NSA merging anti-hacker team that fixes security holes with one that uses them
US spies will have to choose between keeping hackers out or acting like them to gather intelligence, going against recommendation of computer security experts
By Danny Yadron

A reorganization of the National Security Agency could increase pressure on US spies to choose between keeping hackers out – or acting like them to gather intelligence.

It's time for US to hit its cyberwar enemies hard, says Ben Carson - TechRepublic
RSS News Feed Search: CyberWar
February 07, 2016 at 02:22AM

Hacker wars

There was a time, back in the 80′s when things where changing, and people divided themselves in the ones who knew about technology, well enough to break the law in order to learn more. Computers, Internet and even phones had weakness, peasants didn’t even know about, but this guys, called crackers (if they used those to enter illegally) and hackers (phreakers, if they hacked phones) did know. 

By that time, Intel launched 8087, the first x87 floating-point coprocessor which sped up the arithmetic calculations in the computer.  IBM used it in a personal computer, sales are a succeed, the world of personal computers started being a common thing in middle-class families, as PC were affordable (between 1000$ and 2000$). Funny thing as an starting product, it had some weaknesses. Anyway, you know, other things happened in 1980, too. 

Back then there was a thing, similar to current forums, called BBS. BBS, bulletin board system, a news panel, used internet and phone line to interconnect people in a computer terminal. Through this BBS, a lot of computer freaks started exchanging information about systems, weak points, exploits, ideas… whatever. Through here, the first computer viruses were released. 

And, in between all this computer and new born technology, appeared Legion of Doom. Legion of Doom were a hacker group, one of the most important by 1984. They were a skilled group of hackers, as Masters of Deception (there was a cross-over between both).  Legion of Doom had the philosophy of entering in systems, and be curious but not breaking them, and going to the enterprises to inform an offer a solution (the current grey hats -which I’m personally very into-). On the contrary, Masters of Deception were more interested in exploits and viruses. 

But, one of the most important actions of LoD, was actually something called Legion of Doom technical Journals, a collection of articles about hacking and other things related. First time that kind of information were released and had an easy access. MoD wasn’t very into releasing this kind of content to the public, which actually started a confrontation. Currently those Journals are available here

By the 90′s, the media insisted in framing hackers as weird teens in black that wanted to see the world burn. The reality is that many of them were just curious intelligent kids, and enterprises and the government pictured them (for many supported reasons) as a threat

Between 1990 and 1991, LoD and MoD had arguments and confrontations, related to the action philosophy, and how hacking should be used. LoD decided to start a security company called ComSec, which MoD didn’t approve at all. But in the meantime, there was a nation-wide raid carried out by the U.S. Secret Service called operation Sun Devil, that investigated this cyberwar between MoD and LoD in order to catch those hackers. 

After this, most of them were imprisoned, other were wanted. It was one of the most important hackers wipe-out in computer history, that settled a final point to this new kind of “criminal”. 

To see:

  A brief history of the underground scene by phrack magazine

  Legion of Doom technical Journals by LoD in

  Great Hacker War in Wikipedia

Cyber War in Perspective: Russian Aggression against Ukraine

Cyber War in Perspective: Russian Aggression against Ukraine

External image
The conflict in Ukraine appears to have all the ingredients for cyber war. Moscow and Kyiv are playing for the highest geopolitical stakes, and both countries possess a high level of expertise in information technology and computer hacking. However, there are still many sceptics of cyber war, and more questions than answers. Malicious code has served criminals and spies very well, but can cyber…

View On WordPress
First known hacker-caused power outage signals troubling escalation
Highly destructive malware creates "destructive events" at 3 Ukrainian substations.

Highly destructive malware that infected at least three regional power authorities in Ukraine led to a power failure that left hundreds of thousands of homes without electricity last week, researchers said.

The outage left about half of the homes in the Ivano-Frankivsk region of Ukraine without electricity, Ukrainian news service TSN reported in an article posted a day after the December 23 failure. The report went on to say that the outage was the result of malware that disconnected electrical substations. On Monday, researchers from security firm iSIGHT Partners said they had obtained samples of the malicious code that infected at least three regional operators. They said the malware led to “destructive events” that in turn caused the blackout. If confirmed it would be the first known instance of someone using malware to generate a power outage.

“It’s a milestone because we’ve definitely seen targeted destructive events against energy before—oil firms, for instance—but never the event which causes the blackout,” John Hultquist, head of iSIGHT’s cyber espionage intelligence practice, told Ars. “It’s the major scenario we’ve all been concerned about for so long.”

Researchers from antivirus provider ESET have confirmed that multiple Ukrainian power authorities were infected by “BlackEnergy,” a package discovered in 2007 that wasupdated two years ago to include a host of new functions, including the ability to render infected computers unbootable. More recently, ESET found, the malware was updated again to add a component dubbed KillDisk, which destroys critical parts of a computer hard drive and also appears to have functions that sabotage industrial control systems. The latest BlackEnergy also includes a backdoored secure shell (SSH) utility that gives attackers permanent access to infected computers.

Until now, BlackEnergy has mainly been used to conduct espionage on targets in news organizations, power companies, and other industrial groups. While ESET stopped short of saying the BlackEnergy infections hitting the power companies were responsible for last week’s outage, the company left little doubt that one or more of the BlackEnergy components had that capability. In a blog post published Monday, ESET researchers wrote:

Our analysis of the destructive KillDisk malware detected in several electricity distribution companies in Ukraine indicates that it is theoretically capable of shutting down critical systems. However, there is also another possible explanation. The BlackEnergy backdoor, as well as arecently discovered SSH backdoor, themselves provide attackers with remote access to infected systems. After having successfully infiltrated a critical system with either of these trojans, an attacker would, again theoretically, be perfectly capable of shutting it down. In such case, the planted KillDisk destructive trojan would act as a means of making recovery more difficult.

Over the past year, the group behind BlackEnergy has slowly ramped up its destructive abilities. Late last year, according to an advisory from Ukraine’s Computer Emergency Response Team, the KillDisk module of BlackEnergy infected media organizations in that country and led to the permanent loss of video and other content. The KillDisk that hit the Ukrainian power companies contained similar functions but was programmed to delete a much narrower set of data, ESET reported. KillDisk had also been updated to sabotage two computer processes, including a remote management platform associated with the ELTIMA Serial to Ethernet Connectors used in industrial control systems.

In 2014, the group behind BlackEnergy, which iSIGHT has dubbed the Sandworm gang, targeted the North Atlantic Treaty Organization, Ukrainian and Polish government agencies, and a variety of sensitive European industries. iSIGHT researchers say the Sandworm gang has ties to Russia, although readers are cautioned on attributing hacking attacks to specific groups or governments.

According to ESET, the Ukrainian power authorities were infected using booby-trapped macro functions embedded in Microsoft Office documents. If true, it’s distressing that industrial control systems used to supply power to millions of people could be infected using such a simple social-engineering ploy. It’s also concerning that malware is now being used to create power failures that can have life-and-death consequences for large numbers of people.

Ukrainian authorities are investigating a suspected hacking attack on its power grid, the Reuters news service reported last week. ESET has additional technical details about the latests BlackEnergy package here.

While Saudi Arabia’s largest gas producer was also infected by destructive malware in 2012, there’s no confirmation it affected production. iSIGHT’s report suggests a troubling escalation in malware-controlled conflict that has consequences for industrialized nations everywhere.