Hayden: Russian cyber sophistication derives from criminal groups

Russia is one of the most sophisticated nation-states in cyberspace in part because of its ability to enlist cyber-criminal groups to do its bidding, said retired Gen. Michael Hayden, former head of the CIA and National Security Agency.

“The Chinese have scale, the Russians have skill,” Hayden said May 24 at a conference in Washington hosted by Gigamon. That assessment echoes what Adm. Michael Rogers, the current NSA director, has told Congress.

Hayden likened Russian President Vladimir Putin’s alleged sponsorship of criminal hackers to the patronage Don Vito Corleone provides associates in the popular film The Godfather.

“Don Vladimir has allowed the criminal gangs to survive and flourish without legal interference as long as they go outward,” Hayden said. “And from time to time the Don then has need of their services.”

Analysts and U.S. lawmakers have pointed to close ties between the Russian government and cybercriminal groups to the point of blurring the lines of attribution. Some have blamed Russia for a December hack of the Ukrainian power grid, which affected 225,000 customers.

The different bilateral relationships Washington has with Moscow and Beijing have dictated different U.S. policy responses to alleged state-sponsored cyber operations.

The U.S. and China last September agreed to not “knowingly support cyber-enabled theft of intellectual property,” something U.S. lawmakers have long accused China of doing. But with the U.S. government already heavily sanctioning Russia, such a bilateral agreement with Moscow seems unlikely.

“The relationship with Russia is such [that] I don’t know how you do that,” Hayden said.

In an April Senate hearing, Rogers, the current NSA director, told lawmakers that of nation-states, Russia “probably has the most active criminal element with … the greatest capability.” Asked if the Russia government was doing anything to combat cyber criminals on its turf, Rogers replied with a smile, “I would only say it doesn’t appear to be getting much better.”

Analysts such as NSS Labs CEO Vikram Phatak have argued that in a relatively lawless field, the U.S. government should embrace hackers who otherwise wouldn’t pass a background check. Although U.S. military and intelligence agencies have talented personnel, they don’t have “the kind of operational experience that the Russian mob has or the Chinese mob has,” Phatak told FCW earlier this year.

When asked if the U.S. government should give its computer operatives freer rein to go after Russian targets, Hayden was circumspect. “You cannot create symmetric effects in the Russian economy compared to what they can do in our economy,” he told FCW after his remarks.

Stuxnet a ‘poster child’ for certain hacks

Hayden’s remarks underscored the legal and normative ambiguity in cyberspace.

The United States is “incredibly aggressive in the cyber domain. We steal other nations’ data,” but not for commercial gain, he said.

U.S. officials suspect Chinese hackers were behind the breach of at least 22 million U.S. government records at the Office of Personnel Management. Hayden indicated he was jealous of that data heist.

“If I could have done this against a comparable Chinese database when I was director of NSA, I would have done it in a heartbeat,” the former Air Force general said.

During his remarks, Hayden described Stuxnet, the computer worm reportedly developed by the U.S. and Israel to destroy Iran’s nuclear centrifuges, as the “poster child” for hacks with physical-world implications. He told FCW afterward that the distributed-denial-of-serviceattacks that hit the U.S. financial sector from 2011 to 2013, which were allegedly carried out by Iranian hackers, were retribution for Stuxnet.

Hayden declined to confirm or deny U.S. involvement in Stuxnet, but said the net trade off — hampered Iranian centrifuges versus financial loss inflicted by the DDOS attacks — was in U.S. interests. Banks spent tens of millions of dollars in response to those attacks, according to the FBI.

Source:  https://fcw.com/articles/2016/05/24/hayden-russia-cyber.aspx

Anonymous Announces #OpSilence, Month-Long Attacks on Mainstream Media

Members of the Ghost Squad Hackers team, one of most active Anonymous sub-divisions, have carried out DDoS attacks on CNN and FOX News as part of a new hacktivism campaign.

Called OpSilence, the campaign’s goal is to attack all mainstream media that fails to report on the Palestine war or the true crimes happening in Syria, one of the hackers told Mic.

#OpSilence will take place during the entire month of June 2016

The operation will be run similarly to #OpIcarus, a month-long series of attacks that took place in the month of May against various banks around the world.

Any hacktivism group is welcomed to join, and the campaign comes on the heels of OpIcarus, which just ended yesterday.

Ghost Squad Hackers didn’t wait for June to start to begin their attacks, and they’ve already hit the email servers of FOX News and CNN. The group has been changing tactics lately, switching from DDoSing public websites to attacking mail servers, as they did most recently against the Bank of England.

