Threatpost for B2B
A relatively small but influential list of speakers for the upcoming RSA Conference have decided to withdraw from the show in the wake of stories implicating RSA as a co-conspirator in the NSA’s surveillance efforts. The group is a tiny fraction of the hundreds of speakers scheduled to talk next month, but it includes some big names.
The RSA Conference is one of the larger security conferences in the U.S. each year, and it attracts thousands of attendees, exhibitors and executives. Speaking at the conference is a nice entry on a presenter’s resume, and many of the bigger names in the industry speak there annually. The 2014 edition of the conference, which is scheduled for late February, was set to be no different, with a roster of top-tier speakers expected to take the stage during the course of the week.
But then came the allegation last month that RSA several years ago agreed to a deal with the NSA that involved the company making the compromised Dual_EC DRBG random number generator the default choice in the company’s BSAFE crypto library. The allegation was that the company took a $10 million payment in exchange for using Dual_EC as its default, something that NSA officials allegedly knew at the time would give them an advantage over any product that included the number generator, because the NSA allegedly had deliberately weakened Dual_EC during the development process.
RSA officials have denied that the company had a secret contract with the NSA to use the weakened random number generator.
“Recent press coverage has asserted that RSA entered into a ‘secret contract’ with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation,” the RSA statement says.
But that denial hasn’t done much to ease the fears and calm the anger in the security community surrounding this story. The withdrawals began shortly before Christmas when Josh Thomas of Altredis said he was pulling his talk from the conference. The next day, Mikko Hyponnen of F-Secure posted an open letter to top executives at RSA and its parent company, EMC, saying he too was canceling his talk, which was going to cover government-sponsored malware.
Since then, several other speakers have followed suit, including Chris Soghoian of the ACLU, Adam Langley of Google, Marcia Hoffman of the EFF, Alex Fowler of Mozilla and Chris Palmer of Google.
“I’ve given up waiting for RSA to fess up to the truth re: the NSA and Dual_EC. I’ve just withdrawn from my panel at the RSA conference,” Soghoian said on Twitter on Tuesday.
There’s a vocal contingent of the security community that doesn’t think pulling out of the conference is the right choice, especially in the absence of the concrete evidence regarding the NSA allegations.
“Basically, I don’t feel there is enough evidence to ascribe misdeeds on RSA. Pulling out of the conference is misguided at best,” said analyst Rich Mogull of Securosis. “That may change, I also don’t know if they are innocent, but we can’t hang people without enough evidence. That represents the worst reactions of our industry and community.”
What, if any, effect the cancellations will have on the conference is unclear. The conference organizers typically have alternate speakers lined up in case of cancellations and the conference, despite its beginnings as a gathering of cryptographers, isn’t viewed as a highly technical show and is seen mainly as a sales and marketing event now.
RSA Conference officials could not make anyone available for comment.
Image from Flickr photos of Kevin Bocek.
A wireless gateway suitable for a number of industrial applications is vulnerable to remote exploit because of a lack of encryption in its update and reprogramming processes, an advisory from the Industrial Control Systems Cyber Emergency Response Team said yesterday.
The Sierra Wireless AirLink Raven X EV-DO application has been discontinued by vendor Sierra Wireless, but is still supported. No mention of the vulnerabilities in versions V4221_4.0.11.003 and V4228_4.0.11.003, reported to ICS-CERT by a researcher at energy provider Cimation, is on the vendor’s website. Yet firmware, tools and utility downloads are still available for the vulnerable versions for a number of major wireless carriers.
“These vulnerabilities allow an attacker to remotely reprogram the firmware on the device,” the ICS-CERT advisory said. “After reprogramming the firmware, an attacker can affect functionality of the application, including system shutdown.”
The vulnerable gateways provide connectivity in industrial and corporate environments worldwide, in particular in the energy and transportation sectors in the U.S., Canada and Europe. According to ABI Research, Sierra Wireless has the top market share in the cellular machine-to-machine embedded module market and helps connect 1.4 billion devices. Its devices are used as part of fleet management systems, eToll and eTax collection systems, electrical smart metering applications, renewable energy EV charging stations, industrial automation, and industrial infrastructure and building monitoring applications, among others.
Sierra Wireless, according to the ICS-CERT advisory, recommends that its customers upgrade to the GX400, GX440 or LS300 devices in order to mitigate the problem.
Because the AirLink Raven series does not use encryption in the aforementioned processes, an attacker can gain access to plaintext user names and passwords and gain access to the device’s firmware and manipulate it.
In addition, the devices are also prone to replay attacks that bypass authentication altogether.
“By sending a series of crafted packets to Port 17336/UDP and Port 17388/UDP, an attacker could reprogram the device’s firmware image,” the ICS-CERT advisory said. “This could allow the attacker to affect the availability of the firmware.”
Often, these rugged industrial devices are difficult to replace either because they are physically difficult to reach, or taking them offline would cause downtime to critical services and systems.
Such was the case with a reported vulnerability in industrial automation software used to configure wireless radios connecting devices in hard-to-reach oil and gas facilities. Patched firmware was delivered by the vendor ProSoft Technology for its RadioLinx ControlScape pseudo random number generator, but researchers at IOActive who found the bug said they were not likely to be patched because updates were not able to be done over the air.
The vulnerability discovered by Luis Apa and Carlos Penagos was an issue with the passphrase generated upon creation of a new radio network connection, specifically in a setting for secure communication between the network and industrial devices. The software used local time as the seed for the new passphrase, making it relatively simple for a hacker to guess the password via a brute force attack or another type of cryptographic attack.
“By being able to guess the passphrase, an attacker could communicate with the network the device is connected to with devastating consequences,” Penagos said.
Attackers with a powerful antenna could attack these devices from many miles away and send modified packets to automation systems that could lead to serious failures.
A huge number of security vulnerabilities have been fixed in Ubuntu, including a remotely exploitable font flaw that an attacker could use to run arbitrary code on vulnerable machines. A number of Linux kernel flaws also were patched in some versions of the operating system.
The font vulnerability affects five different versions of Ubuntu, including 10.04, 12.04, 12.10, 13.04 and 13.10. The patch, issued on Tuesday, fixes the vulnerability by updating users to new versions of the operating system.
“It was discovered that libXfont incorrectly handled certain malformed BDF fonts. An attacker could use a specially crafted font file to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service,” the Ubuntu advisory says.
Along with the font vulnerability, there were a slew of Linux kernel bugs fixed in a couple of different versions of Ubuntu, as well. In Ubuntu 10.04 LTS, four separate locally exploitable kernel flaws were patched, and in Ubuntu 12.04, 10 different vulnerabilities were fixed. Two of those bugs are remotely exploitable, including a buffer overflow in the kernel.
“Evan Huus reported a buffer overflow in the Linux kernel’s radiotap header parsing. A remote attacker could cause a denial of service (buffer over-read) via a specially crafted header,” the advisory says.
The other remotely exploitable vulnerability is in the kernel’s dm snapshot facility and could be used by an attacker to get or corrupt sensitive data.
Image from Flickr photos of Andrew Mason.
