messages : 7134 Inscrit le : 14/08/2008 Localisation : Rabat Maroc Nationalité : Médailles de mérite :
Sujet: Cyber War/Guerre informatique Mer 11 Fév 2009 - 15:01
Rappel du premier message :
Citation :
la Marine victime du virus Conficker-Downadup Thierry Noisette, publié le 9 février 2009
Sécurité - Le réseau interne de la Marine française a été touché par le virus Conficker (ou Downadup) qui a infecté des millions de PC dans le monde. Elle a dû couper son réseau pour le traiter le mois dernier, en collaborant directement avec Microsoft. L'armée française a été victime en janvier du virus Downadup-Conficker, comme l'a rapporté la lettre Intelligence Online, elle-même citée sur le blog du spécialiste de la défense de Libération, Jean-Dominique Merchet. Contactée par ZDNet.fr, la Marine confirme ce lundi que « dans la seconde quinzaine de janvier, le virus Conficker a été introduit par négligence, par une clé USB, dans le réseau interne de la Marine, Intramar ». Le lieutenant de vaisseau Rivayrol, du Sirpa Marine, nous indique que le réseau a dès lors été coupé « pour éviter la propagation du virus et procéder à la maintenance sur les postes ». « Intramar a été isolé des autres réseaux du ministère de la Défense, avec lesquels existent en temps normal des passerelles de communication. » Mais « cela n'a eu aucun effet sur les systèmes opérationnels de la Marine, ni avions ni autres ». Intelligence Online affirmait que les Rafale de la Marine auraient été cloués au sol faute d'avoir pu télécharger leurs paramètres de vol. Ce qui a été arrêté quelques jours concernait seulement la messagerie, précise notre interlocutrice : « On a des réseaux sécurisés militaires, qui ont servi en remplacement pendant la coupure d'Intramar, et Internet. Mais ces trois réseaux, Intramar, Internet et réseaux sécurisés sont complètement séparés, il n'y a aucun lien entre eux. » Intramar relie plusieurs milliers de postes informatiques, dont « moins de 2 % ont été touchés par le virus ».
Une faille traitée en 48 heures Pourquoi ce décalage entre un patch publié par Microsoft (le virus touche une faille Windows, notamment sous Windows 2000, XP et Vista) en octobre et des ordinateurs atteints en janvier ? « Il y avait un petit défaut dans le patch qui ne prenait pas en compte en totalité Conficker, explique le lieutenant Rivayrol. Ce patch avait été installé sur l'ensemble des postes de la Marine, mais cela n'a pas suffi. Par contre, le réseau d'alerte ministériel et interministériel a immédiatement été mobilisé. Il a directement travaillé avec Microsoft pour mettre au point un patch traitant cette faille-là, ce qui a été fait en moins de 48 heures. Le dispositif d'alerte a très bien fonctionné, et le virus n'a du coup eu aucune conséquence pour d'autres armes ni ailleurs dans le ministère. » Les experts américains du Computer Emergency Response Team (Cert) avaient mis en cause la méthode de Microsoft pour bloquer la propagation du ver Downadup. L'armée française n'est pas la seule à avoir été éprouvée par Conficker, qui a contaminé des millions d'ordinateurs dans le monde. Le ministère britannique de la Défense, et en particulier la Royal Navy, ont également été touchés par le virus le mois dernier.
Sujet: Re: Cyber War/Guerre informatique Jeu 29 Mar 2012 - 3:01
Quelques petites precisions sur ma-CERT
english.etnews.com
Citation :
LG CNS Breaks into African Cyber Security Market
2011/03/07 By Kim Won-bae
LG CNS has succeeded in making a foray into the African cyber security market. LG CNS announced on March 3 that the company launched ma-CERT (Maroc Cyber Emergence Response Team) and began to build the center in Rabat, the capital of Morocco. The Moroccan government is planning to take advantage of the cyber security center to prevent public organizations from being hacked. LG CNS is in charge of consulting on the whole project, designing and building the cyber security center and supporting its operation. This US$3.4 million project is an electric government project that the state-run Korea International Cooperation Agency (KOICA) is pushing for in order to support the information system security of Morocco.LG CNS is planning to complete the construction of the cyber security center by this November by joining forces with small and medium-sized SW-specialized firms such as SGA, Igloo Security (both in charge of security solutions), CPI (in charge of the situation room control center) and Kopeng (in charge of servers)
Toutes de compagnies coreennes.
http://www.sgacorp.kr/eng/
http://www.kopeng.co.kr/
http://www.igloosec.com/
CPI est apparemnt une filliale de LG Chem (CPI Compact Power Inc.)
Satellite-jamming becoming a big problem in the Middle East and North Africa
The Arab Spring has had yet another consequence—satellite jamming, and the practice is serious enough to threaten the satellite operators' business. Two operators, Arabsat and Nilesat, complained about the jamming in the Satellite 2012 Conference in Washington, D.C. last week, according to an article in Space News. Arabsat is a 21-country consortium that provides broadcasting to over 100 countries in the Middle East, Africa, and Europe. Nilesat is an Egypt-based operator that carries 415 channels to the Middle East and North Africa. The satellites also provide broadband, telephone, and VSAT service.
Jamming and rounding up satellite dishes has become a common practice for governments wishing to limit unfavorable coverage in their own (or sometimes other people's) countries. An article in February at BroadcastEngineering.com detailed the decision of the United Nations' International Telecommunications Union (ITU) to condemn satellite jamming in Iran as "contrary to Article 19 of the Universal Declaration of Human Rights." That decision came after complaints by several broadcasters, including the BBC, Radio Netherlands Worldwide, and Voice of America. Last year Reuters reported that jamming of satellite phones and other services occurred in Libya during the uprising.
But the issue may not be limited to Middle East governments. The Islamic Republic of Iran's Broadcasting English website claimed in January that British technicians were jamming Iranian broadcasts on Eutelsat's Hotbird sat network from a site in Bahrain. If that's accurate, it may suggest that European governments think it's acceptable to jam European companies' satellites as long as the broadcasts themselves aren't European.
Any attempt to jam satellites in the United States is generally tracked and stopped quickly by the Federal Communications Commission (FCC), which strictly enforces the licensing and sharing of US radio spectrum by the many parties that use it. Off-frequency or overpowered broadcasts in the United States generally result in an instant broadcaster shutdown and possible fines or jail terms.
In Europe, a new pan-European regulatory body entitled the Body of European Regulators for Electronic Communications (BEREC) began meeting in 2010. BEREC has broad authority for licensing and enforcement and has, from all reports, even broader and stricter powers.
Unfortunately for customers or companies seeking redress, there is no pan-African or pan-Middle Eastern authority available to prevent illegal transmissions. There are, instead, cooperative agreements between the countries that make up each body of operators. The countries that are doing the jamming are member states of this consortium, and at times they have even jammed their own broadcasts.
In a few cases, according to the Space News article, the operators have been able to identify the antennas doing the jamming using Google Earth. Notifying the governments involved is ineffective, and there is at present no practical way to stop the jammers.
The two companies were hesitant to name the culprits, but countries that have been mentioned elsewhere in the press include Libya, Syria, Bahrain, Iraq, and Iran. Syria and Bahrain, in particular, have ongoing domestic problems right now.
Ars Technica
Citation :
Pakistan backs away from proposed censorship system
Last week we reported on the controversy over Pakistan's Request for Proposals for a sophisticated Internet censorship system. The Pakistan Telecommunication Authority has vowed to stop the distribution of "blasphemous and objectionable content" over the Pakistani Internet, and was seeking a system capable of blocking up to 50 million URLs. Internet freedom activists rallied against the proposal and secured commitments from several major IT vendors not to bid for the project.
Now the Pakistani government appears to be backing away from the proposal. A member of the National Assembly, the lower house of Pakistan's legislature, told the Express Tribune that Pakistan's Ministry of Information Technology had withdrawn the project "due to the concern shown by various stakeholders."
Yet the Pakistani officials in charge of the proposal have yet to confirm the reports. A spokesman from the IT Ministry told the Express Tribune that it would release a statement on Tuesday, but Ars was unable to find such a statement on the agency's website.
Critics of the censorship scheme hailed the news, but warned the fight was far from over.
"While these reports are promising, there is still a possibility that the Pakistani government could try to covertly implement a similar system," said Mike Rispoli, a spokesman for the advocacy group Access. His group collected more than 18,000 signatures opposing the scheme.
Rispoli called for new legislation prohibiting the Pakistani government from implementing such a censorship regime in the future.
Researchers release new exploits to hijack critical infrastructure
Researchers have released two new exploits that attack common design vulnerabilities in a computer component used to control critical infrastructure, such as refineries and factories.
The exploits would allow someone to hack the system in a manner similar to how the Stuxnet worm attacked nuclear centrifuges in Iran, a hack that stunned the security world with its sophistication and ability to use digital code to create damage in the physical world.
The exploits attack the Modicon Quantum programmable logic controller made by Schneider-Electric,which is a key component used to control functions in critical infrastructures around the world, including manufacturing facilities, water and wastewater management plants, oil and gas refineries and pipelines, and chemical production plants. The Schneider PLC is an expensive system that costs about $10,000.
One of the exploits allows an attacker to simply send a “stop” command to the PLC.
The other exploit replaces the ladder logic in a Modicon Quantum PLC so that an attacker can take control of the PLC.
The module first downloads the current ladder logic on the PLC so that the attacker can understand what the PLC is doing. It then uploads a substitute ladder logic to the PLC, which automatically overwrites the ladder logic on the PLC. The module in this case only overwrites the legitimate ladder logic with blank ladder logic, to provide a proof of concept demonstration of how an attacker could easily replace the legitimate ladder logic with malicious commands without actually sabotaging the device.
The exploits take advantage of the fact that the Modicon Quantum PLC doesn’t require a computer that is communicating with it to authenticate itself or any commands it sends to the PLC—essentially trusting any computer that can talk to the PLC. Without such protection, an unauthorized party with network access can send the device malicious commands to seize control of it, or simply send a "stop" command to halt the system from operating.
The attack code was created by Reid Wightman, an ICS security researcher with Digital Bond, a computer security consultancy that specializes in the security of industrial control systems. The company said it released the exploits to demonstrate to owners and operators of critical infrastructures that "they need to demand secure PLC’s from vendors and develop a near-term plan to upgrade or replace their PLCs."
The exploits were released as modules in Metasploit, a penetration testing tool owned by Rapid 7 that is used by computer security professionals to quickly and easily test their networks for specific security holes that could make them vulnerable to attack.
The exploits were designed to demonstrate the "ease of compromise and potential catastrophic impact" of vulnerabilities and make it possible for owners and operators of critical infrastructure to "see and know beyond any doubt the fragility and insecurity of these devices," said Digital Bond CEO Dale Peterson in a statement.
But Metasploit is also used by hackers to quickly find and gain access to vulnerable systems. Peterson has defended his company’s release of exploits in the past as a means of pressuring companies like Schneider into fixing serious design flaws and vulnerabilities they’ve long known about and neglected to address.
Peterson and other security researchers have been warning for years that industrial control systems contain security issues that make them vulnerable to hacking. But it wasn’t until the Stuxnet worm hit Iran’s nuclear facilities in 2010 that industrial control systems got widespread attention. The makers of PLCs, however, have still taken few steps to secure their systems.
"[M]ore than 500 days after Stuxnet the Siemens S7 has not been fixed, and Schneider and many other ICS vendors have ignored the issues as well," Peterson said.
Stuxnet, which attacked a PLC model made by Siemens in order to sabotage centrifuges used in Iran’s uranium enrichment program, exploited the fact that the Siemens PLC, like the Schneider PLC, does not require any authentication to upload rogue ladder logic to it, making it easy for the attackers to inject their malicious code into the system.
Peterson launched a research project last year dubbed Project Basecamp, to uncover security vulnerabilities in widely used PLCs made by multiple manufacturers.
