iTWire - iTWire - Security iTWire - Technology news, trends, reviews, jobs Thu, 29 Jan 2015 05:10:59 +1100 Joomla! - Open Source Content Management en-gb CSIRO to pilot IBM’s breakthrough in cloud-based personal data protection’s-breakthrough-in-cloud-based-personal-data-protection’s-breakthrough-in-cloud-based-personal-data-protection CSIRO to pilot IBM’s breakthrough in cloud-based personal data protection

IBM has announced a new cloud-based technology for developers to help consumers better protect their private data, and Australia’s CSIRO is going to pilot it.

28 January 2015 is ‘Data Privacy Day’, and its the day IBM made a big announcement - new cloud-based technology to protect personal data.

The technology ‘enables developers to help consumers better protect their personal data online such as their date of birth, home address and credit card numbers’, with IBM’s scientists ‘developing a clever cryptographic algorithm which enables transactions to occur without involuntarily sharing any personal data.’

IBM calls this technology ‘Identity Mixer’, with the company saying it uses ‘a cryptographic algorithm to encrypt the certified identity attributes of a user, such as their age, nationality, address and credit card number in such a way that the user is able to reveal only selected pieces to third parties, such an online marketing survey, online retailer or an e-government website.’

Identity Mixer can be used within a digital wallet, which contains credentials certified by a trusted third party, such as a government-issued electronic identity card.

Importantly, says IBM, ‘the issuer of the credentials has no knowledge of how and when they are being used.’

IBM’s scientists are working with ‘academic and industrial partners in Europe and Australia in a new pilot project called ‘Authentication and Authorisation for Entrusted Unions (AU2EU)’, over a two year period, to demonstrate Identity Mixer’s cloud-enabled smarts.

Over the two year period, we’re told that ‘8.6 million euro pilot scientists will test Identity Mixer in two scenarios in Germany with the Deutsches Rotes Kreuz (German Red Cross) and in Australia with CSIRO.’ So, how will the CSIRO use it? The CSIRO pilot ‘will leverage IBM's Identity Mixer to protect Australia’s agricultural productivity and related export trade from exotic diseases, particularly in animals.’

We’re told that, ‘to maintain the nation’s disease free status, the Australian government, along with key partners, have developed an emergency rapid response plan to quickly take action before an outbreak spreads.’

This plan involves swiftly bringing together government, academic and other research organisations, along with industry partners into a secure, trustworthy online collaborative environment that facilitates evidence-based decision making. Using Identity Mixer, the pilot will also ‘help facilitate the secure sharing of sensitive information in a timely matter across several remote locations and between collaborating partners.’

John Zic, the CSIRO’s principal research scientist said: “Speed and responding rapidly to disease incidents are absolutely vital towards saving the lives of both humans and animals.

“Using the advanced technologies in this pilot, we expect to see gains in the ability to respond, while still maintaining the security, privacy and trust required to be effective.”

{loadposition alex08}

Interestingly, this isn't the first time that Identity Mixer has been used - it was previously available for download and demonstrated to work on smart cards.

However, it is now being made available to developers as an easy to use web service in IBM Bluemix, IBM's new platform-as-service (PaaS) cloud that combines the strength of IBM software, third-party and open technologies.

Available this ‘spring’, which is presumably the Australian autumn, IBM says that ‘BlueMix subscribers can experiment with Identity Mixer within their own applications and web services. Using simple pull down menus, developers can choose the types of data they wish to secure and BlueMix will provide the code, which can then be embedded in their service. Identity Mixer can also be implemented for on-premise private clouds.’

Dr Jan Camenisch, cryptographer and co-inventor of Identity Mixer at IBM Research said: “Identity Mixer incorporates more than a decade of research to bring the concept of minimal disclosure of identity-related data to reality, and now it is ready to use for both computers and mobile de-vice transactions.”

Christina Peters, IBM’s Chief Privacy Officer said: “Identity Mixer enables users to choose precisely which data to share, and with whom.

“Now web service providers can improve their risk profile and enhance trust with customers, and it’s all in the cloud making it easy for developers to program.”