Other hackers have taken a pro-Palestine stance before

Taking a pro-Palestine stance isn’t something strange for hackers, many others supporting this cause as well. The previous group that did so was CWA (Crackas With Attitude), whose hacked targets include CIA Director John Brennan’s personal AOL email account, FBI Deputy Director Mark Giuliano, US National Intelligence Director James Clapper, and President Barack Obama’s Senior Advisor on science and technology John Holdren.

The group is also responsible for hacking the JABS US national arrests database. They also leaked details for 2,400 US government officials, 80 Miami police officers, 9,000 DHS employees, and 20,000 FBI staffers.

Back in February, the group’s leader, a sixteen-year-old boy, was arrested in East Midlands, England.

External Source: http://www.ddosattacks.net/anonymous-announces-opsilence-month-long-attacks-on-mainstream-media/


Internal source:  http://news.softpedia.com/news/anonymous-announces-opsilence-month-long-attacks-on-mainstream-media-504760.shtml

First stage of CIS counterterrorism exercises Cyber Anti-terror 2016 over

MOSCOW, 26 May (BelTA) – The special services of the CIS member states have carried out the first stage of the CIS counter-terrorism exercise Cyber Anti-terror 2016, the press service of the CIS Anti-Terrorism Center told BelTA. According to the source, security agencies and special services of the CIS member states carried out a number of search and respond actions coordinated by the CIS Anti-Terrorism Center to detect and suppress acts of cyber-terrorism as part of the first stage of the CIS counter-terrorism exercise Cyber Anti-terror 2016 on 23-25 May. In particular, with assistance of the CIS Anti-Terrorism Center experts from Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia practiced the detection and filtering of DDoS attacks staged by imaginary terrorists against a critical piece of infrastructure (a power engineering industry installation) located in Belarus. The experts determined IP subnets of the accomplices of the imaginary terrorists and their geographical locations. The experts then used minimal data provided by the collective-access information systems of the CIS states, including the specialized database of the CIS Anti-Terrorism Center and fingerprint databases, to determine the identity of the cyber-terrorists, document their illegal activities, and prevent their attempt to disrupt control over the critical installation. The efforts resulted in the simultaneous arrest of the imaginary cyber-terrorists in Armenia, Belarus, Kazakhstan, Kyrgyzstan, and the Russian Federation. The equipment they used to commit crimes was seized. Results of the first stage of the CIS counter-terrorism exercise Cyber Anti-terror 2016 will be summed up when top officers of the counter-terrorism units of the security agencies and special services of the CIS member states convene in Minsk on 31 May – 2 June. A counter-terrorism operation will be staged then to free hostages and neutralize terrorists at a strategically important installation (the Lukoml state district power plant). The press service of the CIS Anti-Terrorism Center told BelTA that joint counter-terrorism exercises are an important component in practical interaction between the member states of the Commonwealth of Independent States. The main purpose of the exercises is to improve the readiness of security agencies, special services, and other power-wielding agencies of the CIS member states to work together to counteract terrorist threats and challenges. Practical experience is accumulated and the best practices are shared during such exercises.


Source: http://eng.belta.by/society/view/first-stage-of-cis-counterterrorism-exercise-cyber-antiterror-2016-over-91638-2016/

Anonymous vigilantes expose cheating firms who inflate their value on the stock market

The hackers’ collective, Anonymous, seems to be slowly changing how they do things, to the extent that one division is now hacking for trading financial reports in order to expose firms in the US and China that are trying to cheat on the stock market. This particular group of hackers goes by the name Anonymous Analytics.

According to Softpedia, the division was formed in 2011 by ex-Anonymous hackers who got tired of launching Distributed Denial of Service (DDoS) attacks and hacking into companies to make a point.

In order to find the hidden information about companies that might be inflating their values, Anonymous Analytics spend their time analysing the stock market and searching the internet for clues.  This is often done using techniques that might not be legal or ethical.  And once they have the information, this group of hackers will publish financial reports exposing companies. This has caused at least one company’s stock price to fall. So far, Anonymous Analytics has compiled publicly available financial reports on 11 firms, most of which are from China and the US.

Anonymous Analytics efforts in releasing the truth has damaged buyers’ confidence in the stocks belonging to a Chinese lottery machine service provider and games developer called REXLot Holdings.  This company along with others had inflated its revenue and the amount of cash it had from interest earned on its balance sheet before being caught by the Anonymous Analytics.


Bringing down stock market cheats

On 24 June 2015, Anonymous Analytics published a report on REXLot’s activities, which caused the stock price to plummet from $HK0.485 (4p, 6¢) down to $HK0.12, before the firm completely suspended its shares from trading. Bloomberg reported on the incident at the time but RexLot refused to respond despite repeated attempts.

