7.4 C
Friday, November 24, 2017
Home Tags Olympic

Tag: Olympic

Cybercriminals may alter score results and engage in launching physical attacks at future Olympic Games, a recently released report warns.
Says security in danger of being left behind in technology accelerationShanghai, China, June 29: At the Mobile World Congress in Shanghai, network signalling security experts Evolved Intelligence warned that operators racing to deploy 5G services in time for the Winter Olympic games in 2018 were in danger of forgetting the security lessons of the past.Co-Founder and Commercial Director Peter Blackie said that not enough progress had yet been made on securing 5G network signalling. “It... Source: RealWire
Now annual gathering offers IT, security, startups, and more over three days in NOLA.
But we have no idea whether it’s evolutionarily valuable.
“Please don’t jump in, because this would be the last day on my job."
Enlarge / Light reading for a Friday afternoon.reader comments 149 Share this story Shortly after intelligence officials delivered a highly-classified briefing on the Russian government’s alleged interference in US politics to President-elect Donald Trump, the Office of the Director of National Intelligence (ODNI) published an unclassified version of the report. This version outlines the majority of the joint conclusions of the Central Intelligence Agency, National Security Agency, and Federal Bureau of Investigation. While it contains no major new hacking revelations, what is new is its focus on the role of Russia’s state-funded media organization, known as RT, and its international satellite media operations. Ars is still preparing a more thorough analysis of the report and its findings. But the gist of the CIA, NSA, and FBI analysts’ findings is that the Russian Federation’s president, Vladimir Putin, directly ordered intelligence agencies to collect data from the Democratic National Committee, the Hillary Clinton presidential campaign, and other organizations, and he orchestrated an effort to discredit Clinton, the Democratic party, and the US democratic political process through “information operations.” We assess Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the US presidential election. Russia’s goals were to undermine public faith in the US democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency. We further assess Putin and the Russian Government developed a clear preference for President-elect Trump. We have high confidence in these judgements. In an appendix to the report, the agencies laid out a detailed, publicly-sourced analysis of RT’s alleged propaganda operations, including television programming that promoted the Occupy Wall Street movement and focused on information countering US government domestic and foreign policy. RT, in the agency’s assessment, used coverage of the Occupy Movement to promote the notion that change wasn’t possible within the US democratic system and that only “revolutionary action” could affect real change. The ODNI report mentions Russian TV network RT multiple times, including this anti-fracking segment. The report alleges that this clip was part of a state-sponsored response to “the impact of fracking and US natural gas production on the global energy market.” Russian TV network RT was mentioned many times in terms of being part of an official anti-America propaganda machine. Many of the ideas promoted by RT, such as coverage critical of “fracking” for natural gas in the United States, aligned both with domestic opposition to the US government and with Russia’s own interest in curtailing US development of natural gas and reducing the price of the oil and gas upon which Russia’s economy is highly dependent. The three US agencies found that the Russian government’s effort to affect the US election was “multifaceted;” it included fake hacktivists (Guccifer 2.0 and DCLeaks) pushing stolen data through online dumps and exclusive reveals to journalists; Internet “trolls” reinforcing tailored messages and “fake news” links denigrating Clinton and the Democrats while promoting Trump; and propaganda operations that included collaboration with WikiLeaks—including a “partnership” between WikiLeaks and RT. Putin’s motivations, according to the analysis, included the leak of the Panama Papers—a breach of documents from a Panama-based law firm that set up structures allowing many wealthy people, including members of the Russian government and supporters of Putin, to hide money overseas in secret accounts. “Putin publicly pointed to the Panama Papers disclosure and the Olympic doping scandal as US-directed efforts to defame Russia,” the report notes, which suggests “he sought to use disclosures to discredit the image of the United States and cast it as hypocritical.”
Russia-based hackers are apparently not happy with the attention they've been getting for their Olympic anti-doping agency "conspiracy" leaks.reader comments 43 Share this story This morning, Ars received an odd ask by Twitter direct message: "Hello, we are Fancy Bears' Hack Team.

Are you interested in WADA and USADA confidential documents?" Fancy Bears HT is the front for the hacking operation that spear-phished International Olympic Committee members to gain access to the systems of the World Anti-Doping Agency (WADA).

