Moroccan Military Forum alias FAR-MAROC Royal Moroccan Armed Forces Royal Moroccan Navy Royal Moroccan Air Forces Forces Armées Royales Forces Royales Air Marine Royale Marocaine |
|
| Cyber War/Guerre informatique | |
|
+16jf16 Ichkirne MAATAWI ScorpionDuDesert farewell BOUBOU PGM lida jonas yassine1985 Leo Africanus Yakuza GlaivedeSion FAMAS Viper Samyadams 20 participants | |
Auteur | Message |
---|
Samyadams Administrateur
messages : 7134 Inscrit le : 14/08/2008 Localisation : Rabat Maroc Nationalité : Médailles de mérite :
| Sujet: Cyber War/Guerre informatique Mer 11 Fév 2009 - 15:01 | |
| Rappel du premier message : - Citation :
- la Marine victime du virus Conficker-Downadup
Thierry Noisette, publié le 9 février 2009
Sécurité - Le réseau interne de la Marine française a été touché par le virus Conficker (ou Downadup) qui a infecté des millions de PC dans le monde. Elle a dû couper son réseau pour le traiter le mois dernier, en collaborant directement avec Microsoft. L'armée française a été victime en janvier du virus Downadup-Conficker, comme l'a rapporté la lettre Intelligence Online, elle-même citée sur le blog du spécialiste de la défense de Libération, Jean-Dominique Merchet. Contactée par ZDNet.fr, la Marine confirme ce lundi que « dans la seconde quinzaine de janvier, le virus Conficker a été introduit par négligence, par une clé USB, dans le réseau interne de la Marine, Intramar ». Le lieutenant de vaisseau Rivayrol, du Sirpa Marine, nous indique que le réseau a dès lors été coupé « pour éviter la propagation du virus et procéder à la maintenance sur les postes ». « Intramar a été isolé des autres réseaux du ministère de la Défense, avec lesquels existent en temps normal des passerelles de communication. » Mais « cela n'a eu aucun effet sur les systèmes opérationnels de la Marine, ni avions ni autres ». Intelligence Online affirmait que les Rafale de la Marine auraient été cloués au sol faute d'avoir pu télécharger leurs paramètres de vol. Ce qui a été arrêté quelques jours concernait seulement la messagerie, précise notre interlocutrice : « On a des réseaux sécurisés militaires, qui ont servi en remplacement pendant la coupure d'Intramar, et Internet. Mais ces trois réseaux, Intramar, Internet et réseaux sécurisés sont complètement séparés, il n'y a aucun lien entre eux. » Intramar relie plusieurs milliers de postes informatiques, dont « moins de 2 % ont été touchés par le virus ».
Une faille traitée en 48 heures Pourquoi ce décalage entre un patch publié par Microsoft (le virus touche une faille Windows, notamment sous Windows 2000, XP et Vista) en octobre et des ordinateurs atteints en janvier ? « Il y avait un petit défaut dans le patch qui ne prenait pas en compte en totalité Conficker, explique le lieutenant Rivayrol. Ce patch avait été installé sur l'ensemble des postes de la Marine, mais cela n'a pas suffi. Par contre, le réseau d'alerte ministériel et interministériel a immédiatement été mobilisé. Il a directement travaillé avec Microsoft pour mettre au point un patch traitant cette faille-là, ce qui a été fait en moins de 48 heures. Le dispositif d'alerte a très bien fonctionné, et le virus n'a du coup eu aucune conséquence pour d'autres armes ni ailleurs dans le ministère. » Les experts américains du Computer Emergency Response Team (Cert) avaient mis en cause la méthode de Microsoft pour bloquer la propagation du ver Downadup. L'armée française n'est pas la seule à avoir été éprouvée par Conficker, qui a contaminé des millions d'ordinateurs dans le monde. Le ministère britannique de la Défense, et en particulier la Royal Navy, ont également été touchés par le virus le mois dernier. http://www.zdnet.fr/actualites/informatique/0,39040745,39387036,00.htm | |
| | |
Auteur | Message |
---|
MAATAWI Modérateur
messages : 14757 Inscrit le : 07/09/2009 Localisation : Maroc Nationalité : Médailles de mérite :
| Sujet: Re: Cyber War/Guerre informatique Mar 18 Oct 2011 - 12:27 | |
| - Citation :
U.S. considered cyberwarfare in Libya attack plan
if(requestedWidth > 0){ document.getElementById('articleViewerGroup').style.width = requestedWidth + "px"; document.getElementById('articleViewerGroup').style.margin = "0px 0px 10px 10px"; }
WASHINGTON -- Just before the U.S.-led strikes against Libya in March, the Obama administration intensely debated whether to open the mission with a new kind of warfare: a cyberoffensive to disrupt and even disable the Gadhafi government's air-defense system, which threatened allied warplanes.
While the exact techniques under consideration remain classified, the goal would have been to break through the firewalls of the Libyan government's computer networks to sever military communications links and prevent the early-warning radars from gathering information and relaying it to missile batteries aiming at NATO warplanes.
But administration officials and even some military officers balked, citing the precedent it might set for other nations, in particular Russia or China, to carry out cyberattacks of their own, and questioning whether the raid could be mounted on such short notice.
In the end, U.S. officials rejected the cyberattacks and used conventional aircraft, cruise missiles and drones to strike the Libyan air-defense missiles and radars used in Moammar Gadhafi's government. mercurynews | |
| | | Invité Invité
| Sujet: Re: Cyber War/Guerre informatique Mar 18 Oct 2011 - 16:33 | |
| - MAATAWI a écrit:
-
- Citation :
U.S. considered cyberwarfare in Libya attack plan
if(requestedWidth > 0){ document.getElementById('articleViewerGroup').style.width = requestedWidth + "px"; document.getElementById('articleViewerGroup').style.margin = "0px 0px 10px 10px"; }
WASHINGTON -- Just before the U.S.-led strikes against Libya in March, the Obama administration intensely debated whether to open the mission with a new kind of warfare: a cyberoffensive to disrupt and even disable the Gadhafi government's air-defense system, which threatened allied warplanes.
While the exact techniques under consideration remain classified, the goal would have been to break through the firewalls of the Libyan government's computer networks to sever military communications links and prevent the early-warning radars from gathering information and relaying it to missile batteries aiming at NATO warplanes.
But administration officials and even some military officers balked, citing the precedent it might set for other nations, in particular Russia or China, to carry out cyberattacks of their own, and questioning whether the raid could be mounted on such short notice.
In the end, U.S. officials rejected the cyberattacks and used conventional aircraft, cruise missiles and drones to strike the Libyan air-defense missiles and radars used in Moammar Gadhafi's government. mercurynews Interessant! ceci signifie-t-il qu'ils disposaient de malware a leurs disposition dans les equipements/reseaux libyens? |
| | | Invité Invité
| Sujet: W32.Duqu: The Precursor to the Next Stuxnet Mer 19 Oct 2011 - 17:26 | |
| W32.Duqu: The Precursor to the Next Stuxnethttp://www.symantec.com/connect/w32_duqu_precursor_next_stuxnet - Citation :
On October 14, 2011, a research lab with strong international connections alerted us to a sample that appeared to be very similar to Stuxnet. They named the threat "Duqu" [dyü-kyü] because it creates files with the file name prefix “~DQ”. The research lab provided us with samples recovered from computer systems located in Europe, as well as a detailed report with their initial findings, including analysis comparing the threat to Stuxnet, which we were able to confirm. Parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose.
Duqu is essentially the precursor to a future Stuxnet-like attack. The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered. Duqu's purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.
Duqu does not contain any code related to industrial control systems and is primarily a remote access Trojan (RAT). The threat does not self-replicate. Our telemetry shows the threat was highly targeted toward a limited number of organizations for their specific assets. However, it’s possible that other attacks are being conducted against other organizations in a similar manner with currently undetected variants.
The attackers used Duqu to install another infostealer that could record keystrokes and gain other system information. The attackers were searching for assets that could be used in a future attack. In one case, the attackers did not appear to successfully exfiltrate any sensitive data, but details are not available in all cases. Two variants were recovered, and in reviewing our archive of submissions, the first recording of one of the binaries was on September 1, 2011. However, based on file compile times, attacks using these variants may have been conducted as early as December 2010.
One of the variant’s driver files was signed with a valid digital certificate that expires August 2, 2012. The digital certificate belongs to a company headquartered in Taipei, Taiwan. The certificate was revoked on October 14, 2011.