Dr Camenisch added: “If Big Data is the new natural resource then privacy is its currency.

“We have been developing Identity Mixer for more than a decade to bring the concept of minimal disclosure of identity-related data to reality and now its easy to use for both computers and mobile device transactions.”

To this, Peters added: ”Identity Mixer is an example of why legislation around data privacy across the globe should enable - not stifle - innovation.

“It demonstrates that innovation leads to better data privacy: privacy that is more secure for the consumer with tools that are more accessible and easier to implement for the provider.”

So, how does Identity Mixer work?

IBM explains: The example gives is of ‘a video streaming service is offering several films which have age restrictions.’

To stream the 12+ movie, ‘Alice’ needs to prove that she is at least 12 years of age and that she lives within the appropriate region.

The typical way to do this would require Alice to enter her full date of birth and address, but this actually reveals more than is necessary.

Identity Mixer can simply con-firm that Alice is at least 12 without disclosing the month, date and year of her birth and reveal that she lives in the correct region, i.e. region This ensures that even if the video streaming service is hacked Alice’s personal data remains safe.

Similarly, if Alice needed to use her credit card to purchase a movie, the video streaming service would only learn that Alice’s credit card is valid and that it can accept payment, never revealing the actual number or expiration date. Dr Anna Lysyanskaya, a co-inventor of Identity Mixer who is currently a professor of computer science at Brown University said: "We wanted individuals to have control over what they reveal about themselves.

“With Identity Mixer now in the cloud, developers have a very strong cryptographic tool that makes privacy practical; it is a piece of software that you can incorporate into an identity management service, making future privacy breaches provably impossible."

The Deutsches Rotes Kreuz (German Red Cross) Pilot:

A second pilot will run simultaneously with Deutsches Rotes Kreuz (DRK).

The DRK is a major provider for regional home emergency call and social service in Germany which delivers tailored social care services to their customers 24/7 including emergency services, assisted mobility, housekeeping and nursing assistance.

The organisation has four million volunteers and professional staff, 52 hospitals and more than 500 nursing homes operated worldwide. In the AU2EU pilot, 20 DRK pilot participants in the southwest of Germany will be equipped with sensors for in-home activity and status monitoring.

The data gathered from these sensors will be transferred to a dedicated cloud server, where the data will be analysed to determine the type of assistance required.

In addition, DRK field representatives will be provided with a mobile device to collect and register sensitive customer data, such as medical records, medication and family contacts, to establish a service contract.

Identity Mixer will be used to keep all of this data confidential and private. The technology will be implemented by NEC Europe and Tunstall Healthcare, with the note that ‘Tunstall Healthcare is not part of the AU2EU, but is providing tele-healthcare solutions for the Deutsches Rotes Kreuz.’

Caroline Greiner, the district manager of the German Red Cross for Rhein-Neckar/Heidelberg said: “Our goal today, as it has been for 150 years, is to offer help to victims of conflicts and disasters as well as to other vulnerable people and to provide support at home, transport and mobility aids to help people when they face a crisis in their daily lives.

“New technologies play an increasingly important role in realising this help, particularly for our home emergency alarm service. Here we offer services to senior citizens so that they can remain at home and in a conformable and familiar setting.

“The privacy technology we are testing in AU2EU will ensure that these aids are provided both efficiently and securely to protect the personal data of our customers to a high degree. Only by embracing such privacy technologies will we be able to maintain the trust of the people we service around the world.”

AU2EU is a collaboration of both industrial and academic organisations across Europe and Australia including:

Technische Universiteit Eindhoven, Philips Electronics Nederland B.V., Bicore Services B.V., NEC Europe LTD, IBM Research, Deutsches Rotes Kreuz, Thales Communications & Security SAS, Commonwealth Scientific and Industrial Research Organisation, Edith Cowan University, Royal Melbourne Institute of Technology, University of New South Wales and Macquarie University and Tunstall Healthcare

]]> (Alex Zaharov-Reutt) Security Thu, 29 Jan 2015 00:17:04 +1100
REVEALED: 2014’s Top 25 worst passwords’s-top-25-worst-passwords’s-top-25-worst-passwords REVEALED: 2014’s Top 25 worst passwords

If you’re hankering to have your identity stolen, here’s the list of the top 25 worst passwords to use, guaranteed to be hacked so fast you might need a new identity!

