Feed aggregator

The Snowden Effect on Privacy Attitudes

Threatpost for B2B - Fri, 11/14/2014 - 11:52
Results from a survey by the Pew Research Center demonstrate that consumers' attitudes about commercial and government data collection have shifted post-Snowden.

Threatpost News Wrap, November 14, 2014

Threatpost for B2B - Fri, 11/14/2014 - 11:49
Mike Mimoso and Dennis Fisher talk about the Windows Schannel vulnerability and whether it's ripe for mass exploitation, as well as the WireLurker attack and why Apple hasn't addressed it.

Microsoft Considering Public-Key Pinning for Internet Explorer

Threatpost for B2B - Fri, 11/14/2014 - 07:42
Microsoft is considering adding public-key pinning–an important defense against man-in-the-middle attacks–to Internet Explorer. The feature is designed to help protect users against the types of MITM attacks that rely on forged certificates, which comprise a large portion of those attacks. Attackers use forged or stolen certificates to trick victims’ browsers into trusting a malicious site […]

Senate Likely to Vote on NSA-Reforming USA FREEDOM Act

Threatpost for B2B - Thu, 11/13/2014 - 16:38
The Senate will vote on the USA Freedom Act, a bill aimed at limiting the NSA surveillance and spying dragnet, in this lame-duck session of Congress.

Windows Phone Sandbox Holds Up at Mobile Pwn2Own

Threatpost for B2B - Thu, 11/13/2014 - 15:22
Researchers successfully took down Apple and Samsung mobile phones using NFC hacks during Mobile Pwn2Own, but were not able to complete compromise Windows Phone or Nexus 5 running Android.

NOAA Compromised in Apparent Chinese Attack

Threatpost for B2B - Thu, 11/13/2014 - 13:49
Systems belonging to the National Oceanic and Atmospheric Administration (NOAA) were recently compromised, purportedly by Chinese hackers.

Internet Voting Hack Alters PDF Ballots in Transmission

Threatpost for B2B - Thu, 11/13/2014 - 12:30
Researchers have published a paper that describes an Internet voting hack that alters PDF ballots in transmission.

Automakers Move to Address Privacy Concerns

Threatpost for B2B - Thu, 11/13/2014 - 10:50
Several automakers have agreed on a set of privacy principles that they say will govern the way that they handle personal information generated by vehicles, geolocation data and other sensitive information that is being produced by in-car computers and networks.

Law Enforcement Agencies in Tor: Impact Over the Dark Web

Secure List feed for B2B - Thu, 11/13/2014 - 05:00

The recent shutdown of SilkRoad 2.0 was just a small part of the events affecting the Tor network that unfolded last week.

Tor-related communities, such as privacy enthusiasts, but also cybercriminals (of course!), expressed worry after a global law enforcement operation targeted a number of illegal services based on Tor.

Operation Onymous, coordinated by Europol's European Cybercrime Centre (EC3), the FBI, the U.S. Immigration and Customs Enforcement's (ICE), Homeland Security Investigations (HSI) and Eurojust, resulted in 17 arrests of vendors and administrators running these online marketplaces and more than 410 hidden services being taken down.

The official announcement about Operation Onymous is available on the Europol website.

Here's an incomplete list of .onion services that were taken down during this operation: Alpaca, Black Market, Blue Sky, Bungee 54, CannabisUK, Cloud Nine, Dedope, Fake Real Plastic, FakeID, Farmer1, Fast Cash!, Flugsvamp, Golden Nugget, Hydra, Pablo Escobar Drugstore, Pandora, Pay Pal Center, Real Cards, Silk Road 2.0, Smokeables, Sol's Unified USD Counterfeit's, Super Note Counter, Tor Bazaar, Topix, The Green Machine, The Hidden Market and Zero Squad.

Examples of seized .onion sites

At the sametime , reports appeared about a number of Tor nodes being seized by authorities:

Over the last few days, we received and read reports saying that several Tor relays were seized by government officials. We do not know why the systems were seized, nor do we know anything about the methods of investigation which were used. Specifically, there are reports that three systems of Torservers.net disappeared and there is another report by an independent relay operator.

You can read more on The Tor Blog about their Thoughts and Concerns about Operation Onymous.

The current state of the Dark Web

Of course, the takedown only affected some Onion sites - many are still alive. Right now there are 4 times more hidden websites online in the Tor network than those that were shutdown.

