We often discuss about warfare and cyberespionage, focusing on the usage of technology to steal intellectual property of foreign states. Of course the countries that have valuable technology skills are most exposed to targeted attacks that daily try to steal information regarding hi tech projects. Japan, US and European Countries are preferred target of many nations, China first, but also Russia, Iran and North Korea.
Which are information they were looking for?
Patents, confidential information related to policies of private companies, government information, all these date are principal targets of hackers sponsored by foreign governments.
Which are the main methods of cyberespionage?
The methods of cyber espionage are innumerable, the use of malware and hacking for infiltrating enemy networks are undoubtedly the most successful techniques. But don’t forget that we live in the era of globalization, US and Chinese companies operate everywhere in the world, however American law enforcement officials declared that giving in outsourcing critical services, such as telecom, could allow theft of intellectual property and cyberespionage. According to the FCC, 43.5% of the company is indirectly owned by foreign interests.
Of course the threat is not related to every foreign company but it’s specific for those businesses that are government-owned like some Chinese mobile phone giants. The specific case is related to the world’s largest mobile provider China Mobile applied in October for a license from the Federal Communications Commission to provide service between China and the United States and to build facilities on American soil. Of course the concerns of the intelligence services are high, providing similar projects foreign companies have access to communication infrastructures and network traffic making possible spying operations and the exposure of intellectual propriety and national secrets. The risks is concrete, in many occasion has been discussed about the continuous attacks of Chinese stated sponsor hackers against American networks. Officials from the FBI, the Department of Homeland Security and the Justice Department’s national security division compose a special collective named “Team Telecom,” in charge of review FCC applications by foreign-owned companies. The problem is really critic, on one side we have valuable business opportunity, on the other hand there is the security of the nation, for this reasons the group have to define a proper agreement to preserve both needs. In discussion is the routing of traffic from US Carriers (e.g. Verizon Communications Inc. or AT&T Inc) on networks the management of which is licensed by China Mobile. The firm declined to address allegations about Chinese spying and is actually collaborating with US Government for the definition of a satisfactory agreement. In the past Chinese companies China Telecom and China Unicom have been already engaged to carry telecommunications services, but they were other times when no cyber strategy took into account the threat of cyberespionage. Similar agreements have required in the past to the manufacturer the classification and census of all equipment used as communication vector such as undersea cables used to carry traffic to and from the United States. Meanwhile in US is discussing the allocation of services to foreign companies the Reuters agency has confirmed that the ZTE Corp, the world’s No.4 handset vendor, reported that one of its mobile phone models sold in the US contains a vulnerability that could allow a remote control of the handset. The backdoor affects ZTE’s Score model based on Android operating system, it’s the first case reported on the platform and many expert are convinced that the event is not casual. Not to mention the rivers of charges read out against another Chinese company with state participation, the Huweai.
Personally I feel very justified concerns of U.S. security experts, the risk of espionage is real must be managed with the utmost care to avoid catastrophic consequences.
Pierluigi Paganini
The public opinion is daily informed regarding the situation in Syria that is still critic, according UN representative in the country several clashes are undermining a virtual ceasefire.
Deputy Rep to Syria, Nasser Al-Qudwa, declared :
“There is, at least, a theoretical commitment on the part of the Syrian government, and also on the part of the Syrian opposition, to cease all forms of violence. Unfortunately there have been violations that endanger this. But the general direction includes some positive aspects. However, we need a ceasefire, and to confirm the necessity for complete commitment to ending the violence.”
The reality denounced by dissidents and observed by foreign governments is alarming, the regime driven by the president Bashar al-Assad has committed one of the most horrific massacres since the beginning of the uprising in Syria.
Once the government has discovered that dissidents were using program such as Skype to communicate, it has used the same channel to spread the backdoor “Xtreme RAT”. The schema of the targeted attacks was simple, after the arrest of some dissidents, the government has used their Skype accounts to spread a malware hidden in a file called MACAddressChanger.exe that was accepted by others activists. The dissidents were confident in the MACAddressChanger usage that they have used i the past to elude the monitoring system of the government.
Xtreme Rat is a malware that belong to the Remote Access Tool category really simple to retrieve on line at a low price (Full version Price: €100 EUR). To confirm that backdoor has been installed by the Syrian Government is the IP address of the command server that belongs to Syrian Arab Republic — STE (Syrian Telecommunications Establishment).
The sample reported is not the only one, the experts of the Trend Micro firm have discovered the usage of the malware DarkComet to infect the computers of the opposition movement. The malware is used to steal documents from the victims and it appears to have been spread through Skype chats. Once in execution the malware try to contact the command and control (C&C) server to receive instruction and also to transfer the stolen information. It has been observed that the C&C server is resident in Syria, the range of the IP addresses is under the control of the government of Damascus.
What is DarkComet and how it works?
According Trend Micro blog it is considered a widely available Remote Access Trojan (RAT) that is used to take pictures via webcam of the remote host, to listen in on conversations via a microphone attached to a PC, to gain full remote control of the victim and of course key logging it.
The use of malware was not the only operation conducted by the Syrian government in fact supporters of the regime the “Syrian Electronic Army” have conducted several cyber attacks against web site and social media used by the opposition movement. Several web sites have been defaced and also Facebook accounts used by the protesters have been targeted. Don’t forget that The Syrian Computer Society was headed by al-Assad in the 1990s demonstrating the high interest in cyber warfare of the government.
In Syria we have assisted to the usage of malware as cyber weapon, a powerful tool to conduct cyberespionage campaign and to spy on dissident.
