About these ads

Archive

Posts Tagged ‘Apple’

15-31 May 2013 Cyber Attacks Timeline

And here we are with the second part of the Cyber Attacks Timeline for May (first part here).

The second half of the month has shown an unusual activity with several high-profile breaches motivated by Cyber-Crime or Hacktivism, but also with the disclosure of massive Cyber-Espionage operations.

The unwelcome prize for the “Breach of the Month” is for Yahoo! Japan, that suffered the possible compromising of 22 million users (but in general this was an hard month for the Far East considering that also Groupon Taiwan suffered an illegitimate attempt to access the data of its 4.1 million of customers).

On the cyber-espionage front, the leading role is for the Chinese cyber army, accused of compromising the secret plans of advanced weapons systems from the U.S. and the secret plans for the new headquarter of the Australian Security Intelligence Organization.

On the Hacktivism front, this month has been particularly troubled for the South African Police, whose web site has been hacked with the compromising of 16,000 individuals, including 15,700 whistle-bowlers.

Other noticeable events include the unauthorized access against the well known open source CMS Drupal (causing the reset of 1 million of passwords), the trail of hijacked Twitter accounts by the Syrian Electronic Army and also an unprecedented wave of attacks against targets belonging to Automotive.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

May 2013 Cyber Attacks Timeline Part II Read more…

About these ads
Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

16-28 February 2013 Cyber Attacks Timeline

It is time for the summary of the second half of February, two weeks of remarkable cyber attacks against high-tech giants, massive breaches and Twitter Account Hijackings.

Probably the most resounding events of this period (maybe more for the high profile of the victims than for the actual effects) are the two attacks, allegedly originating from China, (with a common root cause, the compromising of an iPhone developer forum) carried on against Apple and Microsoft.

But not only the two high-tech giants, other illustrious victims have fallen under the blows of hacktivists and cyber criminals. The list is quite long and includes Bank of America, American Express, Casio, ZenDesk, cPanel, Central Hudson Gas & Electric Corporation, etc.).

Last but not least, the unprecedented trail of Cyber attack against Twitter Profile belonging to single individuals (see Donald Trump) or Corporations (Burger King and Jeep). Maybe it is time to change the passwords…

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

A special thanks to Kim Guldberg AKA @bufferzone for continuously advising me about significant cyber events through the Submit Form! Much Appreciated!

16-28 February 2013 Cyber Attacks Timeline

Read more…

Microsoft Joins the Party of the Hacked Companies

February 23, 2013 Leave a comment

Microsoft BreachedWith a scant statement on its Microsoft Security Response Center blog, the giant of Redmond has admitted to have been targeted by the same Cyber Attack that also hit Facebook and Apple.

“Consistent with our security response practices”, the company chose not to make a detailed statement during the initial information gathering process. According to the few information available, a small number of computers, including several machine in the Mac business unit, were infected by malicious software using techniques similar to those documented by other organizations.

This suggests that the company was probably the victim of the exploit injected through the compromising of the iPhoneDevSDK Forum. Apparently there is no evidence of customer data being affected while the investigation is ongoing.

Only the last example of an endless trail of high-profile security breaches.

After Twitter and Facebook, Apple reveals to have suffered the same Cyber Attack

February 20, 2013 1 comment

The same sophisticated cyber attack that has targeted Facebook and Twitter has also targeted Apple, according to an exclusive revelation by Reuters. In this latest occurrence,  the attackers were able to infect several Mac computers belonging to some employees of Cupertino, exploiting the same 0-Day Java vulnerability used to carry on the attacks against the two well known social networks.

iphonedevsdk

Further details have emerged in the meantime: particularly noticeable is the fact that the attackers used the consolidated “watering hole” technique, compromising a well-known mobile developer forum (iphonedevsdk.com) accessed by the employees of Cupertino (and of many other high profile companies). This has raised the concern that maybe the attackers aimed to manipulate the code of smartphone apps to compromise a huge number of users. Currently the forums shows a banner inviting users to change their passwords.

Apple is working closely with the Federal Bureau of Investigation and has released an update to disable its Java SE 6. Although there is no clear evidence about the Chinese origin of the attack, unfortunately it comes out in the worst possible period: after the wave of attacks against U.S. Media, Mandiant, the firm that investigated the attack against the NYT, released a detailed report suggesting a link between the hacks against U.S. assets. and the Chinese Army.

