Tag Archives: hackers

As Secure as it Can Get: hacking the banks


A little-noticed lawsuit details a hacking attack similar to one that stole $81 million from Bangladesh’s central bank, saying cybercriminals stole about $9 million in 2015 from a bank in Ecuador…..…A third attack, from December 2015 at a commercial bank in Vietnam, was detailed last week by the Society for Worldwide Interbank Financial Telecommunication, or Swift. That bank detected the fraudulent requests and stopped the movement of funds, the central bank in Vietnam said.  In the January 2015 Ecuador hack, as with the Bangladesh case, hackers managed to get the bank’s codes for using Swift, the global bank messaging service, to procure funds from another bank, according to court papers.

The Ecuadorean bank, Banco del Austro, filed a lawsuit in New York federal court in 2016 accusing Wells Fargo & Co. of failing to notice “red flags’’ in a dozen January 2015 transactions and to stop them before the thieves transferred about $12 million, most of it to banks in Hong Kong.  Lawyers for the two banks didn’t immediately return phone calls asking to comment about the case and Swift’s complaints that they had failed to notify the messaging network….

There are similarities in method, including thieves accessing the bank’s system to log on to the Swift network through customer sites, and doing so after bankers’ hours, apparently to reduce the likelihood someone would ask questions about specific transactions…

According to that filing on behalf of Banco del Austro, or BDA, “For each of the unauthorized transfers, an unauthorized user, using the Internet, hacked into BDA’s computer system after hours using malware that allowed remote access, logged onto the Swift network purporting to be BDA, and redirected transactions to new beneficiaries with new amounts.” Using that method, just before midnight on Jan. 14, 2015, a payment order made to a Miami company for less than $3,000 was altered to send $1.4 million to an account in Hong Kong, according to the court filing. There were 12 suspect transfers carried out over a 10-day period in January 2015, according to the lawsuit.  BDA’s lawsuit argues Wells Fargo should have noticed several anomalies in the transfers and, at a minimum, asked questions about them.  “The unauthorized transfers were made in unusual times of the day, in unusual amounts, to unusual beneficiaries in unusual geographic locations,’’ the bank’s lawyers argued in the filing. “Despite the numerous anomalies in the unauthorized transfers, [Wells Fargo] inexplicably failed to block them and/or alert BDA of the suspicious activity.’’

Excerpts from DEVLIN BARRETT and KATY BURNE, Now It’s Three: Ecuador Bank Hacked via Swift, Wall Street Journal, May 19, 2016

How to Tear Down a Power Grid

pylons. image from wikipedia

In Ukraine on Dec. 23, 2015 the power suddenly went out for thousands of people in the capital, Kiev, and western parts of the country. While technicians struggled for several hours to turn the lights back on, frustrated customers got nothing but busy signals at their utilities’ call centers….Hackers had taken down almost a quarter of the country’s power grid, claimed Ukrainian officials.  Specifically, the officials blamed Russians for tampering with the utilities’ software, then jamming the power companies’ phone lines to keep customers from alerting anyone….Several of the firms researching the attack say signs point to Russians as the culprits. The malware found in the Ukrainian grid’s computers, BlackEnergy3, is a known weapon of only one hacking group—dubbed Sandworm by researcher ISight Partners—whose attacks closely align with the interests of the Russian government. The group carried out attacks against the Ukrainian government and NATO in 2014…

The more automated U.S. and European power grids are much tougher targets. To cloak Manhattan in darkness, hackers would likely need to discover flaws in the systems the utilities themselves don’t know exist before they could exploit them. In the Ukrainian attack, leading security experts believe the hackers simply located the grid controls and delivered a command that shut the power off. Older systems may be more vulnerable to such attacks, as modern industrial control software is better at recognizing and rejecting unauthorized commands, says IOActive’s Larsen.

That said, a successful hack of more advanced U.S. or European systems would be a lot harder to fix. Ukrainian utility workers restored power by rushing to each disabled substation and resetting circuit breakers manually. Hackers capable of scrambling New York’s power plant software would probably have to bypass safety mechanisms to run a generator or transformer hotter than normal, physically damaging the equipment. That could keep a substation offline for days or weeks, says Michael Assante, former chief security officer for the nonprofit North American Electric Reliability.

Hackers may have targeted Ukraine’s grid for the same reason NATO jets bombed Serbian power plants in 1999: to show the citizenry that its government was too weak to keep the lights on. The hackers may even have seen the attack as in-kind retaliation after sabotage left 1.2 million people in Kremlin-controlled Crimea without lights in November 2015. In that case, saboteurs blew up pylons with explosives, then attacked the repair crews that came to fix them, creating a blackout that lasted for days. Researchers will continue to study the cyber attack in Ukraine, but the lesson may be that when it comes to war, a bomb still beats a keyboard.

