Page 3 of 5 FirstFirst 1 2 3 4 5 LastLast
Results 61 to 90 of 122

Thread: Cyber Security

  1. #61
    Join Date
    Dec 2011
    Location
    London, UK
    Posts
    1,064
    Mentioned
    7 Post(s)
    Second day off work due to cyberattack!

    http://www.adweek.com/agencies/an-in...puter-network/

  2. #62
    Join Date
    Dec 2011
    Posts
    5,073
    Mentioned
    163 Post(s)

    Cyber Security

    Quote Originally Posted by miss k bee View Post
    Second day off work due to cyberattack!

    http://www.adweek.com/agencies/an-in...puter-network/
    This is kind of a rehash of WannaCry. But with added mechanisms. But the big thing is that this isn't *really* ransomware. It's just made to look like it, from how it all looks. It's very likely an attack on Ukraine by Russia. Everyone else is probably just collateral.

    On the surface, this is a Petya Ransomware variant with some really great infection capabilities. Someone watched 5k computers get taken over in 10min. It's good. But the payment channel is busted as shit. It required the attackers to maintain access to an email account. That account got shut down within hours.

    Also, last I looked, I was hearing about a suspiciously miraculous recovery from an infection of not-Petya by a Russian group. I haven't had a chance to validate this though. I'm busy interviewing for a job with some Ukrainians... lol


    edit:
    The Guardian just posted a story that backs up the first half of my post: https://www.theguardian.com/technolo...ukraine-russia
    This post by the gruq does the same, but also talks about the suspicious Russian infections (scroll to "The immaculate infection" for that part): https://medium.com/@thegrugq/pnyetya...k-59afd1ee89d4
    Last edited by DigitalChaos; 06-28-2017 at 04:06 PM.

  3. #63
    Join Date
    Nov 2011
    Posts
    9,360
    Mentioned
    734 Post(s)
    I received an email this morning from Bitdefender:

    https://www.bitdefender.com/news/mas..._rid=374876995

  4. #64
    Join Date
    Dec 2011
    Posts
    5,073
    Mentioned
    163 Post(s)
    heh, NotPetya is not even ransomware! The changes it makes to your data aren't even reversible (at least by the infection software). So even if you could still pay the attacker, it seems there is no "decryption" mechanism.

    https://blog.comae.io/petya-2017-is-...e-9ea1d8961d3b

    "2016 Petya modifies the disk in a way where it can actually revert its changes. Whereas, 2017 Petya does permanent and irreversible damages to the disk."
    Last edited by DigitalChaos; 06-28-2017 at 12:08 PM.

  5. #65
    Join Date
    Nov 2011
    Posts
    9,360
    Mentioned
    734 Post(s)
    It hit DLA Piper (giant law firm)? LOL crazy shit

    http://abovethelaw.com/2017/06/globa...omware-attack/


    (One of the original DLA Piper firms was Rudnick & Wolfe here in Chicago)
    Last edited by allegro; 06-28-2017 at 12:26 PM.

  6. #66
    Join Date
    Nov 2011
    Posts
    9,360
    Mentioned
    734 Post(s)

  7. #67
    Join Date
    Dec 2011
    Posts
    5,073
    Mentioned
    163 Post(s)
    @allegro - Yeah, MeDoc is very popular accounting software in Ukraine. MeDoc is denying it, but the current evidence shows that it was one of the infection vectors. Basically, their software update mechanism isn't the most secure so it was probably compromised by the attacker and used to push the "ransomware" to everyone who used it. This pathway has been utilized quite a few times in popular software, and it will continue to grow more common.

    Another vector seems to be a Ukrainian City's website. It was likely hacked and then used to serve up the infection to anyone visiting it.

    Another pathway that is suspected, but unproven, is your typical email phishing.

    Unlike WannaCry, this didn't worm over the internet. It only used the worm capability (the leaked NSA tool) to propagate to the entire internal network. An hour after infection, the machine shuts down. There are still ways for it to spread accidentally to other networks, but it allows for much more targeted delivery.



    As for DLA... yeah, this was the whiteboard that greeted all the employees in the DC office:

  8. #68
    Join Date
    Dec 2011
    Posts
    5,073
    Mentioned
    163 Post(s)

    Cyber Security

    @Louie_Cypher - still doing defcon? I'll be there. I'm flying out weds. PM me some contact info if you want to cross paths still.

    I just accepted a gig at an AI startup with a heavy Ukrainian presence. Shits gonna be silly.

  9. #69
    Join Date
    Nov 2011
    Posts
    9,360
    Mentioned
    734 Post(s)
    Last edited by allegro; 07-25-2017 at 11:32 AM.

  10. #70
    Join Date
    Dec 2011
    Posts
    5,073
    Mentioned
    163 Post(s)
    Quote Originally Posted by allegro View Post
    Not enough is known, but it seems like a fairly small number of computers have been infected. So its probably very targeted. This is the 2nd known variant, the first was found on biomed machines like a year or two back, as your edit reflects.

