Archive
February 2012 Cyber Attacks Timeline (Part I)
February 2012 brings a new domain for my blog (it’s just a hackmaggedon) and confirms the trend of January with a constant and unprecedented increase in number and complexity of the events. Driven by the echo of the ACTA movement, the Anonymous have performed a massive wave of attacks, resuming the old habits of targeting Law Enforcement agencies. From this point of view, this month has registered several remarkable events among which the hacking of a conf call between the FBI and Scotland Yard and the takedown of the Homeland Security and the CIA Web sites.
The Hacktivism front has been very hot as well, with attacks in Europe and Syria (with the presidential e-mail hacked) and even against United Nations (once again) and NASDAQ Stock Exchange.
Scroll down the list and enjoy to discover the (too) many illustrious victims including Intel, Microsoft, Foxconn and Philips. After the jump you find all the references and do not forget to follow @paulsparrows for the latest updates. Also have a look to the Middle East Cyberwar Timeline, and the master indexes for 2011 and 2012 Cyber Attacks.
Addendum: of course it is impossible to keep count of the huge amount of sites attacked or defaced as an aftermath of the Anti ACTA movements. In any case I suggest you a couple of links that mat be really helpful:
- List of all vulnerable websites attacked by anonymous Part II (updated daily) (via cylaw.info)
- List of Websites Hacked, Defaced & Taken Down By Anonymous (via valuewalk.com)
December 2011 Cyber Attacks Timeline (Part II)
This infamous 2011 is nearly gone and here it is the last post for this year concerning the 2011 Cyber Attacks Timeline. As you will soon see from an infosec perspective this month has been characterized by two main events: the LulzXmas with its terrible Stratfor hack (whose effects are still ongoing with the recent release of 860,000 accounts), and an unprecented wave of breaches in China which led to the dump of nearly 88 million of users for a theoretical cost of nearly $19 million (yes the Sony brech is close). For the rest an endless cyberwar between India and Pakistan, some hactivism and (unfortunately) the usual amounts of “minor” breaches and defacement. After the page break you find all the references.
Last but not least… This post is my very personal way to wish you a happy new infosec year.
December 2011 Cyber Attacks Timeline (Part I)
As usual, here it is my compilation of December Cyber Attacks.
It looks like that Christmas approaching is not stopping hackers who targeted a growing number of organizations including several security firms (Kaspersky, Nod 32 and Bitdefender) even if in secondary domains and with “simple” defacements.
Cyber chronicles report of Gemnet, another Certification Authority Breached in Holland (is the 12th security incident targeting CAs in 2011) and several massive data breaches targeting Finland (the fifth this year, affecting 16,000 users), online gambling (UB.com affecting 3.5 million of users), Telco (Telstra, affecting 70,000 users), and gaming, after the well known attacks to Sony, Sega and Nintendo, with Square Enix, which suffered a huge attacks compromising 1,800,000 users (even if it looks like no personal data were affected).
Online Payment services were also targeted by Cybercrookers: a Visa East European processor has been hit by a security breach, but also four Romanian home made hackers have been arrested for a massive credit card fraud affecting 200 restaurants for a total of 80,000 customers who had their data stolen.
As usual, hacktivism was one of the main trends for this first half of the month, which started with a resounding hacking to a Web Server belonging to ACNUR (United Nations Refugees Agency) leaking more than 200 credentials including the one belonging to President Mr. Barack Obama.
But from a mere hactvism perspective, Elections in Russia have been the main trigger as they indirectly generated several cyber events: not only during the election day, in which three web sites (a watchdog and two independent news agencies) were taken down by DDoS attacks, but also in the immediately following days, when a botnet flooded Twitter with Pro Kremlin hashtags, and an independent forum was also taken down by a further DDoS attacks. A trail of events which set a very dangerous precent.
Besides the ACNUR Hack, the Anonymous were also in the spotlight (a quite common occurrence this year) with some sparse attacks targeting several governments including in particular Brazil, inside what is called #OpAmazonia.
Even if not confirmed, it looks like that Anonymous Finland might somehow be related to the above mentioned breach occurred in Finland.
Other interesting events occurred in the first two weeks of December: the 0-day vulnerability affecting Adobe products, immediately exploited by hackers to carry on tailored phishing campaigns and most of hall, a targeted attack to a contractor, Lockheed Martin, but also another occurrence of DNS Cache Poisoning targeting the Republic of Congo domains of Google, Microsoft, Samsung and others.
Last but not least, the controversial GPS Spoofing, which allegedly allowed Iran to capture a U.S. Drone, even the GPS Spoofing on its own does not completely solve the mistery of the capture.
Other victims of the month include Norwich Airport, Coca Cola, and another Law Enforcement Agency (clearusa.org), which is currently unaivalable.
As usual after the page break you find all the references.
November 2011 Cyber Attacks Timeline (Part II)
The second half of November has confirmed the trend seen in the previous report covering the first half of the month. The period under examination has confirmed a remarkable increase in Cyber Attacks from both a quality and quantity perspective.
Although the month has been characterized by many small attacks, several remarkable events have really made the difference.
Among the victims of the month, Finland deserves a special mention in this unenviable rank: the second half of the month has confirmed the emerging trend for this country, which suffered in this period two further breaches of huge amounts of personal data, for a global cumulative cost, computed on the whole month, around $25 million.
But Finland was not the only northern European country hit by cybercrookers (maybe the term cyberprofessionals would be more appropriate): Norwegian systems associated with the country’s oil, gas and energy sectors were hit with an APT based cyber attack resulting in a loss of sensitive information including documents, drawings, user names and passwords.
But once again the crown of the most remarkable breach of the month is placed upon the head of South Korea which suffered another huge data dump affecting users of the popular MMORPG “Maple Story” affecting theoretically 13 million of users, nearly the 27% of the Korean population, for an estimated cost of the breach close to $2.8 billion.
The list of affected countries this month includes also 243,089 Nigerian users, victims of the hack of Naijaloaded, a popular forum.
Microsoft has been another victim in this November, with a phishing scam targeting Xbox Live users. Details of the scam are not clear, although each single affected user in U.K. might have lost something between £100 and £200 for a total cost of the breach assimilable to “million of Pounds”.
November will make history for showing for the first time to information security professionals the dangers hidden inside the SCADA universe (and not related to Nuclear Reactors). The echo of Stuxnet and Duqu is still alive, but this month was the the turn of SCADA water pumps, that have suffered a couple of attacks (Springfield and South Houston), the first one allegedly originated from Russia and the second one from a “lonely ranger” who considered the answer from DHS concerning the first incident, too soft and not enough satisfactory. My sixth sense (and one half) tells me that we will need to get more and more used to attacks against SCADA driven facilities.
The Anonymous continued their operations against governments with a brand new occurrence of their Friday Releases, targeting a Special Agent of the CA Department and leaking something like 38,000 emails. Besides from other some sparse “small” operations, the other remarkable action performed by the Anonymous collective involved the hacking of an United Nations (old?) server, that caused personal data of some personnel to be released on the Internet.
November Special mentions are dedicated (for opposite reasons) to HP and AT&T. HP for the issue on their printers discovered by a group of Researchers of Columbia Univerity, which could allow a malicious user to remotely control (and burn) them. AT&T deserved the special mention for the attack, unsuccessful, against the 1% of its 100 million wireless accounts customer base.
