Archive for March 23, 2017

Wikileaks Does Another CIA Related Info Dump

Posted in Commentary on March 23, 2017 by itnerd

Today, Wikileaks has released “Dark Matter” which is the second information dump meant to highlight the hacking techniques of the CIA. This dump will be of particular interest to Mac users as the documents dumped today claim that the CIA has tools to break into MacBooks and will also survive OS reinstalls. Which implies that they’re firmware based:

Among others, these documents reveal the “Sonic Screwdriver” project which, as explained by the CIA, is a “mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting” allowing an attacker to boot its attack software for example from a USB stick “even when a firmware password is enabled”. The CIA’s “Sonic Screwdriver” infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.

“DarkSeaSkies” is “an implant that persists in the EFI firmware of an Apple MacBook Air computer” and consists of “DarkMatter”, “SeaPea” and “NightSkies”, respectively EFI, kernel-space and user-space implants.

Documents on the “Triton” MacOSX malware, its infector “Dark Mallet” and its EFI-persistent version “DerStake” are also included in this release. While the DerStake1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.

This sounds like an offshoot of the Thunderstrike 2 exploit from a couple of years ago. If so, it should have been patched in OS X 10.10.2. But we’ll have to wait for details to see if that’s true or not.

The other thing that that’s in this info dump is this tidbit that will be of interest to iPhone users:

Also included in this release is the manual for the CIA’s “NightSkies 1.2” a “beacon/loader/implant tool” for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.

This sounds far fetched. Except that it isn’t. Upon reading this, I remembered an Ars Technica article that spoke about this exact scenario. In that case the intelligence agency was the NSA and they were loading software that sounds a lot like what’s being described here onto Cisco gear. Thus it makes what’s being described here plausible.

Expect Apple to come out with a statement on this shortly as this for sure will get their attention and generate a lot of questions that they’ll have to answer.


Guest Post: NordVPN Discusses A Swedish ISP Who Is Being Forced To Hand Over 5,300 IP Address Holders

Posted in Commentary with tags on March 23, 2017 by itnerd

Identities of people behind 5,300 IP addresses will be handed over to a known copyright troll, Patent and Market Court of Sweden has ruled. Their crime? Allegedly downloading and sharing movies, such as London Has Fallen, Criminal and September of Shiraz.

Thousands of households will be affected in this new development, where ISPs are forced by a court order to hand over personal identities of thousands of their subscribers.

Swedish ISP Telia will be the first ISP to give away subscriber names to a legal firm representing film producers, but other ISPs, such as Tele2 and Bredbansbolaget are also being targeted to reveal their user personal information.

In a similar development in Australia a couple of years ago, Dallas Buyers Club movie producers went to court demanding the names of thousands of Australians who supposedly downloaded the movie illegally. While the federal judge first ruled in favour of copyright holders, the ruling was later  overturned due to “excessive demands, unsupported by evidence.”

In Sweden last month, this fight led to the first significant victory for copyright holders, as the Court ruled: “There is probable cause of infringement of copyright in the films in that they were made unlawfully made available to the public via file sharing networks.”

“Online privacy is a very fragile thing,” says Marty P. Kamden, CMO of NordVPN (Virtual Private Network). “When your Internet provider can take your data and give it to court for criminal prosecution, you become identified as a potential criminal. From that moment on, you have no control over your private data, and you don’t know in whose hands it might end up.”

ISPs that give away their subscribers’ data are only one example in the growing trend of online privacy invasion. Governments also require ISPs to give away user data, people are being surveilled online by secret services and tracked by advertisers.

The problem with copyright issues is that they are often abused by copyright trolls, who threaten file sharers with lawsuits. Copyright holders happen to misuse the system and issue demands that are not based on law, for example, by utilizing a legal loophole and requiring settlement fees. For example, one of the most infamous cases of copyright trolling in the U.S. has recently ended when one of Prenda Law attorneys pleaded guilty to federal charges of fraud and money laundering. John Steele and his co-defendant Paul Hansmeier had defrauded Internet users of over $6 million by threatening them with copyright lawsuits.

How Can Internet Users Protect Their Privacy from Copyright Trolling?

If a person uses personal privacy protection tools, such as VPNs, they can no longer be identified as a specific person behind their IP address.

While NordVPN does not support illegal downloading and file sharing, it strongly believes in every person’s right to stay private online.

A VPN service links user ’s computer to a server in a country of their choice via encrypted tunnel – for example, a person can appear to be in the U.S., while they actually are in Sweden, and vice versa, simply by choosing a different VPN server location. NordVPN helps anonymize browsing the Internet with its modern security protocols and no logs policy.

Nest Cameras Vulnerable To Pwnage That Allows Thefts Of Homes

Posted in Commentary with tags on March 23, 2017 by itnerd

If you rely on a Google Nest camera to keep your home safe when you are out and about, you might want to read this story. The cameras have a vulnerability that involves using Bluetooth LE to crash the cameras for anywhere from 60 to 90 seconds. This is due to a problem firmware version 5.2.1. Security Researcher Jason Doyle spotted the problems last year and alerted Nest. However, nothing was done to fix the issue and so Doyle has decided to go public with a proof of concept on GitHub. Meaning that it is now possible for tech savvy thieves to pwn the cameras and then rob you. And if 60 to 90 seconds doesn’t sound like a lot, it is certainly enough time for a smash and grab job.

At the moment there is no fix for this. And there’s no real way to protect yourself. But there is apparently a firmware update on the way that will address this, which I hope comes very quickly before this becomes a real problem.

Apple To Planet Earth: Hackers Are Full Of It

Posted in Commentary with tags on March 23, 2017 by itnerd

In response to a hacker group who wanted to get paid or iCloud users would get hit hard by them, Apple has decided to come out and say something about this threat. They told Fortune there have been no breaches of its systems:

There have not been any breaches in any of Apple’s systems including iCloud and Apple ID,” the spokesperson said. “The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.

The Apple spokesperson went on to say this:

The Apple spokesperson said that Apple is ” actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved. To protect against these type of attacks, we always recommend that users always use strong passwords, not use those same passwords across sites and turn on two-factor authentication.”

That’s good advice that I suggested yesterday which you should still follow. In the meantime, I hope the so called Turkish Crime Family liked its 15 minutes of fame. Because with this statement by Apple, it’s over.