Cybercrime, just like any other illegal activity, is hard to eradicate completely. Whenever illegal services are taken down, the gap created will always be filled by other criminals willing to profit from the opportunity. The reality we have to accept is that there will always be demand for such services.

The following graph shows the amount of new .onion addresses appearing each day. After the takedown on November 7th, we noticed a higher than regular spike in the number of new hidden services being set-up.

We've also analyzed the lifetime of the Onion-sites which were taken down last week. On average, most of them were alive for at least 200 days, but usually not more than 300 days - which the following graph shows. Just some were online for less than 2 months.

What does this mean for the Tor network and the Dark Web?

The most intriguing question which is raised by the media is – what exceptional tools one needs to compromise a hidden service? In theory, when you visit a hidden service, there is no way of knowing (either for you or for anyone else) the physical location of the web server behind it. For the theory to remain solid, three conditions must be met:

  1. The hidden service must be properly configured
  2. The web server should be impenetrable - no vulnerabilities or configuration errors
  3. The web application should have no flaws

If any of the 3 conditions is not met, it's quite easy for a skilled person to essentially hack into that server and start to dig further.

Anyone familiar with Dark Net websites knows how poorly coded many of these websites can be. Just because a website's physical location is obscured by Tor hidden services, it doesn't mean this website's security is bullet-proof. Vulnerabilities such as SQL injection will always be present if the coding isn't done properly.

The first scenario to compromise a hidden service would be to successfully exploit such a bad coded application. It is then possible to compromise the real server where the hidden service is stored, get information about its physical location or, more preferable, install a backdoor that could collect information of what's going on the server for weeks.

There is absolutely no need to try to and look for vulnerabilities in Tor itself, it's much easier to find a misconfiguration of services or flaws in the web application. People who control illegal Dark Net sites usually rely on Tor capabilities for security, but this will never save them from bugs in 3rd party applications or their own mistakes.

Another possible scenario is to infect the administrator of an illegal site with spyware, get full access to his computer and from there get all the required information about his true identity.

This could be easier than it seems: for example, if a vulnerability is found in a hidden service, it is possible to rig it's admin page with an exploit and wait for when the drug shop administrator will access his site. Then he would be infected with malware as a result of this highly targeted waterhole attack.

Another way is to infiltrate the illegal service posing as a regular customer, by creating an account and even buying something in there, to create reputation. When the time comes to do some communication with the hidden service's support account (about the quality of the product, for instance), they can start using social engineering or even send a spearfishing message rigged with an exploit.

There are a lot of ways to compromise a hidden service, without attacking Tor's architecture itself. Of course, the possibility of having a serious security vulnerability in Tor itself should not be completely excluded either.

EFF Calls Out ISPs Modifying STARTTLS Encryption Commands

Threatpost for B2B - Wed, 11/12/2014 - 13:18
The Electronic Frontier Foundation has backed VPN provider Golden Frog's FCC filing that accuses ISPs of stripping out STARTTLS instructions from email messages.

Microsoft Schannel Bug Latest in Long Line of Serious Crypto Flaws

Threatpost for B2B - Wed, 11/12/2014 - 08:02
The critical vulnerability in the Schannel technology in Windows that Microsoft patched Tuesday is ripe for exploitation, experts say, and continues the long line of severe vulnerabilities in major SSL/TLS implementations in recent months.

Retail Trade Groups Want Fair Data Breach Reporting Rules

Threatpost for B2B - Tue, 11/11/2014 - 16:13
Retail trade groups are urging Congress to pass a law that would enforce data breach notification rules uniformly across industries without exemption.

Adobe Patches 18 Vulnerabilities in Flash

Threatpost for B2B - Tue, 11/11/2014 - 14:54
Adobe pushed out security updates for Flash Player this afternoon, addressing 18 different vulnerabilities, all critical, that could allow an attacker to take control of an affected system.

Microsoft Patches OLE Zero Day, Recommends EMET 5.1 Before Applying IE Patches

Threatpost for B2B - Tue, 11/11/2014 - 14:07
Microsoft patched a zero-day vulnerability in OLE being used in targeted attacks as part of its November 2014 Patch Tuesday security bulletins, one of four critical updates released today.

U.S. Postal Service Breach Affects Employees, Customers

Threatpost for B2B - Tue, 11/11/2014 - 12:49
The United States Postal Service is continuing its investigation into how a cyber attack at the agency managed to compromise both employees and customers earlier this year.
Syndicate content