In January, the team disclosed several vulnerabilities they found in the Modicon Quantum system, including the lack of authentication and the presence of about 12 backdoor accounts that were hard coded into the system and that have read/write capability. The system also has a web server password that is stored in plaintext and is retrievable via an FTP backdoor.
At the time of their January announcement, the group released exploit modules that attacked vulnerabilities in some of the other products, and have gradually been releasing exploits for other products since then.
Mais franchement lorsqu'il s'agit des compagnies de securite elles memes Sophos maintenant a decouver des RATs (remote Access tools) sur ses servurs
Citation :
Security Notification for Sophos Partners
UPDATE: FRIDAY, APRIL 6
Did the attacker have access to any financial data?
No financial information was stolen from this database. This was not a database designed to hold financial information, but we ran comprehensive data scans to look for any banking details (credit cards, sorting codes, account numbers, etc.) lurking in the fields. All scans came back clean.
How did you detect the attack?
Sophos Endpoint Security detected and blocked an attempt by the attacker to upload two hacking tools to the server. The first was a program designed to steal passwords, the second a privilege escalation tool. Sophos detected these as the PUAs (potentially unwanted applications) as “Windows Credentials Extractor” and “BackEx”.
What are you doing now?
We have an image of the compromised machine and are performing a forensic offline analysis of the system to gain a complete understanding of the attack. In parallel, we are running copies of the compromised machine in a virtual secure lab to further understand the constraints the attacker was operating within.
UPDATE: THURSDAY, APRIL 5
Sophos monitors its servers closely for potential security issues, and on 3rd April identified some suspicious activity on the main webserver that serves our Partner Portal at https://gpp.partners.sophos.com/.
Two unauthorized programs were found on the server, and our preliminary investigations indicate that these were designed to allow unauthorized remote access to information.
As a precautionary step to prevent any potential data breach, we have temporarily taken the entire Partner Portal site offline, suspending partner logins. In parallel, we are conducting an in-depth security audit and once that is completed our partners will be able to use the Portal again. For those partners who have moved onto the new SFDC-based partner portal, this site was not compromised so there is no need to reset those passwords.
At this stage we have been unable to confirm that any data has been stolen as a result of the security incident. However, we feel it's sensible to assume the worst: that information may have been accessed.
Data included in the server's databases include: Partners' names and business addresses, email addresses, contact details, and hashed passwords.
Next steps
When the Partner Portal comes back online, you will find that your password has been reset as a precautionary step, just in case it fell into the wrong hands. You should, of course, ensure that you never use the same password on different websites - and if you did use your old Partner Portal password on other sites, we would advise that you change the login credentials on those sites to something unique.
We do not currently know if email addresses were accessed by any unauthorized persons, but if they were, it is possible that partners may find they are targeted by phishing emails purporting to come from Sophos or other targeted attacks. Please take care when accessing unsolicited emails.
We realize that the site's downtime and the forced password resets may be an overreaction and are sorry for the disruption this will cause, but we would rather cause some inconvenience at this stage than delay as we wait for further information.
Again, we apologize for the inconvenience caused and will continue to take every precaution in protecting partners' data.
If you have any concerns or queries about this matter, please contact us at AskSophos@sophos.com
In the meantime, please revisit this page for any further updates and contact your CAM for any immediate business needs.
Sinon les recentes attaques des Anonyous (s'agit-ils des memes anons apr ailleurs?) diriges contre la Chine commence a donner des resultats
par Reuters:
Hacker claims breach of Chinese defense contractor
Citation :
(Reuters) - A hacker has posted thousands of internal documents he says he obtained by breaking into the network of a Chinese company with defense contracts, an unusual extension of the phenomenon of activist hacking into the world's most populous country.
The hacker, who uses the name Hardcore Charlie and said he was a friend of Hector Xavier Monsegur, the leader-turned- informant of the activist hacking group, LulzSec, told Reuters he got inside Beijing-based China National Import & Export Corp (CEIEC).
He posted documents ranging from purported U.S. military transport information to internal reports about business matters on several file-sharing sites, but the authenticity of the documents could not be independently confirmed.
The Beijing company, better known by the acronym, CEIEC, did not respond to a request for comment. U.S. intelligence and Department of Defense officials had no immediate comment.
CEIEC's website says the company performs systems integration work for the Chinese military.
Cyber-spying, both economic and political, is a growing concern for companies and governments around the world. The Chinese government is often accused of promoting, or at least tolerating, hacking attacks aimed at Western targets. But Chinese institutions have rarely been publicly identified as victims of such attacks.
Hackers associated with LulzSec have largely targeted Western defense contractors and law enforcement, although some of their attacks may have been driven by FBI informants. LulzSec is a spin-off of Anonymous, an amorphous collective that uses computer break-ins to promote social causes and expose what members see as wrongdoing by governments and corporations.
Hardcore Charlie said in email and Twitter conversations with Reuters that he had worked with others to crack the email passwords that got him inside CEIEC.
In particular, the hacker said he worked with an associate who calls himself YamaTough on Twitter, another former ally of Monsegur who recently released stolen source code for old versions of security products made by Symantec Corp (SYMC.O).
YamaTough had also been involved in an incident in which fake documents, purportedly from Indian military intelligence, were mixed with genuinely purloined documents, raising the possibility Hardcore Charlie had pursued a similar strategy in posting the alleged CEIEC documents.
Hardcore Charlie described himself as a 40-year-old Hispanic man in a country close to the United States. He said he did not have strong political leanings, but was concerned the Chinese company had access to material about the U.S. war effort in Afghanistan, as some of the documents suggest.
He said he planned to "explore" the computer networks of other Chinese companies.
(Reporting by Joseph Menn in San Francisco; additional reporting by Mark Hosenball in Washington; editing by Jonathan Weber and Andre Grenon)
Dassault Systèmes claque la porte du "cloud à la française"
Bernard Charlès, le patron de Dassault Systèmes, a écrit à René Ricol, le commissaire général à l'investissement, pour lui dire qu'il se retirait définitivement d'Andromède, le projet de "cloud à la française" qui doit être soutenu par le Grand Emprunt. Son partenaire, SFR, va chercher un autre allié. En attendant, le projet concurrent porté par Orange et Thalès, devrait recevoir un avis favorable pour son financement.
Dassault Systèmes a mis un point final à son aventure dans « le cloud à la française ». De sources concordantes, Bernard Charlès, le PDG de l'éditeur de logiciels, a écrit en début de semaine au commissaire général à l'investissement René Ricol, au patron de la Caisse des Dépôts et Consignations (CDC) Antoine Gosset-Grainville et à Jean-Bernard Lévy, le patron de SFR et de Vivendi, pour leur faire part de sa décision de se retirer définitivement du projet, exprimant son regret de ne pas avoir su convaincre le Commissariat général à l'investissement (CGI) de répondre à ses exigences.
Dassault Systèmes s'est porté avec SFR candidat à Andromède, le « cloud à la française », que le Grand Emprunt souhaite financer et qui doit doter la France d'une infrastructure de cloud sécurisée (informatique dématérialisée), capable d'héberger des données sensibles. Problème : le CGI et la CDC ont proposé d'injecter de l'argent dans les deux projets en lice, celui de Dassault Systèmes et celui porté par Orange et Thalès. Confirmant ces informations, Bernard Charlès justifie ce retrait: « Nous sommes très heureux d'avoir soutenu avec notre partenaire Vivendi ce projet d'intérêt général pour la France, mais Dassault Systèmes n'entend pas investir 75 millions d'euros dans un projet où l'un des actionnaires (l'Etat, ndlr) est actionnaire à part égale d'une structure concurrente. Étant à l'origine du projet Andromède, nous avions clairement exprimé les conditions de réussite : concentration stratégique, compétitivité structurelle, plateforme ouverte à des partenaires, en ayant enfin la capacité d' ouverture à des alliances Européennes. Ces conditions ne sont pas réunies à ce jour. »
Voyant les pouvoirs publics s'acheminer vers cette solution, Bernard Charlès, menant ses menaces à exécution, a voulu prendre les devants en mettant un terme à sa candidature, sans attendre la décision finale de René Ricol, et l'arbitrage de François Fillon. De fait, selon nos informations, la lettre de Dassault Systèmes est arrivée au CGI avant les recommandations du Comité d'investissement indépendant, qui s'était réuni vendredi 30 mars pour choisir et noter les projets. De bonne source, d'après les dépouillements effectués au CGI, les deux Andromède, Dassault-SFR et Orange-Thalès, sont finalement arrivés à égalité. Du coup, si Dassault Systèmes ne s'était pas désisté, René Ricol aurait donc dû recommander les deux solutions de cloud à François Fillon. L'enveloppe initiale prévue par le Grand Emprunt était de 135 millions d'euros, mais le CGI avait prévu de l'ajuster au regard des besoins. De fait, les deux tandem demandaient chacun 75 millions d'euros de financement public, soit un total de 150 millions.
René Ricol va recommander le financement d'Orange-Thales
Face au désistement de Dassault Systèmes, le commissaire général à l'investissement René Ricol va recommander dans un premier temps l'Andromède d'Orange-Thalès. Selon nos informations, Jean-Bernard Lévy lui a écrit pour l'informer que SFR était toujours candidat, et qu'il cherchait un autre partenaire. Pour obtenir son financement, l'opérateur devra repasser devant le Comité d'investissement.
Dassault Systèmes claque la porte une deuxième fois
Pour Dassault Systèmes, c'est la fin d'une aventure de plus de deux ans, qu'il avait pourtant pilotée. A l'origine, l'Etat ne devait financer qu'un seul projet cloud. Pendant deux ans, Dassault Systèmes a donc travaillé à la composition d'un consortium au côté d'Orange et de Thalès. Mais en décembre, en raison de mésententes avec Stéphane Richard, le PDG d'Orange, sur la gouvernance de l'entité, les clauses de non concurrence, et les conditions tarifaires, Bernard Charlès a claqué une première fois la porte du projet, créant de facto une remise à cause totale des vélléités « cloud » gouvernementales.
Orange restant dans la course au côté de Thalès, Bernard Charlès avait ensuite beaucoup milité pour qu'un seul projet soit sélectionné: le sien. Le groupe a tenté de démontrer par qu'il n'y avait pas forcément la place pour deux, qu'une double concurrence créerait des pressions sur les prix, et retarderait le retour sur investissement. A la mi-mars, l'ancien PDG de SFR, Frank Esser, avait lui-même souhaité qu'il n'y ait qu'un seul financement. Mais les pouvoirs publics en ont décidé autrement. Les défenseurs de cette solution avancent qu'il s'agit là d'un moyen de créer de la concurrence pour que le marché décolle plus rapidement.
États-Unis : L'Utah va-t-il devenir la capitale de la cyber-surveillance ? La NSA est en train de se doter d'un centre de data mining géant à une demi-heure de Salt Lake City. Tous les emails pourront désormais être lus, les recherches en ligne scrutées et le centre servir au contre-espionnage.
Cyberguerre: quand Israël peut détourner le trafic web
Citation :
L’expérience a été menée dans la plus ancienne université d’Israël, la faculté Technion de Haïfa. Elle a consisté à créer un serveur fantôme qui envoie de faux messages aux routeurs chargés d’acheminer les paquets de contenus sur le web. L’intrus peut, soit bloquer complètement le trafic en paralysant un nombre illimité de routeurs, soit capter les messages et analyser les informations qu’ils contiennent. Une étape cruciale dans l'évolution de la cyberguerre.
Fausses informations de routage
C’est probablement le type d’attaque le plus redoutable depuis qu’en 1976, les routeurs ont remplacé les passerelles. A la différence des passerelles qui organisaient le transit des messages entre les différentes plateformes sans assurer que les paquets allaient tous arriver aux bonnes destinations, les routeurs accélèrent le trafic en garantissant la destination et l’intégrité des contenus. C’est cette garantie, éprouvée par plus de trente ans d’expansion du web, que les informaticiens de Technion viennent de faire sauter.