Excerpts How Hackers Took Down a Power Grid, Bloomberg Business Week, Jan. 14, 2016

Cyber Crime and the Brain Drain

Trojan-Horse-Virus

Cyber attacks and cyber espionage are on the rise in Latin America, and the source of much of it is Brazilian hackers and Peruvian recent university graduates linking up with Russian-speaking experts, according to internet security analysts.  The region has seen a massive rise in ‘trojans’ – disguised malicious software – especially in the financial sector, and other online threats, said Dmitry Bestuzhev, Latin American head of research for security firm Kaspersky Lab.  The main producers of the malware are Brazil and Peru, he said in an interview with Reuters on Thursday following a regional cyber crime conference.

“Criminals from those two countries produce the majority of malicious code and attack not only their countries but also neighboring ones,” he said, adding that their attacks spread as far as Spain and Portugal. In the last couple of years there has been a rise in Latin American hackers linking up with more experienced criminals in Russia and Eastern Europe, he said, as a kind of shadowy brain drain takes place across the Atlantic.  A significant number of Peruvian students, in particular, attended university in Russia and returned home knowing how to operate malware as well as communicate in Russian.

“They return and often they are demotivated, they have studied six or eight years, and when they return to their country the work offered is low profile and mediocre paid,” said Bestuzhev.  With Peruvian laws also inadequate to deal with the threat, that was encouraging the formation of a hacker hub in the Andean country, he said.  In return, Russian criminals are increasingly using Latin American networks to ‘test’ new malware before unleashing it elsewhere, he added.

Excerpts  ROSALBA O’BRIENLatam cyber attacks rise as Peru, Brazil hackers link up with Russians, Reuters, Aug. 28, 2015

How to Get Rid of Hacktivists: the approach of the United States

operation payback tweet

Thirteen members of a hacking collective that calls itself Anonymous were indicted on Thursday (October 3, 2013) on charges that they conspired to coordinate attacks against prominent Web sites.The 13 are accused of bringing down at least six Web sites, including those belonging to the Recording Industry Association of America, Visa and MasterCard.  The attacks caused “significant damage to the victims,” the indictment said.

The attacks, carried out from September 2010 to January 2011, were part of campaign called Operation Payback, which started as an effort to support file-sharing sites but later rallied around WikiLeaks and its founder, Julian Assange.  Hackers took down the sites by inflicting a denial of service, or DDoS, attack, in which they fired Web traffic at a site until it collapsed under the load. Though the indictment mentions 13 hackers, thousands more participated in the attack by clicking on Web links that temporarily turned their computers into a digital fire hose aimed [at the websites of the companies].

According to the indictment, which was handed up at Federal District Court in Alexandria, Va., the hackers’ tool of choice was a simple open-source application known as Low Orbit Ion Cannon, which requires very little technical know-how.  Hackers simply posted a Web link online that allowed volunteers to download an application that turned their computer into a “botnet,” or network of computers, that flooded targets like Visa.com and MasterCard.com with traffic until they crashed…

By BRIAN X. CHEN and NICOLE PERLROT, U.S. Accuses 13 Hackers in Web Attacks, New York Times, October 3, 2013

Excerpt from indictment

“In connection with planning various DDoS cyber-attacks, members of the conspiracy posted fliers captioned “OPERATION PAYBACK” and claimed that: “We sick and tired of these corporations seeking to control the internet in their pursuit of profit. Anonymous cannot sit by and do nothing while these organizations stifle the spread of ideas and attack those who wish to exercise their rights to share with others.”

PDF of Indictment on Scribd

Space Weapons and Space Law

moon

“Policy, law and understanding of the threat to space is lagging behind the reality of what is out there,” warned Mark Roberts, a former Ministry of Defence official who was in charge of government space policy and the UK’s “offensive cyber portfolio”.….

The disabling of satellites would have a disastrous impact on society, knocking out GPS navigation systems and time signals. Banks, telecommunications, power and many infrastructures could fail, Roberts told the conference….Agreements such as the 1967 Outer Space treaty and the 1979 Moon treaty are supposed to control the arms race in space. Some states have signed but not ratified them, said Maria Pozza, research fellow at the Lauterpacht Centre for International Law at Cambridge University.  Existing treaties do not specify where air space ends and outer space begins – although 100km (62 miles) above the Earth is becoming the accepted limit.