It should shock no one that a viable successor to the Blackhole exploit kit has yet to emerge in the criminal underground. It’s been less than three months since the arrest of its alleged creator Paunch sent cybercriminals reliant on the toolkit scrambling for a replacement. And like any profitable business venture, new products must prove their mettle before widespread adoption happens.
“There are many kit vendors and distributors competing for customers and have replaced Blackhole,” explained Kaspersky Lab senior security researcher Kurt Baumgartner. “Over time, a single one most likely will stand out, but that can take a couple of years, like any active criminal marketplace.”
In the meantime, experts are keeping an eye on any number of kits in circulation, each with its own twist on the same business model: Selling website injections for Java, Adobe and other massively deployed products that are vulnerable to exploits that will redirect victims to websites hosting financial malware.
Blackhole was the king of the exploit kits since its debut on the black markets in 2010. It was a refined toolkit of exploits that enabled criminals who rented or leased it to infect computers with crimeware such as the banking Trojans to great profits.
“Blackhole development steadily was completed over time, resulting in a robust feature set. Its popularity overtook the popular Eleonore and Phoenix Kits at the time, in part because it was so frequently and reliably updated with effective exploits and features,” Baumgartner said. “It was highly customizable, provided effective traffic direction features, had multiple operating sales models, the distributors were well connected with additional offensive add-on sellers, and its cost was comparably competitive, among other things.”
Blackhole, along with another alleged Paunch creation, Cool, fell off the market in October shortly after the arrest of its Russian creator. Within days, researchers and customers noticed that the exploit kit was no longer being updated daily with the latest available exploits and a number Blackhole sites were returning gateway errors. The kit’s frequent updates, sometimes twice daily, along with its relatively affordable price ($50 a day, $1,500 for an annual license) went a long way toward making it the exploit kit of choice.
“I think the whole infrastructure around Blackhole was unparalleled at the time,” said Websense director of security research Alex Watson. “I think it’s going to take time for cybercriminals or other competitive exploit kits to get to the same level of proficiency that Blackhole had.”
Watson has observed criminal groups aggressively trying to recover lost revenue post-Blackhole, and shooting for multiple infections on the same machine not only using banking malware but even ransomware such as CryptoLocker.
“In that time, you see experimentation, and definitely, these groups have lost money,” Watson said. “It will be Interesting to see, and a difficult conclusion to come to, as to the overall financial impact these groups have had after Blackhole when they started both more aggressive installations of malware, and then in some cases, more sophisticated or damaging malware to get people to pay.”
As for a successor, Magnitude seems to be the leader in the clubhouse, in particular after a malvertising campaign was uncovered this week on Yahoo sites in Europe redirecting victims to the kit. Magnitude was also used in a hack of php.net in October. French researcher Kafeine ranked it behind Neutrino and has spotted a number of ransomware campaigns using the kit. There is a vast menu of exploits kits on the market, however, including RedKit, Nuclear, Bleeding Life, Sweet Orange, Angler, Sakura, Styx, and others.
“Any of the packs that include aggressive server side polymorphic features, 0day exploits, is reliably updated, and is an effective part of any sustained mass exploitation and stealing effort, is interesting,” Kaspersky’s Baumgartner said.
One as reliable as Blackhole, that’s updated as frequently, is still to be found.
“Another possibility is that these criminal gangs are waiting for these kits to get enough momentum so that they can count on it,” Websense’s Watson said. “And in the meantime, they’ve been investing in other elements of attacks whether it be different types of malware like ransomware variants such as Cryptolocker where you wouldn’t have to have as many versions installed to get quite a bit of revenue coming in for these gangs.”
Some campaigns such as the standby Cutwail spam bot relied heavily on Blackhole for its initial infection vector, and then tried their hand with Magnitude before relying of late on direct attachments or links in spam email to Cutwail downloads.
“What we’ve seen post Blackhole is this immediate cutoff where the URL-based attacks inside these emails declined because of the Blackhole infrastructure going down. And then we see a resurgence of this where Magnitude was used pretty heavily by at least one of these groups but then they dropped off using that as well,” Watson said. “That leaves us speculating, giving us an interesting look at the criminal community that leaves you open to speculate why they experimented with Magnitude and then moved away.”
Watson’s initial thought is that the business case isn’t just right with Magnitude.
“When they adopt exploit kits, it’s a mixture of the frequency of adoption to avoid security solutions and how quickly it incorporates the latest exploits,” Watson said. “The third aspect is the cost of the business arrangement for the exploit kit and if it can be competitive with what Blackhole was before.”
Video-sharing site DailyMotion, one of the most popular destinations on the Web, is in the throes of an attack where it is serving malicious ads redirecting users to a fake AV scam.
Security firm Invincea reported the issue to the website, and as of 4 p.m. ET, DailyMotion was still serving the fake AV malware.
This is the second malvertising attack reported this week. Earlier, Yahoo sites in Europe were serving ads that dropped an iframe sending users to domains hosting the Magnitude exploit kit, which then seeded victims with a host of financial malware.
DailyMotion attracts 17 million monthly visitors and is the 95th-ranked website according to Alexa.
Invincea said that the malicious ads redirect to a third-party domain in Poland called webantivirusprorh[.]pl (93[.]115[.]82[.[246). According to VirusTotal, 10 of 47 antivirus products detect the threat; most detect it as a variant of the Graftor Trojan. The initial redirect, Invincea said, is loaded via engine[.]adzerk[.]net.
When the user lands on the DailyMotion home page, an invisible iframe redirects to the scam which warns the user of a critical process that must be cleaned to prevent system damage. The victim is then presented with a dialog box that offers to clean the computer of the problem. If the user agrees, they’re asked to run a file which is the malicious executable.
Fake AV scams have been in circulation for years; generally victims are tricked into installing what they think is security software but is instead malware. They’re then informed they must purchase a subscription of some kind in order to clean the computer of the infection.
Other scams, such as ransomware infections, build off this same premise but are much more sinister in that they use harsher tricks to get the user to install the malware. Some ransomware attacks lock down computers and inform the user they’re machine has been taken over by law enforcement because of some illicit activity online and they victim must pay a ransom to get their computer unlocked.
Yahoo, meanwhile, removed the malicious ads infecting users in a number of European countries, primarily Romania, Great Britain and France, but not before an estimated 27,000 infections per hour took place between Dec. 30 and when the attack stopped this week.
The malicious ads in the Yahoo attack were served from a number of different domains, including two registered on New Year’s Day, and redirected victims to sites hosting the Magnitude Exploit Kit. The kit targets Java vulnerabilities and installs a number of dangerous Trojans, including Zeus, Dorkbot, Necurs and a number of click-fraud malware, according to Dutch security company Fox-IT, which reported the incident to Yahoo last week.
An NSA employee who is the co-chairman of a cryptography working group affiliated with the IETF will remain in that position despite calls from members to have him removed. The chairman of the Internet Research Task Force, the body that oversees the research group, rejected requests for the removal of Kevin Igoe of the NSA, saying that his position gave him little real power over the development of cryptographic standards and his removal would set a dangerous precedent.
The request for Igoe’s removal came on Dec. 20, in the aftermath of a fresh set of revelations about the NSA’s surveillance capabilities and efforts to undermine the development of cryptographic standards and algorithms. Throughout autumn, waves of stories about the agency’s attempts–and perhaps successes–to compromise crypto standards had hit the news, including the allegation that the NSA had deliberately weakened a key NIST standard by inserting the compromised Dual_EC DRBG random number generator as the default choice. Security researchers and cryptographers assessing the damage of these revelations said that the implications may not be known for years to come.
In an email to the Crypto Forum Research Group, which advises the IETF on crypto issues, Trevor Perrin, a member of the group and security engineer, cited a number of reasons for asking for Igoe’s removal as co-chair of the group, including his support for a widely criticized key-exchange system called Dragonfly, and the fact that he’s an NSA employee. Perrin claimed that Igoe was the only one who voiced any support for Dragonfly and also made some technical suggestions that would have weakened the system.
“Kevin’s NSA affiliation raises unpleasant but unavoidable questions regarding these actions. It’s entirely possible these are just mistakes by a novice chair who lacks experience in a particular sort of protocol and is being pressured by IETF participants to endorse something. But it’s hard to escape an impression of carelessness and unseriousness in Kevin’s work. One wonders whether the NSA is happy to preside over this sort of sloppy crypto design,” Perrin wrote in his email, which also went to the chairman of the Internet Architecture Board.
“While that’s of course speculation, it remains baffling that an experienced cryptographer would champion such a shoddy protocol.”
The CFRG has dual chairs in David McGrew, a Cisco employee, and Igoe, who took that position in 2011. The group is responsible for considering new cryptographic mechanisms and providing advice to groups within the IETF, the Internet standards body, on crypto issues and standards. The request by Perrin to remove Igoe generated a huge amount of discussion on the CFRG mailing list, and elicited strong opinions from a number of prominent security experts, including cryptographer William Whyte and John Viega, a software security expert.
“I think it’s reasonable to hold the opinion that this discussion is silly and overhyped. I think there’s a good chance that Mr. Igoe had no subversive intent whatsoever. I also don’t see how an IRTF working group chair can, with high probability, subvert the process (though that doesn’t mean it isn’t possible),” Viega wrote.
“To me, the most important thing the group can do is address how it makes sure to protect from subversive actors. If we had a clear answer there, then I think it matters far less who the chair is, because we can give outside eyes a better comfort level. I don’t think it’s productive to be dismissive of the concern, even if you do not agree.”
On Jan. 5, Lars Eggert, chairman of the IRTF, formally rejected the request to remove Igoe, saying that his employment by the NSA should not disqualify him out of hand, and that his actions in the Dragonfly development process could have been seen as mistakes, but were not enough to support the idea that he was purposely subverting the process.
“However, while unfortunate, the mistakes made were not of a severity that would warrant an immediate dismissal of Kevin Igoe as co-chair. It is also the first such occurrence that I am aware of,” Eggert said in his email.
He also said that because of the way that IRTF groups are constructed, Igoe, as co-chair, doesn’t really have any more influence over the CFRG group’s work than any other participant. Eggert said, however, that the perception that the NSA could be exerting influence over crypto standard development could hamper the group’s work and discourage people from contributing.
“However, would removing Kevin Igoe as a co-chair address this issue? Co-chairs do not wield more power over the content of the ongoing work than other research group participants. Should we then eliminate all individuals affiliated with the NSA from participating? We may be able to identify those that choose to participate openly under that affiliation, but what about consultants or academics that fund their participation partially or fully through NSA contracts, now or in the past? What about participants from or funded by intelligence agencies in other countries that may or may not have collaborated with the NSA?,” Eggert said.
Perrin, however, disputed this notion, saying that the idea of co-chairs only serving as glorified secretaries is a flawed one.
“Chairs are responsible for creating agendas, running meetings, deciding when and how to call for consensus, interpreting the consensus, and liaising with other parties. All this gives them a great deal of power in steering a group’s work,” Perrin wrote in his response to Eggert’s email.
Perrin also said that the questions surrounding Igoe’s NSA employment and participation in the CFRG group are serious ones that could have long-term implications for the group and the IETF and IRTF in general.
“Finally, I think Kevin’s NSA affiliation, and the recent revelations of NSA sabotage of a crypto standard, raises issues you did not consider. You did not consider the cloud of distrust which will hang over an NSA-chaired CFRG, and over the ideas it endorses. You also did not consider that as the premier Internet standards organization, the IETF/IRTF’s actions here will make an unavoidable statement regarding the acceptability of such sabotage,” Perrin said.
“We have the opportunity to send a message that sabotaging crypto standards is unacceptable and destroys public trust in those organizations in a way that has real consequences. Or we send a message that it’s no big deal.”
Despite Eggert’s decision, there is still the possibility that the IAB, which is a committee of the IETF, could intervene, or that Igoe could choose to resign on his own.
Image from Flickr photos of Alex.
It turns out the best way to get people to pay attention to those malware warnings that pop up in browsers may be to stop tweaking them, scrap them entirely and rebuild from scratch. According to a study on the subject published last week, efficient malware warnings shouldn’t scare users away, they should give a clear and concise idea of what is happening and how much risk users are exposing themselves to.
It’s already well documented that the average computer user largely ignores the warnings, but new research is trying to determine just how browser architects and information technology specialists can create more effective warnings going forward.
Ross Anderson, the Head of Cryptography at Cambridge University and David Modic, a research associate at the school’s Computer Laboratory used psychology last year to find their answer. The duo’s research, a 31-page document “Reading This May Harm Your Computer: The Psychology of Malware Warnings,” was released Friday.
“We’re constantly bombarded with warnings designed to cover someone else’s back, but what sort of text should we put in a warning if we actually want the user to pay attention to it?” Anderson asked in a post on his blog Light Blue Touchpaper last week accompanying the study.
The biggest problem the researchers found regarding malware warnings is that everyday users would ignore them if they could. The two cite a handful of previous studies, including ones that look at the length, frequency, and technicality of warnings but point out that “daily exposure to an overwhelming amount of warnings” remains an issue.
People continue to have a hard time separating real threats from inconvenient, online warnings.
Anderson and Modic argue a way to fix the warnings is to change the narrative.
“There is a need for fewer but more effective malware warnings… particularly in browsers,” the paper reads, reasoning that the way certain warnings are worded is key to getting users to pay attention to them.
As part of their experiment, the researchers presented more than 500 men and women with variations of a Google Chrome warning, each one (See table, right) incorporated one of the following angles:
- Influence of authority
- Social influence
- Concrete threats
- Vague threats
Anderson described in his blog which condition gave the best results:
“What works best is to make the warning concrete; people ignore general warnings such as that a web page ‘might harm your computer,’ but do pay attention to a specific one such as that the page would ‘try to infect your computer with malware designed to steal your bank account and credit card details in order to defraud you.’”
On the whole, respondents heeded malware warnings regardless of what they said, but as Anderson and Modic expected, users heeded the warnings more so when they featured authority and concrete threat-based warnings.
