Tuesday, November 1, 2011
FBI says Russian spies got close to Cabinet - Washington Times
Some interesting tid bits about the Russion spy ring break up last year:
[snip]-- a key break in the case developed in the mid-2000s after the FBI was able to decipher coded electronic communications between Moscow and the deep-cover spies. The communications were used to unravel the network, ending the FBI probe that began more than a decade ago.
Breaking the electronic codes used by the “illegals,” as the Moscow spies are called, was a milestone in the case that allowed FBI agents to pose as the spies’ handlers and identify the spies.
“Ultimately, at the end of the case, we were able to become the Russians,” Mr. Figliuzzi said. “The point where we decrypted the communications allows us to basically own the network.”
Full story at the Washington Times: FBI says Russian spies got close to Cabinet - Washington Times
Friday, September 23, 2011
From the man who discovered Stuxnet, dire warnings one year later
Stuxnet, the cyberweapon that attacked and damaged an Iranian nuclear facility, has opened a Pandora's box of cyberwar, says the man who uncovered it. A Q&A about the potential threats.
Continued at Christian Science Monitor....
Tuesday, August 2, 2011
Operation Shady RAT
Operation Shady RAT - "Operation Shady rat ranks with Operation Aurora (the attack on Google and many other companies in 2010) as among the most significant and potentially damaging acts of cyber-espionage yet made public. Operation Shady rat has been stealing valuable intellectual property (including government secrets, e-mail archives, legal contracts, negotiation plans for business activities, and design schematics) from more than 70 public- and private-sector organizations in 14 countries. The list of victims, which ranges from national governments to global corporations to tiny nonprofits, demonstrates with unprecedented clarity the universal scope of cyber-espionage and the vulnerability of organizations in almost every category imaginable." - Vanity Fair
Original Story: Operation Shady RAT - Vanity Fair
(update) McAfee Labs Blog: Revealed Operation Shady RAT
(update) McAfee Operation Shady RAT report (pdf)
Original Story: Operation Shady RAT - Vanity Fair
(update) McAfee Labs Blog: Revealed Operation Shady RAT
(update) McAfee Operation Shady RAT report (pdf)
Thursday, July 28, 2011
MoonSols BlackMoon Memory Analyst
So I got lucky enough to take a look at the memory analysis tool being developed by MoonSols called BlackMoon Memory Analyst. Currently the tool is in Beta, but already it is looking to be a pretty solid memory analysis tool.
I can only compare it to the tools I have used such as: ResponderPro, Memoryze/Auditviewer, limited exposure to Volatility, and have worked with the fairly new Redline. From the current looks of things BlackMoon Memory Analyst will be real nice option to take a look at when you are evaluating what you want to use.
It has a nice clean interface and navigating it is pretty easy. I did have some issues navigating or finding things, but that could be primarily because I am slow. The tool is still in Beta so there are still some kinks in my testing. I am learning some of the functionality without reading the manual (bah! who needs a manual) so you have to take that into consideration... :) If you've done memory analysis before though, it isn't very hard to find what you are looking for.
When initially opening it you get the choice of opening a raw memory dump, hibernation file, or Microsoft crash dump. It has a report function that dumps out to .xml format so it should be digestible by a whole host of systems you may be able to use for IOC analysis across the enterpise.
Just some screen shots:
As a side note: MoonSols recently released their quick and easy DumpIt memory tool. It is fast!! Check it out here: http://www.moonsols.com/2011/07/18/moonsols-dumpit-goes-mainstream/
I can only compare it to the tools I have used such as: ResponderPro, Memoryze/Auditviewer, limited exposure to Volatility, and have worked with the fairly new Redline. From the current looks of things BlackMoon Memory Analyst will be real nice option to take a look at when you are evaluating what you want to use.
It has a nice clean interface and navigating it is pretty easy. I did have some issues navigating or finding things, but that could be primarily because I am slow. The tool is still in Beta so there are still some kinks in my testing. I am learning some of the functionality without reading the manual (bah! who needs a manual) so you have to take that into consideration... :) If you've done memory analysis before though, it isn't very hard to find what you are looking for.
When initially opening it you get the choice of opening a raw memory dump, hibernation file, or Microsoft crash dump. It has a report function that dumps out to .xml format so it should be digestible by a whole host of systems you may be able to use for IOC analysis across the enterpise.
Just some screen shots:
As a side note: MoonSols recently released their quick and easy DumpIt memory tool. It is fast!! Check it out here: http://www.moonsols.com/2011/07/18/moonsols-dumpit-goes-mainstream/
Monday, June 13, 2011
Internet in a Suitcase
Interesting read about how the U.S. is funding secret internet access for communications in and out of countries when their governments shut the internet down.
U.S. Funding Secret Internet Access for Dissidents Abroad
My favorite is a picture of the "Internet in a Suitcase"....
U.S. Funding Secret Internet Access for Dissidents Abroad
My favorite is a picture of the "Internet in a Suitcase"....
Sunday, June 12, 2011
Hacked - Next Up: IMF
Reports that the International Monetary Fund (IMF) was breached. This story though has mentions of "nation state" ....... Any guesses on where the that software might have come from?
IMF hit by '"very major" cyber security attack
Source: BBC
IMF hit by '"very major" cyber security attack
Source: BBC
Thursday, June 9, 2011
Computer tech tricked women into taking laptops into bathroom - AP
What were these people thinking? Well they're Mac users afterall... :) You can't make this stuff up.
Fullerton, Calif. • A Southern California computer repairman suspected of installing spyware on laptops that enabled him to snap and download photographs of women showering and undressing in their homes was arrested Wednesday at his home, police said.
Police began investigating when a Fullerton resident complained about suspicious messages appearing on his daughter’s computer last year. Trevor Harwell installed software that took control of computer webcams on his clients’ Mac laptops, Fullerton police Sgt. Andrew Goodrich said. He was released later Wednesday after posting $50,000 bond, Goodrich said.
The software sent fake error messages telling users to “fix their internal sensor soon,” and “try putting your laptop near hot steam for several minutes to clean the sensor,” Goodrich said.
The error message prompted some victims to take their laptops into the bathroom with them when they showered, he said.
Original Story Link
Subscribe to:
Posts (Atom)