Those records were leaked—and in some cases, according to WADA officials, modified—in an effort to discredit the Olympics' drug-testing rules.

The leaks were seen by officials as retribution for the bans imposed on Russian athletes after widespread doctoring of drug tests by the Russians at multiple Olympic games was exposed by a WADA investigation. The hack of the United States Anti-Doping Agency (USADA) e-mails was first revealed in October.

A spokesperson for USADA told Ars that the e-mails were probably exposed during the Paralympic Games in Rio de Janeiro, possibly when a scientific advisor to USADA was using public Wi-Fi at the games. The Federal Bureau of Investigations and an outside information security firm are still investigating the breach.

But officials have indicated that, as in the WADA breach, the perpetrators are in some way tied to the group behind part of the network intrusion at the Democratic National Committee and the hacking of e-mail accounts of a number of political figures—including Hillary Clinton's campaign chairman, John Podesta. Those hacks were attributed by security researchers to a group designated by Crowdstrike as "Fancy Bear"—a name the hackers apparently liked so much that they adopted it for their Twitter account name and WADA/USADA leak site. On the other hand, whoever is behind the Fancy Bears Twitter account told Forbes' Thomas Fox-Brewster (who got a similar pitch by DM) that they were not the same Fancy Bear (aka APT28). Nothing in the e-mails leaked from USADA so far is particularly controversial.

The latest batch includes discussions with officials from a number of different countries' anti-doping agencies about contingency plans for what to do if Russian athletes were not banned from the Olympic games as well as preparation for a lawsuit to be filed by USADA and the Canadian Centre for Ethics in Sport against the International Olympic Committee that was never taken forward.

The contents of the e-mails, USADA Communications Manager Ryan Madden told Ars, "just show us doing our jobs." And it's that mundane level of content—and the resulting lack of interest in continued press coverage—that may have prompted Fancy Bears to reach out to Ars and other outlets this morning.

