This Week in Cybercrime: NSA Wants More Info from Firms

Plus: Data clearinghouses make the best targets, and “Icefog” hackers strike with precision

4 min read

This Week in Cybercrime: NSA Wants More Info from Firms

You have to give it to Gen. Keith Alexander, head of the U.S. National Security Agency (NSA). The man can stand up to abuse. He’s faced the ire of attendees at public events ever since the spy agency's monitoring U.S. citizens’ electronic communications was leaked earlier this year. The aftermath of Wednesday’s keynote address at the Billington Cybersecurity Summit, where he called upon the private sector to partner with the NSA, the FBI, the Department of Homeland Security, and the CIA to prevent or limit cybercrime was no different. He couldn’t possibly have expected any different after he said, "We need the authority for us to share [cyberattack information] with [private businesses] and them to share with us."

Despite revelations about the NSA’s activities—some that directly contradict previous government assurances about the limits of the surveillance programs—Alexander insisted that the NSA hasn’t done anything illegal. Furthermore, he said, the calls from some members of Congress to limit the reach of the NSA and the nation’s other spy and law enforcement agencies are based on what he calls sensationalized reporting. Alexander pushed for even more data access from U.S. companies. The more information companies shared with NSA the more cyberattack warnings it could supply to them.

But many observers now see that rationale as threadbare and view Alexander and his ilk with a jaundiced eye. Jerry Brito, a researcher who heads the Technology Policy Program at the Mercatus Center at George Mason University, in Virginia, told CSO that the NSA already has the authority to share data with companies. It could simply declassify information, allowing companies to use it to protect themselves. But that’s not what the agency is interested in, Brito insists. "What they really want is more information about the communications of Americans under the rubric of cybersecurity information sharing," he told CSO.

Stolen Data Clearinghouse Gets Info from Its Above-Board Counterparts

Willie Sutton’s famous response to being asked why he robbed banks—“Because that’s where the money is”—could certainly be the rationale behind a recently discovered cybercrime program targeting data brokerage firms. According to an investigative report [pdf] from security reporter Brian Krebs, an online identity theft service that specializes in selling Social Security numbers, credit and background check reports, and other information, gained access to the data by hacking into the networks of companies such as LexisNexis, Dun & Bradstreet, and an employment background screening company called Kroll Background America Inc. Botnets in the companies’ systems continually siphoned off information and passed it to servers controlled by the cybercrooks.

The criminal clearinghouse, whose website was at SSNDOB[dot]MS, had served some 1300 customers who paid hundreds of thousands of dollars to get their hands on the SSNs, birth dates, drivers license records, and the credit and background check information of more than four million U.S. residents.

Researchers Identify Source of Hit and Run Cyberattacks

Security researchers at Kaspersky Lab say they have uncovered details related to a series of “hit and run” attacks against very specific targets. In a blog post on Kaspersky’s Securelist blog, the researchers said, “We believe this is a relatively small group of attackers that are going after the supply chain—targeting government institutions, military contractors, maritime and ship-building groups, telecom operators, satellite operators, industrial and high technology companies and mass media, mainly in South Korea and Japan.”

What’s most unique about the data theft campaign, which Kaspersky calls “Icefog,” is that after the attackers get what they want, they don’t hang around, using the backdoors installed on the victims’ networks to continue exfiltrating data. They go in knowing exactly what they’re after, take only the target information, then sweep up, turn off the lights, and close the door behind them.

Kaspersky Lab said that it has observed more than 4000 unique infected IPs and hundreds of victims. Some of the companies targeted during the operation, which began in 2011, include defense industry contractors Lig Nex1 and Selectron Industrial Company, shipbuilders such as DSME Tech, and Hanjin Heavy Industries, telecommunications firms such as Korea Telecom, and even the Japanese House of Representatives and the House of Councillors.

Kaspersky has since published a full report (pdf) with a detailed description of the backdoors and other malicious tools used in Icefog, along with a list of ways to tell whether your system has been compromised. The researchers have also put up an FAQ page.

iPhone Break-ins and Countermeasures

Someone tinkering with his Apple iPhone figured out a way to bypass its lock screen, the first line of security for the gadget other than keeping it in your pocket. This week, Apple released its latest countermeasure: an iOS 7 software update that fixes the security hole that allowed an unauthorized user to access information including the handset owner’s e-mail, Twitter, Facebook, and Flickr accounts.

According to Forbes' Andy Greenberg, “swiping upwards on the lockscreen to bring up the iOS Control Center, then opening the alarm clock app, then holding down the power button to show the ‘power off’ and ‘cancel’ options, then tapping ‘cancel,’ and finally quickly double-clicking the home button to bring up the multitasking screen for various apps,” made those apps accessible.

It’s amazing what people with loads of time on their hands eventually stumble upon.

That news came the same week it was revealed that someone had found an even more involved method for fooling the iPhone 5’s fingerprint sensor. According to Marc Rogers, a researcher at the mobile security firm Lookout, it’s possible but highly unlikely that you’ll be the victim of his hack, which he detailed in a blog post (“Why I Hacked Apple’s TouchID, And Still Think It Is Awesome.”). To give you an idea of just how remote the possibility of your phone being duped using his technique, here are a few of the steps Rogers mentions: “You take the cleaned print image and without inverting it, print it to transparency film. Next, you take the transparency film and use it to expose some thick copper clad photosensitive PCB board that’s commonly used in amateur electrical projects. After developing the image on the PCB using special chemicals, you put the PCB through a process called ‘etching’ which washes away all of the exposed copper leaving behind a fingerprint mold.”

In other words, you can rest easy.

Photo:Charles Dharapak/Associated Press

The Conversation (0)