1932: Polish Cipher Bureau Success!

1 December 1932: Polish Cipher Bureau first solved ENIGMA message. (Read an article in our Cryptologic Bytes Archives about Poland’s Overlooked Enigma Codebreakers.”)

Polish mathematicians from the University of Poznan (from left): Marian Rejewski, Jerzy Rozycki, and Henryk Zygalski broke the Enigma code, the most important encryption machine used by Nazi Germany. The success of the Polish cryptologists from the Cryptology Bureau enabled the British to read encrypted German correspondences during World War II, contributing to the wartime success of the allies.

In 1928, when the German military began using the cipher machine, Enigma, the Polish Cipher Bureau began its efforts to break it. They hired the three mathematicians in 1932 to do just that! The team worked for months to determine the wiring of the rotors. Using a mathematical equation and key lists acquired from a German traitor, they determined the three rotors’ internal wiring. They discovered three ways of deciphering Enigma readings. The Polish team then exploited some of the Germans’ standardized methods and successfully read many of the encrypted messages. They read the first one on December 1, 1932. They were in business…at least for a time…Seven years later, just before war broke out, the Poles handed over their knowledge of the Enigma codes, as well as Polish-built replicas of the machines, to British and French Intelligence officers near Warsaw.

The government official said that in recognition of the trio’s efforts, the upper house of Poland’s parliament has passed a resolution in their honor to ‘restore justice’. The resolution reads: ‘In both popular literature and official information, the public was told that the breaking of the Enigma codes was due to the work of the British Intelligence services to the complete omission of the work of Polish scientists.’

Source: National Cryptologic Foundation


Poland’s Overlooked Enigma Codebreakers

Posted on 07/08/2014

Poland’s Overlooked Enigma Codebreakers

By Gordon Corera
BBC News, Warsaw
4 July 2014
Read the article and see more photos online HERE.

The first breakthrough in the battle to crack Nazi Germany’s Enigma code was made not in Bletchley Park but in Warsaw. The debt owed by British wartime codebreakers to their Polish colleagues was acknowledged this week at a quiet gathering of spy chiefs. Continue reading “1932: Polish Cipher Bureau Success!”

The top 10 worst ransomware attacks of 2017

Ransomware continues to dominate the cybersecurity landscape in 2017, with businesses large and small paying millions of dollars to unlock encrypted files. These attacks appeared in 64% of all malicious emails sent in Q3, and with major successful campaigns such as NotPetya and WannaCry, show no signs of slowing down, according to a new report from security firm Webroot, released Tuesday.

“This past year was unlike anything we’ve ever seen,” David Dufour, vice president of engineering and cybersecurity at Webroot, said in a press release. “Attacks such as NotPetya and WannaCry were hijacking computers worldwide and spreading new infections through tried-and-true methods. This list is further evidence that cybercriminals will continue to exploit the same vulnerabilities in increasingly malicious ways. Although headlines have helped educate users on the devastating effects of ransomware, businesses and consumers need to follow basic cybersecurity standards to protect themselves.”

Here are the top 10 worst ransomware attacks of 2017 so far, according to Webroot:

1. NotPetyaNotPetya started as a fake Ukranian tax software update, and went on to infect hundreds of thousands of computers in more than 100 countries over the course of just a few days. This ransomware is a variant of Petya, but uses the same exploit behind WannaCry. It hit a number of firms in the US and caused major financial damage: For example, the attack cost pharmaceutical giant Merck more than $300 million in Q3 alone, and is on track to hit that amount again in Q4.

Source: The top 10 worst ransomware attacks of 2017, so far – TechRepublic

Time’s Running Out to Prevent a Massive Cyberattack on Critical Infrastructure

U.S. infrastructure is in “a pre-9/11 moment” when it comes to cybersecurity and time is running short to shore up its cyber defenses, an industry advisory committee warned Tuesday.

If government and industry don’t dramatically boost their efforts to protect critical infrastructure, such as the financial system or electric grids, they risk missing a “narrow and fleeting window of opportunity before a watershed, 9/11-level cyberattack,” according to a report approved by the Homeland Security Department’s National Infrastructure Advisory Council.

Continue reading “Time’s Running Out to Prevent a Massive Cyberattack on Critical Infrastructure”

Experts Warn Too Often AWS S3 Buckets Are Misconfigured, Leak Data

A rash of misconfigured Amazon Web Services storage servers leaking data to the internet have plagued companies recently. Earlier this week, data belonging to anywhere between six million and 14 million Verizon customers were left on an unprotected server belonging to a partner of the telecommunications firm. Last week, wrestling giant World Wide Entertainment accidentally exposed personal data of three million fans. In both cases, it was reported that data was stored on AWS S3 storage buckets.

