Archive for the ‘Miscellaneous’ Category

From the Black Hat Europe security conference in London: researchers create an undetectable rootkit that targets industrial equipment



Eric De Grasse
Chief Technology Officer

7 November 2016 –  Last week two researchers at the Black Hat Europe security conference in London revealed a method of infecting industrial equipment with an undetectable rootkit component that can wreak havoc and disrupt the normal operations of critical infrastructure all over the world. The attack targets PLCs (Programmable Logic Controllers), devices that sit between normal computers that run industrial monitoring software and the actual industrial equipment, such as motors, valves, sensors, breakers, alarms, and others.

Researchers say they packed their attack as a loadable kernel module, which makes it both undetectable and reboot persistent. The attack goes after PLC pin configurations, meaning the PLC won’t be able to tell which are the actual input and output pins, allowing the attacker full-control to make up bogus sensor data, send fake commands, or block legitimate ones.

The researchers acknowledge that the attack is extremely complicated, but the article argues it would still be of interest to a state-sponsored actor.

 … Read more

FBI forced to release 18 hours of spy plane footage: “Paging Mr Orwell …”

FBI spy planes



Eric De Grasse
Chief Technology Officer


9 August 2016 – Just back from Black Hat and DEF CON in Las Vegas, to find a welcome story :-) ….

It’s been just over a year since amateur aviation sleuths first revealed the FBI’s secret aerial surveillance of the civil unrest in Baltimore, Maryland. Now, in response to a FOIA request from the ACLU, the Bureau has released more than 18 hours of aerial footage from the Baltimore protests captured by their once-secret spy planes, which regularly fly in circles above major cities and are commonly registered to fake companies.

The cache is likely the most comprehensive collection of aerial surveillance footage ever released by a US law enforcement agency. The footage shows the crowds of protesters captured in a combination of visible light and infrared spectrum video taken by the planes’ wing-mounted FLIR Talon cameras … military-qualified and used by CIA drones in the Middle East; not available on Amazon … yet :-)

While individual faces are not clearly visible in the videos, it’s frighteningly easy to imagine how cameras … Read more

There are 1,000+ U.S. spies protecting the Rio Olympics

Rio olympics security


6 August 2016 – U.S. intelligence agencies have assigned more than 1,000 spies to security at the Rio 2016 Summer Games. NBC News reports:

“The classified report outlines an operation that encompasses all 17 U.S. intelligence agencies, including those of the armed services, and involves human intelligence, spy satellites, electronic eavesdropping, and cyber and social media monitoring. Areas of cooperation include vetting 10,000-plus athletes and 35,000-plus security and police personnel and others; monitoring terrorists’ social media accounts; and offering U.S. help in securing computer networks, the review shows. ‘U.S. intelligence agencies are working closely with Brazilian intelligence officials to support their efforts to identify and disrupt potential threats to the Olympic Games in Rio,’ said Richard Kolko, a spokesman for National Intelligence Director James Clapper.”Read more

How the U.S. uses “stealth” submarines to cyber hack other countries

Stealth submarine

1 August 2016 – When the Republican presidential nominee Donald Trump asked Russia — wittingly or otherwise — to launch hack attacks to find Hillary Clinton’s missing emails, it stirred a commotion. Russia is allegedly behind the DNC’s leaked emails (see our boss’ take on all of this here).


But The Washington Post is reminding us that U.S.’s efforts in the cyber-security world aren’t much different. From the report:

The U.S. approach to this digital battleground is pretty advanced. For example: Did you know that the military uses its submarines as underwater hacking platforms? In fact, subs represent an important component of America’s cyber strategy. They act defensively to protect themselves and the country from digital attack, but — more interestingly — they also have a role to play in carrying out cyberattacks, according to two U.S. Navy officials at a recent Washington conference. “There is a — an offensive capability that we are, that we prize very highly,” said Rear Adm. Michael Jabaley, the U.S. Navy’s program executive officer for submarines. “And this is where I Read more

Islamic State hackers have published a “hit list” of U.S. drone pilots

Predator drone at the ready in a hangar

Predator drone at the ready in a hangar


1 May 2016 – From this weekend’s Sunday Times of London:

Islamic State hackers have published a “hit list” of dozens of US military personnel purportedly involved in drone strikes against terrorists in Syria and Iraq.