The WADA/USADA leaks are apparently not getting the amount of attention that Fancy Bears feels they deserve, as it offered a lure to write more about them: A transcript of Ars' chat with some Fancy Bears.
Enlarge / Trump denies there's any truth intelligence community claims of Russian interference in the election, claiming it could have been anyone.Chip Somodevilla | Getty Images reader comments 159 Share this story President-elect Donald Trump continues to discount or attempt to discredit reports that the intelligence community has linked the hacking of the DNC, the Hillary Clinton presidential campaign, and related information operations with a Russian effort to prevent Clinton from winning the election—thus assuring Trump's victory. In his latest of a stream of tweets, Trump posted: Unless you catch "hackers" in the act, it is very hard to determine who was doing the hacking. Why wasn't this brought up before election? — Donald J. Trump (@realDonaldTrump) December 12, 2016 The hacking was brought up well before the election. And it was monitored as it was happening—by the intelligence and law enforcement communities and by private information security firms. "CrowdStrike's Falcon endpoint technology did catch the adversaries in the act," said Dmitri Alperovitch, chief technology officer of Crowdstrike. "When the DNC brought us in to conduct an investigation in May 2016, we deployed this technology on every system within DNC's corporate network and were able to watch everything that the adversaries were doing while we were working on a full remediation plan to remove them from the network." Much of the evidence from Crowdstrike and other security researchers has been public since June and July. But while the hackers may have been caught in the act digitally, the details by themselves don't offer definitive proof of the identity of those behind the anti-Clinton hacking campaign. Public details currently don't offer clear insight into the specific intent behind these hacks, either. What is indisputable, however, is the existence of genuine hacking evidence. And this information certainly does provide enough to give the reported intelligence community findings some context. The evidence The FBI warned the DNC of a potential ongoing breach of their network in November of 2015. But the first hard evidence of an attack detected by a non-government agency was a spear-phishing campaign being tracked by Dell SecureWorks. That campaign began to target the DNC, the Clinton campaign, and others in the middle of March 2016, and it ran through mid-April. This campaign was linked to a "threat group" (designated variously as APT28, Sofacy, Strontium, Pawn Storm, and Fancy Bear) that had previously been tied to spear-phishing attacks on military, government, and non-governmental organizations. "[SecureWorks] researchers assess with moderate confidence that the group is operating from the Russian Federation and is gathering intelligence on behalf of the Russian government," the report from SecureWorks concluded. The DNC's information technology team first alerted party officials that there was a potential security problem in late March, but the DNC didn't bring in outside help until May. This is when CrowdStrike's incident response team was brought in. CrowdStrike identified two separate ongoing breaches, as detailed in a June 15, 2016 blog post by CrowdStrike CTO Dmitri Alperovitch. The findings were based both on malware samples found and a monitoring of the breach while it was in progress. One of those attacks, based on the malware and command and control traffic, was attributed to Fancy Bear. The malware deployed by Fancy Bear was a combination of an agent disguised as a Windows driver file (named twain_64.dll) in combination with a network tunneling tool that allowed remote control connections. The other breach, which may have been the breach hinted at by the FBI, was a long-running intrusion by a group previously identified as APT29, also known as The Dukes or Cozy Bear. Cozy Bear ran SeaDaddy (also known as SeaDuke, a backdoor developed in Python and compiled as a Windows executable) as well as a one-line Windows PowerShell command that exploited Microsoft's Windows Management Instrumentation (WMI) system. The exploit allowed attackers to persist in WMI's database and execute based on a schedule. Researchers at Fidelis who were given access to malware samples from the hack confirmed that attribution. In addition to targeting the DNC and the Clinton campaign's Google Apps accounts, the spear-phishing messages connected to the campaign discovered by SecureWorks also went after a number of personal Gmail accounts. It was later discovered that the campaign had compromised the Gmail accounts of Clinton campaign chair John Podesta, former Secretary of State Colin Powell, and a number of other individuals connected to the Clinton campaign and the White House. Many of those e-mails ended up on DC Leaks. The Wikileaks posting of the Podesta e-mails include an e-mail containing the link used to deliver the malware. After Crowdstrike and the DNC revealed the hacks and attributed them to Russian intelligence-connected groups, some of the files taken from the DNC were posted on a website by someone using the name Guccifer 2.0. While the individual claimed to be Romanian, documents in the initial dump from the DNC by Guccifer 2.0 were found to have been edited using a Russian-language version of Word and by someone using a computer named for Felix Dzerzhinsky, founder of the Soviet secret police. (The documents are linked in this article by Ars' Dan Goodin.) In addition to publishing on his or her own WordPress site, Guccifer used the DC Leaks site to provide an early look at new documents to The Smoking Gun using administrative access. The Smoking Gun contacted one of the victims of the breach and confirmed he had been targeted using the same spear-phishing attack used against Podesta. The DC Leaks site also contains a small number of e-mails from state Republican party operatives. Thus far, no national GOP e-mails have been released. (The New York Times reports that intelligence officials claim the Republican National Committee was also penetrated by attackers, but its e-mails were never published.) Attribution and motive There are several factors used to attribute these hacks to someone working on behalf of Russian intelligence. In the case of Fancy Bear, attribution is based on details from a number of assessments by security researchers. These include: Focus of purpose. The methods and malware families used in these campaigns are specifically built for espionage. The targets. A list of previous targets of Fancy Bear malware include: Individuals in Russia and the former Soviet states who may be of intelligence interest Current and former members of NATO states' government and military Western defense contractors and suppliers Journalists and authors Fancy Bear malware was also used in the spear-phishing attack on the International Olympic Committee to gain access to the World Anti Doping Agency's systems. This allowed the group to discredit athletes after many Russian athletes were banned from this year's Summer Games. Long-term investment. The code in malware and tools is regularly and professionally updated and maintained—while maintaining a platform approach. The investment suggests an operation funded to provide long-term data espionage and information warfare capabilities. Language and location. Artifacts in the code indicate it was written by Russian speakers in the same time zone as Moscow and St. Petersburg, according to a FireEye report. These don't necessarily point to Fancy Bear being directly operated by Russian intelligence. Other information operations out of Russia (including the "troll factory" operated out of St. Petersburg to spread disinformation and intimidate people) have had tenuous connections to the government. Scott DePasquale and Michael Daly of the Atlantic Council suggested in an October Politico article that the DNC hack and other information operations surrounding the US presidential campaign may have been the work of "cyber mercenaries"—in essence, outsourcing outfits working as contractors for Russian intelligence. There is also an extremely remote possibility that all of this has been some sort of "false flag" operation by someone else with extremely deep pockets and a political agenda. WikiLeaks' Julian Assange has insisted that the Russian government is not the source of the Podesta and DNC e-mails. That may well be true, and it can still be true even if the Russian government had a hand in directing or funding the operation. But that is all speculation—the only way that the full scope of Russia's involvement in the hacking campaign and other aspects of the information campaign against Clinton (and for Trump) will be known is if the Obama administration publishes conclusive evidence in a form that can be independently analyzed.