    The guy who found this is actual doing a presentation tomorrow. Maybe we will hear more. But it sounds like he has restrictions on what he can say, probably due to an active investigation. Also, he seems to know very little about infection path. But he was able to spin up a fake "command and control" server to interface with the infected machines.

    In short: there should be enough info for AV vendors to block known variants. OS X has built in anti-malware that will likely be the first to get pattern definitions added though, so keep your OS updated. But I wouldn't worry too much about this specific malware as it seems very targeted and on a small number of machines.

    Sadly, this is usually how it looks. Malware goes undetected for quite some time until it happens to catch the eye of someone capable of finding it.

  11. #71
    Join Date
    Nov 2011
    Posts
    9,360
    Mentioned
    734 Post(s)

  12. #72
    Join Date
    Dec 2011
    Location
    san fransisco
    Posts
    886
    Mentioned
    30 Post(s)
    this is always the case but never gets much press same thing happened with Tesla, was supposed to be there but friends illness prevented the trek this year sad, was suppose to meet up with digital chaos too, which i was looking forward to, oh well hopefully next year
    -Louie

  13. #73
    Join Date
    May 2012
    Location
    WA
    Posts
    644
    Mentioned
    45 Post(s)

  14. #74
    Join Date
    Dec 2011
    Location
    san fransisco
    Posts
    886
    Mentioned
    30 Post(s)
    more Russian shenanigans
    -Louie

  15. #75
    Join Date
    Nov 2011
    Posts
    9,360
    Mentioned
    734 Post(s)

  16. #76
    Join Date
    Dec 2016
    Location
    London
    Posts
    457
    Mentioned
    3 Post(s)
    Was just about to link that as well.

    According to the BBC (http://www.bbc.co.uk/news/uk-england-40820837), he was moved before visiting hours and nobody (other the the US law enforcement, who aren't saying anything) knows where he is being held, nobody has been able to speak to him since his arrest 2 days ago...

    Something feels off about this.

  17. #77
    Join Date
    Nov 2011
    Posts
    9,360
    Mentioned
    734 Post(s)
    Quote Originally Posted by Haysey View Post
    Was just about to link that as well.

    According to the BBC (http://www.bbc.co.uk/news/uk-england-40820837), he was moved before visiting hours and nobody (other the the US law enforcement, who aren't saying anything) knows where he is being held, nobody has been able to speak to him since his arrest 2 days ago...

    Something feels off about this.
    They're probably trying to take media heat off of him, then they'll offer him a deal to work for the U.S. Government. Which NEEDS guys like him.

  18. #78
    Join Date
    Dec 2011
    Location
    san fransisco
    Posts
    886
    Mentioned
    30 Post(s)
    this is why i donate and continue to donate to https://www.eff.org/about
    -Louie

  19. #79
    Join Date
    Dec 2011
    Location
    san fransisco
    Posts
    886
    Mentioned
    30 Post(s)
    no one one is worried about sessions talking about media subpoena's, their shutting down the press and doesn't seem make anyone a little nervous, in case you don't know what that means it means our guilty by association A.G.can go to a newspaper and demand under court subpoena that reporters give the government their sources or face prosecution, this is the latest response from the white-house over "leaked" telephone transcripts of conversations with foreign leaders that made Trump, look stupid, claiming the old stand by"national" interest,and "classified", inching slowly towards a dictatorship
    -Louie

  20. #80
    Join Date
    Nov 2011
    Location
    Ontario
    Posts
    1,582
    Mentioned
    28 Post(s)
    https://techcrunch.com/2017/08/09/ma...that-reads-it/

    Malicous code written into DNA infects the computer that reads it

    WTF?

  21. #81
    Join Date
    Dec 2011
    Location
    Los Angeles
    Posts
    5,232
    Mentioned
    332 Post(s)
    Quote Originally Posted by allegro View Post
    lecture he missed


  22. #82
    Join Date
    Dec 2011
    Posts
    5,073
    Mentioned
    163 Post(s)
    Quote Originally Posted by allegro View Post
    He's in Milwaukee now. The grabbed him in Vegas on his way out of defcon. I don't want to provide a lot of detail because fuck the Feds. But just about everyone in security would be screwed if the law found our online activity from when we were teens. Marcus is only 23 so it wouldn't be that long ago. Who knows what the Feds have though.

    The prosecution are pieces of shit. They tried blocking bail by claiming he was a risk to public safety. They said he was a foreign national who discharged a firearm within the country. .... he went to a NV tourist firing range and fired guns. Jesus Christ. The judge laughed at that claim, luckily. Is that kind of thing normal from the prosecution?

    Anyway. It could be as simple as some malware author reusing code that Marcus wrote. Even if Marcus did write malware, it seems to come down to intent, especially in relation to profit. It's clear from the indictment that Marcus is not the primary target. The other person, who is still at large, took up almost all the charges listed while Marcus occupied a single charge.

