A group of between 50 and 100 professional hackers operating out of China has been systematically targeting businesses, military and government agencies around the world since at least 2009, security vendor Symantec said in a report released on Tuesday. The group, called Hidden Lynx, is believed connected to the Operation Aurora espionage campaign of 2010 in which dozens of major companies, including Google and Microsoft, were targeted. More recently, Hidden Lynx was associated with an attack on security vendor Bit9 earlier this year, and also with numerous “watering hole” attacks against hundreds of organizations in the United States. The group has a long history of attacking organizations in the defense industrial base, financial services sector, education, government, supply chain and the engineering sector, Symantec noted in its report. More than half of the attacks have been against U.S.-based companies, but the group has been going after targets in other countries as well. What makes Hidden Lynx notable is its access to a seeming arsenal of sophisticated malware tools that includes zero-day vulnerabilities, said Kevin Haley, director of Symantec Security Response. The tools include one named Trojan.Naid, which the group apparently reserves for use against high-value targets such as those in Operation Aurora. Another, dubbed Backdoor Moudoor, is used for more general-purpose hacking campaigns. Haley said members of Hidden Lynx appear loosely organized into two teams: an A-team, comprising a relatively small number of elite hackers with access to sophisticated tools like Trojan Naid; and a B-team, which appears comprised mainly of foot soldiers responsible for carrying out large attacks using Backdoor Moudoor and similar tools. The elite hackers are usually deployed for special operations involving a high-degree of skill and secrecy, Haley noted. Often, this group appears to have advanced knowledge of, and access to, information on fresh zero-day vulnerabilities, Haley said. Read More… Is anyone not blocking Chinese access to their sites?
UPDATE – 10/15/13 – Hacker Group Hiden Lynx target Mandiant CEO Via Limo Service
A free Android app for sending encrypted text messages was released today amid escalating privacy concerns that the NSA overstepped its authority in its capture of communications and may have worked to weaken encryption standards. Wickr’s announcement followed that of Silent Circle, which earlier this month began offering a similar free app for its subscribers. Both companies already had offered an iOS version of encrypted text-messaging, but now have added Android secure texting to the mix. Wickr’s Android texting app is free. The new apps could potentially propel encrypted texting to the mainstream, experts say. The new Android encrypted messaging services come on the heels of the shutdown of two encrypted email services — Lavabit, which closed its doors altogether, and Silent Circle, which dropped its Silent Mail service in the fallout from the Edward Snowden leaks about the NSA’s spying programs. Ladar Levison, owner and operator of encrypted email company Lavabit, said he shuttered his business after being faced with having “to become complicit in crimes against the American people,” a statement experts say indicates Lavabit may have been pressured to give up customer information or deal with an eavesdropping warrant by the feds. Does anyone remember the Villainous Voodoo commenting on this?
Nico Sell, CEO and co-founder of Wickr and r00tz, says Wickr agrees with Lavabit’s farewell message: Don’t trust any U.S. company with your personal information. “We agree completely. This is why we built Wickr to be a zero-knowledge system. We have no keys and no information,” Sell said in an email interview. “With this type of architecture, the U.S. is the best place to be to offer private communications to the world. It is also the best place to keep our servers.” Wickr anonymizes users’ contacts and can’t read the text messages or any content sent by the user. “Therefore, no criminal or rogue government can take them from us,” said Robert Statica, co-founder and CTO of Wickr, today in a blog post announcing the new Android service. “It is our commitment to keep our users communications between only them and the intended recipient.” Friends, as of this post, Wickr is still in beta but you should definitely check it out. You’ve been warned…
UPDATE – 09/19/13 – An interesting alternative to Wickr is ShazzleMail. Check it out…
The U.S. National Security Agency’s efforts to defeat encrypted Internet communications, detailed in recent news stories, are an attack on the security of the Internet and on users’ trust in the network, some security experts said. The NSA and intelligence agencies in allied countries have found ways to circumvent much of the encryption used on the Internet, according to stories published by The New York Times, ProPublica and the Guardian. The NSA, the British GCHQ and other spy agencies have used a variety of means to defeat encryption, including supercomputers, court orders and behind-the-scenes agreements with technology companies, according to the news reports.