What is surprising, however, is the use of tools commonly available on the market and well known to the masses. From a country that has always invested in technology such as Syria, whose government can rely on the technological support of Russia and China with which it maintains good diplomatic relations, we can expect the development of ad hoc malware.
Why use monitoring solutions so “noisy”? If monitoring of dissidents is made only through such instruments would be sufficient simply a removal tool available online, is this really the effect that the Damascus government expects from the solutions used?
Personally I think the malware identified were used with the specific intent to divert the attention of other control tools for a long time adopted in the country. The Syria has over the years, with the collaboration of Western companies, developed a great knowledge of the main control systems. The exploitation of a 0-day vulnerability rather than the purchase of advanced networks control systems are the main solutions that can be expected from a country like Syria.
Probably the solutions used are really attributable to some western company, or to any foreign government that is doing everything possible to conceal its involvement, which would clearly violate every international moratorium. For this reason I expect that in the coming months an increasing number of RAT (Remote Administration Tool ) will be found in PCs of suspected dissidents, with the intent to cover some uncomfortable and embarrassing truth.
Once again in my opinion the financial interests are prepended to human rights.
Pierluigi Paganini
The experts of Trusteer firm have discovered a new variant Zeus malware responsible of a series of attacks against principal internet service providers. The variant carried out attacks using the P2P network architecture targeting users of Facebook, Hotmail and Yahoo and Google Mail.
What is Zeus?
The Zeus Trojan is one of most notourios malware that we have found in several cases, we can consider it as one of the better products of the malware industry. The malware is really appreciated by cyber criminals that have improved its feature over the months. Zeus Trojan is born as an agent able to steal banking information by logging keystrokes and form grabbing, it is spread mainly through phishing and drive-by downloads schemes.
With an eye on the malware distribution model and support services, commonly referred to as “software-as-a-service”, I point out the ZeuS offshoot, Citadel, to true web store advertised on several members-only forums that proposed malicious hackers developments .
Recently I reported the news on the commercial distrubution of the famous Zeus Trojan, a malware designed as an open project that can be customized with new features to meet customer demands. Consider that the several Zeus botnets are estimated to include millions of compromised computers (around 3.6 million in the United States). As of October 28, 2009 over 1.5 million phishing messages sent on Facebook Were with the purpose of spreading the Zeus’ Trojan . Regarding ZeuS diffusion I suggest the consultation of the web site https://zeustracker.abuse.ch/ that provides updated statistics on the localizzation of the Command&Control servers of the botnet based on the agent. Between the huge quantity of statistics presents I have found a couple of issue that I consider really indicative the Average Antivirus detection rate (last 60 days) and the list of the Top C&C servers.
The schema of the new scam
The principle used to trick unsuspecting users is simple, the cyber criminals behind the malware with the intent to steal user’s debit card data, have offered discounted product through the famous platform. The malware relies on the psychological conditioning of the user that seeing attractive discounts offered on the famous platforms is pushed to believe them as genuine.
The scams exploit the trust relationship between users and these well-known service providers, as well as the Visa and MasterCard brands, to steal users’ debit card data. Let’s in details the features of the principal attacks observed.
The malware variant that hit Facebook uses a web injection mechanism to propose to the victim a special price reduced of 20% for purchases made with Visa or MasterCard debit card using their Facebook account. The scam promises in fact that after registering debit card information, the victim will earn cash back when they purchase Facebook points.
Of course to the user is proposed a form for the registration of debit card info that is equivalent to a legitimate one also in term of proposed layout.
A transaction using Verified by Visa/SecureCode will initiate a redirect to the website of the card issuing bank to authorize the transaction. Each issuer could use any kind of authentication method (the protocol does not cover this) but typically, a password-based method is used, so to effectively buy on the Internet means using a password tied to the card.
Different schema has been implemented in the attacks against Hotmail, Google Mail and Yahoo users, in this cases Zeus variant offers an new way of authenticating to the 3D Secure service offered by the Verified by Visa and MasterCard SecureCode programs.
3-D Secure is an XML-based protocol designed to be an added layer of security for online credit and debit card transactions. It was developed by Visa with the intention of improving the security of Internet payments and offered to customers as the Verified by Visa service. Services based on the protocol have also been adopted by MasterCard, under the name MasterCard SecureCode.
The basic concept of the protocol is to tie the financial authorization process with an online authentication. This authentication is based on a three domain model (hence the 3-D in the name). The three domains are:
- Acquirer Domain (the merchant and the bank to which money is being paid).
- Issuer Domain (the bank which issued the card being used).
- Interoperability Domain (the infrastructure provided by the card scheme, credit, debit, prepaid or other type of finance card, to support the 3-D Secure protocol).
The protocol uses XML messages sent over SSL connections with client authentication (this ensures the authenticity of both peers, the server and the client, using digital certificates).
The malware operates in the phase of the online transaction used by merchants to require cardholders to authenticate using their personal 3D Secure password.
In the scam that circumvents Google Mail and Yahoo users claims, the customer is convinced that linking his 3D code to the mail account making it available for future purchases. The malware propose a sort of single sign on schema, convincing the user that simply registering its data on the mail platform he wil be able to perform purchases logging to its email account using the protected services Google Checkout and Yahoo Checkout.
The advantage proposed to the user is of course a secure channel for his online transactions. Also in this case is proposed to the user a fake page to collect the victim’s debit card information reporting the logos of Visa and MasterCard circuits.
A similar schema has been adopted also against Hotmail offering a free new security service.
A multi purpose malware
Zeus is undoubtedly one of history’s longest-running malware used for different purposes, just remember that the dangerous malware was used to strike the hacktivists of Anonymous. On that occasion, a modified variant of the tools used in the attacks infected with Zeus malware, in this case the tool Slowloris, was spread using the standard channels as Pastbin. The hackers have copied and pasted an original entry Pastebin Anonymous Replacing the download link with an infected version. In this way the agent was extremely rapid diffusion.
