IT Support and Hardware for Clinics
32.0K views | +10 today
Follow
IT Support and Hardware for Clinics
News, Information and Updates on Hardware and IT Tools to help improve your Medical practice
Your new post is loading...
Your new post is loading...
Scoop.it!

Lenovo Website Hijacked

Lenovo Website Hijacked | IT Support and Hardware for Clinics | Scoop.it

The website of Lenovo.com, the world's largest PC manufacturer, was hacked on Feb. 25 and visitors directed to an attacker-controlled page. The hacking group Lizard Squad, which has claimed credit for the attack via Twitter, also appears to have intercepted some Lenovo e-mails.

"Lenovo has been the victim of a cyber-attack," spokeswoman Wendy Fung told Information Security Media Group on Feb. 26. "One effect of this attack was to redirect traffic from the Lenovo website. We are also actively investigating other aspects. We are responding and have already restored certain functionality to our public-facing website.


"We regret any inconvenience that our users may have if they are not able to access parts of our site at this time," Fung added. "We are actively reviewing our network security and will take appropriate steps to bolster our site and to protect the integrity of our users' information and experience. We are also working proactively with third parties to address this attack and we will provide additional information as it becomes available."

Lenovo appeared to have restored complete access to its public website by the evening of Feb. 25.

The attack follows revelations that Lenovo, in recent months, had been preinstalling Superfish, which is adware that information security experts warn could be abused by attackers to intercept consumers' communications on many of its consumer devices.

In response to those reports, Lenovo has apologized and released utilities consumers can use to expunge Superfish from their systems. Working with McAfee, Microsoft and Trend Micro, the Superfish software has also been classified as malware and targeted for removal by their anti-virus engines, which Lenovo says will remotely wipe the adware from many systems.

Lizard Squad has recently claimed credit for a number of attacks, including the January disruption of the Malaysian Airline website, as well as the 2014 Christmas Day disruption of the Sony PlayStation and Microsoft Xbox Live networks.

Hacking Lenovo's DNS

The Lenovo.com website disruption began Feb. 25 at about 4 p.m. ET, with visitors to the site being redirected to another site that was labeled as being "the new and improved rebranded Lenovo website," accompanied by a slideshow of bored-looking teenagers looking at webcams, as the song "Breaking Free" - from the movie "High School Musical" - played in the background, technology publication The Verge first reported.

"We're breaking free! Soarin', flyin', there's not a star in heaven that we can't reach!" Lizard Squad tweeted at 4:19 p.m. ET via its @LizardCircle account, referencing the lyrics from the High "School Musical" song.

Security experts say Lizard Squad appears to have hijacked the Lenovo.com website by compromising its domain registrar, Web Commerce Communications Limited - better known as Webnic.cc. The attackers were then able to alter the Lenovo.com DNS settings, ultimately transferring them to servers run by the distributed denial-of-service attack defense service CloudFlare.

"To all asking: Lenovo was NOT a CF customer; their domain was hijacked & transferred to us," CloudFlare principal security research Marc Rogers tweeted on Feb. 25. "We are working with them to restore service."

The choice of CloudFlare was no doubt an ironic move, given that Lizard Squad says its attacks are meant to advertise its own DDoS service, Lizard Stresser.

Domain Registrar Offline

Following the attack, the Webnic.cc website has been unavailable and resolving to a "service temporarily unavailable" error message. Contacted on Feb. 26, a member of the Webnic.cc customer support team, based in Kuala Lumpur, Malaysia, declined to comment on the reported attack, and whether the website outage was intentional, for example if the registrar is attempting to conduct a digital forensics investigation and remediate affected systems following the apparent hack attack.

If Lizard Squad obtained access to internal Webnic.cc systems, then it could have transferred the Lenovo.com website to any address of its choosing. Bolstering that theory, Lizard Squad has published what it claims to be an authorization key - also known as an auth code or EFF key - that it stole from Webnic.cc. Such keys are used to authorize the transfer of domains between registrars.

Lenovo E-Mail Theft?

Lizard Squad has also published two e-mails that had apparently been sent to employees at Lenovo - with a Lenovo.com e-mail address - on Feb. 25, during the time when the hacking group appeared to have been in control of the Lenovo.com DNS settings. One e-mail cited The Verge report that the Lenovo.com website had been hacked as of 4 p.m. ET, and that Lizard Squad appeared to be responsible.

