Kaspersky labs has been hacked, we’ll tell you why it looks like a nation state was the attacker, why OPM data is too valuable sell & the real situation with LastPass.
Plus some great questions, our answers & a rocking round up.
All that and much, much more on this week’s TechSNAP!
Thanks to:
Direct Download:
HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent
RSS Feeds:
HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed
Become a supporter on Patreon:
— Show Notes: —
Kaspersky Lab hacked
- “Russia-based Kaspersky Lab, one of the biggest and most well-known cybersecurity research firms in the world, has admitted to being hacked. In a blog post published earlier today, Kaspersky Lab CEO and founder Eugene Kaspersky wrote, “We discovered an advanced attack on our own internal networks. It was complex, stealthy, it exploded several zero-day vulnerabilities, and we’re quite confident that there’s a nation state behind it.“”
- “The firm dubbed this attack Duqu 2.0. It’s named after a specific series of malware called Duqu, which was considered to be related to the Stuxnet attack that targeted states like Iran, India, France, and the Ukraine in 2011.”
- “The post went on to say that it was not wise to use an advanced never-before-used technology to spy on a firm. For one, Kaspersky sells access to a great deal of its technologies, so this group could have just paid for it. Also, in its attempt to infiltrate Kaspersky, it clued the company into the next generation spying technologies hackers are developing.”
- “”They’ve now lost a very expensive technologically-advanced framework they’d been developing for years,” the post explained.”
- “In the case of Kaspersky Lab, the attack took advantage of a zero-day in the Windows Kernel, and possibly up to two other, currently patched vulnerabilities, which were zero-day at that time. The analysis of the attack revealed that the main goal of the attackers was to spy on Kaspersky Lab technologies, ongoing research and internal processes. No interference with processes or systems was detected. More details can be found in our technical paper.”
- “From a threat actor point of view, the decision to target a world-class security company must be quite difficult. On one hand, it almost surely means the attack will be exposed – it’s very unlikely that the attack will go unnoticed. So the targeting of security companies indicates that either they are very confident they won’t get caught, or perhaps they don’t care much if they are discovered and exposed. By targeting Kaspersky Lab, the Duqu attackers probably took a huge bet hoping they’d remain undiscovered; and lost.”
- Blog: Kaspersky statement on Duqu 2.0 attack
- Research: The mystery of Duqu 2.0
- Research: The Duqu 2.0 persistence module
U.S. Office of Personnel Management (OPM) hacked
- “OPM discloses breach affecting up to 4 million federal employees, offers 18 months of free credit monitoring through CSID. Follow-up reports indicate that the breach may extend well beyond federal employees to individuals who applied for security clearances with the federal government.”
- The Office of Personnel Management (OPM) confirmed that both current and past employees had been affected.
- The breach could potentially affect every federal agency
- OPM said it became aware of the breach in April during an “aggressive effort” to update its cyber security systems.
- As the OPM’s Inspector General report put it, “attacks like the ones on Anthem and Premera [and OPM] are likely to increase. In these cases, the risk to Federal employees and their families will probably linger long after the free credit monitoring offered by these companies expires.”
- “In those files are huge treasure troves of personal data, including “applicants’ financial histories and investment records, children’s and relatives’ names, foreign trips taken and contacts with foreign nationals, past residences, and names of neighbors and close friends such as college roommates and co-workers. Employees log in using their Social Security numbers.”
- “That quote aptly explains why a nation like China might wish to hoover up data from the OPM and a network of healthcare providers that serve federal employees: If you were a state and wished to recruit foreign spies or uncover traitors within your own ranks, what sort of goldmine might this data be? Imagine having access to files that include interviews with a target’s friends and acquaintances over the years, some of whom could well have shared useful information about that person’s character flaws, weaknesses and proclivities.”
- Krebs Coverage
- The Krebs article has a great timeline
- US Law Makers demand encryption after OPM hack
- DHS says: Encryption would not have helped OPM
- OPM’s archaic IT infrastructure to blame for breach
- Krebs finds that [version of OPM data on the darkweb] is actually from a different hack of ](https://krebsonsecurity.com/2015/06/opms-database-for-sale-nope-it-came-from-another-us-gov/)
Feedback:
BSDCan Videos:
The videos from BSDCan have started to appear. Not all of them are online yet, but a good sample to get you started.
- https://www.youtube.com/playlist?list=PLWW0CjV-TafY0NqFDvD4k31CtnX-CGn8f
Round Up:
- LastPass compromise
- Netflix Instance Analysis talk at Monitorama
- New exploit turns Samsung Galaxy phones into remote bugging devices
- Microscopic Adventures of a Chip Circuitry Repairman
- US Baseball team being investigated for hacking another teams computer systems
- US Navy was trying to buy zero day exploits
- Chromium on Linux silently downloads binary blob that listens to everything you say
- Blockchain bitcoin wallet app relied on random.org via unencrypted http connection for all randomness, error caused $8100 worth of bitcoins to be sent to the wrong person
- Fake Mobile Phone Towers Operating In The UK
- Google expands its bug bounty program for Android, will pay for exploits that work on a patched Nexus 6
- How did game developers pack entire games into so little memory 25 years ago?
- TRIM on some models of SSD under linux causing issues
- Krebs on Twitter
- More Krebs