Source: Experts Warn Too Often AWS S3 Buckets Are Misconfigured, Leak Data | Threatpost | The first stop for security news

SEAKER presentation at CI on August 7 at 6pm in DEL NORTE 1530

seaker

“Storage Evaluator And Knowledge Extraction Reader”

On Monday August 7, at 6pm, in DEL NORTE 1530, the COMP 524 (Cybersecurity) students will present their final project, a technical solution for the SoCal High Technology Task Force in Ventura. This project implements a digital forensic tool with strict performance requirements.

You are cordially invited to attend; the presentation will take about two hours, and there will be snacks (Short link to this post: https://wp.me/p7D4ee-FJ).

Ransomware Attack Sweeps Globe

A major global cyber-attack disrupted computers at Russia’s biggest oil company, Ukrainian banks and multinational firms with a virus similar to the ransomware that infected more than 300,000 computers last month.

The rapidly spreading cyber extortion campaign, which began on Tuesday, underscored growing concerns that businesses have failed to secure their networks from increasingly aggressive hackers, who have shown they are capable of shutting down critical infrastructure and crippling corporate and government networks.

Source: Ransomware Attack Sweeps Globe, Researchers See WannaCry Link | Technology News

Global ransomware attack causes chaos – BBC News

Companies across the globe are reporting that they have been struck by a major ransomware cyber-attack.British advertising agency WPP is among those to say its IT systems have been disrupted as a consequence.

Ukrainian firms, including the state power distributor and Kiev’s main airport were among the first to report issues.

Experts suggest the malware is taking advantage of the same weaknesses used by the Wannacry attack last month.

Source: Global ransomware attack causes chaos – BBC News

Personal details of nearly 200 million US citizens exposed

From: http://www.bbc.com/news/technology-40331215

Sensitive personal details relating to almost 200 million US citizens have been accidentally exposed by a marketing firm contracted by the Republican National Committee.

The 1.1 terabytes of data includes birthdates, home addresses, telephone numbers and political views of nearly 62% of the entire US population.

The data was available on a publicly accessible Amazon cloud server.

Anyone could access the data as long as they had a link to it.

Political biases exposed

The huge cache of data was discovered last week by Chris Vickery, a cyber-risk analyst with security firm UpGuard. The information seems to have been collected from a wide range of sources – from posts on controversial banned threads on the social network Reddit, to committees that raised funds for the Republican Party.

The information was stored in spreadsheets uploaded to a server owned by Deep Root Analytics. It had last been updated in January when President Donald Trump was inaugurated and had been online for an unknown period of time.

“We take full responsibility for this situation. Based on the information we have gathered thus far, we do not believe that our systems have been hacked,” Deep Root Analytics’ founder Alex Lundry told technology website Gizmodo.

“Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access.”

Apart from personal details, the data also contained citizens’ suspected religious affiliations, ethnicities and political biases, such as where they stood on controversial topics like gun control, the right to abortion and stem cell research.

The file names and directories indicated that the data was meant to be used by influential Republican political organisations. The idea was to try to create a profile on as many voters as possible using all available data, so some of the fields in the spreadsheets were left left empty if an answer could not be found.

“That such an enormous national database could be created and hosted online, missing even the simplest of protections against the data being publicly accessible, is troubling,” Dan O’Sullivan wrote in a blog post on Upguard’s website.

“The ability to collect such information and store it insecurely further calls into question the responsibilities owed by private corporations and political campaigns to those citizens targeted by increasingly high-powered data analytics operations.”

Privacy concerns

Although it is known that political parties routinely gather data on voters, this is the largest breach of electoral data in the US to date and privacy experts are concerned about the sheer scale of the data gathered.

“This is deeply troubling. This is not just sensitive, it’s intimate information, predictions about people’s behaviour, opinions and beliefs that people have never decided to disclose to anyone,” Privacy International’s policy officer Frederike Kaltheuner told the BBC News website.

However, the issue of data collection and using computer models to predict voter behaviour is not just limited to marketing firms – Privacy International says that the entire online advertising ecosystem operates in the same way.

“It is a threat to the way democracy works. The GOP [Republican Party] relied on publicly-collected, commercially-provided information. Nobody would have realised that the data they entrusted to one organisation would end up in a database used to target them politically.

“You should be in charge of what is happening to your data, who can use it and for what purposes,” Ms Kaltheuner added.

There are fears that leaked data can easily be used for nefarious purposes, from identity fraud to harassment of people under protection orders, or to intimidate people who hold an opposing political view.