In any case, counting also the “minor” attacks of the month, the chart shows a real emergency for data protection issues: schools, e-commerce sites, TVs, government sites, etc. are increasingly becoming targets. Administrators do not show the deserved attention to data protection and maybe also the users are loosing the real perception of how much important is the safeguard of their personal information and how serious the aftermaths of a compromise are.
As usual, references for each single cyber attack are reported below. Have a (nice?) read and most of alle share among your acquaintances the awareness that everyone is virtually at risk.
Related articles
- November 2011 Cyber Attacks Timeline (Part I) (paulsparrows.wordpress.com)
October 2011 Cyber Attacks Timeline (Part II)
Halloween has just gone and here it is Part II of the October 2011 Cyber Attacks Timeline covering the second half (15-31) of this month.
From an Information Security Perspective, the 10th month of 2011 has been characterized by Duqu, the brand new Advanced Persistent Threat dubbed “The Sun Of Stuxnet”, whose echo is far from being silent (a brand new 0-day vulnerability targeting Windows Kernel has just been discovered in the Malware Installer). Duqu affected the timeline in two circumstances: not only the malware was discovered, but also an Indian Provider called Web Werks had some servers seized from a Data Center in Mumbai because they were discovered to be involved in the C&C communication of the infected endpoints.
Other noticeable events of the month involved:
- The wave of alleged Cyber Attacks from China against Japan Parliament and Embassies and also against Canadian Finance and Treasury Board. These were not the only Cyber Events allegedly affecting China in October: even if occurred months before, news were reported that the attack against Mitsubishi Heavy Industries led to the theft of sensitive data, moreover other 760 organizations worldwide were attacked with the same methodology used for RSA Breach and originating from China as well.
- A new tide of Hacktivism by Anonyomous and Antisec, encouraged from the OccupyWallStreet Movement, including a dramatic face-to-face of Anonymous Mexico against Las Zetas one of the most powerful Mexican Drug Cartel.
A particular rank in this month is deserved by Israel and Sweden, the first reported a huge data breach (affecting 9,000,000 users) occurred in 2006, while the latter suffered a Black October with a data leak involving nearly 200,000 users of the social platform bloggtoppen.se including Politicians and Journalists. At this point is clear that the cold Sweden won the Prize for the “Hottest Breach of The Month”.
Also Facebook was targeted with an alleged dump of 10,000 accounts, nothing if compared with the 600,000 compromised logins per day that the social network admitted to suffer).
According to my very personal estimate (based on the indications from the Ponemon’s insitute) the cost of the breaches for this months (in all those cases where enough information was available) is around $500 million, excluding the massive data breach in Israel reported today but occurred in 2006.
As usual, this Timeline was compiled with Useful Resources by:
- Cyber War News
- DATALOSSdb
- Naked Security
- Office Of Inadequate Security (DataBreaches.net)
- Softpedia
- The Hacker News
- Threatpost
And my inclusion criteria do not take into consideration “simple” defacement attacks (unless they are particularly resounding) or small data leaks.
|
Date |
Author |
Description |
Organization |
Attack |
|
Oct 16 |
Fatal Error |
UNESCO E-Platform Domain
The E-Platform domain of one of the Biggest Organizations: United Nations Educational, Scientific and Cultural Organization (UNESCO) gets hacked and defaced by Fatal Error Crew hackers. |
|
Defacement |
|
Oct 17 |
|
10,000+ FaceBook accounts
A Hacking Crew From Nepal called TeamSwaStika hacks more than 10,000 facebook accounts. The hacking crew declares next target will be Nepal Government website and e-governance for Freedom. Estimated cost of the breach is $2,140,000. |
|
Account Hacking (Phishing?) |
|
Oct 17 |
? |
Sesame Street’s Youtube Channel
Sesame Street had its YouTube channel hacked on Sunday, and its highly popular child-friendly videos of muppets like Kermit the frog and the Big Bird replaced with hard core porn movies. |
|
Account Hacking |
|
Oct 17 |
? |
NHS Direct Twitter Account
NHS Direct, the UK helpline which provides expert health advice via the telephone and internet, has had its Twitter account taken over by spammers promoting an Acai Berry diet. |
|
Account Hacking |
|
Oct 18 |
TurkisH -RuleZ |
proXPN
proXPN, one of the famous VPN client based on OpenVPN Service, is hacked by TurkisH-RuleZ. |
|
Defacement |
|
Oct 19 |
? |
Gameloft
Gameloft, a Paris-based video game company that’s a leading mobile-game developer, acknowledges that a security breach has prompted it to pull the plug on one of its Web sites, the Order and Chaos online site. |
|
SQLi? |
|
Oct 19 |
? |
Duqu
In a blog post, Symantec explains it came across the first samples of a new malware infecting some computer systems in Europe that appears to be very similar to Stuxnet. More analysis shows the malware is a “simple” keylogger using the same Stuxnet Technology |
N/A |
APT |
|
Oct 19 |
? |
A FAQ on the official forum of the Lord Of The Rings Community On Line reveals that the site was breached although no financial data has been obtained by the attackers. |
 |
SQLi? |
|
Oct 20 |
? |
Phishing The Phisher
Finally someone decides to give a lesson to a phisherm by hacking the phishing website with a message educating the potential victims. |
|
Phishing |
|
Oct 21 |
|
Vikram Pandit (Citigroup CEO)
Mobile phone number and home address of Vikram Pandit, CEO of Citigroup, have been placed on the web by hacking group CabinCr3w in retaliation for the cuffing of protesters at an Occupy Wall Street demo. In their online statement the hackers say that they had accessed the data – which also included family information and some financial figures – and uploaded it online in response to events during the recent anti-bank protests on Wall Street. |
|
N/A |
|
Oct 21 |
|
Law Enforcement Agencies
Anonymous and Antisec broke their apparent October silence and renewed the tradition of the Friday Dumps against law enforcement agencies releasing a 600MB data dump of confidential data belonging to Law enforcement agencies. A couple of days later an AntiSec hacker tells police in a phone call that boredom drove him to hack their website. |
|
Defacement |
|
Oct 22 |
|
40 Child Porn Websites
As part as what they call #OpDarknet, Anonymous takes down more than 40 darknet-based child porn websites over the last week. They also leak personal details of 1500 users. Detalils on “AnonMessage” and “BecomeAnonymous” YouTube channels. |
40 child Porn Websites |
SQLi DDoS |
|
Oct 23 |
? |
Microsoft’s Official YouTube Channel
Hackers take control of Microsoft’s official YouTube Channel (24,000+ subscribers), remove the company’s videos and replace them with videos of their own. Neither Microsoft nor Google (which owns YouTube) have disclosed information on how the security breach was perpetrated. |
|
N/A |
|
Oct 23 |
|
One Hit Play
@DiabloElite dumps 1008 accounts from onehitplay.com, with no other reason beside to show the need of a stronger security. All the accounts have been stored as plain text. Estimated cost of the breach is around $214,000. |
|
SQLi? |
|
Oct 23 |
|
Xbox A new hackers’ crew @DestructiveSec dumps some Xbox Live accounts. |
|
SQLi? |
| Oct 24 |
? |
cheaptickets.nl
The database of CheapTickets.nl (containing 715,000 customers) is leaked. Stolen information include 1,200,000 tickets and 80,000 passport numbers. Total cost of the breach might exceed $153 million. |
|
SQLi? |
|
Oct 24 |
Intra Web Security Exploit Team |
LG Australia Web Site