If there’s one thing you need when crafting a password, it’s complexity. You then need the simplicity of a solid password manager so your brain doesn’t have to remember every 16 or preferably more letters, numbers and symbols password you create.

After all, the days of using the same username and password at every site are so long gone that anyone still doing it isn’t just begging for trouble, they’re laying themselves wide open for a complete digital life takeover by nasty, nefarious and no-good online criminals just waiting to exploit your life, your credit and your sanity.

However, crazy as it sounds, people are still insanely using a bonkers list of no-brainer passwords that are on the top of the list for the worst ever.

The news comes from security applications and services company SplashData, no doubt itself hoping to make a bit of a splash in the global tech news with an always timely warning for people to be much more proactive with powerful passwords and digital security.

SplashData also offers password management software, called SplashID, which it clearly hopes will get a few new users.

The company has released its fourth annual report, which I annoyingly can’t find a link to at its website (unless the entire report is its media release), which was compiled from ‘more than 3.3 million leaked passwords during the year’.

So, without further ado, the full list of the top 25 is as follows:

Rank   Password         Change from 2013
1         123456             No Change
2         password          No Change
3         12345               Up 17
4         12345678         Down 1
5         qwerty              Down 1
6         123456789       No Change
7         1234                 Up 9
8         baseball            New
9         dragon              New
10       football              New
11       1234567            Down 4
12       monkey             Up 5
13       letmein              Up 1
14       abc123              Down 9
15       111111               Down 8
16       mustang            New
17       access              New
18       shadow             Unchanged
19       master              New
20       michael             New
21       superman         New
22       696969             New
23       123123             Down 12
24       batman            New
25       trustno1           Down 1

I've seen some other news sites promote the list of 'top 25' in their headlines or intro paragraphs, and then only list the top 10 worst passwords, which seems crazy to me, so the above list is the full top 25. 

{loadposition alex08}

Morgan Slain, CEO of Splashdata, and presumed slayer of sloppy passwords, said: “Passwords based on simple patterns on your keyboard remain popular despite how weak they are. Any password using numbers alone should be avoided, especially sequences. As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords, and they are still not secure."

Passwords such as ‘iloveyou’ have fallen off Splashdata’s list in 2014 compared to 2013, with new additions weirdly including ‘batman’ and ‘696969’.

Clearly, using batman as a password provides zero guarantee of the Dark Knight protecting you from anything or anyone, let alone cyber criminals.

Using simple words is an absolute no-no, with really dumb passwords like ‘golfer’, ‘soccer’ and ‘hockey’ in Splashdata’s top 100 list, among many others like sports team names.

The top 100 list (which I’d share with you but which is, again annoyingly, nowhere to be found at Splashdata’s site) includes ‘swear words and phrases, hobbies, famous athletes, car brands, and film names.’

So, really, unless you use a password like $*j2$g11!9#2)4#lw!7*D2#A, with words mixed in if you want to make it longer still, you’re going to need a bigger boat (and a stronger password), ‘cause the cyber sharks are coming to get you, me and everyone else - usually in an automated fashion but sometimes with extreme hacking precision.

SplashData also collaborated with Internet security expert Mark Burnett, who sounds like he’s a survivor that wants to permanently vote cyber criminals off the island, but who is instead the author of ‘Perfect Passwords’. 

Burnett’s burning words of wisdom state: “The bad news from my research is that this year's most commonly used passwords are pretty consistent with prior years. The good news is that it appears that more people are moving away from using these passwords. In 2014, the top 25 passwords represented about 2.2% of passwords exposed. While still frightening, that's the lowest percentage of people using the most common passwords I have seen in recent studies."

So, use the force of stronger and longer passwords, use two or multi-factor authentication, use a password manager (itself secured with a strong password) and your exposure to the dark side should be a lot more limited - or you might find your personal data unexpectedly making a very public splash - just ask Sony!