“Warning text should include a clear and non-technical description of potential negative outcome or an informed direct warning given from a position of authority,” the researchers ultimately deduced.
Concrete threats – when individuals have a clear idea of what is happening and how much they are exposing themselves – wound up being the No. 1 predictor of click-through resistance.
The experiment found that authority – when the warnings come from trusted sources – was the No. 2 predictor. Trusted figures “elicit compliance” and in the study, can even extend to include Facebook friends.
“Respondents also indicated that they were more likely to click through [warnings] if their friends or Facebook friends told them it was safe to do. Facebook friends thus appear to have more sway on the decision to click through,” they said.
In some cases, these findings could be cause for concern, especially given the number of viral phishing campaigns that have leveraged Facebook over the past several years. Still though, Modic and Anderson give credence to social media, reasoning friends on Facebook may “carry more informative power than regular ones.”
Modic and Anderson made a handful of other observations from their experiment that tie into the idea of overhauling malware warnings.
Nine out of every 10 respondents kept their warnings turned on and only one out of every 10 claimed they wanted to turn theirs off, they were just unsure of how to do it. While none of this is exactly concerning, it does speak to a tiresome status quo. Users could be getting used to seeing the same, static malware warning.
As is to be expected, those more familiar with computers kept their warnings on, but those who did turn theirs off did so because they generally ignore malware warnings and requests from their computers in general.
“The inability to understand the warnings was another significant predictor of turning the malware warnings off. We might infer that the language in existing warnings is not as clear as it could be,” the study asserts.
The research calls back to a few similar studies of late, including one released last summer by Google’s Adrienne Porter Felt and UC Berkeley’s Devdatta Akhawe.
In that study, on the whole, users mostly paid attention to the warnings they saw, only clicking through malware and phishing warnings they saw 25 percent of the time.
Remember the age of text-based gaming where natural language phrasing would help you maneuver a character through scenes in a virtual world? In a gaming context, that has long been a dinosaur, replaced by intricate and massive online role-playing games. But researchers from Carleton University in Ottawa, Canada, have proposed a way to borrow from those narrative elements to someday build what they hope will be an alternative to passwords.
Their plan is to combine user- and machine-generated narrative, based on the user’s recent activity on a computer, where the user interacts accordingly as continuous authentication mechanism, authenticating to specialized systems. The researchers’ premise is that users are much more likely to remember a familiar or interesting narrative than a complex password.
“If we’re using systems to figure out who are closest friends are, or to provide us with our favorite restaurants or news updates, why can’t personal items be used for authentication as well,” said Carson Brown, one of the authors along with Anil Somayaji and David Mould of a paper entitled: “Towards Narrative Authentication; or Against Boring Authentication.” “Allow the system to have a dialogue and prove that you are you and tell it things you know. It’s a shared secret, but still part of your identity.”
Rather than relying on the user or computer to exclusively generate the narrative, the researchers believe this should be a collaborative effort, one that is derived from a user’s recent activity on the computer. For example, it could stem from playing new games, interacting with new applications, or check-ins on social media that could indicate a memorable activity such as a vacation that would spawn a new narrative.
“In practice, the dialog would probably involve highly constrained user choices at every stage, at least initially,” the researchers wrote. “Advances in natural language processing, however, might allow for more flexible collaborative story creation.”
Brown wrote in the paper, presented last September at the New Security Paradigms Workshop, that things humans find boring are not retained, while memories that are interesting stay with us. Passwords, in other words, are easily forgettable, and choosing to authenticate from good stories or pleasant memories keeps the user engaged and, the researchers hope, lessens the risk that attackers can steal credentials the way they can with today’s weak authentication schemes.
“Good stories are almost impossible to forget, and even bad stories can be remembered. …” the researchers wrote. “In fact, people often tell stories to verify each other’s identities by verifying that they both share some common set of stories, often using exchanges that are unintelligible to others who do not know those same stories. Further, those exchanges can be remarkably quick and concise.”
While computers’ understanding of narrative is poor, the researchers postulate that elements of a narrative such as places, objects, settings or characters can be converted via software to a form people would remember and computers could verify. This could take on a challenge-response format.
“The remote server should store a complex narrative structure—a story or a set of stories—that is then used to drive a dialogue with the user,” the researchers wrote. “The system sends challenges to the user that require knowledge of the stories to be successfully responded to but can be responded to using information derived from only a small portion of the narrative structure.”
The research paper provides an example of how narrative-based authentication would work from a text-based game called Stackers. In the game, the user is asked to stack a number of objects in a particular order in order to proceed, or in this case, to authenticate themselves. Sizes or colors could be added to the object to ward off brute-force or even replay attacks, the researchers wrote.
They say that your worst fears and your fondest dreams are rarely realized. That may well be true in most walks of life, but in the information security world, 2013 was the year that our worst fears were not only confirmed, but so were some things that few but the most paranoid among us thought possible.
The list of NSA-related revelations is well-known by now: the phone metadata collection program, PRISM, subversion of a random number generator in a NIST standard, development of an arsenal of capabilities to break SSL, tapping undersea fiber cables, monitoring the communications of foreign leaders and even assembling a catalog of information-warfare tools with outlandish capabilities. Some of these revelations involve capabilities or programs that people in the security industry have either suspected were in use or had some evidence were being used. The metadata program, for example, had been discussed in some corners of the industry for several years, as had the possibility of a backdoor in the Dual_EC DRBG random number generator.
The security and privacy implications of these programs, as well as the others that have been revealed by the leaks of documents from Edward Snowden, are obvious and devastating. Some of the fundamental technologies and platforms that billions of users rely on for their communications every day are continuously monitored. They should be considered compromised.
In many ways, the promise of the Internet as an open, usable communications platform available to everyone has been broken. For the network to be useful, its users must be able to place some level of trust in it, and the protocols and technologies on which it’s built. The revelations of the last seven months have made it clear that’s just not possible. The plain truth is that we no longer know what to trust.
That’s the cold, ugly lesson of 2013, that trust, the thing that’s needed in order for security and privacy to work, is not just difficult, but may be impossible in some cases. If you rely on encryption to protect your sensitive online communications, as many of us do, how can you trust that those packets you’re sending and receiving aren’t being diverted or decrypted somewhere? You can’t. If you prefer to be left alone and not have your every online movement, interaction and email tracked, you’re out of luck.
The Internet hasn’t been the open, flexible, user-oriented network it was meant to be for a long time–if it ever actually was. Now, it’s become a poisoned, paranoid environment where everything is suspect. The last year was a brutal one for privacy, freedom and security and it’s unclear whether 2014 or any of the coming years will be any better. Only the most optimistic bettor would make that wager and optimists seem to be an endangered species these days.
Security researchers from Malware Must Die uncovered new ransomware called PrisonLocker, and said the malware author is either a legitimate security researcher or is posing as one via a personal blog and Twitter handle.
Malware Must Die has monitored PrisonLocker’s development since spotting it for sale on an underground criminal hacking forum in November. The ransomware, also known as PowerLocker, is all-but ready for sale. At the moment, it appears to lack a completed graphical user interface and is still undergoing quality assurance tests. Once it’s ready, the creator claims he will sell the malware for roughly $100 per license, which can be paid using cryptocurrency Bitcoin.