One of the Australian websites belonging to global electronics giant LG (lge.com.au) is hacked by a collective calling itself the Intra Web Security Exploit Team. The attackers replaced the site with some lightly-obfuscated JavaScript pretending to be conducting an injection attack. |
|
Defacement, Simulated SQli |
|
Oct 24 |
Malicious Employee |
Israely Ministry of Labor and Social Welfare
Employee with access to the Population Registry has been discovered to steal the details of over 9 million residents and then passed them to someone else. Estimated cost of the breach is nearly $2 billion. |
|
Malicious Access |
|
Oct 24 |
|
760 Organizations Worldwide
Brian Kerbs publishes in his blog a list of companies whose networks were shown to have been connecting to the same control infrastructure that was used in the attack on RSA. The first victims appear to have begun communicating with the attacker’s control networks as early as November 2010. According to the list 760 other organizations had networks compromised with some of the same resources used to hit RSA and almost 20 percent of the current Fortune 100 companies are on this list. |
760 Organizations Worldwide |
APT |
|
Oct 25 |
? |
bloggtoppen.se
The usernames and passwords of around 90,000 accounts at Bloggtoppen.se have been made public after a hacker attack against the website. Several journalists and politicians are among the bloggers whose log-in details have been published. On Oct 26, the Aftonbladet newspaper reported that a further 57 other websites had also been hacked, and the login details of up to 200,000 people are at risk. Estimated cost of the breach is around $42 million. |
|
SQLi? |
|
Oct 25 |
Chinese Hacker? |
Japanese Parliament
According to local media reports, hackers were able to snoop upon emails and steal passwords from computers belonging to lawmakers at the Japanese parliament for over a month. PCs and servers were infected after a Trojan horse was emailed to a a Lower House member in July. The Trojan horse then downloaded malware from a server based in China – allowing remote hackers to secretly spy on email communications and steal usernames and passwords from lawmakers. |
|
APT |
|
Oct 25 |
|
Mitsubishi Heavy Industries
Mitsubishi Heavy Industries, a high-tech military contractor, which suffered an attack from hackers earlier this year, is reported to have lost sensitive data related to defence equipment including fighter jet planes and nuclear power plant plans, according to The Ashai Shimbun. Once again suspects are directed to China. |
|
APT |
|
Oct 25 |
Inside Error |
United States Department Of Education
Highly sensitive information (including SSN) belonging to around 5,000 students was exposed after a computer error causing a federal government student loan website to reveal the data: a glitch in the website allowed students who were logged in to freely view the data of other scholars. Fortunately, the site was compromised only for 7 minutes at most, but it is possible that some users were able to steal sensitive information. Estimated cost of the breach is around $ 1 million. |
|
Inside Error |
|
Oct 26 |
? |
awurval.se
314 job seekers’ e-mail addresses and clear-text passwords acquired and dumped. Estimated Cost of the breach is around $67,000. |
|
SQLi? |
|
Oct 26 |
? |
Mobile Tele Systems
MTS is a primary Mobile Operator in Russia with more than 70 million subscribers. Personal data of 1.6 million mobile phone users appeared online in the second such leak in three months. The database, posted on Zhiltsy.net, included the full names and phone numbers of MTS subscribers in St. Petersburg and Bashkortostan, as well as residential addresses and passport data for some of them. According to MTS the database goes back to 2006 and most numbers are no longer valid. Estimated cost of the breach could potentially achieve $300 million. |
|
N/A |
|
Oct 26 |
nationmultimedia.com
@_V4ND dumps what they say is a teaser of accounts obtained from nationmultimedia.com in what appears to be another havij or similar SQLi vun tool based attack. The leak contains user emails and passwords in clear text. |
|
SQLi |
|
|
Oct 26 |
Robert Delgado |
Massive Identity Theft
Robert Delgado, a 40 years old California man, was sentenced to eight years in prison for identity theft after federal police GPS-tracked his phone and discovered a hard drive with over 300,000 victim profiles during a raid of his home. Estimated Cost of the thiet (not including purchases made with stolen data) is around $65 million. |
300,000 frauded users |
Bank Fraud |
|
Oct 26 |
Pakistani Hacker |
Bharat Sanchar Nigam Limited (BSNL)
Another occurrence of the Cyberwar between Pakistan and India: A Pakistani hacker “KhantastiC haX0r” hacks into the official website of India’s leading telecom Company Bharat Sanchar Nigam Limited (BSNL). |
|
Defacement |
|
Oct 27 |
|
Law Enforcement Authorities
@_f0rsaken a member of @TeaMp0isoN publishes a list of websites utilized by law enforcement authorities that are supposed to be vulnerable to MSAccess SQL injection attacks. A number of six sites that are listed are supposedly utilized by the police for their updates, the cybercriminals urging Occupy Wall Street supporters to take them down. |
Law Enforcement Authorities |
MSAccess SQLi |
|
Oct 27 |
|
Oakland Police Department Web Site
Cyber activists associated with Anonymous target the Oakland Police Department (OPD) and other law enforcement agencies that participated in a controversial crackdown against OccupyOakland protestors with a DDoS (distributed denial-of-service) attack against the department’s website. Moreover According to TG Daily, the infamous collective is offered a $1,000 reward for anyone who can provide information on an officer that allegedly injured a war veteran that was taking part in the protest. |
|
DDoS |
|
Oct 27 |
? |
Clarinda Bank Iowa
In a letter dated Tuesday, Oct. 25, bank vice president Jon Baier notifies specific customers of a data breach. The letter states the bank was not provided details of the security compromise, but to protect the impacted debit card accounts, replacement cards with new numbers were ordered. The number of affected users is unknown. |
|
N/A |
|
Oct 27 |
|
Japanese Embassies
There are new reports that dozens of diplomatic computers Japanese embassies abroad were infected with malware this Summer. The news comes on the heels of recent news about malicious software attacks on Japanese defense contractors and the Japanese Parliament. A report in a local Japanese publication, The Daily Yomiuri, places the infected diplomatic computers in Canada, China, France, Myanmar, the Netherlands, South Korea, and the United States. Again China is suspected since a China Link is found on the malware. |
|
APT |
|
Oct 27 |
|
U.S. Government Satellites
Bloomberg reports that Computer hackers, possibly from the Chinese military, interfered with two U.S. government satellites four times in 2007 and 2008 through a ground station in Norway, according to a congressional commission. |
|
N/A |
|
Oct 28 |
|
Canadian Finance and Treasury Board
Ottawa Citizen reveals that, in Jan 2011, the Canadian Finance and Treasury Board’s networks were targeted by hackers in an attempt to steal sensitive information about the potash industry even though Finance and Treasury Board representatives denies it. It looks that the hackers were actually foreign, the first clues indicating that the attack originated from China. |
|
APT |
|
Oct 28 |
PayFail |
PayPal Executives’ Contact Information
In what looks to be the first of a number of “name and shame” postings, an individual or individuals posting as “PAYFAIL” upload some personal information on dozens of former and current PayPal executives. The dumped data do not seem to be particularly sensivite, nevertheless, although deleted three times so far, the original statement keeps on appearing on pastebin. |
|
N/A |
|
Oct 28 |
? |
Again on Duqu