Antisec Steals 12M Apple Device IDs from FBI (Exploiting a Java Vulnerability) UPDATED

September 4, 2012 Leave a comment

Update 4 Sep 23:38 GMT+2: The FBI issued a tweet denying that it ever had the 12 million Apple IDs in question:

Here the complete Statement from the FBI Press Office.

Original Post: Few hours ago, the @AnonymousIRC Twitter account has announced yet another resounding cyber attack carried on in name of the #Antisec movement:

In a special edition of their #FFF refrain (literally quoting the authors of the attack: “so special that’s even not on friday”), the Hacktivists claim to have obtained from FBI 12,000,000 Apple Devices UDIDs (UDID is the short form for Unique Device Identifier, the unique string of numbers that univocally identifies each iOS device), and have consequently published 1,000,001 of them in pastebin post.

In the same post they explain how they were able to obtain them:

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of “NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.

Did you notice the misplaced detail? Actually I could not help but notice that the UDIDs were obtained exploiting a Java vulnerability, the AtomicReferenceArray vulnerability (CVE-2012-0507). A detail is not so important in other circumstances, if it had not disclosed only few days after the controversies following the discovery of a potentially devastating 0-day for Java, and the subsequent issues deriving from the release of a vulnerable patch.

There could be no worse moment for this event to happen, and I am afraid it will contribute to add fuel to the raising concerns regarding Java security… Hard days for Java… And for the FBI

January 2012 Cyber Attacks Timeline (Part 1)

January 15, 2012 2 comments

Click here for part 2.

New year, new Cyber Attacks Timeline. Let us start our Information Security Travel in 2012 with the chart of the attacks occurred in the first fifteen days of January. This month has been characterized so far by the leak of Symantec Source Code and the strange story of alleged Cyber Espionage revolving around it. But this was not the only remarkable event: chronicles tell the endless Cyber-war between Israel and a Saudi Hacker (and more in general the Arab World), but also a revamped activity of the Anonymous against SOPA (with peak in Finland). The end of the month has also reserved several remarkable events (such as the breaches to T-Mobile and Zappos, the latter affecting potentially 24,000,000 of users). In general this has been a very active period. For 2012 this is only the beginning, and if a good beginning makes a good ending, there is little to be quiet…

Browse the chart and follows @paulsparrows to be updated on a biweekly basis. As usual after the jump you will find all the references. Feel free to report wrong/missing links or attacks.

Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Fake Leaked Memos And Closed BackDoors

January 15, 2012 Leave a comment

From an Information Security perspective this 2012 has begun with (too) many meaningful events, among which the most resounding so far, has been the alleged leak of portions of the source code belonging to several consumer and enterprise product by Symantec, a leading security vendor.

@YamaTough, a member of a hacking collective called “The Lords of Dharmaraja” (Dharmaraja is the Lord of Death and Justice in Hinduism) claimed paternity for an attack that, immediately after its execution, has unleashed a complicated story of Cyber Espionage full of twists and mysteries which has raised (and keeps on rising) many (un)resolved questions.

The Indian Mystery

Date

Event

Jan 5

@YamaTough, a member of an hacking group called, the Lords of Dharmaraja, leaks the source code of Symantec Endpoint Protection Enterprise Suite (SAVCE 10.2 and SEP11), approximately 5 years old. The source code was allegedly obtained from The hacking of Indian Military Servers.Symantec has admitted that “a segment of its source code used in two of our older enterprise products has been accessed”.

During the same operation the same hackers also leaked some other documents according to which:

  1. The Indian government has source code for Symantec’s AV software, albeit of 2006 vintage.
  2. The Indian government is strong arming cell phone manufacturers to provide back doors into their handsets (defined RINOA: RIM, Nokia and Apple).
  3. The Indian government is in possession of confidential internal communications from the US-China Economic and Security Review Commission (USCC).
  4. The Indian government is actively engaged in espionage efforts targeting not only the USCC, but potentially thousands of US government networks, ranging from those of federal agencies to systems used by state and municipal entities.