Duqu uses HTTP and HTTPS to communicate with a command-and-control (C&C) server that at the time of writing is still operational. The attackers were able to download additional executables through the C&C server, including an infostealer that can perform actions such as enumerating the network, recording keystrokes, and gathering system information. The information is logged to a lightly encrypted and compressed local file, which then must be exfiltrated out.
The threat uses a custom C&C protocol, primarily downloading or uploading what appear to be JPG files. However, in addition to transferring dummy JPG files, additional data for exfiltration is encrypted and sent, and likewise received. Finally, the threat is configured to run for 36 days. After 36 days, the threat will automatically remove itself from the system.
Duqu shares a great deal of code with Stuxnet; however, the payload is completely different. Instead of a payload designed to sabotage an industrial control system, the payload has been replaced with general remote access capabilities. The creators of Duqu had access to the source code of Stuxnet, not just the Stuxnet binaries. The attackers intend to use this capability to gather intelligence from a private entity to aid future attacks on a third party. While suspected, no similar precursor files have been recovered that predate the Stuxnet attacks.
You can find additional details in our paper here. The research lab that originally found the sample has allowed us to share their initial report as an appendix. We expect to make further updates over the coming days.
Key points:
• Executables using the Stuxnet source code have been discovered. They appear to have been developed since the last Stuxnet file was recovered. • The executables are designed to capture information such as keystrokes and system information. • Current analysis shows no code related to industrial control systems, exploits, or self-replication. • The executables have been found in a limited number of organizations, including those involved in the manufacturing of industrial control systems. • The exfiltrated data may be used to enable a future Stuxnet-like attack.
Note: At press time we have recovered additional variants from an additional organization in Europe with a compilation time of October 17, 2011. These variants have not yet been analyzed. More information will follow.
Update [October 18, 2011] - Symantec has known that some of the malware files associated with the W32.Duqu threat were signed with private keys associated with a code signing certificate issued to a Symantec customer. Symantec revoked the customer certificate in question on October 14, 2011. Our investigation into the key’s usage leads us to the conclusion that the private key used for signing Duqu was stolen, and not fraudulently generated for the purpose of this malware. At no time were Symantec’s roots and intermediate CAs at risk, nor were there any issues with any CA, intermediate, or other VeriSign or Thawte brands of certificates. Our investigation shows zero evidence of any risk to our systems; we used the correct processes to authenticate and issue the certificate in question to a legitimate customer in Taiwan.
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf http://www.f-secure.com/weblog/archives/00002255.html https://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files face a l'incompetence du managment de l'IT (*tout* le management), un retour a la machine a ecrire et la machine vapeure s'impose |
| | | Invité Invité
| Sujet: Exclusive: Nasdaq hackers spied on company boards Ven 21 Oct 2011 - 18:02 | |
| Exclusive: Nasdaq hackers spied on company boardsReuters - Citation :
(Reuters) - Hackers who infiltrated the Nasdaq's computer systems last year installed malicious software that allowed them to spy on the directors of publicly held companies, according to two people familiar with an investigation into the matter.
The new details showed the cyber attack was more serious than previously thought, as Nasdaq OMX Group had said in February that there was no evidence the hackers accessed customer information.
It was not known what information the hackers might have stolen. The investigation into the attack, involving the FBI and National Security Agency, is ongoing.
"God knows exactly what they have done. The long term impact of such attack is still unknown," said Tom Kellermann, a well-known cyber security expert with years of experience protecting central banks and other high-profile financial institutions from attack.
The case is an example of a "blended attack," where elite hackers infiltrate one target to facilitate access to another. In March hackers stole digital security keys from EMC Corp's RSA Security division that they later used to breach the networks of defense contractor Lockheed Martin Corp.
Nasdaq had previously said that its trading platforms were not compromised by the hackers, but they attacked a Web-based software program called Directors Desk, used by corporate boards to share documents and communicate with executives, among other things.
By infecting Directors Desk, the hackers were able to access confidential documents and the communications of board directors, said Kellermann, chief technology officer at security technology firm AirPatrol Corp.
Investigators have learned that hackers were able to spy on "scores" of directors who logged onto directorsdesk.com before the malicious software was removed, said Kellermann and another person familiar with the investigation who was not authorized to discuss the matter publicly.
It was still unclear how long Nasdaq's system was breached before the attack was discovered last October.
A Nasdaq spokesman confirmed the investigation into the attack continues, but declined to give further details.
NSA HELPS NASDAQ
Executive Assistant FBI Director Shawn Henry said the financial services sector was losing hundreds of millions of dollars to hackers every year, and the attacks were increasingly "destructive" in nature.
"We know adversaries have full unfettered access to certain networks. Once there they have the ability to destroy data," he told Reuters in a phone interview. "We see that as a credible threat to all sectors, but specifically the financial services sector." Henry declined to comment on the Nasdaq attack.
U.S. Army General Keith Alexander, head of the National Security Agency and U.S. Cyber Command, said the NSA was working with Nasdaq to help protect its network against further attacks.
Alexander told security experts at a Baltimore conference that the United States was shoring up its defenses, but still had "tremendous vulnerabilities" to a growing number of increasingly destructive electronic attacks.
"Nation states, non-nation state actors and hacker groups are creating tools that are increasingly more persistent and threatening, and we have to be ready for that," he said.
Amid a spate of high-profile cyber crimes, the Obama administration wants Congress to pass comprehensive cyber-security legislation that would increase the government's ability to thwart the growing threat.
Alexander and other top officials held a classified meeting with lawmakers on Wednesday and Thursday to discuss the issue, according to sources familiar with the meeting.
Nasdaq CEO Robert Greifeld said in July that the exchange is under constant attack, requiring it to spend nearly a billion dollars a year on information security.
"As we sit here, there are people trying to slam into our system every day," Greifeld said in the interview. "So we have to be ever vigilant against an ever-changing foe."
(Reporting by Jim Finkle. Additional reporting by Jonathan Spicer in New York, Andrea Shalal-Esa in Baltimore and Diane Bartz in Washington. Editing by Tim Dobbyn, Tiffany Wu, and Bob Burgdorfer
|
| | | Invité Invité
| Sujet: Re: Cyber War/Guerre informatique Mar 25 Oct 2011 - 22:19 | |
| Vous vous souvenez de l'attaque contre Mitsubishi Heavy en Aout? - Citation :
- "We can't rule out small possibilities of further information leakage but so far crucial data about our products or technologies have been kept safe," he said, adding the company first noticed the cyberattack on August 11.
(Reuters, Septembre) Voici le Foloow up: Cyber-attack stole Mitsubishi warplane, nuke plant dataThe Asahi Shimbun - Citation :
Sensitive information concerning vital defense equipment, such as fighter jets, as well as nuclear power plant design and safety plans, apparently was stolen from Mitsubishi Heavy Industries Ltd. computers during a cyber-attack in August, sources said.
An internal investigation found signs that the information had been transmitted outside the company's computer network, with the strong possibility that an outsider was involved.
This is the first time that sources have acknowledged that defense and nuclear plant information may have leaked from Mitsubishi Heavy's computers due to a computer virus, despite the company saying it had taken appropriate safeguard measures.
The computers were found to have been hacked in August, and 83 computers were found to have been infected with a virus. Those computers were spread out over 11 locations, including the Kobe and Nagasaki shipyards that construct submarines and destroyers as well as the Nagoya facility that is in charge of manufacturing a guided missile system.
At that time, Mitsubishi Heavy officials said no confirmation had been made that information related to products or clients had leaked.
According to sources, a further investigation into dozens of computers at other locations found evidence that information about defense equipment and nuclear power plants had been transmitted from those computers to outside the company.
The defense information is related to the fighter jets and helicopters that Mitsubushi Heavy manufactures for the Defense Ministry. Officials said they were uncertain if any confidential defense information was included in the leaked data.
Sources said the nuclear plant information included data on nuclear plant design and nuclear equipment, as well as anti-quake measures.
When entering into contracts with companies that handle sensitive defense information, the Defense Ministry asks that the company implement measures such as establishing regulations on internal information management as well as isolating confidential information from other computer networks.
An official at the Mitsubishi Heavy group handling public relations said the company had taken appropriate measures in handling confidential information.
The official refrained from commenting on whether any information related to defense equipment or nuclear power plants had leaked.