“The potential for this type of data being made available publicly and on the dark web is extremely high,” Paul Fletcher, a cyber-security evangelist at security firm Alert Logic told the BBC.

Crash Override Malware Took Down Ukraine’s Power Grid Last December

AT MIDNIGHT, A week before last Christmas, hackers struck an electric transmission station north of the city of Kiev, blacking out a portion of the Ukrainian capital equivalent to a fifth of its total power capacity. The outage lasted about an hour—hardly a catastrophe. But now, cybersecurity researchers have found disturbing evidence that the blackout may have only been a dry run. The hackers appear to have been testing the most evolved specimen of grid-sabotaging malware ever observed in the wild.

Cybersecurity firms ESET and Dragos Inc. plan today to release detailed analyses of a piece of malware used to attack the Ukrainian electric utility Ukrenergo seven months ago, what they say represents a dangerous advancement in critical infrastructure hacking. The researchers describe that malware, which they’ve alternately named “Industroyer” or “Crash Override,” as only the second-ever known case of malicious code purpose-built to disrupt physical systems. The first, Stuxnet, was used by the US and Israel to destroy centrifuges in an Iranian nuclear enrichment facility in 2009.

The researchers say this new malware can automate mass power outages, like the one in Ukraine’s capital, and includes swappable, plug-in components that could allow it to be adapted to different electric utilities, easily reused, or even launched simultaneously across multiple targets. They argue that those features suggest Crash Override could inflict outages far more widespread and longer lasting than the Kiev blackout.

 

Source: Crash Override Malware Took Down Ukraine’s Power Grid Last December | WIRED

WikiLeaks Dumps CIA Patient Zero Windows Implant

WikiLeaks Dumps CIA Patient Zero Windows Implant

WikiLeaks on Thursday made public a CIA implant that is used to turn a Windows file server into a malware distribution point on the local network.

The documents describing the tool, Pandemic, explain how remote machines on the local network trying to download and-or execute documents from the file server over SMB are infected with “replacement” documents on the fly. The implant swaps out the document with a Trojanized version while it’s in transit, never touching the original document on the file server.

The documentation that was leaked yesterday spans from January 2014 to April 2014 and is for versions 1.0 and 1.1.

The leaks are just the latest CIA tools to be dumped on the internet by the polarizing whistleblower outfit, which has for every Friday since March—save last week—put CIA documents and attacks online for public consumption.

In between are the ShadowBrokers pouring more gasoline on this information-based firestorm promising monthly leaks of not only NSA-built exploits targeting browsers, handsets and Windows 10 computers, but also stolen data allegedly from China, Iran, Russia and North Korea’s nuclear and missile programs.

The ShadowBrokers have already leaked their share of Windows-based exploits and vulnerabilities, the most worrisome being an April disclosure of SMB flaws and attacks that had been patched by Microsoft in March after it was allegedly tipped off by the NSA. One of those SMB exploits, EternalBlue, was of course used to launch and spread the WannaCry ransomware attacks three weeks ago today.

The ShadowBrokers also had their turn in the spotlight this week announcing a pricing structure and delivery schedule for its so-called Monthly Dump Service.

The Pandemic leak does not explain what the CIA’s initial infection vector is, but does describe it as a persistent implant.

“As the name suggests, a single computer on a local network with shared drives that is infected with the ‘Pandemic’ implant will act like a ‘Patient Zero’ in the spread of a disease,” WikiLeaks said in its summary description. “‘Pandemic’ targets remote users by replacing application code on-the-fly with a Trojaned version if the program is retrieved from the infected machine.”

The key to evading detection is its ability to modify or replace requested files in transit, hiding its activity by never touching the original file. The new attack then executes only on the machine requesting the file.

Version 1.1 of Pandemic, according to the CIA’s documentation, can target and replace up to 20 different files with a maximum size of 800MB for a single replacement file.

“It will infect remote computers if the user executes programs stored on the pandemic file server,” WikiLeaks said. “Although not explicitly stated in the documents, it seems technically feasible that remote computers that provide file shares themselves become new pandemic file servers on the local network to reach new targets.”

The CIA describes Pandemic as a tool that runs as kernel shellcode that installs a file system filter driver. The driver is used to replace a file with a payload when a user on the local network accesses the file over SMB.

“The goal of Pandemic is to be installed on a machine where the remote users use SMB to download/execute PE (portable executable) files,” the documentation says. “Users that are targeted by Pandemic, and use SMB to download the targeted file, will receive the ‘replacement’ file.”

Source: WikiLeaks Dumps CIA Patient Zero Windows Implant | Threatpost | The first stop for security news