UNM4SK3D: CIA, Dallas, and NASA

Join Cybrary

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

< Back to Blog Posts

UNM4SK3D: CIA, Dallas, and NASA

Published: April 14, 2017 | By: Olivia | Views: 3451
save

cyber_security_news

#wikileaks (but wait, there’s more).

At this point, the leaks have become a flood. And speculation is drowning us. This week, Symantec Security researchers have confirmed that the alleged CIA hacking tools exposed by WikiLeaks have been used against at least 40 governments and private organizations across 16 countries, and seem to reflect those of a North American hacking group.

Longhorn, as the cyber espionage group is called, uses backdoor trojans and zero-day attacks to target government, financial, energy, telecommunications, education, aerospace, and natural resources sectors. So, pretty much anyone. Symantec pointed out that all of the targeted entities could present an interest to a nation-state actor. Ironically, the researchers have been tracking Longhorn since 2014, when it used a Windows zero-day exploit to deliver a backdoor called Plexor.

Of the CIA hacking tools and malware variants disclosed by WikiLeaks, there have been noted similarities that are hard to dispute. Specifically, some examples include Fluxwire, a cyber espionage malware allegedly created by the CIA, which contains a changelog of dates for when new features were added. Those, according to Symantec, closely resemble with the development cycle of ‘Corentry,’ a malware created by Longhorn. Another Vault 7 document details the ‘Fire and Forget’ specification of the payload and a malware module loader called Archangel. This, Symantec claims, match almost perfectly with ‘Plexor.’ Not to mention the similar cryptographic protocols.

Longhorn has been described as a well-resourced hacking group that works on a standard Monday to Friday work week, reflective of the behavior of a state-sponsored group, and operates in an American time zone. According to The Hacker News, “Longhorn’s advanced malware tools are specially designed for cyber espionage with detailed system fingerprinting, discovery, and exfiltration capabilities. The group uses extremely stealthy capabilities in its malware to avoid detection.” Still, the CIA has denied that the Vault7 documents are authentic.

If confirmed, Longhorn would be the second cyber espionage group whose activities have been tied to the U.S. government. The first was the NSA-linked Equation Group, whose mistakes were analyzed by the individuals who developed the Vault 7 tools -SecurityWeek

Curious if Wikileaks has affected you directly? Read ‘Vault7 Vulnerabilities in Anti-Virus Solutions.’

#hacked

The sound of your smoke detector blaring through the house when you overcook something on the stove is enough to make anyone’s blood boil. Now imagine 156 alarms going off at once. That’s what happened in Dallas, Texas on Friday night when a hacker triggered a network of 156 emergency warning sirens for about two hours, waking up residents and sparking fear.

Dallas city officials tried to inform residents not to call 911, as there was not any emergency situation, but the 911 system was nevertheless flooded with over 4,400 calls. Typically, the warning sirens are used to warn citizens of the Texas about dangerous weather conditions, such as severe storms and tornados, so you can imagine the distress and confusion. Initially, authorities believed the incident was accomplished using the city’s emergency services computer systems, but it was discovered this week that the hack was done through the radio. The Emergency Alert System is controlled by tone combinations used with the EAS broadcast over the National Weather Service’s weather radio, and by Dual-Tone Multi-Frequency (DTMF) or Audio Frequency Shift Keying (AFSK) encoded commands from a command center terminal sent over an emergency radio frequency. This suggests that the emergency system could be compromised by outside radio equipment replicating the tonal code required to trigger the alarms, known as a ‘radio replay attack.’

It is believed that the hacker who managed to trigger alarm somehow gained access to the siren system documentation, finding the exact tonal commands that trigger an alarm, and then just played that command signal repeatedly. Perhaps worst of all is that this is the second time a hacker has attacked critical infrastructure in the city. Last year, some unknown hacker hacked into some traffic signals in Dallas and used them to publish jokes. Luckily, no one was hurt due to these incidents, but it’s a sobering sign of the danger that could come from hacks to critical infrastructure.

I don’t want someone to understand how it was done so that they could try to do it again. It was not a system software issue; it was a radio issue. -Dallas City Manager T.C. Broadnax

The radio frequencies used by WiFi weaken as they spread out and/or go further, called attenuation. Get more detail here. 

#outerspace

Ever wondered about the Great Beyond? Well, NASA has. And by wonder, we mean worry. The agency’s Cybersecurity Chief recently expressed concern over hackers breaching communications between NASA and one of its 65 spacecraft transmitting research data.

National Aeronautics and Space Administration (NASA) satellites, Swift and Fermi gather information about powerful space explosions and the energy of black holes, but these projects were only supposed to last a few years. Surprisingly, they’ve lasted more than a decade. Great for researchers but a concern for cyber security analysts because of the projects’ aging computer operating systems. This means the data sent to and from planet Earth must remain secure despite outdated security measures.  Jeanette Hanna-Ruiz, NASA Cybersecurity Chief expresses that her biggest concern is a direct cyber attack on a satellite in which adversaries could commandeer the controls.

You may be interested to know that the agency’s cyber security efforts aren’t solely limited to space. Their safeguards extend from maintaining email systems at the agency’s Washington headquarters to guarding US networks in Russia, where Americans serve on crews working with the International Space Station. The agency is also tasked with protecting huge amounts of scientific data and the control systems at its 20 research centers, laboratories and other facilities in the US. Hanna-Ruiz’s cyber security teams actively check for vulnerabilities in coding, firmware, and other areas. The agency is also working to “harden” old industrial-control systems.

Last year, NASA reported 1,484 ‘cyber incidents,’ including hundreds of attacks executed from websites or web-based applications – the Office of Management and Budget’s annual report to Congress in March on federal cyber performance

Learn how to approach cyber security for industrial control systems with this guide from Tripwire. 

#factbyte

20 men serving at San Quentin prison have graduated from a program funded by The Last Mile, a nonprofit that teaches prisoners how to code and then connects them with jobs at Silicon Valley companies once they have completed their sentences. 

#certspotlight

A component of network fundamentals, Subnetting prevents Ethernet collisions and conflicts in address assignment. Creating subnets allow an organization to divide the physical network into several logical networks. To be able to subnet, one first must understand binary to decimal conversion.  Network segmentation through subnettingsubnetting allows for easier management and improved security.

A solid understanding of subnetting is vital for managing your networks and the overall Security Architecture. The Cybrary Subnetting Micro Certification teaches how subnetting works, how IP addresses are broken down, and the purpose of subnetting in security and network administration, as well as what network components are represented. This micro course will also prepare you to explain network classes, dot-decimal notation, CIDR notation, subnet masks, and routing.

Code expires 4/16/17 at midnight EST. 

olivia2

Olivia Lynch (@Cybrary_Olivia) is the Marketing Manager at Cybrary. Like many of you, she is just getting her toes wet in the field of cyber security. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog.

< Back to Blog Posts
Enjoy this blog post? Want more Cybytes?
Invite a Friend
and share now
Facebook Twitter Google+ LinkedIn Email
Join Cybrary
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel