Malware Attacks Hit News Websites – Foretelling Cyber False Flag?

• Subscribe to PCF Networked Blog Daily Updates 
• Subscribe to our Twitter / Google / Yahoo Daily Updates

Malware alerts struck the web last night and this morning, in a preview of what Internet users have to look forward to once the real cyber false flag hits the Net.  Real and fake malware will create chaos, as users get blocked from their favorite websites.

Regular visitors to BIN may have noticed that we had some of those cute red screens courtesy of your browsers (Safari, Chrome and Firefox) on our site last night and this morning alerting you that "you'd better not go there".

The Google Chrome malware warning from BIN late last night.  Firefox and Safair had similar dire warnings for these sites.

Outages were reported at many popular sites, including ZD Net, CNET, Glenn Reynold's popular Instapundit, etc.  Here's a report from ZD Net that covered their end of things.  Facebook is running behind, they are still showing warnings for some sites, including BIN.  The BIN site is completely clean at this time, according to Google.

 

Here's a screen grab from Instapundit:

Has anyone else noticed what's happened to the internet?  Sites with edgy alternative content or conservative points of view get hacked more often, and in this case not hacked, but effectively taken down by scary looking warning messages.  This type of censorship has been going on for years with email.  If you want to keep a lid on the news, you just signup for a site's email, then send it to one of the 50 self appointed "spam police" sites and they'll blacklist a site.  It usually takes a day or two for things to return to normal and get off the blacklist and by then the damage is done.  The same thing is now happening to web sites.

There's only one way around this, a new way to communicate and get news and information using the internet.  We've been developing it for a year and it's going to be what we think is a very good alternative to insecure email and chat programs, as well as providing a way to view web content without surfing around for it.

Before its news

Pakistan Cyber Force

Follow PCF on Facebook

Follow PCF on Twitter

22 Forbidden Places to be Displayed on Google Maps

• Subscribe to PCF Networked Blog Daily Updates 
• Subscribe to our Twitter / Google / Yahoo Daily Updates

1. Baker Lake Inuit territory in northern Canada

A man who identified himself as "Dr. Boylan," says the darkened area in this image and in some other locations, hiding extraterrestrial beacons aliens.

2. Air base Ramstein, Germany

This NATO air base is the starting point for the forces of "Operation Iraqi Freedom" and, for that reason, of course, can be a target for terrorist attacks. This may explain why the object is partially cut out of Google Maps.

 

3. Pacific Northwest, USA

What exactly we do not see in this photo? This place is located near the border of the states of Washington and Oregon. Enthusiasts have personally inspected the place and found nothing remarkable, except for a sinister-looking fence and no marked entrance.

 

 

4. Refinery Szazhalombatta, Hungary

This is one of the most bizarre specimens censorship in Google Maps - this place is painted green. Area of ​​the plant is removed, the buildings are erased, and all you can see is green.

 

5. Palace Huis Ten, The Netherlands

It is difficult to imagine that the Dutch royal family could be a prime target for a mad terrorist, but the Royal Palace Huis Ten remains blured on Google Maps when viewed from any angle. (However, the surrounding area and the trees can be seen at close increases with crystal clarity, so not sure what the point is.

6. Unknown area, Russia

No one knows what lies in the region. One view - that there is a "radar or missile interception system," and some say that a picture is inserted surrounding area from another region of Russia.

7. Oil Corporation Mobil, Buffalo, New York, USA

Some have criticized the company Mobil Buffalo for blurring the pictures, saying that oil companies are not much of interest to terrorists. On the other hand, we do not know what the terrorists think themselves.

8. North Korea

You will not see it on Google Maps, since the whole country exists in the pictures, but no road markers, street names or any other identifying details.

9. Airbase at Reims, France

The reasons that this air base locked into Google Maps, are unknown.

 

10. Indian Point Power Plant, New York, USA

According to experts in the field of energy, the plant is not strong enough to withstand an earthquake, such as the one recently destroyed Japan, and if earthquake is to happen, the consequences could be devastating.

11. Volkel Air Base, Netherlands

WikiLeaks published diplomatic correspondence, which confirms the presence of nuclear weapons on the territory of the base, perhaps that's why it is blurred.

12. HAARP, Hakon, Alaska, USA

HAARP (The research program of high-Northern Lights) - this is one of the most controversial operations, which is currently being conducted in the United States. Hakon, space research, and ongoing experiments there with the ionosphere, some conspiracy theorists are sure that this place is the cause of anything - from floods to earthquakes, but the evidence for this is very small.

13. Mazda Raceway Laguna Seca, Salinas, California, USA

This is one of the most bizarre examples of censorship in Google Maps: Raceway Laguna Seca in Salinas, California. The strange thing in this is the fact: it is obviously harmless racetrack.

14. Babylon, Iraq

While the surrounding area is perfectly visible, the city of Babylon in pictures is blurred. One could argue that this is somehow related to the local rebels.

15. Tantauco National Park, Chile

For some reason, this reserve of endangered species completely excised from Google Maps, nobody can explain why.

16. Elmira Correctional Facility, USA

This is the highest level prison in upstate New York. Perhaps, after the riots in Attica prison, and several incidents of uprisings and mass escapes around the world, the authorities can really worry about the possibility of escape by helicopter.

17. Alexei Miller House, Russia

According to Wikipedia, this place is a "private palace of Gazprom CEO Alexei Miller."

18. Colonel Sanders

This is the strangest fact of Google: Colonel Sanders, the person on Kentucky Fried Chicken, does not appear in a single shot of Google Street View. This is because, according to representatives of Google, that

blurred at any pictures.

19. Faroe Islands, Denmark

It is believed that in this area there are some military installations.

20. NATO headquarters, Portugal

Random grass is placed over the building. nobody knows why for sure.

21. Seabrook Nuclear Station, New Hampshire

22. Missile silos, Spain

According to one researcher, "At this place there is a small building with something resembling a missile silo in the middle. What's strange - this zone is not locked in Yahoo! Maps, but Google Maps still blur it.

Pakistan Cyber Force

Follow PCF on Facebook

Follow PCF on Twitter

’Red October’: Global Cyber-Spy Network Uncovered by Russian Experts

• Subscribe to PCF Networked Blog Daily Updates 
• Subscribe to our Twitter / Google / Yahoo Daily Updates

A sophisticated cyber-espionage network targeting the world’s diplomatic, government and research agencies, as well as gas and oil industries, has been uncovered by experts at Russia’s Kaspersky Lab.

The system’s targets include a wide range of countries, with the primary focus on Eastern Europe, former Soviet republics and Central Asia – although many in Western Europe and North America are also on the list.

“The majority of infections are actually from the embassies of ex-USSR country members located in various regions such as Western Europe and even in North America – in the US we have few infections as well. But most infections are concentrated around Russia,” Vitaly Kamluk, chief malware expert at Kasperky Lab, told RT, adding that in Europe, the hardest-hit countries are apparently Beligum and Switzerland.

In addition to attacking traditional computer workstations, ‘Rocra’ – an abridgment of ‘Red October,’ the name the Kaspersky team gave the network – can steal data from smartphones, dump network equipment configurations, scan through email databases and local network FTP servers, and snatch files from removable disk drives, including ones that have been erased.

Unlike other well-known and highly automated cyber-espionage campaigns, such as ‘Flame’ and ‘Gauss,’ Rorca’s attacks all appear to be carefully chosen. Each operation is apparently driven by the configuration of the victim’s hardware and software, native language and even document usage habits.

The information extracted from infected networks is often used to gain entry into additional systems. For example, stolen credentials were shown to be compiled in a list for use when attackers needed to guess passwords or phrases.