When REXLot decided to return to the stock market on 18 April and they submitted a 53-page report about their financial status. Anonymous Analytics read the report and decided to publish a countering report. The second report was even worse and advised investors to urgently sell their stock, causing the company’s stock price to fall again by 50%.

A week after the report which exposed REXLot was released, the company had to admit in a report to the Hong Kong stock exchange that it could not honour all the bond redemptions requested by holders; which amounted to HK$1.85bn, due to the fact that it just didn’t have sufficient cash resources.

In fact, REXLot said it was trying to gain the bondholders’ consent to let it have more time to dispose of some assets in order to generate the cash needed to make the payments.

While it is a rather unusual approach for the hacking collective, Anonymous Analytics’ efforts seem to having a much greater impact than its attempts to troll Islamic State with Rick Astley music videos or DDoS-ing random companies in different countries to make a point.

Source:  http://www.ibtimes.co.uk/anonymous-vigilantes-expose-cheating-firms-who-inflate-their-value-stock-market-1562458

Anonymous Leads the Pack for 2016’s Trending Hacktivist Groups

Based on collected threat intelligence and social media hype, SurfWatch Labs says that Anonymous maintained its position as top trending hacktivist group, followed by Turk Hack Team (THT), New World Hacking (NWO), and Ghost Squad Hackers.

The data reveals that, compared to other years, hacktivism has slowed down and lost momentum but has still managed to cause enough damages to gain mainstream media attention.

The security firm says that government agencies were hit the hardest by hacktivism campaigns, with the most hype having been generated around the now-infamous COMELEC hack by Anonymous Philippines and Lulzsec Philippines, during which details for around 50 million Filipino voters were leaked.

2016 is a down year for hacktivism, but groups generated enough hype

Besides this incident, hacktivist groups generated a lot of attention to their causes via the massive DDoS attack on BBC at the start of the year, the DDoS attacks on Donald Trump’s websites part of #OpTrump, the DDoS attacks on the Bank of Greece part of #OpIcarus, and the ones on Nissan part of #OpKillingBay.

Other smaller hacktivism incidents that also brought a lot of attention to causes and the groups behind them were the attacks on the Bank of Cyprus, the takedown of ISIS Twitter profiles following the Belgium attacks, and the leak of data from NASA’s internal network.

The top five hacktivism campaigns during the first months of 2016 were #OpTrump, #OpKilling Bay, #OpWhales, #OpIsrael, and #OpAfrica. #OpIcarus was not included since it’s supposed to last for the entire month of May, but the campaign is sure to become a mainstay in Anonymous’ standard operations.

SurfWatch Labs also points out in its report that former big names such as the Syrian Electronic Army and Lizard Squad seem to have fallen off the face of the earth, with the company seeing no to little activity from its members. Taking into account that the US has filed former charges against members of the Syrian Electronic Army, the group’s members are probably busy avoiding getting arrested.

Source:  http://news.softpedia.com/news/anonymous-leads-the-pack-of-2016-s-trending-hacktivist-groups-504605.shtml

U.S. Spending Heavily to Counter Deadly DDoS Cyber Attacks by Foreign Foes

The U.S. Defense Advanced Research Projects Agency (DARPA) is spending heavily to automate the cyber defense responses of the U.S. military to counter distributed denial-of-service (DDoS) attacks that are widely expected to precede a limited armed conflict or a full-scale war with another nation.

DARPA’s answer to this deadly threat is Extreme DDoS Defense or XD3. This program will alter the way the military protects its networks from high- and low-speed DDoS attacks. The general public and private business firms will also benefit from this program.

A DDoS attack occurs when multiple systems flood the bandwidth or resources of a targeted system such as the Pentagon’s using one or more web servers. These attacks are difficult to thwart since multiple machines are used to overwhelm a target. It’s also difficult to deal with since responses to DDoS attacks are usually delayed and manually driven.

Over the past seven months, DARPA has awarded seven XD3 multi-million dollar contracts to Georgia Tech, George Mason University, Invincea Labs, Raytheon BBN, Vencore Labs and the University of Pennsylvania.

DARPA said the nature of DDoS attacks span a wide range. Botnet-induced volumetric attacks, which can generate hundreds of gigabits per second of malicious traffic, are perhaps the best-known form of DDoS.

“However, low-volume DDoS attacks can be even more pernicious and problematic from a defensive standpoint. Such attacks target specific applications, protocols or state-machine behaviors while relying on traffic sparseness (or seemingly innocuous message transmission) to evade traditional intrusion-detection techniques.”