Pour bien comprendre la portée de cette expérience, il faut imaginer le réseau mondial comme un gigantesque archipel de plateformes électroniques. Pour qu’un contenu (courriel, fichier audio, vidéo) puisse passer d’une «île » à l’autre, il faut que de nombreux ordinateurs très spécialisés assurent le transfert en orientant, par les meilleures routes possibles, les fragments numériques de ce contenu, fragments appelés paquets.
Le transfert des paquets n’est possible que si les routeurs dialoguent constamment entre eux. De fait, ils s’envoient périodiquement de brefs signaux qui les informent mutuellement sur l’état du réseau et sur leur disponibilité respective. Le vecteur permanent et universel de ce dialogue est un langage appelé protocole. Sous la direction du professeur Gabriel Raphaël, et sous la supervision directe de Gabi Nakibly et Itai Dabran, les étudiants de Technion, Alex Kirshon et Dima Gonikman, ont mené à terme un projet de fin d’études visant à pirater le plus ancien et le plus utilisé des protocoles de routage, l’OSPF (Open Shortest Path First = « D’abord le chemin ouvert le plus court »). Du coup, leur serveur fantôme a pu envoyer de faux messages aux routeurs et récupérer tout ce qui passait par eux.
La faille était dans le correctif
En forçant le trait, l’attaque ainsi réussie pourrait se comparer à ceci : des faux aiguilleurs se substituant aux vrais réussiraient (protocole piraté) à détourner une partie du trafic aérien international vers un aéroport clandestin installé sur une île peu connue (serveur fantôme).
Officiellement, l’opération universitaire a pour but d’aider le consortium W3C qui régit le réseau mondial à améliorer la sécurité du protocole de routage. Il suffirait en effet d’appliquer un correctif au langage piraté.
Mais en examinant de plus près le scénario de l’attaque réussie, on constate qu’Axel et Dima ont trompé les routeurs en exploitant une faille de leur actuel système de défense appelé « fight-back » : réaction automatique (réflexe) d’un routeur qui corrige le signal faux ou altéré de ses voisins les plus proches. Donc, la faille était dans le correctif.
La « cyberguerre » n’existe pas, mais…
Le fait d’avoir rendu public le succès de l’attaque - et récompensé les deux étudiants - s’inscrit dans une séquence un peu plus chaude que d’habitude de la « cyber guerre » entre Israël et certains pays du Moyen-Orient. La notion de cyberwarfare est récusée par de nombreux officiels à travers le monde. Ce qui n’a pas empêché les Etats-Unis d’avoir multiplié, depuis juin 2009, les agences de cyber défense, imités en cela par la Corée du Sud, la Grande-Bretagne et Israël.
Le 16 janvier dernier, le site web de la Bourse de Tel Aviv et celui de la compagnie El Al ont été les cibles d’attaques classiques, dites de « deni de service distribués » (torrents de requêtes visant à noyer les serveurs). Félicité par le Hamas, l’auteur se présentait comme un hacker vivant en Arabie Saoudite. Les firmes visées ont immédiatement bloqué les adresses IP de plusieurs pays arabes, dont l’Algérie, et un groupe de hackers baptisé « Forces de Défense d’Israël » a menacé d’attaquer plusieurs sites d’entreprises et de gouvernements arabes.
La publicité qui vient d’être donnée au piratage expérimental du protocole de routage revêt, dans ce contexte, la double dimension d’une escalade et d’un avertissement. Escalade : le détournement du trafic par « duperie de routeurs » est aux techniques classiques des hackers ce que les missiles de croisière sont aux pièces d’artillerie: un énorme avantage concurrentiel. Avertissement indirectement adressé à un pays, non pas arabe mais musulman, comme l’Iran : Israël est théoriquement en mesure de contrôler le trafic entre les plateformes électronique persanes. L’Iran étant le plus ferme soutien du régime syrien. Pour mémoire, la première bataille inter-étatique sur le web s’est produite le 27 avril 2007 quand des « guerriers » russes ont paralysé en une seule offensive de nombreux sites officiels estoniens. L’année suivante, les affrontements par « dénis de service distribués » (DDoS) opposaient à la Russie, une Georgie aidée par des experts estoniens et américains.
La publication, en mars dernier, de courriels privés révélant le rôle et le train de vie fastueux Mme Asma al-Assad n’a pas été revendiquée par Wikileaks, ni par les Anonymous. Elle ne peut être le fait des oppositions syriennes. A moins que les dignitaires du régime soient complètement novices en matière de sécurité, ces fuites ne peuvent provenir que de méthodes sophistiquées d’intrusion. Ou de détournement
Quoi qu’il en soit, dans la liste de ses priorités que le patron américain de la cybersécurité, Howard Schmidt, vient de remettre à Barack Obama, la fiabilité des connexions arrive en tête. C’est exactement ce que le président des Etats-Unis, Dwight Eisenhower, avait demandé aux « plus gros cerveaux » du pays convoqués en octobre 1957, quand il est apparu que le premier satellite soviétique, Spoutnik, pouvait détruire le réseau de communication partant du Pentagone.
Technion Students Hack OSPF, the Most Popular Routing Protocol on the Internet
The attack was part of a student project in the Computer Science Department and has attracted substantial interest in two scientific conferences; the students will be awarded the Technion Amdocs Prize
Alex Kirshon and Dima Gonikman, students in the Technion Computer Science Department, succeeded in hacking the OSPF routing protocol, the most common protocol on the internet. The attack was part of a student project in the Laboratory of Computer Communication and Networking and has attracted substantial interest in two scientific conferences it was presented in. Alex and Dima will be awarded the Technion Amdocs Prize for Best Project in Computer Science. Their supervisors were Gabi Nakibly and Itai Dabran.
Hundreds of thousands of routers work on the internet, linking the different networks. Each router is supposed to "know" all the other routers and to "talk" to them (obtain information about their neighbors and about networks connected to them). The incessant involvement of the routers in the transmission of this information encumbers them and diminishes their effectiveness. Hence, the internet is in fact split into autonomic systems that "talk" to each other. The routers in each such system "know" one another.
The most popular protocol for the transmission of information between routers in autonomic systems is OSPF. If it malfunctions, many messages will not reach their destination. Moreover, there is the concern that these messages will reach the attacker of the protocol. Accordingly, stringent security measures are in place for the protocols of network routers.
One of the important defenses is called "fight-back". When it is implemented – when a router recognizes that another router has sent data in its name – it immediately issues a correction.
With help from their supervisors, Alex Kirshon and Dima Gonikman "targeted" this correction. They triggered a fight-back from a router on the network, but immediately before it was sent, they sent a fight-back with false data that was received by some of the other routers. When these routers received the fight-back of the compromised router, they rejected it because they supposedly already received a fight-back from it.
The "attacking" students also identified in advance which fight-back the attacked router will send, so that the other routers received it from them "without doubts or questions". From the moment they received the "fake" fight-back, there are routers on the network that have incorrect routing tables.
Such an attack can disrupt the entire operation of the autonomic system, prevent messages from reaching their destination and unnecessarily create substantial traffic on the network.
Seven groups of students will receive the Amdocs Prize for Best Project in a ceremony that will take place in mid-March in the Technion Computer Science Department.
A mon avis cette attaque n'est pas contre "internet" mais viens s'ajouter a un arsenal utile.
OSPF est un protocole de routage (protocole qui reconfigure les tables des routeurs automatiquement) classe Intrerior Gateway Protocol, CAD a l'interieur des Autonomous Systems (par opposition au protocols de routage External Gateway Protocol tels BGP)
Les AS (autonomous systems) sont les unite de bases gerres apr des grandes entitees tel les gouvernements, les plus grandes ISPs etc... les AS echangent leurs infos par EGP, et une attaque contre un EGP (tel BGP) serait uneattaque contre internet car la base des echanges entre AS est la confiance, heritage du temps ou intenet etait un reseau universitaire resreaint a un nombre limitee d'entitees. C'est ce qui explique les dommages collatereux qu'avait provoque le magouillage pakistanais sur ses tables BGP pour bloquer youtubne/facebook Pakistan’s Accidental YouTube Re-Routing Exposes Trust Flaw in Net
Bref une attaque contre OSPF serait utile a l'interieur d'un AS donne et sepcifique au mailleur des cas mais ce genre d'attaques est la pour ouvrir la voie a d'autres vecterus et technniques.
Parmi ceux la il y'a les "rogue routers" infiltres dans l'organisation, surtout en Wifi, il y'a les petites cles usb qui desomais peuvent contenir un ordinatuer sur bord (crakcer les pass par un agent qui a l'acces physique), sans oublier les malwares decouverts de temps en temps sur le matos des constructeurs reseaux (le dernier en date etant HP, et avant , Cisco) et les suspiscion de backdoors (portes derobees) dans les logiciels de securite meme.
jonas General de Brigade
messages : 3370 Inscrit le : 11/02/2008 Localisation : far-maroc Nationalité : Médailles de mérite :
(Reuters) - Iran is investigating a suspected cyber attack on its main oil export terminal and on the Oil Ministry itself, Iranian industry sources said on Monday.
A virus was detected inside the control systems of Kharg Island - which handles the vast majority of Iran's crude oil exports - but the terminal remained operational, a source at the National Iranian Oil Company (NIOC) said.
The virus, which is likely to draw comparisons with the Stuxnet computer worm which reportedly affected Iranian nuclear facilities in 2009-10 [ID:nPOM731768], struck late on Sunday.
It hit the internet and communications systems of Iran's Oil Ministry and of its national oil company, the semi-official Mehr news agency reported. Computer systems controlling a number of Iran's other oil facilities have been disconnected from the Internet as a precaution, the agency added.
Hamdullah Mohammadnejad, the head of civil defense at the oil ministry, was reported as saying Iranian authorities had set up a crisis unit and were working out how to neutralize the attacks.
IT systems at the oil ministry and at the national oil company were also disconnected to prevent the spread of any virus, the Mehr news agency said.
The oil ministry's own media network, Shana, quoted a spokesman as saying some data had been affected but that there was no major damage.
VIRUS REMINISCENT OF STUXNET
Iran's nuclear program is thought to be the principal target of the Stuxnet worm - discovered in 2010 - the first virus believed to have been specifically designed to subvert industrial systems.
U.S.-based think-tank, the Institute for Science and International Security (ISIS), said that in late 2009 or early 2010 about 1,000 centrifuges - machines used to refine uranium - out of the 9,000 used at Iran's Natanz enrichment plant, had been knocked out by the virus - not enough to seriously harm its operations.
Iranian officials have accused the United States and Israel of developing the virus to sabotage its atomic program, an allegation neither country has commented on.
The United States and its allies suspect Iran is using its enrichment activities to covertly develop a nuclear weapons capability, a charge Tehran denies.
Late last year, Iran also identified damage it said was inflicted by a similar virus aimed at disrupting industrial processes, called Duqu.
Experts say Duqu appears to be designed to gather data to make it easier to launch future attacks and that very few organizations could have written such complex programs. There is no confirmation this latest attack is related to Duqu.
A systems analyst at Hungary's Laboratory of Cryptography and System Security, which first discovered and named Duqu, told Reuters that Iran needed to be more cooperative with samples of malware codes if it required external help.
"As this recent incident might have been a targeted attack against Iran and only against Iran, security experts in Western countries might be reluctant to help them," Boldizsar Bencsath said.
The authorities said there had been no disruption to production or exports, Mehr news reported, but a shipping source with knowledge of operations at Kharg Island said that the NIOC has been prevented from sending out the crude-loading program at the terminal.
Most of the world's oil facilities are controlled by computers, but some processes can be managed manually when necessary.
SCEPTICISM
Some experts said it was not yet clear whether the virus reported on Monday was, like Stuxnet, seeking to corrupt industrial processes to cause physical damage, or was a simple data virus.
One cyber security specialist Ali Jahangiri said he had doubts about whether a virus actually existed.
"There is no indication that this is definitely a targeted attack from outside. It could be a technical failure inside the oil ministry's communications own systems," he said.
