Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “Password Hashes Among Massive 1.6M Leaked Records”, 2) “ExploitHub Exploited”, and 1) “Leaked ITU DPI Document Available for Download”. If you missed anything or happened to be offline, we hope you find this summary post useful as a quick reference.
A la Schneier … you can also use this rewind post to talk about the security stories in the news that we haven’t covered.
U.S. Intelligence Reviewing Cyber Espionage from Abroad: The group of spy agencies, known as the Intelligence Community around the DC beltway, are completing their first detailed review of U.S. financial losses as a result of international cyber-spying against American targets, including an attempted attack against the group creating this report. This National Intelligence Estimate will also try to determine to what extent the Chinese government was involved in coordinating or directing cyber attacks on the U.S. Although intelligence analysts debate the extent of the China’s involvement, the CIA and National Security Agency have traced cyber attacks back to Chinese military and intelligence agencies. The study is expected to be out early next year. What do you predict will come out of this review? Post your comments below. (continued here)
Leaked ITU DPI Document Available for Download: Here’s a fun find for a Saturday morning… Apparently the ITU DPI document is available for download from the folks over at AnonPaste. Earlier this week we discussed reports that the super-secret ITU DPI document was leaked to news outlets however up to that point no one had published the document. (continued here)
STIX & Stones: New Draft Standard for Intel Sharing: Mitre has developed a new draft standard called Structured Threat Information eXpressions (STIX). The framework focuses on making intel-sharing “wire-speed,” allowing defenders to more quickly react to threats. The initial version, an XML Schema, consists of eight components, including Indicator, Incident, Exploit Target, Campaign, and Threat Actor. Mitre’s early goal is to create a common language that would allow systems to seamlessly share this threat data with each other. What do you think about STIX? Post your comments below. (continued here)
ExploitHub Exploited: Pretty fascinating turn of events for the popular exploit seller ExploitHub.com… A hacking collective, known as Team Inj3ct0r, penetrated their website and grabbed a number of private exploits worth almost $250,000. A vulnerable version of the Magento eCommerce software seems to be the culprit. Interestedly, the hackers posted the data over on a competing website 1337day.com. According to a post on ZeroSecurity.org, most of the leaked exploits are for Oracle however some of the other effected companies or products include CA, Novell, Trend Micro, Symantec, Opera, and Lotus Domino. Both the ZeroSecurity post above and the eHackingNews article below provide links more details on the hack. (continued here)
Password Hashes Among Massive 1.6M Leaked Records: In case you missed it there seems to be a massive leak of records by a hacker collective known as Team GhostShell. The effort, dubbed ProjectWhiteFox, affects a number of sectors including government and the military. In terms of DC-related organizations a number of the records came from NASA, the FBI, and General Dynamics. Cyber War News is of course on top of the leak and includes a link to the requisite PasteBin dump. Does anyone happen to know the hash algorithms used? Let us know in the comments below. (continued here)
Was This FBO the Beginning of Cyber War?: Yeah … yeah … yeah … probably not but it’s interesting to see that our government (or at least the US Marines) may have been way ahead of their time. We often think of governments being way behind as compared to the more agile commercial world but this isn’t always true. (continued here)
Ex-Admiral Personal Computer Targeted: Heard this story over the weekend on WTOP but it seemed relevant… Apparently someone was targeting an ex-admiral’s personal computer in hopes of gaining access to some juicy details. Of course the investigation points to China however there is nothing conclusive as usual. We think the best quote is from the Chinese Embassy spokesman in DC. He told the paper reporting this story that “his government prohibits cyber attacks.” (continued here)
ExploitHub Official Statement: The ExploitHub folks have put out an official response to the news of their web site being hacked. According to the post on Facebook they basically admitted their fault regarding a bad configuration on their web server and noted that what was stolen was just a list of exploits and associated product information. No actual exploits were stolen as they reside on a separate server and there is no indication that that server was affected. What are your thoughts on ExploitHub’s response to this breach? Post your comments below. (continued here)
Full Disclosure: It’s Just Good Customer Service: NoVA native @taosecurity tweeted an interesting article earlier today about new legislation that could affect the security reporting requirements of defense contractors. The legislation, introduced by John Levin as an amendment to the defense budget, would require them to disclose to the Pentagon when they’ve fallen prey to spies and malicious hackers. A lot of government data often exists on contractor networks so any breach could potentially result in the leaking of this information. Do you think defense contractors should be required to disclose when they have been hacked? Post your comments below. (continued here)
Niagara AX Framework Software Compromised: Looks like undocumented backdoors have led to another breach… This time the culprit seems to be older versions of the Niagara AX Framework software used by an unnamed company in New Jersey. With no firewall to block external access, malicious hackers were able to gain access to the HVAC system and interact with a GUI that provided floor plan layouts of various offices. Beyond its various environmental control functions, organizations can also configure the Niagara software to manage surveillance systems. This particular security breach is significant since the same software is installed in over 300,000 organizations throughout the world, including the Pentagon, FBI, IRS, and other government agencies. Do you think the Pentagon, FBI, and other government organizations are affected by this backdoor? Post your comments below. (continued here)
Hope everyone had a wonderful week. Have a great weekend!