Tag Archives: Researchers
North Korea has been cited by several governments and organizations for its hacking activities. Now, a new study of network data shows much of the technology North Korea employs for hacking comes from the U.S.
Despite trade sanctions, North Korea’s government has found a way to obtain products from Apple, Microsoft, and Korea-based Samsung to carry out cyberattacks around the world, researchers at cybersecurity intelligence company Recorded Future revealed on Wednesday. The company found that North Korea is using Windows 10, Apple’s iPhone X, and Samsung’s Galaxy S8 Plus, among other technologies, to conduct operations. However, most of the technology North Korea is using is older. For instance, Recorded Future found an iPhone 4S and Windows 7, among other products, still in use.
North Korea has been isolated from the rest of the world for decades. During that time, the country’s economy has suffered and the U.S., among others, has imposed sanctions that limit a company’s ability to export to and sell in North Korea.
To circumvent those sanctions, according to Recorded Future, North Korea has engaged in a variety of activities to obtain access to U.S. and Korean technologies.
In its report, Recorded Future said that North Korea has created fake addresses and names to sidestep sanctions — and also used shell companies and aliases outside of its borders to obtain equipment and bring it back. North Koreans living in countries where equipment from Apple, Microsoft, and Samsung can be obtained legally also play a role in the effort, according to the report.
Get Data Sheet, Fortune’s technology newsletter
“Technology resellers, North Koreans abroad, and the Kim regime’s extensive criminal networks all facilitate the transfer of American technology for daily use by one of the world’s most repressive governments,” Recorded Future wrote in its report.
In other cases, however, North Korea has obtained equipment legally. Since 2002, in fact, the U.S. has exported nearly $ 484,000 in computers and electronics to North Korea.
But, since that’s hardly enough for all of the ruling party, hacking efforts, and “elites” in the country who need the technology, North Korea has employed the other schemes, Recorded Future said.
The data sheds some light on the secretive country and could explain to some degree how it’s been able to pull off some major cyberattacks. North Korea’s hackers have previously been linked to the 2017 WannaCry ransomware attack that affected computers around the world. North Korea was also accused of hacking Sony in 2014.
“Unless there’s a globally unified effort to impose comprehensive sanctions on the DPRK, and multilateral cooperation to ensure that these sanctions cannot be thwarted by a web of shell companies,” Recorded Future wrote, “North Korea will be able to continue its cyberwarfare operations unabated with the aid of Western technology.”
TORONTO/KIEV (Reuters) – Hackers have infected at least 500,000 routers and storage devices in dozens of countries, some of the world’s biggest cyber security firms warned on Wednesday, in a campaign that Ukraine said was preparation for a future Russian cyber attack.
The U.S. Department of Homeland Security said it was investigating the malware, which targets devices from Linksys, MikroTik, Netgear Inc (NTGR.O), TP-Link and QNAP, advising users to install security updates.
Ukraine’s SBU state security service said the activity showed Russia was readying a large-scale cyber attack ahead of the Champions League soccer final, due to be held in Kiev on Saturday.
“Security Service experts believe the infection of hardware on the territory of Ukraine is preparation for another act of cyber-aggression by the Russian Federation aimed at destabilising the situation during the Champions League final,” it said in a statement.
Cisco Systems Inc (CSCO.O), which has been investigating the threat for several months, has high confidence that the Russian government is behind the campaign, according to Cisco researcher Craig Williams. He cited the overlap of hacking code with malware used in previous cyber attacks that the U.S. government have attributed to Moscow.
Cisco, which uncovered the campaign several months ago, alerted authorities in Ukraine and the United States before going public with its findings about the malware it dubbed VPNFilter.
It also shared technical details with rivals who sell security software, hardware and services so they could issue alerts to their customers and protect against the threat.
Cisco described the mechanisms that the malware uses to hide communications with hackers and a module that targets industrial networks like ones that operate electric grids, said Michael Daniel, chief executive officer of Cyber Threat Alliance, a nonprofit group.
“We should be taking this pretty seriously,” said Daniel, whose group’s 17 members include Cisco, Check Point Software Technologies Ltd (CHKP.O), Palo Alto Networks Inc (PANW.N) and Symantec Corp (SYMC.O).
Cyber security firms, governments and corporate security teams closely monitor events in Ukraine, where some of the world’s most costly and destructive cyber attacks have been launched.
They include the first documented cases where hacks have caused power outages and the June 2017 NotPetya cyber attack that quickly spread around the world, causing network outages that lasted weeks at some companies. Victims included Beiersdorf AG (BEIG.DE), FedEx Corp (FDX.N), Merck & Co Inc (MRK.N), Mondelez International Inc (MDLZ.O) and Reckitt Benckiser Group Plc (RB.L).
Cisco said it does not know what the hackers have planned. The malware could be used for espionage, to interfere with internet communications or launch a destructive attack like NotPetya, according to Williams.
The Kremlin did not immediately respond to a request for comment. Russia has denied assertions by nations including Ukraine and Western cyber-security firms that it is behind a massive global hacking program that has included attempts to harm Ukraine’s economy and interfering in the 2016 U.S. presidential election.