However, John Bumgarner, a security specialist at the U.S. Cyber Consequences Unit think tank, told Reuters a virus was a possibility, and that a sufficiently complex one could have more than a fleeting impact.
"The reason you would put a virus inside this network to erase data is because that causes those facilities to have to shut down," he said, saying servers would need to be rebuilt to get them back online.
"So during that time the production and refinery operations for Iran could be impacted. And depending on how the virus was written, it could be longer term."
(Reporting By Marcus George, Amena Bakr, Humeyra Pamuk, Daniel Fineren and William Maclean; Writing by Marcus George; Editing by Andrew Osborn)
In U.S.-Russia deal, nuclear communication system may be used for cybersecurity
The Washington Post
Citation :
A secure communications channel set up to prevent misunderstandings that might lead to nuclear war is likely to expand to handle new kinds of conflict — in cyberspace.
The Nuclear Risk Reduction Center, established in 1988 under President Ronald Reagan so that Washington and Moscow could alert each other to missile tests and space launches that could be mistaken as acts of aggression, would take a central role in an agreement nearing completion between U.S. and Russian negotiators.
The use of the secure channel would be a milestone in the effort to ensure that misperceptions in cyberspace — where it is difficult to know who is behind a digital attack or even whether a computer disruption is the result of deliberate action — do not escalate to full hostilities, say U.S. officials and experts from both countries.
The talks reflect the increasing importance of cyber-activities as points of potential conflict between nations. The Obama administration has warned with growing urgency in recent months that a cyberattack could undermine systems providing water, power or other critical services to Americans.
The agreement would be the first between the United States and another country seeking to lessen the danger of conflict in cyberspace, and it would include other measures to improve communication and transparency. It would be, officials and experts note, an initial step toward making cyberspace more stable.
“Both the U.S. and Russia are committed to tackling common cybersecurity threats while at the same time reducing the chances a misunderstood incident could negatively affect our relationship,” White House spokeswoman Caitlin Hayden said.
Russian Embassy spokesman Yevgeniy Khorishko said, “We feel that these confidence-building measures are important to preventing conflicts.”
The pact would be a positive development, in contrast to a generally downbeat U.S. assessment of Russian actions in cyberspace. An intelligence agency report last fall singled out Russia and China as aggressive perpetrators of cyber-espionage against economic targets. Russian organized-crime groups have been active for years in cyber-theft of consumers’ credit card information and other data.
The agreement would not address those issues, nor political differences over the extent to which governments can or should control speech on the Internet. At a conference in Germany this week, Russia pressed its campaign for a binding United Nations treaty on “information security” that would endorse the concept of a governmental role in controlling expression online. The United States opposes that effort.
Talks between the United States and the Chinese over cybersecurity are proceeding at a slower pace, officials say. American officials say the Chinese have not agreed with the U.S. position that the law of armed conflict, which requires the use of proportional force and the minimization of harm against civilians, applies to cyberspace.
The Russians accept that position, easing potential conflict on that point. Experts also note that the Russians and the Americans have had decades of experience in negotiating on nuclear and other strategic matters.
With computer terminals at the State Department and the Russian Ministry of Defense that are staffed 24 hours a day, the Nuclear Risk Reduction Center allows electronic messages to be quickly translated and directed to key officials. Each government, for instance, could alert the other before it test-fired an intercontinental ballistic missile so that the launch would not be mistaken as the first salvo in a nuclear war.
The nuclear center supports more than a dozen bilateral and multilateral treaties and agreements with up to 50 countries and in six languages. The treaties also deal with troop movements and major military exercises.
In the case of a cyber-incident, the channel of communication could be activated if either side detects what appears to be hostile activity coming from the other’s territory, officials said.
The channel would be used only if the malicious cyber-activity is of “such substantial concern that it could be perceived as threatening national security,” said an administration official who described the emerging agreement on the condition of anonymity because the talks are not yet final. “So this is not to be used every day.”
The Russians requested a phone-based hotline between the Kremlin and the White House exclusively for cyber-incidents, the official said. That would be distinct from the nuclear hotline.
Though often depicted in popular culture as red telephone, the nuclear hotline started as a Teletype machine and was later replaced by a computerized system, a defense official said. The hotline, used for crisis communications between heads of state, is not part of the Nuclear Risk Reduction Center.
The pending agreement has grown out of high-level cybersecurity talks in Moscow in February 2011 and a follow-up last June in Washington to establish confidence-building measures to prevent cyber-conflict.
Vice President Biden said in November that talks between the United States and Russia were intended to “build cooperation and to set up lines of communication in the event of an alarming incident.”
The negotiators agreed on two other measures, including an exchange of position papers, which has been completed. The United States gave the Russians the Pentagon’s strategy for cyberspace before it was published last July. In December, the Russians delivered a Ministry of Defense paper on the “information space” that affirmed that the law of armed conflict applies in cyberspace, although the Russians have said more rules may be needed.
The other measure would set up an ongoing exchange of basic, unclassified data on malicious cyber-activity between the Department of Homeland Security’s U.S. Computer Emergency Readiness Team and its counterpart in Russia.
“It’s a very good approach in bilateral relations to decrease tensions,” said Andrey Kulpin, an adviser on international cooperation at the Institute of Information Security Issues at Lomonosov Moscow State University. If either side sees what appears to be a cyberattack from the other, he said,“we have a direct line to discuss that and to have a clear vision that this is not from Russia or the United States.”
Invité Invité
Sujet: Re: Cyber War/Guerre informatique Ven 4 Mai 2012 - 23:32
Citation :
Lockheed Martin to Assist Department of Defense in Fight Against Growing Threat: Cyber Crime
Supporting DoD’s Cyber Crime Center through Digital Forensics and Analysis
VALLEY FORGE, Pa., May 3, 2012 – Already one of the U.S. Department of Defense’s most-experienced providers of solutions for defeating military threats, Lockheed Martin (NYSE:LMT) will now team with the Department of Defense Cyber Crime Center (DC3) to thwart another type of enemy — cyber criminals.
The company has been selected to deliver a full range of technical, functional, and managerial support to the DC3, which provides vital assistance in the investigation of criminal, counterintelligence and counterterrorism matters, as well as cyber security support to Defense Industrial Base partners. The work will be conducted through a task order awarded by the General Services Administration’s Federal Systems Integration and Management Center under the General Services Administration Alliant Contract. The task order has a ceiling value of $454 million if all options are exercised.
“DC3 faces compelling requirements for superior digital forensics and multi-media lab services, related research, development, test and evaluation, and cyber analytics,” said Steve Shirley, executive director of the Center in Linthicum, Md. “Responsive and capable industry mission partners are a significant feature of DC3’s operations. We’re looking forward to a smooth transition as Lockheed Martin becomes a key mission partner, and we’re confident the company’s capabilities will help us succeed in our future challenges.” The Lockheed Martin team will bring to DC3 its extensive cyber analysis expertise gained through its role in protecting some of the most-sensitive information networks in the world. As the leading IT provider for the federal government 17 consecutive years (Washington Technology), Lockheed Martin also has executed many successful large contract transitions.
“As DC3’s new mission partner, we’re excited to assist the Center as it expands and advances its technical capabilities in support of DoD criminal investigative, counterintelligence, and counterterrorism organizations, and to help safeguard the networks of Defense Industrial Base partners,” said Gerry Fasano, president of Lockheed Martin Information Systems & Global Solutions-Defense (IS&GS-Defense).
Because of its size and importance, the DoD is targeted by cyber criminals ranging from terrorists to spies to identity thieves. “Our industry team provides solutions to address a cyber threat environment that is highly dynamic and growing in volume and complexity,” said Dr. Rohan Amin, DC3 program director for Lockheed Martin IS&GS-Defense. “We recognize the uniqueness of the mission and look forward to working with DC3 to address these future challenges.”
Lockheed Martin’s scope of work will include digital and multimedia forensics examination, analysis, research, development, test and evaluation, information technology and cyber analytical services. The primary work will be conducted at DC3 headquarters in Linthicum, Md.Headquartered in Bethesda, Md., Lockheed Martin is a global security company that employs about 123,000 people worldwide and is principally engaged in the research, design, development, manufacture, integration and sustainment of advanced technology systems, products and services. The Corporation's net sales for 2011 were $46.5 billion.
Sujet: Re: Cyber War/Guerre informatique Sam 5 Mai 2012 - 2:16
FBI: We need wiretap-ready Web sites - now
CNET
Citation :
CNET learns the FBI is quietly pushing its plan to force surveillance backdoors on social networks, VoIP, and Web e-mail providers, and is asking Internet companies not to oppose a law making those backdoors mandatory.
Citation :
The FBI is asking Internet companies not to oppose a controversial proposal that would require firms, including Microsoft, Facebook, Yahoo, and Google, to build in backdoors for government surveillance.
In meetings with industry representatives, the White House, and U.S. senators, senior FBI officials argue the dramatic shift in communication from the telephone system to the Internet has made it far more difficult for agents to wiretap Americans suspected of illegal activities, CNET has learned.
The FBI general counsel's office has drafted a proposed law that the bureau claims is the best solution: requiring that social-networking Web sites and providers of VoIP, instant messaging, and Web e-mail alter their code to ensure their products are wiretap-friendly.
"If you create a service, product, or app that allows a user to communicate, you get the privilege of adding that extra coding," an industry representative who has reviewed the FBI's draft legislation told CNET. The requirements apply only if a threshold of a certain number of users is exceeded, according to a second industry representative briefed on it.
The FBI's proposal would amend a 1994 law, called the Communications Assistance for Law Enforcement Act, or CALEA, that currently applies only to telecommunications providers, not Web companies. The Federal Communications Commission extended CALEA in 2004 to apply to broadband networks.
FBI Director Robert Mueller is not asking companies to support the bureau's CALEA expansion, but instead is "asking what can go in it to minimize impacts," one participant in the discussions says. That included a scheduled trip this month to the West Coast -- which was subsequently postponed -- to meet with Internet companies' CEOs and top lawyers.
A further expansion of CALEA is unlikely to be applauded by tech companies, their customers, or privacy groups. Apple (which distributes iChat and FaceTime) is currently lobbying on the topic, according to disclosure documents filed with Congress two weeks ago. Microsoft (which owns Skype and Hotmail) says its lobbyists are following the topic because it's "an area of ongoing interest to us." Google, Yahoo, and Facebook declined to comment.
In February 2011, CNET was the first to report that then-FBI general counsel Valerie Caproni was planning to warn Congress of what the bureau calls its "Going Dark" problem, meaning that its surveillance capabilities may diminish as technology advances. Caproni singled out "Web-based e-mail, social-networking sites, and peer-to-peer communications" as problems that have left the FBI "increasingly unable" to conduct the same kind of wiretapping it could in the past.
In addition to the FBI's legislative proposal, there are indications that the Federal Communications Commission is considering reinterpreting CALEA to demand that products that allow video or voice chat over the Internet -- from Skype to Google Hangouts to Xbox Live -- include surveillance backdoors to help the FBI with its "Going Dark" program. CALEA applies to technologies that are a "substantial replacement" for the telephone system.
"We have noticed a massive uptick in the amount of FCC CALEA inquiries and enforcement proceedings within the last year, most of which are intended to address 'Going Dark' issues," says Christopher Canter, lead compliance counsel at the Marashlian and Donahue law firm, which specializes in CALEA. "This generally means that the FCC is laying the groundwork for regulatory action." Subsentio, a Colorado-based company that sells CALEA compliance products and worked with the Justice Department when it asked the FCC to extend CALEA seven years ago, says the FBI's draft legislation was prepared with the compliance costs of Internet companies in mind.
In a statement to CNET, Subsentio President Steve Bock said that the measure provides a "safe harbor" for Internet companies as long as the interception techniques are "'good enough' solutions approved by the attorney general." Another option that would be permitted, Bock said, is if companies "supply the government with proprietary information to decode information" obtained through a wiretap or other type of lawful interception, rather than "provide a complex system for converting the information into an industry standard format."
