Operation Cleaver: Mass Hacking By Iranian State

Iranian hackers have been identified as the source of coordinated attacks against more than 50 targets in 16 countries, many of them corporate and government entities that manage critical energy, transportation and medical services.

According to Cylance, a security firm based in California in USA, over the course of two years Iranian hackers managed to steal confidential data from a long list of targets and in some cases infiltrated victims computer networks to such an extent that they could take over, manipulate or easily destroy data on those machines.

Cylance called the attacks “Operation Cleaver” because the word cleaver appeared often in the attackers malicious code.

The hackers used a set of tools that can spy and even shut down critical control systems and computer networks, and aimed them at targets in the United States, Canada, Israel, India, Qatar, Kuwait, Mexico, Pakistan, Saudi Arabia, Turkey, the United Arab Emirates, Germany, France, England, China and South Korea. 

 

Victims of the attacks include: US Marine Corps, a major airline, a medical university, an energy company that specializes in natural gas production, a car manufacturer, a major military installation and a large military contractor. The Islamic Republic also concentrated attacks on oil and gas industries and universities in the United States, India, Israel and South Korea and managed to steal pictures, passports and specific identifying information for students and faculty. 

 

Cylance said it also collected worrying evidence of attacks on transport networks, including airlines and airports in South Korea, Saudi Arabia and Pakistan. Researchers said they found evidence that hackers gained complete remote access to airport gates and security control systems, “potentially allowing them to spoof gate credentials.”

See here for full report: http://www.cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf

North Korea Prime Suspect in Hacking Attack Against Sony Pictures

According to the Wall Street Journal, hackers who took Sony Pictures Entertainment’s computer systems offline used tools which were very similar to those used last year in an attack on South Korean television stations and ATMs. The similarity reinforces a suspicion among some investigators, which include Sony, the FBI and a team from the security company FireEye Inc., that North Korea played a role in the breach. 

 

Sony Pictures is investigating if the North Korean regime was behind a massive hack attack on the studio computer network. Email was damaged and four movies were leaked.

The website Re/code reported that Sony and its security consultants are exploring the possibility that hackers based in China targeted studio computers in retaliation for the upcoming release of the film  The Interview.  In this film, Seth Rogen and James Franco play journalists who arrange an interview with North Korean leader Kim Jong-Un, and the CIA then ask them to assassinate him.

On Friday a North Korean government website called "The Interview" an "evil act of provocation" that deserved "stern punishment." Reportedly North Korea has organized a team of approximately 3,000 hackers to promote the Kim regime.

Regin Malware is "Groundbreaking"

Symantec has revealed details about malware called "Regin". This shows a multi-stage attack that is capable of being adapted easily to gather different types of data. According to Symantec this is not just screen grabs and password information but something far more sophisticated. Symantec claims that it has identified dozens of different payloads that Regin has access to. 

 

Once Regin has acquired the data it encrypts the data and then exfiltrates it. The stolen data may never be written to disk but may be sent back immediately and the encryption means that security devices and software do not easily detected this.

Symantec describes how Regin uses special features to stay below the detection radar: "These include anti-forensics capabilities, a custom-built encrypted virtual file system (EVFS), and alternative encryption in the form of a variant of RC5, which isn’t commonly used. Regin uses multiple sophisticated means to covertly communicate with the attacker including via ICMP/ping, embedding commands in HTTP cookies, and custom TCP and UDP protocols."

Regin has been found in 10 countries and the targets seem to be key business sectors, individuals and small businesses. The full list of countries and targets which Symantec gives are:

• 28% Russian Federation
• 24% Saudi Arabia
• 9% Mexico
• 9% Ireland
• 5% India
• 5% Afghanistan
• 5% Iran
• 5% Belgium
• 5% Austria
• 5% Pakistan

• 48% Private individuals and small businesses
• 28% Telecoms backbone
• 9% Hospitality
• 5% Energy
• 5% Airline
• 5% Research

Symantec describes Regin as follows: "In the world of malware threats, only a few examples can truly be considered groundbreaking and almost peerless. What we have seen in Regin is just such a class of malware."

Iran Cyber Attack Feared Soon

Fears are growing that Iran will release cyber warfare on US companies if negotiators fail to reach a nuclear deal by Monday that would require Iran limits its nuclear program.

