Follow by Email

Saturday, January 31, 2015

128-bit Block Length Idea In Encryption Algorithm 

Here's an IDEA-variant with a 128-bit block length. While I think it's a great idea to bring IDEA up to a modern block length, the paper has none of the cryptanalysis behind it that IDEA had. If nothing else, I would have expected more than eight rounds. If anyone wants to practice differential and linear cryptanalysis, here's a new target for you.

They Can Penetrate Your Walls

In the latest example of a military technology that has secretly been used by the police, we have radar guns that can see through walls.

An Eye On Your Internet Downloads

 Another story from the Snowden documents:
According to the documents, the LEVITATION program can monitor downloads in several countries across Europe, the Middle East, North Africa, and North America. It is led by the Communications Security Establishment, or CSE, Canada's equivalent of the NSA. (The Canadian agency was formerly known as "CSEC" until a recent name change.)

CSE finds some 350 "interesting" downloads each month, the presentation notes, a number that amounts to less than 0.0001 per cent of the total collected data.
The agency stores details about downloads and uploads to and from 102 different popular file-sharing websites, according to the 2012 document, which describes the collected records as "free file upload," or FFU, "events."

Nowhere Bank In China

Here's a story of a fake bank in China -- a real bank, not an online bank -- that stole $32m from depositors over a year. Pro tip: real banks never offer 2%/week interest.

Thursday, January 1, 2015

2015 Could Be the Year of the Hospital Hack

After Obamacare required hospitals to convert all health records into electronic files, those records are now very vulnerable, and experts expect hackers to target them in the coming years. From the article: "Along with vast troves of credit card information and celebrity snapshots, hackers stole a record number of medical records from U.S. health-care facilities this year. In 2015, attacks targeting health data will become even more common, according to security researchers....The cause of the uptick isn't hard to diagnose. Medical organizations across the world are switching to electronic medical records, and computer security is not always a high enough priority during the process, says Leonard. Besides that, he says, easy and fast access to medical information often trumps security.

The NSA Uses the Same Chat Protocol As Hackers

NSA documents obtained by Edward Snowden and reported on by Der Spiegel on Sunday reveal that the agency communicates internally with Jabber, an open source messaging service used by hackers and activists trying to skirt the NSA's internet surveillance dragnet. A document outlining the NSA's Scarletfever program—a "message driven cryptologic exploitation service" designed as part of the larger Longhaul initiative, a program that collects data and finds ways to break its encryption—contains a curious point buried near the end: "Jabber Chat Room: TBD.

Long Story Short the Sony Attack

An analysis of the timestamps on some of the leaked documents shows that they were downloaded at USB 2.0 speeds -- which implies an insider.
Our Gotnews.com investigation into the data that has been released by the "hackers" shows that someone at Sony was copying 182GB at minimum the night of the 21st -- the very same day that Sony Pictures' head of corporate communications, Charles Sipkins, publicly resigned from a $600,000 job. This could be a coincidence but it seems unlikely. Sipkins's former client was NewsCorp and Sipkins was officially fired by Pascal's husband over a snub by the Hollywood Reporter.
Two days later a malware bomb occurred.
We are left with several conclusions about the malware incident:
  1. The "hackers" did this leak physically at a Sony LAN workstation. Remember Sony's internal security is hard on the outside squishy in the center and so it wouldn't be difficult for an insider to harm Sony by downloading the material in much the same way Bradley Manning or Edward Snowden did at their respective posts.
  2. If the "hackers" already had copies, then it's possible they made a local copy the night of the 21st to prepare for publishing them as a link in the malware screens on the 24th.
Sony CEO Michael Lynton's released emails go up to November 21, 2014. Lynton got the "God'sApstls" email demand for money on the 21st at 12:44pm.
Other evidence implies insiders as well:
Working on the premise that it would take an insider with detailed knowledge of the Sony systems in order to gain access and navigate the breadth of the network to selectively exfiltrate the most sensitive of data, researchers from Norse Corporation are focusing on this group based in part on leaked human resources documents that included data on a series of layoffs at Sony that took place in the Spring of 2014.
The researchers tracked the activities of the ex-employee on underground forums where individuals in the U.S., Europe and Asia may have communicated prior to the attack.
The investigators believe the disgruntled former employee or employees may have joined forces with pro-piracy hacktivists, who have long resented the Sony's anti-piracy stance, to infiltrate the company's networks.
I have been skeptical of the insider theory. It requires us to postulate the existence of a single person who has both insider knowledge and the requisite hacking skill. And since I don't believe that insider knowledge was required, it seemed unlikely that the hackers had it. But these results point in that direction.
Pointing in a completely different direction, a linguistic analysis of the grammatical errors in the hacker communications implies that they are Russian speakers:
Taia Global, Inc. has examined the written evidence left by the attackers in an attempt to scientifically determine nationality through Native Language Identification (NLI). We tested for Korean, Mandarin Chinese, Russian, and German using an analysis of L1 interference. Our preliminary results show that Sony's attackers were most likely Russian, possibly but not likely Korean and definitely not Mandarin Chinese or German.
The FBI still blames North Korea:
The FBI said Monday it was standing behind its assessment, adding that evidence doesn't support any other explanations.
"The FBI has concluded the government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment. Attribution to North Korea is based on intelligence from the FBI, the U.S. intelligence community, DHS, foreign partners and the private sector," a spokeswoman said in a statement. "There is no credible information to indicate that any other individual is responsible for this cyber incident."
Although it is now thinking that the North Koreans hired outside hackers:
U.S. investigators believe that North Korea likely hired hackers from outside the country to help with last month's massive cyberattack against Sony Pictures, an official close to the investigation said on Monday.
As North Korea lacks the capability to conduct some elements of the sophisticated campaign by itself, the official said, U.S. investigators are looking at the possibility that Pyongyang "contracted out" some of the cyber work.
This is nonsense. North Korea has had extensive offensive cyber capabilities for years. And it has extensive support from China.
Even so, lots of security experts don't believe that it's North Korea. Marc Rogers picks the FBI's evidence apart pretty well.
So in conclusion, there is NOTHING here that directly implicates the North Koreans. In fact, what we have is one single set of evidence that has been stretched out into 3 separate sections, each section being cited as evidence that the other section is clear proof of North Korean involvement. As soon as you discredit one of these pieces of evidence, the whole house of cards will come tumbling down.