A hacked page on PBS’s site announces the perpetrators.
What’s the News: On Sunday night, PBS found itself the victim of a cyber attack by the group LulzSec, which hacked PBS’s site in retaliation for a Frontline episode about WikiLeaks whose tone they found unfavorable. The first evidence? A post on the NewsHour blog alleging that rapper Tupac Shakur, who died in 1996, was still alive and well in New Zealand. PBS responded quickly, but as late as Monday night at about 5:50 pm, according to Boing Boing, LulzSec still had access to the site. Their motivation, the group says in an interview with Forbes, is a mixture of “lulz and justice.”
Stuxnet seems to become scarier every time you hear about it. The sophisticated piece of malware came to the world’s attention in September; shortly thereafter we heard that it was perfectly designed to attack nuclear centrifuges, and in fact had disrupted some nuclear research in Iran. Now comes more news about how it works, and who might be using it next.
The security group Symantec has been trying to analyze and understand the waves of Stuxnet attacks against Iran, and now its researchers have found the base of the attacks, according to Symantec’s Orla Cox.
The new research, which analysed 12,000 infections collected by various anti-virus firms, shows that the worm targeted five “industrial processing” organisations in Iran. “These were the seeds of all other infections,” said Ms Cox. The firm was able to identify the targets because Stuxnet collected information about each computer it infected, including its name, location and a time stamp of when it was compromised. [BBC News]
Though Symantec isn’t naming the five targets in Iran, another security expert studying Stuxnet’s code, Ralph Langner, told CNET the likely target of the whole attack was the Natanz nuclear enrichment plant.
Over the last two years (and perhaps as long as four), hackers probably based in China have been targeting several huge multinational energy companies and using long-established techniques to extract information. That’s according to the computer security firm McAfee, which helped some of the companies fight back against the ongoing wave of attacks it has dubbed “Night Dragon.”
“We have confirmed that five companies have been attacked,” said Dmitri Alperovitch, McAfee’s vice president for threat research. He said he suspected that at least a dozen companies might have been affected by the team of computer hackers seemingly based in Beijing and who appeared to work during standard business hours there. “These people seemed to be more like company worker bees rather than free-spirited computer hackers,” he said. “These attacks were bold, even brazen, and they left behind a trail of evidence.” [The New York Times]
In a blog post about the attacks, McAfee CTO George Kurtz notes that the hackers took advantage of techniques that have been around for more than a decade. In fact, he says, their simplicity helped them to evade security software.
During the last two years — and up to four years — the hackers had access to the computer networks, focusing on financial documents related to oil and gas field exploration and bidding contracts, said Alperovitch. They also copied proprietary industrial processes. “That information is tremendously sensitive and would be worth a huge amount of money to competitors,” said Alperovitch. [Reuters]
When last we covered the hacking group Anonymous, its members were trying to bring down the websites of companies like PayPal and Mastercard that had withdrawn support from WikiLeaks under government pressure. Now hackers have a new political target: Groups like Anonymous are launching attacks to bring down government websites in Egypt and Yemen as a show of solidarity with the protesters there.
The website of President Ali Abdullah Saleh has become inaccessible as Yemenis stage anti-government protests. It follows attacks on the websites of Egypt’s ruling party and ministry of information this week. Last month Anonymous shut down some Tunisian websites, including the government’s official site. [BBC News]
Anonymous managed to bring down the Ministry of Information site in Egypt, as well as that of President Hosni Mubarak’s National Democratic Party. As was the case during the war over WikiLeaks, Anonymous hackers’ primary weapon has been distributed denial of service attacks.
Today WikiLeaks founder Julian Assange, wanted in connection with sex-related charges in Sweden, turned himself in to the police in London. And while Assange’s personal troubles escalate, so does the online war over WikiLeaks.
Last week came the cyber attack against WikiLeaks.org, which hacker “Jester” claimed to have organized.
On his blog, Jester describes himself as a”hacktivist for good” and someone who is “obstructing the lines of communication for terrorists, sympathizers, fixers, facilitators, oppressive regimes and other general bad guys.” [Los Angeles Times]
That disrupted the site’s operation and left WikiLeaks scrambling. But this week the tide of hacking has turned: Hackers operating under the names Operation Payback or Anonymous are targeting sites that have withdrawn support from WikiLeaks during the current controversy.