Two workers at an Indian web-hosting company called Web Werks tell Reuters that last week officials from India’s Department of Information Technology seized several hard drives and other components from a server hosted on a Mumbai Data Center, that security firm Symantec Corp indicated as communicating with computers infected with Duqu. |
|
APT |
|
Oct 29 |
|
El Paso County Community College
@DestructiveSec hacks the El Paso Country Community College, defacing the web site and dumps some data. |
|
SQLi? |
|
Oct 29 |
|
Las Zetas (Mexican Drug Cartel)
Anonymous Mexico faces one of the most dangerous criminal organizations in the World, the Las Zetas Mexican Drug Cartel. In a video they warn the Cartel to release one of their members kidnapped during a street protest, otherwise the hacker group will disclose (or dox) the identities of members of the cartel including corrupted politicians and policeman. Another example of an hacking action with huge real aftermaths in terms of possible deadly retaliations. |
Mexican Droug Cartel |
SQLi? |
|
Oct 29 |
|
Dominican Republic Police
As part of their Spanish Solidarity Saturday Anonymous release a pastebin document containing a list of finds and vulnerabilities on the Dominican Republic Police system and some other sites too. They also left a website defaced. |
|
Several Vulns, Defacement |
|
Oct 31 |
3xp1r3 cyber army |
hi5ads.com
A hacker group going by the name of 3xp1r3 cyber army dumps two separate pastes with respectively 5,065 and 3,149 account details to www.hi5ads.com. The leaks contain emails and plain text passwords. Estimated cost of the breach is around $680,000. |
|
SQLi |
|
Oct 31 |
3xp1r3 cyber army |
Bangla TV
The Same group hacks Bangla TV and releases 1,517 usernames and clear-text password. Estimated cost of the breach is around $320,000. |
|
SQLi |
|
Oct 31 |
ScreamDevz |
Penguin Elite
A group or individual dubbed ScreamDevz hacks Club Penguin Elite Database and dumps nearly 400 usernames, emails and MD5 hashed passwords. Estimated cost of the breach is around $80,000. |
|
SQLi |
|
Oct 31 |
|
Chinese Government Web Site
@TehMaskz, a member of @ChaoticSec defaces a web site belonging to Chinese Government (at the time of writing http://www.wfaic.gov.cn/index.html is still defaced). In the same circumstance other 9 sites all over the World are defaced. |
|
Defacement |
|
Oct 31 |
|
One Hit Play
@ChaoticSec hacks One Hit Play (once again) and releases more than 1000 User information, including emails, passwords, and usernames. Estimated cost of the breach is around $214,000. |
|
SQLi |
|
Oct 31 |
|
comitet.ru
@DeleteSec attacks comitet.ru and dumps more than 2000 records with email and passwords. Estimated cost of the breach is around $420,000 |
|
SQLi |
| Oct 31 |
|
plusline.org
@DeleteSec attacks plusline.org and dumps more than 1000 records with email and passwords. Nearly in contemporary the same group dumps 700+ accounts from several sites. Estimated cost of the breach is around $420,000. |
|
SQLi |
|
Oct 31 |
Mr. DarkCoderz |
Adult Site
Another occurrence of hackers dumping data from adult sites. Estimated cost of the breach is around $43,000. |
Adult Site |
SQLi? |
Related articles
- October 2011 Cyber Attacks Timeline (Part I) (paulsparrows.wordpress.com)
- Just For Reference… (paulsparrows.wordpress.com)
XML Encryption Cracked!
We have not completely assimilated the BEAST vulnerability, and here it comes, from Bochum, Germany, another serious flaw involving Encryption, or better, involving XML Encryption.
XML Encryption, is a W3C standard widely used to securely transmit information inside Application-to-Application Web services connections. It was believed to be a robust standard mechanism to protect data exchange between a wide class of applications using web services and deployed in different sectors, for instance business, e-commerce, financial, healthcare, governmental and military applications. For the generic user a typical scenario involves, for example, credit card information encryption for a payment within an XML-based purchase order.
Unfortunately it lools like the mechanism is not so robust as it was supposed to be, and the discovery comes from Juraj Somorovsky and Tibor Jager, two Researchers at the Ruhr University of Bochum (RUB) who were successful in cracking parts of the XML encryption process used in web services, thus making it possible to decrypt encrypted data. They demonstrated their work at the ACM Conference on Computer and Communications Security in Chicago this week.
As far as the attack technique is concerned, once again CBC (Cipher-Block Chaining) is indicted since the new discovered vulnerability, as in case of the BEAST attack, is exploitable only in this encryption mode.
The attack strategy seems very similar to the one behind the BEAST Attack and allows to decrypt data, encrypted in AES-CBC, by sending modified ciphertexts to the server, and gathering information from the received error messages using the cryptographic weakness of the CBC mode, in particular the fact that, by conveniently manipulating the IV, ciphertexts encrypted in CBC mode can be modified so that the resulting ciphertext is related to the original ciphertext in a certain way (see the description of the BEAST attack for an example).
So, by choosing a given ciphertext, the attacker is able to recover the entire plaintext and the only prerequisite requires the availability of what the researchers define an “oracle”, that is a pattern telling the attacker if a given ciphertext contains a “correctly formed” plaintext that is a valid encoding (e.g. in UTF-8 or ASCII) of a message. Even worse XML signature is not able to mitigate the attack.
In their paper the authors showed that a moderately optimized implementation of the attack was able to decrypt 160 bytes of encrypted data within 10 seconds by issuing 2,137 queries to the Web Service, morever the complexity of the attack grows only linearly with the ciphertext size, thus allowing to recover a larger plaintext of 1,600 bytes takes about 100 seconds and 23,000 queries.
The proof of concept has been performed on a Web Service based on the Apache Axis2 XML framework and verified on JBoss, but many other vendors are affected, that is the reason why the two researchers announced the vulnerability to the W3C XML Encryption Working Group in February 2011. Vendors affected include the above mentioned Apache Software Foundation (Apache Axis2), RedHat Linux (JBoss), but also IBM and Microsoft.
Unfortunately fixing the flaw will not be that easy, the only suitable way is to replace CBC mode by using a symmetric cryptographic primitive providing confidentiality and integrity, this means to change the XML Encryption standard!
The 2011
Related articles
- Researchers crack W3C encryption standard for XML (arstechnica.com)
- XML Encryption Broken, Need To Fix W3C Standard (it.slashdot.org)
- The Beauty (RC4) and The BEAST (TLS) (paulsparrows.wordpress.com)
Advanced Persistent Threats and Security Information Management
Advanced Persistent Threats are probably the most remarkable events for Information Security in 2011 since they are redefining the infosec landscape from both technology and market perspective.
I consider the recent shopping in the SIEM arena made by IBM and McAfee a sign of the times and a demonstration of this trend. This is not a coincidence: as a matter of fact the only way to stop an APT before it reaches its goal (the Organization data), is an accurate analysis and correlation of data collected by security devices. An APT attack deploys different stages with different tactics, different techniques and different timeframes, which moreover affect different portion of the infrastructure. As a consequence an holistic view and an holistic information management are needed in order to correlate pieces of information spread in different pieces of the networks and collected by different, somewhat heterogeneous and apparently unrelated, security devices.
