Tag Archives: hackers

As Secure as it Can Get: hacking the banks


A little-noticed lawsuit details a hacking attack similar to one that stole $81 million from Bangladesh’s central bank, saying cybercriminals stole about $9 million in 2015 from a bank in Ecuador…..…A third attack, from December 2015 at a commercial bank in Vietnam, was detailed last week by the Society for Worldwide Interbank Financial Telecommunication, or Swift. That bank detected the fraudulent requests and stopped the movement of funds, the central bank in Vietnam said.  In the January 2015 Ecuador hack, as with the Bangladesh case, hackers managed to get the bank’s codes for using Swift, the global bank messaging service, to procure funds from another bank, according to court papers.

The Ecuadorean bank, Banco del Austro, filed a lawsuit in New York federal court in 2016 accusing Wells Fargo & Co. of failing to notice “red flags’’ in a dozen January 2015 transactions and to stop them before the thieves transferred about $12 million, most of it to banks in Hong Kong.  Lawyers for the two banks didn’t immediately return phone calls asking to comment about the case and Swift’s complaints that they had failed to notify the messaging network….

There are similarities in method, including thieves accessing the bank’s system to log on to the Swift network through customer sites, and doing so after bankers’ hours, apparently to reduce the likelihood someone would ask questions about specific transactions…

According to that filing on behalf of Banco del Austro, or BDA, “For each of the unauthorized transfers, an unauthorized user, using the Internet, hacked into BDA’s computer system after hours using malware that allowed remote access, logged onto the Swift network purporting to be BDA, and redirected transactions to new beneficiaries with new amounts.” Using that method, just before midnight on Jan. 14, 2015, a payment order made to a Miami company for less than $3,000 was altered to send $1.4 million to an account in Hong Kong, according to the court filing. There were 12 suspect transfers carried out over a 10-day period in January 2015, according to the lawsuit.  BDA’s lawsuit argues Wells Fargo should have noticed several anomalies in the transfers and, at a minimum, asked questions about them.  “The unauthorized transfers were made in unusual times of the day, in unusual amounts, to unusual beneficiaries in unusual geographic locations,’’ the bank’s lawyers argued in the filing. “Despite the numerous anomalies in the unauthorized transfers, [Wells Fargo] inexplicably failed to block them and/or alert BDA of the suspicious activity.’’

Excerpts from DEVLIN BARRETT and KATY BURNE, Now It’s Three: Ecuador Bank Hacked via Swift, Wall Street Journal, May 19, 2016

How to Tear Down a Power Grid

pylons. image from wikipedia

In Ukraine on Dec. 23, 2015 the power suddenly went out for thousands of people in the capital, Kiev, and western parts of the country. While technicians struggled for several hours to turn the lights back on, frustrated customers got nothing but busy signals at their utilities’ call centers….Hackers had taken down almost a quarter of the country’s power grid, claimed Ukrainian officials.  Specifically, the officials blamed Russians for tampering with the utilities’ software, then jamming the power companies’ phone lines to keep customers from alerting anyone….Several of the firms researching the attack say signs point to Russians as the culprits. The malware found in the Ukrainian grid’s computers, BlackEnergy3, is a known weapon of only one hacking group—dubbed Sandworm by researcher ISight Partners—whose attacks closely align with the interests of the Russian government. The group carried out attacks against the Ukrainian government and NATO in 2014…

The more automated U.S. and European power grids are much tougher targets. To cloak Manhattan in darkness, hackers would likely need to discover flaws in the systems the utilities themselves don’t know exist before they could exploit them. In the Ukrainian attack, leading security experts believe the hackers simply located the grid controls and delivered a command that shut the power off. Older systems may be more vulnerable to such attacks, as modern industrial control software is better at recognizing and rejecting unauthorized commands, says IOActive’s Larsen.

That said, a successful hack of more advanced U.S. or European systems would be a lot harder to fix. Ukrainian utility workers restored power by rushing to each disabled substation and resetting circuit breakers manually. Hackers capable of scrambling New York’s power plant software would probably have to bypass safety mechanisms to run a generator or transformer hotter than normal, physically damaging the equipment. That could keep a substation offline for days or weeks, says Michael Assante, former chief security officer for the nonprofit North American Electric Reliability.