Mitsubishi Heavy submitted a complaint to the Tokyo Metropolitan Police Department about damage to its computer system in late September. The police are investigating computer records to determine where the data originated from.
Mitsubishi Heavy has been involved in the design and construction of many pressurized water reactors in Japan, including the Genkai nuclear power plant in Saga Prefecture operated by Kyushu Electric Power Co.
Et la fete continue Cyber-attack from server in China targets Lower HouseAsahi Shimbun - Citation :
- It gave the hackers access to e-mails and documents possessed by the chamber's 480 lawmakers and other personnel for at least one month through late August, sources said.
http://ajw.asahi.com/article/behind_news/social_affairs/AJ2011102515710 |
| | | farewell Général de corps d'armée (ANP)
messages : 2468 Inscrit le : 13/02/2011 Localisation : ****** Nationalité : Médailles de mérite :
| Sujet: Re: Cyber War/Guerre informatique Mar 25 Oct 2011 - 22:26 | |
| merci tshaashh, vraiment interessant ton post, il est difficile de ne pas penser a des actions d'intelligence economique piloter par des hackers pour le compte d'on ne sait qui.... PS: je pensait que le japon et particulierement les industries militares japonaises vraiment a l'abri, l'exemple de mitsubishi heavy est eloquent _________________ "Les belles idées n'ont pas d'âge, elles ont seulement de l'avenir" | |
| | | Yakuza Administrateur
messages : 21656 Inscrit le : 15/09/2009 Localisation : 511 Nationalité : Médailles de mérite :
| Sujet: Re: Cyber War/Guerre informatique Mer 26 Oct 2011 - 9:49 | |
| c´etait prevu tshaash - Yakuza a écrit:
- on verra donc les SM japonais clonés dans un dock chinois d´ici 3 ans
tout le monde devrait un jour monter une cyber-attaque combinée contre les sites chinois pour qu´ils se calment un peu _________________ | |
| | | Invité Invité
| Sujet: Re: Cyber War/Guerre informatique Mer 26 Oct 2011 - 16:21 | |
| |
| | | Viper Modérateur
messages : 7967 Inscrit le : 24/04/2007 Nationalité : Médailles de mérite :
| Sujet: Re: Cyber War/Guerre informatique Jeu 27 Oct 2011 - 1:04 | |
| - Citation :
- Cyber-menaces : la France peaufine sa défense.
Après la création de l’Agence nationale de la sécurité des systèmes d’information (ANSSI) en 2009, suite au dernier "Livre blanc sur la défense et la sécurité nationale", la France met progressivement en œuvre sa politique « cyberdéfense ».
Ainsi, le directeur général des systèmes d’information et de communication (DGSIC), à la tête d’un organisme directement subordonné au ministre de la Défense en charge de la politique générale du ministère en la matière, a annoncé lors du « Symposium des SIC » organisé à l’Ecole des transmissions le 29 septembre dernier que :
-un intranet interministériel coupé de la toile mondiale allait être créé rapidement ;
-un Cloud national allait également voir le jour afin d’héberger des données stratégiques pour le pays, qu’elles soient d’origine publiques ou privées (notamment celles d’opérateurs d’importance vitale (OIV) répertoriés dans le Code de la défense).
Cette politique, couplée au développement du renseignement dans le cyberespace et à notre expertise en virologie, cryptologie et cryptographie, devrait permettre à notre pays de mener une défense active efficace dans la quatrième dimension.
Patrice HUIBAN.
http://www.politique-defense.com/ _________________ | |
| | | Invité Invité
| Sujet: Re: Cyber War/Guerre informatique Jeu 27 Oct 2011 - 18:52 | |
| - Viper a écrit:
-
- Citation :
- Cyber-menaces : la France peaufine sa défense.
Après la création de l’Agence nationale de la sécurité des systèmes d’information (ANSSI) en 2009, suite au dernier "Livre blanc sur la défense et la sécurité nationale", la France met progressivement en œuvre sa politique « cyberdéfense ».
Ainsi, le directeur général des systèmes d’information et de communication (DGSIC), à la tête d’un organisme directement subordonné au ministre de la Défense en charge de la politique générale du ministère en la matière, a annoncé lors du « Symposium des SIC » organisé à l’Ecole des transmissions le 29 septembre dernier que :
-un intranet interministériel coupé de la toile mondiale allait être créé rapidement ;
-un Cloud national allait également voir le jour afin d’héberger des données stratégiques pour le pays, qu’elles soient d’origine publiques ou privées (notamment celles d’opérateurs d’importance vitale (OIV) répertoriés dans le Code de la défense).
Cette politique, couplée au développement du renseignement dans le cyberespace et à notre expertise en virologie, cryptologie et cryptographie, devrait permettre à notre pays de mener une défense active efficace dans la quatrième dimension.
Patrice HUIBAN.
http://www.politique-defense.com/ Bravo la France. En attendant, la fete continue... selon Businessweek, Chinese Military Suspected in Hacker Attacks on U.S. Satellites - Citation :
Oct. 27 (Bloomberg) -- Computer hackers, possibly from the Chinese military, interfered with two U.S. government satellites four times in 2007 and 2008 through a ground station in Norway, according to a congressional commission.
The intrusions on the satellites, used for earth climate and terrain observation, underscore the potential danger posed by hackers, according to excerpts from the final draft of the annual report by the U.S.-China Economic and Security Review Commission. The report is scheduled to be released next month.
“Such interference poses numerous potential threats, particularly if achieved against satellites with more sensitive functions,” according to the draft. “Access to a satellite‘s controls could allow an attacker to damage or destroy the satellite. An attacker could also deny or degrade as well as forge or otherwise manipulate the satellite’s transmission.”
A Landsat-7 earth observation satellite system experienced 12 or more minutes of interference in October 2007 and July 2008, according to the report.
Hackers interfered with a Terra AM-1 earth observation satellite twice, for two minutes in June 2008 and nine minutes in October that year, the draft says, citing a closed-door U.S. Air Force briefing.
The draft report doesn’t elaborate on the nature of the hackers’ interference with the satellites.
Chinese Military Writings
U.S. military and intelligence agencies use satellites to communicate, collect intelligence and conduct reconnaissance. The draft doesn’t accuse the Chinese government of conducting or sponsoring the four attacks. It says the breaches are consistent with Chinese military writings that advocate disabling an enemy’s space systems, and particularly “ground-based infrastructure, such as satellite control facilities.”
U.S. authorities for years have accused the Chinese government of orchestrating cyber attacks against adversaries and hacking into foreign computer networks to steal military and commercial secrets. Assigning definitive blame is difficult, the draft says, because the perpetrators obscure their involvement.
The commission’s 2009 report said that “individuals participating in ongoing penetrations of U.S. networks have Chinese language skills and have well established ties with the Chinese underground hacker community,” although it acknowledges that “these relationships do not prove any government affiliation.”
Chinese Denials
China this year “conducted and supported a range of malicious cyber activities,” this year’s draft reports. It says that evidence emerging this year tied the Chinese military to a decade-old cyber attack on a U.S.-based website of the Falun Gong spiritual group.
Chinese officials long have denied any role in computer attacks.
The commission has “been collecting unproved stories to serve its purpose of vilifying China’s international image over the years,” said Wang Baodong, a spokesman for the Chinese Embassy in Washington, in a statement. China “never does anything that endangers other countries’ security interests.”
The Chinese government is working with other countries to clamp down on cyber crime, Wang said.
Defense Department reports of malicious cyber activity, including incidents in which the Chinese weren’t the main suspect, rose to a high of 71,661 in 2009 from 3,651 in 2001, according to the draft. This year, attacks are expected to reach 55,110, compared with 55,812 in 2010.
Relying on the Internet
In the October 2008 incident with the Terra AM-1, which is managed by the National Aeronautics and Space Administration, “the responsible party achieved all steps required to command the satellite,” although the hackers never exercised that control, according to the draft.
The U.S. discovered the 2007 cyber attack on the Landsat-7, which is jointly managed by NASA and the U.S. Geological Survey, only after tracking the 2008 breach.
The Landsat-7 and Terra AM-1 satellites utilize the commercially operated Svalbard Satellite Station in Spitsbergen, Norway that “routinely relies on the Internet for data access and file transfers,” says the commission, quoting a NASA report.
The hackers may have used that Internet connection to get into the ground station’s information systems, according to the draft.
