About these ads


Posts Tagged ‘National Security Agency’

Finally I Saw One!

August 26, 2011 1 comment

Update: F-Secure posted in their blog the complete description on how the patient 0 was found: And here it is the infamous “2011 recruitment plan message”.

Have a look to the fake sender: a message from beyond…

Original Post follows:

I am working hard for the August 2011 Cyber Attacks Timeline (stay tuned it is almost ready! Meanwhile you may check the previous ones) while I stumbled upon this very interesting article. Yes, I may say that finally I saw one of the Emails used for spear phishing attacks against RSA customers, using compromised seeds.

As you will probably know everything started on March 17, 2011, when RSA admitted to have been targeted by a sophisticated attack which led to certain information specifically related to RSA’s SecurID two-factor authentication products being subtracted from RSA’s systems.

Of course the sole seed and serial number of the token (the alleged information subtracted) is not enough to carry on a successful attack, so the attacker (whose possible target were presumably RSA customers) had to find a way to get the missing pieces of the puzzle, that is the username and the PIN. And which is the best way? Of course Spear Phishing!

And here the example of a fake spear phishing E-mail targeting one of the One of America’s Most Secret (and Important) Agencies and in the same Time RSA customers:

Likely the same attack vector was utilized against three Contractors (RSA Customers) which were targeted by attacks based on compromised SecurID seeds between April and May (Lockheed Martin, L-3, and Northrop Grumman). What a terrible year for Contractors and DHS related agencies!

By chance today F-Secure revealed to have discovered the patient zero, that is the mail (“2011 Recruitment Plan”) used to convey the APT inside RSA. Someone (who decided to follow the best practices for anomalous e-mails) submitted it to Virus Total, a cloud based service for scanning files, and it looks like that F-Secure antimalware analyst Timo Hirvonen discovered the e-mail message  buried in the millions of submissions stored in this crowd-sourced database of malicious or potentially malicious files.

Original Source of Spear Phishing E-mail: http://www.cyveillanceblog.com, Kudos to @yo9fah for reporting me the link.

About these ads

Tweets Like Weapons

July 27, 2011 2 comments

Thanks to Andrea Zapparoli Manzoni for suggesting the original concept of Consumerization of Warfare and this update.

If the Cyberspace is the fifth domain of war, social media are likely destined to became the major sub-domain.

In a previous post we defined “Consumerization of Warfare” the growing use of consumer technologies such as Social Networks and Mobile for Military purposes (such as propaganda or espionage).

The most obvious examples of this trend are represented, on a global scale, by the influence (also recognized by President Obama) that social media had for the Wind of Changes blowing from Maghreb to the Middle East. In this contest they were used for different purposes: for witnessing the real extent of the events (which was a key factor in fostering the Allied intervention in Libya), for virally spreading propaganda and psyops information, and, last but not least, in a strict military context, as a further evidence to “strong authenticate” coordinates for Nato Missile Attacks in Libya.

But this approach is not limited to social media. Mobile devices are the natural companions of social media, so U.S. Army, U.S. Marines, and National Security Agency are just evaluating the use of COTS (Commercial Off-The-Shelf) products for military purposes and is evaluating several different commercially available smartphones and tablets, properly hardened and secured.

In particular, despite privacy and reputation issues, social media have proven to be a powerful device for spreading information. Consider for example a single event: Osama Bin Laden’s death. Tweets dealing with this event averaged 3440 TPS from 10:45 to 12:30pm ET on May 2 2011, reaching a peak of 5106 TPS around 11:00pm ET.

Such a formidable weapon must be fully exploited for defensive and offensive purposes, consequently the newcomer in this warfare is none other than the Pentagon, which is asking scientists to figure out how to detect and counter propaganda on social media networks in the aftermath of Arab uprisings driven by Twitter and Facebook. The US military’s high-tech research arm, the Defense Advanced Research Projects Agency (DARPA), has put out a request for experts to look at “a new science of social networks” that would attempt to get ahead of the curve of events unfolding on new media.

The program’s goal is:

To track “purposeful or deceptive messaging and misinformation” in social networks and to pursue “counter messaging of detected adversary influence operations,”

according to DARPA’s request for proposals issued on July 14.

The idea to build fake personas to manipulate the social arena is not completely new (and one of the players involved was just the well known HBGary Federal), but this time the scope is pretty much wider, aiming to change the course of events by massive (counter)information campaigns (think for instance to video and images coming from Libya which were crucial to foster the Allied Intervention).

I am not sure Zuckerberg & Co. will be very happy that their creatures are considered, against their will, a battlefield from The Pentagon…

Consumerization Of Warfare 2.0

June 21, 2011 2 comments

It looks like the consumerization of warfare is unstoppable and getting more and more mobile. After our first post of Jume the 16th, today I stumbled upon a couple of articles indicating the growing military interest for consumer technologies.

Network World reports that the National Security Agency is evaluating the use of COTS (Commercial Off-The-Shelf) products for military purposes and is evaluating several different commercially available smartphones and tablets, properly hardened and secured. The final goal is to have four main devices, plus a couple of infrastructure support services. Meanwhile, trying to anticipate the NSA certification process, U.S. Marines are willing to verify the benefits of a military use of smartphones and consequently issued a Request For Information for trusted handheld platforms.

In both cases, the new technologies (smartphones and tablets) are preferred since they are able to provide, in small size and weight, the capability to rapidly access information in different domains (e.g., internet, intranet, secret), geolocation capabilities which are useful in situation awareness contexts, and , last but not least, the capability to connect with different media (eg, personal area network [PAN], wireless local area network [LAN], wide area network [WAN]).

Nevertheless, in a certain manner, the two approaches, albeit aiming to the same objective, are slightly different. NSA is evaluating the possibility to harden COTS in order to make them suitable for a military use, but since this process of hardening, certification and accreditation may take up to a couple of years, which is typically the life cycle of a commercial smartphone or tablet (it sounds quite optimistic since one year is an eternity for this kind of devices), the RFI issued by the Marines Corps is soliciting for system architectures and business partnerships that facilitate low-cost and high-assurance handhelds, where high-assurance means at least meeting the common criteria for evaluated assurance level (EAL) of 5+ or above. From this point of view the Marines’ approach seems closer to (and hence follows) the approach faced by the U.S. Army which is already testing iPhones, Android devices and tablets for us in war (a total of 85 apps, whose development took about $4.2 million, we could nearly speak about a Military iTunes or Military Android Market!).

But the adoption of consumer technologies does not stop here and will probably soon involve also the use of technologies closely resembling the Cloud. As a matter of fact, the NSA plans to develop in the near future a secure mobile capability, referred to as the “Mobile Virtual Network Operator,”, which will be be able to establish a way to provide sensitive content to the military and intelligence “in a way that roughly emulates what Amazon does with Kindle”, as stated by said Debora Plunkett, director of the NSA’s information assurance directorate, speaking at the Gartner Security and Risk Management Summit 2011 (but the NSA will not be the first to pilot this kind of technology since the NATO is already adopting Cloud Computing).

Probably this is only one side of the coin, I’m willing to bet that the consumerization of warfare will soon “infect” armies belonging to different countries and consequently the next step will be the development of weapons (read mobile military malware) targeted to damage the normal behavior of the military smartphones and tablets. On the other hand the Pentagon has developed a list of cyber-weapons, including malware, that can sabotage an adversary’s critical networks, so it is likely that these kind of weapons will soon affect mobile devices…


Get every new post delivered to your Inbox.

Join 2,705 other followers