Greenford, UK (December 8, 2016) In the wake of Brexit there seems to be an air of gloom hanging over British business – but not at Ultra Electronics.

Based in Greenford, London, the Group continues to supply its products to some of the world’s biggest and most technologically advanced organisations.

Gemini, the world’s first licensed Bitcoin and Ether exchange, chose Ultra’s Hardware Security Module (HSM) to protect its most valuable information despite competition from US and mainland Europe cyber security giants.

The coup for Ultra outlines the significant amount of respect the organisation commands in the world of cyber security.

Gemini, founded and managed by Olympic rowers the Winklevoss brothers, allows clients to trade Bitcoins to USD, Ether to USD and Bitcoins to Ether.

The company is the first of its kind to receive a license from a major regulatory body, receiving its accreditation from the New York State Department of Financial Services (NYSDFS) in 2015.

Cryptocurrencies are fast becoming a more widely respected form of payment, so much so that the city of Zug, a well-known financial hub in Switzerland has started allowing residents to pay for public services with Bitcoins.

Ultra, Gemini and Bitcoin

For such a rapidly expanding business within a field where security is absolutely paramount, Gemini has ensured it recruits security professionals from some of the world’s most distinguished companies.

For a company which has invested so much in security personnel it begs the question, what exactly was it that made them choose the Ultra Electronics’ HSM?

According to Cem Paya, the CSO of Gemini;
“Information security is one of the most important parts of the Gemini business model and ensuring we utilise the most secure HSMs is vital.

There were a number of reasons as to why we chose to work with Ultra Electronics KeyperPlus. Not only did KeyperPlus have a superior key management system, comprehensive security options and Linux support but it also was without any severe vulnerabilities.”

The fact that Gemini chose Ultra Electronics is a positive sign.

Brexit or not – truly innovative companies who can offer unique product solutions will always be desired by the rest of the world. Rob Stubbs, Product Director at Ultra’s Communication & Integrated Systems business, outlines why he believes Gemini selected the KeyperPlus and how the Ultra team will continue to ensure it wins orders from market-leading businesses such as Gemini in the future.

“The success of Bitcoin is critically dependent on the security of exchanges such as Gemini. We have already seen the cyber-theft of Bitcoins from Mt.

Gox, Bitfinex and others totalling over $500m.

Gemini’s decision to use KeyperPlus was based on its own detailed security evaluation as well as the product’s international certification and market reputation so as to provide the upmost security for its clients.

HSMs are an important cyber security tool, and can be used to enhance any security system. KeyperPlus is the only network-attached HSM to incorporate a cryptographic module validated to FIPS 140-2 Level 4 overall, one of the toughest security standards in the world. Ultra’s Keyper™ HSMs have successfully maintained this level for over 15 years, earning them a deserved reputation as the world’s most trusted HSMs.

For example, two generations of Keyper™ HSM have been used by ICANN to protect the security of the global Internet domain name system, upon which the whole world-wide-web ultimately depends.”

Ultra Electronics’ experience and expertise within the cyber-security sector is set to stand both the business and the security of its clients’ valuable information in good stead for the foreseeable future.

If you have any further questions regarding either Ultra Electronics cyber-security capabilities or this article please contact:
Morgan Sellars, Marketing Executive:
Office: 020 8813 4621 – Email - Morgan.Sellars@ultra-cis.com

It’s also important that we highlight the work conducted by our North American partners at Connect IT Solutions Inc.

