individuals being reported."
Verizon later told The Next Web's Emil Protalinski that a "third party marketing firm made a mistake and information was copied."
"Based on this information, it would appear that TibitXimer may have found the file online and decided to make a [big] story out of it," Protalinski writes. "Yet this new tidbit leads to even more questions, the biggest one being: Why did a 'third party marketing firm' have access to this data in the first place?"
http://www.esecurityplanet.com/network-security/occ-warns-of-u.s.-bank-ddos-attacks-account-fraud.html
OCC Warns of U.S. Bank DDoS Attacks, Account Fraud
A recent alert noted that DDoS attacks can be used to create a distraction while fraud or theft is being perpetrated.
The U.S. Office of the Comptroller of the Currency (OCC) has published an alert regarding the series of DDoS attacks that various groups have recently been launched against U.S. banks.
"Each of the groups had different objectives for conducting these attacks ranging from garnering public attention to diverting bank resources while simultaneous online attacks were under way and intended to enable fraud or steal proprietary information," the alert states.
"The bulletin recommends that banks maintain a 'heightened sense of awareness regarding these attacks' and ensure they are prepared to deal with them," writes SC Magazine's Dan Kaplan. "That includes appropriating staff and third-party contractors to help thwart the attacks; implementing an incident response plan across various departments; and sharing information among affected organizations."
"Banks are currently being hit with DDoS attacks as part of a second phase of campaigns waged by the hacktivist group Izz ad-Din al-Qassam Cyber Fighters," notes BankInfoSecurity's Tracy Kitten. "In a Dec. 18 posting on Pastebin, the group warned attacks would persist until a YouTube movie trailer, deemed offensive to Muslims, is removed."
"This is definitely a threat to the day to day workings of our financial systems," Gartner analyst Avivah Litan wrote in a recent blog post. "Thankfully there are lots of backup routes into a bank, e.g. branch, ATM machine, call center. But many users and customers depend on the internet and it’s very disruptive to business when it’s down. In the meantime, add DDoS attacks to the checklist of things to worry about when trying to prevent fraud."
No comments:
Post a Comment