The hackers behind the network have created more than 60 domain names and several server hosting locations in different countries – the majority of those known being in Germany and Russia – which worked as proxies in order to hide the location of the ‘mothership’ control server.

That malicious server’s location remains unknown, but experts have uncovered over 1,000 modules belonging to 34 different module categories.While Rocra seems to have been designed to execute one-time tasks sent by the hackers’ servers, a number of modules were constantly present in the system executing persistent tasks. This included retrieving information about a phone, its contact list, call history, calendar, SMS messages and even browsing history as soon as an iPhone or a Nokia phone is connected to the system.

The hackers’ primary objective is to gather information and documents that could compromise the security of governments, corporations or other organizations and agencies. In addition to focusing on diplomatic and governmental agencies around the world, the hackers also attacked energy and nuclear groups, and trade and aerospace targets.

No details have been given yet as to the attackers’ identity. However, there is strong technical evidence to indicate that the attackers are of Russophone origins, as Russian words including slang have been used in the source code commentaries. Many of the known attacks have taken place in Russian-speaking countries.

“It is bound to Russian language. We are currently uncertain which country is responsible for creating these malicious applications, but we are most certain the developers picked the Russian language. It is visible from the text links we extracted from the application. Some of them point to Russian origin. For example, the word used inside of the malware the word is ‘zakladka.’ In Russian it means a bookmark, or under cleared functionality it can refer to a backdoor functionality in some legitimate software. So that’s why we believe this work was used by Russian-speaking developers,” Kamluk told RT.

The hackers designed their own authentic and complicated piece of software, which has its own unique modular architecture of malicious extensions, info-stealing modules and backdoor Trojans. The malware includes several extensions and malicious files designed to quickly adjust to different system configurations while remaining able to grab information from infected machines.

These included a ‘resurrection’ module, which allowed hackers to gain access to infected machines using alternative communications channels and an encoded spy module, stealing information from different cryptographic systems such as Acid Cryptofiler, which has reportedly been used since 2011 by organizations such as NATO, the European Parliament and the European Commission.

The first instances of Red October malware were discovered in October 2012, but it has been infecting computers since at least 2007, Kaspersky Lab reported. The firm worked with a number of international organizations while conducting the investigation, including Computer Emergency Readiness Teams from the US, Romania and Belarus.

The EU is attempting to counter the huge rise in cyber-espionage by launching the European Cybercrime Center, which opened on Friday.

Pakistan Cyber Force

Follow PCF on Facebook

Follow PCF on Twitter

Google starts watching what you do off the Internet too

• Subscribe to PCF Networked Blog Daily Updates 
• Subscribe to our Twitter / Google / Yahoo Daily Updates

The most powerful company on the Internet just got a whole lot creepier: a new service from Google merges offline consumer info with online intelligence, allowing advertisers to target users based on what they do at the keyboard and at the mall.

Without much fanfare, Google announced news this week of a new advertising project, Conversions API, that will let businesses build all-encompassing user profiles based off of not just what users search for on the Web, but what they purchase outside of the home.

In a blog post this week on Google’s DoubleClick Search site, the Silicon Valley giant says that targeting consumers based off online information only allows advertisers to learn so much. “Conversions,” tech-speak for the digital metric made by every action a user makes online, are incomplete until coupled with real life data, Google says.

“We understand that online advertising also fuels offline conversions,” the blog post reads. Thus, Google says, “To capture these lost conversions and bring offline into your online world, we’re announcing the open beta of our Conversions API for uploading offline conversion automatically.”

The blog goes on to explain that in-store transactions, call-tracking and other online activities can be inputted into Google to be combined with other information “to optimize your campaigns based on even more of your business data.” When on-the-Web interactions start mirroring real life activity, though, even a certain degree of privacy doesn’t make Conversions API any less creepy. As Jim Edwards writes for Business Insider, “If you bought a T shirt at The Gap in the mall with your credit card, you could start seeing a lot more Gap ads online later, suggesting jeans that go with that shirt.”