Cyber-attacks from Tehran dropped after the US, Iran and other countries agreed an interim nuclear deal in 2013, but if discussions in Vienna failed before a November. 24 deadline, observers expect a new series of attacks.

American financial companies, oil and gas companies and water filtration systems could be among the targeted companies. 

 

The US has not yet faced the full force of Iran’s rapidly developing cyber capabilities. Iran initially increased its cyber efforts in 2010 and launched a barrage of simplistic attacks on the US financial sector in 2012. Detecting such relatively harmless attacks was easy.  

Over the last two years, Iran has formed a Supreme Council of Cyberspace that meets once a month and includes President Hassan Rouhani.

Iranian officials also strengthened cybersecurity research partnerships with Russia and Iran has gone from a nascent to a burgeoning cyber power.

Security company FireEye described that one popular Iranian hacking group went from website defacements in 2010 to “malware-based espionage” in just four years.

It is reported that Iranian hackers attacked oil giant Saudi Aramco, the world’s most valuable company, and deleted the contents of 30,000 computers. The same virus also hit Qatar-based liquid petroleum gas firm RasGas.

While the US is bombarded with cyber attacks, it has never been the subject of a large-scale destructive attack. So far Tehran’s hackers are mostly suspected of probing around US infrastructure networks to understand their designs.

But if the nuclear talks fell apart that could change. And this time an Iranian attack could be more advanced.

Iranian Government Spying in Social Networking Sites

No one can deny that these days millions of Iranians rely on Facebook. The high number of Facebook users in Iran, which is estimated to be anywhere between four million and five million people, makes this a social phenomena. Young Iranians are denied the most basic freedoms even in their private lives and without social liberties,what these users reflect on their Facebook pages is in effect how they would like to live.

Iranians use social networking sites among other things for political discussion, more open posting and publication of works of art and literature, the announcement of events that cannot be publicized on domestic newspapers and to find kindred spirits or like-minded people. But is it possible for Iranians appear in any arena without Islamic Republic officials cracking down on them?

In June 2014 three Ahvazi citizens were sentenced to three years in jail for creating certain Facebook pages, membership on Facebook carried a one-year sentence. Some people are arrested for crimes against morality and public decency on Facebook. In July 2014, a Revolutionary Court sentenced eight people to 127 years imprisonment in total for being active Facebook users. In another instance the Malayer Security chief announced the sentencing of 22 Facebook users, and this is a another long story.

Ali MirAhmadi, the deputy head of Iran Cyber Police has said: “The main objective of Iran’s Cyber Police is to promote cyber security through continuous observation and monitoring of cyber space. I advise all users to comply with the laws and regulations and avoid any form of offence within cyber space because the police have complete knowledge of it.”

In most cases as soon as someone is arrested for using Facebook, the Cyber Police regards him as either a spy, prostitute, enemy abettor or guilty of crimes against morals and public decency. The offences are considered to be proven in advance.

A lawyer says that judges often have no expertise in cyber technology and adds: “Judges have no expertise in computer technology and so everything goes back to the reports from the ministry of intelligence or the Cyber Police. The judge accepts these reports as expert opinions. Therefore, it is impossible to prove otherwise.”

An IT expert says the problem is that when an Iranian enters the World Wide Web, he must follow the model of use that suits his circumstances in Iran. “In our country, the internet and social networking sites are a venue for political activity. The government views this political activity as propaganda against the regime. Therefore, cyber space is under close scrutiny by the government.” The IT specialist goes on to conclude that for this reason, internet users in Iran must maintain different security criteria for themselves when they use the internet as opposed to people outside of Iran.

Serious Flaw: POODLE SSL 3.0

A bug has been found in the Secure Sockets Layer (SSL) 3.0 cryptography protocol (SSLv3) which could be exploited to intercept data that is supposed to be encrypted between computers and servers. Three Google security researchers discovered the flaw and detailed how it could be exploited through what they called a Padding Oracle On Downgraded Legacy Encryption (POODLE) attack (CVE-2014-3566). 

 

It is important to note that this is NOT a flaw in SSL certificates, their private keys or their design but in the old SSLv3 protocol. SSL Certificates are not affected and customers with certificates on servers supporting SSL 3.0 do not need to replace them.