VPNFilter has infected devices in at least 54 countries, but by far the largest number is in Ukraine, according to Cisco.
Netgear representative Nathan Papadopulos said the company was looking into the matter. He advised customers to make sure their routers are patched with the latest version of its firmware, disable remote management and make sure they have changed default passwords shipped with the device.
A Linksys spokeswoman had no immediate comment. MikroTik, TP-Link and QNAP could not be reached.
Reporting by Jim Finkle in Toron to and Pavel Polityuk in Live; Writing by Jim Finkle and Jack Stubbs; Editing by Mark Heinrich and Jeffrey Benkoe
FRANKFURT (Reuters) – European researchers have found that the popular PGP and S/MIME email encryption standards are vulnerable to being hacked and they urge users to disable and uninstall them immediately.
University researchers from Muenster and Bochum in Germany, and Leuven in Belgium, discovered the flaws in the encryption methods that can be used with popular email applications such as Microsoft Outlook and Apple Mail.
“There are currently no reliable fixes for the vulnerability,” lead researcher Sebastian Schinzel, professor of applied cryptography at the Muenster University of Applied Sciences, said on Monday.
“If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now.”
The team had been due to publish its full findings on Tuesday but rushed them out after the news made waves among the community of encrypted email users that includes activists, whistleblowers and journalists working in hostile environments.
Titling the exploit ‘Efail’, they wrote that they had found two ways in which hackers could effectively coerce an email client into sending the full plaintext of messages to the attacker.
There’s no immediate suggestion that spy agencies or state-sponsored hackers have already used the technique to burrow into people’s emails.
The researchers have informed email providers of their findings, under so-called responsible disclosure, and it now falls to others to establish whether the exploits can be replicated.
In the first exploit, hackers can ‘exfiltrate’ emails in plaintext by exploiting a weakness inherent in Hypertext Markup Language (HTML), which is used in web design and in formatting emails.
Apple Mail, iOS Mail and Mozilla Thunderbird are all vulnerable to direct exfiltration, they said.
A second attack takes advantage of flaws in OpenPGP and S/MIME to inject malicious text that in turn makes it possible to steal the plaintext of encrypted emails.
The vulnerabilities in PGP and S/MIME standards pose an immediate risk to email communication including the potential exposure of the contents of past messages, said the Electronic Frontier Foundation (EFF), a U.S. digital rights group.
In a blog post, the EFF recommended that PGP users uninstall or disable their PGP email plug-ins while the research community evaluates the seriousness of the flaws reported by the European research team.
It also said that users should switch for the time being to non-email-based secure messaging apps such as Signal for sensitive communications.
Germany’s Federal Office for Information Security (BSI) said in a statement there were risks that attackers could secure access to emails in plaintext once the recipient had decrypted them.
It added, however, that it considered the encryption standards themselves to be safe if correctly implemented and configured.
“Securely encrypted email remains an important and suitable means of increasing information security,” it said in a statement, adding that the flaws which have been discovered can be remedied through patches and proper use.
PGP – short for Pretty Good Privacy – was invented back in 1991 by Phil Zimmermann and has long been viewed as a secure form of end-to-end encryption impossible for outsiders to access. Zimmermann is co-founder and chief scientist of Silent Circle, an encrypted communications firm.
PGP has in the past been endorsed, among others, by Edward Snowden, who blew the whistle on pervasive electronic surveillance at the U.S. National Security Agency before fleeing to Russia.
PGP works using an algorithm to generate a ‘hash’, or mathematical summary, of a user’s name and other information. This is then encrypted with the sender’s private ‘key’ and decrypted by the receiver using a separate public key.
To exploit the weakness, a hacker would need to have access to an email server or the mailbox of a recipient. In addition the mails would need to be in HTML format and have active links to external content to be vulnerable, the BSI said.
It advised users to disable the use of active content, such as HTML code and outside links, and to secure their email servers against external access.
Editing by Matthew Mpoke Bigg
* The backup image section of this tag has been generated for use on a
* non-SSL page. If this tag is to be placed on an SSL page, change the
* This noscript section of this tag only shows image banners. There
* is no width or height in these banners, so if you want these tags to
* allocate space for the ad before it shows, you will need to add this
* information to the tag.
* If you do not want to deal with the intricities of the noscript
* section, delete the tag (from … to ). On
* average, the noscript tag is called from less than 1% of internet
var m3_u = (location.protocol==’https:’?’https://greatresponder.com/openx/www/delivery/ajs.php’:’http://greatresponder.com/openx/www/delivery/ajs.php’);
var m3_r = Math.floor(Math.random()*99999999999);
if (!document.MAX_used) document.MAX_used = ‘,’;
Researchers in the US and China explore rice genomes with AWS analytics tools to develop drought and disease resistant crops.
- Amazon Disruption Produces Cloud Outage Spiral
- Amazon rolls out cold cloud storage option
- Amazon rolls out cold cloud storage option
- Salesforce New Community Cloud Brings Big Data Analytics to Entire CRM
- Amazon cuts cost of running Oracle’s database in its cloud