]]> (Alex Zaharov-Reutt) Security Wed, 21 Jan 2015 16:56:33 +1100
Axis announces temperature-sensing cameras Axis announces temperature-sensing cameras

Network video specialist Axis has introduced its Q29 series of cameras that provide remote temperature monitoring.

The Axis Q29 series of temperature alarm cameras have a resolution of 336x256 - far lower than the company's mainstream HD surveillance cameras - but have the handy ability to generate alarms when temperatures exceed thresholds.

Uses include intruder detection and remote monitoring of equipment and storage areas.

"Axis Q2901-E temperature alarm cameras can be used to monitor equipment's temperature on a 24/7 basis to eliminate risks of overheating," said director of product management Erik Frännlid.

{loadposition stephen08}Multiple alarm zones can be configured, and the Q29 series includes spot temperature capability to simplify things for the operator.

The Q2901-E comes in versions for fixed mounting or for use in conjunction with pan/tilt motor heads where large areas are to be scanned.

Like other Axis cameras, the Q29 series works with the company's Camera Companion, Axis Camera Application Platform, and Video Hosting System, and are ONVIF-compatible for integration with other systems.

The Q2901-E cameras will cost $1793 when they go on sale this quarter.

]]> (Stephen Withers) Security Wed, 21 Jan 2015 12:54:39 +1100
VIDEO: Interview with ESET about Windigo & Advanced Linux Server-Side Threats’s-olivier-bolideau-about-windigo-advanced-linux-server-side-threats’s-olivier-bolideau-about-windigo-advanced-linux-server-side-threats VIDEO: Interview with ESET about Windigo & Advanced Linux Server-Side Threats

iTWire interviews ESET Malware Researcher Olivier Bilodeau, on his way to be one of the speakers at the 2015 conference, presenting on advanced Linux server-side threats.

The general public might have a perception that it’s Windows machines and Android devices that are the world’s malware magnets, but it’s also true that Macs and Linux boxes have malware written for them, too.

Of even greater concern is the threat of Linux-based server-side malware attacking not just one server for malicious purposes, but getting onto that server like a parasite to attempt infection of all the machines that connect to it.

Today, Friday 16 January 2015 is the day Bilodeau is speaking at the conference, the home page of which you can see here (including live streams).

The page for Bilodeau’s topic is here.

Bilodeau is ‘revealing information about ESET’s award winning research into Operation Windigo’, with the ESET working with law enforcement around Windigo.

His talk is about ‘Advanced Linux Server-Side Threats: How they work and what you can do about them,’ alongside how server-side malware has evolved and much more.

Full details of Bilodeau’s talk is here and a video stream of his talk will be made available by the good people of

In short, Bilodeau’s presentation ‘will cover the evolution of the financially motivated Linux malware and will describe the threats that were part of Operation Windigo which affects more than 25,000 servers.’

{loadposition alex08}

Bilodeau will give ‘in-depth technical details on the pieces of malware involved, show how they are deployed by the operators and how they are able to defeat current defensive technologies’ and will ‘describe hands-on detection and incident response tricks to quickly assess one's servers and help in the fight.’

iTWire’s interview with Bilodeau is embedded below, but we spoke to him on his work at ESET and a bit about his history, what he is talking about at the conference, more about Windigo specifically, how malware has evolved, the use of DevOps techniques, how Windigo is different from traditional threats and plenty more!

You can find out much more information on the Operation Windigo malware at ESET’s ‘We Live Security’ blog here, with a direct link to the company’s Windigo report here (PDF link)

The ‘Good job ESET’ blog post where Windigo’s creators praise ESET for figuring out what Windigo was up to can be read here.

]]> (Alex Zaharov-Reutt) Security Fri, 16 Jan 2015 15:46:00 +1100
Risky time for risk insurers as fraud threats increase Risky time for risk insurers as fraud threats increase

Insurers have been warned that they will collectively need to spend US$3.3 billion on information security to counter financial crimes and in the face of heightening fraud brought on by the global ‘digital revolution’.

The alert comes from the latest research report by IDC which says that rigor on risk management will continue as insurers enter an era of what it calls ‘re-regulation’.