According to specifications listed by the author in a number of locations, the PrisonLocker infection process will begin with a Trojan that drops a single executable file into a temp folder. Following successful installation, PrisonLocker is designed to encrypt nearly every file on infected machines, including those on hard drives and shared drives but excluding .exe, .dll, .sys, and other system files. According to a Pastebin post from Dec. 19, PrisonLocker will deploy the Blowfish cipher, and each infected machine will have a corresponding Blowfish decryption key that is encrypted using RSA AES 2048-bit encryption.
Other features include persistence through Windows registry keys, disabling infected users’ Windows and escape buttons, and blocking task manager, command prompt, registry editor, and other Windows utilities.
Like CryptoLocker, infected users will be given a predetermined amount of time to pay the ransom before the decryption key is forever deleted. Whoever administers the ransomware will have the ability to choose the preset amount of time and pause or reset this deletion clock in order to examine ransom payments. Other customizable features include naming and placing the infection file, determining the ransom amount and method of payment, and the establishing the username and password for the administrative panel, which is set as “admin” and “admin” by default.
PrisonLocker also boasts a number of analysis prevention features. Its author claims it detects basic virtual machine, sandbox, and debugger environments. The malware will also set up what its creator calls a “locked window in a new desktop.” This, the creator claims, will render useless the “alt+tab” command and, thus, all other applications. Beyond that, even if a user manages to escape the locked window, PrisonLocker includes a module that forces the locked window to the forefront of the user’s desktop every few milliseconds.
Interestingly, the ICQ messaging ID and email address associated with the malware author’s handle (gyx) on a number of sites is also associated with the twitter handle @Wenhsl and the security blog Wenhsl[.]blogspot[.]com. In that Twitter profile’s bio, the user describes himself as the following:
“Security enthusiast. Novice infosec/malware researcher and cybercrime analyst. C/C++ and currently polishing up my MASM.”
PrisonLocker is written in C++. Malware Must Die suggests that the author may either be double dipping as a security researcher and a criminal, or merely pretending to be a benevolent security researcher to cover his tracks as a criminal. Malware Must Die contacted various law enforcement agencies and provided this information to them.
The race to replace the Blackhole Exploit Kit as the web exploit pack of choice for cybercriminals seems to have an early leader in Magnitude.
Researchers at Dutch security firm Fox-IT reported over the weekend that European visitors to Yahoo were falling victim to malicious ads hosted on the site. The ads were injecting iframes onto the user’s browser and redirecting them to sites hosting Magnitude.
This is the first known major incursion redirecting to Magnitude since the takedown of Blackhole and the arrest of its alleged creator Paunch in October.
The Magnitude exploit kit targets Java vulnerabilities and installs a number of dangerous Trojans, including Zeus, Dorkbot, Necurs and a number of click-fraud malware. Fox-IT’s investigation concluded the infections started Dec. 30, possibly earlier.
Most of the victims are in Romania, Great Briatain and France; Fox-IT said it was monitoring an average of 300,000 visits per hour to Yahoo and based on an estimated infection rate of 9 percent, the company says about 27,000 infections were happening per hour.
“At this time, it’s unclear why those countries are most affected,” the company wrote on its blog. “It is likely due to the configuration of the malicious advertisements on Yahoo.”
The Washington Post reported, meanwhile, that Yahoo has removed the advertisements in question.
“Users in North America, Asia Pacific and Latin America were not served these advertisements and were not affected,” a Yahoo representative told the Post. “Additionally, users using Macs and mobile devices were not affected.”
The malicious ads were served by Yahoo from a number of domains, including two registered on Jan. 1: blistartoncom[.]org and slaptonitkons[.]net. The company advises that concerned organizations should block the 192.133.137 and 193.169.245 subnets.Those domains then redirect to a number of domains hosting Magnitude, including boxdiscussing[.]net, crisisreverse[.]net, and limitingbeyond[.]net. All of the domains, Fox-IT said, were served from a single Dutch IP address 193[.]169[.]245[.]78.
“It is unclear which specific group is behind this attack, but the attackers are clearly financially motivated and seem to offer services to other actors,” Fox-IT said, adding that Magnitude is similar to an exploit kit used in an October compromise of php.net.
Since the takedown of the Blackhole Exploit Kit shortly following the arrest of its alleged creator Paunch in Russia, cybercriminals have yet to settle on an adequate successor. The hodgepodge of exploits kits in circulation, including Magnitude, Cool, Angler, Neutrino and others, don’t have the same muscle as Blackhole. Blackhole not only was a complete catalog of webinjects and banking malware, but it was updated almost daily, and was relatively affordable with an annual license selling for around $1,500. Since Paunch’s arrest, activity from Blackhole and its cousin Cool has dwindled to almost zero, and attackers are scrambling not only for a successor, but also to recover lost revenue.
Recently, researchers at Websense reported that the keepers of the Cutwail botnet had resorted to using phishing and spam email schemes spiked with malicious attachments or links to malware downloads because of the unavailability of Blackhole. Prior, there was a heavy use of Blackhole to automatically compromise computers and install banking Trojans or other financial malware, and to a lesser extent, direct attachments. That ratio has flipped, Websense said.
“What we’ve seen post Blackhole is this immediate cutoff where the URL based attacks inside these emails declined because of the Blackhole infrastructure going down,” said Alex Watson, Websense director of security research.
As for Magnitude, Websense reported a blip where criminals were experimenting with the new exploit kit for a period of time, but then moved away. Magnitude and Neutrino, a number of researchers report, support many of the most recent exploits, but they seem to be a work in progress in terms of how they deliver redirects or exploits.
“It has to be a worthwhile business arrangement as well. When they adopt exploit kits, it’s both a mixture of the frequency of adoption to avoid security solutions and another element how quickly it is to incorporate the latest exploits,” Watson said. “The third is the cost of the business arrangement for the exploit kit and if it can be competitive with what Blackhole was before.”
UPDATE–Bruce Schneier, the famed cryptographer and author who recently left his longtime post at BT, has taken a new position as CTO of Co3 Systems, a startup that provides incident response systems. Schneier, a central figure in the security industry for more than two decades, said he is excited about the new challenge ahead.
Schneier left BT last month after spending nearly 15 years at Counterpane, which he helped found, and BT, which acquired the company in 2006. Counterpane was part of the first wave of managed security services providers in the late 1990s and provided monitoring and detection services for its customers. He said that the incident response system that C03 now provides may have been something that Counterpane could have put together had the company not been acquired. In joining Co3, Schneier rejoins one of the other members of Counterpane’s original executive team, John Bruce, who is CEO of Co3.
Schneier said that he sees a lot of need for the service that Co3 provides, especially in today’s environment where breaches are a daily occurrence and every organization is a target.
“Years ago, attacks were both less frequent and less serious, and compliance requirements were more modest. But today, companies get breached all the time, and regulatory requirements are complicated — and getting more so all the time. Ad hoc incident response isn’t enough anymore. There are lots of things you need to do when you’re attacked, both to secure your network from the attackers and to secure your company from litigation,” Schneier said on his blog.