At the weekend, a group calling itself the ­“Islamic State Hacking Division” circulated online the names, home addresses and photographs of more than 70 US staff, including women. It urged supporters: “Kill them wherever they are, knock on their doors and behead them, stab them, shoot them in the face or bomb them.”

The group also claimed that it might have a mole in Britain’s Ministry of Defence and threatened to publish “secret intellig­ence” in the future that could identify RAF drone operators. The claim could not be verified.

The hacking division was previously led by Junaid Hussain, a computer hacker from Birmingham who was killed by a US drone strike in Syria last August after he was discovered to be orchestrating attacks against the West.

Inquiries made by The Sunday Times suggested that the … Read more

The Super Bowl … the biggest national security event of the year

Super Bowl security


2 February 2016 – Super Bowl 50 will be big in every way. A hundred million people will watch the game on TV. Over the next ten days, 1 million people are expected to descend on the San Francisco Bay Area for the festivities.

And, according to the FBI, 60 federal, state, and local agencies are working together to coordinate surveillance and security at what is the biggest national security event of the year.

Previous year’s Superbowl security measures have included WMD sensors, database-backed facial recognition, and gamma-ray vehicle scanners. Given the fears and cautions in the air about this year’s contest, it’s easy to guess that the scanning and sensing will be even more prevalent this time.… Read more

This just keeps getting better: laid off Disney IT workers scream “RICO!!”



27 January 2016 – So the latest in the laid off Disney IT worker saga. According to ComputerWorld:

“Disney IT workers laid off a year ago this month are now accusing the company and the outsourcing firms it hired of engaging in a ‘conspiracy to displace U.S. workers.’ The allegations are part of two lawsuits filed in federal court in Florida on Monday. Between 200 and 300 Disney IT workers were laid off in January 2015. Some of the workers had to train their foreign replacements — workers on H-1B visas — as a condition of severance. The lawsuits represent what may be a new approach in the attack on the use of H-1B workers to replace U.S. workers.

They allege violations of the Federal Racketeer Influenced and Corrupt Organizations Act (RICO), claiming that the nature of the employment of the H-1B workers was misrepresented, and that Disney and the contractors knew the ultimate intent was to replace U.S. workers with lower paid H-1B workers.”Read more

At how much risk is the U.S.’s critical infrastructure, really?



23 January 2016 – There is growing evidence that intrusions into the power grid and other critical infrastructure by hostile foreign nation states are real and happening. But there’s “much less agreement over how much of a threat hackers are,” writes Taylor Armerding. “On one side are those – some of them top government officials – who have warned that a cyber attack on the nation’s critical infrastructure could be catastrophic,”writes Armerding.

Others are crying FUD, including C. Thomas, a strategist at Tenable Network Security, who got some attention when he argued in an op-ed that the biggest threat to the U.S. power grid not a skilled hacker, but squirrels, are crying FUD.

Who has it right? Agreement seems to coalesce around two points:

1) the cyber security of industrial control systems remains notoriously weak, and

2) hostile hackers will improve their skills over time.

So, while we haven’t reached “catastrophe” yet, a properly motivated terrorist group could become a cyber threat.

 Read more

Preparing countermeasures for terror attacks using drones

Terror drones

13 January 2016 – You can add terrorist-controlled drones to the list of dangers we need to be prepared for, says the Oxford Research Group.

Its new report contains information about over 200 current and upcoming unmanned aerial, ground and marine systems, and evaluates their capabilities for delivering payloads (e.g. explosive devices), imaging capabilities (e.g. for reconnaissance purposes), and their general capabilities. Even though the report notes that commercial drones have a limited flight time, range of movement, and payload capacity, and that their operators still have to be relatively close to a potential target, the researchers are particularly worried about the possibility of drones being used as remotely controlled explosive devices. They say, “The technology of remote-control warfare is impossible to control; the ultimate defense is to address the root drivers of the threat in the first place.”… Read more

The top programming languages that spawn the most security bugs

The Top Programming Languages That Spawn the Most Security Bugs

5 December 2015 –  Veracode has put together a report after static analysis of over 200,000 apps, and its results show that Classic ASP, ColdFusion, and PHP generated the most security bugs in scanned applications. Ignoring the first two, which are almost extinct languages, PHP, used for Drupal, Joomla, and WordPress (which recently announced it runs a quarter of the Internet) is the programming language with the most security woes.… Read more