Hackers may have targeted Ukraine’s grid for the same reason NATO jets bombed Serbian power plants in 1999: to show the citizenry that its government was too weak to keep the lights on. The hackers may even have seen the attack as in-kind retaliation after sabotage left 1.2 million people in Kremlin-controlled Crimea without lights in November 2015. In that case, saboteurs blew up pylons with explosives, then attacked the repair crews that came to fix them, creating a blackout that lasted for days. Researchers will continue to study the cyber attack in Ukraine, but the lesson may be that when it comes to war, a bomb still beats a keyboard.

Excerpts How Hackers Took Down a Power Grid, Bloomberg Business Week, Jan. 14, 2016

Cyber Crime and the Brain Drain

Trojan-Horse-Virus

Cyber attacks and cyber espionage are on the rise in Latin America, and the source of much of it is Brazilian hackers and Peruvian recent university graduates linking up with Russian-speaking experts, according to internet security analysts.  The region has seen a massive rise in ‘trojans’ – disguised malicious software – especially in the financial sector, and other online threats, said Dmitry Bestuzhev, Latin American head of research for security firm Kaspersky Lab.  The main producers of the malware are Brazil and Peru, he said in an interview with Reuters on Thursday following a regional cyber crime conference.

“Criminals from those two countries produce the majority of malicious code and attack not only their countries but also neighboring ones,” he said, adding that their attacks spread as far as Spain and Portugal. In the last couple of years there has been a rise in Latin American hackers linking up with more experienced criminals in Russia and Eastern Europe, he said, as a kind of shadowy brain drain takes place across the Atlantic.  A significant number of Peruvian students, in particular, attended university in Russia and returned home knowing how to operate malware as well as communicate in Russian.

“They return and often they are demotivated, they have studied six or eight years, and when they return to their country the work offered is low profile and mediocre paid,” said Bestuzhev.  With Peruvian laws also inadequate to deal with the threat, that was encouraging the formation of a hacker hub in the Andean country, he said.  In return, Russian criminals are increasingly using Latin American networks to ‘test’ new malware before unleashing it elsewhere, he added.

Excerpts  ROSALBA O’BRIENLatam cyber attacks rise as Peru, Brazil hackers link up with Russians, Reuters, Aug. 28, 2015

How to Get Rid of Hacktivists: the approach of the United States

operation payback tweet

Thirteen members of a hacking collective that calls itself Anonymous were indicted on Thursday (October 3, 2013) on charges that they conspired to coordinate attacks against prominent Web sites.The 13 are accused of bringing down at least six Web sites, including those belonging to the Recording Industry Association of America, Visa and MasterCard.  The attacks caused “significant damage to the victims,” the indictment said.

The attacks, carried out from September 2010 to January 2011, were part of campaign called Operation Payback, which started as an effort to support file-sharing sites but later rallied around WikiLeaks and its founder, Julian Assange.  Hackers took down the sites by inflicting a denial of service, or DDoS, attack, in which they fired Web traffic at a site until it collapsed under the load. Though the indictment mentions 13 hackers, thousands more participated in the attack by clicking on Web links that temporarily turned their computers into a digital fire hose aimed [at the websites of the companies].

According to the indictment, which was handed up at Federal District Court in Alexandria, Va., the hackers’ tool of choice was a simple open-source application known as Low Orbit Ion Cannon, which requires very little technical know-how.  Hackers simply posted a Web link online that allowed volunteers to download an application that turned their computer into a “botnet,” or network of computers, that flooded targets like Visa.com and MasterCard.com with traffic until they crashed…

By BRIAN X. CHEN and NICOLE PERLROT, U.S. Accuses 13 Hackers in Web Attacks, New York Times, October 3, 2013

Excerpt from indictment

“In connection with planning various DDoS cyber-attacks, members of the conspiracy posted fliers captioned “OPERATION PAYBACK” and claimed that: “We sick and tired of these corporations seeking to control the internet in their pursuit of profit. Anonymous cannot sit by and do nothing while these organizations stifle the spread of ideas and attack those who wish to exercise their rights to share with others.”

PDF of Indictment on Scribd

Space Weapons and Space Law

moon

“Policy, law and understanding of the threat to space is lagging behind the reality of what is out there,” warned Mark Roberts, a former Ministry of Defence official who was in charge of government space policy and the UK’s “offensive cyber portfolio”.….

The disabling of satellites would have a disastrous impact on society, knocking out GPS navigation systems and time signals. Banks, telecommunications, power and many infrastructures could fail, Roberts told the conference….Agreements such as the 1967 Outer Space treaty and the 1979 Moon treaty are supposed to control the arms race in space. Some states have signed but not ratified them, said Maria Pozza, research fellow at the Lauterpacht Centre for International Law at Cambridge University.  Existing treaties do not specify where air space ends and outer space begins – although 100km (62 miles) above the Earth is becoming the accepted limit.

