FBI says Russian spies got close to Cabinet - Washington Times

Some interesting tid bits about the Russion spy ring break up last year:

[snip]-- a key break in the case developed in the mid-2000s after the FBI was able to decipher coded electronic communications between Moscow and the deep-cover spies. The communications were used to unravel the network, ending the FBI probe that began more than a decade ago.
Breaking the electronic codes used by the “illegals,” as the Moscow spies are called, was a milestone in the case that allowed FBI agents to pose as the spies’ handlers and identify the spies.
“Ultimately, at the end of the case, we were able to become the Russians,” Mr. Figliuzzi said. “The point where we decrypted the communications allows us to basically own the network.”

Full story at the Washington Times: FBI says Russian spies got close to Cabinet - Washington Times

From the man who discovered Stuxnet, dire warnings one year later

Stuxnet, the cyberweapon that attacked and damaged an Iranian nuclear facility, has opened a Pandora's box of cyberwar, says the man who uncovered it. A Q&A about the potential threats.

Continued at  Christian Science Monitor....

Operation Shady RAT

Operation Shady RAT - "Operation Shady rat ranks with Operation Aurora (the attack on Google and many other companies in 2010) as among the most significant and potentially damaging acts of cyber-espionage yet made public. Operation Shady rat has been stealing valuable intellectual property (including government secrets, e-mail archives, legal contracts, negotiation plans for business activities, and design schematics) from more than 70 public- and private-sector organizations in 14 countries. The list of victims, which ranges from national governments to global corporations to tiny nonprofits, demonstrates with unprecedented clarity the universal scope of cyber-espionage and the vulnerability of organizations in almost every category imaginable." - Vanity Fair

Original Story: Operation Shady RAT - Vanity Fair

(update) McAfee Labs Blog: Revealed Operation Shady RAT

(update) McAfee Operation Shady RAT report (pdf)

MoonSols BlackMoon Memory Analyst

So I got lucky enough to take a look at the memory analysis tool being developed by MoonSols called BlackMoon Memory Analyst.  Currently the tool is in Beta, but already it is looking to be a pretty solid memory analysis tool.

I can only compare it to the tools I have used such as: ResponderPro, Memoryze/Auditviewer, limited exposure to Volatility, and have worked with the fairly new Redline.  From the current looks of things BlackMoon Memory Analyst will be real nice option to take a look at when you are evaluating what you want to use.

It has a nice clean interface and navigating it is pretty easy.  I did have some issues navigating or finding things, but that could be primarily because I am slow. The tool is still in Beta so there are still some kinks in my testing. I am learning some of the functionality without reading the manual (bah! who needs a manual) so you have to take that into consideration... :)  If you've done memory analysis before though, it isn't very hard to find what you are looking for.

When initially opening it you get the choice of opening a raw memory dump, hibernation file, or Microsoft crash dump.  It has a report function that dumps out to .xml format so it should be digestible by a whole host of systems you may be able to use for IOC analysis across the enterpise.

Just some screen shots:

As a side note: MoonSols recently released their quick and easy DumpIt memory tool.  It is fast!! Check it out here: http://www.moonsols.com/2011/07/18/moonsols-dumpit-goes-mainstream/

Internet in a Suitcase

Interesting read about how the U.S. is funding secret internet access for communications in and out of countries when their governments shut the internet down.

U.S. Funding Secret Internet Access for Dissidents Abroad

My favorite is a picture of the "Internet in a Suitcase"....

Hacked - Next Up: IMF

 Reports that the International Monetary Fund (IMF) was breached.  This story though has mentions of "nation state" .......  Any guesses on where the that software might have come from?

IMF hit by '"very major" cyber security attack
Source: BBC

Computer tech tricked women into taking laptops into bathroom - AP

What were these people thinking?  Well they're Mac users afterall... :)  You can't make this stuff up.

Fullerton, Calif. • A Southern California computer repairman suspected of installing spyware on laptops that enabled him to snap and download photographs of women showering and undressing in their homes was arrested Wednesday at his home, police said.

Police began investigating when a Fullerton resident complained about suspicious messages appearing on his daughter’s computer last year. Trevor Harwell installed software that took control of computer webcams on his clients’ Mac laptops, Fullerton police Sgt. Andrew Goodrich said. He was released later Wednesday after posting $50,000 bond, Goodrich said.

The software sent fake error messages telling users to “fix their internal sensor soon,” and “try putting your laptop near hot steam for several minutes to clean the sensor,” Goodrich said.

The error message prompted some victims to take their laptops into the bathroom with them when they showered, he said.

Original Story Link

LulzSec Compromises Infragard

Appears that LulzSec compromised the Atlanta Chapter of Infragard's site...

LulzSec Infragard Hack

Chinese Hacker Cracks Hundreds of Gmail Accounts of U.S. & Asia : The Hacker News

From: The Hacker News

Google spilled the details on Wednesday via its official blog:
Through the strength of our cloud-based security and abuse detection systems*, we recently     uncovered a campaign to collect user passwords, likely through phishing. This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists.
The goal of this effort seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings.


Chinese Hacker Cracks Hundreds of Gmail Accounts of U.S. & Asia : The Hacker News

Memory Analysis Tools Developments

I've been a user of ResponderPro...and have used the open-source tools as well such as Volatility, Memoryze, etc...but ResponderPro really just has features and capability that make it a great tool. It saves me a lot of time and effort. It is expensive though.

However, recently HBGary released Responder CE, a community version of their paid-for Responder products. That is good news.  I haven't had the time to test it, but it may be just the thing you need to start analyzing memory in an efficient manner without some of the hiccups or issues with other tools.

This post though is actually more about the new release of Mandian Redline. Mandiant released Redline 1.0 and this looks like another great tool to use when analyzing memory.  I did get to play with a bit and it appears to be a solid tool; I will be testing it some more against some memory dumps alongside Responder to put it through it's paces.  Really like the fact I can use FDpro dumps I already have.  So far I've been really impressed.

Screenshot below of a friendly remnant of Zeus....

 

A Declaration of Cyber-War - Vanity Fair

Awesome writeup about the Stuxnet event.  It reads like a story more than like an article....

A Declaration of Cyber-War - Vanity Fair

Last summer, the world’s top software-security experts were panicked by the discovery of a drone-like computer virus, radically different from and far more sophisticated than any they’d seen. The race was on to figure out its payload, its purpose, and who was behind it. As the world now knows, the Stuxnet worm appears to have attacked Iran’s nuclear program. And, as Michael Joseph Gross reports, while its source remains something of a mystery, Stuxnet is the new face of 21st-century warfare: invisible, anonymous, and devastating.

Stuxnet from Israel/US?

According to the New York Times, Stuxnet was tested/developed in Israel. There was cooperation between other nations in it's development as well.

Israel Tests on Worm Called Crucial in Iran Nuclear Delay

If true, not all that surprising. 

National Internet ID?

Get ready...here it comes...

From: Engadget.com

Obama administration moves forward with unique internet ID for all Americans, Commerce Department to head system up

"President Obama has signaled that he will give the United States Commerce Department the authority over a proposed national cybersecurity measure that would involve giving each American a unique online identity."

Quite the debate will ensue. Privacy...Security...