NSA Spies on China Telecoms Giant Huawei: Report
Posted on March 23, 2014 by Kara Dunlap in Security
WASHINGTON – The US National Security Agency has secretly tapped into the networks of Chinese telecom and internet giant Huawei, the New York Times and Der Spiegel reported on their websites Saturday.
The NSA accessed Huawei’s email archive, communication between top company officials internal documents, and even the secret source code of individual Huawei products, read the reports, based on documents provided by fugitive NSA contractor Edward Snowden.
“We currently have good access and so much data that we don’t know what to do with it,” states one internal document cited by Der Spiegel.
Huawei — founded in 1987 by former People’s Liberation Army engineer Ren Zhengfei — has long been seen by Washington as a potential security Trojan Horse due to perceived close links to the Chinese government, which it denies.
The United States and Australia have barred Huawei from involvement in broadband projects over espionage fears.
Related: China’s Huawei Denies US Spies Compromised its Equipment
Shenzhen-based Huawei is one of the world’s leading network equipment providers and is the world’s third-largest smartphone vendor.
The original goal of Operation “Shotgiant” was to find links between Huawei and the Chinese military, according to a 2010 document cited by The Times.
But it then expanded with the goal of learning how to penetrate Huawei computer and telephone networks sold to third countries.
“Many of our targets communicate over Huawei-produced products,” the NSA document read, according to The Times.
“We want to make sure that we know how to exploit these products,” it added, to “gain access to networks of interest” around the world.
Huawei is a major competitor to US-based Cisco Systems Inc. – but US officials insist that the spy agencies are not waging an industrial espionage campaign on behalf of US companies, as Snowden has alleged.
“The fact that we target foreign companies for intelligence is not part of any economic espionage,” a senior intelligence official told reporters Thursday.
The goal of economic intelligence efforts is “to support national security interests,” and “not to try to help Boeing,” the official said.
Related: China’s Huawei Denies US Spies Compromised its Equipment
Related: Huawei Founder Breaks Silence to Reject Security Concerns
Related: PLA Concerns Lead to Huawei Being Blocked in Australia
Related: Huawei Calls for Global Security Standards
Related: China’s Huawei Responds to US Hackers
Related: China’s Huawei to Curb Business In Iran
Insight: A Convenient Scapegoat – Why All Cyber Attacks Originate in China
Linux Worm Turns Focus to Digital Dollars
Posted on March 20, 2014 by Kara Dunlap in Security
A Linux worm first spotted in November has joined the growing ranks of malware mining for crypto-currency.
The worm is called Darlloz. Late last year, Symantec reported that the worm was spreading via a known vulnerability in PHP that was patched in 2012.
“The worm targets computers running Intel x86 architectures,” blogged Symantec researcher Kaoru Hayashi. “Not only that, but the worm also focuses on devices running the ARM, MIPS and PowerPC architectures, which are usually found on routers and set-top boxes. Since the initial discovery of Linux.Darlloz, we have found a new variant of the worm in mid-January. According to our analysis, the author of the worm continuously updates the code and adds new features, particularly focusing on making money with the worm.”
The most recent update includes functionality that installs ‘cpuminer’ and begins mining for Mincoins or Dogecoins, which are similar to bitcoins. The main reason for this is Mincoin and Dogecoin use the scrypt algorithm, which can still successfully mine on home PCs, whereas bitcoin requires custom ASIC chips to be profitable, the researcher explained.
“By the end of February 2014, the attacker mined 42,438 Dogecoins (approximately US$ 46 at the time of writing) and 282 Mincoins (approximately US$ 150 at the time of writing),” Hayashi blogged. “These amounts are relatively low for the average cybercrime activity so, we expect the attacker to continue to evolve their threat for increased monetization.”
While the initial version of Darlloz has nine combinations of usernames and passwords for routers and set-top boxes, the latest version comes armed with 13 of these login credential combinations – including ones that work for IP cameras. Once a device is infected, the malware starts a HTTP Web server on port 58455 in order to spread. The server hosts worm files and lets anyone download files through this port by using a HTTP GET request, the researcher explained.
“The Internet of Things is all about connected devices of all types,” Hayashi blogged. “While many users may ensure that their computers are secure from attack, users may not realize that their IoT (Internet of Things) devices need to be protected too. Unlike regular computers, a lot of IoT devices ship with a default user name and password and many users may not have changed these. As a result, the use of default user names and passwords is one of the top attack vectors against IoT devices. Many of these devices also contain unpatched vulnerabilities users are unaware of. While this particular threat focuses on computers, routers, set-top boxes and IP cameras, the worm could be updated to target other IoT devices in the future, such as home automation devices and wearable technology.”
The worm also includes functionality to block other malware to keep other attackers from controlling an infected device. So far, Symantec has identified more than 31,000 unique IP addresses as being infected. Thirty-eight percent appear to be IoT devices such as routers, IP cameras and printers. Five regions of the world that account for half of the Darlloz infections are China, South Korea, Taiwan, India and the United States.
“Consumers may not realize that their IoT devices could be infected with malware,” blogged Hayashi. “As a result, this worm managed to compromise 31,000 computers and IoT devices in four months and it is still spreading. We expect that the malware author will continue to update this worm with new features as the technology landscape changes over time. Symantec will continue to keep an eye on this threat.”
Related: Linux Worm Targets “Internet of things”
Related: New Banking Trojan Targets Linux Users
Related: Exploring the Misconceptions of Linux Security – Focus
Related: Researchers Uncover Attack Campaign Leveraging 25,000 Unix Servers
US Slaps Briton With Fresh Hacking Charges
Posted on March 1, 2014 by Kara Dunlap in Security
NEW YORK – The United States on Thursday slapped two extra charges against a British man accused of hacking into thousands of US government computer systems, officials said.
Prosecutors in New York indicted Lauri Love, 28, on one count of hacking into the Federal Reserve and one count of aggravated identity theft. If convicted on these latest charges, he faces 12 years in prison.
He was already facing up to five years in prison and and a $ 250,000 fine, or twice the gross gain or loss from the offense, on each of two counts in New Jersey. He has been charged there with hacking the computer networks of US Army, Missile Defense Agency, NASA and other agencies.
Now, prosecutors allege that Love and other computer hackers from overseas, from October 2012 to February 2013, stole and disseminated information from the Federal Reserve’s network.
The data allegedly included identifying information of military service personnel and others. Manhattan US Attorney Preet Bharara described Love as a “sophisticated hacker” who broke into Federal Reserve computers, stole and made widely available sensitive personal information.
“We place a high priority on the investigation and prosecution of hackers who intrude into our infrastructure and threaten the personal security of our citizens,” he said in a statement.
FBI assistant director-in-charge George Venizelos said Love “underestimated the level of sophistication and dedication” of the FBI cyber division to track down his alleged crimes.
In New Jersey, prosecutors had said Love and his conspirators planned and executed the attacks in online chat rooms to “disrupt the operations and infrastructure of the United States government.” Love was arrested at his home in Britain on October 25. jm/nss