This Week in Computer Security

LulzSec

Image via Wikipedia

LulzSec arrests, Symantec Leaks, Duqu, and more this week

This week’s computer security review reads like a laundrey list of old topics and older actors — LulzSec, Anonymous, the Symantec source leak, and Duqu were all (seemingly) old news a few weeks or even months ago. New details keep surfacing about these topics that keep them in the limelight and in the fore-front of our thoughts.

 

LulzSec Arrests

25 members of the LulzSec hacking collective were arrested on various hacking and computer security-related charges. At least one member is already out on bail. The fresh round of arrests is the result of a hacker-turned-informant for the FBI who goes by the handle “Sabu”. Sabu was the onetime leader of LulzSec at the height of its operations and since early June has been working as an informant. His information-gathering lead to the arrest of the other LulzSec members earlier in the week.
Sabu (real name Hector Xavier Monsegur, father of two children and unemployed) was pursuaded to inform after warrants for his Facebook profile revealed he was selling stolen identities. The feds used this information as leverage, threatening to jail him and take him away from his children. Monsegur was reportedly found due to a simple mistake — he logged into an IRC server without utilizing anonymization services (such as tor) and the FBI was able to capture his IP address.
In response to the arrests, Anonymous has been relatively more active than normal, staying in the news for everything from hacking the Vatican, running Denial of Service attacks per the norm, and releasing the Symantec Norton Antivirus 2006 source code. Expect increased activity from Anonymous as the group continues to display that it is a capable threat even with the loss of the LulzSec members.

Read more: http://www.theregister.co.uk/2012/03/07/lulzsec_takedown_analysis/

 

Anonymous Disable Vatican Website:

Anonymous targeted the high-profile Vatican website with a DDOS attack which managed to shut down internal email services hosted on the website for some time. The Vatican is remaining mum on any other damages which may have occurred during the denial of service attack, but it doesn’t appear as if any actual breach occurred. Anonymous elements claimed the attack was in retaliation for the crimes that the church has committed – both over the centuries and more recently with it’s child abuse scandals.
Read more: http://www.washingtonpost.com/national/on-faith/vatican-website-hacked-for-churchs-crimes/2012/03/07/gIQA255SxR_story.html

 

Anonymous Leaks Symantec Source Code to PirateBay:

Members of the Anonymous group released the source code to Symantec’s Norton Antivirus 2006 product this week. It is currently accessible via a torrent on ThePirateBay.se. Symantec has known about the code theft for some time, having been the victim of a network breach in 2006 during which the source code was first stolen. During this breach, the source code to pcAnywhere was also taken. While at first Symantec was not forthcoming with complete or truthful details concerning the breach, it has since admitted to the breach.
Symantec has advised that as the source is so out-of-date, none of its products are affected by the release, and that the information will likely not be of much use to hackers looking to use it to bypass the antivirus software.

Read more here: http://www.theinquirer.net/inquirer/news/2158170/anonymous-leaks-symantec-source-code

 

Google Chrome Breached in Pwn2Own and Pwnium Event at CanSecWest Conference:

Pwn2Own and Pwnium are events at the CanSecWest computer security contest that allow hackers to win prizes and infamy by using their 0day attacks to exploit fully-patched popular browsers in windows and demonstrate the (in)security of modern browsers.  Pwnium is a recent event set up by Google to replace it’s browsers appearance at the pwn2own contest, canceled over disagreements with Google and the Pwn2Own organizers over the disclosure of exploits. At both events, bugs led security researchers to breach the previously untouched browser, netting researchers a hefty sum in the case of the Pwnium breach — One hacker walked away with a cool $60,000 dollars from Google for his security breach and sandbox escape exploit, which also bypassed DEP and ASLR security measures in Windows to work. A security flaw exploited by Vupen first took advantage in the flash browser plugin and then managed to escape with a sandbox exploit, making it the second exploit hitting Chrome. Patches have already been issued by Google.

Read more here: http://www.zdnet.com/blog/security/google-rushes-out-chrome-patch-for-pwnium-zero-day-flaws/10615

 

Duqu Holds More Mysteries:

Researchers working on Duqu have identified a mysterious programming language that was not compiled or written the same way as the rest of the virus. They are calling on other programmers and security researchers to help identify the programming language in which it was written in order to determine weather or not it was written in a specially-developed language. For now, researchers are referring to the section of the code (specifically the command-and-control communications section) as the “Duqu Framework”.

Read more here: http://www.theregister.co.uk/2012/03/08/duqu_trojan_mystery_code_riddle/

CTOvision Pro Special Technology Assessments

We produce special technology reviews continuously updated for CTOvision Pro members. Categories we cover include:

  • Analytical Tools - With a special focus on technologies that can make dramatic positive improvements for enterprise analysts.
  • Big Data - We cover the technologies that help organizations deal with massive quantities of data.
  • Cloud Computing - We curate information on the technologies enabling enterprise use of the cloud.
  • Communications - Advances in communications are revolutionizing how data gets moved.
  • GreenIT - A great and virtuous reason to modernize!
  • Infrastructure  - Modernizing Infrastructure can have dramatic benefits on functionality while reducing operating costs.
  • Mobile - This revolution is empowering the workforce in ways few of us ever dreamed of.
  • Security  -  There are real needs for enhancements to security systems.
  • Visualization  - Connecting computers with humans.
  • Hot Technologies - Firms we believe warrant special attention.

 

Recent Research

Tech Firms Seeking To Serve Federal Missions: Here is how to follow the money

Creating The New Cyber Warrior: Eight South Carolina Universities Compete

Mobile Gamers: Fun-Seeking but Fickle

Update from DIA CTO, CIO and Chief Engineer on ICITE and Enterprise Apps

Pew Report: Increasing Technology Use among Seniors

Finding The Elusive Data Scientist In The Federal Space

DoD Public And Private Cloud Mandates: And insights from a deployed communications professional on why it matters

Intel CEO Brian Krzanich and Cloudera CSO Mike Olson on Intel and Cloudera’s Technology Collaboration

Watch For More Product Feature Enhancements for Actifio Following $100M Funding Round

Navy Information Dominance Corps: IT still searching for the right governance model

DISA Provides A milCloud Overview: Looks like progress, but watch for two big risks

Innovators, Integrators and Tech Vendors: Here is what the government hopes they will buy from you in 2015

solid
About BryanHalfpap

Bryan Halfpap is a software programmer, technology analyst and writer and a driving force behind the security reporting at CTOvision.com He is a frequent speaker at events and conferences including Defcon. You can find him on twitter: @crypt0s