Tag Archives: CyberSecurity

Focus on Kaspersky hides facts of another NSA contractor theft

The Wall Street Journal based their story on the fact that another NSA contractor took classified documents home with him. Yet another Russian intelligence operation stole copies of those documents. The twist this time is that the Russians identified the documents because the contractor had Kaspersky Labs anti-virus installed on his home computer.

This is either an example of the Russians subverting a perfectly reasonable security feature in Kaspersky’s products, or Kaspersky adding a plausible feature at the request of Russian intelligence. In the latter case, it’s a nicely deniable Russian information operation. In either case, it’s an impressive Russian information operation.

This is a huge deal, both for the NSA and Kaspersky. The Wall Street Journal article contains no evidence, only unnamed sources. But I am having trouble seeing how the already embattled Kaspersky Labs survives this.

What’s getting a lot less press is yet another NSA contractor stealing top-secret cyberattack software. What is it with the NSA’s inability to keep anything secret anymore?

And it seems that Israeli intelligence penetrated the Kaspersky network and noticed the operation.

Full story on CRYPTO-GRAM October 15, 2017 by Bruce Schneier CTO, IBM Resilient schneier@schneier.com https://www.schneier.com

END

Does anyone have experience of “KAYMERA MOBILE THREAT DEFENSE SUITE”

We are looking at this platform in parallel with the SaltDNA app which I previously posted about.

Kaymera has a pre-installed secured Android OS with integrated high-end security components to detect, prevent and protect against all mobile security threats without compromising on functionality or usability. A contextual, risk-based app uses a range of indicators to identify a risk in real-time and apply the right security measure so mitigation is performed only when needed and appropriate. Their Cyber Command Centre framework manages and enforces organization-specific permissions, security protocols and device policies. Monitors risk level, threat activities and security posture per device and deploys countermeasures.

The company is run by Omri Lavie (NSO Group of Pegagus spying platform fame) and his co-entrepreneur Shalev Hulio also founded Kaymera.

They are ostensibly solving the exact problems that NSO Group created with a super-secure phone for government officials. The CEO of Kaymera is Avi Rosen, former head of RSA’s Online Threats Managed Services group. The Kaymera offices are next door to NSO Group.

Any thoughts welcome.

ENDS.

Hacking EirGrid: NCSC MiA, GCHQ Inertia, US Data Centres, & Creating Backdoors to UK/EU Grid

This post was first published by me on Peerlyst on 7th August 2017.

This hack took place last April (2017) but the details are only emerging now. Hackers compromised EirGrid’s routers at Vodafone’s Direct Internet Access (DIA) service at Shotton, Wales. The MITM “virtual wire tap” then intercepted unencrypted messages between EirGrid and SONI (EirGrid NI). Firmware and files were copied from the compromised router devices but there is no estimate as to the scale of the breach or the magnitude of the data that was stolen.

The Role of NCSC & GCHQ

An informed source has confirmed to AirGap Anonymity Collective that this hack was going on for some time before it was “detected” and before EirGrid were informed – that was already reported.

However, the same source is also of the opinion that the UK’s National Cyber Security Centre – part of GCHQ – instructed Vodafone not to tell EirGrid of the breach – while they tried to ascertain who the perpetrators were (understandable) but that this was for an unreasonably extended period of time.

The source is not clear on what portion of the estimated nine weeks of the hack overlapped with GCHQ’s attempts to identify the hackers.

Where was Ireland’s National Cyber Security Centre while all of this was going on?

The Irish National Cyber Security Centre (NCSC) & Computer Security Incident Response Team (CSIRT)

Formally established in 2015. Together with the (CSIRT), they have responsibility for Ireland’s national cyber security defences. They say:

“The global cybersecurity threat landscape continues to pose an immense challenge. As part of wider efforts to address these security threats, the Directive on Security of Network and Information Systems (NIS Directive) was approved in July 2016. Member States have until May 2018 to implement the NIS Directive, with both the NCSC and CSIRT playing a critical role in this regard.”

Seán Kyne – Minister of State for Community Development, Natural Resources & Digital Development – discussed the NCSC’s objectives, and offered his thoughts on the nature of the digital security threat to the public and private sector alike in a press conference last month.

INCSC

EirGrid & UK Energy Policy

The UK has become increasingly reliant on off-shore wind farms and it’s power needs are augmented by the purchase of power generated in the Irish Midlands. Irish supplied power is key to the UK meeting its projected 2020 energy needs. The Irish supply is seeking to generate circa 3GW for the UK market.