Consider for instance the typical cycle of an attack carried on by an APT:
Of course the picture does not take into consideration the user, which is the greatest vulnerability (but unfortunately an user does not generate logs except in a verbal format not so easy to analyze for a SIEM). Moreover the model should be multiplied for the numbers of victims since it is “unlikely” that such a similar attack could be performed on a single user at a time.
At the end, however, it is clear that an APT affects different components of the information security infrastructure at different times with different threat vectors:
- Usually stage 1 of an APT attack involves a spear phishing E-mail containing appealing subject and argument, and a malicious payload in form of an attachment or a link. In both cases the Email AV or Antispam are impacted in the ingress stream (and should be supposed to detect the attack, am I naive if I suggest that a DNS lookup could have avoided attacks like this?). The impacted security device produce some logs (even if they are not straightforward to detect if the malicious E-mail has not been detected as a possible threat or also has been detected with a low confidence threshold). In this stage of the attack the time interval between the receipt of the e-mail and its reading can take from few minutes up to several hours.
- The following stage involves user interaction. Unfortunately there is no human firewall so far (it is something we are working on) but user education (a very rare gift). As a consequence the victim is lured to follow the malicious link or click on the malicious attachment. In the first scenario the user is directed to a compromised (or crafted) web site where he downloads and installs a malware (or also insert some credentials which are used to steal his identity for instance for a remote access login). In the second scenario the user clicks on the attached file that exploits a 0-day vulnerability to install a Remote Administration Tool. The interval between reading the malicious email and installing the RAT takes likely several seconds. In any case Endpoint Security Tools may help to avoid surfing to malicious site or, if leveraging behavioral analysis, to detect anomalous pattern from an application (a 0-day is always a 0-day and often they are released after making reasonably sure not to be detected by traditional AV). Hopefully In both cases some suspicious logs are generated by the endpoint.
- RAT Control is the following stage: after installation the malware uses the HTTP protocol to fetch commands from a remote C&C Server. Of course the malicious traffic is forged so that it may be hidden inside legitimate traffic. In any case the traffic pass through Firewalls and NIDS at the perimeter (matching allowed rules on the traffic). In this case both kind of devices should be supposed to produce related logs;
- Once in full control of the Attacker, the compromised machine is used as a hop for the attacker to reach other hosts (now he is inside) or also to sweep the internal network looking for the target data. In this case a NIDS/anomaly detector should be able to detect the attack, monitoring, for instance, the number of attempted authentications or wrong logins: that is the way in which Lockheed Martin prevented an attack perpetrated by mean of compromised RSA seeds, and also, during the infamous breach, RSA detected the attack using a technology of anomaly detection Netwitness, acquired by EMC, its parent company immediately after the event.
At this point should be clear that this lethal blend of threats is pushing the security firms to redefine their product strategies, since they face the double crucial challenge to dramatically improve not only their 0-day detection ability, but also to dramatically improve the capability to manage and correlate the data collected from their security solutions.
As far as 0-day detection ability is concerned, next-gen technologies will include processor assisted endpoint security or also a new class of network devices such as DNS Firewalls (thanks to @nientenomi for reporting the article).
As far data management and correlation are concerned, yes of course a SIEM is beautiful concept… until one needs to face the issue of correlation, which definitively mean that often SIEM projects become useless because of correlation patterns, which are too complex and not straightforward. This is the reason why the leading vendors are rushing to include an integrated SIEM technology in their product portfolio in order to provide an out-of-the-box correlation engine optimized for their products. The price to pay will probably be a segmentation and verticalization of SIEM Market in which lead vendors will have their own solution (not so optimized for competitor technologies) at the expense of generalist SIEM vendors.
On the other hand APT are alive and kicking, keep on targeting US Defense contractors (Raytheon is the latest) and are also learning to fly though the clouds. Moreover they are also well hidden considered that, according to the Security Intelligence Report Volume 11 issued by Microsoft, less than one per cent of exploits in the first half of 2011 were against zero-day vulnerabilities. The 1% makes the difference! And it is a big difference!
Related articles
- Information, The Next Battlefield (paulsparrows.wordpress.com)
September 2011 Cyber Attacks Timeline (Part I)
So here it is, also for this month, the first part of My Cyber Attacks Timeline covering the first half of September.
Apparently It looks like the wave of the Anonymous attacks that characterized August has stopped. Even if several isolated episodes occurred, their impact was slightly lower than the previous months.
Probably the most important security incident for this month was the Diginotar Hack, not only because the Dutch Certification Authority has been banned forever by the main browsers and OSes but also because all the authentication model based on CAs is under discussion. Moreover once again a cyber attack has been used as a mean of repression. This incident is a turnkey point for information security but in my opinion also the DNS hacks by Anonymous Sri Lanka and Turkguvenligi are noticeable since they reinforce the need for a quick adoption of DNSSEC.
For the first time not even the Linux Operating System (an open world) was immune from hackers: both the Linux Kernel and the Linux Foundation Web Sites were hacked during this month, two episodes that Penguin Lovers will remember for a long time.
Easily predictable an attack recalling 9/11 carried on against the Twitter Account of NBC News was also reported.
Other noticeable events: three huge data breaches were reported, four attacks with political motivations targeting India, Nigeria, Colombia, and the Russia Embassy in London were perpetrated and another security vendor (Panda Security) was indirectly targeted.
The remainder of the month was characterized by many smaller attacks (mostly defacements and data leaks) and an actress (Scarlett Johansson) was also victim of data leaks.
Useful Resources for compiling the table include:
- Cyber War News
- CNET Hackers Chart
- DATALOSSdb
- Naked Security
- Office Of Inadequate Security (DataBreaches.net)
- The Hacker News
And my inclusion criteria do not take into consideration simple defacement attacks (unless they are particularly resounding) or small data leaks.
| Date | Author | Description | Organization | Attack |
| Sep 1 |
? |
The site of Kernel.org suffered a security breach leading which caused the server to be rooted and 448 credential compromised. Although it is believed that the initial infection started on August the 12th, it was not detected for another 12 days. |
 |
rootkit (Phalanx) |
| Sep 1 |  |
Apple, Symantec, Facebook, Microsoft, etc.