Their skill and security expertise were invaluable during the design, sale and management phases of this project.

If you have any questions regarding Connect IT Solutions or its services then please contact:
Jasper Rose, Vice President, Cyber Security Division:
Office: 1- 888-246-6350 x 102 Email - jrose@citsus.com Web - www.citsus.com

Cyber defense overall must be prioritized, says Intel Security’s Raj Samani Cybercriminals are spreading into the healthcare sector even though the price per stolen medical record remains lower than for comparable financial account crime. From hospitals becoming victims of hacking attacks to Olympic champions getting their health records leaked by hackers, the health sector has become a major target for cybercrime. The most lucrative cybercrime targeting healthcare industry data is aimed at stealing industrial secrets from pharmaceutical or biotech firms.

There’s a “concerted effort” by cybercriminals to recruit health care industry insiders as accomplices in these thefts.

Efforts to recruit insiders are far from subtle and can brazen online ads and offers sent through social media, according to a new study (PDF) by Intel Security. Intel Security researchers found evidence that formulas for next-generation drugs, drug trial results, and other business confidential information are all of potential interest to hackers turned industrial spies.

Confidential data is stored not only by pharmaceutical companies but with their partners and (sometimes) government regulators. Cybercriminals are taking advantage of the cybercrime-as-a-service market to execute their attacks on healthcare organizations through, for example, the purchase and rental of exploits and exploit kits in order to attack targeted organizations. Doctored records Away from the top end of the scale there’s even a market for the health records of ordinary people.
Stolen medical records are available for sale from $0.03 to $2.42 per record, McAfee Labs reports.

Comparable stolen financial account records are available for around $14.00 to $25.00.

And credit and debit card account data is available for $4.00 to $5.00 per account record. Protected health information could include family names, mothers’ maiden names, social security or pension numbers, payment card and insurance data, and patient address histories.

Easier-to-monetize credit card information commands a greater price on black markets, at least for the immediate future, as Intel Security explains: Upon stealing a cache of medical records, it is likely cybercriminals must analyze the data and perhaps cross-reference it with data from other sources before lucrative fraud, theft, extortion, or blackmail opportunities can be identified.

Financial data, therefore, still presents a faster, more attractive return-on-investment opportunity for cybercriminals. “In one case, a relatively non-technically proficient cyber thief purchased tools to exploit a vulnerable organization, leveraged free technical support to orchestrate his attack, and then extracted more than 1,000 medical records that the service provider said could net him about $15,564, Intel Security reports. Raj Samani, Intel Security’s CTO in EMEA and author of the McAfee Labs’ Health Warning report, said: “Given the growing threat to the industry, breach costs ought to be evaluated ... in terms of time, money, and trust – where lost trust can inflict as much damage upon individuals and organizations as lost funds.” “When a well-developed community of cybercriminals targets a less-prepared industry such as health care, organizations within that industry tend to play catch-up,” Samani continued. “Gaining the upper hand in cybersecurity requires a rejection of conventional paradigms in favor of radical new thinking. Where health care organizations have relied on old playbooks, they must be newly unpredictable. Where they have hoarded information, industry players must become more collaborative. Where they have undervalued cyber defense overall, they must prioritize it.” ®
Fake bear dump.Stewart Butterfield reader comments 5 Share this story A pattern of mischaracterization, misrepresentation, and outright alteration of breached data has emerged in two of the latest headline-grabbing batches of hacked files.
Investigators discovered that recently published data from anti-doping testing at the 2016 Olympics in Rio de Janeiro had been altered by parties connected to a Russia-based hacking group behind the breach, according to a report issued by the World Anti-Doping Agency (WADA) yesterday. The International Olympic Committee (IOC) dump, released by a group calling itself "Fancy Bears," was found by WADA's incident response team to contain altered information. "WADA has determined that not all data released by Fancy Bear (in its PDF documents) accurately reflects [Anti-Doping Administration and Management System (ADAMS)] data," a spokesperson for WADA wrote in a post on the investigation.