    Considering the above, and the fact that the court has now allowed Marcus to access the internet again while on bail... I'm guessing they just want his help. Probably in tracking down the primary name in the indictment. That sure is a pretty horrible way to go about it though. Why not work with the UK? Why choose the worst possible time to intercept him?

  23. #83
    Join Date
    Nov 2011
    Posts
    9,360
    Mentioned
    734 Post(s)
    Normal for Federal prosecutors, yes: they play dirty. And they use what we call "fishing expeditions." Try to scare and intimidate people to fish for info.

  24. #84
    Join Date
    Dec 2011
    Posts
    5,073
    Mentioned
    163 Post(s)

    Cyber Security

    Quote Originally Posted by allegro View Post
    Normal for Federal prosecutors, yes: they play dirty. And they use what we call "fishing expeditions." Try to scare and intimidate people to fish for info.
    Figured. They held him for 2 or 3 days without a lawyer, from what I remember. That's also when they got him to admit to writing some of the code found in the malware. Which means nothing, but it's sufficient for the prosecution. That would be a long time to keep your mouth shut for most people, especially when no friends or family know where you are and you are in a foreign country. Worse is that Marcus is very helpful and probably too young to be sufficiently jaded against helping Feds.

    These assholes could have just asked for help and hinted at having possible dirt on him if they needed cooperation. Going dicks-out with a huge show of force just reinforces why so many of us in this industry are fearful of helping the Feds and dislike the idea of being one of them.
    Last edited by DigitalChaos; 08-18-2017 at 12:47 PM.

  25. #85
    Join Date
    Nov 2011
    Posts
    9,360
    Mentioned
    734 Post(s)
    You know how I feel about them but I'll say it again: I fucking hate the FBI and Feds, they're incompetent and they are evil and they suck.

    They have no plans, zero loyalty, and they only care about anything to the extent that it will put a notch in their belt.

  26. #86
    Join Date
    Dec 2011
    Location
    san fransisco
    Posts
    886
    Mentioned
    30 Post(s)
    kind of like police officers some people get involved in it or the right reasons some for the power like it all depends
    -Louie

  27. #87
    Join Date
    Dec 2011
    Posts
    5,073
    Mentioned
    163 Post(s)

    Cyber Security

    Cops and Feds are very different animals. With cops, I at least have a 50/50 experience. Some a great.
    @allegro - I don't remember if I mentioned it here. But the FBI recently wanted to talk with me, but didn't have my identity. They were going through a 3rd party. I had evidence of a pretty severe crime against public infrastructure by a foreign entity. I had no legal representation. Some of the chats you and I had flashed before my eyes. I couldn't think of any way this would hurt me, but I know that's naive. So I refused and only worked through the 3rd party as a proxy. The Feds got their evidence and I kept my distance. It was still a bit risky as that proxy was a weak point, but hey... It pisses me off that even in this situation I can't trust them
    Last edited by DigitalChaos; 08-18-2017 at 08:21 PM.

  28. #88
    Join Date
    Nov 2011
    Posts
    9,360
    Mentioned
    734 Post(s)
    @DigitalChaos , we've had our run-ins for many years here on ETS but I ALWAYS consider you an online friend. We get pissed off at each other, mostly due to Admin and Mod principles, but I just gotta say: I still respect you, we always know our mutual respect, and if G and I are out your way we hope to meet up with you and your lovely wife and kids.

    Bless.

    Edit: And ... no ... you can't trust them. I sure wish they were not like that. It's sad. It makes things so much more difficult and complicated.
    Last edited by allegro; 08-19-2017 at 07:52 AM.

  29. #89
    Join Date
    Dec 2011
    Posts
    5,073
    Mentioned
    163 Post(s)

    Cyber Security

    Fuck yeah! Hit me up if you find yourself in my area. I'm actually in south eastern WI at the moment. Haven't been for years. I miss it. Flying back to CA in a day though. There's a mild chance we end up moving out here actually. If that ends up happening I'll make a point to meet up and bring you a bottle of wine or something.

  30. #90
    Join Date
    Nov 2011
    Posts
    9,360
    Mentioned
    734 Post(s)
    You got a deal man. No wine, my addiction is Diet Coke!

    Sitting here in SE WI, I'm not sure this area is ready for you but whatever, good luck, dude. This place is like TrumpLand these days. G and I have to hold our tongues, not really into arguing where it could get nasty.

    You know, the Feds doing what they do and especially this situation with this kid who they could use, it's no wonder they have such shitty cyber abilities compared to other countries. They're making it worse for us citizens. It's just so damned frustrating. But it does give you and Louie job security heh.

    Edit: now there's this: https://arstechnica.com/information-...-published-it/
    Last edited by allegro; 08-19-2017 at 08:10 AM.

Posting Permissions