Chinese Hackers Used NSA Hacking Tools Before Shadow Brokers Leaked Them

By: Swati Khandelwal

In a shocking revelation, it turns out that a hacking group believed to be sponsored by Chinese intelligence had been using some of the zero-day exploits linked to the NSA’s Equation Group almost a year before the mysterious Shadow Brokers group leaked them.

According to a new report published by cybersecurity firm Symantec, a Chinese-linked group, which it calls Buckeye, was using the NSA-linked hacking tools as far back as March 2016, while the Shadow Brokers dumped some of the tools on the Internet in April 2017.

Active since at least 2009, Buckeye—also known as APT3, Gothic Panda, UPS Team, and TG-0110—is responsible for a large number of espionage attacks, mainly against defence and critical organizations in the United States.

Although Symantec did not explicitly name China in its report, researchers with a high degree of confidence have previously attributed [1,2] Buckeye hacking group to an information security company, called Boyusec, who is working on behalf of the Chinese Ministry of State Security.

Symantec’s latest discovery provides the first evidence that Chinese state-sponsored hackers managed to acquire some of the hacking tools, including EternalRomanceEternalSynergy, and DoublePulsar, a year before being dumped by the Shadow Brokers, a mysterious group that’s still unidentified.

According to the researchers, the Buckeye group used its custom exploit tool, dubbed Bemstour, to deliver a variant of DoublePulsar backdoor implant to stealthily collect information and run malicious code on the targeted computers.

Benstour tool was designed to exploit two then-zero-day vulnerabilities (CVE-2019-0703 and CVE-2017-0143) in Windows to achieve remote kernel code execution on targeted computers.

More: https://thehackernews.com/2019/05/buckeye-nsa-hacking-tools.html

Vodafone Found Hidden Backdoors in Huawei Equipment

By: Daniele Lepido

 

While the carrier says the issues found in 2011 and 2012 were resolved at the time, the revelation may further damage the reputation of a Chinese powerhouse.

For months, Huawei Technologies Co. has faced U.S. allegations that it flouted sanctions on Iran, attempted to steal trade secrets from a business partner and has threatened to enable Chinese spying through the telecom networks it’s built across the West.

 Now Vodafone Group Plc has acknowledged to Bloomberg that it found vulnerabilities going back years with equipment supplied by Shenzhen-based Huawei for the carrier’s Italian business. While Vodafone says the issues were resolved, the revelation may further damage the reputation of a major symbol of China’s global technology prowess.

Europe’s biggest phone company identified hidden backdoors in the software that could have given Huawei unauthorized access to the carrier’s fixed-line network in Italy, a system that provides internet service to millions of homes and businesses, according to Vodafone’s security briefing documents from 2009 and 2011 seen by Bloomberg, as well as people involved in the situation.

Vodafone asked Huawei to remove backdoors in home internet routers in 2011 and received assurances from the supplier that the issues were fixed, but further testing revealed that the security vulnerabilities remained, the documents show. Vodafone also identified backdoors in parts of its fixed-access network known as optical service nodes, which are responsible for transporting internet traffic over optical fibers, and other parts called broadband network gateways, which handle subscriber authentication and access to the internet, the people said. The people asked not to be identified because the matter was confidential.

More: https://www.bloomberg.com/news/articles/2019-04-30/vodafone-found-hidden-backdoors-in-huawei-equipment

Dozens of US spies killed after Iran and China uncovered CIA messaging service using Google

By: Margi Murphy

Dozens of American spies were killed in Iran and China after a flawed communications service that allowed foreign foes to see what the agents were up to using Google, official sources have claimed.

Between 2009 and 2013 the US Central Intelligence Agency suffered a “catastrophic” secret communications failure in a website used by officers and their field agents around the world to speak to each other, according to a report in Yahoo News, which heard from 11 former intelligence and government officials about the previously unreported disaster.

“We’re still dealing with the fallout,” said one former national security official. “Dozens of people around the world were killed because of this.”

The internet-based communications platform was first used in the Middle East to communicate with soldiers in war zones and had not been intended for widespread use but due to its ease of use and efficacy, it was adopted by agents despite its lack of sophistication, the sources claimed.

Cracks only began to show when Iran, angered that the government under Barack Obama had discovered a secret Iranian nuclear weapon factory, went out with a fine tooth comb to find moles.