The Sri Lankan branch of Anonymous claims to have hacked into the DNS servers of Symantec, Apple, Facebook, Microsoft, and several other large organizations over the past few days, posting the news and records of its exploits on Pastebin. |
 |
DNS Cache Snoop Poisoning |
| Sep 1 | ? |
Birdville Independent School District
Two students hack into their school district’s server and accessed a file with 14,500 student names, ID numbers, and social security numbers. Estimated cost of the breach is around $3,000,000. |
 |
? |
| Sep 2 |  |
Texas Police Chiefs Association As usual happens on Fridady, Texas Police Chiefs Association Website is hacked by Anonymous for Antisec Operation. Hacker defaced their website and posted 3GB of data in retaliation for the arrests of dozens of alleged Anonymous suspects. According to Hackers the site has been owned for nearly one month. |
 |
SQLi? |
| Sep 2 |  |
EA Game Battlefield Heroes One of the most famous games over the world Battlefield Heroes developed by EA Games is hacked by a hacker named “Why So Serious?” who leaks the User Login passwords on pastebin |
 |
SQLi? |
| Sep 2 | |
vBTEAM Underground Vbteam.info, the underground vBulletin Hacking website is hacked by “Why So Serious?“, who leaks 1400+ accounts of the Vbteam.info forum in pastebin. |
 |
SQLi? |
| Sep 3 | Nomcat |
Indian Government
An Indian Hacker named “nomcat” claims to have been able to hack into the Indian Prime Ministers Office Computers and install a Remote Administration Tool) in them. He also Exposes the Vulnerability in Income Tax website and Database Information. |
 |
SQLi? |
| Sep 4 |
|
Popular Websites: : Daily Telegraph, The Register, UPS, Vodafone Popular websites including The Register, The Daily Telegraph, UPS, and others fall victim to a DNS hack that has resulted in visitors being redirected to third-party webpages. The authors of the hack, a Turkish group called Turkguvenligi, are not new to similar actions and leave a message declaring this day as World Hackers’ Day. |
 |
DNS Hijacking |
| Sep 5 | |
Mobile App Network Forum Mobile APP Network Forum is Hacked by “Why So Serious?”. He leaks over 15.000 accounts of the community (Forum) on Pastebin in two parts (Part 1 and Part 2). |
 |
SQLi? |
| Sep 5 |  |
European Union Institute For Energy and Transport One of the Sub domain of European Union (Institute for Energy) is hacked and Defaced by Inj3ct0r. Hackers deface the web page, release some internal details and leave a message against Violence in Lybia and Russian influence in Ukraine. |
 |
Defacement |
| Sep 5 | Cocain Team Hackers | United Nations Sub Domain of Swaziland United Nations Sub-Domain of Swaziland is hacked and defaced by Cocain Team Hackers. |
 |
Defacement |
| Sep 5 | |
Uronimo Mobile Platform The Uronimo Mobile platform is hacked by Team Inj3ct0r. They leak the web site database and release on Pastebin internal data including Username, Hash Password, emails and Phone Numbers of 1000 users. Estimated Cost of the Breach is $214,000. |
 |
SQLi? |
| Sep 6 | Comodo Hacker |
Diginotar
The real extent of the Diginotar breach becomes clear: 531 bogus certificates issued including Google, CIA, Mossad, Tor. Meanwhile in a pastebin message Comodo Hacker states he own four more CAs, among which GlobalSign which precautionally suspends issuance of certificates. |
 |
Several Vulnerabilities |
| Sep 7 | ? |
Beaumont Independent School District
The superintendent of schools for Beaumont Independent School District announces that letters are being mailed to parents of nearly 15,000 of its 19,848 students to inform them of a potential breach of data that occurred recently. Inadvertently, private information including the name, date of birth, gender, social security number, grade and scores on the Texas Assessment of Knowledge and Skills (TAKS) exam of students who were in the third through 11th grades during the 2009-2010 school year–were potentially exposed. Estimated cost of the breach is $3,210,000. |
 |
Human Mistake |
| Sep 7 | ? |
Stanford Hospital, Palo Alto, Calif.
A medical privacy breach leads to the public posting on a commercial Web site of data for 20,000 emergency room patients at Stanford Hospital in Palo Alto, Calif., including names and diagnosis codes. The information stayed online for nearly a year from one of its vendors, a billing contractor identified as Multi-Specialty Collection Services, to a Web site called Student of Fortune, which allows students to solicit paid assistance with their schoolwork. Estimated Cost of The Breach is $4,280,000. |
 |
Human Mistake |
| Sep 9 | Comodo Hacker |
GlobalSign
After suspending issuing certificates, GlobalSign finds evidence of a breach to the web server hosting the www website. The breached web server has always been isolated from all other infrastructure and is used only to serve the http://www.globalsign.com website. |
 |
? |
| Sep 9 |
Comodo Hacker |
Google
As consequence of the infamous Diginotar Breach Google advises its users in Iran to change their Gmail passwords, and check that their Google accounts have not been compromised. Google also indicates that it is directly contacting users in Iran who may have been hit by a man-in-the-middle attack. |
 |
Man In The Middle |
| Sep 9 |  |
NBC News
The NBC News Twitter account is hacked and starts to tweet false reports of a plane attack on ground zero. The account is suspended and restored after few minutes. |
 |
Trojan Keylogger via Email |
| Sep 9 | ? |
Samsung Card
Data of up to 800,000 Samsung Card clients may have been compromised after an employee allegedly extracted their personal information. The Breach was discovered on Aug. 25 and reported to police on Aug. 30. It is not clear what kind of information has been leaked, maybe the first two digits of residence numbers, the names, companies and mobile phone numbers were exposed. Estimated cost of the breach is $171,200.000. |
 |
Unauthorized Access |
| Sep 10 | ? |
BuyVIP (Amazon Owned)
Although not officially confirmed, BuyVIP users received an e-mail informing that their database had been hacked. Apparently, the website had been offline for a couple days and it looks like that not only names and email addresses were retrieved, but also birth dates, real shipping addresses as well as phone numbers. |
 |
SQLi |
| Sep 11 | ? |
Linux Foundation Few weeks after the kernel.org Linux archive site suffered a hacker attack, the Linux Foundation has pulled its websites from the web to clean up from a security breach. A notice posted on the Linux Foundation said the entire infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011. |
 |
SQLi? |
| Sep 11 | |
AryansBook.com Anonymous leaks the complete database from a well known nazi website AryansBook.com and posts the content on The Pirate Bay. This is a fight towards racism of any kind. |
AryansBook |
SQLi? |
| Sep 12 | ? |
Bitconitalk Forum An unknown hacker uses a zero day flaw to steal email addresses, hashed passwords and read personal messages from the bitcointalk.org forum. Forum administrators said the attacker gained root access on 3 September and was able to run arbitrary PHP code not detected until the attacker injected “annoying JavaScript” into the forum pages a week later: the Javascript splashed actor Bill Cosby across the forums and replaced all references to BitCoin with CosbyCoin. |
 |
0-day exploit in SMF |
| Sep 12 | ? |
Nigerian Government Website Nigerian Government Website is hacked and defaced by Brazilian Hackers that leave a message in the main page. |
 |
Defacement |
| Sep 12 | ? |
Vacationland Vendors
A hacker gains unauthorized access to the card processing systems at Wilderness Waterpark Resort and improperly acquires 40,000 credit card and debit card information. Estimated Cost of the Breach is $8,560,000. |
 |
N/A |
| Sep 12 | X-Nerd | Panda Security
Another Security Company Hacked: a hacker going by the name of X-Nerd hacks and defaces the Pakistan Server of a very well known security software website: Panda Security. |
 |
SQLi? |
| Sep 12 | ? |
Russian UK Embassy Just before Prime Minister David Cameron’s first visit to Moscow, the website belonging to the Embassy Of The Russian Federation in London was taken down by hackers. It seems as the attack was launched in sign of protest to the upcoming visit after a 5-year break in which no British leader went to Moscow. |
 |
DDoS |
| Sep 13 | Cyb3rSec |
thetvdb.com Cyb3rSec dumps a list of 3500+ Accounts from the forum thetvdb.com. |
 |
SQLi? |
| Sep 13 |  |
top100arena.com Albanian hackers belonging to Albanian Cyber Army exploit one of the biggest Game Arena site “Top100″ database using SQL injection attack. They leak the database on mediafire. |
 |
SQLi |
| Sep 14 |  |
President of Bolivia (presidencia.gob.bo) SwichSmoke crew hacks the site belonging to President of Bolivia and dumps the leaked data on pastebin. |
 |
Various Exploits |
| Sep 14 | ? |
uTorrent.com
The uTorrent.com |
 |
SQLi |
| Sep 14 | ? |
Bright House Networks Bright House Networks, the sixth largest owner and operator of cable systems in the U.S., has sent a letter to customers warning that they may have been exposed after servers used to process Video on Demand (VOD) were breached. |
 |
? |
| Sep 14 | ? |
Scarlett Johansson
Also an actress may be victim of hackers: The FBI investigate reports that nude photos of a famous celebrity (allegedely Scarlett Johansson) have been leaked onto the web. The day before Twitter was flooded with messages claiming to link to naked pictures of her, which were allegedly stolen from her iPhone by a hacker earlier this year. |
 |
? |
| Sep 15 | Stohanko |
Various Sites More than 101 sites, with huge amount of data and personal information which ranges from emails, phone numbers, to full names and addresses, have been hacked by an hacker dubbed Stohanko. At this link a list of the hacked sites and the links to dumped data. |
 |
? |
Processor Assisted Or OS Embedded Endpoint Security?