The Navstar constellation of satellites was used to provide surveillance of Iraq during the Gulf war in 1991. Was that, asked Pozza, an aggressive use of space, a “force-multiplier”? Satellites may have also been used to photograph and locate al-Qaida bases, Osama bin Laden or even assess future strikes against Syria.

The Chinese government has recently moved to support a 2012 EU code of conduct for space development, which, Pozza said, was a softer law. The draft Prevention of the Placement of Weapons in Outer Space treaty has not yet been agreed. “Are we dismissing the possibility of a hard law or giving it a good chance?” Pozza asked.

The Chinese tested an anti-satellite weapon in 2007 that destroyed a defunct orbiting vehicle and showered debris across near Earth orbits. Other satellites have been jammed by strong radio signals. BBC transmissions to Iran were disrupted during this year’s elections through ground signals ostensibly sent from Syria.

In 2011, hackers gained control of the Terra Eos and Landsat satellites, Roberts said. The orbiting stations were not damaged. “The threat can now be from a laptop in someone’s bedroom,” he added.

Professor Richard Crowther, chief engineer at the UK Space Agency, said scientists were now exploring the possibility of robotic systems that grapple with and bring down disused satellites or laser weapons to clear away debris in orbit.  Both technologies, he pointed out, had a potential dual use as military weapons. 3D printing technologies would, furthermore, allow satellite operators to develop new hardware remotely in space.

The UK is formulating its space security policy, group captain Martin Johnson, deputy head of space policy at the MoD, said. Fylingdales, the Yorkshire monitoring station, has been cooperating for 50 years with the USA to enhance “space awareness” and early warning systems. The UK, Johnson said, was now working with the EU to develop a complementary space monitoring system.

Excerpt, Owen Bowcott, legal affairs correspondent, The Guardian, Sept. 11, 2013

Hackers in Demand: industrial espionage

keep calm and self destruct

American firms wage private cyber-combat against Chinese rivals…precisely that scenario is being considered by former senior American officials, who report that intellectual property (IP) is being stolen on an unprecedented scale, and that passive defences no longer work.  Annual losses from the theft of American IP are probably on a similar scale to America’s total exports to Asia, at around $300 billion a year, concludes a report by a Commission on the Theft of American Intellectual Property, a private initiative led by Dennis Blair, Barack Obama’s first director of national intelligence, and Jon Huntsman, a former ambassador to China and unsuccessful contender for the 2012 Republican presidential nomination. “Extraordinary” numbers of commercial and government entities are bent on stealing American IP. Between half and 80% of them are Chinese, depending on the sector, commissioners say. They also

To date victims have been loth to retaliate. Companies do not want to be seen as “weak” and fear being singled out for punishment as they seek access to Chinese markets, says Mr Huntsman. Companies under attack also face legal constraints that defy common sense, says Admiral Blair. Victims face prosecution if they accidentally damage hackers’ American-hosted computers when trying to recover stolen files, let alone if they deliberately tell files to self-destruct.

Changing the law to permit aggressive counter-measures would be controversial…, recommendations include denying repeat offenders access to America’s banking system, or blocking IP abusers from making big American investments.

Intellectual property:Fighting China’s hackers, Economist, May 25, 2013 at 31

Protesting the Anti-Counterfeiting Trade Agreement

Lithuania’s central bank said Friday (Jan. 27, 2012) it had been hit by a cyber-attack, but had eventually overcome the assault on its website and other online services.  In a statement, the bank said that the denial-of-service attack — in which many outside computers overload the target’s IT system — from a group of countries took place early Friday morning…The bank said that the attacks were launched from computers apparently located in countries including Canada, China, Russia, Switzerland, Ukraine and the United States…No public claim of responsibility had been made for the attack so far.  It was not clear if it was linked to Lithuania’s signature Thursday of a controversial international online anti-piracy accord.  Critics of the Anti-Counterfeiting Trade Agreement (ACTA) warn that it could significantly curtail online freedom, and several governments have come under attack by groups including “hacktivist” grouping Anonymous.

