The former being rather smart as it’s encrypted and sent via a 3rd party network – so it’s not open to wiretapping. It’s unlikely the tracksuit wearing chavs & hoodies know that, but still – it’s keeping them safe. Posting videos/pictures of themselves on public Twitter and Facebook accounts is not so smart though and will surely lead to some arrests.

Anyway that’s not the topic here, the topic here is another politically motivated hacking attack – what we would commonly call cyberterrorism.

A Taiwanese political party suspects the Chinese government is behind a hacking attack that stole information about the party’s election activities.

Taiwan’s Democratic Progressive Party (DPP) said on Tuesday that some of the attacks had been traced to China’s Xinhua News Agency, a state-run press group. The attack operated as a phishing campaign, in which DPP staffers were sent e-mails by hackers who attempted to impersonate other party employees. The staffers were then told to open the e-mail attachments, which secretly contained viruses to monitor the computers, a DPP spokeswoman said.

The DPP alleges the attacks were routed from the Xinhua News Agency through Malaysia and Australia. The attacks were also traced to IP addresses from the Chinese mainland. The Xinhua News Agency was contacted for response, but has yet to an issue a comment.

IT security experts have said the attacks were part of a state-sponsored hacking attempt, according to the DPP. “Already many countries and security groups have said the attacks from China’s cyber army are well organized and that a state actor guides and supports them,” the DPP said in statement issued on the party’s website.

As we all know, Taiwan and China are not really the best of friends with China claiming Taiwan to be part of it and Taiwan not quite agreeing. In China they fully act like Taiwan is just another state/province in China.

This time it seems to be a state run Chinese news agency (Xinhua) attacking Taiwan’s Democratic Progressive Party (commonly know as DPP).

These are of course at this time just claims, and it’ll probably stay that way as there’s no conclusive proof in these kind of situations.

China is already in the spotlight for cyber attacks after security vendor McAfee reported a massive cyber attack that stole sensitive information from 72 companies and organizations. Although McAfee did not name the group behind the hacking attempts, security experts have pointed fingers at China because of the organizations targeted. China, however, has repeatedly denied it sponsors any kind of hacking.

A DPP spokeswoman said the phishing attacks have been an ongoing problem, but that it appears more of the recent hacking attempts have been coming from China.

Taiwan and China separated in 1949 after a civil war. While China’s ruling communist party seeks for reunification with the island, the DPP supports Taiwan becoming its own nation, putting the two at odds with one another.

The DPP said on Tuesday it also traced hacking attempts to Taiwan’s own Research, Development and Evaluation Commission and called for the commission to investigate. The commission could not be reached for immediate comment.

China have been in the spotlight fairly recently with some very widespread phishing attacks including – Targeted Phishing Attacks Carried Out On Gmail – Likely From China.

It seems like these kinds of games will be going on forever including hacktivism, cyberterrorism, defacement in the name of certain causes and all kinds of other naughty business.

With so much information on computers now it’s no surprise, I’d like to see these kind of organisations having better infosec policies though including awareness training for all staff with access to e-mail accounts and computers.

Source: Network World

The latest news is some hackers have been targeting users of the Gmail service, specifically US government officials. This comes shortly after the news of Lockheed Martin being compromised and a second military contractor being attacked using RSA SecurID tokens today.

It is what’s known as a ‘spear phishing’ attack – which means it’s aimed at a specific organization or in this case specific individuals. It’s not a shotgun approach – where they spray e-mails everywhere, more like a sniper rifle.

Google has detected a targeted campaign to collect hundreds of personal Gmail passwords, many of them belonging to senior US government officials, Chinese political activists, military personnel, and journalists.

The accounts may have been compromised using spear phishing techniques in which victims received highly personalized messages that contained links to counterfeit Gmail pages, according to a blog post published in February that Google cited when disclosing the attacks on Wednesday. Google said the campaign “appears to originate from Jinan, China” but didn’t share any evidence supporting that claim.

“The goal of this effort seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change people’s forwarding and delegation settings,” Google’s blog post, titled “Ensuring your information is safe online,” stated. “Google detected and has disrupted this campaign to take users’ passwords and monitor their emails. Company officials have alerted the victims and “relevant government authorities.”

According to the February blog post, some of the phishing pages were hosted using the free dyndns.org service and contained images and text that were almost indistinguishable from those hosted on the real Google service. The links were “customized and individualized for each target,” independent security researcher Mila Parkour wrote

They are using the same old trick of getting the passwords then changing the forwarding settings so they can receive all the e-mails sent to that account somewhere else.

The attacks are said to originate from China, but as I’m sure you all know – just because the IP is in China it doesn’t mean the attacker is physically there too.

It’s a pretty systematic attack and extremely hard to defend against, because once they’ve compromised a few accounts of people that know each other – they can then make the personalized phishing mails even more relevant and convincing.

Once accounts were compromised attackers created rules to automatically forward all received email to accounts under their control, Parkour said. The attackers then used the purloined email to “gather information about the closets associates and family/friends” and exploited “the harvested information for making future mailings more plausible.”

Parkour’s post showed a half-dozen emails exchanged in the campaign, several of which contained Pentagon and US State Department addresses.

“This is the latest version of the State’s joint statement,” one fraudulent email read. “My understanding is that State put in placeholder econ language and am happy to have us fill in but in their rush to get a cleared version from the WH, they sent the attached to Mike.”

The email contained what appeared to be a Microsoft Word document as an attachment.

The incident harkens back to a separate attack Google disclosed in January 2010, that targeted the company’s source code and the Gmail accounts of human rights activists in China. Unlike the most recent phishing campaign, the “highly sophisticated and targeted attack” from 2010 exploited vulnerabilities on Google’s network to gain unauthorized access. Dozens of other companies were also targeted in the earlier attack.