Noa Bar Yossef, senior security strategist for Imperva, commented via e-mail to say, “Operation Payback’s goal is not hacking for profit. In the classical external hacker case we see hackers grab information from wherever they can and monetize on it. In this case though, the hackers’ goal is to cripple a service, disrupt services, protest their cause and cause humiliation. In fact, what we see here is a very focused attack – knocking the servers offline due to so-called ‘hacker injustice’.” [PC World]
While a certain bacterium that can thrive in arsenic has dominated the science press this week, the big story in the world at large is on the ongoing WikiLeaks saga. The release of an enormous trove of confidential documents from the U.S. State Department has provoked plenty of fall-out: there’s governmental embarrassment and anger, and WikiLeaks founder Julian Assange is now wanted in Sweden on alleged sex crimes. But we’re most interested in how the never-ending story touches several science and tech stories, some of which have unraveled here on 80beats.
Get That DNA
One embarrassing revelation of the leaked diplomatic cables was that American diplomats were supposed to be part spy; they were asked to try to gather genetic material from foreign governmental officials. Once the cables leaked, the State Department couldn’t exactly deny that this happened, but it now says that these suggestions came from intelligence agencies. And relax—the requests were voluntary.
A senior department official said the requests for DNA, iris scans and other biometric data on foreign government and U.N. diplomats came from American “intelligence community managers.” The official said American diplomats were free to ignore the requests and that virtually all do. [Washington Post]
China Source of Google Hack
Early in 2010 we reported on the large cyber-attack against Google. Though rumors swirled, the Chinese government denied its involvement; the country and the search engine giant went through months of tension before arriving at a truce in the summer. According to WikiLeaks, leaders of the Chinese Communist Party were directly connected to the hack.
China’s Politburo directed the intrusion into Google’s computer systems in that country, a Chinese contact told the American Embassy in Beijing in January, one cable reported. The Google hacking was part of a coordinated campaign of computer sabotage carried out by government operatives, private security experts and Internet outlaws recruited by the Chinese government. [The New York Times]
The hack that stole the email addresses of iPad users wasn’t even a hack in the truest sense, security experts are saying today. The Goatse Security team that pulled off the feat simply overpowered bad software.
The story broke yesterday that a leak in AT&T’s security had given away the email addresses of more than 100,000 people, including some of the famous and influential who were first to adopt the tablet—Diane Sawyer, New York Mayor Mike Bloomberg, and even White House Chief of Staff Rahm Emanuel.
The specific information exposed in the breach included subscribers’ email addresses, coupled with an associated ID used to authenticate the subscriber on AT&T’s network, known as the ICC-ID. ICC-ID stands for integrated circuit card identifier and is used to identify the SIM cards that associate a mobile device with a particular subscriber [Gawker].
Sticking accelerator pedals were just the beginning. Soon you might lose control of your car not because of a technical failure, but because someone hacked into it from afar.
Tomorrow at a security conference in California, Stefan Savage and his team will present their research showing how they used the computer systems that oversee different systems in a car to break in and take control—braking and accelerating against the driver’s will.
The researchers concentrated their attacks on the electronic control units (ECUs) scattered throughout modern vehicles which oversee the workings of many car components. It is thought that modern vehicles have about 100 megabytes of binary code spread across up to 70 ECUs [BBC News].
Months after the hack heard ’round the world, the independent review is finished. A panel of 11 led by the University of Oxford’s Lord Oxburgh investigated the Climatic Research Unit at the University of East Anglia, whose researchers were accused of manipulating data based on information gleaned from thousands of stolen emails. The panel’s conclusion: The scientists did not intentionally distort the truth, though their statistical rigor leaves something to be desired.
“We saw no evidence of any deliberate scientific malpractice in any of the work of the Climatic Research Unit and had it been there we believe that it is likely that we would have detected it,” says the Oxburgh report. “Rather we found a small group of dedicated if slightly disorganised researchers who were ill-prepared for being the focus of public attention” [Nature]. This conclusion came after interviewing people within the organization and combing through the data in 11 of the center’s peer-reviewed papers published over the span of 22 years.
Despite burning curiosity, I have no idea what the Dalai Lama writes in his personal emails. But somewhere in China, hackers know.
China-based hacking operations have moved from murmurs to the front page since the fracas between the Chinese government and Google flared up three months ago. Besides the communist government’s flagrant and unapologetic Internet censorship, the search giant also accused China of harboring hackers who were behind politically motivated cyber attacks, like the targeting of Chinese human rights activists’ Gmail accounts. This week, computer security experts at the Munk School of Global Affairs at the University of Toronto announced that they’ve been trailing a group of China-based attackers they dub the “Shadow Network” for eight months. And they say they can show that those hackers have stolen a plethora of politically sensitive materials.
The intruders breached the systems of independent analysts, taking reports on several Indian missile systems. They also obtained a year’s worth of the Dalai Lama’s personal e-mail messages. The intruders even stole documents related to the travel of NATO forces in Afghanistan [The New York Times]. They also took political documents that outlined India’s concerns about its relations with Africa, Russia, and the Middle East. The core servers for the operation seem to be based in the city of Chengdu in southwest China.