SMALL WARS COUNCIL
Go Back   Small Wars Council > Small Wars Participants & Stakeholders > Media, Information & Cyber Warriors

Media, Information & Cyber Warriors Getting the story, dealing with those who do, and operating in the information & cyber domains. Not the news itself, that's here.

Reply
 
Thread Tools Display Modes
Old 06-20-2017   #81
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,749
Default

South Korean hosting co. pays $1m ransom to end eight-day outage
Criminals were talked down from 4.4M USDs...


https://www.theregister.co.uk/2017/0...a_pays_ransom/

Last edited by OUTLAW 09; 06-20-2017 at 07:54 AM.
OUTLAW 09 is offline   Reply With Quote
Old 06-21-2017   #82
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,749
Default

Honda halts Japan car plant after WannaCry virus hits computer network
http://reut.rs/2sU6jvK
OUTLAW 09 is offline   Reply With Quote
Old 06-22-2017   #83
flagg
Council Member
 
Join Date: Dec 2009
Posts: 87
Default

Nuclear war fears had a public component of "duck and cover".

Cyber war fears should have a public component of "patch and update".

Here in NZ, due to our recent and serious seismic activity, we've had a national resilience campaign for personal preparation in case of a future disaster.

I believe strongly that we are well past the point where we should be conducting national continuous "patch and update" campaigns, to the point of aggressive nudging behaviour in perpetual pursuit of herd device immunity.

"Loose lips sink ships" for the age of interconnectivity.
flagg is offline   Reply With Quote
Old 06-22-2017   #84
flagg
Council Member
 
Join Date: Dec 2009
Posts: 87
Default

Quantum entanglement as a means of potential cyber/coms resilience:

https://www.scientificamerican.com/a...ntum-internet/

I knew quantum computing would be an eventual game changer with even recent 1024 bit encryption, but was unaware of quantum entanglement being used as a potential tool to defend against hacking and cracking.

It's way over my head, but Moore's Law continues on its 52 year relentless journey.
flagg is offline   Reply With Quote
Old 06-22-2017   #85
flagg
Council Member
 
Join Date: Dec 2009
Posts: 87
Default

A cyber attack the world isn't ready for

https://www.nytimes.com/2017/06/22/t...erweapons.html

Wannacry is the focus, but Doublepulsar backdoor may be a bigger threat
flagg is offline   Reply With Quote
Old 06-25-2017   #86
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,749
Default

BTW...while the US Congress approved 200M USDs to fight Russian info warfare BUT US social media FB, Twitter, Instagram and others seem to be unable to control hate, violence and propaganda being posted minute by minute EVEN though they admit they could....

BTW...the Trump government has promised a propaganda pushback but not spent a single cent of the 200M USD...

BTW...the Germans have effectively told the US social media companies to either control what they know they can actually control and if not then 50K Euros per violation.....ACTUALLY not a problem for them to pay the fines as they make billions.....

At least the Germans are doing something compared to the apparent inaction of Trump who has 200M USDs to spend in this effort....

Last edited by davidbfpo; 06-25-2017 at 01:33 PM. Reason: brevity
OUTLAW 09 is offline   Reply With Quote
Old 06-25-2017   #87
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,749
Default

Snapchat launches new feature that lets people know where you are at any moment

Not good for your own personal safety....
OUTLAW 09 is offline   Reply With Quote
Old 06-26-2017   #88
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,749
Default

A former employee was sentenced to one year and one day in prison for damaging the IT networks of several water utility providers across the US East Coast.
http://securityaffairs.co/wordpress/...ks-hacked.html


Quote:
Adam Flanagan (42) of Bala Cynwyd, PA was sentenced to#one year and one day in prison by a Pennsylvania court#for#damaging the IT networks of several water utility providers across the US East Coast.
The news was reported by#Bleeping Computer, the man#worked between November 2007 and November 2013 as engineer for an unnamed company that manufactured smart water, electric, and gas readers.
Among the Flanagan’s tasks, there was the set up#of Tower Gateway Basestations (TGB) for the customers, which were mainly water utility networks.
The Tower Gateway Basestations#are essential components for water facility networks composed of smart meters installed at people’s homes that exchange data with water facility operators’ systems.
These networks allow water facility operators to collect consumption#data and check the status of the installs at the customers’ homes.
On November 16, 2013, the company fired#Flanagan for undisclosed reasons, then the man decided to punish the company by shutting down the TGB stations paralyzing the water facility networks of the company customers. Flanagan also changed passwords on some TGBs, using offensive words.
The utility providers had to send out employees at customer homes to collect monthly readings about their consumption.
“According to court documents, the FBI tracked down Flanagan’s actions to six incidents in five cities across the US East Coast: Aliquippa (Pennsylvania), Egg Harbor (New Jersey), Kennebec (Maine), New Kensington (Pennsylvania), and Spotswood (New Jersey).”reported#Catalin Cimpanu#from#Bleepingcomputer.