The Irish national grid is managed by a company called EirGrid. They took over the Irish national grid in 2006 from ESB (the Electricity Supply Board). They own all of the physical electricity transmission assets in the country (about 7000kms of cable (fact check)).

As such, they run a monopoly and nearly all of the large independent generators (Airtricity, Synergen (70% EirGrid) Viridian and others) connect to the transmission system and utilise it to transport their power to all regions and abroad. They also operate the wholesale power market and operate (and own) the 500 MW East–West Interconnector, linking the Irish power system to Great Britain’s grid.

Last month the operator was awarded over €20 million by the EU to fund research into the deployment of renewable energy. Ireland’s own target, set out by the European Union, is to secure 40% of its electricity from renewable sources by 2020.

“We won’t have enough renewable energy left over to export to the UK without completing some specific projects, such as the proposed Midlands development,” according to Fintan Slye (EirGrid CEO). “There are sufficient renewable projects in train to meet the 2020 targets, but it’ll still be challenging. There are 2,000MW connected across the island – we need to get that to over 4,000MW by 2020.”

The EU is also funding a France-Ireland power link (that bypasses the UK) via an undersea cable as an “obvious solution” to Ireland’s energy reliance on a post-Brexit United Kingdom.

Motives – All Those Data Centres in Ireland & A BackDoor to the EU/UK Grids 

IE DCs

Extract from EirGrid Group All-Island Generation Capacity Statement 2016-2025:

“2.2(d) Data Centres in IrelandA key driver for electricity demand in Ireland for the next number of years is the connection of large data centres.Whether connecting directly to the transmission system or to the distribution network, there is presently about 250 MVA of installed data centres in Ireland. Furthermore, there are connection offers in place (or in the connection process) for approximately a further 600 MVA. At present, there are enquires for another 1,100 MVA. This possibility of an additional 1700 MVA of demand is significant in the context of a system with a peak demand in 2014/15 of about 4700 MW (where it would add 35%). In forecasting future demand, we need to appreciate that data centres normally have a flat demand profile.”

Culprits

Lots but the most likely candidate for this hack is Russia – why? Because I cast lots, sacrificed a chicken, and got my Tarot cards read. And also …

Irish energy networks being targeted by hackers – Hackers have targeted Irish energy networks amid warnings over the potential impact of intensifying cyber attacks on crucial infrastructure. Senior engineers at the Electricity Supply Board (ESB), which supplies both Northern Ireland and the Republic, were sent personalised emails containing malicious software by a group linked to Russia’s GRU intelligence agency, reported.
Inside the Cunning, Unprecedented Hack of Ukraine’s Power Grid – It was 3:30 p.m. last December 23, and residents of the Ivano-Frankivsk region of Western Ukraine were preparing to end their workday and head home through the cold winter streets. Inside the Prykarpattyaoblenergo control center, which distributes power to the region’s residents, operators too were nearing the end of their shift.
Ukraine power cut ‘was cyber-attack’ – BBC News – A power cut that hit part of the Ukrainian capital, Kiev, in December has been judged a cyber-attack by researchers investigating the incident. The blackout lasted just over an hour and started just before midnight on 17 December. The cyber-security company Information Systems Security Partners (ISSP) has linked the incident to a hack and blackout in 2015 that affected 225,000.
Hackers targeting UK energy grid, GCHQ warns – Hackers may have compromised Britain’s energy grid, GCHQ has said as it warned that cyber criminals are targeting the country’s energy sector. The security agency said industrial control systems may have already been the victim of attacks by nation state hackers.

 

ENDS

Cynic Modelling for Legacy Energy Infrastructure

A brief synopsis of my findings in “Legacy Energy Infrastructure Attack Surface Assessment, Threat Count, & Risk Profile” using my “cynic modeller”:

  1. Adversaries who are attracted to the contained assets: Everyone (hobbyists, criminals, state actors, your gran)
  2. Attack surface: As far as the eye can see
  3. Attackers who are capable of acquiring the assets starting from the attack surface: Lots
  4. Therefore the attacker population size is: Computer literate population of earth
  5. Threat count: Np-Complete;
  6. Emerging threats: IIoT and non-cybersec savvy devops rushing intodigital transformation projects
  7. Risk level: Orbital
  8. Impact of realized threat: Expansive (yes, expansive not expensive, but that too)

Assessment: Buy gas lamps, work on your natural night vision, learn to skin rabbits, move far far away from nuclear reactors, buy shares in candle companies.