This flaw is highly likely not to be as serious as the Heartbleed bug in OpenSSL, since the attacker needs to have a privileged position in the network to exploit the latest. The usage of Hotspots, public Wi-Fi, makes this attack a real problem. This type of attack is a “Man-in-the-middle” attack. 

Solution:

1. Check to see if SSL 3.0 is disabled on your browser (for example in Internet Explorer it is under Internet Options, Advanced Settings).
2. Make sure “HTTPS” is always on the websites you visit to avoid MITM attacks.
3. Monitor any notices from the vendors who you use regarding recommendations to update software or passwords.
4. Avoid potential phishing emails from attackers who ask you to update your password. Stick with the official site domain to avoid going to an impersonated website.

Iranian cyber criminals target PayPal users with phishing attack

PayPal users were targets of a phishing attack in late 2014.This attack involved the perpetrators sending out spam emails that directed unsuspecting members of the public to follow a link that would take them through to web pages that looked similar to PayPal pages and when they were there customers personal details were collected.

A known Iranian cyber criminal who was involved in setting up the attack, first registered a number of web domains, one of which is http://com-paypal-verification.com:2222/ that they used to host phishing sites. The false domains are designed to look like official PayPal money services sites and login screens that will then collect login details, passwords and credit card numbers.
This is a type of credential harvesting attack which is an example of serious cyber crime.

This attack captures account usernames and passwords and then gives them access to the PayPal account. It is best, to hover your mouse over a link or tap and hold it on a mobile device to see its destination. If you do click on such a link then one or more of the following points could happen:

1. You will be directed to a spoof website that collects your personal data (as in the Iranian credential-harvesting attack above) 
2. Install spyware on your system (it can monitor your actions using a keylogger to steal passwords and or credit card numbers you type online)
3. Malware could be installed on your computer that could disable it

How to tell a fake PayPal site:

• If it does not include the paypal.com domain then it is not legitimate
• Only enter password on paypal.com site which starts with https
• URLs:
• If the alleged PayPal domain contains @ sign then it is fake
• Only paypal.com domain is legitimate (it could redirect to your country); examples of fake URLs are www.paypalsecure.com; www.secure-paypal.com; or in the case of Iranian attack http://com-paypal-verification.com

Shellshock: Very Serious Vulnerability

The flaw has been found in a software component known as Bash, which is a part of many Linux systems as well as Apple's Mac operating system.

The bug called Shellshock, can be used to take control of almost any system remotely using Bash (Bourne-Again Shell, a command prompt on many Unix computers. Unix is an operating system on which many others are built, such as Linux and Mac OS.).

500,000 machines worldwide are thought to be vulnerable to Heartbleed. But early estimates, which experts said were conservative, suggest that Shellshock could hit at least 500 million machines. 

 

US Cert issued an advisory here: https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability

You can check to see if your system is vulnerable here: https://shellshocker.net/

Viber Contests Ability of Iran to Tap Communications

In September Iran newspaper Khabaronline claimed that Viber conversations can be monitored by Iranian government agencies. 

 

In the piece entitled “Are Viber and WhatsApp really monitored easily?” the paper quoted a “computer expert” named Mani Haghshenas who stated: “It is possible for users to use Internet networks that shut down certain security protocols and disallow Viber to encrypt messages, and, ultimately, a network such as Viber would prefer to switch to a normal message transmission mode, in order to avoid permanent nonoperation of its application for some of its users. The country’s filtering systems may sometimes block and disable the security and communication protection capabilities of an application, and in order to continue its operation, such applications may automatically have to provide their services to their users without encryption, and such circumstances would assist the governments to control and tap communications.” 

 

A Viber Company representative refuted these claims and told the International Campaign for Human Rights in Iran that the application communications are encrypted and as such it is not possible for third parties to monitor messages. “All text messages sent through Viber on its supported platforms are encrypted. Media messages, such as photos and videos, are encrypted on Viber for iOS, Viber for Android, Viber for Windows 8 and Viber for Windows Phone 8.”

5 Million Gmail Account Usernames & Passwords Hacked

Nearly 5 million usernames and passwords associated with Gmail accounts have been leaked on a Russian Bitcoin forum. The database contains 4.93 million Google accounts belonging to English, Russian and Spanish speaking users.

The list has since been taken down, and there is no evidence that Gmail itself was hacked, just that these passwords have been leaked. Most sources are saying that lots of the information is quite old, so it is likely they were leaked long ago, though others claim that 60% of the passwords are still valid.

You should change your passwords now and ideally use 2-factor authentication for extra protection.

Iran Faces 8 Million Cyber Attacks Per Day

Mahdi Karimi, the deputy-director of Ertebatat Zirsakht Communications Company stated in the company's inauguration speech, that “about 7 to 8 million cyber attacks target Iran’s communication infrastructure daily, which are mostly anonymous, and target the financial and industry sectors as well as more sensitive networks.” Karimi added: “The data network security operations center uses its security capabilities to detect and neutralize threats be they from home or abroad.”

Karimi also noted that the center will collect information on security threats, save data, analyze and respond to cyber attacks as part of its function.

Operation Protective Edge: The Iranian Cyber Botnet Offensive

Cyber-attacks against Israel have increased 500% in the last month and in a new report it is written that a powerful botnet is controlled by a pro-Islamic Iranian group of hackers and was used as part of a cyber-campaign with the support of Anonymous. 

 

The increase in attacks coincided with the launch of Israel's Operation Protective Edge offensive against Gaza.

Following three weeks of intensive attacks on the ground and in cyberspace, the volume of DDoS attacks decreased on 27 July, this coincided with a temporary ceasefire in fighting between Israel and Gaza.

The attack method (which uses things such as "malformed DNS queries", "layer-7 HTTP and HTTP/S attacks", and "repeated page downloads and GETs/POSTs against non-existent URIs") has a "striking resemblance to the Brobot-based attacks" which have been first seen in 2012, but which have been silent for almost a year.

Brobot is a powerful botnet (network of zombie computers) which was first used in 2012 as part of Operation Ababil, which was a series of cyber-attacks carried out by the Qassam Cyber Fighters (also known as the Cyber fighters of Izz Ad-Din Al Qassam) against US financial institutions and continued until July 2013.

Brobot is being used to attack Israeli civilian governmental agencies, military agencies, financial services and Israeli cc TLD DNS infrastructure, and as the Israeli-Gaza conflict continues to evolve, it is likely that we will see the cyber-conflict also evolve alongside it.

New Phishing Campaign Targets LinkedIn Account Holders

The site hoax-slayer.com warning of new phishing emails targeting LinkedIn users, which aim to trick recipients into clicking on a link by claiming that their LinkedIn accounts have been blocked due to inactivity.

The phishing email states: "To ensure that your online services with LinkedIn will no longer be interrupted / You will be asked to log into your account to confirm this email address. Be sure to log in with your current primary email address."

Recipients who click on the link in the email are taken to a fraudulent LinkedIn login page designed to harvest email addresses and passwords.

LinkedIn users should always be wary of any unsolicited emails claiming to come from the company. LinkedIn is obviously a rich source of personal information which can be exploited for further social engineering attacks, which could prove costly both to the individuals and the organizations concerned

Iran Sentences 11 "Cyber-Activists" To Jail On Charges Of Having Ties to Foreigners

A court in Iran south east Kerman province sentenced a group of already jailed cyber-activists to prison terms from 1 to 11 years on charges of breaching national security.

Kerman Prosecutor Yadollah Movahhed said on June 19 that the sentenced persons are members of Paat Shargh Govashir technology group who had ties with foreign media and were preparing technical service for anti-government websites, Fars news agency reported.

He added that the verdict is not final and can be appealed.

Movahhed noted that the "defendants have "confessed" their guilt.

The mentioned Paat Shargh Govashir company owns Narenji, which was publishing tech news.

Eight Narenji bloggers, along with another eight cyber activists, were arrested by the Islamic Revolutionary Guard Corps (IRGC) in last December, accused of cooperation with Western news networks, designing and updating websites educating citizen reporters and cooperation with opposition websites.

Iranian Regime Cracks Down On "Selfie" Culture

Self photography is becoming more popular in Iran and whilst some relish the opportunity of being seen on the Internet, others worry this contributes to the culture of narcissism.

Since the average Iranian must pay at least two monthly wages to acquire a smart phone, the phenomenon is limited mostly to middle and upper-class youths, who have taken to the fashion.

Edit software like Photoshop is cheap and popular in Iran due to an absence of copyright laws and many Iranians alter their selfies before they post them online. While it is difficult to count the exact number of selfies on Iranian social networks, but users say they make the majority of postings on Instagram. According to cafebazaar, an alternative platform that 85% Iranians use to download apps, the social app has over one million users in Iran, while an estimated 82% of these Instagram users are men, the users in this article said women post more selfies than men. 

 

My Stealthy Freedom Facebook page invites Iranian women to share their views on hijab and this controversy illustrates the attitudes of these women as well as the inflexibility of the Islamic regime. 

 

When the page attracted nearly half a million likes and hundreds of hijab-free selfies, Iran's government media started a campaign against the page's founder Masih Alinejad in London and called her a whore and claimed that she was drugged and gang-raped in front of her son. The fear of losing cultural control over Iran's population especially women and youth, is also behind an effort by the country's hardline political spheres to block Instagram, which a 27 May court order added to the government list of banned web sites.

NEWSCASTER: Iran Attacks Social Media

Iranian state targeted the public and private sector in the US, Israel, UK and beyond using social media.

Iranian hackers use more than ten fake identities on social networking sites (Facebook, Twitter, LinkedIn, Google+, YouTube, Blogger) in a coordinated long-term cyber espionage campaign.  At least 2,000 people are caught in the snare and are connected to the false identities.

This campaign is working undetected since 2011 and targets senior American military and diplomatic personnel, congressional personnel, Washington DC journalists, US think tanks, defense contractors in the US and Israel, and others who are loud supporters of Israel to covertly obtain log-in credentials to the email systems of these victims. They targeted also additional victims in the UK as well as Saudi Arabia and Iraq.

The targeting, operational schedule and infrastructure used in this campaign is consistent with Iranian origins.

The fake identities claim they work in journalism, government and defense contracting. These accounts are elaborate and create credibility using among other tactics a fictitious journalism website newsonair.org that copies news content from other media outlets.

These credible identities then connected, linked, followed and friended target victims to get access to information on location, activities and relationships from updates and other common content.

These identities then targeted accounts with spear-phishing messages. Links which appeared to be legitimate asked recipients to log in to false pages to capture credential information. It is not clear at this time how many credentials the attack captured so far.

Additionally this campaign is linked to malware. While the malware is not very sophisticated, but it includes capability that can be used for data exfiltration.

The discovery and investigation of the attack reveals three critical insights:

1. Social media offers a powerful and hidden route to target key government and industry leadership through an external base possibly outside of existing security measures.
2. With reference to targeting associated with this campaign it is possible that Iranian hackers used accesses gained through these activities to support the development of weapon systems, reveal the disposition of the US military or the US alliance with Israel or give an advantage in negotiations between Iran and the US. Furthermore it is possible that any access or knowledge could be used as reconnaissance-for-attack before disruptive or destructive activities
3. These adversaries are improving in finding and exploiting opportunities to carry out cyber espionage, even if they lacked sophisticated capability.  NEWSCASTER’s success is largely due to patience, brazen nature and innovative use of multiple social media platforms.
   
   
   It seems that the NEWSCASTER network targets mainly senior military and policymakers, companies associated with defense technology and the US-Israel lobby, however there are also victims in the financial and energy sectors as well as elsewhere and only a part of the accounts connected to this network were seen. Organizations involved in critical infrastructure or have information that may be of strategic or tactical interest to a nation-state adversary should be concerned about a threat such as this.
   
   

TrueCrypt Is Now Insecure!

On one of the official webpages of the popular TrueCrypt encryption program it is written that development has ended suddenly and warns users of the decade-old tool that it isn't safe to use the tool.

"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues," text in red at the top of TrueCrypt page on SourceForge states. The page continues: "This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms. You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform."

eBay Hacked: Change Your Passwords! NOW!

Online marketplace eBay is forcing users to change their passwords after a cyber-attack compromised its systems.

The US firm said a database was hacked between late February and early March and had contained encrypted passwords and other non-financial data.

The company added that it has no evidence of unauthorised activity on its members accounts.

However it said that changing the passwords is "best practice and will help enhance security for eBay users".

The California company has 128 million active users and recorded $212bn commerce on its various marketplaces and other services in 2013.

Facebook said it will contact users via email, its website, adverts and social media to alert them of the issue. 

 

Cyber-attackers accessed the information after obtaining "a small number of employee log-in credentials", that allowed them to access its systems, which facebook first became aware of this only two weeks ago.

Facebook said: "The database... included eBay customers' name, encrypted password, email address, physical address, phone number and date of birth.

However, the database did not contain financial information or other confidential personal information.

Extensive forensics subsequently identified the compromised eBay database, resulting in the company's announcement today."

Although the firm also owns the PayPal money transfer service, but it said that the PayPal data is stored separately and encrypted and there is no evidence that it was accessed.

Iran Uses "Smart filtering" to Partially "ease" Internet Censorship

Communications Minister Mahmoud Vaezi said on Wednesday that Iran plans to introduce "smart filtering" which only keeps out sites which the Islamic government considers them to be immoral to loosen internet censorship.

Internet use is high in Iran partly because many young Iranians use the internet to bypass an official ban on western cultural products and Tehran occasionally filters popular websites such as Twitter and Facebook.

Censorship has weakened somewhat since Hassan Rouhani was elected last year as a moderate and the smart filter initiative seems to reflect this.

Vaezi said: "We have signed agreements with three universities and research institutes to develop smart filtering to block only depraved and immoral sites but allow access to other pages," but without naming the organisations involved.

Mehr news agency quoted Vaezi who said to journalists: "Smart filtering is used for specific targets only and presently the project is undergoing experiments." 

 

The minister did not make clear what would be considered depraved and immoral, but Iranian clerics frequently use the terms to mean anything from pictures of women in revealing Western clothing to outright pornography.

But he dismissed rumours that Tehran will start filtering the latest teen fashion, WhatsApp Messenger instant messaging service. He added: "What is being said about this matter is mainly nonsense, propaganda."

Also the Mehr report did not mention the latest internet fashion, a Facebook page where women post pictures of themselves without their obligatory headscarf.

Cyberspace has been a controversial phenomenon in the Islamic Republic like satellite television and music videos in earlier decades because of political and also moral concerns.

Many in the conservative clerics long opposed the introduction of internet into Iran and since its debut, demanded tighter supervision.

Their offensive peaked during a crackdown on freedom of speech after the mass protests in 2009 against the disputed re-election of former president Mahmoud Ahmadinejad 2009.

Operation Saffron Rose

Ajax Security Team which has been targeting both US defense companies as well as those in Iran is using popular anti-censorship tools to bypass internet censorship controls in the country.

This group which has its roots in popular Iranian hacker forums such as Ashiyane and Shabgard, has engaged in website defacements since 2010. However by 2014 this group is transitioned to malware-based espionage with use of methodology consistent with other advanced persistent threats in this region.

It is unclear if the Ajax Security Team operates in isolation or is part of a larger coordinated effort. We observed this group uses varied social engineering tactics to lure targets to infect themselves with malware. They use malware tools that do not appear to be publicly available. Although we did not see the use of to infect victims, members of the Ajax Security Team previously used exploit code in web site defacement operations.

The objectives of this group are consistent with Iran’s efforts to control political dissent and expand offensive cyber capabilities but we believe that members of the group may also be involved in traditional cybercrime. This indicates that there is a considerable gray area between the cyber espionage capabilities of Iran hacker groups and any direct Iranian government or military involvement.

Although the Ajax Security Team’s capabilities remain unclear, we believe that their current operations are somewhat successful. We assess that if these actors continued the current pace of their operations they will improve their capabilities in the mid-term.

EFF's "Privacy Badger" To Force Websites From Tracking Users

Web browsers generally allow users to send a "Do Not Track" signal that informs advertisers that the users do not want to be tracked for the purposes of sending personalized ads. 

 

But this is more a futile exercise because websites and advertising networks are able to ignore the signal. Even Yahoo which was honoring Do Not Track requests, decided to stop doing so this week.

The Electronic Frontier Foundation may have a solution. Last night, the group announced "Privacy Badger," an extension for Chrome and Firefox "that analyzes sites to detect and disallow content that tracks you in an objectionable, non-consensual manner."

Privacy Badger doesn't block ads automatically. The group explained: 

 

“When you visit websites, your copy of Privacy Badger keeps note of the "third-party" domains that embed images, scripts and advertising in the pages you visit. If a third-party server appears to be tracking you without permission, by using uniquely identifying cookies to collect a record of the pages you visit across multiple sites, Privacy Badger will automatically disallow content from that third-party tracker. In some cases a third-party domain provides some important aspect of a page's functionality, such as embedded maps, images, or fonts. In those cases, Privacy Badger will allow connections to the third party but will screen out its tracking cookies.”

Iran Calls for Broader International Cooperation in Campaign Against Cyber Crimes

Head of Iran Cyber Police (FATA) General Seyed Kamal Hadianfar asked for collective efforts by all world states to prevent the spread of cyber crimes throughout the globe.

General Hadianfar said in meeting with the representative of the UN Office on Drugs and Crime (UNODC) to Tehran Leik Boonwaat on Wednesday: "effective international cooperation is an important and determining factor in prosecuting and confronting cyber crimes."

 

Boonwaat for his part, vowed that the UNODC will seriously pursue campaign against cyber crimes in Iran.

Iran hosted a conference and a regional workshop on international cooperation and campaign against cyber crimes on August 13-14.

Eight regional countries, representatives of Interpol, UNODC and Iran Cyber Police chief took part in the conference

The conference and the workshop were held to strengthen international cooperation on prosecuting cyber crimes and reinforce cyber space police forces of the neighboring countries.

In October 2013 Iran's Deputy Police Chief Brigadier General Ahmad Reza Radan said that the country's Cyber Police unit has greatly improved its infrastructures and is able to discover and detect over 60% of cyber related crimes.

Radan said: "Right now, the Iranian Law Enforcement Police have made eye-catching progress in the field of cyber infrastructures".

On January 23, 2011 Iran Cyber Police started its work to prevent espionage and sabotage activities through the internet.

Iran: The World's Worst Cyber-Terrorists – For Now

Iran became a major cyber terror threat to the US in the last 12 months and targeted several US government agencies but with regard to the Iranian lack of skills in this area it means that for now it has not been possible that Iran causes significant damage. Iran is more than five years behind countries like China, the US and Russia in terms of cyber capabilities but with the right resources that gap could be removed quickly especially considering Iran is the historical enemy of the US.

Security company Mandiant in its latest report describes Iran's development from cyber-obscurity to becoming a credible but unsophisticated threat. Mandiant is the same company which last year revealed the extent that Chinese government funded cyber espionage was carried out. In the company's report M Trends 2014 it is written that “threat actors” based in Iran "pose an ever-increasing threat due to Iran's historical hostility towards US business and government interests."

The report reveals that it observed "threat actors" based in Iran who target the networks of several US government agencies. In the report it is written that "Employees at a US state government office discovered evidence that someone had accessed multiple systems within their network without authorization. An internal IT department investigation found indications of data theft and unauthorized use of privileged credentials."
The security company said that the data that these actors steal "lacked a discernible focus or demonstrated intent". This suggests that the purpose of the attack is more likely "reconnaissance of the potential target's networks." Attacks that originate in Iran, are on a very low level of technical skill and those carrying out the attacking use off-the-shelf tools which are relatively easy to defend. Mandiant says that the victim detects 75% of all attacks from Iran.

Heartbleed: Very Serious SSH Bug

The Heartbleed bug is a serious vulnerability in the popular OpenSSL cryptographic software library and this weakness allows stealing the information protected under normal conditions by the SSL/TLS encryption used to secure the internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (im) and some virtual private networks (VPNs).

The Heartbleed bug allows everyone on the internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and impersonate services and users.

Although OpenSSL is very popular there are other SSL/TLS options. In addition some web sites use an earlier unaffected version and some didn't enable the heartbeat feature that was central to the vulnerability.

While the implementation of perfect forward secrecy or PFS, a practice that makes sure encryption keys have a very short shelf life, and are not used forever reduces the impact of the potential damage, but it doesn't solve the problem. That means if an attacker got an encryption key from a server's memory, the attacker will not be able to decode all secure traffic from that server because keys use is very limited. While some tech giants like Google and Facebook have started to support PFS, not every company supports it.

How to avoid being affected:

1. Do not log into accounts from afflicted sites until you are sure that the company has patched the problem
2. You can check sites on an individual basis using checkers such as https://lastpass.com/heartbleed/
3. When you received confirmation of a security patch, change passwords of sensitive accounts
4. Monitor your account statements for the next few days in case of any of your accounts was affected