The investigators were able to identify the former employee as the responsible of the incidents, then the US authorities filed charges on November 22, 2016.#Flanagan faced a maximum sentence of 90 years in prison, plus a $3 million fine. He pleaded guilty on March 7, 2017, before receiving his sentence on June 14, 2017.
Flanagan faced a maximum sentence of 90 years in prison, plus a $3 million fine. He pleaded guilty on March 7, 2017#and on June 14, 2017 he was sentenced to one year in the jail, let me say that judges were clement.

Last edited by OUTLAW 09; 06-26-2017 at 12:11 PM.
OUTLAW 09 is offline   Reply With Quote
Old 06-26-2017   #89
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,749
Default

Pinkslipbot banking Trojan exploiting infected machines as control servers
http://securityaffairs.co/wordpress/...ng-trojan.html

Quote:
Pinkslipbot banking Trojan is a banking Trojan that uses a complicated multistage proxy for HTTPS-based control server communication. Security researchers at McAfee Labs have spotted a new strain of the Pinkslipbot banking malware (also known as QakBot/QBot)
Attached Images
File Type: jpg chart.jpg (18.1 KB, 32 views)
OUTLAW 09 is offline   Reply With Quote
Old 06-29-2017   #90
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,749
Default

!!! Zero-day Skype flaw causes crashes, remote code execution (CVE-2017-9948) -
OUTLAW 09 is offline   Reply With Quote
Old 06-29-2017   #91
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,749
Default

NOTE

All of the running information on the Russian deliberate cyber attack on Ukraine is being threaded on the Russian propaganda thread....as it is in fact a Russian targeted cyber attack...especially when one "sees" the control servers sitting deep inside Russia.....
OUTLAW 09 is offline   Reply With Quote
Old 07-03-2017   #92
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,749
Default

Useful analyses on Petya, the camouflaged wiper targeting Ukraine

https://tisiphone.net/2017/06/28/why...uld-worry-too/https://medium.com/@thegrugq/pnyetya...47c-1498684536https://securelist.com/expetrpetyano...somware/78902/
OUTLAW 09 is offline   Reply With Quote
Old 07-03-2017   #93
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,749
Default

Puppet Strings - Dirty Secret for Free Windows Ring 0 Code Execution https://zerosum0x0.blogspot.com/2017...-for-free.html
Attached Images
File Type: jpg chart.jpg (17.9 KB, 23 views)
OUTLAW 09 is offline   Reply With Quote
Old 07-03-2017   #94
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,749
Default

Petya’s kill-chain diagram in Windows 10. Device Guard, Credential Guard, UEFI Secure Boot, AppLocker, KASLR, HALNX

https://blogs.technet.microsoft.com/...form=hootsuite
Attached Images
File Type: jpg ms.jpg (94.5 KB, 24 views)
OUTLAW 09 is offline   Reply With Quote
Old 07-03-2017   #95
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,749
Default

ThreadContinue - Reflective Injection Using SetThreadContext() and NtContinue()
https://zerosum0x0.blogspot.com/2017...injection.html
Attached Images
File Type: jpg chart1.jpg (41.7 KB, 23 views)
OUTLAW 09 is offline   Reply With Quote
Old 07-04-2017   #96
flagg
Council Member
 
Join Date: Dec 2009
Posts: 87
Default

Quote:
Originally Posted by OUTLAW 09 View Post
Petya’s kill-chain diagram in Windows 10. Device Guard, Credential Guard, UEFI Secure Boot, AppLocker, KASLR, HALNX

https://blogs.technet.microsoft.com/...form=hootsuite
One interesting item is the limited execution time of 60 minutes.

I'm not a cyber SME, but I wonder where 60 minutes sits on the continuum?

If on the low end, and assuming it was done so intentionally, does that mean this might have been meant as both an intentional attack(not ransomware) on Ukraine as well as a message NATO/EU/US unlikely to draw a direct cyber counterattack?

To me, if the 60 minute execution time is quite short, then it would seem to be designed to burn out like digital Ebola with a limited incubation period, instead of lingering like the Plague.
flagg is offline   Reply With Quote
Old 07-06-2017   #97
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,749
Default

Quote:
Originally Posted by flagg View Post
One interesting item is the limited execution time of 60 minutes.

I'm not a cyber SME, but I wonder where 60 minutes sits on the continuum?

If on the low end, and assuming it was done so intentionally, does that mean this might have been meant as both an intentional attack(not ransomware) on Ukraine as well as a message NATO/EU/US unlikely to draw a direct cyber counterattack?

To me, if the 60 minute execution time is quite short, then it would seem to be designed to burn out like digital Ebola with a limited incubation period, instead of lingering like the Plague.
You have some interesting comments....there is nothing by accident on this malware....appears to be sloppy in coding but highly destructive when unleashed...appears to be ransomware but it is really a wiper of MBF of computer...and interestingly when detected by say AV or MS Defender software it immediately starts to destroy the MBF with no hesitation whatsoever...

Coupled with a LASDump hacking tool designed to collect all passwords laterally from the infected pc as well as all lateral domain servers and pass that info via exfil then this was in fact a highly thought through cyber attack...setting up the network for future easier attacks...

BTW..you are correct..by appearing to be at first a ransomware they slide under the Article 5 radar......that was intentional...

Alone the damage to Maersk Shipping was a total of 480M USDs...that is a lot of damage for a so called ransomware.

PLUS the choice of targets were exactly what you would expect from a direct cyber invasion...banks and ATMs, fuel points, food stores, radio and TV and social media, transportation ground and air and the central bank....all designed to create panic and confusion in the first hours...

https://www.theguardian.com/technolo...ukraine-russia

Quote:
A ransomware attack that affected at least 2,000 individuals and organisations worldwide on Tuesday appears to have been deliberately engineered to damage IT systems rather than extort funds, according to security researchers.
The attack began in Ukraine, and spread through a hacked Ukrainian accountancy software developer to companies in Russia, western Europe and the US. The software demanded payment of $300 (£230) to restore the user’s files and settings.
The malware’s advanced intrusion techniques were in stark contrast with its rudimentary payment infrastructure, according to a pseudonymous security researcher known as “the grugq”.

The researcher said the software was “definitely not designed to make money” but “to spread fast and cause damage, [using the] plausibly deniable cover of ‘ransomware’”.
This analysis was supported by UC Berkley academic Nicholas Weaver, who told the infosec blog Krebs on Security: “I’m willing to say with at least moderate confidence that this was a deliberate, malicious, destructive attack or perhaps a test disguised as ransomware.”

Last edited by OUTLAW 09; 07-06-2017 at 06:40 PM.
OUTLAW 09 is offline   Reply With Quote
Old 07-13-2017   #98
AdamG
Council Member
 
AdamG's Avatar
 
Join Date: Dec 2005
Location: Hiding from the Dreaded Burrito Gang
Posts: 2,434
Default

Quote:
In early May six U.S. intelligence and law enforcement agency chiefs were asked in an open Senate hearing whether they’d let their networks use Kaspersky software, often found on Best Buy shelves. The answer was a unanimous and resounding no. The question, from Florida Republican Marco Rubio, came out of nowhere, often a sign a senator is trying to indirectly draw attention to something learned in classified briefings.

Eugene Kaspersky took to Reddit to respond. Claims about Kaspersky Lab’s ties to the Kremlin are “unfounded conspiracy theories” and “total BS,” the company’s boisterous, barrel-chested chief executive officer wrote.
https://www.bloomberg.com/news/artic...-intelligence#
__________________
A scrimmage in a Border Station
A canter down some dark defile
Two thousand pounds of education
Drops to a ten-rupee jezail


http://i.imgur.com/IPT1uLH.jpg
AdamG is offline   Reply With Quote
Old 07-14-2017   #99
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,749
Default

WARNING

Russian trolls are attacking twitter users with an app that makes Twitter think you're trying to approve a malicious third party app, causing Twitter to lock your account for safety reasons.

Don't fret, you've not been hacked, this is part... of an intense pro-active troll-farm op designed to keep users from discussing the crumbling Trump presidency.

Russia sees their asset (Trump) falling apart and are doing everything to control the news. It's a hail-mary pass.

Today we have seen over 2.5M Russian controlled Twitter bots swarming out to block as many anti Trump twitter accounts that are reporting on anything pertaining to Trump, Trump Jr. and Russians.

Currently Trump Followers have climbed to 1.8M in just under four weeks AND all are non human bots that is averaging 450K per week and that costs a lot of money to create even on the criminal side of twitter.

This is a concentrated attack against non Trump supporters on Twitter AND Twitter Support has remained largely silent.....WHY is that.

This is the third type of Russian twitter attack in the last ten days...

There is now a true Russian social media info war and it is up front and in your face and the US government also says nothing.
OUTLAW 09 is offline   Reply With Quote
Old 07-14-2017   #100
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,749
Default

WARNING

Private Email of Top U.S. Russia Intelligence Official Hacked http://foreignpolicy.com/2017/07/14/...cial-hacked/#…

Some are saying APT28 GRU again.
OUTLAW 09 is offline   Reply With Quote
Reply

Bookmarks

Tags
cyber, malware, threats

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Russo-Ukraine War 2016 (April-June) davidbfpo Europe 1088 07-01-2016 09:44 PM
Leadership of Cyber Warriors: Enduring Principles and New Directions SWJ Blog Media, Information & Cyber Warriors 0 07-11-2011 03:41 PM
USAF Cyber Command (catch all) selil Media, Information & Cyber Warriors 150 03-15-2011 10:50 PM
Beijing’s Doctrine on the Conduct of “Irregular Forms of Warfare” Jedburgh Asia-Pacific 51 01-08-2011 07:42 PM
Question 5: Cyber space (oh you know I had to ask at least one of these) selil TRADOC Senior Leaders Conference 7 08-14-2009 04:27 PM


All times are GMT. The time now is 03:57 PM.


Powered by vBulletin® Version 3.8.9. ©2000 - 2018, Jelsoft Enterprises Ltd.
Registered Users are solely responsible for their messages.
Operated by, and site design © 2005-2009, Small Wars Foundation