“The problem with any emergency response plan is that you only need it in an emergency. Emergencies are both complicated and stressful, and it’s easy for things to fall through the cracks. It’s critical to have something — a system, a checklist, even a person — that tracks everything and makes sure that everything that has to get done is.”
Schneier said that he had been getting a little restless in the last year and was looking around for something interesting to do. He had enjoyed working in a startup environment at Counterpane and had been on the advisory board at Co3 Systems for a while, so the pieces fit together easily.
“I was getting a little antsy bored but then I thought, do I want to work for a company? But I know the people here and I like the product and it fits with my philosophy,” he said in an interview. “It’s peripheral enough to what I do that it doesn’t raise any questions. If I went to work for a hard-disk encryption company then immediately the NSA question comes up. I’m not going to stop doing what I’m doing. This is a company where there’s no quandaries.”
In recent months, Schneier, who is best-known for his cryptography work and his books on information and physical security, has been working with journalists at The Guardian to help analyze some of the NSA documents leaked by Edward Snowden. He also is currently serving as a fellow at The Berkman Center at Harvard University.
“I’m pretty excited about this. It’s good to be back at a startup. Plus, John Bruce and I worked together at Counterpane…so we both know exactly what we’re getting ourselves into,” Schneier said by email.
The work that he has done on the Snowden documents will continue, Schneier said, because he views it as more important than any given job. He will be working on the documents with Glenn Greenwald at his new media venture.
“None of that stops. That’s a rule with any company. Given the choice, the job loses,” he said. “I mean, what’s more important?”
*Image via Stiftelsen‘s Flickr photostream, Creative Commons
While much of the coverage of the surveillance programs revealed by Edward Snowden have focused on the legality and constitutionality of the collection of metadata and Internet traffic in the name of counter-terrorism and national security, the question of whether these programs are actually cost effective has gone largely unexamined. But a pair of academic researchers decided to have a look at whether the NSA–and by extension, the American people–is getting anything worthwhile for the untold millions spent on the metadata program. Their conclusion: probably not.
The metadata program, which was the first surveillance system revealed by Snowden in June, is authorized under Section 215 of the USA PATRIOT Act and enables the NSA to collect and store phone call records under blanket court orders. The agency can store these records for five years, and they include information such as the originating and terminating phone numbers and the length of each call; they don’t include call content. Administration and intelligence officials have said in the wake of the Snowden leaks that collecting this data enables them to “connect the dots” among various disparate pieces of intelligence and suspects in order to conduct terrorist investigations. They also have argued that the disclosure of the Section 215 surveillance program and others in recent months have caused serious damage to American intelligence capabilities.
However, as the authors of the new paper, John Mueller, an adjunct political science professor at Ohio State University, and Mark G. Stewart, Professor and Director, Centre for Infrastructure Performance and Reliability at The University of Newcastle in Australia, note, terrorists have known for decades that the NSA is listening to their electronic communications. The current set of revelations hasn’t given them significantly more information, they argue.
“It is possible that the current revelations will impress the terrorists even further about the extent of the surveillance effort. But even if that is so, the effect would mainly be to make their efforts to communicate even more difficult and inconvenient,” the write in their paper, which was produced for the journal I/S.
“Conceivably, as some maintain, there still exist some exceptionally dim-witted terrorists or would-be terrorists who are oblivious to the fact that their communications are rather less than fully secure. But such supreme knuckle-heads are surely likely to make so many mistakes—like advertising on Facebook or searching there or in chatrooms for co-conspirators—that sophisticated and costly communications data banks are scarcely needed to track them down.”
In their paper, Mueller and Stewart try to determine what the cost of the metadata collection program might be, not just in monetary terms, but also in terms of other lost opportunities and damage to privacy. The budget for the program is classified, but the authors say that the direct costs of it could be relatively low. They caution, however, that the dollar figure the NSA spends on the program isn’t the only one that matters. There is also the cost of following up on whatever leads the metadata program generates, as well as the privacy cost to citizens whose records end up in the database, something that’s difficult to quantify.
Mueller and Stewart also are concerned with the effectiveness of the metadata program, and look closely at the infamous group of 54 terrorist incidents or plots that NSA Director Keith Alexander has cited as being identified or disrupted through the use of the Section 215 surveillance. The list of incidents itself is classified, but NSA officials have testified that 90 percent of them were identified using section 702 surveillance, which is the authority for the so-called PRISM program that collects Internet traffic.
“Thus, the 215 program, in which metadata are accumulated and stored for all telephone calls within the United States, presumably played a role only in around 5 cases over the course of the program. According to General Alexander, only 13 of the 54 cases on the classified list had a ‘homeland nexus,’ the others having occurred in Europe (25), in Asia (11), and in Africa (5),” the paper says.
“Four of the cases, all presumably included in the ‘homeland nexus’ subset, were publicly discussed in Congressional testimony on June 18, 2013, by Alexander and by Sean Joyce, Deputy Director of the FBI. Insofar as NSA surveillance played a role at all in these cases, it seems that it was the 702 program, not the 215 one, that was relevant.”
That one case, the authors say, appears to be one that involved a Somali cab driver living in San Diego who had sent some money to a group in his native country that was fighting Ethiopia. They authors cite comments from Sen. Patrick Leahy that say the cases described by Alexander “weren’t all plots and they weren’t all disrupted.”
“Absent such information, and keeping in mind the impressive record of dissembling that NSA has so far amassed, it does seem to be a reasonable suspicion—supported by the public comments of Senator Leahy—that the four cases discussed represent not a random selection from the list, but the best they could come up with. It that it so, the achievements of 215 do seem to be decidedly underwhelming,” the authors say.
Mueller and Stewart conclude that in order for the metadata program to be cost-effective, the price tag would need to be quite low.
“Although the cost of the 215 program remains classified, it is possible to calculate how much that cost would have to be for the program to be cost-effective. Even making some generous assumptions about its effectiveness, the program would be cost-effective only if its full price tag (including all the cost considerations arrayed above) is less than $33.3 million per year. The full NSA budget, for reference, is about $10 billion,” they conclude.
“It seems likely that ‘on net’ (as the President puts it) the highly-controversial 215 program could also safely be retired for ‘operational and resource reasons’ with little or no negative consequences to security…”
Image from Flickr photos of Christopher Brown.
The OpenSSL Project blames a weak password used at its hosting provider for its recent site defacement.
The organization that hosts the ubiquitous open source encryption implementation updated a notice on its website yesterday informing users that attackers used the weak credential to gain control of a hypervisor management console. The update says the OpenSSL server is a virtual server sharing a hypervisor with other customers at its service provider.
The attackers were able to get in on Dec. 29 and manipulate the organization’s virtual server, the notice said.
“Other than the modification to the index.html page, no changes to the website were made. No vulnerability in the OS or OpenSSL applications was used to perform this defacement,” the notice said, adding that the source repositories had been audited and were not accessed.
VMware yesterday denied reports that its software had been compromised as part of the OpenSSL defacement.