The example is purely demonstrative, we don’t know who is behind the hack, but what really worried about is the extensive use of malware by cybercrime an governments for operations of cyberespionage.
The approach pursued for these agents is evolutionary and permanently eradicate a threat that evolves over time in unexpected ways in the future will require an increasing effort.
Pierluigi Paganini
In last months we have a long discussed about the security status of US networks and infrastructures, we have described the American cyber strategies and the main action proposed to protect the principal assets of the nations. One story in particular struck us deeply, that relating to the vulnerability of U.S. Government networks for admission of senior government officials are routinely hacked. Difficult to accept a reality that is disconcerting, one of the major superpowers in the world forefront of the technology is vulnerable to attack by hacker groups animated by the most diverse motives.
Who is interested to US networks and why?
Consider that cyber infrastructures of a country are a mine of news that attracts foreign governments, independent hackers and also hacktivism, all this forces daily combine their actions against the same target. The success of the cyber attacks against US networks, according the declarations of the security experts, is due the US infrastructure status that are protected by obsolete defense systems unable to fight against continuous incursions. Speaking before the Senate Armed Services Subcommittee on Emerging Threats and Capabilities the experts told the assembled Senators that the U.S. government needed to abandon the notion that it could keep outsiders off its computer networks.
Very meaningful the worlds pronounced by Senator Rob Portman member of the Emerging Threats and Capabilities subcommittee:
“We can do things to make it more costly for them to hack into our systems…,”
“but you didn’t say we can stop them.”
A clear message that expresses the awareness of the threat and impossibility to defeat it in the short term This time the revelations on the status of US networks come from the famous group Anonymous, in a recent interview its component Christopher “Commander X” Doyon, who today lives in Canada, declared:
Right now we have access to every classified database in the U.S. government. It’s a matter of when we leak the contents of those databases, not if. You know how we got access? We didn’t hack them. The access was given to us by the people who run the systems…
The five-star general (and) the Secretary of Defense who sit in the cushy plush offices at the top of the Pentagon don’t run anything anymore. It’s the pimply-faced kid in the basement who controls the whole game, and Bradley Manning proved that.
According Doyon, the great force of the groups is made by insiders in government infrastructures that give the group an unimaginable power, the power of knowledge and information.
Doyon has admitted him participation in some of the most important attacks on websites last year from Sony to PayPal. He was arrested in September for a minor hack on the county website of Santa Cruz, Calif., where he was living, in retaliation for the town forcibly removing a homeless encampment on the courthouse steps.
For that, Doyon is facing 15 years in jail. But he crossed the border into Canada in February to avoid prosecution. Doyon was the leader of the People’s Liberation Front , a group allied with Anonymous and is considered the most wanted hacktivist after Julian Assange.
The hacker has reiterated the concept saying
“The entire world right now is run by information,”
“Our entire world is being controlled and operated by tiny invisible 1s and 0s that are flashing through the air and flashing through the wires around us. So if that’s what controls our world, ask yourself who controls the 1s and the 0s? It’s the geeks and computer hackers of the world.”
What the hacker claims regarding today’s information society is correct, each date is related to its simple binary representation, a core of information expressed using 0s and 1s that can never be considered completely safe.
What do you think about the revelation of the exponent of the group? What is the truth behind these declarations?
We are now accustomed to sensational statement by Anonymous, we all recognize its great media capacity, but rather than believing the truth exposed the experts have the following interpretations:
- Hackers are operating on psychological front, trying to instilling the culture of suspicion in the enemy lines. Everyone could be a spy, everyone could be Anonymous.
- Just the statement “everyone could be Anonymous” is the base for a second hypothesis regarding the revelations of the hackers. Anonymous is sending a message to all those investigators who are employed by the government and for which collaborations are open.
I think both assumptions valid while acknowledging that Doyon has certainly exaggerated in his claims to more striking its declarations. The risk of insider close to the group is high and to face similar threats requires observations of procedures and protocols in order to prevent access to confidential information.
I’m still convinced that the group is in a phase of profound transformation, new inside tumultuous currents have born and they could degenerate to dangerous insurgents.
In my opinion, such statements must be taken into consideration but I also believe that the group has issued statements to pursue a clear strategy of media presenteeism.
In recent weeks, in several articles I predicted the possibility that law enforcement and intelligence agencies were infiltrating the group, today according hacktivist’s declaration we are assisting to a reverse of the scenario. The reality is that both factions fear the event and are working so that the damage could be minimal in case of external conditions.
Meanwhile we have few info on how Anonymous is approaching the problem, on the opposite site we have perception of how major government agencies are facing the threat. I note that the FBI in more than one occasion pointed out the need to detect insider providing valuable guidance and insights on the topic.
Regard the topic I suggest to read the guidance provided by FBI “The Insider Threat An introduction to detecting and deterring an insider spy.” an introduction for security personnel on how to detect an insider threat and provides tips on how to safeguard your company’s trade secrets. Cyber espionage and theft of intellectual property are increasing threats to organizations and government institutions that can go unnoticed for months or even years.
The message is:
“We must remain on guard, we don’t wait for the day when Doyon’s words will come true”
Pierluigi Paganini
2011 IC3 – Internet Crime Report
In this article I desire to discuss about the data provided in the 2011 IC3 Internet Crime Report that provide evidence of the Internet Crime Complaint Center (IC3) against cybercrime in US and of the obtained results. On May 8, 2000 from a partnership between NW3C, BJA and the FBI was born The Internet Fraud Complaint Center with the purpose to address online frauds. Three years later the center changed its name to the Internet Crime Complaint Center (IC3®) and its mission became the fight against cyber crimes of all types.
