Paul Carsten( Yahoo.com - October 10, 2014 )
Anonymous, the nebulous online activist group that uses hacking to further causes it supports, has threatened a major blackout of Chinese and Hong Kong government websites, and to leak tens of thousands of government email address details.The group, under the banner of ‘Operation Hong Kong’ or ’ it will launch a mass effort against Chinese government servers to bring down their websites via Distributed Denial of Service (DDoS) attacks on Saturday. DDoS attacks attempt to cripple networks by overwhelming them with Internet traffic. “Here’s your heads up, prepare for us, try to stop it, the only success you will have will be taking all your sites offline,” an Anonymous statement posted online said. “China, you cannot stop us. You should have expected us before abusing your power against the citizens of Hong Kong.”
Paul Carsten( Yahoo.com - October 10, 2014 )
Ben Blanchard( Reuters - October 9, 2014 )
China accused the United States on Thursday of faking facts, after the head of the FBI said that Chinese hacking likely cost the U.S. economy billions of dollars every year. Charges over hacking and internet spying have increased tension between the two countries. In May, the United States charged five Chinese military officers with hacking into U.S. companies, prompting China to suspend a Sino-U.S. working group on cyber issues. China has denied wrongdoing. Speaking on CBS’ 60 Minutes program on Sunday, FBI Director James Comey said Chinese hackers were targeting big U.S. companies, and that some of them probably did not even know they had been hacked. true Chinese Foreign Ministry spokesman Hong Lei, asked about Comey’s remarks at a daily news briefing, said China banned hacking and “firmly strikes” against such criminal activity. “We express strong dissatisfaction with the United States’ unjustified fabrication of facts in an attempt to smear China’s name and demand that
the U.S.-side cease this type of action,” Hong said. “We also demand that the U.S. side cease its large-scale systematic internet attacks on other countries. The United States tries to divert attention by crying wolf. This won’t succeed.” Many in China view the United States as being hypocritical following revelations about its own extensive spying by former U.S. intelligence contractor Edward Snowden. Comey said Chinese hackers were seeking to obtain all sorts of information, including company negotiation tactics. “I liken them a bit to a drunk burglar. They’re kicking in the front door, knocking over the vase, while they’re walking out with your television set. They’re just prolific,” Comey said.
Alastair Stevenson( V3 - October 9, 2014 )
Common vulnerabilities between operating systems exposed by flaws such as Shellshock will increasingly be used by hackers to breach enterprise systems. FireEye CTO Dave Merkel made the claim during an interview with V3, claiming that common code and services used between operating systems mean there will always be exploitable flaws in enterprise systems. “The bottom line is it doesn’t matter if you’re talking about an Apple product, a Windows product, a Linux product or any operating system,” he said. “If you’ve got a computing device with software on it, it’s got vulnerabilities on it. Someone, somewhere will find them and exploit them. I don’t care how good you think you are, it’ll happen. “Shellshock is a fine example of this. It’s a flaw that can exploit every platform, be it Windows, Mac or even Android smart watches. “Flaws like this may not always be remotely exploitable, but there will always be vulnerabilities with the potential for exploitation.” Shellshock is a fla
w in the Bash code used by Unix and Unix-like systems that was uncovered in September. The widespread use of Bash has led to concerns that it could be exploited to hack everything from desktop PCs to the SCADA systems powering critical infrastructure. FireEye CEO David Dewalt mirrored Merkel’s argument, revealing that the firm has already seen evidence of hackers creating new attack models capable of compromising machines regardless of ecosystem. “When you look at the Apple and Microsoft stack, the first thing you realise is most of the tech is similar,” he said.
Ericka Chickowski( Dark Reading - October 8, 2014 )
Yahoo goes on the record to state that an attack over the weekend was not related to Shellshock, but an independent researcher insists the Bash bug is rearing its head on Yahoo infrastructure. Contrary to news reports yesterday, an attack against several Yahoo servers this weekend was not related to Shellshock, according to Yahoo CISO Alex Stamos, who also says no user data was accessed during the attack. Stamos made his assertion after reports from the independent researcher Jonathan Hall that Romanian hackers had infiltrated Yahoo’s network through the Bash bug vulnerability on its servers. Though a company spokesperson did initially say Shellshock was to blame, Stamos said his team found that the incident was isolated to three Yahoo Sports servers, which attackers were probing for Shellshock vulnerabilities. “After investigating the situation fully, it turns out that the servers were in fact not affected by Shellshock,” Stamos wrote in a post to the Hacker News forum. “The
se attackers had mutated their exploit, likely with the goal of bypassing IDS/IDP or WAF filters. This mutation happened to exactly fit a command injection bug in a monitoring script our Sports team was using at that moment to parse and debug their web logs.”
John E. Dunn( Network World - October 8, 2014 )
The Russian gang behind the obscure Qbot botnet have quietly built an impressive empire of 500,000 infected PCs by exploiting unpatched flaws in mainly US-based Windows XP and Windows 7 computers, researchers at security firm Proofpoint have discovered. A year or two ago, what the Qbot (aka Qakbot) campaign has achieved in the roughly half dozen years the actors behind it have been operating would have been seen as a major concern. Recently, standards have gone up a notch. These days Russian hackers are grabbing headlines for altogether more serious incursions such as the recently revealed attack on US bank JPMorgan Chase, and botnets sound like yesterday’s problem. However, Proofpoint’s research does point to an intriguingly sophisticated business model. The group behind the botnet have built it in a methodical way over time, fuelling the campaign at levels low enough to avoid attracting the attention of security firms.
Sudarshan Varadhan( Reuters - October 7, 2014 )
Hackers who breached JPMorgan Chase & Co’s computer network earlier this year also tried to infiltrate other financial institutions, the Wall Street Journal reported, citing people familiar with the investigation. Federal officials had asked financial institutions last month to check whether they had seen indications of cyberattack, the Journal said, citing the unnamed sources. (on.wsj.com/1rSWWTX) An undisclosed number of financial institutions responded that they had seen traffic from the suspect computer addresses linked to the hackers, but that they did not believe their systems had been breached, the newspaper said, quoting the sources. Even among the many agencies investigating and responding, disagreements and unanswered questions remain about the extent of the hackers access at the U.S. financial institutions, the newspaper said, quoting federal officials. It is unclear which financial institutions were targeted by the hackers.
Ken Thomas( Yahoo News - October 6, 2014 )
FBI Director James Comey compared Chinese hackers to a “drunk burglar” who steals with reckless abandon, even as they cost the U.S. economy billions of dollars every year. In an interview broadcast Sunday on CBS’ “60 Minutes,” Comey said Chinese hackers target the intellectual property of U.S. companies in China every day. “I liken them a bit to a drunk burglar. They’re kickin’ in the front door, knocking over the vase, while they’re walking out with your television set. They’re just prolific. Their strategy seems to be: ‘We’ll just be everywhere all the time. And there’s no way they can stop us,’” Comey said. The Justice Department earlier this year announced a 31-count indictment against Chinese hackers accused of breaking into computer networks at steel companies and the manufacturers of solar and nuclear technology, with the goal of gaining a competitive advantage. China has denied the allegations. In the CBS interview, Comey also discussed the U.S. fight against terroris
m. He described the terrorist networks within Syria as a sophisticated “metastasis” of al-Qaida.