“We have no reason to believe that the OpenSSL website defacement is a result of a security vulnerability in any VMware products and that the defacement is a result of an operational security error,” the company said in a statement.
Hypervisors are software programs used to create and manage virtual machines; hosting providers can use them to manage multiple machines on a single host.
OpenSSL is more than a TLS or SSL implementation; it’s also a full cryptographic library that is at the core of numerous commercial software products that make use of encryption.
An attack on OpenSSL, where hackers would be able to access source code and inject backdoors or other malware, could have devastating consequences. Speculation has been high too that the NSA would covet a backdoor in OpenSSL given its presence in any number of high profile products and web applications; the list of FIPS Cryptographic Module Validation Program-certified products, for example, is lengthy and target rich featuring hundreds of security and networking products.
A Turkish hacking group claimed responsibility for the defacement. TurkGuvenligi took down the webpage and left behind the message: “TurkGuvenligiTurkSec Was Here @turkguvenligi + we love openssl _.”
The SANS Institute’s Internet Storm Center reports a surge in probes against port 32764, which matches the port used by an alleged backdoor in Linksys routers that was reported over the New Year’s Day holiday.
“At this point, I urge everybody to scan their networks for devices listening on port 32764/TCP. If you use a Linksys router, try to scan its public IP address from outside your network,” wrote SANS CTO Johannes Ullrich.
Ullrich said there was relatively little scanning activity on that port prior to Thursday when three source IPs began conducting probes on that port, scanning as of this morning close to 20,000 records against more than 4,000 targets.
Most of the probes are coming from one of the three source IP addresses in question, as well as from the Shodan search engine.
The alleged backdoor was disclosed in a Github post by a hacker Eloi Vanderbeken of France. He uploaded a PowerPoint presentation to Github describing the backdoor he found not only in five different Linksys DSL modem/routers, but also in a number of Netgear, Cisco and SerComm home and business boxes.
“I didn’t want to lose my time in writing a full report, it’s a very simple backdoor that really doesn’t deserve more than some crappy slides,” Vanderbeken wrote.
His slides describe his journey over Christmas to regain access to his home router’s admin console after losing what he describes as a very long and complex password. He began by conducting an Nmap scan where he found the router listening and responding over 32764 to a number of commands. After finding and downloading the firmware for his Linksys gear and reverse engineering its MIPS binary code, he found he could exploit a buffer overflow and cause the router to revert to its default settings.
Vanderbeken was then able to use this opening to get a command shell and write a script that gave him administrator access to the router.
It’s unclear from his Github entry whether any of the hardware manufacturers were notified of the weakness.
Researchers, meanwhile, spent a good amount of time last year looking at the security home and small office networking gear and found a number of serious issues. Cisco Linksys EA2700 boxes were found to be vulnerable to cross-site scripting attacks, file-path traversal attacks, cross-site request forgery and even a potential source code disclosure, according to pen-tenster Phil Purviance, who reported his findings to Cisco last March.
Prior to that, IOActive researchers Sofiane Talmat and Ehab Hussein shared research that demonstrated that home routers and modems from ISPs can be chained together to redirect traffic in click-fraud scams, keep blocks of users from reaching the Internet, or launch denial of service attacks. Talmat and Hussein were also able to take advantage of vulnerable firmware and upload their own in simulated attacks. Their new firmware took the place of factory-installed firmware, rendering factory-reset options useless.
A group of hundreds of academics from countries around the world have started a petition that demands Western governments, such as those in the United States and UK, stop the mass surveillance programs they have in place and “effectively protect everyone’s fundamental rights and freedoms”.
The petition is the latest public effort from various groups of security and privacy researchers, Internet pioneers and academics who are concerned about the effects of mass surveillance on the security of the Internet and the privacy of users’ communications. Signed by academics from more than two dozen countries, the petition calls on intelligence agencies to end blanket surveillance and become subject to greater oversight and transparency.
“Intelligence agencies monitor people’s Internet use, obtain their phone calls, email messages, Facebook entries, financial details, and much more. Agencies have also gathered personal information by accessing the internal data flows of firms such as Google and Yahoo. Skype calls are “readily available” for interception. Agencies have purposefully weakened encryption standards – the same techniques that should protect our online banking and our medical files. These are just a few examples from recent press reports. In sum: the world is under an unprecedented level of surveillance,” the petition says. “This has to stop.”
Many of the signatories of the petition have spoken individually about the mass surveillance programs run by NSA and the GCHQ in the UK, and have been critical of the programs, such as the metadata collection program that pulls in hundreds of millions of phone records a day and the tapping of undersea Internet cable to collect raw traffic flowing on networks owned by major providers. Bruce Schneier, a cryptographer and author, who has also been involved in some of the publication efforts of the NSA leaked documents in The Guardian, signed the petition, as did Ross Anderson of the University of Cambridge, Alessandro Acquisti of Carnegie Mellon University, Marc Rotenberg of Georgetown University and Jay Rosen of New York University.
“Without privacy people cannot freely express their opinions or seek and receive information. Moreover, mass surveillance turns the presumption of innocence into a presumption of guilt. Nobody denies the importance of protecting national security, public safety, or the detection of crime. But current secret and unfettered surveillance practices violate fundamental rights and the rule of law, and undermine democracy,” the petition says.
“The signatories of this declaration call upon nation states to take action. Intelligence agencies must be subjected to transparency and accountability. People must be free from blanket mass surveillance conducted by intelligence agencies from their own or foreign countries. States must effectively protect everyone’s fundamental rights and freedoms, and particularly everyone’s privacy.”
The petition, titled Academics Against Mass Surveillance, comes at a time when there is a huge amount of public scrutiny of the NSA’s collection methods and programs. Since the leaks from former NSA contractor Edward Snowden began in June, security researchers, lawmakers and privacy advocates have called for greater oversight and reform of the agency’s collection methods. There are a number of pending lawsuits against the NSA and some of the companies involved in the collection programs, as well as legal challenges of the programs from groups such as the ACLU and the EFF.
Image from Flickr photos of Tim Gillin.
Dennis Fisher and Mike Mimoso talk about the year that was in the security industry, including the last six months of NSA drama, the Microsoft bug bounty program, exploit sales and attacks against major banks.http://threatpost.com/files/2014/01/digital_underground_139.mp3
It didn’t take long for hackers to exploit a previously disclosed vulnerability in the popular photo sharing application Snapchat. As yet unidentified hackers spent yesterday’s New Year’s holiday dumping 4.6 million of the service’s usernames and partial phone numbers and posting them online for the public to peruse.
The site that was hosting the slew of information, SnapchatDB.info, remains offline this afternoon. In its place a note from the site’s hosting company acknowledges the account corresponding to the site has been suspended.
For a short time yesterday the site allowed anyone to download all of the leaked data as either a SQL dump or CSV text file.
The hackers responsible for disclosing the information claim they omitted the last two digits of the leaked phone numbers to “minimize spam and abuse” but encouraged interested parties to contact them for the full database.
“Feel free to contact us to ask for the uncensored database. Under certain circumstances, we may agree to release it,” read one part of the site, which has been since cached on Google.