The Internet Crime Complaint Center serves as an institution to gather, develop and refer criminal complaints regarding the rapidly expanding of cybercrime, it gives the victims a convenient and easy-to-use reporting mechanism that alerts authorities to suspected criminal or civil violations.
The reports shows an increasing of internet crimes respect previous year, in 2001 the center received over 300,000 complaints with an increase of 3.4-percent and the total loss was $485.3 million.
Let’s give a look to the overall statistics related to 2011:
- Total complaints received: 314,246
- Complaints reporting loss: 115,903
- Total Loss: $485,253,871*
- Median dollar loss for those reporting a loss: $636
- Average dollar loss overall: $1,544
- Average dollar loss for those reporting loss: $4,187
An interesting observation is that of all the complaints only 36.9 percent reported financial loss, this data could be interpreted in different way, assuming the efficiency of prevention action or only considering that some complaints are only related to tentative of crime. What is interesting is that analyzing all complaints reported is helpful in identifying trends and building statistical reports on the crimes.
Each complaint submitted to the IC3 follow a specific lifecycle that make possible its analysis and the comparison with similar event for crime persecution and prevention for the future. The functions of IC3 center are crucial in the fight against cybercrime, the principal are the analysis of complaints, collection of relevant case information and the providing of public service announcements.
The results of the activities are shared with state, local, tribal, federal and international law enforcement personnel via email and through www.ic3.gov website.
To identify links and commonalities between complaints IC3 analysts use an automated matching system that aggregates them in groups for law enforcement. In 2011 the 314,246 complaints received have been grouped in 47,592 used for analytical review.
Which were the most reported offense during last year?
The Top five crime type are:
- FBI-related Scams – Scams in which a criminal poses as the FBI to defraud victims.
- Identity Theft – Unauthorized use of a victim’s personal identifying information to commit fraud or other crimes.
- Advance Fee Fraud – Criminals convince victims to pay a fee to receive something of value, but do not deliver anything of value to the victim.
- Non-Auction/Non-Delivery of Merchandise -Purchaser does not receive items purchased.
- Overpayment Fraud – An incident in which the complainant receives an invalid monetary instrument with instructions to deposit it in a bank account and send excess funds or a percentage of the deposited money back to the sender.
Of course of the primary activities is to provide prevention services through an alert system based on the analysis of complaints to rapidly identify any kind of internet crimes and provide a prompt alert.
In this perspective it is easy to understand how is crucial the gathering of complaints made by the IC3 that uses date to prepare public service announcements (PSAs) on the latest cyber trends to keep users and industry up-to-date on Internet fraud.
IC3 distributes these PSAs through media outlets, corporate partners and its web site www.ic3.gov.
Concluding I find really important the providing of IC3 services, an indispensable action to reduce and prevent the increasing of cybercrimes. What is really interesting is the shortcut that these services create between law enforcement and victims allowing to promptly response to internet crime.
The time factor is essential in the fight to the internet crimes and the services provided by the Center allow inform internet community in real time also on suspect violations and frauds.
IC3 represents a perfect example on how technological services could help in the prevention and analysis of criminal activities highlighting that the real weapon against the crime is the awareness and the information sharing.
Pierluigi Paganini
A picture of the Iran threat
The situation in Iran is becoming really critic, time go by and every diplomatic solution is not realizable. We have western countries disturbed by an aggressive policy of the government in Tehran, defiant as ever, that risks trigger a dangerous situation in the Middle East undermining the unstable equilibrium of the whole area. Many time we have said that a military option has sense only if conduced in a short time, experts and scientists are convinced in fact that Iran in a couple of years will be able to build its own nuclear arsenal. In the meantime, despite the Western threats, Iran is still working on the debated nuclear program. According the revelations of an exiled Iranian opposition group Iran has some 60 scientists and engineers involved in a concerted and expanding program to develop nuclear weapons under the control of ministry of defense. Government of Teheran is rejecting any allegations about uranium enrichment program, arguing that the goals are not military but related to supplies of alternative energy. The US and Israeli intelligence officials are convinced that the program has the unique purpose to create new weapons for the Government, opinion also share with the National Council of Resistance of Iran (NCRI) that has provided to the Reuters agency a report that says:
“Information … shows that the clerical regime has expanded the organization responsible for nuclear weapons development,” “This finding reveals a complete and elaborate, and highly … secret research structure and a network for procurement of the required parts and equipment. “So far, the identities of 60 directors and experts working in various parts of the New Defense Research Organization and 11 institutions and companies affiliated with it have been detailed,”
A nuclearized Iran represents a threat to Israel’s existence, and a serious threat for all the western countries.
If the US and Israel are postponing a conventional military option, different approach has been followed in the cyberspace, the new battle field. The Obama administration has concentrated great efforts in this area especially in the last couple of year, increasing awareness on cyber threats and the related risks for the Nation. Protection of critical infrastructures is the first target of the cyber strategy but despite the great effort, too many plants and networks are still vulnerable. Countries such as China and Russia, but also the same Iran, are de fact dangerous cyber threats that can infiltrate US networks and attacks American private companies.
The alarm is high.