Jan 12

In any case, although the leaked source code is real, it looks like the Lords of Dharmaraja faked the government memo (in order to attract more attention) since some emails there contained (and purportedly obtained by the RINOA backdoors) were allegedly stolen from the Indian Embassy on Paris and appear to have already been leaked on pastebin in December by the same hacker @YamaTough. There are also several doubts on the fact that activities of the USCC could be of any interest to Indian intelligence.

Jan 13

As an announced trail of the controversial Cyber Espionage affair, @YamaTough releases the source code of Norton Utilities. The author claims the leak is in support of the lawsuit between Symantec and Jame Gross, a US resident who is taking the company to court for spreading scareware. The full Source Code of Norton Antivirus is announced for Tuesday, Jan the 17th.

Not only, according to the hackers, the source code has been found on a server belonging to India Military Intelligence, but also, together with the links to the Source Code, the hackers posted an Internal Memo of India Military Intelligence entitled “Tactical Network For Cellular Surveillance”, containing potentially explosive information. According to this controversial memo “in exchange for the Indian market presence” mobile device manufacturers, including RIM, Nokia, and Apple (collectively defined in the document as “RINOA”) have agreed to provide backdoor access on their devices. Moreover it looks like the a CYCADA Team used the backdoors for espionage actions against the  U.S.-China Economic and Security Review Commission (USCC) and potentially against thousands of US government networks, ranging from those of federal agencies to systems used by state and municipal entities.

Although the implicated manufacturers firmly denied any connection, at first glance the hypothesis of a backdoor on our mobile companions seemed possible, also because it came immediately after another controversial event concerning mobile privacy, the infamous Carrier IQ rootkit found on many mobile devices.

A giant case of Cyber Espionage? Not actually! It looks like the whole story is showing an unpredictable conclusion (?). In the last days evidences are emerging that the Lords Of Dharmaraja faked the memo, maybe in order to obtain a greater attention on their operations. Although, as previously stated, Symantec has recognized parts of the source code on the leaked data, there are too many inconsistencies and incorrect information inside the memo, and also several of the emails allegedly obtained by mean of the RINOA backdoor had already been posted on December after the original attack made by the collective at the Indian Embassy in Paris (where the memo was leaked). Moreover, the letterhead on the memo comes from a military intelligence unit not involved in surveillance.

The mistery deepens, but in the meantime the Lords Of Dharmaraja keep on posting Symantec Code: Saturday Jan 14 the alleged Source Code of the Norton Utilities was released, the next Tuesday Jan 17, will be the turn of the full Norton Antivirus Source Code.

Breaking: First Known Detection of Carrier IQ in Italy

December 12, 2011 2 comments

Update December 13: Carrier IQ issued an updated statement, new concerns for an endless saga…

I am proud to post here the first known detection in Italy of the infamous Carrier IQ software!

As you will probably know, everything started on Nov. 28, on the other side of the Atlantic, when Trevor Eckhart, an Android developer posted a video on YouTube showing the hidden software Carrier IQ interacting oddly with his mobile phone activity. Eckhart subsequently alleged his keystrokes and data were being collected without his permission.

Easily Predictable, speculation and accusations have immediately begun, concerning the kind of data collected by Carrier IQ and presumably transmitted to Wireless Mobile Operators: as a matter of fact subsequent investigations have shown that the Carrier IQ software is embedded on nearly every mobile phone and operator, at least in the U.S where concerns of consumer privacy led Massachusetts congressman Rep. Edward Markey to ask the Federal Trade Commission to investigate the company over concerns of consumer privacy.

But although many believed the software was logging keystrokes and collecting sensitive data, a subsequent more reasonable analysis carried on reversing the code, has shown a different scenario: the software “only” collects anonymized metrics data, although there are hooks inside the code to events such as keystrokes, possibly suggesting the implementation of this kind of functionality for future versions. Essentially the analysis confirmed the content of a statement by the company which attempted to clarify how information was being collected:

We measure and summarize performance of the device to assist Operators in delivering better service.
While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video. For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen.

Nevertheless, since the clarifications did not mitigate the fact that Carrier IQ is s a potential risk to user privacy, and users may not choose to to disable it, As a consequence a bunch of Class Actions lawsuits have been filed against the main handset manufacturers and carriers including, besides the obvious Carrier IQ, AT&T, Sprint Nextel, T-Mobile USA, HTC, Apple, Samsung, and Motorola Mobility.