While the perpetrators of the satellite breaches aren’t known for sure, other evidence uncovered this year showed the Chinese government’s involvement in another cyber attack, according to the draft.
TV Report
A brief July segment on China Central Television 7, the government’s military and agricultural channel, indicated that China’s People’s Liberation Army engineered an attack on the Falun Gong website, the draft said.
The website, which was hosted on a University of Alabama at Birmingham computer network, was attacked in 2001 or earlier, the draft says.
The CCTV-7 segment said the People’s Liberation Army’s Electrical Engineering University wrote the software to carry out the attack against the Falun Gong website, according to the draft. The Falun Gong movement is banned by the Chinese government, which considers it a cult.
After initially posting the segment on its website, CCTV-7 removed the footage after media from other countries began to report the story, the congressional draft says.
Military Disruption
The Chinese military also has been focused on its U.S. counterpart, which it considers too reliant on computers. In a conflict, the Chinese would try to “compromise, disrupt, deny, degrade, deceive or destroy” U.S. space and computer systems, the draft says.
“This could critically disrupt the U.S. military’s ability to deploy and operate during a military contingency,” according to the draft.
Other cyber intrusions with possible Chinese involvement included the so-called Night Dragon attacks on energy and petrochemical companies and an effort to compromise the Gmail accounts of U.S. government officials, journalists and Chinese political activists, according to the draft.
Often the attacks are found to have come from Chinese Internet-protocol, or IP, addresses.
Businesses based in other countries and operating in China think that computer network intrusions are among the “most serious threats to their intellectual property,” the draft says.
The threat extends to companies not located in China. On March 22, U.S. Internet traffic was “improperly” redirected through a network controlled by Beijing-based China Telecom Corp. Ltd., the state-owned largest provider of broadband Internet connections in the country, the draft said.
In its draft of last year’s report, the commission highlighted China’s ability to direct Internet traffic and exploit “hijacked” data.
--Editors: John Walcott, Jim Rubin.
To contact the reporters on this story: Jeff Bliss in Washington at jbliss@bloomberg.net; Tony Capaccio in Washington at acapaccio@bloomberg.net
To contact the editor responsible for this story: Mark Silva in Washington at msilva34@bloomberg.net
|
| | | Yakuza Administrateur
messages : 21656 Inscrit le : 15/09/2009 Localisation : 511 Nationalité : Médailles de mérite :
| Sujet: Re: Cyber War/Guerre informatique Jeu 27 Oct 2011 - 18:59 | |
| le chinois dirait : tant qu´on finance votre pays on veut garder un oeil ladessus _________________ | |
| | | Invité Invité
| Sujet: Re: Cyber War/Guerre informatique Jeu 27 Oct 2011 - 19:13 | |
| - Yakuza a écrit:
- le chinois dirait : tant qu´on finance votre pays on veut garder un oeil ladessus
On finance votre pays et on veut garder un oeil, une jambe et meme nous servir La Chine, ou plus exactement la neo-Chine, malgre ses affirmations, cherche a devenir le nouveau "americain" du monde. Le jour ou ils auront une CNNFOXNEWSBLOOMBERGNYT , proruirons 90% de la porno mondiale depuis Chinofornia et surtout, pirateront *sans* se faire prendre (comme le reste des "demcoraties" font) , ils s'en seront rapproche En attendant, meme si je ne doute pas que les chinois, russes, iraniens, et meme venzuelen et N-coreens cherchent a penetrer ou casser les reseaux US, directement ou par proxy, la saccade des news profite egalement a la guerre de propagande US anti-chinoise et autre. Dans ce sens, si ces news sont "leake" ou diffuse par de sproches de l'appareil securitaire US, cela ferait partie egalement de la Cyberguerre (information warfare) comme contre-offensive . Il est possible que la chine effraie les US plus que le reste car ils avancent vite et utilisent presque la meme newspeak: on ne vous veut pas de mal, on defend jsute nos interets, et desole si on vous ecrase en passant... |
| | | Ichkirne Capitaine
messages : 826 Inscrit le : 19/08/2011 Localisation : Paris Nationalité : Médailles de mérite :
| Sujet: Re: Cyber War/Guerre informatique Lun 31 Oct 2011 - 16:01 | |
| - Citation :
- Londres se mobilise contre les pirates du web et le cyber-terrorisme
Une "attaque de grande ampleur" visant le Foreign Office et plusieurs autres ministères a été déjouée cet été. La montée en puissance des attaques informatiques sera à l'ordre du jour lors de la conférence internationale organisée cette semaine par le gouvernement britannique.
"Zi HackAdemy" propose aux hackers en herbe des cours de piratage informatique et s'adresse également aux futurs créateurs de sites internet qui veulent parer d'éventuelles attaques. AFP PHOTO JOEL SAGET (c) Afp
Les services de renseignements britanniques sont sur le pied de guerre. Leur ennemi ? Les attaques informatiques contre le gouvernement, mais aussi les entreprises et les particuliers, qui, selon un des responsables du renseignement britannique, ont atteint un niveau "inquiétant" outre-Manche et menacent les "intérêts économiques" du Royaume-Uni.
C'est le directeur du service des écoutes, Iain Lobham, qui le révèle ce lundi dans un entretien au Times. Une "attaque de grande ampleur" visant le Foreign Office et plusieurs autres ministères a été déjouée cet été : "Nous assistons au développement d'un marché international de la criminalité - une économie parallèle où les coordonnées des cartes bancaires des citoyens britanniques sont échangées contre des cyber-dollars", souligne-t-il encore, en référence à une escroquerie découverte par ses services cet été. Ces derniers avaient repéré un trafic de numéros de cartes piratés vendus sur des sites illégaux pour des sommes dérisoires (70 pence soit 80 centimes l'unité).
De nouvelles techniques développées tous les jours
La menace est pris très au sérieux par les pouvoirs publics. Toujours dans les colonnes du Times, le ministre des Affaires étrangères William Hague s'inquiète de la"hausse exponentielle" des cyber-attaques : "Les pays qui ne sont pas en mesure d'assurer la sécurité informatique de leur système bancaire, de la propriété intellectuelle de leurs entreprises, seront sérieusement pénalisés dans la monde" estime-t-il. Et de souligner que dans cette "nouvelle course à l'armement" menée par les pirates informatiques, "de nouvelles techniques sont développées tous les jours".
Cette mise en avant des dangers de la "cyber-piraterie" par des officiels n'intervient pas par hasard ce lundi. Londres accueille en effet les 1er et 2 novembre les représentants d'une soixantaine de pays ainsi les principaux acteurs d'Internet pour se pencher sur les atouts et les risques du web.
Une initiative du Foreign Office
La secrétaire d'Etat américaine Hillary Clinton, le cofondateur de Wikipedia Jimmy Wales ou encore le vice-président de la société de télécommunications chinoise Huawei sont parmi les quelque 900 délégués attendus lors de cette grand'messe du web. On y verra aussi les principaux acteurs de l'internet - Google, Facebook, Microsoft, le site chinois de partage de vidéos Tudou.com ainsi que les agences contre la cyber-criminalité et les entreprises spécialisées dans la sécurité sur la Toile.
L'idée "était de réunir tous les acteurs majeurs de l'internet et de lancer un vaste dialogue pour savoir comment nous pouvons collectivement répondre aux opportunités et aux difficultés suscitées par son développement" insiste le ministre britannique des Affaires étrangères, initiateur de cette rencontre.
Certains commentateurs sont sceptiques sur les chances de réussite de cette conférence tant les intérêts de l'Europe et des Etats-Unis ou de la Russie et de la Chine par exemple sont opposés, notamment en matière de liberté d'expression en ligne.
La Chine a également souvent été montrée du doigt comme la source de nombreuses attaques informatiques, préoccupations croissantes des grandes puissances. En matière de sécurité, la priorité des Etats occidentaux est de protéger leurs réseaux des attaques, tandis que la Chine et la Russie veulent pouvoir contrôler les contenus et les réseaux sociaux, pour prévenir toute sédition, notent-ils.
Etats-Unis et Australie prêt à une riposte commune en cas de cyber-attaque
Le Royaume-Uni insiste sur le fait qu'il n'a pas pour ambition de parvenir à un traité ou à une nouvelle législation, en particulier en matière de sécurité internationale, un sujet qui sera abordé à huis clos mardi après-midi.