It is opinion of the security experts that Iran could represent a serious threat in the cyberspace, the domain where Teheran has major possibilities to deal with the American enemy. We must consider that Iranian Government is facing with international sanctions and internal dissents against central administration. The internal conflicts have created several problems to Iran that in the last year has invested a lot in web monitoring systems with the intent to control and to isolate the external infiltrations, avoiding that internal opposition could benefit of foreign collaboration and could be influenced by western cultures. The surveillance of web has became in short time a priority for Iran that could count on the cooperation of China, one of the nations to have greater experience in the field of media monitoring. We must also consider that the interest on cyberspace of Teheran has been driven by the need to protect their critical infrastructures from cyber threats developed by hostile countries. Stuxnet is considered one of the most aggressive and innovative cyber weapon that hit Iran and its nuclear program. Suddenly Iran has discovered itself vulnerable to this new type of attacks that requested an immediate commitment in cyberspace and investments in related technologies. The Iranian Government has invested more over $1 billion to improve national cyber capabilities, promoting the creation new cyber army composed by experts and young resources trained to the cyber war. The international community is convinced that Iran is one of most advanced country in cyber offense matter, it obvious to imagine that that potential could be directed against hostile countries. The cyber offense against Iran has triggered a massive engage of the country in cyber warfare, Teheran has officially declared war to the West. It’s clear that Iranian government has invested more in cyber offense capabilities than cyber defense. This imbalance is increased during the last year, evidence that Teheran is really interested to move cyber attacks against its enemies. Director of National Intelligence James R. Clapper, reporting to the Senate Select Committee on Intelligence in January, on Iranian cyber capabilities declared:
“have dramatically increased in recent years in depth and complexity.” More and more, they also appear to be directed against the United States.
Which are the cyber replies of foreign government?
It’s clear that government such as Israel and US, but also European countries, are scared by Iran capabilities, so they have also started massive cyber operation against Iran to evaluate its defense system, but also with the objective to offend strategic sector of the countries, like Oil sector. In the last week several attacks have hit the Oil industry, and in the past months many countries have approved cyber sanction against Teheran, like the prohibition of sale to Iran anti-virus systems. But the most plausible situation is that Iran and Western alliance are working on a new generation on cyber weapons. This new type of weapons represents an excellent compromise in term of costs and efficiency, but what is most interesting in this phase is the possibilities to adopt them in covert operations.
How Iran is implementing its cyber defense?
First of all they are reinforcing their infrastructures intensifying the monitoring of the web as described before with the help of historical partner. Also massaging platform have been impacted, Iran’s Minister of Communications and Technology has announced a ban on the use of foreign email services such as Gmail and Yahoo to “protect information security.” The processes implemented have moved every government web resource (e.g. critical servers and web sites) in hardened infrastructure under direct control of the regime. Second step is related to the adoption of security system, hardware and software, developed in home to avoid presence of backdoors. Next objective is the developing of a national internet aimed protecting the transfer of information and “cleansing” inappropriate content.
Giving a look to these measures it’s clear that Iran is trying to reinforce those aspects in the defense that experts have evidenced as vulnerabilities of Iran cyber forces.
At this point the question is:
Will Western military coalition attack the Iran or the battlefield will be just cyber space?
Personally I think it’s not probably an impending attack but I’m also convinced that a military option is the only viable in the absence of dialogue.
The opposition of Russia and China to a military operation is in fact blocking all operations of the Western coalition providing to the regime of Teheran precious time to organize its resources.
Another discriminant factor is the real intention of the United States and Israel to engage in a conflict far from simple. Iran may in fact hide dangers not less than those faced in wars such as Afghanistan. The Afghanistan war started in 2001, in an economic context profoundly different, in a today analysis it must be considered the global economic crisis that would prevent any government to face a potentially costly conflict and outcomes so uncertain.
It’s also true that the crisis could also accelerate a decision, Iran is one of the main oil produced and its natural resources could represent a good reason to justify a conflict although expensive.
How close are we to the point of no return?
Only the time could provide us the answer to our question.
Pierluigi Paganini
Private companies and governments agencies all around the word make huge investments for the automation of their processes and in the management of the electronic documentation.
The main requirement in the management of digital documentation is its equivalence, from a legal perspective, to paperwork, affixing a signature on a digital document is the fundamental principle on which are based the main processes of authorization and validation, apart from the specific area of application.
Main benefits for the introduction of digital signing processes are cost reduction and complete automation of documental workflow, including authorization and validation phases.
In essence, digital signatures allow you to replace the approval process on paper, slow and expensive, with a fully digital system, faster and cheaper.
Figura 1 – Digital document lifecycle
The digital signature is simply a procedure which guarantees the authenticity and integrity of messages and documents exchanged and stored with computer tools, just as in traditional handwritten signature for documents. Essentially The digital signature of an electronic document aims to fulfill the following requirements:
- that the recipient can verify the identity of the sender (authenticity);
- that the sender can not deny that he signed a document (non-repudiation);
- that the recipient is unable to invent or modify a document signed by someone else (integrity).
A typical digital signature scheme consists of three algorithms:
- an algorithm for generating the key that produces a key pair (PK, SK): PK (public key, public key) is the public key signature verification while SK (Secret Key) is the private key held by the petitioner, used to sign the document.
- a signature algorithm which, taken as input a message m and a private key SK produces a signature σ.
- a verification algorithm which, taken as input the message m, public key PK and a signature σ, accepts or rejects the signature.
To generate a digital signature is necessary to use the digital asymmetric key pair, attributed unequivocally to a person, called holder of the key pair:
- The private key is known only by the owner, it is used to generate the digital signature for a specific document;
- The public key is used to verify the authenticity of the signature.
Once the document is signed with the private key, the signature can be verified successfully only with the corresponding public key. Security is guaranteed by the impossibility to reconstruct the private key (secret) from the public, even if the two keys are uniquely connected.
