ICT Security-Sécurité PC et Internet

Britische und US-amerikanische Geheimdienste sollen mit der Spionagesoftware Regin den massiven Cyberangriff auf Belgacom und EU-Behörden ausgeführt haben. Die Malware kann auch Mobilfunk-Stationen überwachen.

Die seit dem Wochenende öffentlich bekannte Cyberwaffe Regin ist unter anderem für die ausgefeilten Cyber-Attacke auf das belgische Telekommunikationsunternehmen Belgacom eingesetzt worden, die der Konzern im Juli vorigen Jahres entdeckte. Dies berichten die Blogger von "The Intercept", zu denen auch der NSA-Enthüllungsreporter Glenn Greenwald gehört. Sie berufen sich dabei auf IT-Sicherheitsexperten und eigene technische Analysen.

Learn more:

- http://www.scoop.it/t/securite-pc-et-internet/?tag=REGIN

- http://www.scoop.it/t/securite-pc-et-internet/?tag=Warriorpride

- http://www.scoop.it/t/securite-pc-et-internet/?tag=Quantum

- http://www.scoop.it/t/securite-pc-et-internet/?tag=cyberwar

- http://www.scoop.it/t/securite-pc-et-internet/?tag=NSA

- http://www.scoop.it/t/securite-pc-et-internet/?tag=TAO

- https://gustmees.wordpress.com/2012/05/21/visual-it-securitypart2-your-computer-as-a-possible-cyber-weapon/

It was the spring of 2011 when the European Commission discovered it had been hacked. The intrusion into the EU’s legislative body was sophisticated and widespread and used a zero-day exploit to get in. Once the attackers established a stronghold on the network, they were in for the long haul. They scouted the network architecture for additional victims and covered their tracks well. Eventually, they infected numerous systems belonging to the European Commission and the European Council before being discovered.

Two years later another big target was hacked. This time it was Belgacom, the partly state-owned Belgian telecom. In this case, too, the attack was sophisticated and complex. According to published news reports and documents leaked by Edward Snowden, the attackers targeted system administrators working for Belgacom and used their credentials to gain access to routers controlling the telecom’s cellular network. Belgacom publicly acknowledged the hack, but has never provided details about the breach.

Then five months after that announcement, news of another high-profile breach emerged—this one another sophisticated hack targeting prominent Belgian cryptographer Jean-Jacques Quisquater.

Learn more:

- http://www.scoop.it/t/securite-pc-et-internet/?tag=REGIN

- http://www.scoop.it/t/securite-pc-et-internet/?tag=Warriorpride

- http://www.scoop.it/t/securite-pc-et-internet/?tag=Quantum

- http://www.scoop.it/t/securite-pc-et-internet/?tag=cyberwar

- http://www.scoop.it/t/securite-pc-et-internet/?tag=NSA

- http://www.scoop.it/t/securite-pc-et-internet/?tag=TAO

- https://gustmees.wordpress.com/2012/05/21/visual-it-securitypart2-your-computer-as-a-possible-cyber-weapon/

An advanced piece of malware, known as Regin, has been used in systematic spying campaigns against a range of international targets since at least 2008. A back door-type Trojan, Regin is a complex piece of malware whose structure displays a degree of technical competence rarely seen. Customizable with an extensive range of capabilities depending on the target, it provides its controllers with a powerful framework for mass surveillance and has been used in spying operations against government organizations, infrastructure operators, businesses, researchers, and private individuals.

It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks. Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state.

As outlined in a new technical whitepaper from Symantec, Backdoor.Regin is a multi-staged threat and each stage is hidden and encrypted, with the exception of the first stage.  Executing the first stage starts a domino chain of decryption and loading of each subsequent stage for a total of five stages.  Each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyze and understand the threat.

Learn more:

- http://www.scoop.it/t/securite-pc-et-internet/?tag=REGIN

- http://www.scoop.it/t/securite-pc-et-internet/?tag=Warriorpride

- http://www.scoop.it/t/securite-pc-et-internet/?tag=Quantum

- http://www.scoop.it/t/securite-pc-et-internet/?tag=cyberwar

- http://www.scoop.it/t/securite-pc-et-internet/?tag=NSA

- http://www.scoop.it/t/securite-pc-et-internet/?tag=TAO

- https://gustmees.wordpress.com/2012/05/21/visual-it-securitypart2-your-computer-as-a-possible-cyber-weapon/

At least two browser extensions can stop the tracking method, which was in wide use earlier this year

Learn more:

- http://www.scoop.it/t/securite-pc-et-internet/?tag=Canvas+Fingerprinting

C’est dans un message diffusé sur le blog du système d’anonymisation TOR que l’on apprend, du moins que nous avons la confirmation, du piratage du système TOR.

Comme nous vous l’indiquions sur zataz, voilà une dizaine de jours, nous nous étonnions de la disparition d’une conférence dédiée à la surveillance de TOR lors du Black Hat 2014 de Las Vegas. La conférence de d’Alexander Volynkin et Michael McCord devait revenir sur les moyens de rendre beaucoup moins anonymes les utilisateurs du système.