Londres fait valoir que cette réunion vise seulement à initier un "débat" et relève que plusieurs pays ont déjà accepté d'accueillir une conférence de suivi d'ici 12 à 18 mois. William Hague espère "parvenir à une plate-forme commune sur ce qu'on peut considérer comme un comportement acceptable dans le cyber-espace".
La question de la "cyber-sécurité" a déjà été abordée cette année à deux reprises sous l'égide des Nations unies et de l'Otan. Les Etats-Unis et l'Australie ont aussi convenu en septembre d'une réponse conjointe en cas de cyber-attaque contre eux. Mais les organisateurs soulignent que c'est la première fois que toutes les questions relatives à l'internet seront abordées à la fois par un si grand nombre d'acteurs, dont 25 jeunes qui viendront expliquer ce que le web signifie pour eux.
L'Iran n'est pas invitée, bien qu'elle ait été la cible du ver informatique Stuxnet qui a infesté les ordinateurs de son programme nucléaire, une attaque derrière laquelle Téhéran a vu la main des Etats-Unis et d'Israël. (cliquez ici pour en savoir plus sur cette conférence).
http://www.challenges.fr/high-tech/20111031.CHA6263/londres-se-mobilise-contre-les-pirates-du-web-et-le-cyber-terrorisme.html | |
| | | Invité Invité
| Sujet: New cyber attack targets chemical firms: Symantec Mar 1 Nov 2011 - 3:46 | |
| New cyber attack targets chemical firms: Symantec - Citation :
(Reuters) - At least 48 chemical and defense companies were victims of a coordinated cyber attack that has been traced to a man in China, according to a new report from security firm Symantec Corp.
Computers belonging to these companies were infected with malicious software known as "PoisonIvy," which was used to steal information such as design documents, formulas and details on manufacturing processes, Symantec said on Monday.
It did not identify the companies, but said they include multiple Fortune 100 corporations that develop compounds and advanced materials, along with businesses that help manufacture infrastructure for these industries.
The bulk of the infected machines were based in the United States and United Kingdom, Symantec said, adding that the victims include 29 chemicals companies, some of which developed advanced materials used in military vehicles.
"The purpose of the attacks appears to be industrial espionage, collecting intellectual property for competitive advantage," Symantec said in a white paper on the campaign, which the company dubbed the "Nitro" attacks.
The cyber campaign ran from late July through mid-September and was traced to a computer system in the United States that was owned by a man in his 20s in Hebei province in northern China, according to Symantec.
Researchers gave the man the pseudonym "Covert Grove" based on a literal translation of his name. They found evidence that the "command and control" servers used to control and mine data in this campaign were also used in attacks on human-rights groups from late April to early May, and in attacks on the motor industry in late May, Symantec said.
"We are unable to determine if Covert Grove is the sole attacker or if he has a direct or only indirect role," said Symantec's white paper. "Nor are we able to definitively determine if he is hacking these targets on behalf of another party or multiple parties."
The Nitro campaign is the latest in a series of highly targeted cyber attacks that security experts say are likely the work of government-backed hackers.
Intel Corp's security unit McAfee in August identified "Operation Shady RAT," a five-year coordinated campaign on the networks of 72 organizations, including the United Nations, governments and corporations.
In February, McAfee warned that hackers working in China broke into the computer systems of five multinational oil and natural gas companies to steal bidding plans and other critical proprietary information.
Symantec said on Monday that the Nitro attackers sent emails with tainted attachments to between 100 and 500 employees at a company, claiming to be from established business partners or to contain bogus security updates.
When an unsuspecting recipient opens the attachment, it installs "PoisonIvy," a Remote Access Trojan (RAT) that can take control of a machine and that is easily available over the Internet.
While the hackers' behavior differed slightly in each case, they typically identified desired intellectual property, copied it and uploaded it to a remote server, Symantec said in its report.
Symantec did not identify the companies that were targeted in its white paper and researchers could not immediately be reached.
Dow Chemical Co said it detected "unusual e-mails being delivered to the company" last summer and worked with law enforcers to address this situation.
"We have no reason to believe our operations were compromised, including safety, security, intellectual property, or our ability to service our customers," a Dow spokesman said.
A spokesman for DuPont declined to comment.
(Reporting by Jim Finkle. Additional reporting by Matt Daily and Ernest Scheyder; Editing by Gerald E. McCormick and Richard Chang)
La cascade de ces infromation indique qu'une legislation pour une surveillance plus serre d'internet se prepare. Il ne peut en etre autrement car ces compagnies privees ne pourront jamais avoir assez de ressources pour se proteger d'elles meme. |
| | | Invité Invité
| Sujet: Re: Cyber War/Guerre informatique Mer 2 Nov 2011 - 16:11 | |
| Washington Post - Citation :
- Palestinians say hackers have taken down phone and Internet services
By Elizabeth Flock Hackers have attacked Palestinians servers, cutting off phone and Internet service across the West Bank and Gaza, the Palestinian communications minister told Agence France-Presse on Tuesday. He alleged that a foreign government was behind the attack.
A member of the delegation to UNESCO sends a text message with the results of the vote to give the Palestinians full membership. Many Palestinians do not have phone access today. (Benoit Tessier - Reuters) “Since this morning all Palestinian IP addresses have come under attack from places across the world,” Mashur Abu Daqqa told AFP. “Israel could be involved as it announced yesterday that it was considering the kind of sanctions it would impose on us.”
The incident came a day after the United Nations Educational, Scientific and Cultural Organization voted to admit Palestine as a full member of the group, a move that angered Israel.
Abu Daqqa said the sites were attacked in an “organized” manner, using mirror servers.
As early as 2006, hacking site Darknet reported that Israeli hackers had joined the fight against Palestine. Calling themselves IDF, the hackers disrupted dozens of Palestinian sites, erasing the site content and replacing it with their own photos with the caption: “You touch Israel, We touch you.”
In July of this year, however, hacker news organization the Hacker News reported that Palestinian hackers were at work, too. The hackers had disrupted a number of Web sites and replaced them with an image bearing the words “Freedom for Palestine.”
Hackers have also shut down the Internet in the Palestinian territories before. In 2002, Wired reported that the Israeli army took over the offices of the leading Palestinian Internet service provider, Palnet, and shut down its operations. Services went back up after 24 hours.
After then-Egyptian President Hosni Mubarak shut down the Internet and cellphones to quell unrest early this year, he was required, along with two of his aides, to pay $90 million in fines for damaging the country’s economy. |
| | | Invité Invité
| Sujet: Re: Cyber War/Guerre informatique Ven 30 Déc 2011 - 23:29 | |
| Wa7ed Assalamou 3alaikoum Manifestation de hckers a Casa, c'est du lourd http://www.frhack.org/frhack-cfp.php http://www.frhack.org + FRHACK Africa 2012 + Call For Papers + Casablanca, Morocco, Africa FRHACK is scheduled for June 1-2, 2012. The following topics include, but are not limited to: - Rootkits - Cryptography - Cloud Security - Reverse engineering - Penetration testing - Web application security - Exploit development techniques - Internet, privacy and Big Brother - Telecom security and phone phreaking - Fuzzing and application security test - Security in Wi-Fi and VoIP environments - Information warfare and industrial espionage - Denial of service attacks and/or countermeasures - Analysis of virus, worms and all sorts of malwares - Technical approach to alternative operating systems - Techniques for development of secure software & systems - Information about smartcard and RFID security and similars - Lockpicking, trashing, physical security and urban exploration - Hardware hacking, embedded systems and other electronic devices - Mobile devices exploitation, Android, iOS, 3/4G and other technologies - Security aspects in SCADA, industrial environments and "obscure" networks Soyez nombreux a participer ==================================== Autres "vieilles" news date Dec 9, 2001: - Citation :
- The french weekly "le canard Enchaine" revealed in its latest edition that morocco has made a purchase of a software that can track the Internet content of the entire country.
According to the weekly, the company Amesys, which is part the French conglomerate Bull, has been awarded a $2 million contract for the supply of computers, hard disk storage and the installation of the spy software "Eagle".
The Eagle software can sift through millions of electronic messages indiscriminately and take names and keywords and other relevant information. It can also identify connections to the sites that are monitored, it can identify senders and recipients of emails, and it can access the contents of intercepted emails and phone calls.
The weekly reports that Amesys, the developer of the spy software, will provide not only the hardware and software but also the training, probably, through "advisors" from the French services" The journal doubts that this material is to be used to monitor particular outlaw sites. "This type of installation will detect connections to certain sites deemed suspicious and even intercept email messages in the millions. The content of internet traffic will be sifted and mined for information by the government ".