Google’s blog post provides a variety of tips for keeping accounts secure. They include use of a two-step verification procedure when logging in to accounts to add an extra layer of security to the login process. Gmail also warns users of suspicious logins to their accounts.

Google does have a variety of security measure, they allow you see account activity details, IP addresses logged into your account and they do warn you of any suspicious activity. Recently they also started supporting two-factor authentication using tokens, this would totally defeat these kind of phishing attacks.

They support both SMS based authentication and application based (for iPhone, Android and BlackBerry).

So if you’re using a Google account, make sure it’s secure!

Source: The Register

There’s been a LOT of news lately about attacks from China, Chinese hackers and sites from China propagating malware.

The latest news is that China police have managed to shut down a hacker training operating that was schooling the next generation of Chinese script kiddies.

It seems like China is grooming a huge cyberarmy both in the private section (mostly underground) and in the government sector for cyber-terrorism.

Police in central China have shut down a hacker training operation that openly recruited thousands of members online and provided them with cyberattack lessons and malicious software, state media said Monday. The crackdown comes amid growing concern that China is a center for Internet crime and industrial espionage. Search giant Google said last month its e-mail accounts were hacked from China in an assault that also hit at least 20 other companies.

Police in Hubei province arrested three people suspected of running the hacker site known as the Black Hawk Safety Net that disseminated Web site hacking techniques and Trojan software, the China Daily newspaper said. Trojans, which can allow outside access to a computer when implanted, are used by hackers to illegally control computers. The report did not say exactly when the arrests took place.

Black Hawk Safety Net recruited more than 12,000 paying subscribers and collected more than 7 million yuan ($1 million) in membership fees, while another 170,000 people had signed up for free membership, the paper said.

With over 12,000 paying members they must have been raking in quite a tidy sum in membership fees. Estimated at $1million USD if you take into consideration the economy that’s a lot of money if there’s only 3 guys running the site.

It seems like the group has been around for quite a while, it’s rare to see a fairly underground hacking scene become so commercial.

I’m surprised it took 3 years to get shut-down, but then China has had it’s fair share of more serious problems to deal with.

The case can be traced to a hacking attack in 2007 on an Internet cafe in Macheng city in Hubei that caused Web services for dozens to be disrupted for more than 60 hours, the paper said. A few of the suspects caught in April said they were members of the Black Hawk Safety Net.

Black Hawk’s Web site 3800hk.com could not be accessed, but a notice purportedly from Black Hawk circulating on online forums said that a backup site had been set up. The notice also sought to reassure members of its continued operations and said its reputation was being smeared by some Internet users.

“At this time, there are Internet users with evil intentions who have deliberately destroyed Black Hawk’s reputation, deceived our members and stole material,” the notice addressed to members said. “We must join forces and attack these Web sites.”

A customer service officer contacted by phone, who refused to give his name, said the backup site provides content for its paying members to download course material to allow them to continue their computer lessons — though not in hacking. The Hubei government refused to comment Monday while officials at the provincial public security bureau did not respond to repeated requests for comment.

The site involved seems to be down still but rumors on related forums are that a backup site is already up, I’m sure it’s being kept private though and I suspect only the paying members will be notified of the new URL.

After this bust they’d be foolish not to be a little more cautious.

It’ll be interesting to see if any more news pops up about this Black Hawk Safety Net organization and if so what they are up to.

At least this time we can be pretty sure it’s not a CIA sting operation.

Source: Yahoo! News

After the recent fiasco about the Pentagon being Hacked by Chinese Military another few governments have piped up with information about cyber surveillance by China.

The latest is France.

It seems like right now china has it’s fingers in many pies.

France has become the fourth country to speak out against hackers in China following an attack on French government systems.

Francis Delon, France’s secretary general for national defence, claimed that the country’s systems had been compromised and that the evidence pointed to China.

“We have proof that there was involvement with China,” he said. “But that is not to say the Chinese government.”

It’s interesting to see people talk about ‘proof’ when in a virtual world what proof can you have? It can from a Chinese IP address? Is there any proof that says that Chinese IP address wasn’t compromised by a Russian hacker and used to channel attacks?

Diversion and subterfuge are common even in non-political hacking scenarios.

America, the UK and Germany have similarly complained of security attacks that came from the region.

US officials claimed that the Chinese military successfully hacked computers inside the Pentagon in June.

Meanwhile, German chancellor Angela Merkel also complained that her government’s systems had been penetrated by Chinese hackers, raising the subject with Chinese president Hu Jintao.

It seems they are racking up quite some intel on a number of countries.

China has of course again denied ALL of the claims laid against it.

Source: vnunet

A paper about cracking SHA-1 originally surfaced in 2005, from a fairly reputable scientific source in China, it was widely publicised nor talked about much.

But then recently, just last month China managed to make a wave out of it, almost 2 years after the initial ‘report’.

It was even Slashdotted on January 20th 2007, the article states the following:

These two main algorithms are currently the crucial technology that electronic signatures and many other password securities use throughout the international community. They are widely used in banking, securities, and e-commerce. SHA-1 has been recognized as the cornerstone for modern Internet security. According to the article, in the early stages of Wang’s research, there were other data encryption researchers who tried to crack it. However, none of them succeeded. This is why in 15 years Hash research had become the domain of hopeless research in many scientists’ minds.

Source: Epoch Times

Bruce Schneier wrote about this in 2005, February in fact, almost 2 full years ago.

SHA-1 Broken

Cryptanalysis of SHA-1

It’s not a major thing though and it’s far beyond anything most criminals could use to thwart national security…or even the security of things based on SHA-1 like OpenSSH.

There are however plenty of replacement algorithms if you are paranoid such as SHA-224, SHA-256, SHA-384, and SHA-512.