It discovered the existence of one of the websites used by US agents using Google. US officials believe that Iranian spies were able to use Google as a search tool to find secret CIA websites, unbeknown to those using them.

By 2011, Iran had infiltrated the CIA spy network and in May it announced that they had broken up a 30-strong ring of American spies.

Some informants were executed and others imprisoned as a result, the sources claimed.

This was corroborated by a report on ABC news at the time, which referred to a compromised communications system after a tip off from the CIA.

Meanwhile in China 30 agents working for the US were executed by the government after compromising the spy network using a similar means. Beijing had managed to break into a second temporary communications system,  splintered from the initial platform and were able to see every single agent the CIA had placed in the country, the sources told Yahoo.

The sources said that it the general consensus was that that Iran and China had traded technical information with each other to form a two-pronged attack.

A CIA agent in Russia who was warned about the attacks were able to change communication channels before anyone was uncovered.

More: https://www.telegraph.co.uk/technology/2018/11/03/dozens-us-spies-killed-iran-china-uncovered-cia-messaging-service/amp/

Cryptocurrencies lose $42b after South Korean bourse hack

By: Eric Lam Jiyeun Lee and Jordan Robertson

The 2018 selloff in cryptocurrencies deepened, wiping out about $42 billion of market value over the weekend and extending this year’s slump in Bitcoin to more than 50 percent.

Some observers pinned the latest retreat on an exchange hack in South Korea, while others pointed to lingering concern over a clampdown on trading platforms in China. Cryptocurrency venues have come under growing scrutiny around the world in recent months amid a range of issues including thefts, market manipulation and money laundering.

Bitcoin has dropped about 12 percent since 5 p.m. New York time on Friday and was trading at $6,756, bringing its decline this year to 53 percent. Most other major virtual currencies also retreated, sending the market value of digital assets tracked by Coinmarketcap.com to a nearly two-month low of $298 billion. At the height of the global crypto-mania in early January, they were worth about $830 billion.

Enthusiasm for virtual currencies has waned partly due to a string of cyber heists, including the nearly $500 million theft from Japanese exchange Coincheck Inc. in late January. While the latest hacking target — a South Korean venue called Coinrail — is much smaller, the news triggered knee-jerk selling, according to Stephen Innes, head of Asia Pacific trading at Oanda Corp. in Singapore.

 “This is ‘If it can happen to A, it can happen to B and it can happen to C,’ then people panic because someone is selling,” Innes said.

The 2018 selloff in cryptocurrencies deepened, wiping out about $42 billion of market value over the weekend and extending this year’s slump in Bitcoin to more than 50 percent.

 Some observers pinned the latest retreat on an exchange hack in South Korea, while others pointed to lingering concern over a clampdown on trading platforms in China. Cryptocurrency venues have come under growing scrutiny around the world in recent months amid a range of issues including thefts, market manipulation and money laundering.

Bitcoin has dropped about 12 percent since 5 p.m. New York time on Friday and was trading at $6,756, bringing its decline this year to 53 percent. Most other major virtual currencies also retreated, sending the market value of digital assets tracked by Coinmarketcap.com to a nearly two-month low of $298 billion. At the height of the global crypto-mania in early January, they were worth about $830 billion.

Enthusiasm for virtual currencies has waned partly due to a string of cyber heists, including the nearly $500 million theft from Japanese exchange Coincheck Inc. in late January. While the latest hacking target — a South Korean venue called Coinrail — is much smaller, the news triggered knee-jerk selling, according to Stephen Innes, head of Asia Pacific trading at Oanda Corp. in Singapore.

 “This is ‘If it can happen to A, it can happen to B and it can happen to C,’ then people panic because someone is selling,” Innes said.

The slump may have been exacerbated by low market liquidity during the weekend, Innes added.

“The markets are so thinly traded, primarily by retail accounts, that these guys can get really scared out of positions,” he said. “It actually doesn’t take a lot of money to move the market significantly.”

More: https://www.bloomberg.com/news/articles/2018-06-10/bitcoin-tumbles-most-in-two-weeks-amid-south-korea-exchange-hack

A China está pronta para dizer tchau para dinheiro e cartões de crédito.