“Risk and compliance are more than just threats but opportunities for value-creation that insurers have to embrace without stifling innovation,” says Li-May Chew, CFA, associate research director, and global lead for IDC Financial Insights' Worldwide Insurance Advisory Service.

According to Chew, as insurers currently undertake renovation of their legacy systems and upgrade to newer, more innovative infrastructure, IDC recommends that they utilise this as the opportune time to make a “quantum leap and incorporate wholesale transformations” - built on 3rd Platform technologies around mobile computing, cloud services, social networking, and Big Data analytics - into their IT organisations.

{loadposition peter}Chew offers a word of caution, however, noting that insurers also need to know “how to fail fast - and fail safely”.

According to the IDC Financial Insights report, global insurers will increase IT spending to almost US$101 billion in 2015, a Year-on-Year (YoY) increase of 4.4% compared to 2014, with rigorous investments in technologies to boost efficiencies and innovation.

Chew sees investments centering around new core applications development and management such as data warehousing, claims and policy administration systems, with these replacements or refreshes required as legacy IT systems become “increasingly complex, inflexible, and archaic, to the point of negatively affecting technology integration and interoperability”.

“Insurers are further spending on change transformation and business optimisation initiatives to augment productivity and support intermediaries, as well as in knowledge management, business analytics and customer relationship management applications to improve underwriting insights, raise customer centricity and intimacy.

“Also critical is the need to enhance not just the intermediated distribution channels comprised of insurance agents, brokers and banc assurance, but also newer, disintermediated digital portals of the Internet, social platforms and mobile delivery.”

"Global insurers need to know where and how to seek pockets of growth amidst economic uncertainty,” Chew advises.

“ In order to regroup and focus on sustainable, profitable growth, organizations will have to confront multiple perils – ranging from reengineering or rebuilding legacy applications, to countering mounting insurance fraud – and still ensure they are well positioned to embrace growth prospects as these present themselves.”

“We expect the global insurance industry to invest more rigorously in technologies, and project global IT investments rising to almost US$101 billion this year as these support campaigns to boost efficiencies and innovation. Geographically, the emerging markets continue to shine. While cumulated spending for these nations may still be a comparatively smaller US$19 billion, this will rise at a 3-year CAGR of 6.7% between 2015 to 2018, which is double that of mature nations.”

In mature country markets, Chew expects the 3-year CAGR to be 3.1% and globally to be 3.8%.   

The IDC Financial Insights' projections on investment spending at global insurers, also details other predictions, including:

•    Legacy modernisation will gather momentum with zero-tolerance for infrastructure failure and demand for reliability and availability, driving the adoption of modular approaches to upgrades and replacements; meanwhile, the value proposition of cloud will continue to strengthen

•    Insurers will be under pressure to enhance processes efficiencies and reduce cost for core operational functions such as policy administration, underwriting, and claims performance; focus will be on transforming the IT enterprise with effective reengineering programs

•    Customers will be increasingly shaping the policyholder-insurer relationship and influencing insurers' customer-centric strategies; marketing heads will collectively spend US$6.6 Billion in 2015 to enhance the total customer experience

•    Big Data Analytics will transition from descriptive applications to predictive and even prescriptive capabilities, with these serving to create data-driven insights and enhance propositions to customers

•    Insurers' channel outreach will be increasingly digitally driven, transforming their distribution delivery with up to a third of premium sales transacted via Internet-enabled computer or mobile devices and social networks by 2018

•    Despite the rising popularity of direct distributors, intermediated channels will continue to dominate at up to 70% of global premiums; Insurers focused on agency or broker management will need to inject these with a new lease of life

•    Potentially game-changing, disruptive technologies stemming from the Internet of Things (IoT) evolution will raise insurers' competitive advantage, but such radical innovations need to be closely aligned with strategic objectives.

]]> (Peter Dinham) Security Thu, 15 Jan 2015 17:30:48 +1100
Sony hack prompts US cyber security bills Sony hack prompts US cyber security bills

The US Congress is reconsidering two failed cyber security bills in the wake of the hack on Sony Entertainment and the Military’s social media accounts.

The Cyber Intelligence Sharing and Protection Act (CISPA), which was passed by the House of Representatives but rejected by the Senate before November’s mid-term elections, is back on the table.

As is often the case in the US, the bill has supporters and opponents from both major parties. The bill has been re-introduced by Democrat Representative Charles ‘Dutch’ Ruppersberger, the man mostly responsible for the US Government’s continued ban on Chinese supplier Huawei.

Under the bill the US Attorney General, Secretary of Defense, Secretary of Homeland Security,  Director of National Intelligence, a would create a ‘cyber threat information sharing program’, essentially creating a new cyber defence agency with sweeping powers,

It also charges those some departments with ensuring the execution of the program would not infringe on civil liberties, but with exceptions that would make such oversight meaningless.

{loadposition graeme}

Cyber threat information shared with the government, for example, would be exempt from the US Freedom of Information Act. The bill would also give immunity from prosecution to anyone sharing cyber threat information with the government.

Opponents of the bill, an unlikely coalition of left wing civil libertarians and right wing libertarians (we are seeing the same thing in Australia regarding our proposed data retention laws) have been able to thwart it in the past, but things may be different this time.

The environment in the US has changed, as it has in much of the world, following increased fears about terrorism. In the US the hack attacks on Sony, which many believe come from North Korea in response to the satiric movie ‘The Interview” have contributed to a heightened sense of cyber vulnerability. This week’s attacked on the US Military’s CENTCOM YouTube and Twitter accounts have also not helped.

]]> (Graeme Philipson) Security Thu, 15 Jan 2015 06:57:02 +1100
F5 brings cloud DDoS mitigation to Asia Pacific F5 brings cloud DDoS mitigation to Asia Pacific

Introduced elsewhere during 2014, F5's Silverline DDoS Protection service is now available in the Asia Pacific region, including Australia.

Silverline is the brand adopted by F5 for its cloud services, and DDoS Protection is the first element in this portfolio.

F5 regional director Kuna Nallappan told iTWire that the service complements the functionality provided by the company's on-premises products. Silverline DDoS Protection blocks volumetric attacks, keeping unwanted traffic away from customers' networks, he said, while on-premises protection handles the low-volume attacks that are often application specific.

It is possible to provide broader cloud-based protection, Nallappan said, though customers like to have multiple layers of protection. F5 has the "potential to add all sorts of protection in the cloud," he said.

{loadposition stephen08}Silverline DDoS Protection is based on the technology that came with F5's acquisition of las year.

For customers in the Asia Pacific region, the scrubbing is done in Singapore.

The service can be used in any of three modes. It can be used as a first line of defence, in which case all traffic is routed through F5's scrubbing centre. Since there is no need to inspect the entire contents of each packet and there is plenty of bandwidth available between Singapore and Australia, performance is unlikely to suffer much, though "latency could be an issue," Nallappan conceded.

Then there's standby mode, which Nallappan described as the "red button service." Network traffic flows normally until an attack occurs, and then Silverline DDoS Protection is activated. When a customer is under attack, "latency is the least of their worries," he said.

The third tier allows the use of the service to provide additional on-demand capacity to support other DDoS mitigation capabilities.

Customers want a hybrid solution, he said. "This is a key differentiator for us." Combining cloud and on-premises provides "the flexibility and control that most IT departments want."

Furthermore, Silverline DDoS Protection is managed through the same console as all other F5 products, and that console is also integrated with Microsoft System Center and other management tools.

Nallappan said he expected Silverline DDoS Protection would appeal to Australian banks, financial services companies, ecommerce operators, and other enterprises with significant revenue from their online presence such as betting and gaming operators.

]]> (Stephen Withers) Security Thu, 15 Jan 2015 05:02:41 +1100
Fake emails say ISIS will attack Sydney Fake emails say ISIS will attack Sydney

Unknown hackers are taking advantage of the current terrorist scare to encourage users to open emails containing malware that can attack their PCs.

Terrorism breeds terror, and news of terrorism breeds fear of terrorism. That’s how and why terrorism works. Now hackers are taking advantage of the new environment of fear.

Communications watchdog ACMA (Australian Communications and Media Authority) says it has received “numerous reports” since Sunday about fake emails purporting to come from with the subject line ‘ISIS attacks in Sydney?’

The use of the News website address – the umbrella URL of Rupert Murdoch controlled publications in Australia – is intended to add legitimacy to the emails. It is – on the surface of it – credible, as the Murdoch media empire globally is more vocal than most of its mainstream rivals in fomenting fear of terrorism.

The use of the purported threat from ISIS is new, but the technique is very familiar, encouraging people to open attachments that contain malware.

{loadposition graeme}

These latest emails encourage people to open a Microsoft Word .doc or .rar file attachment by claiming the document includes details of Sydney locations that Islamic State plans to attack.

“These emails are fake and contain a malicious attachment that if opened, or clicked on, may download and install malware onto your computer,” says ACMA’s warning. “If you receive an email from with the same or similar title, it should be deleted immediately. Do not click on any attachment in the email.”

The ACMA has been campaigning hard to alert Australians to the perils of malware, and how to avoid the. To learn more about malware and tips to protect your devices, watch the ACMA’s video. For more information visit Stay Smart Online.

ABC reports the ACMA's manager of internet security programs, Bruce Matthews, as saying that the source of the emails was unknown, and that people who receive them should delete them immediately and avoid opening any attachments.

“These sorts of emails are very common during topical events. Typically they're involved with cyber-criminals. They're seeking to install the malicious software so they can use the infected computing devices for various criminal purposes."

The emails come after news of ISIS hacks on US military social media sites (CommsWire yesterday) and are further evidence that the so-called ‘war on terror’ is now being waged on many fronts. It is perfectly suited to the online world, where the currency is information – and disinformation.

]]> (Graeme Philipson) Security Wed, 14 Jan 2015 02:35:34 +1100
Islamists hack into US military in ‘CyberJihad’‘cyberjihad’‘cyberjihad’ Islamists hack into US military in ‘CyberJihad’

The current spate of Islamist attacks has moved to the cybersphere. A YouTube and Twitter account belonging to the US military have been attacked by a group calling itself the ‘CyberCaliphate’.

The US military has confirmed that its social media accounts have been attacked. Central Command (CENTCOM) has verified the reports in a short statement: “We can confirm that the CENTCOM Twitter and YouTube accounts were compromised earlier today. We are taking appropriate measures to address the matter. We have no further information to provide at this time.” CENTCOM has 113,000 Twitter followers.

The accounts have been suspended. News agency Reuters accessed them before the suspension: "In the name of Allah, the Most Gracious, the Most Merciful, the CyberCaliphate continues its CyberJihad," the CENTCOM Twitter feed said. The feed also contained messages telling American soldiers to "watch your back," and the YouTube account had two videos that appeared to be linked to Islamic State, said Reuters.

{loadposition graeme}

Before being taken down it featured videos entitled ‘Flames of War ISIS Video’ and ‘O Soldiers of Truth Go Forth’. The Twitter account also published a list of US Army generals and addresses associated with them, titled ‘Army General Officer Public Roster (by rank) 2 January 2014.’

CENTCOM, based in Florida, coordinates US military activities in what the US calls the ‘central’ area of the globe – that part located between the European and Pacific Commands. This includes all of the Middle East and Central Asia (except Israel). Africa (except Egypt) became a separate Command in 2008.

White House press secretary Josh Earnest said the US Government was monitoring the hacking. He said there was a significant difference between a serious data breach and Twitter beaches. President Obama is due to give a major speech on cybersecurity in the next few days – he will now have more to talk about. 

]]> (Graeme Philipson) Security Tue, 13 Jan 2015 06:41:39 +1100
Trend Micro and Deakin Uni analyse OZ CryptoLocker threat Trend Micro and Deakin Uni analyse OZ CryptoLocker threat

There’s still no free decryption for the CryptoLocker/TorrentLocker threat, but a new 16-page whitepaper analysing how this nasty malware works has been released.

Sometimes, the best cure is prevention - and multiple backups - given the nasty side effects of malware that encrypts your computer files and demands a hefty ransom.

That’s what both the original CryptoLocker malware does and the new strain known both as TorrentLocker and CryptoLocker, even though the new CryptoLocker is different to the original.

Internet security company Trend Micro and its threat researchers in Australia decided to team up with Deakin University to fight the Australian-specific variants of CryptoLocker that have been spreading across the country at a rapid rate since September 2014.

While there’s no free decryption solution, or at least not as yet, we’re told that this new version of CryptoLocker targeting Australians ’encrypts victims’ files and demands $598 in exchange for access back to the files’ - and cruelly sees ‘the ransom demand doubling after 96 hours.’

Trend Micro and Deakin Uni have just released a new 16-page report on CryptoLocker, available to freely download here (direct PDF link), where both sets of researchers ‘monitored and analysed trends related to the CryptoLocker outbreaks occurring in Australia between 1 November and 30 November 2014.’

Throughout November, we’re told that ‘the study found more than 10,000 hits to redirection URLs, all considered CryptoLocker incidents.’

Unsurprisingly, the Australian strains of CryptoLocker work in much the same way as those seen in North America and Europe:

- First, the victims receive a spam email with hyperlinks, indicating parcel tracking information or a penalty notice waiting for them at an ‘official website’

- After clicking the hyperlink, the victims are redirected to a web page that is convincingly realistic, mimicking the official web pages of organisations such as the Australia Post and the Office of State Revenue New South Wales, including the domain name

- The web page then delivers the malware payload to the victims’ computers through abused legitimate file-hosting sites

- The malware proceeds to encrypt PDF and Microsoft Word documents, and other commonly used files

- Once the victims’ files are encrypted, the malware requires Bitcoin payment of at least $598 so the said victims can recover their files.

There is some good news beyond monitoring and analysis - Trend and Deakin say they are ‘working to stop the attacks’.

{loadposition alex08}

Trend explains that, ’on the days when outbreaks occur, Trend Micro has supplemented its internal processes with real-time alerts sent to Deakin University researchers who do further analysis of the outbreaks while the malicious sites are still active.’

Dr Jon Oliver, a senior threat researcher at Trend Micro Australia said: “CryptoLocker is a threat that is increasingly affecting individuals and Australian businesses. We teamed up with Deakin University because it required urgent attention.

“This strain of CryptoLocker tailored for Australian victims started in the second half of 2014, and continued up to Christmas Eve. The outbreaks have stopped for the New Year break, but will almost certainly continue in the New Year.”

Professor Yang Xiang, the leader of Deakin University’s research team said: “These attacks are technically sophisticated and specifically aimed at Australians and have been significantly increasing since July with an enormous impact on businesses and individuals.”

Naturally, the Australian CryptoLocker strain is smart, with the researchers noting this malware ‘employs a variety of techniques to avoid detection.”

Dr Oliver said that: “The CryptoLocker attacks are adapting to security solutions, evading security measures in the next outbreak. Relying on a single aspect of detection can miss the next outbreak.

“Multi-layer filtering, which is also described as Defence-in-Depth, is a more robust approach.” Mark Sinclair, commercial sales director at Trend Micro Australia and NZ said: “Many Australian businesses are being targeted and affected by CryptoLocker, from very large organisations to the very small; no one seems to be exempt.

“The whole industry is suffering so our work with Deakin University is vital to get on the front foot and stop the Australian strain of CryptoLocker in its tracks.”

While full details are in the report, we’re told that, ‘after receiving a spam email and clicking the URL included within, victims are redirected to a phishing web page where they submit CAPTCHA responses and are delivered a .ZIP file.’

‘Running or opening that .ZIP file leads to all images, documents, and personal data on the computer and shared drives being encrypted. The malicious software then demands that the victims pay to retrieve their files.’ So, with the best protection being incredibly vigilant about the emails you receive, even if they look official, alongside running up-to-date Internet security software that is aware of this threat, it’s also a very wise idea to have more than one complete backup of all your files in both onsite and offsite locations.

After all, this threat, once activated, has encrypted your files, with no easy and free decryption solution yet at the ready.

Stay safe - and be careful what you click!

]]> (Alex Zaharov-Reutt) Security Tue, 13 Jan 2015 02:24:53 +1100