The latest news is some hackers have been targeting users of the Gmail service, specifically US government officials. This comes shortly after the news of Lockheed Martin being compromised and a second military contractor being attacked using RSA SecurID tokens today.

It is what’s known as a ‘spear phishing’ attack – which means it’s aimed at a specific organization or in this case specific individuals. It’s not a shotgun approach – where they spray e-mails everywhere, more like a sniper rifle.

Google has detected a targeted campaign to collect hundreds of personal Gmail passwords, many of them belonging to senior US government officials, Chinese political activists, military personnel, and journalists.

The accounts may have been compromised using spear phishing techniques in which victims received highly personalized messages that contained links to counterfeit Gmail pages, according to a blog post published in February that Google cited when disclosing the attacks on Wednesday. Google said the campaign “appears to originate from Jinan, China” but didn’t share any evidence supporting that claim.

“The goal of this effort seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change people’s forwarding and delegation settings,” Google’s blog post, titled “Ensuring your information is safe online,” stated. “Google detected and has disrupted this campaign to take users’ passwords and monitor their emails. Company officials have alerted the victims and “relevant government authorities.”

According to the February blog post, some of the phishing pages were hosted using the free dyndns.org service and contained images and text that were almost indistinguishable from those hosted on the real Google service. The links were “customized and individualized for each target,” independent security researcher Mila Parkour wrote

They are using the same old trick of getting the passwords then changing the forwarding settings so they can receive all the e-mails sent to that account somewhere else.

The attacks are said to originate from China, but as I’m sure you all know – just because the IP is in China it doesn’t mean the attacker is physically there too.

It’s a pretty systematic attack and extremely hard to defend against, because once they’ve compromised a few accounts of people that know each other – they can then make the personalized phishing mails even more relevant and convincing.

Once accounts were compromised attackers created rules to automatically forward all received email to accounts under their control, Parkour said. The attackers then used the purloined email to “gather information about the closets associates and family/friends” and exploited “the harvested information for making future mailings more plausible.”

Parkour’s post showed a half-dozen emails exchanged in the campaign, several of which contained Pentagon and US State Department addresses.

“This is the latest version of the State’s joint statement,” one fraudulent email read. “My understanding is that State put in placeholder econ language and am happy to have us fill in but in their rush to get a cleared version from the WH, they sent the attached to Mike.”

The email contained what appeared to be a Microsoft Word document as an attachment.

The incident harkens back to a separate attack Google disclosed in January 2010, that targeted the company’s source code and the Gmail accounts of human rights activists in China. Unlike the most recent phishing campaign, the “highly sophisticated and targeted attack” from 2010 exploited vulnerabilities on Google’s network to gain unauthorized access. Dozens of other companies were also targeted in the earlier attack.

Google’s blog post provides a variety of tips for keeping accounts secure. They include use of a two-step verification procedure when logging in to accounts to add an extra layer of security to the login process. Gmail also warns users of suspicious logins to their accounts.

Google does have a variety of security measure, they allow you see account activity details, IP addresses logged into your account and they do warn you of any suspicious activity. Recently they also started supporting two-factor authentication using tokens, this would totally defeat these kind of phishing attacks.

They support both SMS based authentication and application based (for iPhone, Android and BlackBerry).

So if you’re using a Google account, make sure it’s secure!

Source: The Register

It looks like Obama is taking a serious stance on Cyber Security and Cyber Crime with his introduction of a new position which will be known as the ‘Cyber Czar’.

As a senior White House official this is quite a serious position with the responsibility of protecting both the US government networks and looking out for private companies too.

It’ll be interesting to see who is chosen for the post and what kind of policies or campaigns they will run.

President Obama is expected to announce late this week his decision to create a senior White House official responsible for protecting the nation’s government-run and private computer networks from attack, according to a published report.

The “cyber czar” will probably be a member of the National Security Council but will report to the national security adviser and the senior White House economic advisor, according to The Washington Post, which cited unnamed officials who had been briefed on the plan. As of Friday, Obama had not yet settled on the advisor’s rank and title.

The announcement is to coincide with the release of a 40-page report evaluating the government’s strategy for security government networks and other infrastructure deemed critical to national security. The timing of the report – it was expected to be released a week or two ago – and the details included in the Washington Post report suggest the plan may have run into infighting by advisors to Obama.

Officially the rank and title have not yet been decided but they will be working with the National Security Council and the Economic division of the government.

The strategy will be interesting to see too, what are they going to propose to protect the government networks and what else will they deem critical to national security? I hope it includes power stations and other such resources (Industrial Control Systems for example) as they seem to be massively lacking security.

On his first full day in office, Obama signaled a willingness to have the cyber czar report directly to the president, an arrangement that he promised as a candidate and that was also recommended by a panel of more than 60 government and business computer security experts.

While the idea is whoever is appointed will be someone who can “pick up the phone and contact the president directly, if need be,” the advisor no longer would report directly to Obama, according to the report. What’s more, the czar would now have two bosses, in an attempt to strike a balance between homeland security and economic concerns.

Over the past few months, turf wars have arisen between advisors who want the ultra-secretive National Security Agency to oversee the country’s cybersecurity. Others have said the job is best carried out by the National Cybersecurity Center, an office within the Department of Homeland Security that’s responsible for coordinating the defense of civilian, military and intelligence networks. In March, the government’s cybersecurity chief abruptly resigned amid allegations his office was woefully underfunded and inappropriately controlled by the military.

Seems like there is some infighting going on in the government and a bit of a power struggle as to which department will be controlling the ‘cyber czar’.

It’s looking like the organizational problems regarding cyber security may run deeper than they appear on the surface with claims of underfunding and misuse by the military.

I hope they do sort it out though, the more secure the US government is the safer the rest of the World will be.

Source: The Register

Seems like a social engineering type attack again relying on human ignorance and stupidity. Based around some kind of malware reporting back to a central repository.

Remember kids if a deal is too good to be true…it isn’t.

Hackers stole information from the U.S. Department of Transportation and several U.S. companies by seducing employees with fake job-listings on advertisements and e-mail, a computer security firm said.

The victims include consulting firm Booz Allen, computer services company Unisys Corp, computer maker Hewlett- Packard Co and satellite network provider Hughes Network Systems, a unit of Hughes Communications Inc, said Mel Morris, chief executive of British Internet security provider Prevx Ltd.

Of the list, only Unisys acknowledged that viruses had been detected and removed from two PCs, saying no information had been leaked. A Department of Transportation spokeswoman said the agency could not find any indication of a breach and a spokeswoman for Hughes said she was unaware of any breaches.

They were fairly selective about their targets which meant they stayed under the radar for some time.

Prevx said the malware it identified uses a program named NTOS.exe that probes PCs for confidential data, then sends it to a Web site hosted on Yahoo Inc. That site’s owner is likely unaware it is being used by hackers, Morris said.

He believes the hackers have set up several “sister” Web sites that are collecting similar data from other squadrons of malware. It was not clear whether the hackers used any information stolen from more than 1,000 PCs.

The hackers only targeted a limited group of computers, which kept traffic down and allowed them to stay under the radar of security police, who tend to identify threats when activity reaches a certain level.

The fact is off the shelf AV solutions CANNOT detect custom malware, this has been known about for a long time but it’s never really sunken in to the brains of the people in charge.

A little bit of programming and a little bit of imagination and most companies can still be owned with a custom trojan.

Source: Reuters