Lithuanian central bank hit by cyber-attack, Agence France Presse, Jan. 28, 2012

Text of ACTA (pdf)

Negotiating History

Rapporteur

We Have Every Right to Be Furious About ACTA

One More Reason to Occupy Nigeria: the severe environmental damage

The Nigerian cell of the Anonymous collective has continued its ongoing campaign against government corruption issuing a statement listing its demands.  Sent to the International Business Times on Tuesday via email the statement has since been re-posted on Pastebin – indicating that it is likely authentic.  In it the collective promised to continue mounting its ongoing series of cyber assaults against the Nigerian government should its demands for “justice” and an end to violence against protesters not be met. Specifically Anonymous Nigeria’s demands were six-fold:

“WE DEMAND THAT YOU CUT THE COST OF GOVERNMENT BY 60%

“WE DEMAND THAT YOU ELIMINATE WASTE IN GOVERNMENT

“WE DEMAND THAT YOU TACKLE CORRUPTION AND POLITICAL PATRONAGE

“WE DEMAND THAT YOU REDUCE THE PUMP PRICE OF FUEL TO N65

“WE DEMAND THAT YOU FIND OUT AND PROSECUTE MEMBERS OF THE FUEL CABAL,” read Anonymous’ statement. Later adding the final demand:

“WE DEMAND AN IMMEDIATE END TO THE KILLING OF INNOCENT PROTESTERS”

The statement follows the collective’s unified and ongoing support of all Occupy movements. Though the root cause of the Occupy movement is difficult to discern, the earliest call-to-arms stemmed from a blog post in Adbusters magazine.  Inspired by the Arab Spring and Spain’s Democracia real YA platform, Adbusters called for all like-minded individuals unhappy with the current global political and economic system to march on Wall Street and mount an ongoing sit-in-protest.

The post quickly captured the imagination of several groups, leading to the #occupywallstreet hash-tag trending on Twitter. The movement gained significant mainstream attention outside of Adbusters’ native U.S. base when the Anonymous collective took notice and publicly voiced its support.  Reiterating Adbusters’ post, Anonymous issued the above video on its AnonOps website citing a series of undisclosed actions perpetrated by “corrupt” governments and corporations as its motivation for the sit-in.  Since Adbusters’ and Anonymous’ call-to-arms the Occupy movement has spread to cities across the world, seeing citizens pitch tents in public squares and mount sit-in-protests against the world’s current political and economic systems. In all the campaigns Anonymous has openly voiced its support for the movement, publicising its live video feeds and reporting any incidents of police violence against protesters.

The Nigerian cell of Anonymous has followed this pattern, publicly voicing its support and reporting any incidents of violence against Occupy protesters. The group has already taken credit for identifying the deaths of in-excess of 10 participants in the Occupy Nigeria protest. Ending its statement Anonymous Nigeria promised it would continue its “peaceful” protest – many Anons list identify themselves as pacifists and are hostile to any and all acts of physical violence

Alastair Stevenson, Occupy Nigeria: Anonymous Demand End to Government Corruption, Jan. 11, 2012

Uncensored Communication as a Human Right;hackers, satellites and internet freedom

Computer hackers plan to take the internet beyond the reach of censors by putting their own communication satellites into orbit.  The scheme was outlined at the Chaos Communication Congress in Berlin.  The project’s organisers said the Hackerspace Global Grid will also involve developing a grid of ground stations to track and communicate with the satellites.  Longer term they hope to help put an amateur astronaut on the moon.  Hobbyists have already put a few small satellites into orbit – usually only for brief periods of time – but tracking the devices has proved difficult for low-budget projects.  The hacker activist Nick Farr first put out calls for people to contribute to the project in August. He said that the increasing threat of internet censorship had motivated the project.

“The first goal is an uncensorable internet in space. Let’s take the internet out of the control of terrestrial entities,” Mr Farr said.  He cited the proposed Stop Online Piracy Act (Sopa) in the United States as an example of the kind of threat facing online freedom. If passed, the act would allow for some sites to be blocked on copyright grounds.

Although space missions have been the preserve of national agencies and large companies, amateur enthusiasts have launched objects into the heavens.  High-altitude balloons have also been used to place cameras and other equipment into what is termed “near space”. The balloons can linger for extended amounts of time – but are not suitable for satellites.  The amateur radio satellite Arissat-1 was deployed into low earth orbit last year via a spacewalk by two Russian cosmonauts from the International Space Station as part of an educational project.  Students and academics have also launched other objects by piggybacking official rocket launches.  However, these devices have often proved tricky to pinpoint precisely from the ground.  According to Armin Bauer, a 26-year-old enthusiast from Stuttgart who is working on the Hackerspace Global Grid, this is largely due to lack of funding.

The Berlin conference was the latest meeting held by the Chaos Computer Club, a decades-old German hacker group that has proven influential not only for those interested in exploiting or improving computer security, but also for people who enjoy tinkering with hardware and software.  When Mr Farr called for contributions to Hackerspace, Mr Bauer and others decided to concentrate on the communications infrastructure aspect of the scheme.  Mr Bauer says the satellites could help provide communications to help put an amateur into space.  He and his teammates are working on their part of the project together with Constellation, an existing German aerospace research initiative that mostly consists of interlinked student projects….