Digital Signature Process
A Digital signature is a one-way hash, of the original data, that has been encrypted with the signer’s private key. A digital signature process is composed by the following steps:
- The signer calculates the hash for the data he needs to sign. The message digest is a file size small (160-bit SHA-1 now deprecated, with 256-bit SHA-256) that contains some sort of control code that refers to the document. The hash function is produced minimizing the likelihood to get the same value of the digest from different texts and is also “one way” function: this means that from calculates hash it is impossible to get back the original text.
- The signer, using his private key, encrypt the hash calculate.
- Signer sends the original data and the digital signature to the receiver. The pair (document and signature) is a signed document or a document to which was attached a signature. The document is in clear text but it has the signature of the sender and can be sent so that it can be read by anyone but not altered since the digital signature guarantees also integrity of the message.
For the verification, The receiving software first uses the signer’s public key to decrypt the hash, then it uses the same hashing algorithm that generated the original hash to generate a new one-way hash of the same data. The receiving software compares the new hash against the original hash. If the two hashes match, the data has not changed since it was signed.
Figura 2 – Digital Signature Process
The authenticity of a document can be verified by anyone decrypting the signature of the document with the sender’s public key, obtaining the fingerprint of the document, then comparing it with that obtained by applying the hash function (which is known) to the document received which was attached the signature. If the two fingerprints are equal, the authenticity and integrity of the document are demonstrated.
The signing and verification operations may be delegated to a schedule issued by the certification.
Thanks to the mechanism shown, the digital signature ensures non-repudiation: the signer of a document transmitted cannot deny having sent it and the receiver can deny to have received it. In other words means that the information cannot be ignored, as in the case of a conventional signature on a paper document in the presence of witnesses.
The advantages of digital signatures
The activation of a fully automated workflow, digital signatures, reduce time and costs associated with the signatures on paper, the latter in fact have an economic cost and create delays and inefficiencies.
An estimate provided by ARX on the basis of current data sets that each of their clients handwritten signature on a paper document to determine the company at a cost of $ 30 U.S including costs associated with paper, printing costs, of signing, scanning, forwarding, storage and regeneration of lost or missing documents. According to the study of ARX, a person authorized to sign documents marking more than 500 documents a year.
The digital signatures process is essential for the formal approval processes of every companies, a typical scenario require multiple authorization of multiple offices for each document.
Thus digital signatures allow alternate approval processes, collaboration and delivery of paper (expensive and slow), with a digital system (faster, cheaper and more efficient).This results in a number of advantages:
- improved operational efficiency, reduce cycle time and elimination of costs;
- risk mitigation, compliance assurance, data quality and long-term storage of files;
- increase the competitiveness and service levels.
Resuming, digital signatures can reliably automate the signatures of authorization allowing the elimination of paper, reducing costs and improving the speed of production processes.
By virtue of all these advantages, the digital signature can be particularly useful for:
- Government agencies in regulated sectors with workflows subject to formal approval;
- organizations must submit documents that need to be approved by various offices;
- representatives of organizations that use, or services that require commercial building and the provision of reports or contracts signed;
- Away from executives such as a signature is required to activate the processes;
- organizations which cooperate with external partners and require approval for workflows;
- Web portals with external modules that require compilation and signing.
- Note that the type of documents to which to apply the digital signature is particularly composite, and includes:
- sales proposals, contracts with customers.
- purchase orders, contracts / agreements with partners.
- contracts, agreements, acts of the board.
- leases, contracts, expense reports and reimbursement approvals.
- Human Resources: Documentation of employment of employees, presence control cards.
- Life Sciences: Questions and proposals, QC records, standard operating procedures (SOPs), policies, work instructions.
- Mechanical work: drawings, sketches, plans, instructions and relations of production.
health services: medical and patient consent forms, medical exams, prescriptions, laboratory reports.
Pierluigi Paganini
It’s happened, another group of hacker named The Unknowns has hacked several organizations, , including NASA and the U.S. Air Force, and posted evidence of their actions. The complete list has been published in a message on PasteBin:
- NASA – Glenn Research Center
- US military
- US AIR FORCE
- European Space Agency
- Thai Royal Navy
- Harvard
- Renault Company
- French ministry of Defense
- Bahrain Ministry of Defense
- Jordanian Yellow Pages
In the message published on Pastebin the group has declared war to everybody, they promised hacks against “all the other websites out there,”. Very strange the proposal that the group sent to every company requesting to be contacted by them before they will be target of their attack, they are proposing to help potential victims to fix their potential vulnerabilities.
“Contact us before we take action and we will help you, and will not release anything…. It’s your choice now.”
Always when we think to hacktivism we remind Anonymous groups, but The Unknowns have declared to fight for internet security instead internet freedom.
They desire to exploit vulnerabilities to attract media attention and force their patching.
Are we facing with “Anonymous 2″?
The groups demands its own identity and distanced himself from the most famous group Anonymous.
“We are not Anonymous Version 2 and we are not against the US Government,”
“We’re here to help and we’re asking nothing in exchange,”
The group was already responsible for a series of attacks made on April 1th and has announced new ones on May 1th via Twitter. The modus operandi is really different, The Unknowns operate to test websites and cyber infrastructure providing evidence of the any weaknesses found without releasing hacked information.
The NASA and ESA have confirmed the attacks giving more detail on the operations. An European Space Agency’s spokesperson reported to ZDNet that the hackers have used a SQL Injection Attack. On Pastebin were published also screenshots, administrator credentials and other documents. The Unknowns also posted Air Force documents to the site MediaFire and, from the NASA hack, names, addresses, e-mail addresses and employers on 736 people on Pastebin.
We can consider The Unknowns group as a “grey hat” hacker team because they operate to find exploit without malicious intentions and without providing to the public details of the vulnerabilities exploited, but we must also consider that their operation could also cause serious damage to the victims. At least in this phase the group hasn’t a politic direction and it’s only focused on its mission.
The group has promised to e-mail victims sending details of their hacks to responsibility the global security community on the management of the vulnerabilities.
“Our goal was never to harm anyone, we want to make this whole Internet world more secured because, simply, it’s not at all and we want to help,”
As usual, we make some simple reflections on the events.
Not surprisingly, certainly the genesis of groups that inspired by the famous Anonymous will emulate deeds for noble purposes, however, apparently in this case that puzzles me is the willingness of hackers to come in contact with their victims or potential victims to direct them to appropriate level of security.
All this has very little sense especially in relation to the size of the companies attacked, none of it ever come to terms with these gentlemen, for this reason I believe that unlike other groups, it consists mainly of young hackers, extremely capable, but who have little knowledge of business dynamics. If someone of The Unknown is reading he could contact me so that he can release me an interview that might clarify the real role of the group in today’s cyberspace.
Another question that comes to mind, why these folks spend time for the affirmation of security, are they motivated by other intents or we can consider them as the philanthropic of the sector? Who really lies behind these groups?
Just for the specificity of their motivation I believe that its members are keen supporters of Anonymous from which they have taken away some suggestions in terms of media approach. Phenomena such as this, which is still in an embryonic stage can go out in the bud right for immature reasons, but it can also inflame and reach dangerous dimensions thanks to the media echo that the network provides.
Time will give us more guidance.
Pierluigi Paganini
Law enforcement, FBI first, are worried by the diffusion of the Bitcoin network that could be used by groups of criminals for several activities. The main problem related to the payment system is that is completely anonymous making impossible to trace the transitions and related users.
Bitcoin is a decentralized electronic cash system that uses peer-to-peer networking, digital signatures and cryptographic proof so as to enable users to conduct irreversible transactions without relying on trust. Nodes broadcast transactions to the network, which records them in a public history, called the blockchain, after validating them with a proof-of-work system.
Starting on January 2009, the usage of Bitcoin make possible to make transition using a digital currency that hasn’t the backing of and doesn’t represent any government-issued currency.
The editorial staff of Wired has obtained a not classified document, titled “Bitcoin Virtual Currency: Unique Features Present Distinct Challenges for Deterring Illicit Activity,” prepared by the FBI related to Bitcon system.
The report highlights the difficulty made to obtain information on suspicious transaction records and the impossibility to track users that made them.
Through a peer to peer communication and the usage of cryptography, Bitcoin system implements an on line currency that allows anonymous transactions. The only part of the process that requires theoretically the identification of a subject is the step of the conversion between Bitcoins and a real currency. I said theoretically because exists many third-party Bitcoin services that don’t require customers to submit valid identification or banking information for the conversion.
Despite Bitcoin system could be regarded with suspicion by those who are accustomed to the ordinary processes of payment it is used as a legitimate form of payment by numerous online retailers selling any kind of products such as clothing, software and music.
Naturally every payments system id object of interest of criminals that desire to make profits implementing fraud schemes.
The Bitcoin payment model, due the anonymity of the transaction, is largely debated in illegal environment for the sale of illegal product and services. Underground sites like Silk Road allow users to pay using the virtual currency.
How does the system work?
Each user installs client software on his computer to generate bitcoins and manages its Bitcoin account, a unique 36-character string of numbers and letters, used in the transaction. The currency is stored on the user’s computer in a virtual “wallet.”
Transfer of bitcoins is also simple, it is necessary to address the destination account providing its account number to the client software. To guarantee the non-repudiation of the operations the sender digitally signs the transaction and sends the information to the peer-to-peer Bitcoin network, which validates the transaction and releases the coins for the receiver.
Each bitcoin is similar to a certificate that is associated in a not repudiable way to the individual that has exchanged it using a an digital signing process. Transferring a bitcoin to another individual, the signature encryption related to the coin is passed to the new user and is store in its wallet.
Core of the entire architecture are programs called miners that take into account the number of Bitcoins transactions to give a quotation for the currency, miners are similar to the Federal bank that analyze the circulation of the money to prevent phenomenon of inflation or deflation.
The Bitcoin economy according the FBI report is amazing, considering a quotation of about $4 and $5 per bitcoin and a total amount of more than 8.8 million bitcoins in circulation, we are facing with an economy of worth between $35 million and $44 million, really desirable for the cybercrime.
FBI is really concerned regarding the usage of Bitcoin for illegal activities, in the report is reported:
“If Bitcoin stabilizes and grows in popularity, it will become an increasingly useful tool for various illegal activities beyond the cyber realm,” the FBI writes in the report. “For instance, child pornography and Internet gambling are illegal activities already taking place on the Internet which require simple payment transfers. Bitcoin might logically attract money launderers, human traffickers, terrorists, and other criminals who avoid traditional financial systems by using the Internet to conduct global monetary transfers.”
Despite analyzing Bitcoin transaction records publicly available is possible to retrieve sensible information related to the source and destination of the payments and to the bank account information or shipping addresses, the FBI enumerated several ways to protect user anonymity:
- Create and use a new Bitcoin address for each incoming payment.
- Route all Bitcoin traffic through an anonymizer.
- Combine the balance of old Bitcoin addresses into a new address to make new payments.
- Use a specialized money-laundering service.
- Use a third-party eWallet service to consolidate addresses. Some third-party services offer the option of creating an eWallet that allows users to consolidate many bitcoin address and store and easily access their bitcoins from any device. Individuals can create Bitcoin clients to seamlessly increase anonymity (such as allowing users to choose which Bitcoin addresses to make payments from), making it easier for non-technically savvy users to “anonymize” their Bitcoin transactions.