The reports, relying on documents provided by former NSA contractor Edward Snowden, show that many tech companies are collaborating with the spy agencies to “destroy privacy,” said cryptographer and security specialist Bruce Schneier. “The fundamental fabric of the Internet has been destroyed.” Digital rights group the Center for Democracy and Technology echoed some of Schneier’s concerns, with CDT senior staff technologist Joseph Lorenzo Hall calling the NSA’s encryption circumvention efforts “a fundamental attack on the way the Internet works.”
But Matthew Green, a cryptographer and research professor at Johns Hopkins University, suggested Microsoft is due for scrutiny on encryption security, if encryption has been compromised, as the recent news stories suggest. Most commercial encryption code uses a small number of libraries, with Microsoft CryptoAPI being among the most common, he wrote in a blog post. The good news for privacy-minded Internet users is that security researchers questioned whether the foundations of cryptography itself have been compromised. Some encryption protocols are vulnerable, but it’s likely that the NSA is attacking the software that encryption is implemented with or relying on human mistakes, Green wrote.
Friends, as Bruce Schneier said, “trust no one…” and as the Villainous VooDoo said, “the only digital privacy you can expect is that which you make for yourself…”
UPDATE – 09/23/13 – “NSA Spying Is Making Us Less Safe…”, NSA surveillance: A guide to staying secure
Silent Circle, a company specializing in encrypted communications, released a messaging application for Android devices that encrypts and securely erases messages and files. The application, called Silent Text, lets users specify a time period for which the receiver can view a message before it is erased. It also keep the keys used to encrypt and decrypt content on the user’s device, which protects the company from law enforcement requests for the keys. Silent Circle, whose co-founder is encryption expert Phil Zimmerman, abandoned its privacy-focused email service in early August following leaks by former NSA contractor Edward Snowden detailing the U.S. government’s vast electronic surveillance efforts.
How it works – The Silent Text application generates a new encryption key for each new message. The key is then destroyed “so even if your device is examined, there are no keys to be had after the conversation is complete,” according to the company’s website. Only the sender and receiver can view a message. If it was intercepted in transit, it would be unreadable unless the interloper could obtain the encryption key or use brute-force computing power to decrypt the content. The “Burn Notice” feature lets the sender set a time for a text, video, voice recording or picture to be erased from the recipient’s device. The sender can also recall or destroy previously sent messages. It supports files up to 100 MB. Although I’ve been reading mixed reviews about the app and I’m not sure if casual users would be willing to pay the services fees, This sounds pretty cool. I especially like the fact that the keys are stored on the device. Here at the Villainous VooDoo, we take our privacy seriously and welcome tools such as Silent Text available to the general public. Hopefully, in the near future we can begin seeing such apps offered free. Doom on you, NSA.
The Pirate Bay has introduced its own browser, which can be used to circumvent censorship and blockades. The PirateBrowser is a simple, one-click, pre-configured Firefox browser that makes The Pirate Bay and other blocked sites instantly available and accessible in countries where the site is blocked, the torrent search website said in a blog post over the weekend. PirateBrowser uses Vidalia, a cross-platform graphical controller for the Tor software that allows users to start and stop the Tor anonymizing network. This client is bundled with Mozilla’s Firefox portable browser with the FoxyProxy addon, a set of proxy management tools for Firefox, Google Chrome and Internet Explorer that bypass content-filtering in certain countries. Combined with some custom adjustments, the PirateBrowser allows users to “circumvent censorship that certain countries such as Iran, North Korea, United Kingdom, the Netherlands, Belgium, Finland, Denmark, Italy, and Ireland impose onto their citizens,” according to the PirateBrowser site. The launch of the browser that celebrates the 10th anniversary of The Pirate Bay is only intended to circumvent censorship, The Pirate Bay said. PirateBrowser is available for Windows on piratebrowser.com. Linux or Mac versions were not announced.