Of course, there is always the possibility that all of this information can be unencrypted and, in some cases, obtained by third-parties that you might not want prying into your personal business. Edwards notes in his report that Google does not explicitly note that intelligence used in Conversions API will be anonymized, but the blowback from not doing as much would sure be enough to start a colossal uproar. Meanwhile, however, all of the information being collected by Google — estimated to be on millions of servers around the globe — is being handed over to more than just advertising companies. Last month Google reported that the US government requested personal information from roughly 8,000 individual users during just the first few months of 2012.

“This is the sixth time we’ve released this data, and one trend has become clear: Government surveillance is on the rise,” Google admitted with their report.

Pakistan Cyber Force

Follow PCF on Facebook

Follow PCF on Twitter

YES! The FBI & CIA can read your Emails. Here's how

• Subscribe to PCF Networked Blog Daily Updates 
• Subscribe to our Twitter / Google / Yahoo Daily Updates

“Petraeus-gate,” some U.S. pundits are calling it. How significant is it that even the head of the CIA can have his emails read by an albeit friendly domestic intelligence agency, which can lead to his resignation and global, and very public humiliation? Here’s how. The U.S. government — and likely your own government, for that matter — is either watching your online activity every minute of the day through automated methods and non-human eavesdropping techniques, or has the ability to dip in as and when it deems necessary — sometimes with a warrant, sometimes without. That tin-foil hat really isn’t going to help. Take it off, you look silly.

Gen. David Petraeus, the former head of the U.S. Central Intelligence Agency, resigned over the weekend after he was found to have engaged in an extra-marital affair. What caught Petraeus out was, of all things, his usage of Google’s online email service, Gmail.

This has not only landed the former CIA chief in hot water but has ignited the debate over how, when, and why governments and law enforcement agencies are able to access ordinary citizens’ email accounts, even if they are the head of the most powerful intelligence agency in the world.

If it makes you feel any better, the chances are small that your own or a foreign government will snoop on you. The odds are much greater — at least for the ordinary person (terrorists, hijackers et al: take note) — that your email account will be broken into by a stranger exploiting your weak password, or an ex-lover with a grudge (see “Fatal Attraction“).

Forget ECHELON, or signals intelligence, or the interception of communications by black boxes installed covertly in data centers. Intelligence agencies and law enforcement bodies can access — thanks to the shift towards Web-based email services in the cloud — but it’s not as exciting or as Jack Bauer-esque as one may think or hope for.

The easiest way to access almost anybody’s email nowadays is still through the courts. (Sorry to burst your bubble, but it’s true.)

The ‘save as draft’ trick

Petraeus set up a private account under a pseudonym and composed email messages but never sent them. Instead, they were saved in draft. His lover, Paula Broadwell, would log in under the same account, read the email and reply, all without sending anything. The traffic would not be sent across the networks through Google’s data centers, making it nigh on impossible for the National Security Agency or any other electronic signals eavesdropping agency (such as Britain’s elusive GCHQ) to ‘read’ the traffic while it is in transit.

Saving an email as a draft almost entirely eliminates network traffic, making it nigh on impossible for intelligence agencies to ‘traffic sniff.’

And yes, terrorists and pedophiles have been known to use this ‘trick’, but also sophisticated criminals also use this technique. It eliminates a network trail to a greater or lesser extent, and makes it more difficult to trace.

But surely IP addresses are logged and noted? When emails are sent and received, yes. But the emails were saved in draft and therefore were not sent. However, Google may still have a record of the IP addresses of those who logged into the account.

However, most Internet or broadband providers offer dynamic IP addresses that change over time, and an IP address does not always point to the same computer, let alone the same region or state every time it is assigned to a user. Even then, recent U.S. court cases have found that IP addresses do not specifically point to a computer, meaning even if the authorities were sure that it was Petraeus, for instance — though IP addresses very rarely give the exact house number and street address — it would not stick in court.