DARPA noted the current art in DDoS defense generally relies on combinations of network-based filtering, traffic diversion and “scrubbing” or replication of stored data (or the logical points of connectivity used to access the data) to dilute volumetric attacks and provide diverse access for legitimate users.

It said these approaches fall well short of desired capabilities in terms of response times and the ability to identify and to thwart low-volume DDoS. Current methods also don’t have the ability to stop DDoS within encrypted traffic. There is also the need to defend real-time transactional services such as those associated with and military command and control.

DARPA laments that responses to DDoS attacks are too slow and manually driven.

Diagnosis and formulation of filtering rules often take hours to formulate and execute. This means a clear need exists for fundamentally new DDoS defenses with far greater resilience to DDoS attacks across a broader range of contexts, than existing approaches or evolutionary extensions.

Source: http://www.chinatopix.com/articles/88761/20160526/u-s-spending-heavily-counter-deadly-ddos-cyber-attacks.htm


Anonymous Hackers Turned Stock Analysts Are Targeting US & Chinese Corporations

A relatively unknown division of the Anonymous hacker collective that goes by the name of Anonymous Analytics has been sabotaging companies on the stock market by revealing flaws in their financial statements, with catastrophic results.

The group, which was founded in 2011, is comprised of former Anonymous hackers who decided that hacking into companies, dumping data, or launching DDoS attacks is not enough.

Anonymous Analytics are the stock market’s vigilantes

Instead, they decided to use their skills as market analysts and black hat hackers to scour the Internet for clues, sometimes with less-than-ethical techniques, and then compile financial reports on the companies they find cheating on the stock market.

Until now, the group has published reports on eleven companies. The list includes mostly US and Chinese corporations, among which the most recognizable names are Qihoo 360 and Western Union.

Its most resounding success was the report on REXLot, a Chinese-based lottery machine service. Anonymous Analytics revealed that REXLot inflated its revenue and the amount of cash on its balance sheet, based on the amount of interest earned.

Anonymus Analytics sends REXLot stock into a downward spiral

The group published its findings on June 24, 2015, and REXLot stock price plummeted from 0.485 Hong Kong dollar per share to 0.12, before trading was suspended.

REXLot rejoined the market on April 18, this year, but even after submitting a 53-page report, the company stock fell again by 50 percent.

After reading REXLot’s report, the group tweeted, “After 10 months, REXLot publishes a confused clarification announcement. We read it and endless laughs were had. We will respond shortly.” And they did, a day after. Another day after that, the group published a second report on the company and modified its rating from “sell” to “strong sell.”

A week later, news outlets reported that REXLot did not have enough cash to make due bond payments, which meant the company had to sell assets to repay bonds, proving the group right, and also showing its power and influence in the financial world.

For an Anonymous sub-division, the group has caused more financial damages to companies around the globe than any fourteen-year-old teen with a rented DDoS stressor, which would make them more qualified to get involved into #OpIcarus more than anyone else.

Source: http://news.softpedia.com/news/anonymous-hackers-turned-stock-analysts-are-targeting-us-chinese-corporations-504495.shtml

Anonymous Goes After Florida Gov. Rick Scott for Polluting the Gulf of Mexico

A member of the Anonymous hacker collective has uploaded a video online requesting the impeachment and immediate resignation of Florida Governor Rick Scott.

In videos posted first on Facebook and then on YouTube, the group launches accusations of corruption and complacency when it comes to the state’s dangerous situation regarding its polluted waters slowly dripping into the Atlantic.

The group specifically outlines the case of Lake Okeechobee, whose waters have slowly trickled into the Gulf of Mexico.

“This water could have easily been sent south to the Everglades, but is his greed for big sugar and the land deals to line his pockets,” the hacker group explains in its video.

Further, the group also brings accusations of Governor Scott protecting the state’s corrupt politicians and manipulating the judicial system with the help Pam Bondi, Florida’s Attorney General.

The Anonymous video also reminds everyone that Governor Scott was previously declared guilty of Medicaid fraud.

Anonymous’ ongoing war with the political class

This is neither the first nor the last time when Anonymous goes after political figures, in the US or other countries. Previously, the group issued similar threats against Donald Trump, Ted Cruz, and Denver Mayor Michael Hancock.

Unlike the case of Mayor Hancock, this time, the hacker group hasn’t provided any shred of evidence for their accusations. In most of these cases, the group only launched small DDoS attacks against public institutions or the target’s personal websites.

Long gone are the days when Anonymous would leak sensitive documents to support their claims.

In 2014, Anonymous had another run-in with the state of Florida, when the group targeted the city of Four Lauderdale because of its treatment of the homeless. In 2011, Anonymous also brought down government sites in Orlando, after the city started arresting people giving food to groups of homeless people larger than 25.