ENDS

Boiling Privacy Frogs

I really wish that I understood more about psychology and the human condition. The behaviour that puzzles me over and over again and for which I have no explanation is our ability to observe something happening that is detrimental to us in every way and yet do nothing.

It is the “Boiling Frog Phenomenon” which was allegedly a 19th century science experiment where a frog was placed in a pan of boiling water, the frog quickly jumped out. However, when the frog was put in cold water and the water slowly boiled over time, the frog did not perceive the danger and just boiled to death. The hypothesis being that the change in temperature was so gradual that the frog did not realize it was boiling to death.

To demonstrate the same effect in terms of the privacy, surveillance, unwarranted government intrusion debate just trace the evolving public attitude to the J. Edgar Hoover’s Subversive Files, COINTELPRO, The Iraq WMD Lie, Snowden & PRISM, and WikiLeaks Vault 7.

I have come to the conclusion that in relation to our right to privacy that we are all frogs in tepid water, the temperature of which is starting to rise rapidly, and we have no intention of jumping out.

ENDS

The Laurel & Hardy of Cybersecurity

When Turnbull and Brandis shuffle off to some home for the bewildered in a few years it is all of us that will be left with the legacy of their carry-on.

Here are some of the victories that these two beauties have presided over, and they don’t even know how it works, not even a little bit:

In an effort to drag the continent out from under the “stupid boy” stereotype, the Lowy Institute for International Policy, has just attempted to polish a turd by proposing that despite everything “Australia might be on the right encryption-cracking track” after all.

“From a cyber security perspective, as Patrick Gray has pointed out, sufficient safeguards could be placed around these ‘updates’ to ensure that they couldn’t be reverse engineered – they wouldn’t need to be a ‘backdoor,’ open to abuse. And by focusing on a device rather than a specific app, the displacement effect, so obvious in focusing government efforts on just What’s App or Telegram, would not apply.

In theory then, this model appears promising. How closely it aligns with the legislation promised by Turnbull and George Brandis last week remains to be seen. But whichever legislative model Australia pursues, its progress will be watched closely by governments across the world. And of course, by a whole host of technology and communications companies.

Recent developments suggest that underneath the techno-babble, political point scoring and counter-terrorism blame game, governments the world over are faced by a very real policy problem. Australia may prove to be the test case for a policy solution that has far reaching consequences for privacy, technological development and the future of law enforcement operations.”

Try again gents.

ENDS

People That Like To Throw Grenades Into Your Privacy

For good or for bad I have a tattoo that reads “Fidarsi è bene non fidarsi è meglio” which literally translated is “To trust is good but to not trust is better.” or colloquially “Better safe than sorry”. At least that’s what Google translate told me. I have to trust it. But Veritas Language Solutions have previously reported on the perils of foreign language tats. Like the man who wanted the Chinese symbols for “Live and let live” on his arm but ended up with the Mandarin for “Sweet and Sour Chicken”. I like sweet and sour chicken.

Your “Mass Surveillance” Reality 

In case you have forgotten the reality of the world that you live in right now (in terms of your Privacy), here is a reminder, before it gets exponentially worse:

“The attitude of these politicians (Trump, May, Valls & Co.) and their intelligence organisations and the new “laws” – in the form of the revised Patriot Act and the Investigatory Powers Act – means that’s the vast majority of the worlds English speaking population now live under governments who can – legally – invade their privacy at will – whether at home, at work or at leisure – store the information and use it for any purpose, at any time, at any point in the future – for any reason.”

But that is not good enough. Now they want all of your encrypted data too. Just in case.

Pop Quiz

With that as a backdrop here is a pop quiz and my answers to same (Note: I am a paranoid git, and grumpy):

  1. Do I trust Theresa May? – No;
  2. Do I trust Malcolm Turnbull – No;
  3. Do I trust Donald Trump – F**k No;
  4. Do I trust the Five Eyes Intelligence Alliance – No;
  5. Do I trust the Nine Eyes, the Fourteen Eyes, NSA, GCHQ, MI6, ASD, GCSB, CIA, or CSEC – No;
  6. Do I trust the government of the country of my birth or their national security credentials – No;
  7. Do I think that politicians are concerned with striking an appropriate balance between the right to privacy, freedom of speech, and the preservation of civil liberties with the need to maintain the rule of law – No;
  8. Do I trust any bugger who asks me to trust them with the infinite power to snoop on my personal, professional, online, offline, awake, asleep life – Eh, No.

Do you?

ENDS