TOR, donc, via son blog explique que ce “4 juillet, nous avons trouvé un groupe de relais dont le but supposé était de contourner l’anonymat des utilisateurs. Il semble qu’ils ciblaient les internautes qui utilisent Tor pour accéder ou exploiter des services cachés. Les attaques entraînaient la modification des en-tête de Tor pour s’effectuer.” Bref, nous revoilà avec le coup de 2007 et la lecture des données passant par les ordinateurs permettant à TOR de fournir l’anonymat tant recherché. Une technique d’espionnage démontrée par Dan Egerstad qui avait permis de révéler des centaines de données sensibles d’ambassades ou encore du Dalaïlama.

Article original appartenant à zataz.com : ZATAZ Magazine » Piratage de TOR confirmé par… TOR http://www.zataz.com/piratage-de-tor-confirme-par-tor/#ixzz38zXP7urA 
Follow us: @zataz on Twitter

F-Secure Security Labs brings you the latest online security news from around the world. Ensure that you are up-to-date with the latest online threats to guarantee your online wellbeing.

Learn more:

- http://gustmees.wordpress.com/2013/05/27/dangers-of-wifi-in-public-places/

Wires allow agencies to listen to or record live conversations, in what privacy campaigners are calling a 'nightmare scenario'

Vodafone, one of the world's largest mobile phone groups, has revealed the existence of secret wires that allow government agencies to listen to all conversations on its networks, saying they are widely used in some of the 29 countries in which it operates in Europe and beyond.

Bereits Anfang des Jahres hatte Jacob Appelbaum behauptet, die NSA fange per Post versandte Geräte ab, um darauf Spyware zu installieren. Nun untermauert Glenn Greenwald diese Anschuldigung: Betroffen seien unter anderem Router und Server von Cisco.

Learn more:

- http://www.scoop.it/t/securite-pc-et-internet/?tag=NSA

Two governments working together are said to have developed the state-sponsored malware that attacked the European Union. Guess what? One of the makers was an EU country.

Learn more:

- http://www.scoop.it/t/securite-pc-et-internet/?tag=REGIN

- http://www.scoop.it/t/securite-pc-et-internet/?tag=Warriorpride

- http://www.scoop.it/t/securite-pc-et-internet/?tag=Quantum

- http://www.scoop.it/t/securite-pc-et-internet/?tag=cyberwar

- http://www.scoop.it/t/securite-pc-et-internet/?tag=NSA

- http://www.scoop.it/t/securite-pc-et-internet/?tag=TAO

- https://gustmees.wordpress.com/2012/05/21/visual-it-securitypart2-your-computer-as-a-possible-cyber-weapon/

A sophisticated group known as Regin has targeted high-profile entities around the world. Regin is one of the most sophisticated attack platforms we have ever analysed. The ability to penetrate and...

For more than a decade, a sophisticated group known as Regin has targeted high-profile entities around the world with an advanced malware platform. As far as we can tell, the operation is still active, although the malware may have been upgraded to more sophisticated versions. The most recent sample we've seen was from a 64-bit infection. This infection was still active in the spring of 2014.

The name Regin is apparently a reversed "In Reg", short for "In Registry", as the malware can store its modules in the registry. This name and detections first appeared in anti-malware products around March 2011.

From some points of view, the platform reminds us of another sophisticated malware: Turla. Some similarities include the use of virtual file systems and the deployment of communication drones to bridge networks together. Yet through their implementation, coding methods, plugins, hiding techniques and flexibility, Regin surpasses Turla as one of the most sophisticated attack platforms we have ever analysed.

Learn more:

- http://www.scoop.it/t/securite-pc-et-internet/?tag=REGIN

- http://www.scoop.it/t/securite-pc-et-internet/?tag=Warriorpride

- http://www.scoop.it/t/securite-pc-et-internet/?tag=Quantum

- http://www.scoop.it/t/securite-pc-et-internet/?tag=cyberwar

- http://www.scoop.it/t/securite-pc-et-internet/?tag=NSA

- http://www.scoop.it/t/securite-pc-et-internet/?tag=TAO

- https://gustmees.wordpress.com/2012/05/21/visual-it-securitypart2-your-computer-as-a-possible-cyber-weapon/

Dubbed “AirHopper” by the researchers at Cyber Security Labs at Ben Gurion University, the proof-of-concept technique allows hackers and spies to surreptitiously siphon passwords and other data from an infected computer using radio signals generated and transmitted by the computer and received by a mobile phone. The research was conducted by Mordechai Guri, Gabi Kedma, Assaf Kachlon, and overseen by their advisor Yuval Elovici.

The attack borrows in part from previous research showing how radio signals (.pdf) can be generated by a computer’s video card (.pdf). The researchers in Israel have developed malware that exploits this vulnerability by generating radio signals that can transmit modulated data that is then received and decoded by the FM radio receiver built into mobile phones. FM receivers come installed in many mobile phones as an emergency backup, in part, for receiving radio transmissions when the internet and cell networks are down. Using this function, however, attackers can turn a ubiquitous and seemingly innocuous device into an ingenious spy tool. Though a company or agency may think it has protected its air-gapped network by detaching it from the outside world, the mobile phones on employee desktops and in their pockets still provide attackers with a vector to reach classified and other sensitive data.

The federal government has concluded there's a new leaker exposing national security documents in the aftermath of surveillance disclosures by former NSA contractor Edward Snowden, U.S. officials tell CNN.