Another published e-mail referred to a Lenovo Yoga laptop that was "bricked" when a customer attempted to run Lenovo's update to remove the Superfish application and root certificate that it was preinstalling on many of its consumer devices (see Lenovo Drops Superfish Adware). "FYI - the process to remove the Superfish software from the Yoga 11 has resulted in a failed device. Can we get him a new one?" the internal e-mail reads.

Lenovo's Fung declined to comment on whether those e-mails were genuine. But Lizard Squad says via Twitter: "We'll comb the Lenovo dump for more interesting things later."

Follows Google Vietnam Hack

The Lenovo website hack follows Lizard Squad claiming credit for the recent disruption of Google.com.vn, or Google Vietnam, which was reportedly also registered with Webnic.cc. For several hours on Feb. 23, visitors to that Google website were reportedly redirected to a website that showed a man taking a "selfie" in the mirror with his iPhone, underneath the words "Hacked by Lizard Squad," The Wall Street Journal reports.

Google says that its systems were not breached by the attack, and said its domain name registrar was responsible. "For a short period today, some people had trouble connecting to google.com.vn, or were being directed to a different website," a Google spokesman told The Wall Street Journal. "We've been in contact with the organization responsible for managing this domain name and the issue should be resolved."


more...
No comment yet.
Scoop.it!

Obama Imposes Sanctions on North Korea for Hack

Obama Imposes Sanctions on North Korea for Hack | IT Support and Hardware for Clinics | Scoop.it

Holding North Korea responsible for the cyber-attack on Sony Pictures Entertainment, President Obama imposed sanctions on 10 individuals and three entities associated with the North Korean government.

The president ordered on Jan. 2 the seizing of property held by the individuals and organizations in the United States, a mostly symbolic action because few, if any, assets of those designated in the order are likely located in the U.S.


The organizations facing sanctions include the Reconnaissance General Bureau, North Korea's primary intelligence agency; Korea Mining Development Training Corp., or KOMID, North Korea's primary arms dealer; and Korea Tangun Trading Corp., the North Korean agency primarily responsible for the procurement of commodities and technologies to support its defense research and development programs.

"Our response to North Korea's attack against Sony Pictures Entertainment will be proportional, and will take place at a time and in a manner of our choosing," a White House statement says. "Today's actions are the first aspect of our response."

Further Isolating North Korea

The executive order authorizes Treasury Secretary Jack Lew to impose the sanctions. Lew, in a statement, says the sanctions are driven by the government's commitment to hold North Korea accountable for its destructive and destabilizing conduct.

"Even as the FBI continues its investigation into the cyber-attack against Sony Pictures Entertainment, these steps underscore that we will employ a broad set of tools to defend U.S. businesses and citizens, and to respond to attempts to undermine our values or threaten the national security of the United States," Lew says. "The actions taken today ... will further isolate key North Korean entities and disrupt the activities of close to a dozen critical North Korean operatives. We will continue to use this broad and powerful tool to expose the activities of North Korean government officials and entities."

An administration official told The New York Times that these sanctions are a first step to punish the North Koreans for the Sony breach. "The administration felt that it had to do something to stay on point," the official said. "This is certainly not the end for them."


more...
No comment yet.
Scoop.it!

Experts Question Sony Hack-Back Story

Experts Question Sony Hack-Back Story | IT Support and Hardware for Clinics | Scoop.it

Information security experts are questioning the accuracy of a news report that claims Sony Pictures Entertainment is attempting to "hack back" to disrupt distribution of stolen Sony files.

The report on the news website Re/code, which is affiliated with CNBC, cites two anonymous sources saying that "the company is using hundreds of computers in Asia to execute what's known as a denial-of-service attack on sites where its pilfered data is available."


Multiple information security experts, however, have questioned that account. "I highly doubt Sony is doing this," Tom Chapman, director of the security operations group at computer security firm EdgeWave, tells Information Security Media Group. "And I highly doubt this would work. As for the legality, [it's] probably highly illegal."

