Night Dragon, HBGary Federal Hacks Lead Security News

 
 
By Brian Prince  |  Posted 2011-02-13
 
 
 

Security researchers' revelations that hackers have targeted oil companies around the world lead this past week's IT security news.

According to McAfee, a coordinated attack campaign it has dubbed "Night Dragon" has been under way since at least 2009 and impacted oil, energy and petrochemical companies in Kazakhstan, Taiwan, Greece and the United States. Circumstantial evidence found by McAfee points to attackers based in China, who relied on a mix of spear-phishing, social engineering, Windows bugs and remote administration tools (RATs) for success.

"The attacks were not very sophisticated and did not use any zero-day exploits," Dmitri Alperovitch, vice president of threat research at McAfee Labs, told eWEEK. "They were, however, very successful, and information that [has] been [exfiltrated] has enormous potential value to competitors."

Speaking of exfiltrated information, hacktivists in Anonymous struck back at HBGary Federal after CEO Aaron Barr claimed to have infiltrated the group. In their attack, the hackers swiped e-mails that uncovered a plan by HBGary Federal, Berico Technologies and Palantir Technologies to use a disinformation campaign and other tactics against WikiLeaks and its supporters, including columnist Glenn Greenwald of Salon.com.

The proposal was prepared (PDF) for the law firm Hunton & Williams, which represents Bank of America-a suspected target of an upcoming WikiLeaks leak. Bank of America has denied having ever seen or evaluated the presentation, and said HBGary Federal was not hired on its behalf. Palantir Technologies and Berico Technologies have publicly severed ties (PDF) with HBGary Federal as well.

Elsewhere in the world of security, two German researchers uncovered a hack for the Apple iPhone that allowed them to bypass the device's password protection and steal information from the Keychain, the iOS password management system. The researchers exploited the fact that the underlying secret the password's encryption is based on is stored in the device's operating system. As a result, the required key material can be created from data available within the device and therefore in possession of the attacker.

To launch the attack, the researchers used a jail-breaking tool and installed an SSH (Secure Shell) server on the device so that software could be run on the phone unrestricted. After that, the researchers ran a small script to access and decrypt the passwords found in the Keychain. The attack requires access to the phone, meaning it could pose a threat to devices that are lost or stolen.

Security researchers also discussed with eWEEK the growing presence of development kits for rogue Facebook applications. One such kit, known as Tinie App, was responsible for the spread of an application called "Facebook Profile Creeper Tracker Pro" and cost $25, according to Websense. Other kits such as NeoApp are available on in the cyber-underground as well.

"What's new is the fact that these toolkits are getting more sophisticated and easier to use," said Vikram Thakur, principal security response manager at Symantec.

In the area of defense, Microsoft issued fixes for 22 vulnerabilities as part of this month's Patch Tuesday. The company also made an update to Windows to end support for the AutoRun feature when it comes to nonoptical media available through Windows Server Update Services. The move was made to limit the spread of AutoRun worms, which have taken advantage of the feature to propagate.

In the coming week, researchers, vendors and customers will turn their attention to the annual RSA Conference taking place in San Francisco. The conference will run from Feb. 14 to Feb. 18, and features a new session track focused on cloud computing security.


Rocket Fuel