Of course European regulators could not remain indifferent, and started immediately to  investigate Carrier IQ. Germany’s Bavarian State Authority for Data Protection was the first to contact Apple, which publicly declared to have included Carrier IQ in earlier version of iOS, with support ceased with iOS 5 and completely removed for previous versions in future software updates. The German Example has immediately been followed not only by other  regulators in the U.K., France, Ireland and Italy, but also from organizations like BEUC, the European Consumers’ Organisation that defend the users’ right to be told how their data is used.

I was wondering if Europe’s concerns were exaggerated (since so far the scandal seemed to be contained in the U.S.) until a friend of mine decided to test one of the available Carrier IQ detection tools on his Samsung Galaxy Tab, which was purchased from 3, an Italian Mobile Operator belonging to the H3G Giant.

Of course the results are shown above: the tool detected the Carrier IQ software in an inactive state. The bad thing is that, although apparently inactive, my friend told me he was not able to remove the software following the different procedures available on the web even if he did not spend so much time in its removal. So far I can only show the screenshot but he told me he will give me his device for a deep analaysis (with caution since it is his work device).

Thinking at this strange encounter, I admit I could not help but think to Samsung’s official statement concerning Carrier IQ (and reported by Engadget):

Some Samsung mobile phones do include Carrier IQ, but it’s very important to note that it’s up to the carrier to request that Samsung include that software on devices. One other important point is that Samsung does not receive any consumer user information from the phones that are equipped with Carrier IQ.

Since it is up to the carrier to request the software to be included on Samsung devices, I presume that 3 could have decided to install it on all the devices for the Italian Market. I tested the tool on My HTC Desire and Sensation XE (both belonging to Telecom Italia Mobile) with no result.

Francesco Pizzetti, Italy’s Protection of Personal Data Guarantor will have a lot to do… meanwhile he opened an investigation into how Carrier IQ works and is checking Italian mobile phones to verify where the software is in use.

Mobile devices are more and more becoming inseparable companions for our personal and professional life, and deadly enemies for our privacy…

First Security Breach In The App Store

November 8, 2011 Leave a comment

It looks like the Judgment Day for iOS has finally arrived. Until today the robustness of the AppStore has always been considered one of the strengths of the Apple Model: unlike the Android Market, which is constantly under attack for its weak security model that allowed too many malicious users to upload malicious applications, a strict control policy had prevented, at least so far, the same destiny for the mobile Apple Application.

Unfortunately Charlie Miller, an old acquaintance of the Apple Supporters, thought that winning three Pwn2Owns in the last four years (2008, 2009 and 2011) exploiting practically every Apple Vulnerability was not enough. So he decided consequently to attack Cupertino directly inside its AppStore security model.

The story begins early last year, after the release of iOS 4.3 when the researcher became suspicious of a possible flaw in the code signing of Apple’s mobile devices.

As stated in the original article by Forbes:

To increase the speed of the phone’s browser, Apple allowed javascript code from the Web to run on a much deeper level in the device’s memory than it had in previous versions of the operating system. In fact, the browser’s speed increase had forced Apple to create an exception for the browser to run unapproved code in a region of the device’s memory, which until then had been impossible. (Apple uses other security restrictions to prevent untrusted websites from using that exception to take control of the phone.)

The next step was to discover a bug that allowed to expand that code-running exception to any application, and that is exactly what he did, but still this was not enough.

After discovering the bug, he submitted an App to the App Store exploiting the vulnerability. The App was approved and behaved as expected (actually a behaviour to which the victims of Android malware are quite familiar): the app was able to phone home to a remote computer downloading new unapproved commands onto the device and executing them at will, including stealing the user’s photos, reading contacts, making the phone vibrate or play sounds, or otherwise repurposing normal iOS app functions for malicious ends.

This method will be presented at the SysCan Conference in Taiwan next week even if a video demonstrations of the exploit is already available.

Last but not least: as a reward for discovering the bug, Apple has decided to revoke to Miller the Developer’s License.

Probably Android users will be the happiest to learn that, as stated by Miller:

Android has been like the Wild West. And this bug basically reduces the security of iOS to that of Android.

At least for one thing (security), iOS and Android are identical.

Follow

Get every new post delivered to your Inbox.

Join 2,899 other followers