By: Felipe Zmoginski

Rápido como uma selfie: pagamento mobile está em todos os locais na China Estrangeiros que viajaram à China antes das Olimpíadas de 2008, em Beijing, sabem que usar cartão de crédito no país era quase tão difícil quanto encontrar placas em inglês nas grandes cidades locais. Na última década, porém, não só as placas se tornaram bilíngues quanto os meios de pagamento passaram por uma revolução inédita no mundo.

Um estudo publicado pela consultoria eMarketer, em março deste ano, revela que mais de 80% dos 712 milhões de cidadãos que usam smartphone no país usam serviços de mobile payment em seu dia a dia. Na China, paga-se de tudo com os aplicativos do Ali Pay, do grupo Alibaba, ou WeChat Pay, da Tencent. Por tudo, entenda-se deste a aquisição de um automóvel na concessionária até a esmola paga aos pedintes das grandes metrópoles.

O método de uso é simples e rápido. Lojistas, ambulantes, restaurantes, taxistas ou prestadores de serviço carregam consigo um QR Code impresso, em cartão de papel ou colado sobre os balcões de atendimento, no caso de lojas física. Tal QR code aponta para uma conta virtual em serviços como Ali Pay, por exemplo, e ao escaneá-lo, com seu smartphone, o consumidor transfere, em frações de segundo, dinheiro de sua carteira virtual para a carteira do vendedor. O processo é tão rápido que as filas em caixas diminuíram sensivelmente após a adoção desta tecnologia, extremamente popular na China. Entre as vantagens da tecnologia, está o fato de dois celulares comunicarem-se entre si, sem a necessidade de conectarem-se à servidores remotos, o que frequentemente gera lentidão quando usamos, por exemplo, nossos cartões de débito com chip, no Brasil.

De acordo com um estudo publicado, este mês, pelo Banco do Povo da China, só nos últimos 10 meses, o equivalente a US$ 8 trilhões foi movimentado em pagamentos móveis.  Para usar tais serviços, basta ter um celular, um app instalado e carregá-lo com recursos de sua conta corrente. É como se você transferisse, por exemplo, R$ 300 reais de sua conta no Itaú ou Bradesco, para um app genérico no smartphone e pudesse ir às compras só com o celular. Nas próximas semanas, informa o governo local, até o metrô de Beijing poderá ser pago com mobile payment. Nada mais de fila para comprar bilhetes. Você aproxima o celular da catraca e a tarifa está debitada.

Mais: https://copyfromchina.blogosfera.uol.com.br/2018/05/02/a-china-esta-pronta-para-dizer-tchau-para-dinheiro-e-cartoes-de-credito/

 

Chinese Cyber Attacks on European Businesses Soar

By: Ed Targett

Two years ago when security company NTT Security published its 2016 annual Global Threat Intelligence Report, China accounted for less than three percent of all attacks against EMEA-based businesses – ranking as the ninth most prominent attack source.

Within a year, it had surged to become the number one source of attacks across Europe, the Middle East and Africa, with a whopping 67 percent of cyberattacks on the manufacturing sector stemming from Chinese sources.

That’s according to NTT’s 2018 Global Threat Intelligence report, which summarises data from over 6.1 trillion logs and 150 million attacks for its analysis – which is based on log, event, attack, incident and vulnerability data from clients.

It also includes details from NTT Security research sources, including global honeypots and sandboxes located in over 100 different countries, the company notes.

Tech Targeted

Attacks against finance were characterized by extensive use of spyware and keyloggers, as well as application-based attacks, NTT emphasised.

Perhaps unsurprisingly, meanwhile, the buoyant and highly competitive tech sector saw the biggest increase in attacks; a 25 percent global average increase, with hostile activity against technology “highly characterized by reconnaissance and continual attacks from sources previously known to be hostile”.

More: https://www.cbronline.com/news/chinese-cyber-attacks

8 Ways Hackers Monetize Stolen Data

By: Steve Zurier

Hackers are craftier than ever, pilfering PII piecemeal so bad actors can combine data to set up schemes to defraud medical practices, steal military secrets and hijack R&D product information.

We are long past the era of the 14-year old teenage hacker trying to spoof a corporate or defense network for the fun of it, just because they can. While that still happens, it’s clear that hacking has become big business.