No one is safe
Of course the statement “No one is safe” is also valid for cyber criminals, their great enemies are also groups of hacker who are specializing in the theft of this digital currency. In the past, hackers have already implemented malware, such as Infostealer.Coinbit, able to steal bitcoin from the e-wallet installed on the infected machine.
Another sensible problem that affect the Bitcoin payment model is the counterfeiting of bitcoin, or better saying the possibility to auto produce bitcoins in illegal way. This opportunity is of great interest, according official source of FBI hackers and criminals have already tried to compromise cluster of machines at an unidentified Midwestern university in an attempt to manufacture bitcoins.
Conclusions
Bitcoin and other payment systems peer2peer have introduced a revolutionary and uncomfortable concept of decentralization of the currency. The concept is at odds with the monopoly power of governments that are the only holders of the issue of currency, such a system puts into question the legitimacy of monetary policies in a global and digital economy.
The complete control of the monetary system allows governments to define the price of money by controlling the market. The real danger of digital money, above the vulnerabilities in its processes, is the impossibility for the governments to exert control over financial flows, this could lead to a distortion of the main mechanisms of control and taxation, bringing total chaos in a market already in disarray and promoting the development of illegal activities through the coverage of cash flows.
The real problem is:
Is any individual able to exercise full control of its currency?
I remind the answer to you …
Pierluigi Paganini
In recent days I have discussed the increasing tension between China and the Philippines for a territorial dispute and related effects which have had significant repercussions in cyber space. Just the Asia-Pac region is among those area that are of main concerns in its military and cyber warfare.
This time to discuss is the historical tension between the two Koreas, we remind all the military exercises that North Korea has made last month testing and launching new missiles.
Despite the arms race the experts are convinced that North Korea will adopt a different strategy to stress the South Korea, it will not use conventional weapons but they will increase offensive operations in the cyber space.
Kim Jong-dae, editor in chief of the military defense journal Defense 21+, reported to the Press TV:
“North Korea might provoke South Korea by attacking the navy or islands in the west sea or they could launch a cyber attack to disturb South Korean society.”
The discussion follows the recent attacks that hit South Korea and its satellite structures, the country in fact reported communication interferences caused by jamming of signals in commercial flights and ships with navigation system. A large number of cyber attacks have hit South Korea from North Korea near its border affecting the GPS navigation for passenger aircraft, ships, and in-car navigation.
Fortunately no accidents have been attributed to jammed navigation signals aboard 337 commercial flights in and out of South Korean international airports, on 122 ships, including a passenger liner carrying 287 people and a petroleum tanker.
This is not the first time, South Korea faced with same type of attacks in March 2011, and in August and December of 2010. According the South Korean Defense Ministry the country is adopting anti-jam programs to counter the attacks. The Communications Commission deputy director declared that they have traced the jamming signals to the direction of Kaesong, 10 kilometers from the border between the two countries, and roughly 50 kilometers from downtown Seoul, Incheon International Airport, and the Yellow Sea. Is not clear who is providing jamming technology to North Korea, the likely suspects are Russia and China.
A defector has declared that North Korea has increased its cyber warfare unit to staff 3,000 people and it is massive training its young prodigies to become professional hackers.
Intelligence sources in South Korea believe that the Nation has a large a cyber force that responds to the command of the country’s top intelligence agency, the General Reconnaissance Bureau.
According the revelation of Army General James Thurman, the commander of US Forces Korea, the government of Pyongyang is massive investing in cyber warfare capabilities, recruiting and forming high skilled team of hackers. A defector has declared that North Korea has increased its cyber warfare unit to staff 3,000 people and it is massive training its young prodigies to become professional hackers.
Groups of hackers could be engaged in offensive cyber operation against hostile government and in cyber espionage activities.
Analyzing the events is clear that the situation in that area is becoming difficult to manage and it is necessary the intervention of the major countries like US and China, for this reason Leon Panetta, United States Secretary of Defense, and Chinese Defense Minister Liang Guanglie has an official meeting.
“The United States and China are powers in the Pacific and our goal is to establish a constructive relationship for the future,” Panetta said. “It is essential for our two nations to communicate effectively on a range of very challenging issues.”
Regarding the cyber capabilities of the countries Panetta said:
“But because the United States and China have developed technological capabilities in this arena it’s extremely important that we work together to develop ways to avoid any miscalculation or misperception that could lead to crisis,”
In that occasion the Chinese representative refused any accusation of cyber operations against US, Panetta reiterated that many countries and hackers were involved in cyber attacks on the United States and China.
Other worrying situations discussed during the meeting at the Pentagon were the evolution of North Korea’s nuclear programs, U.S. missile Defense efforts, U.S. arms sales to Taiwan and territorial dispute between China and Philippines.
Official sources declared that US is really worried about Chinese development of conventional weapons and cyber weapons, a senior U.S. Defense official said:
“We’d like to be able to understand a little bit more about why the Chinese are investing in this very robust and rapid military modernization program given the security environment that we see in the Asia-Pacific today, which is a region that’s at peace,”
On the other side China is concerned about US strategic and its interferences in the Asia-Pacific region, that is why meeting like this are really important for the future equilibrium in a critical area such as in the cyberspace.
The situation is complex, because while the dialogue continues between the main protagonists, at least in cyberspace, the hostilities did not cease. The U.S. still blames China for major attacks on their computer networks, China continues to pursue a policy to protect America’s historical enemies, like Iran and North Korea itself, supporting them technologically and US still making massive investing in the production of new cyber weapons.
At least in cyber space, peace is far.
Pierluigi Paganini
