Ready to Start Your Career?
April 14, 2017
UNM4SK3D: CIA, Dallas, and NASA
April 14, 2017
#wikileaks (but wait, there's more).At this point, the leaks have become a flood. And speculation is drowning us. This week, Symantec Security researchers have confirmed that the alleged CIA hacking tools exposed by WikiLeaks have been used against at least 40 governments and private organizations across 16 countries, and seem to reflect those of a North American hacking group.Longhorn, as the cyber espionage group is called, uses backdoor trojans and zero-day attacks to target government, financial, energy, telecommunications, education, aerospace, and natural resources sectors. So, pretty much anyone. Symantec pointed out that all of the targeted entities could present an interest to a nation-state actor. Ironically, the researchers have been tracking Longhorn since 2014, when it used a Windows zero-day exploit to deliver a backdoor called Plexor.Of the CIA hacking tools and malware variants disclosed by WikiLeaks, there have been noted similarities that are hard to dispute. Specifically, some examples include Fluxwire, a cyber espionage malware allegedly created by the CIA, which contains a changelog of dates for when new features were added. Those, according to Symantec, closely resemble with the development cycle of 'Corentry,' a malware created by Longhorn. Another Vault 7 document details the 'Fire and Forget' specification of the payload and a malware module loader called Archangel. This, Symantec claims, match almost perfectly with 'Plexor.' Not to mention the similar cryptographic protocols.Longhorn has been described as a well-resourced hacking group that works on a standard Monday to Friday work week, reflective of the behavior of a state-sponsored group, and operates in an American time zone. According to The Hacker News, "Longhorn's advanced malware tools are specially designed for cyber espionage with detailed system fingerprinting, discovery, and exfiltration capabilities. The group uses extremely stealthy capabilities in its malware to avoid detection." Still, the CIA has denied that the Vault7 documents are authentic.
If confirmed, Longhorn would be the second cyber espionage group whose activities have been tied to the U.S. government. The first was the NSA-linked Equation Group, whose mistakes were analyzed by the individuals who developed the Vault 7 tools -SecurityWeekCurious if Wikileaks has affected you directly? Read 'Vault7 Vulnerabilities in Anti-Virus Solutions.'
#hackedThe sound of your smoke detector blaring through the house when you overcook something on the stove is enough to make anyone's blood boil. Now imagine 156 alarms going off at once. That's what happened in Dallas, Texas on Friday night when a hacker triggered a network of 156 emergency warning sirens for about two hours, waking up residents and sparking fear.Dallas city officials tried to inform residents not to call 911, as there was not any emergency situation, but the 911 system was nevertheless flooded with over 4,400 calls. Typically, the warning sirens are used to warn citizens of the Texas about dangerous weather conditions, such as severe storms and tornados, so you can imagine the distress and confusion. Initially, authorities believed the incident was accomplished using the city's emergency services computer systems, but it was discovered this week that the hack was done through the radio. The Emergency Alert System is controlled by tone combinations used with the EAS broadcast over the National Weather Service's weather radio, and by Dual-Tone Multi-Frequency (DTMF) or Audio Frequency Shift Keying (AFSK) encoded commands from a command center terminal sent over an emergency radio frequency. This suggests that the emergency system could be compromised by outside radio equipment replicating the tonal code required to trigger the alarms, known as a 'radio replay attack.'It is believed that the hacker who managed to trigger alarm somehow gained access to the siren system documentation, finding the exact tonal commands that trigger an alarm, and then just played that command signal repeatedly. Perhaps worst of all is that this is the second time a hacker has attacked critical infrastructure in the city. Last year, some unknown hacker hacked into some traffic signals in Dallas and used them to publish jokes. Luckily, no one was hurt due to these incidents, but it's a sobering sign of the danger that could come from hacks to critical infrastructure.
I don't want someone to understand how it was done so that they could try to do it again. It was not a system software issue; it was a radio issue. -Dallas City Manager T.C. BroadnaxThe radio frequencies used by WiFi weaken as they spread out and/or go further, called attenuation. Get more detail here.
#outerspaceEver wondered about the Great Beyond? Well, NASA has. And by wonder, we mean worry. The agency's Cybersecurity Chief recently expressed concern over hackers breaching communications between NASA and one of its 65 spacecraft transmitting research data.National Aeronautics and Space Administration (NASA) satellites, Swift and Fermi gather information about powerful space explosions and the energy of black holes, but these projects were only supposed to last a few years. Surprisingly, they've lasted more than a decade. Great for researchers but a concern for cyber security analysts because of the projects’ aging computer operating systems. This means the data sent to and from planet Earth must remain secure despite outdated security measures. Jeanette Hanna-Ruiz, NASA Cybersecurity Chief expresses that her biggest concern is a direct cyber attack on a satellite in which adversaries could commandeer the controls.You may be interested to know that the agency's cyber security efforts aren't solely limited to space. Their safeguards extend from maintaining email systems at the agency’s Washington headquarters to guarding US networks in Russia, where Americans serve on crews working with the International Space Station. The agency is also tasked with protecting huge amounts of scientific data and the control systems at its 20 research centers, laboratories and other facilities in the US. Hanna-Ruiz’s cyber security teams actively check for vulnerabilities in coding, firmware, and other areas. The agency is also working to “harden” old industrial-control systems.
Last year, NASA reported 1,484 'cyber incidents,' including hundreds of attacks executed from websites or web-based applications - the Office of Management and Budget’s annual report to Congress in March on federal cyber performanceLearn how to approach cyber security for industrial control systems with this guide from Tripwire.