A representative for the FBI told CNET today that: "(There are) significant challenges posed to the FBI in the accomplishment of our diverse mission. These include those that result from the advent of rapidly changing technology. A growing gap exists between the statutory authority of law enforcement to intercept electronic communications pursuant to court order and our practical ability to intercept those communications. The FBI believes that if this gap continues to grow, there is a very real risk of the government 'going dark,' resulting in an increased risk to national security and public safety."
Next steps
The FBI's legislation, which has been approved by the Department of Justice, is one component of what the bureau has internally called the "National Electronic Surveillance Strategy." Documents obtained by the Electronic Frontier Foundation show that since 2006, Going Dark has been a worry inside the bureau, which employed 107 full-time equivalent people on the project as of 2009, commissioned a RAND study, and sought extensive technical input from the bureau's secretive Operational Technology Division in Quantico, Va. The division boasts of developing the "latest and greatest investigative technologies to catch terrorists and criminals." But the White House, perhaps less inclined than the bureau to initiate what would likely be a bruising privacy battle, has not sent the FBI's CALEA amendments to Capitol Hill, even though they were expected last year. (A representative for Sen. Patrick Leahy, head of the Judiciary committee and original author of CALEA, said today that "we have not seen any proposals from the administration.") Mueller said in December that the CALEA amendments will be "coordinated through the interagency process," meaning they would need to receive administration-wide approval.
Stewart Baker, a partner at Steptoe and Johnson who is the former assistant secretary for policy at Homeland Security, said the FBI has "faced difficulty getting its legislative proposals through an administration staffed in large part by people who lived through the CALEA and crypto fights of the Clinton administration, and who are jaundiced about law enforcement regulation of technology -- overly jaundiced, in my view."
On the other hand, as a senator in the 1990s, Vice President Joe Biden introduced a bill at the FBI's behest that echoes the bureau's proposal today. Biden's bill said companies should "ensure that communications systems permit the government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law." (Biden's legislation spurred the public release of PGP, one of the first easy-to-use encryption utilities.)
The Justice Department did not respond to a request for comment. An FCC representative referred questions to the Public Safety and Homeland Security Bureau, which declined to comment.
From the FBI's perspective, expanding CALEA to cover VoIP, Web e-mail, and social networks isn't expanding wiretapping law: If a court order is required today, one will be required tomorrow as well. Rather, it's making sure that a wiretap is guaranteed to produce results.
But that nuanced argument could prove radioactive among an Internet community already skeptical of government efforts in the wake of protests over the Stop Online Piracy Act, or SOPA, in January, and the CISPA data-sharing bill last month. And even if startups or hobbyist projects are exempted if they stay below the user threshold, it's hardly clear how open-source or free software projects such as Linphone, KPhone, and Zfone -- or Nicholas Merrill's proposal for a privacy-protective Internet provider -- will comply.
The FBI's CALEA amendments could be particularly troublesome for Zfone. Phil Zimmermann, the creator of PGP who became a privacy icon two decades ago after being threatened with criminal prosecution, announced Zfone in 2005 as a way to protect the privacy of VoIP users. Zfone scrambles the entire conversation from end to end.
"I worry about the government mandating backdoors into these kinds of communications," says Jennifer Lynch, an attorney at the San Francisco-based Electronic Frontier Foundation, which has obtained documents from the FBI relating to its proposed expansion of CALEA.
As CNET was the first to report in 2003, representatives of the FBI's Electronic Surveillance Technology Section in Chantilly, Va., began quietly lobbying the FCC to force broadband providers to provide more-efficient, standardized surveillance facilities. The FCC approved that requirement a year later, sweeping in Internet phone companies that tie into the existing telecommunications system. It was upheld in 2006 by a federal appeals court.
But the FCC never granted the FBI's request to rewrite CALEA to cover instant messaging and VoIP programs that are not "managed"--meaning peer-to-peer programs like Apple's Facetime, iChat/AIM, Gmail's video chat, and Xbox Live's in-game chat that do not use the public telephone network.
If there is going to be a CALEA rewrite, "industry would like to see any new legislation include some protections against disclosure of any trade secrets or other confidential information that might be shared with law enforcement, so that they are not released, for example, during open court proceedings," says Roszel Thomsen, a partner at Thomsen and Burke who represents technology companies and is a member of an FBI study group. He suggests that such language would make it "somewhat easier" for both industry and the police to respond to new technologies.
But industry groups aren't necessarily going to roll over without a fight. TechAmerica, a trade association that includes representatives of HP, eBay, IBM, Qualcomm, and other tech companies on its board of directors, has been lobbying against a CALEA expansion. Such a law would "represent a sea change in government surveillance law, imposing significant compliance costs on both traditional (think local exchange carriers) and nontraditional (think social media) communications companies," TechAmerica said in e-mail today.
Ross Schulman, public policy and regulatory counsel at the Computer and Communications Industry Association, adds: "New methods of communication should not be subject to a government green light before they can be used." Last updated at 12:30 p.m. PT
Citation :
"Going Dark" timeline June 2008: FBI Director Robert Mueller and his aides brief Sens. Barbara Mikulski, Richard Shelby, and Ted Stevens on "Going Dark."
June 2008: FBI Assistant Director Kerry Haynes holds "Going Dark" briefing for Senate appropriations subcommittee and offers a "classified version of this briefing" at Quantico.
August 2008: Mueller briefed on Going Dark at strategy meeting.
September 2008: FBI completes a "high-level explanation" of CALEA amendment package.
May 2009: FBI Assistant Director Rich Haley briefs Senate Intelligence committee and Mikulsi staffers on how bureau is "dealing with the 'Going Dark' issue.'" Mikulski plans to bring up "Going Dark" at a closed-door hearing the following week. May 2009: Haley briefs Rep. Dutch Ruppersberger, currently the top Democrat on House Intelligence, who would later co-author CISPA.
September 2008: FBI staff briefed by RAND, which was commissioned to "look at" Going Dark.
November 2008: FBI Assistant Director Marcus Thomas, who oversees the Quantico-based Operational Technology Division, prepares briefing for President-Elect Obama's transition team.
December 2008: FBI intelligence analyst in Communications Analysis Unit begins analysis of VoIP surveillance.
February 2009: FBI memo to all field offices asks for anecdotal information about cases where "investigations have been negatively impacted" by lack of data retention or Internet interception.
March 2009: Mueller's advisory board meets for a full-day briefing on Going Dark.
April 2009: FBI distributes presentation for White House meeting on Going Dark.
April 2009: FBI warns that the Going Dark project is "yellow," meaning limited progress, because of "new administration personnel not being in place for briefings."
April 2009: FBI general counsel's office reports that the bureau's Data Interception Technology Unit has "compiled a list of FISA dockets... that the FBI has been unable to fully implement." That's a reference to telecom companies that are already covered by the FCC's expansion of CALEA.
May 2009: FBI's internal Wikipedia-knockoff Bureaupedia entry for "National Lawful Intercept Strategy" includes section on "modernize lawful intercept laws."
May 2009: FBI e-mail boasts that the bureau's plan has "gotten attention" from industry, but "we need to strengthen the business case on this."
June 2009: FBI's Office of Congressional Affairs prepares Going Dark briefing for closed-door session of Senate Appropriations subcommittee.
July 2010: FBI e-mail says the "Going Dark Working Group (GDWG) continues to ask for examples from Cvber investigations where investigators have had problems" because of new technologies.
September 2010: FBI staff operations specialist in its Counterterrorism Division sends e-mail on difficulties in "obtaining information from Internet Service Providers and social-networking sites."
Une "reponse" face a la decouverte que alQda utilise de la steganographie, le cauchemard de la cryptanalysis? et que des groups "terro" au pakistan ont etabli leur propre reseau VoIP GPRS?
messages : 21656 Inscrit le : 15/09/2009 Localisation : 511 Nationalité : Médailles de mérite :
Sujet: Re: Cyber War/Guerre informatique Sam 5 Mai 2012 - 14:21
tres interessant l´article de Zeit comme ca on sait ce que zawahiri et ses lieutenants regardent en temps libre
Citation :
made it far more difficult for agents to wiretap Americans suspected of illegal activities
reste a voir s´ils veulent seulement limiter ca aux US ou ratisser large? en tout cas si ca passe hotmail Facebook and co vont y laisser des plumes
_________________
Invité Invité
Sujet: Re: Cyber War/Guerre informatique Sam 5 Mai 2012 - 22:53
Yakuza a écrit:
tres interessant l´article de Zeit comme ca on sait ce que zawahiri et ses lieutenants regardent en temps libre
Citation :
made it far more difficult for agents to wiretap Americans suspected of illegal activities
reste a voir s´ils veulent seulement limiter ca aux US ou ratisser large? en tout cas si ca passe hotmail Facebook and co vont y laisser des plumes
Exact, et nous savons maintenant comment on peut aide la "cause" des deux cotes pendant notre temps libre.......... ou peut etre pas
Concernant le FBI, il existe au moins 2 elements:
1 - la montee en puissance de la NSA pousse les autres services a garder l'equilibre...competition entre differentes bureaux oblige. Si le fer de lance de la NSA c'est la science, le FBI lui ne peut compter que sur la loi, surtout que la cours supreme lui avait interdit de placer des engins de tracking GPS sans authorization judiciaire apres plusieurs scandales et que certains technos d'authentifications sur Android se sont averee incrackables (dans les delais et le budget du FBI)
FBI Turns Off Thousands of GPS Devices After Supreme Court Ruling
FBI, stumped by pimp's Android pattern lock, serves warrant on Google
Anoter que la police bresilienne, il y'a 3 ans, avait torture un banquier accuse de blanchiment d'argent de drogue pour qu'il crache le password TrueCrypt (logiciel open source de cryptage) ou il avait mis ses documents. La methode, low-tech, avait produit le resulat escompte en bonne et due forme
2- a cause de l'architecture internet, (pratiquement) toutes les voies du traffic IP menent aux US. Il 'sagit d'un cadeau de facto qu'il serait stupide de negliger, avec les milliers de docs, de communications et d'autres information qui transiteraient par des serveurs US sans que les autoritees ne soient capables d'y acceder. Le crackdown sur les services d'anonymization en fait partie.
FBI Seizes Activists' Anonymizing Server In Probe Of Pittsburgh's Bomb Threats
Pour retourner a la question brulante de la steganographie, la methode suivie pour le moment est de se fier au flair human, le HUMINT pour filtrer les suspects. Technologiquement, des logs de securite sont mis a jours avec des signatures de logiciles connus de stegano. Le probelem est que a l'age ou des groupes arrivent a monter leur propre reseau cellulaire VoIP avec une encryption prorietaire, ou meme open source de qualite industrielle, d'autres groupes seront de meme autonomes technologiquement pour ces affaires de cryptage, et cette methode de signatures tombera a l'eau. pour l'anecdote l'un des premier "ONG" a utiliser massivement la stegano etait la maffia italienne durant les 90's qui distribuait des information entre l'europe et l'amerique par le biais d'innocentes photos de familia... Les renseignements occidentaux du futurs feront vraisemblablement un retour massif au facteur humain, il n'y a pas de doute IMHO.
De Wikipedia: http://en.wikipedia.org/wiki/Steganography
Cette photo
est a l'interieure de celle-ci:
Invité Invité
Sujet: Re: Cyber War/Guerre informatique Ven 18 Mai 2012 - 18:12
Pour continuer sur le theme de la steganographie et sa contre-mesure, steganalysis:
Steganography, the art and science of hiding communication, has been a part of spy craft and military strategy for millennia. In the Histories of Herodotus, written in 440 BC, the author recounts the story of Histiaeus, who shaved the head of his most trusted slave, tattooed a message on his scalp and, once the hair had grown back, sent the man through enemy lines to deliver the message.
Unlike cryptography, where the message is evident but its meaning is obscured, the goal of steganography is to hide the message entirely so only the sender and the recipient know of its existence - what the Communications Research Centre's (CRC) Dr. Ken Sala refers to as "hiding in plain sight." And, like all things in the modern world, steganography has gone digital.