The attackers gained access by stealing ADAMS credentials through "spear phishing" e-mails sent to IOC officials who owned the accounts.

The attack was similar to the e-mails sent to DNC and Clinton campaign officials earlier this year. This fits into a pattern tied to recent hacks by "Fancy Bear" and other groups—organizations that researchers and government authorities believe are connected in some way to the Russian intelligence community—being used for misinformation.
Some of the data in the initial Democratic National Committee "dump" by the entity calling themselves Guccifer 2.0 was revealed to have been altered, and that leaked metadata indicated files had been edited by someone who spoke Russian. While the latest "leak" from Guccifer 2.0 allegedly against the Clinton Foundation's network contains no such smoking guns, the metadata does exist and suggest data came from previous "Fancy Bear" breaches at the DNC and other organizations that used the DNC's network. Forensic examination of the Guccifer 2.0 Clinton files specifically suggests the files came from previous breaches of the DNC and Democratic Congressional Campaign Committee (DCCC). Payroll files, expense reports, receipts, and lease documents for Democratic party field offices—as well as scans of checks issued for payment for FOIA requests and vendors—all point to the DCCC, DNC, and some state Democratic Parties.

Files not from the DNC or affiliated organizations came from GMBB (an advertising firm that does work for the Democratic Party), the Federal Election Commission, and the House of Representatives. Some of the more controversial documents in the collection posted directly on the Guccifer 2.0 WordPress blog, including one titled "Master Spreadsheet PAC Contributions," may have been modified before posting.

That file was created and edited once in February 2009.

Based on file metadata, it was pulled off the DCCC server on May 23, 2016.
Anti-doping body WADA says it ain't so Hackers may have doctored athletes’ data prior to leaking it, according to the World Anti-Doping Agency (WADA). The "Fancy Bear" hacking group has been releasing details of athletes' Therapeutic Use Exemptions (TUE*) after breaking into the systems of the fair play enforcement agency, as previously reported. WADA, which acknowledged the breach last month soon after leaked data surfaced on Fancy Bear’s website, said on Wednesday that “not all data released by Fancy Bear (in its PDF documents) accurately reflects ADAMS data” - implying some of the leaked information had been deliberately altered prior to its release. Russia is the prime suspect in the Fancy Bear attacks, thanks in large part to a ban by many sports preventing many Russian athletes from participating in the Rio Olympics. WADA itself has previously blamed a Russian hacking group for the breach, which it further condemned in its latest update. “The criminal activity undertaken by the cyber espionage group, which seeks to undermine the TUE program and the work of WADA and its partners in the protection of clean sport, is a cheap shot at innocent athletes whose personal data has been exposed,” WADA’s statement fumes. Fancy Bear compromised an account in WADA’s Anti-Doping Administration and Management System (ADAMS) created especially for the Rio 2016 Olympic Games.

This hack facilitated access to the medical history of athletes that participated in the games. WADA’s technical and forensic team’s current assessment is that hackers illegally accessed the Rio 2016 ADAMS Account multiple times between 25 August 2016 and 12 September 2016, using credentials obtained through a spear phishing campaign. The broader ADAMS system was not compromised in the attack, according to WADA.
In response to the admitted breach, WADA has tightened its security controls, introduced increased logging as well as hiring FireEye Mandiant to handle incident response. Security watchers have warned of the possibility of hacking attacks that involved data manipulation for several years, and the only real surprise on that front is that the attack affected a sporting rather than a banking organisation. Jason Hart, CTO of data protection at Gemalto, commented: “As the news that data from the WADA hack may have been manipulated shows, business leaders need to realise they are no longer just at risk from data simply being stolen.

As well as exposing gaps in a company’s security, the next frontier for cyber-crime will be data manipulation.

Data is the new oil and the thing most valuable to hackers. “Businesses can make vital decisions based on incorrect or exaggerated information, or data that has been stolen can be altered to change public sentiment regarding a business or individual, which hackers can exploit for personal or financial gain,” Hart said, adding that the fact that a breach can take months to detect further exacerbates the problem. Bootnote *The TUE process allows athlete to obtain approval to use a prescribed prohibited substance or method for the treatment of a legitimate medical condition, such as asthma.