What Sony might be doing, however, some experts speculate, is attempting to disrupt BitTorrent networks on which the stolen files are currently circulating by sending the "peers" that are attempting to download the file to sites where only bogus versions of those files are being stored. "Screwing with torrents is as old as torrents, and even if it were 'hacking,' which it isn't, it isn't hitting the attackers," says Jack Daniel, a strategist at vulnerability detection vendor Tenable Network Security.

Sony has failed to respond to repeated requests for comment on the hack attack against it.

Attackers Threaten Further Releases

Meanwhile, a group calling itself Guardians of Peace, or G.O.P., which claimed credit for the Sony attack, is continuing to release more of the "tens of terabytes" its claims to have stolen.

In an e-mail sent to Information Security Media Group on Dec. 11, someone claiming to be part of G.O.P. included links to multiple sites that contain a message from the group that includes links to download a sixth batch of leaked data, which attackers claim includes the Outlook mailbox for Sony's general counsel, Leah Weil, who joined the company in 1996. That leak follows the reported release of the Outlook mailbox for Sony Picture Chairman Amy Pascal.

G.O.P.'s latest message includes a warning to all Sony's employees. "We still have huge amount of sensitive information to be released including your personal details and mailboxes," it says. "Make the company cancel the release of the movie of terrorism, or you have to be blamed for it," it adds, apparently referring to Sony's forthcoming comedy The Interview, which according to leaked e-mails features Kim Jong-un's head exploding after he gets hit with a shell fired from a tank, Reuters reports.

Sony's Breach Costs Mount

Sony information that's already been leaked to date - beyond high-quality copies of five unreleased films - has included exhaustive lists of Sony's passwords for social media networks, as well as private details for 47,000 employees.

As more and more such information - including Social Security numbers and other personally identifiable information on current and former employees - becomes public, and the related risk of identity theft increases, some commentators have been asking just how much Sony is going to have to pay to repair the damage.

Of course, that question can't yet be definitively answered. Full details of the Sony attack have yet to come to light, and the full ramifications of the data breach - including whether it might drive big-name stars, directors and writers to competing studios - probably won't be known for at least another six months, Jim Lewis, senior fellow at the Center for Strategic and International Studies, tells Reuters. "Usually, people get over it, but it does have a short-term effect," he says.

Still, Lewis believes that Sony's related breach costs could hit $100 million, although he notes that the costs would be higher had Sony lost customer data, as happened in the April 2011 attack that compromised the personal information of 77 million PlayStation network and Qriocity customers, triggering a U.K. fine and a U.S. class action lawsuit that Sony ultimately settled.



more...
No comment yet.
Scoop.it!

Darkleaks: An online black market for selling secrets

Darkleaks: An online black market for selling secrets | IT Support and Hardware for Clinics | Scoop.it

Whistleblowers and those individuals that are simply out to make a buck out of any confidential and valuable information, can now offer it for sale on Darkleaks, a decentralized, anonymous black market on the Internet.

The Darkleaks project is built on top of the Bitcoin blockchain, and can be used by downloading this software package (source code is open).

The process of releasing and buying the released information works like this (as explained by Zozan Cudi, a member of the Kurdish People's Defense Units):

"When the leaker selects a document, it is broken up into segments. Each of the segments is hashed, and a Bitcoin address is generated using the hash as the secret key. From this public key, a new key is generated to encrypt the segments. The encrypted segments are released for public download with the list of Bitcoin addresses.

To prove the authenticity of the document, the system uses a trustless provably fair mechanism. When announcing the leak, the leaker chooses a date and number of the chunks to be released. Based on the Bitcoin block hash at that time, some provably fair random numbers are chosen to select segments to be unlocked. This allows the community to verify the veracity of the file and decide whether they want to pay for the remaining encrypted segments.

The buyers then send Bitcoins to these addresses. When the leaker decides to claim the Bitcoins from the private key, due to how Bitcoin is designed he must release the public key which allows the buyers to decrypt the document."


The marketplace is supposed to offer anonymity for both the leaker and the buyer - the two don't interact, and there is no central operator who might somehow discover their identities.

The people behind it say that this marketplace can be used to stop corruption and challenge power, but of course it can obviously be used by sellers and buyers with a more sinister agenda, as there is no limit to what information can be sold - Hollywood movies, government secrets, military intelligence, stolen databases, celebrity sex pictures, and so on...


Via Paulo Félix
more...
No comment yet.
Scoop.it!

6 Sony Breach Lessons We Must Learn

6 Sony Breach Lessons We Must Learn | IT Support and Hardware for Clinics | Scoop.it

After the complete collapse of network security at Sony Pictures Entertainment - in the wake of its data breach - the organization's fundamental mistakes deserve to be highlighted; there are lessons to be learned for all. Here's my macro view of the information security lessons every organization should take away:

1. Watch Your Risk Tolerance. First, Sony Pictures appears to have chosen a relatively high level of risk regarding its information security posture. This conclusion is supported both by comments made by its chief information security officer and by e-mails leaked by the attackers. In choosing that posture, it is highly unlikely that Sony's executives anticipated the consequences that would ultimately befall either their enterprise or the nation. Perhaps many enterprises need to rethink the duty they owe to their neighbors.

 I have always argued that outsiders damage the brand, but insiders bring down the business. Sony may break that rule. 


Sony Pictures is a publishing company. Its "crown jewels" are information assets. Unreleased movies, scripts, agreements with talent, and even technology are Sony's "stock in trade." The compromise of one, or even a few systems on its network should not result in the loss of strategic assets, much less absolutely everything on the network.

2. This is Vandalism, Not War. North Korea was a huge beneficiary of the Sony breach, while the "world's remaining superpower" and another prime adversary - Japan - were both humiliated in name, if not at their instigation. That said, the Sony breach was vandalism, not an act of war. It may even have been purely opportunistic, with a patina of justification added after the fact.

3. Data Exfiltration Must be Caught. The attack used widely available tools against people and weak system and network configurations, rather than exploiting glaring software vulnerabilities. Most significantly, the attack required days to weeks to unfold, and involved all kinds of related, malicious activity, including the exfiltration of hundreds of gigabytes of data - if not more - that should not have gone unrecognized.

4. We're All Vulnerable. We're all at risk from the type of attack that successfully breached Sony. That vulnerability is rooted partly in our culture of freedom, which is valued, but too easily eroded in the face of fear. It is also rooted in our technology infrastructure, which we use widely and depend on heavily, and from which we derive both productivity and comfort. The success of the Sony attack, however, has raised fears - which may or may not be true - that our entire infrastructure is vulnerable to attack, and that as a society we could be not just beneficiaries of the Internet, but also victimized by it.

5. Beware the Business Impact. I have always argued that outsiders damage the brand, but insiders bring down the business. Sony may break that rule. By the time the final cost of this breach is tallied, we will probably have lost interest, but it may be the most damaging attack against a single enterprise that wasn't launched by an insider. I expect that Sony Pictures will survive as a business unit within Sony. Whether it could survive as a stand-alone business is far less certain.

6. These Incidents Make Us All Look Bad. The changing rhetoric from Sony has been less than satisfying. The response of the exhibitors can best be described as craven. The coverage of the media has been gleeful. So far the government has been reduced to the wringing of hands. None of us looks very good. One would like to hope that we take all these lessons to heart, but I fear that in the face of the exponential growth of our information infrastructure, things are likely to get worse before they get better.

The Way Forward

Breaches, of course, are inevitable. But they should not compromise the crown jewels - that intellectual property that is crucial to the business strategy. They should not bring down the business, must not compromise the integrity of the infrastructure, or threaten our freedoms. Some have suggested that the President of the United States should have a "kill switch" that he could use to shut down the Internet so that it cannot be used to attack the power grid or the financial infrastructure. However, since both of these depend on the Internet, this is a solution worse than the problem it sets out to solve.

The solution is this: We must get the fundamentals right. We must use strong authentication and true-end-to-true-end encryption, everywhere. This will increase the time required to successfully execute an attack, make the attack more obvious, and raise the total cost. No less fundamental is the need to improve how we monitor and react. And we can put these fundamentals in place - even if it takes months or years to fully implement - using our available knowledge and tools.

While the Internet is resilient by design, that is a double-edged sword: it ensures availability, but makes it more difficult to address denial of service. Better resisting denial-of-service attacks will require further research, intelligence, new controls, new agreements, and perhaps legislation and treaties. This will take a little longer, but is no less important for making us all more secure.


more...
Rul's curator insight, December 29, 2014 3:42 PM

La multinationale réagit face au piratage informatique dont elle a été victime il y a quelques jours.