As is often the case, human error can land someone in the legal spotlight. 37-year-old Florida resident Jill Kelley, a family friend to the Petraeus’, allegedly received emails from an anonymous account warning Kelley to stay away from the CIA chief.

But when Broadwell sent these messages, it left behind little fragments of data attached to the email — every email you send has this data attached — which first led the FBI on a path that led up to the very door of Petraeus’ office door in Langley, Virginia.

Get a warrant, serve it to Google?

There’s no such thing as a truly ‘anonymous’ email account, and no matter how much you try to encrypt the contents of the email you are sending, little fragments of data are attached by email servers and messaging companies. It’s how email works and it’s entirely unavoidable.

Every email sent and received comes with ‘communications data,’ otherwise known as “metadata” — little fragments of information that carries the recipient and the sender’s address, and routing data such as the IP addresses of the sender and the servers or data center that it’s passed through. Extracting this metadata is not a mystery or difficult, in fact anyone can do it, but if you have the legal tools and law enforcement power to determine where the email was passed through — such as an IP address of one of Google’s data center in the United States.

Email is surprisingly similar to the postal system, especially when it comes to the communication “metadata.”

The system is remarkably similar to the postal system. You can seal the envelope and hide what’s inside, but it contains a postmark of where it came from and where it’s going. It may even have your fingerprints on it. All of this information outside the contents is “metadata.”

That said, even if you use a disposable Gmail account — such as iamananonymousemailsender@gmail.com, for instance — it’s clearly a Gmail account, and Gmail is operated by Google. Sometimes it just takes a smidgen of common knowledge.

Ultimately, only Google had access to the emails. Because it’s a private company, it does not fall under the scope of the Fourth Amendment. If the U.S. government or one of its law enforcement agencies wanted to access the private Petraeus email account, it would have to serve up a warrant.

In this case, however, the Foreign Intelligence Services Act (FISA) would not apply. Even the Patriot Act would not necessarily apply in this case, even though it does allow the FBI and other authorized agencies to search email. However, in this case, above all else, the Stored Communications Act does apply — part of the Electronic Communications Privacy Act.

The act allows for any electronic data to be read if it has been stored for less than 180 days. In this case, the law was specifically designed — albeit quite some time before email became a mainstream communications medium — to allow server- or computer-stored data to be accessed by law enforcement.

However, a court order must be issued after the 180 days, and in this case it was. Reporting from London, the BBC News’ Mark Ward summed it up in a single sentence:

Once it knew Ms. Broadwell was the sender of the threatening messages, the FBI got a warrant that gave it covert access to the anonymous email account.

And that’s how they do it. No matter which way you look at it, no matter how much the government or its law enforcement agencies want the data or the proof of wrongdoing, they must almost always get a court order.

And Petraeus is no different from any other U.S. citizen, U.K. citizen, or European citizen — and further afield for that matter. What it always boils down to is a court order, and it’s as simple as that. It’s not ECHELON or an episode of “24“ using hacking or cracking techniques; it’s an afternoon in a fusty courtroom with a semi-switched on (and preferably sober) judge.

That said, it doesn’t grant unfettered or unrestricted access to a user’s inbox or email account, but when an alleged crime has been committed or law enforcement starts digging around, it allows a fairly wide berth of powers to request access to electronically stored data.

Former assistant secretary to the U.S. Department of Homeland Security Stewart Baker told the Associated Press:

The government can’t just wander through your emails just because they’d like to know what you’re thinking or doing. But if the government is investigating a crime, it has a lot of authority to review people’s emails.

So there it is. A court order is all you need to access a person’s inbox, but sufficient evidence is often required in order to do this — particularly through the Stored Communications Act, or the Electronic Communications Privacy Act.

It sounds obvious, of course, that’s because it is.