Another French company Qosmos has made a similar spy software sale to the country of Syria. MoroccoBoard.Amesys est la compagnie qu ia vendu le matos de cyber-surveillance a la Libye. A ma conaisance le Maroc possedait du materiel de Motorola pour la cyber surveillance (aquis en 2000) mais je n'ai jamais pu retrouver la moindre info, expete la breve sur 2M de 3 min (annee 2000). |
| | | Invité Invité
| Sujet: WiFi Protected Setup PIN brute force vulnerability Ven 30 Déc 2011 - 23:57 | |
| WiFi Protected Setup PIN brute force vulnerabilityhttp://www.kb.cert.org/vuls/id/723755 Le standard le plus securise du wifi peut etre desormais crackes en heures au lieu d'annees a cause d'une faille de conception. Unique solution: utiliser le whitelise par addresse MAC: desactivez le WPS et autorizez *seulement* les apparails (consoles, PC/laptops, autres connectes en wifi) en entrant leur addresse MAC dans la whitelist.
Dernière édition par tshaashh le Sam 31 Déc 2011 - 5:46, édité 1 fois |
| | | Invité Invité
| Sujet: GSM phones vulnerable to hijack scams: researcher Sam 31 Déc 2011 - 1:02 | |
| GSM phones vulnerable to hijack scams: researcherhttp://www.reuters.com/article/2011/12/28/us-mobile-security-idUSTRE7BQ05020111228 - Citation :
- (Reuters) - Flaws in a widely used wireless technology could allow hackers to gain remote control of phones and instruct them to send text messages or make calls, according to an expert on mobile phone security.
Surtout: http://www.reuters.com/article/2011/12/28/trains-security-idUSL6E7NS0UC20111228 Hackers could shut down train lines - expert - Citation :
- Dec 28 (Reuters) - Hackers who have shut down websites by overwhelming them with web traffic could use the same approach to shut down the computers that control train switching systems, a security expert said at a hacking conference in Berlin.
Stefan Katzenbeisser, professor at Technische Universität Darmstadt in Germany, said switching systems were at risk of "denial of service" attacks, which could cause long disruptions to rail services.
"Trains could not crash, but service could be disrupted for quite some time," Katzenbeisser told Reuters on the sidelines of the convention.
"Denial of service" campaigns are one of the simplest forms of cyber attack: hackers recruit large numbers of computers to overwhelm the targeted system with Internet traffic.
Hackers have used the approach to attack sites of government agencies around the world and sites of businesses.
Train switching systems, which enable trains to be guided from one track to another at a railway junction, have historically been separate from the online world, but communication between trains and switches is handled increasingly using wireless technology.
Katzenbeisser said GSM-R, a mobile technology used for trains, is more secure than the usual GSM, used in phones, against which security experts showed a new attack at the convention.
"Probably we will be safe on that side in coming years. The main problem I see is a process of changing ... keys. This will be a big issue in the future, how to manage these keys safely," Katzenbeisser said.
The software encryption 'keys', which are needed for securing the communication between trains and switching systems, are downloaded to physical media like USB sticks and then sent around for installing -- raising the risk of them ending up in the wrong hands. (Reporting by Tarmo Virki; Editing by David Holmes) Siemens fixing cyber bugs in industrial control systemshttp://www.reuters.com/article/2011/12/22/us-siemens-cybersecurity-idUSTRE7BL1GW20111222 - Citation :
- (Reuters) - Siemens said it is working to fix security flaws in industrial controls products that the U.S. government warned could make public utilities, hospitals and other critical parts of the country's infrastructure vulnerable to attack by hackers.
The German conglomerate, whose industrial control systems are widely used around the world, said on Thursday in a posting on its website that it had learned of the vulnerabilities in May and December of this year from security researchers Terry McCorkle and Billy Rios.
The U.S. Department of Homeland Security issued an advisory that warned of the vulnerability, urging Siemens customers to minimize exposure of industrial control systems to the Internet to make them less vulnerable to attack.
"Successful exploitation of these vulnerabilities could allow a hacker to log into a vulnerable system as a user or administrator," the agency's Industrial Control Systems Cyber Emergency Response Team said in the advisory.
Rios told Reuters that one of the most serious of the vulnerabilities, known as an "authentication bypass," allows hackers to get around password protections on Web interfaces, which Siemens customers use to access industrial control systems.
Siemens industrial controls systems are used to run an assortment of facilities from power generators, chemical plants and water systems to breweries, pharmaceutical factories and even uranium enrichment facilities.
"People with low skills will be able to use this authentication bypass," said Rios, who described the problems on his blog, www.xs-sniper.com.
Siemens said it had addressed some of the security vulnerabilities and that it would release its first security update to fix them next month.
The company does not know of any cases in which hackers had exploited the vulnerabilities to attack its customers, spokesman Alexander Machowetz said.
Some Siemens software is designed to automatically install services that make control systems accessible via the Internet, Rios said. They are installed with a default password, "100," which is published in user manuals that are available on the public Siemens website, he added.
"People set up control systems, and they don't realize that they are on the Internet, waiting for people to connect to them," Rios said.
Siemens industrial control systems have been scrutinized by security researchers over the past few years.
The notorious Stuxnet virus, which crippled Iran's nuclear program, was first identified by researchers in June 2010. It targeted Siemens software used to control gas centrifuges that enriched uranium at a facility in Natanz, Iran.
Last May, the U.S. government warned U.S. water districts, power companies and other Siemens customers of another security flaw uncovered by researcher Dillon Beresford that made systems vulnerable to attack.
In August, Beresford disclosed at the Black Hat hacking conference in Las Vegas that he had found further vulnerabilities in Siemens products, including a "back door that could allow hackers to wreak havoc on critical infrastructure."
(Reporting By Jim Finkle; Editing by Lisa Von Ahn) |
| | | Invité Invité
| Sujet: The Surveillance Catalog Lun 2 Jan 2012 - 2:17 | |
| Pour l'industrie de securite, c'est noel chaque jour The Surveillance CatalogWall Street Journal http://projects.wsj.com/surveillance-catalog/#/ - Citation :
- Documents obtained by The Wall Street Journal open a rare window into a new global market for the off-the-shelf surveillance technology that has arisen in the decade since the terrorist attacks of Sept. 11, 2001.
The techniques described in the trove of 200-plus marketing documents include hacking tools that enable governments to break into people’s computers and cellphones, and "massive intercept" gear that can gather all Internet communications in a country.
The documents—the highlights of which are cataloged and searchable here—were obtained from attendees of a secretive surveillance conference held near Washington, D.C., last month. Read more about the documents.
The documents fall into five general categories: hacking, intercept, data analysis, web scraping and anonymity. Below, explore highlights related to each type of surveillance, and search among selected documents.
|
| | | Yakuza Administrateur
messages : 21656 Inscrit le : 15/09/2009 Localisation : 511 Nationalité : Médailles de mérite :
| Sujet: Re: Cyber War/Guerre informatique Lun 2 Jan 2012 - 2:30 | |
| ca me surprendrai pas qu´elle fasse comme l´industrie pharmaceutique,a savoir créer des virus tout les 2/3 ans et faire la bulle mediatique alarmante tout autour pour enfin "trouver" un anti-virus apres quelques dommages collateraux,et empocher le jackpot. _________________ | |
| | | Invité Invité
| Sujet: Re: Cyber War/Guerre informatique Lun 2 Jan 2012 - 2:46 | |
| - Yakuza a écrit:
- ca me surprendrai pas qu´elle fasse comme l´industrie pharmaceutique,a savoir créer des virus tout les 2/3 ans et faire la bulle mediatique alarmante tout autour pour enfin "trouver" un anti-virus apres quelques dommages collateraux,et empocher le jackpot.