"Most people don't understand that each time you visit a website the photographs from that website are downloaded to your computer," explains Sala.
That, added to the recent proliferation of cheap, accessible steganography software, means you may already have altered or "dirty" files on your computer with no knowledge that they're there, and this has some companies and government departments concerned. While most steganography software is used for legitimate purposes, the fear is that these powerful programs could be used to mask illegal activity such as the theft of trade secrets or the exchange of child pornography. Both private companies and government departments are looking for ways to ensure their computers and websites are free of corrupted files.
"When you consider that there are over 2.5 trillion images exchanged through the Internet on a daily basis," says Sala, "the potential scope of the problem becomes clear."
Most steganography software is used lawfully for securing computer files. In the age of the laptop, where a hard drive may contain secret company files as well as bank passwords and personal information, the software can be employed to hide sensitive material and thus protect it in the event that the laptop is lost or stolen. Many companies also want to secure desktop computers within the workplace, especially those of people working on classified projects.
Sala's interest is the flip side of steganography, the science of steganalysis. While the steganographer's goal is to hide the message, Sala's research focuses on ways to detect altered files.All digital steganography involves one or several carrier files - often image files - as well as the image or message the sender wishes to hide. What is important to understand, says Sala, is that the steganography software embeds the hidden image in the binary code of the carrier file. There is no "picture-within-a-picture," so no matter how hard you stare, the faint outline of the hidden image will never emerge. Rather, says Sala, digital steganography uses binary code to exploit a weakness in the human eye.
Each pixel within a digital image is made up of 24 bits of information - a string of zeros and ones that translate into the pixel's colour. But with 24 bits, a computer can generate over 16 million colours, far more than the eye can distinguish. To embed the hidden message, then, the steganography software "steals" bits from each pixel and replaces them with the binary code for the secret digital file. By stealing only the least significant bits within any pixel, the very slight alteration in hue can't be detected by the human eye. So how much information can you hide in a snapshot?
"Just think of a common digital camera," says Sala. "You have 3600 x 2400 pixels in each image, and each pixel is coded by 24 bits. I can easily steal six bits from each pixel and not noticeably alter the colours. That means I can commandeer over 50 megabits for my hidden message in only a single image. I can put the whole text of the Bible in 50 megabits."
To extract the hidden image or message, the recipient then uses the software to strip away the code for the carrier file, leaving only the code for the secret message. These bits are then reassembled into an array that can be displayed as a JPEG, GIF or other file. While this simple substitution of the hidden-message code for least-significant-bits (lsb) is relatively easy to detect, says Sala, the new, more sophisticated steganography tools now allow users to encrypt their code before embedding it in the carrier file, as well as spread it out across multiple files. Each picture in the "family album" could thus contain an encrypted section of code from the hidden message or image, and this, says Sala, makes the altered files extremely difficult to detect.
Sala's research focuses on the use of neural networks to detect hidden files. Neural networks, he explains, are computer networks made up of simple "artificial neurons" that process information. Working together, these "artificial neurons" function much like a human brain, learning from past experience and coming up with novel ways to solve a problem. According to Sala, the advantage of using a neural network to search for altered files is two-fold. First neural networks can process vast amounts of information.
"You can throw tens of thousands of images per second at these neural networks and they just spit out an answer: clean or suspect."
Second, they learn, so as steganographers come up with increasingly convoluted ways to hide information, the neural network will evolve and adapt. But to carry out a complex task like detecting hidden files, the neural network, says Sala, must be trained, and this involves presenting the network with as many varieties of clean and altered files as possible.
"It's like training a child. You start with the easy stuff and progress to the hard stuff, giving feedback along the way."
Sala is currently building a database of clean and dirty files, trying to develop the most nefarious ways imaginable to embed hidden messages. These files will then be used to train a neural network to detect anomalies in a file's structure that would indicate a hidden message. If he succeeds - if he is able to train a neural network to flag suspect files - he'll have, he says, the electronic equivalent of a sniffer dog. With this powerful tool, able to scan large numbers of files in a short period of time, resources can be focussed on cracking open only the suspect files.
"To do this kind of work," says Sala, "we need something fast, that can evolve and learn, but we also need something that is in-house, not in the public domain. Once a new kind of steganalysis software is on the market, the people who are using this kind of technology for illicit purposes have already figured out a way to get around it. With neural networks, that's almost impossible."
For more information contact Ken Sala, Research Scientist, Integrated Electronics, at 613-998-2823 or info@crc.gc.ca.
Version FR
Citation :
La stéganographie est l'art ou la science de la dissimulation des communications. Elle fait partie des méthodes d'espionnage et des stratégies militaires depuis plus des millénaires. Dans les Histoires d'Hérodote, écrites en 440 avant Jésus-Christ, l'auteur raconte l'histoire d'Histiaeus qui a rasé la tête de son esclave le plus fidèle afin d'y tatouer un message avant de l'envoyer, une fois sa chevelure repoussée, à travers les lignes ennemies pour livrer ce message. Contrairement à la cryptographie, pour laquelle le message est évident, mais la signification demeure obscure, le but de la stéganographie consiste à cacher complètement le message pour que seuls l'expéditeur et le destinataire en connaissent l'existence, une méthode que Ken Sala du Centre de recherches sur les communications (CRC) appelle la « dissimulation en plein jour ». Et comme chaque chose du monde moderne, la stéganographie est passée à l'ère numérique.
« La plupart des gens l'ignorent, mais chaque fois qu'ils visitent un site Web, ils téléchargent les photographies de ce site dans leur ordinateur », explique Ken Sala.
Cette situation et la récente prolifération de logiciels stéganographiques peu coûteux et faciles à utiliser signifient que ces personnes possèdent peut-être déjà, à leur insu, des fichiers modifiés ou « sales » dans leur ordinateur. Une telle situation inquiète beaucoup d'entreprises et de ministères. La majorité des logiciels stéganographiques servent à des fins légitimes, mais on craint que ces puissants programmes soient utilisés pour dissimuler des activités illégales, comme le vol de secrets commerciaux ou l'échange de pornographie juvénile. Les entreprises privées et les ministères cherchent comment protéger leurs ordinateurs et leurs sites Web contre les fichiers corrompus.
« Quand on apprend que le nombre d'images échangées quotidiennement sur Internet dépasse les 2,5 billions », souligne Ken Sala, « on saisit instantanément l'ampleur éventuelle du problème. »
La plupart des logiciels stéganographiques sont utilisés de façon légitime pour protéger des fichiers d'ordinateur. À l'ère de l'ordinateur portatif, chaque disque dur peut contenir des fichiers commerciaux secrets, des mots de passe bancaires ou des renseignements personnels. De tels logiciels peuvent servir à cacher l'information sensible et, ainsi, à la protéger en cas de perte ou de vol d'un ordinateur portatif. De nombreuses entreprises souhaitent également protéger leurs ordinateurs de bureau en milieu de travail, et surtout ceux utilisés par des personnes travaillant sur des projets classifiés.
Ken Sala s'intéresse à un autre aspect de la stéganographie, soit la science de la stéganalyse. Le but de la stéganographie consiste à dissimuler le message, mais les recherches de Ken Sala portent plutôt sur les façons de détecter les fichiers modifiés. La stéganographie numérique nécessite un ou plusieurs fichiers de transport (souvent des fichiers images) et l'image ou le message que l'expéditeur souhaite caché. Ce qu'il faut comprendre, explique Ken Sala, c'est que les logiciels stéganographiques intègrent l'image cachée dans le code binaire du fichier de transport. Il n'y a aucune « image dans l'image ». Même si vous observiez sans arrêt, vous ne verriez jamais le fin contour de l'image cachée. En fait, explique Ken Sala, la stéganographie numérique utilise le code binaire pour exploiter une faiblesse de l'œil humain.
Chaque pixel d'une image numérique est composé de 24 bits d'information, c'est-à-dire d'une série de « 0 » et de « 1 » qui détermine la couleur du pixel. Avec ces 24 bits, un ordinateur peut générer plus de 16 millions de couleurs, soit bien plus que l'œil peut en distinguer. Ainsi, pour dissimuler un message, les logiciels stéganographiques « volent » des bits à chaque pixel et les remplacent par le code binaire du fichier numérique secret. En volant seulement les bits les moins importants de chaque pixel, l'œil humain ne peut pas détecter la très légère altération des teintes. Ainsi donc, quelle quantité d'information peut-on cacher dans un cliché?
« Songeons seulement à une caméra numérique ordinaire », explique Ken Sala. « Chaque image contient 3 600 pixels sur 2 400 pixels, et chaque pixel compte 24 bits. Je peux facilement voler six bits à chaque pixel sans altérer de façon visible les couleurs. Cela signifie donc que je peux cacher un message de plus de 50 mégabits dans chaque image. Le texte complet de la Bible compte moins de 50 mégabits. »
Pour extraire l'image ou le message caché, le destinataire doit utiliser un logiciel pour dépouiller le code du fichier de transport et obtenir ainsi le code du message secret. Il réassemble ensuite les bits pour former un fichier JPG, GIF ou autre. La simple substitution du code du message caché aux bits les moins significatifs est relativement facile à détecter, précise Ken Sala, mais les nouveaux outils stéganographiques de pointe permettent aux utilisateurs de chiffrer leur code avant de l'intégrer dans le fichier de transport ou de le répartir dans plusieurs fichiers. Chaque image de l'« album de famille » peut donc contenir une partie chiffrée du code de l'image ou du message caché. Voilà ce qui rend extrêmement difficile la détection de ces fichiers modifiés, s'exclame Ken Sala.
Les recherches de Ken Sala se concentrent sur l'utilisation des réseaux neuronaux pour détecter les fichiers cachés. Les réseaux neuronaux, explique-t-il, sont des réseaux d'ordinateurs composés de simples « neurones artificiels » qui traitent de l'information. Ensemble, ces « neurones artificiels » fonctionnent beaucoup comme le cerveau humain, c'est-à-dire qu'ils tirent des leçons de leurs expériences passées et qu'ils trouvent de nouvelles façons de résoudre des problèmes. Selon Ken Sala, l'utilisation d'un réseau neuronal pour la recherche de fichiers modifiés comporte un double avantage. Premièrement, les réseaux neuronaux peuvent traiter de grandes quantités d'information.
« Vous pouvez présenter des dizaines de milliers d'images par seconde à ces réseaux neuronaux pour obtenir une réponse instantanée : correct ou suspect. »
Deuxièmement, ils sont capables d'apprendre à mesure que les stéganographes complexifient leurs convolutions pour dissimuler de l'information et, conséquemment, d'évoluer et de s'y adapter. Mais avant d'effectuer une tâche complexe comme la détection de fichiers cachés, indique Ken Sala, il faut entraîner chaque réseau neuronal en lui présentant le plus grand nombre possible de variétés de fichiers propres ou modifiés.
« Cet apprentissage ressemble à celui d'un enfant. On commence par des choses simples, puis on passe à des éléments plus difficiles tout en formulant continuellement des commentaires. »
Ken Sala construit actuellement une base de données de fichiers propres et sales et il essaie de trouver les façons les plus abjectes d'intégrer des messages cachés. Ces fichiers serviront ensuite à entraîner chaque réseau neuronal à détecter les anomalies structurelles d'un fichier dissimulant un message caché. S'il réussit, s'il devient capable d'entraîner un réseau neuronal à signaler des fichiers suspects, alors il obtiendra l'équivalent d'un chien-pisteur. Grâce à un outil aussi puissant et à sa grande capacité de traitement de fichiers en peu de temps, on pourra consacrer les ressources au craquage de fichiers suspects seulement.
« Pour accomplir une tâche semblable », affirme Ken Sala, « nous avons besoin d'un dispositif rapide, capable d'évoluer et d'apprendre, mais nous avons aussi besoin d'un outil conçu en interne, qui n'appartient pas au domaine public. Chaque fois qu'un nouveau type de logiciel stéganographique est mis sur le marché, les personnes qui utilisent cette technologie à des fins illicites savent déjà comment le contourner. Les réseaux neuronaux rendront un tel contournement presque impossible. »
Pour de plus amples renseignements, veuillez communiquer avec Ken Sala, cherchheur scientifique, Électroniques intégrées, à info@crc.gc.ca ou au 613-998-2823.
