The Federal Bureau of Investigation (FBI) has issued a warning about the Syrian Electronic Army (SEA), the pro-Assad hacker group that has become adept at spearphishing attacks and Twitter account takeovers.
The warning is in a memo and comes to us via the security blog belonging to Matthew Keys.
Keys has reproduced the memo and shared it on Scribd. The document says that the SEA has been around since 2011 and has compromised a number of high profile media outlets.
It warns of attack methods that include spearphishing, DNS attacks and web defacements, and it reminds us that the SEA posted a story about US President Obama to the Associated Press.
“Please maintain heightened awareness of your network traffic and take appropriate steps to maintain your network security,” said the FBI memo. “If you detect anomalous or malicious traffic or network behavior, please contact your local FBI Cyber Task Force.”
The SEA acknowledged the FBI’s attention on its Twitter feed. It appeared unmoved by the glare of law enforcement publicity.
It has long played a game of whack-a-mole with websites like Facebook and Twitter, both of which regularly force it to change accounts. According to the SEA the group is on its 225th Facebook account.
It publishes details of its takeovers through these accounts, and on it’s own homepage, a Pinterest webpage and an Instagram account.
As well as hacking into media websites the hacker group has also struck mobile apps, DNS systems and the Australian web hosting business Melbourne IT. Doing all this has helped it to break onto the webpages of news media outfits like the Huffington Post, the BBC and Reuters.
The Federal Bureau of Investigation (FBI) has been accused of gathering data from the anonymous network known as TOR.
The FBI might be behind a security assault on the TOR network that grabs users’ information.
Security researcher Vlad Tsyrklevich said that the attack is a strange one and is most likely the work of the authorities.
“[It] doesn’t download a backdoor or execute any other commands, this is definitely law enforcement,” he said in a tweet about the discovery.
He went a bit further in a blog post, explaining that the Firefox vulnerability is being used to send data in one direction.
“Briefly, this payload connects to 18.104.22.168:80 and sends it an HTTP request that includes the host name (via gethostname()) and the MAC address of the local host (via calling SendARP on gethostbyname()->h_addr_list). After that it cleans up the state and appears to deliberately crash,” he added.
“Because this payload does not download or execute any secondary backdoor or commands it’s very likely that this is being operated by an LEA and not by blackhats.”
The bug is listed at Mozilla, and the firm has a blog post saying that it is looking into it.
Over the weekend a blog post appeared on the TOR website that sought to distant it from a number of closed down properties or hidden websites. It is thought that the shuttered websites, which were hosted by an outfit called Freedom Hosting, were home to the worst kind of abuses.
A report at the Irish Examiner said that a chap called Eric Eoin Marques is the subject of a US extradition request. He is accused of being in charge of Freedom Hosting.
“Around midnight on August 4th we were notified by a few people that a large number of hidden service addresses have disappeared from the TOR Network,” the TOR project said.
“The person, or persons, who run Freedom Hosting are in no way affiliated or connected to The TOR Project, Inc., the organization coordinating the development of the TOR software and research.”
Now a US security expert says he has identified ways to remotely attack high-end surveillance cameras used by industrial plants, prisons, banks and the military. Craig Heffner, said he discovered the previously unreported bugs in digital video surveillance equipment from firms including Cisco, D-Link and TRENDnet.
They could use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems. Heffner said that it was a significant threat as somebody could potentially access a camera and view it. Or they could also use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems.
He will show how to exploit these bugs at the Black Hat hacking conference, which starts on July 31 in Las Vegas. Heffner said he has discovered hundreds of thousands of surveillance cameras that can be accessed via the public internet.
A former FBI counter-terrorism agent Tim Clemente appeared on CNN to claim that most of the great unwashed did not know the real capabilities and behavior of the US surveillance state. The comments stem out of anonymous government officials claiming that they are now focused on telephone calls between one of the Boston Bombers and his wife to see if she had prior knowledge of the plot or participated in any way.
The only problem with that was that if the calls were already made, how could the FBI listen to them. Tim Clemente, a former FBI counter-terrorism agent was asked about whether the FBI would be able to discover the contents of past telephone conversations between the two. He quite clearly insisted that they could.
He said that there were ways in national security investigations to find out exactly what was said in that conversation. It’s not necessarily something that the FBI is going to want to present in court, but it may help lead the investigation and/or lead to questioning of her. We certainly can find that out. He said that all of that stuff is being captured as we speak whether people know it or like it or not.
EPIC already tried to get access twice last September, and now it is trying again. It said that it has sent repeated freedom of information act requests regarding the database, and that the FBI has failed to respond. Now it has filed a lawsuit for access (PDF).
It warned that the Next Generation Identification system (NGI) is a massive database that “when completed, [will] be the largest biometric database in the world”.
