Paranoid Technology All things cybersecurity


Initial Thoughts on WikiLeaks Vault 7 Leak Series

WikiLeaks issued a Press Release yesterday  announcing a new series of leaks from the CIA that they code named "Vault 7", claiming that it is the largest classified information leak from the agency.  The way the documents are distributed makes it difficult to confirm authenticity, but historically where there is smoke there is fire, and later releases may provide more proof. A quick glance reveals it is the continuum of the joint operation between the US and the UK – showing that the CIA has created an internal hacking capability for delivering signals intelligence and tailored access capabilities that rivals that of the NSA.  Exploit sets range from Android, iOS smartphones to Samsung TVs, Linux, Mac, Windows 0 day attacks and more.

What is also interesting is, it shows the distrust between the agencies...

From a review of the documents, the scale and scope of the CIA's hacking ability is significant – as WikiLeaks describes:

“By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other "weaponized" malware. Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its "own NSA" with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.”

What is targeted? Pretty much everything that is connected…


Windows Family OS Infection Rates

Are you a Windows user? Or do you run any Windows systems in your environment? Here is some insightful data on what exploit types are detected by Windows OS's malware detection software:os-infection-rates

For the original article by Tim Rains - checkout the Microsoft Security  Blog.


“Olympic Games” to include Cyber Warfare ;-)

Who knew?!! Stepped up by President Obama apparently "Olympic Games" was the code name for the cyber warfare program initiated under President Bush. According to the experts the program caused havoc at the Iranian nuclear facilities in Natanz and set back Iran in its enrichment efforts about 18 months to 2 years. It is not clear at this time if Iran is working on some retaliatory cyber weapon, but if not Iran someone else will attack our infrastructure sometime soon - and the utilities companies should seriously consider spending some major cash on fortifying systems that are on the field.

Read the article at NY Times.


On Flame Computer Virus

Have you heard about Stuxnet the sequel; Flame!?? It is a 20MB in size, modular computer malware used for industrial espionage in the Middle East; there are also some sightings of it in Europe. Here is a bit from Kevin Mitnick on Flame - Even though he mispronounces nuclear - it is good to hear from him after a while!


CrowdStrike Reveals Their Exploit in RSA 2012

Remember our post on New Android Remote Exploit by the stealth security company CrowdStrike? Well they just announced at RSA 2012 in San Francisco - Attack in summary takes over your phone by SMS phishing, tricks the user to download an exploit from a remote site. And the exploit forces the phone to reboot - essentially takes takes over the phone allowing the attacker fully control the device remotely. See the video below:


Google Bouncer

In the shadow of ever increasing mobile threats on February 2nd Google announces a program code named Bouncer - Bouncer aims to scan the Android app market and detect applications that can disrupt a user's Android experience. In this announcement Google emphasizes avoiding a manual approval process is very important to them, hence the automated program. Here’s how it works:


802.1X password exploit on many HTC Android devices

A new vulnerability discovered shows that it is possible to gain access to a user's wireless username and password. This vulnerability discovered by Bret Jordan and Chris Hessing on February 1, the CERT already issued a vulnerability entry in its database... In his blog Bret said:


More on Symantec’s pcAnywhere

In an earlier post "Symantec admits being hacked in 2006" we have covered the pcAnywhere source code breach. Yesterday Symantec took some solid steps to remediate the potential problems and urged its customers not to uninstall the software. In an updated pcAnywhere security whitepaper Symantec stated:
"To limit risk from external sources, customers should host remote sessions via secure VPN tunnels, instead of using pcAnywhere Access Server.



Cridex Trojan breaks Yahoo Captcha

And it has happened, captcha is proven not to be so bot proof after all. A Trojan named Cridex was able to crack Yahoo E-mail's captcha in 6 attempts... See the video of the bot in action (courtesy of Websense Labs):