Invité Invité
Sujet: Re: Cyber War/Guerre informatique Mar 22 Mai 2012 - 19:14
Citation :
How Canada’s telecoms quietly backed Internet surveillance bill
Canada’s proposed Internet surveillance was back in the news recently after speculation grew that government intends to keep the bill in legislative limbo until it dies on the order paper. Public Safety Minister Vic Toews denied the reports, maintaining that Bill C-30 will still be sent to committee for further study.
Since its introduction in mid-February, the privacy and law enforcement communities have continued to express their views on the bill, but Canada’s telecom service providers, which include the major telecom carriers and Internet service providers, have remained strangely silent. The silence is surprising given the enormous implications of the bill for the privacy of their customers and the possibility of millions of dollars in new surveillance equipment costs, active co-operation with law enforcement, and employee background checks.
While some attribute the Internet surveillance silence to an attempt to avoid picking sides in the high stakes privacy and security battle, documents obtained under the Access to Information Act and reported here for the first time offer a different, more troubling explanation. In the months leading up to the introduction Bill C-30, Canada’s telecom companies worked actively with government officials to identify key issues and to develop a secret industry-government collaborative forum on lawful access.
The working group includes virtually all the major telecom and cable companies, whose representatives have signed nondisclosure agreements and been granted secret-level security clearance. The group is led by Bell Canada on the industry side and Public Safety for the government.
The inaugural meeting, held just three weeks before Bill C-30 was introduced, included invitations to 11 companies (Bell Canada, Cogeco, Eagle, MTS Allstream, Quebecor, Research In Motion, Rogers, Sasktel, Telus, Vidéotron, and Wind Mobile) along with two industry associations (the Canadian Wireless Telecommunications Association and the Canadian Network Operators Consortium).
The secret working group is designed to create an open channel for discussion between telecom providers and government. As the uproar over Bill C-30 was generating front-page news across the country, Bell reached out to government to indicate that “it was working its way through C-30 with great interest” and expressed desire for a meeting to discuss disclosure of subscriber information. A few weeks later, it sent another request seeking details on equipment obligations to assist in its costing exercises.
Months before the January 2012 meeting, officials worked with the telecom companies to identify many concerns and provide guidance on the government’s intent on Internet surveillance regulations, information that has never been publicly released.
For example, a December 2011 draft list of lawful access issues features questions about surveillance of social networks, cloud computing facilities, and Wi-Fi networks. The telecom companies raise many questions about compensation, such as “a formula for adequate compensation” for the disclosure of subscriber information as well as payment for testing surveillance capabilities and providing surveillance assistance.
At a September 2011 meeting that included Bell Canada, Cogeco, RIM, Telus, Rogers, Microsoft, and the Information Technology Association of Canada, government officials provided a lawful access regulations policy document that offered guidance on plans for extensive regulations that will ultimately accompany the Internet surveillance legislation.
The 17-page document indicates that providers will be required to disclose certain subscriber information without a warrant within 48 hours and within 30 minutes in exceptional circumstances. Interceptions of communications may also need to be established within 30 minutes of a request, with capabilities that include simultaneous interceptions for five law enforcement agencies.
The close co-operation between the government and telecom providers has created a two-tier approach to Internet surveillance policy, granting privileged access and information for telecom providers. Meanwhile, privacy and civil society groups, opposition MPs and millions of interested Canadians are kept in the dark about the full extent of the government’s plans. The public has already indicated its opposition to the bill. The secrecy and backroom industry talks associated with Bill C-30 provides yet another reason to hit the reset button.
Michael Geist holds the Canada research chair in Internet and e-commerce law at the University of Ottawa. He can be reached online at www.michaelgeist.ca.
Toronto Star
Invité Invité
Sujet: Re: Cyber War/Guerre informatique Mer 23 Mai 2012 - 22:36
Ara berra3
Source: NSA
Citation :
National Centers of Academic Excellence - Cyber Operations
The National Security Agency (NSA) is pleased to announce the establishment of a new National Centers of Academic Excellence (CAE) in Cyber Operations Program. The program is in support of the President's National Initiative for Cybersecurity Education (NICE): Building a Digital Nation and furthers the goal to broaden the pool of skilled workers capable of supporting a cyber-secure nation.
The CAE-Cyber Operations program is intended to be a deeply technical, inter-disciplinary, higher education program firmly grounded in the computer science (CS), computer engineering (CE), and/or electrical engineering (EE) disciplines, with extensive opportunities for hands-on applications via labs/exercises.
The CAE-Cyber Operations program complements the existing Centers for Academic Excellence (CAE) in Information Assurance Education (CAE-IAE) and Research (CAE-R) programs, providing a particular emphasis on technologies and techniques related to specialized cyber operations (e.g., collection, exploitation, and response), to enhance the national security posture of our Nation. These technologies and techniques are critical to intelligence, military and law enforcement organizations authorized to perform these specialized operations.
For information on the Centers of Academic Excellence in Information Assurance Education and Research, please visit the Information Assurance section of our web site.
... After a rigorous application and screening process, NSA selected this month the first four schools to receive the CAE-Cyber Operations designation for the 2012-2013 academic year: Dakota State University, South Dakota; the Naval Postgraduate School, California; Northeastern University, Massachusetts; and the University of Tulsa in Oklahoma. The program will complement 145 existing centers of academic excellence (CAEs) in research and information assurance education, jointly overseen by the agency and the Department of Homeland Security. ...
La robitisation et "dronification" de l'armee, invesstissemt logique contre la guerilla necessitera d'etendre ces capacitee et de les proteger. Il s'agira aussi de maintenir le transfert de competences public/militaire/privee pour preparer les nouveaux geants US du futur.
Invité Invité
Sujet: Re: Cyber War/Guerre informatique Mar 29 Mai 2012 - 15:31
Citation :
IT security training event in Morocco by SANS
SANS Europeis pleased to present its first ever event in Morocco this August following rising demand for IT security training from across North Africa. SANS Morocco 2012 will run consecutively from August 27th to September 1st at the Le Royal Mansour Meridien in Casablanca.
“Over the last few months, we have received a huge number of requests from the SANS community in North Africa to hold an event within the region,” explains Gareth Dance, GSEC Conference Director, EMEA SANS Institute, “In response, we have decided to run two of our most popular courses and we invite students interested in the event to apply early as places are limited and filling up quickly.”
The Security 401: SANS Security Essentials Bootcamp Style offers the opportunity to learn the language and underlying theory of computer security. The course also offers essential, up-to-the-minute knowledge and skills required for people responsible for securing systems and organizations. The six-day course will be taught by Jim Herbeck, SANS Certified Instructor and co-founder of the Business Information Security Competency Center at the Geneva School of Business Administration. Security 401 is also is endorsed by the Committee on National Security Systems (CNSS) NSTISSI 4013 Standard for Systems Administrators in Information Systems Security (INFOSEC).
SANS Certified Instructor Steve Armstrong will be teaching the SANS Security 504: Hacker Techniques, Exploits & Incident Handling. The six-day course is aimed at helping information security professionals understand attackers' tactics and strategies with hands-on experience in finding vulnerabilities and discovering intrusions. The course is designed to equip IT professionals with a comprehensive incident handling plan and the legal issues associated with responding to computer attacks, including employee monitoring, working with law enforcement, and handling evidence.
SecurityPark
http://www.sans.org/morocco-2012/location.php
Citation :
The SANS Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world. A range of individuals from auditors and network administrators, to chief information security officers are sharing the lessons they learn and are jointly finding solutions to the challenges they face. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community. SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - the Internet Storm Center.
http://www.sans.org/about/sans.php
Invité Invité
Sujet: Re: Cyber War/Guerre informatique Mar 29 Mai 2012 - 16:42
hohoho
Citation :
Newly Discovered "Flame" Cyber Weapon On Par With Stuxnet, Duqu
"Flame" a Highly Sophisticated and Discreet Cyber Weapon Has Been Discovered Targeting the Middle East
A new cyber threat some say rivals Stuxnet and Duqu in complexity has been discovered on systems in the Middle East.
Known as Flame or Flamer, the threat is an attack toolkit that appears to be targeting systems in several countries, principally Iran and Israel (West Bank). Earlier today, Iran’s National Computer Emergency Response Team issued an alert stating the malware was tied to multiple incidents of “mass data loss” in the country’s computer networks.
The first confirmed appearance of the malware has been traced to 2010, though Symantec also said it has unconfirmed reports stretching back to 2007.
According to Kaspersky Lab, Flame is a backdoor Trojan with worm-like features that allow it to propagate itself on local networks and removable media. When a system is infected, the malware begins a series of operations that range from taking screenshots to recording audio conversations and intercepting network traffic. The malware's operators can also upload additional modules to expand Flame's functionality.
"Flame shares many characteristics with notorious cyber weapons Duqu and Stuxnet: while its features are different, the geography and careful targeting of attacks coupled with the usage of specific software vulnerabilities seems to put it alongside those familiar ‘super-weapons’ currently deployed in the Middle East by unknown perpetrators," blogged Alexander Gostev, head of Kaspersky Lab's Global Research and Analysis team. "Flame can easily be described as one of the most complex threats ever discovered. It’s big and incredibly sophisticated. It pretty much redefines the notion of cyberwar and cyberespionage."
When all of its modules are installed, the malware is 20 MB in size, making it about 20 times larger than Stuxnet. It also contains code written in Lua, a programming language uncommon in the cyber underworld.
"LUA is a scripting (programming) language, which can very easily be extended and interfaced with C code," Gostev explained. "Many parts of Flame have high order logic written in Lua - with effective attack subroutines and libraries compiled from C++…usage of Lua in malware is uncommon. The same goes for the rather large size of this attack toolkit. Generally, modern malware is small and written in really compact programming languages, which make it easy to hide. The practice of concealment through large amounts of code is one of the specific new features in Flame."
The modular nature of the malware suggests its developers created it with the goal of maintaining the project over a long period of time – most likely along with a different set of individuals using the malware, according to Symantec's Security Response team.
"The architecture being employed by W32.Flamer allows the authors to change functionality and behavior within one component without having to rework or even know about the other modules being used by the malware controllers," Symantec noted. "Changes can be introduced as upgrades to functionality, fixes, or simply to evade security products."
"The complexity of the code within this threat is at par with that seen in Stuxnet and Duqu, arguably the two most complex pieces of malware we have analyzed to date," according to Symantec. "As with the previous two threats, this code was not likely to have been written by a single individual but by an organized, well-funded group of people working to a clear set of directives. Certain file names associated with the threat are identical to those described in an incident involving the Iranian Oil Ministry."
According to Gostev, there does not appear to be any overarching theme in regards to targets, indicating that Flame may have been designed for more general cyber-espionage purposes. He speculated that Flame was developed separately from Duqu and Stuxnet, and noted that Flame's developers did not use the Tilded platform used for Duqu and Stuxnet. However, he noted that Flame makes use of the same print spooler vulnerability exploited by Stuxnet. It also abuses AutoRun, just like Stuxnet.
"Currently there are three known classes of players who develop malware and spyware: hacktivists, cybercriminals and nation states," Gostev noted. "Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group…the geography of the targets (certain states are in the Middle East) and also the complexity of the threat leaves no doubt about it being a nation state that sponsored the research that went into it."
SecurityWeek
http://www.wired.com/threatlevel/2012/05/flame/
=========
Citation :
Researchers find backdoor in milspec silicon
A pair of security researchers claim to have found a back door in a commercial field-programmable gate array (FPGA) marketed as a secure tool for military applications.
The FPGA in question is the Actel ProASIC3, a device manufacturer MicroSEMI recommends for use in “portable, consumer, industrial, communications and medical applications with commercial and industrial temperature devices,” but also comes in models boasting “specialized screening for automotive and military systems.”
