All posts by Sam Richardson

NSA use tool to record “100%” of a country’s phone calls

March 21, 2014 Sam Richardson

The Washington Post is today reporting that the NSA used blanket tactics to monitor phone calls from an entire country.

Millions of voice “cuts” are extracted for long time storage as part of a system called MYSTIC that’s been running since 2009, according to the latest tranche of leaked documents from NSA whistleblower Edward Snowden.

�Analysts have been able to use a search tool called RETRO (retrospective retrieval) to query data on the vast system and replay the content of calls.

The�Washington Post�is acting on a request from US officials to withhold anything that might identify the country where the system is being employed � or the other six countries where its use is planned.

MYSTIC is rare, if not unique, in focusing on the content of voice communications. Most of the agency’s previously disclosed operations have focused on either call metadata or the data mining of electronic communications through programmes such as PRISM.

Handling and transmitting bulky voice files acted as a major snag in putting together MYSTIC, at least in its early days. Around a year after MYSTIC went live, a programme officer wrote that the project “has long since reached the point where it was collecting and sending home far more than the bandwidth could handle,” theWashington Post�reports.

Similar capacity ceilings have cropped up across a range of NSA collection programs, a factor that explains the spy agency’s move to cloud-based collection systems and the construction of a massive �mission data repository� at a new facility in Utah, the�Washington Post�adds.

An indiscriminate bulk content collection programme, even one that operates in a limited number of foreign countries, sits uncomfortably with a January reassurance by President Obama that the “United States is not spying on ordinary people who don�t threaten our national security�.

Christopher Soghoian, principal technologist for the American Civil Liberties Union, said that history suggests the MYSTIC program is only to “expand to more countries, retain data longer and expand the secondary uses� over the next couple of years or so.

Internet’s time servers secured in “worldwide effort”

March 20, 2014 Sam Richardson

The BBC is reporting a “worldwide effort” to strengthen “time servers” (computers that keep the time on the internet) as a way of thwarting hack attacks. It reports that there has been an “explosion” in the last few months of the number of attacks targeting these special servers. The story was first broken by security company Arbor.

Criminals used the time servers (also known as NTP servers) in a series of DDoS attacks. DDoS attacks aim to knock out a targeted network by flooding its servers with huge amounts of data. Roughly 93% of all vulnerable servers are now thought to be secure against this type of attacks.

The inspiration for this tightening in security came from an attack on the online game League of Legends, which was performed by Derp Trolling, who have attacked many other online gaming platforms in a similar manner.

The League of Legends gaming site (and others like it) were attacked by exploiting a weakness in older forms of the software that underpins the network transfer protocol (NTP). This type of attack is called an NTP reflection attack, which uses a spoofed IP address (mimicking the targets IP address) to overload it with responses from multiple NTP servers. This rush of data to the target server, or servers, causes them to crash.

The Network Time Foundation, which helped to coordinate the security measures, estimated that 1.6 million machines were at risk to reflection attacks. Work to reduce this number began early this year.

Despite 93% of servers now being more secure, an estimated 97,000 are thought to be open to abuse.�Arbor estimates that it would take 5,000-7,000 NTP servers to mount an overwhelming attack, leaving plenty of room for hackers to manoeuvre.

The “explosion” in the number of attacks in recent months has been caused by copy cat hacking groups using the same methods as Derp Trolling. This has led to a spike in malicious network activity, hence why the internet community has responded with such a wide ranging strategy.

Morrisons suffer pay-roll data theft

March 14, 2014 Sam Richardson

Sensitive financial data from supermarket giant Morrisons’ staff payroll system has been stolen and published on the internet, putting 100,000 staff at risk.

The information, which was also sent on a disc to a newspaper, included bank account details of the Bradford-based chain’s employees.

A spokesman for Morrisons, which has 569 stores including 72 local stores across the UK, said that it immediately ensured it was taken off the website.

He added: “Initial investigations suggest that this theft was not the result of an external penetration of our systems.

“We can confirm there has been no loss of customer data and no colleague will be left financially disadvantaged.”

Morrisons have informed its workers about the theft and it is helping them take the appropriate actions to safeguard their personal data.

Morrisons has now carried out a number of actions, including working with the cyber-crime authorities and the police to identify the source of the theft and setting up a helpline for workers.

Dalton Philips, the firm’s chief executive, is leading the response to the theft.

The news comes after Morrisons posted its lowest annual profit for five years and announced it would invest �1bn ($1.67bn, �1.2bn) in price cuts over three years to win back customers.

Ukraine IT outsourcing industry at risk from crisis

March 7, 2014 Sam Richardson

The crisis in Ukraine has recently escalated to what William Hague, the UK Foreign Secretary, has called “Europe’s biggest crisis in Europe in the 21st century”. This announcement came after Russian troops moved across the border to occupy several military bases on Ukrainian soil. The Western powers, including the USA and major partners in the EU, have jumped to express their support for the new Ukrainian government, and have strongly criticised the aggression shown by Russia. In response to the occupation by Russian troops, Russia has been threatened with economic and political actions with the aim of isolating it from the international community. Despite mobilisation of troops by Russia, military intervention does seem unlikely, although not impossible.

As the crisis gradually unfolds, it is becoming easier to see how Ukraine will be affected. One area which may suffer is the country’s IT outsourcing industry, which has a value of roughly �1 bn per annum. For several years now Ukraine has been a technology hub, although relatively unknown to Western Europe, with its first ventures into IT taking place under the former USSR. Over the years this has been built into a skilled�workforce, with 30,000 students graduating in IT related subjects each year, and a good infrastructure across the country, for example broadband speeds are similar to the UK’s.�

The billion pound industry is helped by several incentives, such as low corporation tax for IT companies, lower wage demands by the Ukrainian workforce and several organisations, such as the Ukrainian HI-Tech Initiative setup with the purpose of promoting Ukrainian IT interests.�As well as a high number of IT graduates, Ukraine already has a large skilled workforce, with 25,000 specialised IT workers and 1,000 outsourcing companies.

Ukraine has recently announced that conscription has been initiated, presumably in preparation for a conflict with Russia. This could pose a very real problem for the IT workforce in Ukraine, as many of the employees are the type of person that would be conscripted (young male adults). However unlikely, if a conflict between the Ukraine and Russia did break out, it could have a detrimental effect on the IT outsourcing industry.

What is certain is the longer this crisis goes on, the longer Ukraine will suffer as a whole. As military action is not preferred, the main weapons available to the West are diplomatic and economic sanctions against Russia. However, any economic action will surely affect the IT industry in some form. Hopefully, the IT industry will be able to withstand whatever comes as a result of this crisis, one way or another.

S. Korea punishes credit card firms over data breach

February 20, 2014 Sam Richardson

Following a massive data leak in January, S. Korean financial regulators will impose strict rules on the sharing of personal information between credit card companies and their partners. The rules are due to come into affect in April, after three major credit card firms were found guilty of the theft of personal information of 20 million customers. The three firms (KB Kookmin, NH Nonghyup & Lotte) have also been suspended from operating for 3 months each as punishment for the breach.

The Financial Supervisory Service (FSS), the regulatory body in S. Korea, is behind the change in the law and the punishment to the three firms. The FSS acted after there was huge anger shown towards the credit card companies from the S. Korean public, with offices and call centres of the firms heavily bombarded with complaints. These complaints came after the FSS had tried to reassure customers that data had not actually been circulated by those responsible.

The theft of data was actually committed by former temporary consultants for the companies, one of which had stolen the data by copying it on to mobile device which could then be taken off site from the firms. This particular theft is alleged to have gone on between 2012 and 2013.

The regulator’s proposals include giving customers a choice over whether their information can be shared to third parties and mandatory deletion of customers’ data after they cancel a particular credit card.

The punishment of suspending business for 3 months is the first of its kind for 10 years, showing the severity of the breach. The FSS also promised that bans of 6 months and punishments for top executives of firms would be enforced in the event of future breaches of this level and nature. Fines of up to 1% of revenue would also be issued if data was stolen, or if stolen data was used to sell products.

In another measure to stop malicious intent going unchecked in future, the financial regulator is pushing to strengthen monitoring of staff at financial companies and their contractors involved in customer data management, and bar financial firms from sharing client data with their affiliates beyond a set limit.

Bitcoin exchange halts withdrawals after cyber-attack

February 17, 2014 Sam Richardson

BitStamp, one of the world’s largest and most commonly used Bitcoin exchanges has temporarily halted withdrawals after its exchange system came under attack.

The exchange firm, based in Slovenia, said criminals had used a vulnerability in the underlying Bitcoin software to perform the attacks. The Bitcoin Foundation, who maintain the code on which the software is based, have been trying to find a work around as well as fixes for the issue. They added that as this was a DDoS (distributed denial of service)�attack no theft of Bitcoins had taken place, but that funds were “tied up” in the affected exchanges for now.

Bitstamp are now the second big Bitcoin exchange to come under DDoS attack in under a week, with Tokyo’s MtGox being the first last Friday.

A third exchange, BTC-e has also warned that transactions would be delayed due to another DDoS attack.

The cause of the problem stems from a weakness in the Bitcoin code known as transaction malleability. This malleability allows somebody to alter the code of Bitcoin just before a particular transaction is logged. This in turn allows a withdrawal to be made multiple times without the “blockchain” (the database Bitcoin uses to record every transaction carried out) noticing, opening the door to theft of Bitcoins.

The actual DDoS attack, according to Gavin Andersen of the Bitcoin foundation, comes when an exchange firm’s systems can’t cope with vast amounts of these fraudulent transactions. Mr Andersen pointed towards the design of MtGox and Bitstamp’s systems not being up to scratch, adding that the transaction malleability issue had been known about since 2011.

Unfortunately, despite Bitcoin trying to distance themselves from the fallout of this issue, this is more unwanted publicity, after the arrests of Charlie Shrem and�Robert Faiella, in the US. Shrem and Faiella worked together to exchange over $1 million in Bitcoins to users of the Silk Road. The Silk Road, which has been shut down since October 2013, was an illegal trading place of illicit materials, such as illegal drugs and weapons. Bitcoin was the only accepted currency on the Silk Road.

Stock prices of Bitcoin fell as a result of this news from $830 to $665, a drop of nearly 20%. Prices also fell after the arrests of Shrem and Faiella, so this latest hiccup is something that Bitcoin could have done without. However, that does not stop the meteoric rise of virtual currencies, in particular Bitcoin, over the last 12 months or so. Less than two years ago, in July 2012, Bitcoin’s value was at just $9, which itself was a revelation at the time.

On this basis, it would be a safe assumption that Bitcoin might not be too worried about this latest incident.