Boss, you guessed it right. Lorsque j'etait plus jeune j'etait avide de la lecture d'un webzine "interdit" pour programmeurs de virus (feu 40Hex). La correlation entre les virus "publies" (techniques, idees, codes sources) et les nouveax virus detectes par Norton (actuel Symante) et *surtout* macAfee a ete remarquee par plusieurs. Autre piste: les chercheurs de virus sont aussi de **brillants* programmeurs (hackers) tout court, et rien n'empeche quelque uns de passer (anonymenet) vers le cote sombre de la force, durant les premiers jours d'internet ou l'anonymat etait plus "reel". Derniere piste: l'induistie de sec. informatique tire ses benefs des contrats gouvernmenteux. ces memes gouvs on interets a garder l'ecosysteme de l'insecurite infromatique en bonne sante, pour garder des portes ouvertes, des point d'acces aux equipements infromatiques a moindre couts, en laissant le marche des malware vivant et se "servant" des meilleurs produit OTS en les reorientant vers des objectifs plus militaro-policiers. Bref, la bonne vieille techque de rien-vu-rien entendu... - Citation :
- http://wikileaks.org/The-Spyfiles-The-Map.html
The Spyfiles - The Map Wikileaks: - Citation :
- Mass interception of entire populations is not only a reality, it is a secret new industry spanning 25 countries
It sounds like something out of Hollywood, but as of today, mass interception systems, built by Western intelligence contractors, including for ’political opponents’ are a reality. Today WikiLeaks began releasing a database of hundreds of documents from as many as 160 intelligence contractors in the mass surveillance industry. Working with Bugged Planet and Privacy International, as well as media organizations form six countries – ARD in Germany, The Bureau of Investigative Journalism in the UK, The Hindu in India, L’Espresso in Italy, OWNI in France and the Washington Post in the U.S. Wikileaks is shining a light on this secret industry that has boomed since September 11, 2001 and is worth billions of dollars per year. WikiLeaks has released 287 documents today, but the Spy Files project is ongoing and further information will be released this week and into next year.
International surveillance companies are based in the more technologically sophisticated countries, and they sell their technology on to every country of the world. This industry is, in practice, unregulated. Intelligence agencies, military forces and police authorities are able to silently, and on mass, and secretly intercept calls and take over computers without the help or knowledge of the telecommunication providers. Users’ physical location can be tracked if they are carrying a mobile phone, even if it is only on stand by.
But the WikiLeaks Spy Files are more than just about ’good Western countries’ exporting to ’bad developing world countries’. Western companies are also selling a vast range of mass surveillance equipment to Western intelligence agencies. In traditional spy stories, intelligence agencies like MI5 bug the phone of one or two people of interest. In the last ten years systems for indiscriminate, mass surveillance have become the norm. Intelligence companies such as VASTech secretly sell equipment to permanently record the phone calls of entire nations. Others record the location of every mobile phone in a city, down to 50 meters. Systems to infect every Facebook user, or smart-phone owner of an entire population group are on the intelligence market. Selling Surveillance to Dictators
When citizens overthrew the dictatorships in Egypt and Libya this year, they uncovered listening rooms where devices from Gamma corporation of the UK, Amesys of France, VASTech of South Africa and ZTE Corp of China monitored their every move online and on the phone.
Surveillance companies like SS8 in the U.S., Hacking Team in Italy and Vupen in France manufacture viruses (Trojans) that hijack individual computers and phones (including iPhones, Blackberries and Androids), take over the device, record its every use, movement, and even the sights and sounds of the room it is in. Other companies like Phoenexia in the Czech Republic collaborate with the military to create speech analysis tools. They identify individuals by gender, age and stress levels and track them based on ‘voiceprints’. Blue Coat in the U.S. and Ipoque in Germany sell tools to governments in countries like China and Iran to prevent dissidents from organizing online.
Trovicor, previously a subsidiary of Nokia Siemens Networks, supplied the Bahraini government with interception technologies that tracked human rights activist Abdul Ghani Al Khanjar. He was shown details of personal mobile phone conversations from before he was interrogated and beaten in the winter of 2010-2011. How Mass Surveillance Contractors Share Your Data with the State
In January 2011, the National Security Agency broke ground on a $1.5 billion facility in the Utah desert that is designed to store terabytes of domestic and foreign intelligence data forever and process it for years to come.
Telecommunication companies are forthcoming when it comes to disclosing client information to the authorities - no matter the country. Headlines during August’s unrest in the UK exposed how Research in Motion (RIM), makers of the Blackberry, offered to help the government identify their clients. RIM has been in similar negotiations to share BlackBerry Messenger data with the governments of India, Lebanon, Saudi Arabia, and the United Arab Emirates. Weaponizing Data Kills Innocent People
There are commercial firms that now sell special software that analyze this data and turn it into powerful tools that can be used by military and intelligence agencies.
For example, in military bases across the U.S., Air Force pilots use a video link and joystick to fly Predator drones to conduct surveillance over the Middle East and Central Asia. This data is available to Central Intelligence Agency officials who use it to fire Hellfire missiles on targets.
The CIA officials have bought software that allows them to match phone signals and voice prints instantly and pinpoint the specific identity and location of individuals. Intelligence Integration Systems, Inc., based in Massachusetts - sells a “location-based analytics” software called Geospatial Toolkit for this purpose. Another Massachusetts company named Netezza, which bought a copy of the software, allegedly reverse engineered the code and sold a hacked version to the Central Intelligence Agency for use in remotely piloted drone aircraft.
IISI, which says that the software could be wrong by a distance of up to 40 feet, sued Netezza to prevent the use of this software. Company founder Rich Zimmerman stated in court that his “reaction was one of stun, amazement that they (CIA) want to kill people with my software that doesn’t work." Orwell’s World
Across the world, mass surveillance contractors are helping intelligence agencies spy on individuals and ‘communities of interest’ on an industrial scale.
The Wikileaks Spy Files reveal the details of which companies are making billions selling sophisticated tracking tools to government buyers, flouting export rules, and turning a blind eye to dictatorial regimes that abuse human rights. How to use the Spy Files
To search inside those files, click one of the link on the left pane of this page, to get the list of documents by type, company date or tag.
To search all these companies on a world map use the following tool from Owni |
| | | Yakuza Administrateur
messages : 21656 Inscrit le : 15/09/2009 Localisation : 511 Nationalité : Médailles de mérite :
| Sujet: Re: Cyber War/Guerre informatique Lun 2 Jan 2012 - 3:10 | |
| faut voir a quoi serait capable la software de Amesys vendue a nos services _________________ | |
| | | Invité Invité
| Sujet: Re: Cyber War/Guerre informatique Lun 2 Jan 2012 - 6:46 | |
| - Yakuza a écrit:
- faut voir a quoi serait capable la software de Amesys vendue a nos services
Selon le manuel utilisateur de leur produit phare en Libye (EAGLE GLINT): - Citation :
- EAGLE Interception System distinct parts:
-The Probe capturing the traffic -The Data Centre for classification and storage -The Monitoring Centres
EAGLE system will retrieve the complete protocol information from the Call Data Record and all the attached documents for the following network protocols:
Mail:
SMTP POP3 IMAP
Webmails
Yahoo! Mail Classic and Yahoo! Mail v2 Hotmail v1 and v2 Gmail
VoIP SIP / RTP audio conversation MGCP audio conversation H.323 audio conversation
Chat MSN Chat Yahoo! Chat AOL Chat Paltalk
Http Search Engines Google MSN Search
Transfers FTP Telnet
EDIT: - Citation :
- actuel : On parle d’un contrat d’Amesys de 2 millions de dollars avec le Maroc concernant la fourniture par Serviware d’ordinateurs. Peut-on en savoir plus sur les détails de ce contrat ?
Kitetoa : 2 millions de dollars, c’est le coût pour Amesys des serveurs (matériel) nécessaires à la mise en place du projet Eagle au Maroc. Cela ne préjuge pas du prix facturé au Maroc. Mais cela donne une indication sur la taille de l’infrastructure mise en place et donc sur la taille de la population visée.
Que signifie le nom de code Popcorn, qui désigne le projet Eagle au Maroc ?
Il faudrait le leur demander. Nombre de leurs projets ont des noms de nourriture. Ailleurs, en Afrique comme au Gabon, on parle du projet Croco.
Qui s’occupe de l’ingénierie et du service après-vente, les services français ou les experts d’Amesys ?
Idem, il faut le leur demander.
Vous avez été le premier à publier le scoop sur le logiciel Eagle fourni aux Libyens, est-ce la même technologie qui devra être installée au Maroc ?
A priori, oui. C’est bien d’un Eagle dont il s’agit. Pour rappel, c’est ce fameux logiciel, fourni par Amesys aux Libyens, qui a permis une interception systématique de l’ensemble des communications Internet de la population libyenne.
Propos recueillis par Abdellatif El Azizi
(*) Nom de code des journalistes qui ont publié le scoop du logiciel Eagle vendu aux Libyens et aux Marocains. http://www.actuel.ma/Dossier/Portables_Internet_documents_biometriques…_Flicage_mode_demploi/843.html http://reflets.info/maroc-le-meilleur-ami-de-la-france-se-met-au-dpi-grace-a-amesys-la-filiale-de-bull/ - Citation :
- L’affaire qui s’est déroulée en catimini a laissé les internautes et les dieux de l’informatique et les réseaux sociaux marocains tiraillés entre l’indignation et le scepticisme. « Le contrat publié par le canard enchaîné parle d’une facture adressée par la société Serviware à une autre entreprise qui s’appelle Amesys sans donner de détails sur la consistance de la livraison : matériel, logiciels, assistance technique, ni sur la destination de cette commande. De plus le Maroc n’apparaît dans aucun document publié. Ce que j’ai lu ne donne aucune preuve sur la livraison d’un logiciel d’espionnage au Maroc sauf si les journaux en question sont en possession de documents qu’ils n’ont pas encore publiés. », analyse Marouane Harmach, Directeur associé à Consultor, cabinet spécialisé dans les métiers des Technologies de l’Information. Alors que certains internautes parlent d’une stratégie étatique pour effrayer et calmer les ardeurs islamistes, Marouane explique que ces postulats ne sont pas fondés : « Il n’y a aucune preuve que cette livraison- dont on ne connaît pas la consistance- était destinée au Maroc. Parler d’islamistes dans ce contexte est assez fantasmagorique. Il faut savoir que pour qu’une entité étatique ou privée passe une commande d’une telle technicité il y a un délai minimum de 3 à 12 mois pour étudier le besoin, formaliser les termes de références, consulter le prestataire, étudier son offre, passer la commande, être livré, facturer la livraison, etc. … »
La facture en question s’élève à près de 2 millions de dollars, montant « tout à fait normal pour des commandes administratives pour des équipements informatiques pointus. », rassure Marouane.
Les libertés individuelles menacées
Accord ou pas accord, contrat ou pas contrat, cette nouvelle qui a soulevé un tollé au sein de la toile marocaine et la presse nationale et internationale a remis à jour le débat sur les libertés individuelles et le respect de la sphère privé des individus. D’ailleurs, l’article 24 de la Constitution marocaine stipule que « Toute personne a droit à la protection de sa vie privée. (…) Les communications privées, sous quelque forme que ce soit, sont secrètes. » . Marouane Harmach approuve ce texte et incite à son respect : « l’activité de protection de la sécurité intérieure est encadrée par la loi. Toute action illégale qui touche à la protection des données personnelles doit être dénoncées et les voies de recours existent ou doivent être sollicités par les personnes victimes et par les associations de droits de l’homme. En principe, nous sommes dans un état de droit… ». Si la France a déjà livré, comme le notifie l’hebdomadaire français satirique, de semblables matériels informatiques pour la Syrie et la Libye, le Maroc est loin d’être dans leur même situation emblématique. « Je ne sais pas si la France commet une erreur en contractant de tels accords, si accord il y a, mais je laisse aux politiciens le soin de nous éclairer sur cette question. En tout cas le nom du projet « Popcorn » est assez anecdotique et me fait penser aux romans sur la guerre froide… », ironise et conclut Marouane. http://www.alaebennani.com/2011/12/16/amesys-–maroc-une-affaire-de-popcorn-brouillee/ Certaines questions tournent autour de l'aqusiition par le Maroc, selon des sites de qualite discutables, le cout de l'aquisition serait de 2 millions (de dollars ou d'euros selon les uns et les autres). C'est trop bas considerant le cout des Probes (surtout les TAP sur fibres optiques) et le cout des clusters d'analyses. 2 million ca peut etre juste le cout du matos de traitement (cluster) sans inclure les Taps et probes (matos tres senssible de hautre precision). Je me souviens aussi d'avoir vu du recrutement au Maroc pour Amesys. Je suppose qu'il s'agit d'adapter l'inspection a la langue arabe? Il est egalement fait mention d'un projet specicique au Maroc appele Pop Corn. faudra reverifier ca de plus pres. Dans tous les cas je ne crois pas que le Maroc va se doter de ces capcitees d'interception *maintenant*. c'est qq chose d'assez ancien au pays... |
| | | Invité Invité
| Sujet: Govt working on defensive cyberweapon / Virus can trace, disable sources of cyber-attacks Mar 3 Jan 2012 - 16:28 | |
| Govt working on defensive cyberweapon / Virus can trace, disable sources of cyber-attackshttp://www.yomiuri.co.jp/dy/national/T120102002799.htm - Citation :
- The Defense Ministry is in the process of developing a computer virus capable of tracking, identifying and disabling sources of cyber-attacks, The Yomiuri Shimbun has learned.
The development of the virtual cyberweapon was launched in 2008. Since then, the weapon has been tested in a closed network environment.
Cyberweapons are said to already be in use in countries such as the United States and China. However, in Japan there is no provision on the use of cyberweapons against external parties in existing legislation on foreign attacks. With this in mind, the Defense Ministry and Foreign Ministry have begun legislative consideration regarding the matter, according to sources.
The three-year project was launched in fiscal 2008 to research and test network security analysis equipment production. The Defense Ministry's Technical Research and Development Institute, which is in charge of weapons development, outsourced the project's development to a private company. Fujitsu Ltd. won the contract to develop the virus, as well as a system to monitor and analyze cyber-attacks for 178.5 million yen.
The most distinctive feature of the new virus is its ability to trace cyber-attack sources. It can identify not only the immediate source of attack, but also all "springboard" computers used to transmit the virus.
The virus also has the ability to disable the attacking program and collect relevant information.
Test runs in closed networks have helped the ministry to confirm the cyberweapon's functionality and compile data on cyber-attack patterns.
According to the sources, the program can identify the source of a cyber-attack to a high degree of accuracy for distributed denial of service (DDoS) attacks, as well as some attacks aimed at stealing information stored in target computers. In DDoS attacks, hackers send target websites enormous volumes of data, eventually forcing them to shut down.
Cyber-attacks, however, were not included in a 2005 cabinet decision outlining the type of attacks against which the right to self-defense can be exercised.
Under the current situation, there is a high possibility that cyberweapons cannot be used against external parties.
The use of the weapon could be considered a violation of the clause banning virus production under the Criminal Code.
Keio University Prof. Motohiro Tsuchiya, a member of a government panel on information security policy, said Japan should accelerate anti-cyber-attack weapons development by immediately reconsidering the weapon's legal definition, as other countries have already launched similar projects.
Tsuchiya said the panel also will discuss the issue.
However, a Defense Ministry official said the ministry is not considering outside applications for the program as it was developed for more defensive uses, such as identifying which terminal within the Self-Defense Forces was initially targeted in a cyber-attack.
Fujitsu declined to comment about the program, citing client confidentiality.
(Jan. 3, 2012) |
| | | Invité Invité
| Sujet: Re: Cyber War/Guerre informatique Mar 3 Jan 2012 - 17:27 | |
| Je viens de lire le manuel d'utilisateur de Amesys EAGLE sur http://owni.fr/2011/09/07/le-mode-demploi-du-big-brother-libyen/ (milieu de la page) et y'a rien qui indique que c'est le futur "Echelon" du Maroc...contrarement a la "panique" de certains sites web.
En gros c'est un logiciel d'aggregation et de gestion de donnees. l'avantage qu'il offre et d'aggreger des donnees de sources multiples focalisees sur un "suspect".
Il manque (selon ce manuel) un element important pour pousser l'automatisaton a l'etape suivante: un logiciel de reconnaissance et de transacription automatique de parole tel celui-ci http://projects.wsj.com/surveillance-catalog/documents/267008-medav-melanie/#document/p3/a38607
2M $ c'est loin d'etre suffisant pour surveiller en masse 10 millions d'internautes...la Libye a depense 145 M EUR pour 600 000 internautes...
Mon opinion est que les 2M couvrent le logiciel d'Amesys uniquement a cote de la formation?
Wallahou a3lam...
|
| | | Contenu sponsorisé
| Sujet: Re: Cyber War/Guerre informatique | |
| |
| | | | Cyber War/Guerre informatique | |
|
Sujets similaires | |
|
| Permission de ce forum: | Vous ne pouvez pas répondre aux sujets dans ce forum
| |
| |
| |
|