Yesterday, September the 13th 2011, the Information Security Arena has been shaken by a couple of announcements earthquakes unleashed by two of the most important players in this market.
The first earthquake was detected in San Francisco, at the Intel Developer Forum, where McAfee announced DeepSAFE, a jointly developed technology from McAfee and Intel that enables to build hardware-assisted security products that take advantage of a deeper security footprint. According to McAfee, sitting beyond the operating system and close to the silicon, DeepSAFE technology allows to gain an additional vantage point in the computing stack to better protect systems. Although initially conceived as an anti-rootkit (and 0-day) technology, McAfee promises that DeepSAFE Technology will be the foundation for its next gen security products, maybe landing also on the Android Platform (but not on Intel’s MeeGo Mobile Platform).
The second earthquake was detected in Redmond where Microsoft announced that antivirus protection will be a standard feature for its next gen flagship OS Windows 8: features from its Security Essentials program, currently available as a separate download for Windows users, will be added to the Windows Defender package already built into Windows, allowing the users to get out-of-the-box protection against malware, along with firewall and parental controls, from within Windows without requiring a separate software. Another new security feature being baked into Windows 8 is protection from bootable USB drives that are infected with malware.
Although easily predictable (even if Microsoft took only 6 years to fully embed Sybari technology inside its OSes after the 2005 acquisition, rumors on a hardware assisted security technology were the pillars of the McAfee acquisition by Intel), these announcements have a potential huge impact on the landscape, both for consumers and more in general for the whole antivirus industry.
As fare as the Micorsoft announcement is concerned, consumers will be happy to find a free “OS-embedded” antimalware solution inside their (favourite ?) desktop operating system, on the other hand the antivirus industry will likely not be happy to have an embedded competitor to fight against (and to disable during the installation of their own products).
Similarly, just like the Operating System, the processor itself is a “necessary evil” for a PC so the other endpoint security vendors will not be happy to fight against a competitor technology which (quoting textual words) allows “McAfee DeepSAFE technology (to) sit beyond the operating system (and close to the silicon) allowing McAfee products to have an additional vantage point in the computing stack to better protect systems.”
Of course all this turmoil on the endpoint security arena looks paradoxical if compared with Google’s assertions according to which, its brand new ChromeOS will need no antivirus at all because of its many built in layers of security. On the other hand it risks to become a turmoil for the consumer who will have soon to face an hard question: will my next operating system need “software embedded” antimalware, “hardware assisted” antimalware or no antimalware at all?
Personally I do not like the idea of a single Microsoft Antivirus for every PC equipped with Windows 8 (a single vulnerability would be enough to infect millions of devices), in the same way I believe that an Operating System without antimalware protection is an unrealistic model which is not compatible with the multi-layer approach of the endpoint security (it is not a coincidence that ChromeOS has already fallen under the blows of a XSS vulnerability.
Similarly I do believe that, in order to avoid (further) Antitrust lawsuits Intel will open its direct access to processor layer to other vendors besides McAfee. On the other hand, in order to obtain the “go-ahead” from the European Commission, Intel promised to ensure that rival security vendors will have access to “all necessary information” to use the functionalities of Intel’s CPUs and chipsets in the same way as those functionalities are used by McAfee, the commission said in a statement…
Otherwise the lawyers seriously risk to be the sole winners of this endpoint revolution.
The Dangerous Liaisons (Updated)
Did you know that a smartphone might involve as many as 250,000 patent claims? You may easily understand why the $ 4.5 billion auction to buy 6,000 Nortel patents by the consortium formed by Apple, Microsoft, Research in Motion, Sony Ericsson and EMC was so cruel. You may also easily understand why Google, the loser of the Nortel auction, decided to react immediately acquiring Motorola and its patent portfolio made of more than 17,000 approved patents (and another 7,500 patents filed and pending approval) for the large sum of $ 12.5 billion.
Said in few words, the mobile arena is getting more and more agressive and cruel. For this reason, a litte bit for curosity, a little bit for fun, I decided to draw a chart (and a table) showing all the moves of the giant players in this mobile chessboard. Although deliberately incomplete (I did not show in the table the patent saga of NTP Inc. against the rest of the world and the settlement of Motorola vs RIM), it gives a good idea of the dangerous intersections involving partnership, fees, alliances and, most of all, lawsuits… With the strange paradox that some companies (read Apple and Samsung) are enemies before the court, but in the same time business partners.
While visualizing the idea I stumbled upon this similar graph showing the status of the mobile arena on 8 Oct 2010. I decided to use the same layout, omitting some informations, but updating it to the current date. The graph is a little bit confusing, but the confusion of the arrows reflects betten than a thousand words the real situation.
Anyway the war will not stop here: the next targets? Interdigital Inc. with its 8,800 patents which are attracting several bidders such as Apple, Nokia and Qualcomm; and, most of all, Kodak, whose survival depends on the auction of the 10% of its patent portfolio (1,100 patents), valued as high as $3 billion which are vital to compensate the losses estimated in $2.5 billion.
As far as the table is concerned, in order to avoid repetitions, it only shows the status of the lawsuits and alliances from the perspective of Google, Apple and Microsoft. Enjoy your read and the 250,000 patent claims on your smartphone!
| Company | Filed Suit Against | Has technological alliance with | Filed Suite From: |
 |
No one (at least so far!) |  
Of course Google licensees his Mobile OS to HTC and Samsung (in rigorous alphabetical order), and it is the driver for the impressive market share growthof Samsung and HTC.