Sergei Skorobogatov, a researcher at the University of Cambridge, and Christopher Woods of London's Quo Vadis Labs have released a draft paper (PDF) describing a method whereby attackers can “disable all the security on the chip, reprogram crypto and access keys, modify low-level silicon features, access unencrypted configuration bitstream or permanently damage the device.”
The pair chose the ProASIC3 for their tests because, they say, it is a very widely used device, boasts of superior security and is known to have military users. Those qualities, the pair say, made it an ideal subject for a back door hunt.
The pair used the Actel's own analysis tools and the Joint Test Action Group (JTAG) interface to analyse the silicon. That analysis yielded undocumented features, thanks to discovery of what the draft paper calls “command field and data registers.”
The pair also applied differential power analysis (DPA), a method of analysing variations in electrical activity that hint at tasks being performed in silicon, and “ Pipeline Emission Analysis (PEA)” to probe the device “in an attempt to better understand the functionality of each unknown command.” Just how PEA does so is not clear: the draft paper says PEA was developed by the “sponsor” of the research, but that entity is not revealed. Even the footnote describing the technique has been redacted so it reads “ Removed to comply with anonymity requirement for submission”.
But the paper hints PEA is a more sensitive version of DPA, describing it as follows:
“The outstanding sensitivity of the PEA is owed to many factors. One of which is the bandwidth of the analysed signal, which for DPA, stands at 200 MHz while in PEA at only 20 kHz.”
PEA seems to have done the trick, yielding evidence of a passkey that allows control of many features in the FPGA.
“Further investigation,” the paper says, “revealed that this is a backdoor function with the key capable of unlocking many of the undocumented functions, including IP access and reprogramming of secure memory.”
The paper is clearly marked as a draft and Skorobogatov promises to detail the exploit fully at the 2012 Workshop on Cryptographic Hardware and Embedded Systems in Belgium.
One imagines the presentation will be rather well attended.
The Register
GlaivedeSion General de Brigade
messages : 3887 Inscrit le : 15/07/2009 Localisation : ici et la Nationalité : Médailles de mérite :
Sujet: Re: Cyber War/Guerre informatique Mar 29 Mai 2012 - 17:16
Ce virus a fait passer stuxnet et duqu pour des gosses...
_________________ "Nous trouverons un chemin… ou nous en créerons un": Hannibal
Invité Invité
Sujet: Re: Cyber War/Guerre informatique Mar 29 Mai 2012 - 17:44
GlaivedeSion a écrit:
Ce virus a fait passer stuxnet et duqu pour des gosses...
Avec cette taille et fonctionnalitees c'est plus un virus c'est un systeme d'exploitation (au sens litteral)
Yakuza Administrateur
messages : 21656 Inscrit le : 15/09/2009 Localisation : 511 Nationalité : Médailles de mérite :
Sujet: Re: Cyber War/Guerre informatique Mer 30 Mai 2012 - 11:32
20MB stux n´etait que 1,5MB et pourtant..les printers iraniens vont devoir chomer
_________________
Invité Invité
Sujet: Re: Cyber War/Guerre informatique Mer 30 Mai 2012 - 11:47
Yakuza a écrit:
20MB stux n´etait que 1MB et pourtant..les printers iraniens vont devoir chomer
Capacite de telecharger les contacts et le contenu des engins environnants en bluthooth, capacite de faire du screenshort, keylogging et remote desktop, capacite de mettre ajour et d'ajouter des modules independants et pluging, interpreteur de language de script Lua embarque, sys de base de donnes SQLite embarque, capacite d'enregister les conversations Voip sur la machine et utilisation du micro et wqebcam de l'ordinateur a portee, capture de traffic reseau, propagation ingenieuse (parmi d'autres) par le biais d'imprimantes partagees sur le reseau, selon certains sites le machin trainait depuis 6 ou 7 ans dans le coin meme si selon d'autres le malware a ete concu vers 2010...
no comment ou safi
Voici le liens vers le CERT Iranien (MAHER) sur la question:
Citation :
Following to investigations started since 2010, about Stuxnet and Duqu, Iran National CERT (MAHER) has done a technical survey during past several months. MAHER publishes information about the last found sample for the first time. ID: IRCNE2012051505 Date: 2012-05-28
Having conducted multiple investigations during the last few months, the Maher center, the Iranian CERTCC, following the continuous research on the targeted attacks of Stuxnet and Duqu since 2010, announces the latest detection of this attack for the very first time. The attack, codenamed "Flame" is launched by a new malware. The name “Flame” comes from one of the attack modules, located at various places in the decrypted malware code. In fact this malware is a platform which is capable of receiving and installing various modules for different goals. At the time of writing, none of the 43 tested antiviruses could detect any of the malicious components. Nevertheless, a detector was created by Maher center and delivered to selected organizations and companies in first days of May. And now a removal tool is ready to be delivered. Some features of the malware are as follows: · Distribution via removable medias · Distribution through local networks · Network sniffing, detecting network resources and collecting lists of vulnerable passwords · Scanning the disk of infected system looking for specific extensions and contents · Creating series of user’s screen captures when some specific processes or windows are active · Using the infected system’s attached microphone to record the environment sounds · Transferring saved data to control servers · Using more than 10 domains as C&C servers · Establishment of secure connection with C&C servers through SSH and HTTPS protocols · Bypassing tens of known antiviruses, anti malware and other security software · Capable of infecting Windows Xp, Vista and 7 operating systems · Infecting large scale local networks According to file naming conventions, propagation methods, complexity level, precise targeting and superb functionality, it seems that there is a close relation to the Stuxnet and Duqu targeted attacks. The research on these samples implies that the recent incidents of mass data loss in Iran could be the outcome of some installed module of this threat. A list of the major infection components of this malware is presented below; these samples would be available for security software vendors.
messages : 21656 Inscrit le : 15/09/2009 Localisation : 511 Nationalité : Médailles de mérite :
Sujet: Re: Cyber War/Guerre informatique Mer 30 Mai 2012 - 12:13
c´est ce que je pensais vraiment tous les antivirus ne servent plus a rien quand c´est deja trop tard,ils vont nous ramener au stone age comme ca. in fine les iraniens vont faire tourner leurs centrifuges a la main
_________________
Invité Invité
Sujet: Re: Cyber War/Guerre informatique Mer 30 Mai 2012 - 16:43
Yakuza a écrit:
c´est ce que je pensais vraiment tous les antivirus ne servent plus a rien quand c´est deja trop tard,ils vont nous ramener au stone age comme ca.
aucune mesure de securite isolee n'est utile en fait: d'ou l'importance de "defense in depth", qui commence par "l'obscurite" (le minimum possible d'info et le max de desinfo sur le systeme, y compris a l'echelle de l'implementation du software par ex.) et se termine a l'echelle de la formation/sensibilisation de l'utilisateur final, car au final il y'aura un operateur...entre ces 2 le nombre de mesure de securite est illimite...ce qui pousse a la chose suivante: developper son propre software (modifier et localiser apres etude est aussi du developpement). Cette mesure, a part les retombee economiques possibles (centre d'excellence qualite militaire) et symbolique (tentative de souverainte dans un des domaines les moins controles dans le monde) fait preuve d'effet de suprise et de creativie, l'unicite et la specificite etant la seule chose qui rendra la vie "cyber"compliquee et obligera les parties adverses a "telecharger" des hommes en chair et en OS, ce qui ramene la question a la classique securite physique, classiques renseignemnt, bien compris (sauf exceptions) par les Etats...
la turquie a son Pardus wikipedia
Citation :
Pardus is a Linux distribution developed with support from the Turkish government. Pardus’ main focus is office-related work, including the use in Turkish government agencies.[1] Despite that, Pardus ships in several languages. Its ease of use[2] and availability free of charge spawned numerous communities throughout the world.[3] The name is derived from the Latin scientific name for the Anatolian leopard.
l'iran a desormais son "Sharif Linux"
la Chine a son Redflag Linux:
wikipedia (chinois traduit)
Citation :
Red Flag Linux is a release by the Beijing Red Flag Software Co., Ltd. developed a series of Linux , including in desktop, workstation, server version of the data center, the HA Cluster Edition, and the red flag embedded Linux products. The software store in China can purchase the CD version, while the official website also offers a CD image for free download. Red Flag Linux in China's larger, more mature one of the Linux distributions.
Early 1980s, due to the need of large computer and other research projects, the Government of the People's Republic of China started to develop its own computer operating system COSIX but was not successful due to inadequate investment and lack of application software support and other reasons.
The late 1980s, the PC began to enter China. Chinese government departments, including the PC almost all of Microsoft 's Dos operating system installed . The 1992 Gulf War and the 1999 NATO invasion of the Federal Republic of Yugoslavia in Kosovo, a region, the successful use of information warfare to paralyze each other almost all communication systems . This makes the Chinese government a lot of people think, because Iraq and the various departments of the Federal Republic of Yugoslavia to use the computer operating system 100% Microsoft and other foreign companies, operating system, although there is no evidence that the U.S. computer software companies and communications companies in this war provide some back door or a computer virus to the U.S. military , but if there is its own independent computer operating system and the corresponding software in the information war will be less vulnerable to attack. Institute of Software, Chinese Academy of Sciences, was ordered to develop Linux - based independent operating system, and the Red Flag Linux version 1.0 was released in August 1999 . Primarily for the relationship between national security, government departments.
In June 2000, the Institute of Software, Chinese Academy of Sciences and Shanghai Alliance Investment Management Co., Ltd. jointly established Beijing Red Flag Software Co., Ltd. , Ministry of Information Industry in March 2001 by the China Electronic Information Industry Development (CCID), Beijing The CCID Venture Capital Limited to the equity injection, so that the total registered capital of $ 960,000. Red Flag Software, chairman appointed by the deputy director of the Institute of Software, Chinese Academy of Sciences , Red Flag Linux project leader Sun Yufang Professor. With its headquarters in River Road, Haidian District, Beijing, No. 68, Zijin Building, 6th floor. About 120 employees, of which 70% of developers and technical support personnel, allegedly core or the backbone of a considerable number of R & D personnel from the Linux community.
les systemes proprietaires, grand public, OEM et surout pirates sont un cadeau du ciel pour toute cette activite malware...
or il faut faire attention: les systemes open sources, commercieux ou gratuits (ou les 2 car la licence GNU le permet) peuvent aussi etre truffes de bestioles a pratiquement chaque etape! open source signfie en clair open source pour ceux qui peuvent naviguer parmi les 15 millions de lignes de codes et verifier 1 a 1 les routies sur leur validite et "proprete". I lexiste des outils pour cela mais derriere il faut des gens prets a decortiquer cette "pyramide" de code et recontruire tout from scratch...a la main...
Citation :
in fine les iraniens vont faire tourner leurs centrifuges a la main
telle est la beaute de la cyberguerre: tu utilises la technologies tu es piege, tu ne l'utilise pas tu es depasse. echec et mat?
Mer 11 Fév 2009 - 15:01
pour filtrer les suspects. Technologiquement, des logs de securite sont mis a jours avec des signatures de logiciles connus de stegano. Le probelem est que a l'age ou des groupes arrivent a monter leur propre reseau cellulaire VoIP avec une encryption prorietaire, ou meme open source de qualite industrielle, d'autres groupes seront de meme autonomes technologiquement pour ces affaires de cryptage, et cette methode de signatures tombera a l'eau. pour l'anecdote l'un des premier "ONG" a utiliser massivement la stegano etait la maffia italienne durant les 90's qui distribuait des information entre l'europe et l'amerique par le biais d'innocentes photos de familia... Les renseignements occidentaux du futurs feront vraisemblablement un retour massif au facteur humain, il n'y a pas de doute IMHO.
stux n´etait que 1,5MB et pourtant..les printers iraniens vont devoir chomer
tous les antivirus ne servent plus a rien quand c´est deja trop tard,ils vont nous ramener au stone age comme ca.