From China allegedly stealing billions of dollars annually in intellectual property to ransomware attacks estimated to top $5 billion in 2017, data breaches and the resulting cybercrime are keeping CISO and rank-and-file security managers on their toes.

Security teams need to be aware of the full range of what hackers do with this stolen data. The crimes range from stolen IP to filing fraudulent tax rebates to the IRS to setting up a phony medical practice to steal money from Medicare and Medicaid patients and providers.

“Hackers will often start by selling data on military or government accounts,” says Mark Laliberte, an information security analyst at WatchGuard Technologies. “People are also bad at choosing passwords for individual services and often reuse passwords, which lets hackers try those passwords on the other websites their victims use.”

MORE:https://www.darkreading.com/attacks-breaches/8-ways-hackers-monetize-stolen-data———–/d/d-id/1331560

UK cyber security agency sticks with China’s Huawei despite US spy fears

By: sikur

Capturar

by Matthew Field

February 20, 2018

The UK’s top cyber security agency has reaffirmed its commitment to working with Chinese smartphone giant Huawei after US spy chiefs accused the company of presenting a national security risk.

The Government and the National Cyber Security Centre (NCSC) will “continue to benefit” from collaboration with Huawei, according to an NCSC spokesman. It comes despite US government employees potentially being banned from using the Chinese company’s smartphones due to security fears.

In the UK, Huawei operates a cybersecurity centre alongside members of GCHQ. Known as “The Cell”, it is set up to monitor threats and backdoors in the company’s own hardware. It is staffed by Huawei researchers overseen by the NCSC.

Last week, US intelligence chiefs from the Federal Bureau of Intelligence (FBI), Central Intelligence Agency and National Security Agency repeatedly warned against Huawei’s phones and recommended US consumers should avoid them.

“We’re deeply concerned about the risks of allowing any company or entity that is beholden to foreign governments that don’t share our values to gain positions of power inside our telecommunications networks,” FBI Director Chris Wray said.

The UK’s relationship with Huawei has taken a different path than its ally, however. Rather than blocking the company, UK spies from GCHQ work closely with the Chinese company.

“Huawei is a globally important company whose presence in the UK reflects our reputation as a global hub for technology, innovation and design,” an NCSC spokesman said.

“This government and British telecoms operators work with Huawei at home and abroad to ensure the UK can continue to benefit from new technology while managing cyber security risks.”

MORE: http://www.telegraph.co.uk/technology/2018/02/20/uk-cyber-security-agency-sticks-chinas-huawei-despite-us-spy/

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

US’s greatest vulnerability is underestimating the cyber threats from our adversaries, foreign policy expert Ian Bremmer says

By: sikur

Capturar

by Natasha TurakHadley Gamble

February 17, 2018

America’s greatest vulnerability is its continued inability to acknowledge the extent of its adversaries’ capabilities when it comes to cyber threats, says Ian Bremmer, founder and president of leading political risk firm Eurasia Group.

Speaking to CNBC from the Munich Security Conference on Saturday, the prominent American political scientist emphasized that there should be much more government-level concern and urgency over cyber risk. The adversarial states in question are what U.S. intelligence agencies call the “big four”: Russia, China, North Korea, and Iran.

“We’re vulnerable because we continue to underestimate the capabilities in those countries. WannaCry, from North Korea — no one in the U.S. cybersecurity services believed the North Koreans could actually do that,” Bremmer described, naming the ransomware virus that crippled more than 200,000 computer systems across 150 countries in May of 2017.

He also noted the NotPetya malware attack in July 2017, considered the costliest cyberattack in history, which U.S. and European governments have accused Russia’s military of implementing. Believed to be a deliberate attack on Ukraine, it actually wiped off half a point from Ukraine’s gross domestic product.

Borge Brende, president of the World Economic Forum, weighed in, stressing the economic cost of cyber crimes. “It is very hard to attribute cyberattacks to different actors or countries, but the cost is just unbelievable. Annually more than a thousand billion U.S. dollars are lost for companies or countries due to these attacks and our economy is more and more based on internet and data.”

MORE: https://www-cnbc-com.cdn.ampproject.org/c/s/www.cnbc.com/amp/2018/02/17/munich-security-conference-ian-bremmer-on-cybersecurity-threats.html

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist