US Government Cyber News – October 2012
CYBERCRIME: Proxy service a front for malware distribution. Hundreds of thousands of users who signed up for an inexpensive proxy service called Proxybox.name ended up installing a trojan linked to a botnet first detected during the summer. Researchers at Symantec reverse engineered the Backdoor.Proxybox malware and unearthed a major black hat operation and perhaps the actual malware developer.
The investigation started with a legitimate looking Russian Web site advertising access to thousands of proxies for an extremely low monthly fee that could be paid via WebMoney, Liberty Reserve, and RoboKassa. A closer inspection of the command-and-control server showed the botnet maintains some 40,000 users online at any time. Advertisements for Proxybox.name appear on four other Web sites all linked to the same author. They include vpnlab.ru, avcheck.ru, and whoer.net, which provides proxy testing. This led Symantec researchers to believe the same Russian hacker is behind the black hat operation.
CYBERWAR: Telecom vendors Huawei, ZTE, pose cyber-espionage threats, lawmakers conclude. Two top telecom infrastructure vendors from China, Huawei, and ZTE, pose potential cyber-espionage threats, according to a panel of U.S. lawmakers on intelligence, Infosecurity reported October 8. After an 11-month investigation, the U.S. House of Representatives’Permanent Committee on Intelligence suggested that telecom networks built on Huawei and ZTE gear could provide a way for the Chinese government to bake in listening vectors, for instance.
There is a “heightened threat of cyber espionage and predatory disruption or destruction of US networks if telecommunications networks are built by companies with known ties to the Chinese state, a country known to aggressively steal valuable trade secrets and other sensitive data from American companies,” the report said. The panel recommended that American telcos, cable MSOs, satellite companies, wireless operators, and broadband providers should consider other vendors going forward when building out or expanding networks. And, sensitive government systems should exclude Huawei or ZTE equipment or component parts — Huawei in particular has a large enterprise IT division that could supply federal and State networks. And, it said that it would seek to block mergers or acquisitions involving Huawei and ZTE due to – 24 – national security concerns.
[big_header]Cyberwar: Pre 9/11 Moment According to Leon Panetta[/big_header]
This month, the 23rd Secretary of Defense for the United States stated at a meeting of the Business Executives for National Security that distributed denial of service attacks are ‘just the beginning’ and have been hitting the USA at unprecedented speed and disruptive capabilities. Prior to his confirmation as Secretary of Defense, Leon Panetta served as Director of the Central Intelligence Agency (CIA) from February 13, 2009 to June 30, 2011. From July 1994 to January 1997, Mr. Panetta served as Chief of Staff to President Bill Clinton. Prior to that, he was Director of the Office of Management and Budget (OMB). As a member of Congress, Panetta represented California’s 16th (now 17th) District in the House of Representatives from 1977 to 1993. During his final four years in Congress, Panetta served as chairman of the influential House Budget Committee.
Secretary Panetta stated that the USA must beef up its cyber defenses or “suffer as it did on September 11, 2001 for failing to see the warning signs ahead of that devastating terrorist attack”.
He warned that America’s critical infrastructure are already under attack and at serious risk by “intruders who have successfully gained access to these control systems”.
Good thing we have some of the best experts in this area who will be covering risk to SCADA systems in detail and what the best practices should be in this arena. Expect a “SCADA Lockdown” article in January 2013′s edition of Cyber Defense Magazine. With Secretary Panetta calling on Congress and Business to pass extremely controversial Cyber Security legislation, expect the Civil Rights and Privacy issues to become front and center during this heated debate: How do you help your Government secure cyber space without giving up your rights?
What happens if the US Government gets the ability to literally “pull the plug” on the internet? Is Cyber terrorism just another call for Governments to have silent wars over the Internet, affecting and disrupting business and consumer livelihoods? We will cover this in great detail with section of CDM dedicated to this subject throughout 2013, so stay tuned. On this note, take a look at this letter by various legislators to the POTUS this month that CDM was given access to, warning Obama NOT to issue an executive order on Cyber Security:
We’ll keep a keen eye on what’s happening with the Internet. Not only have privacy experts made dire predictions of the loss of privacy but economic and commerce experts have also warned that if anyone ever has the ability to pull the plug on it, you might as well shut down Global economies and call it a day – it’s not just a privacy issue, it’s a major commerce issue.
[big_header]Did the Chinese Government Hack the White House Last Month?[/big_header]
It appears that Chinese hackers broke in to White House military office network in charge of the president’s nuclear football (yes, the “RED” button). According to the White House, hackers linked to China’s government broke into one of the U.S. government’s most sensitive computer networks, breaching a system used by the White House Military Office for nuclear commands, according to defense and intelligence officials who managed the incident response.
One official said the cyber breach was one of Beijing’s most brazen cyber attacks against the United States and highlights a failure of the Obama administration to press China on its persistent cyber attacks.Disclosure of this high profile cyber attack also comes amid heightened tensions in Asia, as the Pentagon moved two of the U.S. aircraft carrier strike groups and Marine amphibious units near waters by the disputed Senkaku islands. Japan claims ownership and so does China.
The U.S. officials familiar with reports of the White House hacking incident said it took place earlier this month and involved unidentified hackers, believed to have used computer servers in China, who accessed the computer network used by the White House Military Office (WHMO), the president’s military office in charge of some of the government’s most sensitive communications, including strategic nuclear commands. The office also arranges presidential communications and travel, and inter-government teleconferences involving senior policy and intelligence officials.
An Obama administration national security official said: “This was a spear phishing attack against an unclassified network.” As you might already know, spear phishing is a cyber attack that uses disguised emails that seek to convince recipients of a specific organization to provide confidential information. Spear phishing in the past has been linked to China and other states with sophisticated cyber warfare capabilities.
Officials described the type of attack as “not infrequent” and said there were already unspecified “mitigation measures in place.” Officials said the incident was isolated and there was no exfiltration of any valuable data. They also have stated that there was no impact or breach on the classified systems within the White House.
Details of this attack and its potential damage remain closely held within the US Government.If you recall the Pentagon USB fiasco, you can be sure that the Chinese Government is ‘managing’ the manufacturing pipeline more closely than ever, making sure that goods that make it into the US also include backdoors and zero-day spyware.
Now, more than ever, we need to look into a newer, more innovative approach to host-based intrusion prevention. Stay tuned for our review of some next generation HIPS engines in our upcoming January 2013 edition of Cyber Defense Magazine.
SOURCES: WHITEHOUSE.gov, DHS.gov, DEFENSE.gov and HOUSE.gov