In an effort to defend Android’s Intellettual Property “to supercharge the Android ecosystem and will enhance competition in mobile computing”, on Aug 15 2011, Google announced the intention to acquire Motorola Mobility with a $12.5 billion deal. Motorola has nearly 17,000 patents. |
Aug 12 2010: Oracle has filed suit against Google for infringing on copyrights and patents related to Java,. Oracle claimed Google “knowingly, directly and repeatedly infringed Oracle’s Java-related intellectual property”. Android uses a light proprietary Java Virtual Machine, Dalvik VM, which, according to Oracle infringes one or more claims of each of United States Patents Nos. 6,125,447; 6,192,476; 5,966,702; 7,426,720; RE38,104; 6,910,205; and 6,061,520. The case is in U.S. District Court, Northern District of California, is Oracle America, Inc v. Google Inc, 10-3561. The lawsuit is still pending and will likely take several months. The trial between Oracle and Google is expected to begin by November and Oracle is seeking damages “in the billions of dollars” from Google. On Aug 1 2011, the judge overseeing the lawsuit Oracle filed over the Android mobile OS has denied Google’s attempt to get a potentially damaging e-mail redacted. |
 |
Mar 2 2010: Apple sued HTC for infringing on ten patents, nine of which involve technologies which apply to the iPhone, while one involves the use of gestures, but only in a specific use case. The suit has been filed in the U.S. District Court in Delaware , alleging twenty instances of patent infringement. The company also petitioned the US ITC to block the import of twelve phones designed and manufactured by HTC. On Jul 15 2011 Apple won a preliminary patent ruling in an early judgment before the US ITC, in which HTC was found to have breached two of 10 patents held by Apple. On Aug 8 2011 ITC announced to have dediced to review Apple’s patent infringement complaint against HTC.
Oct 31 2010: In response to Motorola lawsuit against Apple, Apple sued Motorola and Motorola Mobility for Infringment on several Multi-Touch patents infringments in the Wisconsin Western District Court with two distinct lawsuits. A total of six patents are involved in the two lawsuits. On Nov 23, 2010: US International Trading Commission announced to review Apple patent case against Motorola.
Apr 18 2011: Apple filed suit against Samsung for copying the design of its iPad and iPhone with its smartphones and tablets. Aug 10 2011: European customs officers have been ordered to seize shipments of Samsung’s Galaxy Tab computers after the ruling late on Tuesday by a German patents court. In the last days Apple has been accused of presenting inaccurate evidence against Samsung. Aug 24 2011: Samsung has been banned from selling some galaxy phones in the Netherlands. The ban is set to begin on October 13, but Samsung doesn’t seem to be taking it too hard. |
 
On Jul 1 2011 the intellectual property of the Canada giant Nortel (in Bankrupt), involving 6,000 patents, was sold for $4.5 billion, in a dramatic auction, to a consortium formed by Apple, Microsoft, RIM, Sony, EMC and Ericsson. Google was the other competitor (and the big looser) for the deal. This event acted as a trigger for the acquisition of Motorola Mobility by Google.
On Aug 3 2011, In a post to the Official Google Blog, Google Senior Vice President and Chief Legal Officer David Drummond said that Apple, Microsoft, Oracle, and others have waged “a hostile, organized campaign against Android” by snapping up patents from Novell and Nortel and asking Google for high licensing fees for every Android device”, accusing them of Patent Bulying.
Curiously, Apple is one of the main technological partners of Samsung for displays and semi-conductors. Samsung produces Apple’s A4 systems-on-a-chip (SoC) and also the two companies collaborate for iPad displays (Apple is moving from LG to Samsung because oof quality issues of the former). Nevertheless the lawsuits between the two companies are compromising their relationships so that Apple is evaluating a new supplier (TSMC) for its A6 nexy generation chipset. |
Oct 22 2009: Nokia sued Apple in Delaware court for infringing on ten patents related to GSM, UMTS, and WLAN standards that Nokia states they established after investing more than EUR 40 billion in R&D over the last 20 years. On Jun 14 2011 Apple agreed to pay between $300m and $600m to cover the 111m iPhones sold since its launch in 2007. Although the exact number was not specified, additional yearly fees could be part of the agreement.
On Jan 2010 Kodak sued Apple and RIM claiming Apple is infringing its 2001 patent covering technology that enables a camera to preview low-resolution versions of a moving image while recording still images at higher resolutions. The cases were filed in U.S. District Court in Rochester, N.Y., as well as the U.S. ITC. On Apr 2010 Apple argues that some Kodak still and video camera products violate two of its patents On Jul 2011: While Kodak’s claim is pending, the commission rules on Apple’s complaint and says Kodak’s digital-camera technology doesn’t violate Apple’s patents.
Oct 6 2010: Motorola sued Apple for patent infringement in three separate complaints; in district courts in Illinois and Florida and a separate complaint filed with the U.S. International Trade Commission. The suits covered 18 different patents, infiringed by Apple’s iPhone, iPad, iPod touch, and certain Mac computers. The Motorola patents include wireless communication technologies, such as WCDMA (3G), GPRS, 802.11 and antenna design, and key smartphone technologies including wireless e-mail, proximity sensing, software application management, location-based services and multi-device synchronization.
Jan 12 2011: Microsoft has motioned for a summary judgment to block Apple from trademarking the phrase “app store,” as it filed with the U.S. Patent and Trademark Office (USPTO) on July 17, 2008. Mar 30 2011: Microsoft filed a second objection to Apple’s enduring pursuit to trademark the phrase “app store hiring a linguist, Dr. Ronald Butters, to go head-to-head against Apple’s own hired linguist, Robert A. Leonard.
On Jul 1 2011 US ITC said Apple has violated two S3 Graphics Co. patents in its Mac OS X operating system, but not in the iOS platform. Although not directly related to Mobile, this ruling is meaningful since S3 has been acquired by HTC on Jul 6 2011 for $300 million in order to use their patents in the fight against Apple. HTC expects final ruling on Apple-S3 graphics case in November.
On Aug 16 2011 HTC filed a new lawsuit against Apple in Delaware’s US District Court, in an escalation of the legal battle between the two smartphone giants. HTC accused Apple to have infringed three of HTC’s patents through its sale of devices including iPads, iPods, iPhones and Macintosh computers. |
|
Oct 1 2010: Microsoft sued Motorola for patent infringement relating to the company’s Android-based smartphones. Microsoft filed its complaint with the International Trade Commission and in a Washington state district court. At issue are nine patents that deal with, among others, sending and receiving e-mail, managing and syncing calendars and contacts, and managing a phone’s memory. Patent dispute will begin from Aug 21 2011, the hearing procedure can take up to 10 days, the judgment procedure is expected to reach the final verdict point only in March 2012.
Nov 9 2010: Microsoft sued again Motorola for charging excessive royalties on network technology used in Microsoft’s Xbox game system. |
 Feb 11 2011: a deal with the Devil, Microsoft and Nokia announce their plansto form a broad strategic partnership that would use their complementary strengths and expertise to create a new global mobile ecosystem.
Besides the alliances with Apple and RIM (see the corresponding cell), on May 12 2011 Microsoft has teamed up with HTC, Nokia and Sony Ericsson in Europe, filing a challenge seeking to invalidate Apple’s trademarks on the phrases “App Store” and “Appstore.” |
Nov 11 2010: Motorola Mobility sued Microsoft with the U.S. District Courts for the Southern District of Florida and the Western District of Wisconsin alleging infringement of sixteen patents by Microsoft’s PC and Server software, Windows mobile software and Xbox products. Motorola Mobility asked for the infringing devices to be barred from importation into the United States. On Dec 21 2010, ITC has agreed to hear the complaint.
|
About The Author
Support My Work!
Share:
News
08/13/2011 - My Post on Android Malware Mentioned on Engadget.
04/14/2011 - The Article Smart Grid: L'ultima Frontiera del Cybercrime published on ICT Security Magazine May 2011.
03/14/2011 - Security Summit 2011: Paolo Passeri guest at Round Table "Mobile Security: Rischi, Tecnologie, Mercato"
02/14/2011 - The Article Gears of Cyberwar published on ICT Security Magazine January 2011.
Visitors from…