Source:  http://news.softpedia.com/news/anonymous-goes-after-florida-gov-rick-scott-for-polluting-the-gulf-of-mexico-504445.shtml

A new botnet has been discovered that takes login credentials

A new botnet has been discovered that takes login credentials from a less-secure site and tests them on banking and financial transactions sites, leaving users who reuse the same password across sites vulnerable to attack.

Internet security firm ThreatMetrix described the botnet in its Cybercrime Report covering the first quarter of 2016. In it, its said that botnet attacks have evolved from large-scale distributed denial of service (DDoS) attacks to low-and-slow attacks which are more difficult to detect. Rather than taking down a site or server, the new botnets mimic trusted customer behavior and logins to access accounts.

The new bots get customer login information from a lower-security site: one with ‘modest sign-up requirements’ for the creation of username/password combinations. The botnets take a list of user credentials from the dark web and run ‘massive credentialing sessions’ on lower-security sites. Often sites that provide content, like Netflix or Spotify, will be targeted for the first phase of attack as they have millions of customers and lower security requirements than most financial institutions and e-commerce sites. “These attacks result in huge spikes over a couple of days with sustained transaction levels of over 200 transactions / second as they slice down the list.” Every time they get a hit with a username/password combination it goes on a list, which is then used to launch a low-and-slow attack on financial and e-commerce institutions. These attacks are difficult to detect and comprised 264 million attacks on e-commerce websites in the first quarter of 2016 alone. They noted an overall 35% growth in bot attacks from the last quarter of 2015 to the first of 2016, a number which is expected to continue to grow.

“With recent data breaches, and the tendency for users to share passwords across websites, cybercriminals find it more lucrative to use a trusted credit card from a valid customer account than it is to attempt to re-use a stolen card that has a limited shelf life. This quarter saw the highest level of attacks on e-commerce with more than 60 million rejected transactions, representing a 90% increase over the previous year.”

Using known combinations targets those who reuse passwords on low and high security websites. While users have been warned against this practice for years, some reports still show that it is common practice. A 2013 report by UK communications watchdog OfCom showed that 55% of adults reuse the same passwords across sites. A similar 2015 study by TeleSign showed 73% of web accounts were protected by duplicated passwords.

Source:  https://thestack.com/security/2016/05/24/new-botnet-targets-password-recycling/

Anonymous Launches DDoS Attacks on Banks in “Op Icarus”

Headlines have been dominated this week by the Anonymous campaign of DDoS attacks against financial institutions all over the world. Named “Op Icarus” in honor of the character from Greek mythology, the campaign seeks to punish what Anonymous views as “corrupt” banks and individuals in the financial sector.

As we all know, distributed denial of service (DDoS) attacks can strike any industry or any organization at any time and without warning. Hacktivism like that carried out by Anonymous and their base of dedicated hackers often involves the use of DDoS attacks, since they provide quick results at low cost, and with minimal risk of compromising the identities of the perpetrators. What’s more, the service downtime they bring about can cause damage to the tune of six-figure sums, so it’s an ideal part of the toolkit for the hacktivist – a fact that is bolstered by people diversifying the techniques behind DDoS attacks.

Distributed denial of service attacks have been a threat to service availability for more than a decade. However, these DDoS attacks have become increasingly sophisticated and multi-vector in nature, overcoming traditional defense mechanisms or reactive countermeasures. These pointed attack campaigns continue to reinforce a growing need for DDoS attack mitigation solutions that can properly defeat attacks at the network edge, and ensure the accessibility required for the financial institutions to maintain business operations in the face of an attack.

While the impact on the individual targets of the DDoS attack campaign, “Op Icarus” is unclear; obstructing or eliminating the availability of email servers is significant. In an online world any type of service outage is barely tolerated, especially in the banking industry where transactions and communications are often time-sensitive, and account security is of utmost importance.

Until distributed denial of service attacks are effectively mitigated as a norm, we can expect hacker communities such as Anonymous to continue gaining notoriety as they bring services down, take websites offline and cause havoc on the internet in pursuit of their goals. 2016 has been a tough year for finance in regard to their cybersecurity, with the massive cyber heist of the Bangladesh Bank as well as the Qatar National Bank data leak having taken place already. It’s safe to say that banks across the globe need maximum security not only for their safes and vaults, but also for their networks. Regardless of the motivations for these attacks, financial firms must be proactive in their defenses.

Source:  https://www.corero.com/blog/725-anonymous-declares-ddos-attacks-on-financial-sector-in-op-icarus.html