That said, if there is reasonable suspicion albeit lacking evidence, or a U.S. law enforcement agency is dealing with a foreign national outside of the United States, that normally requires a secret FISA court order to be granted in order to proceed with the interception of data or warranted access to an email account, for example.

Outside the U.S.: Is it still ‘just’ a court order?

A simple court order is all it takes and it can apply to anyone in public office or the man on the street holding a sign warning that “the end is nigh.”

But it’s OK; you’re in Europe, or Australia, or Asia. The U.S. can’t use their laws against you in a foreign country because, well, you’re outside of its jurisdiction. Again, sorry to burst your privacy bubble but that excuse didn’t wash with the European Parliament, it shouldn’t with you either.

If you’re a European citizen with a Microsoft, Google, Yahoo or Apple account — or any email offered in the cloud by a U.S. company — which is most consumer email services nowadays — it is accessible to the U.S. courts and other nations through various acts of law, such as the Foreign Intelligence Surveillance Act (FISA) or the PATRIOT Act, in which the latter amended much of what the former had implemented in the first place.

(“Oh great, he’s talking about the Patriot Act again,” says everybody.)

It’s worth noting a common few misconceptions. Since first reporting this some years ago (and subsequently sparking a trans-Atlantic diplomatic row, whoops) analysts and experts alike, some who are under the thumb of the cloud companies themselves, claim that the Patriot Act — to use the umbrella, common term — does not allow the U.S. government or its law enforcement agencies the powers that others (*cough* including me) claim.

Let’s just run through a few examples of false claims on top of false claims:

Myth Fact
The Patriot Act is the magic wand that allows the U.S. government unrestricted access to any data, anywhere, anytime. Untrue.
The Patriot Act gives the U.S. government unprecedented access to data hosted by U.S. companies anywhere in the world. Untrue.
All countries have similar legislation that gives the authorities a means to requisition data on cloud services, to investigate and prevent acts of terrorism. Unt… actually, quite true.
It doesn’t give “unrestricted” or “unprecedented” access to date outside the U.S., because for the most part these warrants must go through a special FISA court. The trouble is even though there is some level of accountability via the FISA courts, these sessions are held in secret and there are no public minutes or record to go from, so swings and roundabouts.

Only in exceptional cases where warrants are not issued is when there is an immediate threat to life. But because these courts are secret, there’s no definitive and ultimate way to know for an absolute fact that the U.S. authorities don’t just bypass the FISA courts and skip ahead with their investigations anyway. (You only really have my word — and my sources in the U.S. government, such as legal counsels and spokespeople, to go on.)

Pretty much every country around the world has ‘Patriot Act’-like legislation. It’s just where to look for it.

On the third point, other countries do have similar laws and this should be noted. (I personally thought it was relatively common knowledge, forgive my naivety.) The U.K., for instance, has the Regulation of Investigatory Powers Act that can be used to acquire data from a third-country via a U.K.-based firm, just as the Patriot Act can be used on a U.S. firm to access data in a third-country via a local subsidiary.

But in terms of where the major email and cloud providers are based — the United States, notably on the West Coast — it means that U.S. law must apply, in spite of foreign laws that attempt to or successfully counteract the provisions offered in U.S. law. Not many major cloud providers operate solely in the U.K., whereas Microsoft, Google, Apple and Amazon are all U.S. headquartered with a subsidiary in the U.K. and other countries.

The lesson here? We’re all as bad as each other and no legally or financially reasonable place is safe to store data if you’re a massive criminal or looking to stash a bunch of secret or uncouth documents away from the authorities.

As for Petraeus, he may have been careful but in spite of his counter-terrorism knowledge and clever tricks in going under the radar, ultimately there was a weak link in the security chain — and no matter how far you go to try and cover your tracks, often it always falls down to two things: human error, or sex.

Zack Whittaker

(ZD.net)

Pakistan Cyber Force

Follow PCF on Facebook

Follow PCF on Twitter