September 20, 2014

Hackers breach externally hosted database used by UK’s Herfordshire Police

(LiveHacking.Com) – A website belonging to the UK’s Hertfordshire Police has been hacked and what appear to be login details, passwords and other details have been published online. The database for the Safer Neighbourhood Teams website, which was  externally hosted, held personal data including phone numbers and IP addresses that related to a number of officers.

In a statement given to the BBC, the Hertfordshire Constabulary said it was currently investigating the publication of information stored on a database linked to the public Safer Neighbourhoods pages of the external Constabulary website. And that the site has been temporarily disabled. “There is absolutely no suggestion that any personal data relating to officers or members of the public has been, or could have been compromised. Nevertheless matters of IT security are extremely important to the Constabulary and an investigation is already under way.”

The hack seems to be have been motivated by the current plight of Wikileaks founder, Julian Assange. There has been a rise in the number of hacking attacks since the UK government said it would arrest and extradite Mr Assange if he left Ecuador’s embassy in London.  An “OpFreeAssange” banner was included with the database details that were posted online as well as a quote from the Wikileaks founder. However the hacker was also keen to point out that he wasn’t part of the infamous hacking Anonymous.

Catalin Cosoi, chief security researcher at Bitdefender, said to SC Magazine: “The unknown attacker extracted from the second breached website what appear to be police officers’ email addresses, passwords to those email accounts and a list of PINs probably employed as additional safety tools. Several user logs have also been made public, exposing a list of employee names and corresponding IPs that could be used in cyber crime operations requiring identification of a specific machine, containing a particular type of data.”

Questions are now being asked about why a Police force was using an externally hosted website. The problem with any third-party supplier is that their security practices and procedures are unknown and outside the control of the client, in this case a Police force. This attack highlights the need for anyone (including Public sector organisations) using external hosting to validate the security of the external service.

Anonymous Moves Against Multiple UK Government Websites with DDoS Attack

(LiveHacking.Com) – The hacker group Anonymous has attacked three UK government websites, including the Prime Minister’s site, in a protest about the extradition of British citizens to the USA and about a proposed new law to increase the surveillance powers of the British state. The so-called hacktivists disrupted traffic  through a series of distributed denial of service (DDoS) attacks, designed to take the websites offline by flooding them with more traffic than they can handle. The sites attacked were homeoffice.gov.uk (Home Office), number10.gov.uk (Prime Minister’s Office) and justice.gov.uk (Ministry of Justice). By Sunday morning all the sites appeared to be functioning normally again.

It appears that the attacks were in response to a proposed new law would allow the British government to conduct some trials in secret and allow authorities to track the phone calls, emails, text messages and online activity of everyone in the country.

The group took credit for the attack in a series of tweets  (herehere and here) which specifically mention the UK’s proposed “draconian surveillance proposals” and “derogation of civil rights.”

The attack could be considered as quite courageous, especially in light of recent efforts by global law enforcement agencies to crackdown on the group’s cyber protests. Sophos noted on its blog that “other hacktivists who have launched DDoS attacks against websites belonging to British authorities have been arrested in recent history, and are currently facing trial.”

In a separate attack,  the group targeted the website of the US House of Representatives but failed to prevent access.

Britain Publishes its New Cyber Security Strategy

(LiveHacking.Com) – The United Kingdom has published its new Cyber Security Strategy subtitled “Protecting and promoting the UK in a digital world.” The strategy comes after the UK hosted an International Cyber Security conference in London last month.

The UK makes more money on the Internet than it does out of agriculture and the government is forecasting that there will be 365,000 new Internet related jobs over the next five years.

“While the internet is undoubtedly a force for social and political good, as well as crucial to the growth of our economy, we need to protect against the threats to our security,” said Prime Minister David Cameron. “Cyber security is a top priority for government and we will continue to work closely with the police, security services, international partners and the private sector to ensure that the UK remains one of the most secure places in the world to do business.”

As part of the strategy the UK government want to create a cyber security ‘hub’ that will allow the Government and the private sector to exchange actionable information on cyber threats and manage the response to cyber attacks. Five business sectors – defence, telecoms, finance, pharmaceuticals and energy will take part in a pilot that will begin in December.

They are also looking a ways to use GCHQ’s world-class expertise in cyber security in the commercial sector. Since GCHQ is part of the UK’s security services this needs to be done without compromising the agency’s core security and intelligence mission. This move is quite radical and can be likened to the American government opening the doors to the NSA.

To tackling cyber crime, the strategy sets out plans to expand the number of specialists in the Police force who are trained in cyber crime and to create a new cyber crime unit. The new unit will help deal with the most serious national-level cyber crimes and to be part of the response to major national incidents.

There are also plans to create a new Defence Cyber Operations Group with in the Ministry of Defence. The group will develop new tactics, techniques and plans to deliver military cyber capabilities.

You can download a copy of the strategy here.

Disturbing Number of Cyber-attacks Aimed at UK

(LiveHacking.Com) – Iain Lobban, director of the UK Government Communications Headquarters (GCHQ) has reported that a “significant but unsuccessful” cyber-attack was made on the Foreign Office and other government departments this summer.

Originally writing in the UK newspaper The Times, the director of the government’s listening centre said that the “disturbing” number of cyber-attacks on the government, industry and private individuals was a threat to the “continued economic wellbeing” of the UK.

“I can attest to attempts to steal British ideas and designs – in the IT, technology, defence, engineering and energy sectors, as well as other industries – to gain commercial advantage or to profit from secret knowledge of contractual arrangements,” said Lobban. “Such intellectual property theft doesn’t just cost the companies concerned. It represents an attack on the UK’s continued economic wellbeing.”

Lobban’s article was published to coincide with the UK London Cyber Conference which starts today (Nov 1) in London. The conference is hosted by British Foreign Secretary William Hague and it was planned that Hilary Clinton would talk at the conference. However she has had to cancel as her mother has fallen ill. Mr Hague tweeted earlier today that:

Very sorry that #SecClinton won’t be able to attend #LondonCyber today. My best wishes to her and her family at this time

The cyber-attacks on the UK targeted sensitive data on government computers, along with defence, technology and engineering firms’ designs.

Lobban also added: “Criminals are using cyberspace to extort money and steal identities, as well as exploit the vulnerable. Increasingly sophisticated techniques target individuals. We are witnessing the development of a global criminal market place – a parallel black economy where cyber dollars are traded in exchange for UK citizens’ credit card details. Tackling cyber crime matters and it is a very real threat to our prosperity.”

Command and Control Network of Zeus 2 Botnet

Security researchers have uncovered the command and control network of a Zeus 2 botnet sub-system targeted at UK surfers that controlled an estimated 100,000 computers.

 

Cybercrooks based in eastern Europe used a variant of the Zeus 2 cybercrime toolkit to harvest personal data – including bank log-ins, credit and debit card numbers, bank statements, browser cookies, client side certificates, and log-in information for email accounts and social networks – from compromised Windows systems.

 

Trusteer researchers identified the botnet’s drop servers and command and control centre before using reverse engineering to gain access its back-end database and user interface. A log of IP addresses used to access the system, presumably by the cybercrooks that controlled it, was passed by Trusteer onto the Metropolitan Police.

Read the full article here.

Source: [TheRegister]