“It’s kind of a reverse GPS,” Mr Bauer said. “GPS uses satellites to calculate where we are, and this tells us where the satellites are. We would use GPS co-ordinates but also improve on them by using fixed sites in precisely-known locations.”  Mr Bauer said the team would have three prototype ground stations in place in the first half of 2012, and hoped to give away some working models at the next Chaos Communication Congress in a year’s time.  They would also sell the devices on a non-profit basis.  “We’re aiming for 100 euros (£84) per ground station. That is the amount people tell us they would be willing to spend,” Mr Bauer added.

Experts say the satellite project is feasible, but could be restricted by technical limitations…..”There is also an interesting legal dimension in that outer space is not governed by the countries over which it floats. So, theoretically it could be a place for illegal communication to thrive. However, the corollary is that any country could take the law into their own hands and disable the satellites.”……….

Asked whether some might see negative security implications in the idea of establishing a hacker presence in space, Farr said the only downside would be that “people might not be able to censor your internet”.  “Hackers are about open information,” Farr added. “We believe communication is a human right.”

Excerpts, By David Meyer, Hackers plan space satellites to combat censorship,BBC, Jan. 4, 2012

Who is Hacking Whom? the Iranian Hackers

After breaching the Dutch CA (Certification Authority) DigiNotar, Iranian hackers managed to sign forged certificates for the domains of spy agencies CIA, Mossad and MI6. Leading certification authorities like VeriSign and Thawte were also targeted, as were Iranian dissident sites.  The cyber attack on DigiNotar, a Dutch subsidiary of VASCO Data Security International Inc, is much more serious than previously thought. In July, hackers gained access to the network and infrastructure of several of DigiNotar’s CAs. Once inside, they generated hundreds of forged certificates for third-party domains.  With these certificates hackers can potentially syphon off user login credentials by spoofing a legitimate site, complete with a functioning but forged SSL-certificate, apparently issued by DigiNotar.

The forged certificates match domains of the U.S. Central Intelligence Agency, the Israeli secret service Mossad, and the British spy agency MI6. On top of that, the hackers created false certificates of other CA’s like VeriSign and Thawte, in an attempt to also misuse their trusted position in securing Internet communications……

The cyber attackers even created fake certificates with messages praising the Iranian Revolutionary Guard, NOS reported.  It’s still unknown how successful the hackers have been in harvesting logins and spying on e-mail and chat messages. Most certificates have either elapsed or were revoked after DigiNotar discovered the breach in mid July.

Chris Soghoian, security and privacy researcher at Indiana University and Graduate Fellow at the Center for Applied Cybersecurity Research, said the list is a “very interesting set of sites.” However, he’s skeptical that the hackers could have penetrated into the networks of the spy agencies with the forged certificates.  “Actually I think the secret service domains are the least alarming part. It’s sexy, and will probably lead to a lot of questions and interest from government agencies. Of course, nobody wants to get caught with their pants down, but there’s really no classified information on these domains. Those are on separate, secured internal networks. So the practical security impact of the Iranian government getting a certificate for the CIA is nill. It’s really just very embarrassing, that’s all,” said Soghoian in an interview with Webwereld.

Still, the cyber hack at DigiNotar has a very high profile. “What is alarming is that they forged certificates for other CA’s, like VeriSign and Thawte. But the most problematic are sites like Google and Facebook. And also Walla, which is one the biggest mail providers in Israel.” Through forged SSL certificates of these sites the Iranian regime would be able to syphon the accounts and online communications of countless people, explained Soghoian.

Google has already updated its Chrome browser so it blocks access to any site which uses a DigiNotar certificate. Mozilla and Microsoft are expected to issue patches for their browsers soon. The Microsoft Security Response team tweeted earlier: “We’re in the process of moving all DigiNotar CAs to the Untrusted Root Store which will deny access to any website using DigiNotar CAs.”  This means hundreds of Dutch government sites will become inaccessible by browsers over the coming days if the agencies don’t switch to another certificate issuer in time.

Last week, Dutch security company Fox-IT carried out a forensic examination of the cyber hack at DigiNotar. The preliminary results prompted the government in The Hague to go into crisis mode, putting in effect an immediate stop to any DigiNotar services, and taking over the operational management of the DigiNotar Certification Authority.  The report on this investigation will be sent to the Parliament and made public on Monday.

Andreas Udo, Hackers Forge Certificates to Break into Spy Agencies, PC World, Sept. 4, 2011