The Navstar constellation of satellites was used to provide surveillance of Iraq during the Gulf war in 1991. Was that, asked Pozza, an aggressive use of space, a “force-multiplier”? Satellites may have also been used to photograph and locate al-Qaida bases, Osama bin Laden or even assess future strikes against Syria.

The Chinese government has recently moved to support a 2012 EU code of conduct for space development, which, Pozza said, was a softer law. The draft Prevention of the Placement of Weapons in Outer Space treaty has not yet been agreed. “Are we dismissing the possibility of a hard law or giving it a good chance?” Pozza asked.

The Chinese tested an anti-satellite weapon in 2007 that destroyed a defunct orbiting vehicle and showered debris across near Earth orbits. Other satellites have been jammed by strong radio signals. BBC transmissions to Iran were disrupted during this year’s elections through ground signals ostensibly sent from Syria.

In 2011, hackers gained control of the Terra Eos and Landsat satellites, Roberts said. The orbiting stations were not damaged. “The threat can now be from a laptop in someone’s bedroom,” he added.

Professor Richard Crowther, chief engineer at the UK Space Agency, said scientists were now exploring the possibility of robotic systems that grapple with and bring down disused satellites or laser weapons to clear away debris in orbit.  Both technologies, he pointed out, had a potential dual use as military weapons. 3D printing technologies would, furthermore, allow satellite operators to develop new hardware remotely in space.

The UK is formulating its space security policy, group captain Martin Johnson, deputy head of space policy at the MoD, said. Fylingdales, the Yorkshire monitoring station, has been cooperating for 50 years with the USA to enhance “space awareness” and early warning systems. The UK, Johnson said, was now working with the EU to develop a complementary space monitoring system.

Excerpt, Owen Bowcott, legal affairs correspondent, The Guardian, Sept. 11, 2013

Hackers in Demand: industrial espionage

keep calm and self destruct

American firms wage private cyber-combat against Chinese rivals…precisely that scenario is being considered by former senior American officials, who report that intellectual property (IP) is being stolen on an unprecedented scale, and that passive defences no longer work.  Annual losses from the theft of American IP are probably on a similar scale to America’s total exports to Asia, at around $300 billion a year, concludes a report by a Commission on the Theft of American Intellectual Property, a private initiative led by Dennis Blair, Barack Obama’s first director of national intelligence, and Jon Huntsman, a former ambassador to China and unsuccessful contender for the 2012 Republican presidential nomination. “Extraordinary” numbers of commercial and government entities are bent on stealing American IP. Between half and 80% of them are Chinese, depending on the sector, commissioners say. They also

To date victims have been loth to retaliate. Companies do not want to be seen as “weak” and fear being singled out for punishment as they seek access to Chinese markets, says Mr Huntsman. Companies under attack also face legal constraints that defy common sense, says Admiral Blair. Victims face prosecution if they accidentally damage hackers’ American-hosted computers when trying to recover stolen files, let alone if they deliberately tell files to self-destruct.

Changing the law to permit aggressive counter-measures would be controversial…, recommendations include denying repeat offenders access to America’s banking system, or blocking IP abusers from making big American investments.

Intellectual property:Fighting China’s hackers, Economist, May 25, 2013 at 31

Protesting the Anti-Counterfeiting Trade Agreement

Lithuania’s central bank said Friday (Jan. 27, 2012) it had been hit by a cyber-attack, but had eventually overcome the assault on its website and other online services.  In a statement, the bank said that the denial-of-service attack — in which many outside computers overload the target’s IT system — from a group of countries took place early Friday morning…The bank said that the attacks were launched from computers apparently located in countries including Canada, China, Russia, Switzerland, Ukraine and the United States…No public claim of responsibility had been made for the attack so far.  It was not clear if it was linked to Lithuania’s signature Thursday of a controversial international online anti-piracy accord.  Critics of the Anti-Counterfeiting Trade Agreement (ACTA) warn that it could significantly curtail online freedom, and several governments have come under attack by groups including “hacktivist” grouping Anonymous.

Lithuanian central bank hit by cyber-attack, Agence France Presse, Jan. 28, 2012

Text of ACTA (pdf)

Negotiating History

Rapporteur

We Have Every Right to Be Furious About ACTA