Information about the site is sparse but according to whois.domaintools.com, someone whose address and phone number can be traced to Panama registered the site on New Year’s Eve.
It isn’t clear if the leaked information is legitimate but the fact that the site was taken offline so fast suggests there may have been some validity to the hack and that that due to the sensitive nature of the data, the company may have had it removed.
Representatives from the company failed to immediately respond to a request for comment Thursday.
News of the hack spread first on YCombinator’s Hacker News site. From there some sleuths on Reddit were able to comb through the millions of phone numbers to deduce that the average Snapchat user has a better chance of not being on the list than being on it.
Based on the leaked telephone area codes, if the phone number attached to a Snapchat account is based in one of the following states, the account’s information likely isn’t in the database:
- New Hampshire
- New Mexico
- North Carolina
- North Dakota
- Rhode Island
- West Virginia
The leaked phone numbers appear to be largely contained to North America and includes users from major cities across the United States (Los Angeles, Chicago, Denver, etc.) and some remote parts of Northern Canada.
Researchers at Gibson Security warned about the bug in a full disclosure post on their site Christmas Eve claiming it was “ridiculously easy” to use Snapchat’s API to match its users’ phone numbers with usernames on a massive scale. According to the researchers, despite disclosing the bug to the company in August, Snapchat hadn’t made any moves to fix the issue in the last five months.
Snapchat went as far as to dismiss Gibson Security’s claims in a blog post last Friday, claiming the company doesn’t display phone numbers to other users and doesn’t support the ability to look up phone numbers by username. The group tried to quell fears by claiming they’ve “implemented counter-measures and continue to make improvements to combat spam and abuse.”
What could prove to be quite the blunder for Snapchat is that the company may actually helped the hackers by suggesting how to create a database like the one that was leaked in the same blog post.
“Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database if the results and match usernames to phone numbers that way,” warned the post.
It appears the hackers were able to do just that, just on a lesser scale.
It’s not yet certain what percentage of Snapchat’s users may have been put at risk by the hack. The app was used by more than 8 million U.S. users in May 2013 according to data provided by Nielsen this past summer but it’s almost positive that figure has jumped since, especially in wake of the app’s increased popularity.
As a service to anyone who might be worried their account information is out there, Gibson have put together a searchable, web-based tool that allows users to verify whether or not their data has been leaked.
Target Corp.’s admission that encrypted PIN data was stolen in the Black Friday breach was bad news for consumers. For security experts, especially cryptographers, particular exception was taken to the retail giant’s use of Triple DES (3DES) encryption to keep the PIN data safe.
With all crypto suffering scrutiny under the weight of the Snowden leaks, security experts are extra leery of 3DES because of its age and the availability of cryptographically stronger options such as AES.
Target insists the PIN data is safe because the numbers were encrypted at physical retail locations on the PIN pad, and the key is not stored with the data. Instead, the key is with the company’s payment processors, one of which, First Data, said it is not aware of any breaches or abuse on its end.
“What this means is that the ‘key’ necessary to decrypt that data has never existed within Target’s system and could not have been taken during this incident,” Target spokesperson Molly Snyder said.
Matthew Green, a noted cryptographer and professor at Johns Hopkins University, said the PIN data is likely secure if Target is being forthright. Hackers cannot decrypt the PIN data without the key, or access to the machine storing the key.
“Most people object to 3DES because it’s an ancient algorithm that was designed as a patch for (now broken) DES until AES was finalized,” Green said via email. “Now we’ve had AES for more than a decade, it’s questionable why we’d be using 3DES.”
Assuming too that Target is compliant with the Payment Card Industry Data Security Standard (PCI-DSS), the mandates there require unique keys for every payment terminal, limiting the scale of risk brought by the breach, which resulted in 40 million debit and credit card numbers being stolen. The attackers, Green wrote in a blog post, would have to hit every terminal to have all the PIN data, or hack the processors.
PCI also requires four-digit PINs to be padded to add complexity to the data being encrypted. Four-digit PINs are child’s play for a brute force attack since there are only 10,000 possible combinations. Padding and salting the PIN data raises the cost of decrypting the data for an attacker. These techniques require using part of the credit card number as part of the key encrypting the PIN.
“Done this way, every PIN number now decrypts to a different value. If they did this, then it would indeed be the same as if no PIN information were stolen at all,” wrote Robert Graham, a researcher with Errata Security.
Green, meanwhile, described a number of possible encryption formats for PIN data. One involves the use of the XOR cipher on the PIN data with the last 12 digits of the card number, and encrypting the rest using 3DES in ECB mode. Another involves stringing the PIN with a transaction number that is then encrypted using 3DES in ECB mode. The final format involves padding random bytes onto the PIN and then encrypting. All three methods, Green said, prevent two users with the same PIN having their data encrypt to the same value under the same key.
“ECB mode has many flaws, but one nice feature is that the encryption of two different values (even under the same key) should lead to effectively unrelated ciphertexts,” Green wrote. “This means that even an attacker who learns the user’s PAN shouldn’t be able to decompose the encrypted PIN without knowledge of the key.”
All that said, the derision levied against 3DES was intense for days after Target’s announcement. Green noted that two-key 3DES will be banned for FIPS-certified products after next year because the 112-bit key was too short; three-key is 168 bits and is FIPS approved.
Green added that some impractical attacks are possible against 3DES, largely because its block size is 64 bits long, something that 128-bit AES eliminates.
“There are some impractical attacks on 3DES that dramatically reduce its key strength,” Green said. “However these are way too expensive to use in practice, and they only reduce the key strength to a level that’s still pretty large (168 down to 112 bit).”
The Syrian Electronic Army took advantage of the relative calm of New Year’s Day to make a loud statement about the NSA’s surveillance program and Microsoft’s alleged participation in it. The group compromised the Twitter account and blog of Microsoft’s Skype service and posted anti-surveillance messages on both, which were later removed.
On Wednesday afternoon, the official Skype account on Twitter posted a message that accused Microsoft of monitoring users’ Hotmail and Outlook.com email traffic and selling it to the government.
“Don’t use Microsoft emails (hotmail,outlook), They are monitoring your accounts and selling the data to the governments,” the message said. It was later removed from the Skype Twitter feed. Shortly thereafter, Microsoft officials regained control of the account and apologized to users for the attack.
“You may have noticed our social media properties were targeted today. No user info was compromised. We’re sorry for the inconvenience,” the message said.
Microsoft, along with other tech players such as Google, Apple and Yahoo, have been implicated in some of the leaks from former NSA contractor Edward Snowden regarding the agency’s surveillance capabilities. Some of the leaks have suggested that those companies have provided direct access to their networks or services to the NSA, an allegation that all of the companies have denied. Officials from those companies have said that they only provide information when required by law or a court order.
The SEA attackers also posted a similar message on the official Skype blog. The SEA has claimed responsibility for a long list of attacks in the last couple of years, including compromises of the New York Times and the Washington Post. The group has specialized in compromising the social media accounts of a variety of old-school media organizations and often espouses messages in support of the Syrian government, which has been under fire.