The NGI will use CCTV systems and facial recognition, and it includes DNA profiles, iris scans, palm prints, voice identification profiles, photographs, and other “identifying information”.
The FBI has an information page about the NGI, and there it said that photographs of tattoos are also included and that the system is designed to speed up suspect detection and response times.
“The NGI system will offer state-of-the-art biometric identification services and provide a flexible framework of core capabilities that will serve as a platform for multimodal functionality,” it said.
“The NGI Program Office mission is to reduce terrorist and criminal activities by improving and expanding biometric identification and criminal history information services through research, evaluation, and implementation of advanced technology”.
In its lawsuit EPIC said that the NGI database will be used for non law enforcement purposes and will be made available to “private entities”.
EPIC said that it has asked the FBI to provide information including “contracts with commercial entities and technical specifications”.
It said that so far it has received no information from the FBI in response to its requests.
In a move that’s will most likely cause alarm with privacy advocates, the FBI has begun searching for a tool that will allow it to gather and mine data from social networks like Facebook, Twitter and blogs.
The goal is to use the tool to keep on top of breaking events, incidents and emerging threats, the agency said in a recent Request for Information (RFI) from IT vendors.
The FBI said it’s seeking a “secure, lightweight web application portal using mashup technology.”
According to the RFI document, “The application must have the ability to rapidly assemble critical open source information and intelligence that will allow [the FBI's Strategic Information and Operations Center] to quickly vet, identity and geo-locate” potential threats to the U.S.
The FBI said the tool must have the ability to automatically search and scrape data off social networking and news sites based on specific queries. It must also be able to display alerts on geo-spatial maps and give users the ability to quickly summarize the “who, what, when, where and why” of specific threats and incidents.
The FBI hopes to use information posted on social networks to detect specific and credible threats, locate those organizing and taking part in dangerous gatherings and predict upcoming events, the FBI said.
“Social media will be a valued source of information to the SIOC intelligence analyst in a crisis because it will be both eyewitness and first response to the crisis,” the RFI said.
It noted that social media networks have been trumping police, firefighters and new media when it comes to communicating news of developing incidents and protests.
An FBI spokesman said the proposed system will be used only to monitor publicly available information, and won’t be used to focus on specific individuals or groups, according to an Associated Press report.
At a time when technology is supposed to be getting simpler, less complex and easier to manage, more people are calling help desks for assistance than ever before, according to a new report. That’s one of the findings that HDI, formerly known as the Help Desk Institute, revealed in its recently released 2010 study of help desk trends.
What HDI found is that the number of incidents reported to help desks via chat, e-mail, telephone, self-help systems, social media, the Web and walk-ins is rising, with 67% of all help desk operations experiencing increases in 2010. That’s roughly the same percentage who reported an increase in 2009.
In recent years, many organizations have moved to centralize their help desk operations and establish a single point of contact for workers, said Roy Atkinson, an analyst at HDI, whose members represent a help desk community of about 50,000 people.
Those centralization efforts have improved incident data collection, which helps to explain the spike in reports. Moreover, creating a single point of contact, and offering multiple ways for people to reach the help desk, encourages users to seek assistance, Atkinson said.
While centralization and better record-keeping may explain much of the increase in reported calls, it doesn’t completely explain it. Atkinson said another part of the explanation could be the fact that IT complexity is actually increasing, especially as users seek to connect multiple devices, including mobile phones, tablets and laptops to corporate networks.
“There is the trend to being able to work anywhere and anytime,” Atkinson said. And that “requires more support, so the environment as a whole is probably more complex.”
Earl Begley, who heads HDI’s desktop advisory board and is an IT project manager at the University of Kentucky, said incident volumes for the university’s healthcare help desk, which serves the UK hospital, have increased by 15% to 20% a year. Part of this increase can be attributed to the use of new technology in the healthcare industry, he said.
The increasing call volume at the university keeps the staff busy, said Begley, adding that “it is frustrating, because they see the same problems occurring over and over again.”
Technologies that could reduce help desk support demand include things like desktop or application virtualization, where an application can be accessed via a browser. And increasing use of voice-over-IP (VoIP) technology reduces the time it takes support phone systems.
For those organizations reporting an increase in help desk calls, about 41% attributed the uptick to infrastructure or product changes, upgrades or conversions; 26% cited expanded service offerings by the support center; and 22.5% said they have more customers, according to the HDI study.
The increase in the number of help desk support requests is happening at the same time IT managers are cutting money spent on supporting help desks, according to another new study that was released recently by Computer Economics.
In its survey of IT organizations, the IT research firm found that help desk employees now represent about 6% of the total IT staff, after accounting for about 6.9% of the average IT staff for the past several years.
The report said that this decrease “represents a relatively substantial dip and indicates that providing high-quality support to users assumed a lower priority amid the wave of operational budget-cutting and staff reductions that accompanied the official end of the recession.”