Huge Computer Virus Attacking Sensitive Information

Story first appeared in USA Today.

A massive, data-slurping cyberweapon is circulating in the Middle East, and computers in Iran appear to have been particularly affected, according to a Managed IT Service.

Moscow-based Kaspersky Lab ZAO said the "Flame" virus was unprecedented both in terms of its size and complexity, possessing the ability to turn infected computers into all-purpose spying machines that can even suck information out of nearby cell phones.

This is on a completely different level. It can be used to spy on everything that a user is doing.

The announcement sent a ripple of excitement across the computer security sector. Flame is the third major cyberweapon discovered in the past two years, and Kaspersky's conclusion that it was crafted at the behest of a national government fueled speculation that the virus could be part of an Israeli-backed campaign of electronic sabotage aimed at archrival Iran.

Although their coding is different, there was some evidence to suggest that the people behind Flame also helped craft Stuxnet, a notorious virus that disrupted controls of some nuclear centrifuges in Iran in 2010.

Whoever was behind Flame had access to the same exploits and same vulnerabilities as the Stuxnet guys. Two teams may have been working in parallel to write both programs.

Stuxnet revolutionized the cybersecurity field because it targeted physical infrastructure rather than data, one of the first demonstrations of how savvy hackers can take control of industrial systems to wreak real-world havoc.

So far, Flame appears focused on espionage. The virus can activate a computer's audio systems to eavesdrop on Skype calls or office chatter, for example. It can also take screenshots, log keystrokes, and — in one of its more novel functions— steal data from Bluetooth-enabled cell phones.

Tehran has not said whether it lost any data to the virus, but a unit of the Iranian communications and information technology ministry said it had produced an anti-virus capable of identifying and removing Flame from its computers.

Speaking Tuesday, Israel's vice premier did little to deflect suspicion about the Jewish state's possible involvement in the latest attack.

Whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it. Israel is blessed with high technology, and we boast tools that open all sorts of opportunities for us.

Flame is unusually large.

Malicious programs collected by U.K. security firm Sophos averaged about 340 kilobytes in 2010, the same year that Kaspersky believes Flame first started spreading. Flame weighs in at 20 megabytes — nearly 60 times that figure.

A professor of computing at the University of Surrey in southern England, said the virus was modular — meaning that functions could be added or subtracted to it as needed. He compared it to a smartphone, saying that, depending on what kind of espionage you want to carry out, you just add apps.

He was particularly struck by Flame's ability to attack Bluetooth-enabled devices left near an infected computer.

Bluetooth is a short-range wireless communications protocol generally used for wireless headsets, in-car audio systems or file-swapping between mobile phones. Woodward said that Flame can turn an infected computer into a kind of industrial vacuum cleaner, copying data from vulnerable cell phones or other devices left near it.

The chief executive of Cyber-Ark, an Israeli developer of information security, said he thought four countries, in no particular order, had the technological know-how to develop so sophisticated an electronic offensive: Israel, the U.S., China and Russia.

It was 20 times more sophisticated than Stuxnet, with thousands of lines of code that took a large team, ample funding and months, if not years, to develop. It's a live program that communicates back to its master. It asks, 'Where should I go? What should I do now?' It's really almost like a science fiction movie.

It's not clear what exactly the virus was targeting. Kaspersky said it had detected the program in hundreds of computers, mainly in Iran but also in Israel, the Palestinian territories, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.

The company has declined to go into detail about the nature of the victims, saying only that they range from individuals to certain state-related organizations or educational institutions.

The Kaspersky researcher, said stolen data was being sent to some 80 different servers, something which would give the virus's controllers time to readjust their tactics if they were discovered. He added that some of Flame's functions still weren't clear.

Kaspersky said it first detected the virus after the United Nations' International Telecommunication Union asked it for help in finding a piece of malware that was deleting sensitive information across the Middle East. The company stumbled across Flame when searching for that other code, it said.

Spokespeople for the Geneva-based Telecommunication Union didn't return emails seeking comment.

The discovery of the Flame virus comes just days after nuclear talks between Iran and six world powers in Baghdad failed to persuade Tehran to freeze uranium enrichment. A new round of talks is expected to take place in Moscow next month.

The Israeli vice premier, told Army Radio on Tuesday that the talks in Iraq yielded no significant achievement except to let Iran buy time. He appeared to take a swipe at President Obama by saying it might even be in the interest of some players in the West to play for time.

For more Electronics News, visit the Electronics America blog.

For more national and worldwide Business News, visit the Peak News Room blog.

For more local and state of Michigan Business News, visit the Michigan Business News blog.

For more Health News, visit the Healthcare and Medical News blog.

For more Real Estate News, visit the Commercial and Residential Real Estate blog.

For more Law News, visit the Nation of Law blog.

For more Advertising News, visit the Advertising, Marketing and Media blog.

For more Environmental News, visit the Environmental Responsibility News blog.

For information on website optimization or for the latest SEO News, visit the SEO Done Right blog.

Microsoft Knocks Out Another Botnet

Story first appeared in The New York Times.

Last Friday, Microsoft employees and federal marshals raided command centers in Pennsylvania and Illinois used by criminals to run a botnet, a cluster of infected computers used to steal personal and financial information from millions of victims.

But two days earlier, a separate group of cybersecurity researchers based in San Francisco quietly took down another botnet using more technical means. The five researchers, from four security firms — Crowdstrike, Dell SecureWorks, the Honeynet Project and Kaspersky Labs – worked together to decrypt and successfully commandeer the so-called Kelihos.b botnet that was using over 100,000 infected computers to blast pharmaceutical spam and, in some cases, steal Bitcoins, a virtual currency that is impossible to recover once stolen.

The two takedowns were not timed to coincide with one another, nor were the two groups even aware they were operating in tandem. But they point to a renewed effort by technologists to take the lead in combating digital crime rather than waiting for law enforcement authorities to take action.

Microsoft has preferred to take botnets down through court actions.  Including Friday’s raid, Microsoft has disrupted four botnets in the last few years through civil suits. In each case, Microsoft sought secret court orders that allowed it to seize Web addresses and servers that run the botnets, without first alerting their owners.

In the case of Kelihos.b, researchers took a more technical approach. They successfully reverse-engineered the botnet’s structure and analyzed its cryptography, then injected their own file into its communication network. That file instructed infected computers to send any information to a “sinkhole” controlled by Crowdstrike, rather than to the command-and-control server run by criminals.

Within a few minutes of infiltrating Kelihos.b, over 85,000 infected computers started communicating with Crowdstrike’s sinkhole. As more infected users went online, Crowdstrike said that figure quickly jumped to 110,000. By Friday, researchers said the criminals behind Kelihos.b had already abandoned the botnet and moved on.

By dismantling their tools this way, the researchers said they gleaned valuable information about the criminals’ techniques. Experts advise that it is best for companies to employ a professional Managed IT Service to police their online security.

Of the infected machines, 84 percent were exploited using a loophole in Microsoft Windows XP. Researchers also noted that the vast majority of infections — a quarter of all identified machines — were in Poland and that the botnet’s creators spread Kelihos.b through a “pay-per-install” model typically favored by hackers in Eastern Europe. A senior lawyer in Microsoft’s digital crimes unit, said he had a high degree of confidence that the  culprits behind the botnet Microsoft took down last Friday were also based in Eastern Europe.

That information could potentially be valuable in combating future threats. Unless a botnet’s owners and clients are put behind bars, takedowns tend to be temporary. Microsoft’s earlier disruption of a Waledac botnet, for example, lasted only as long as the time it took its creators to modify its architecture slightly to create a new botnet. Kelihos.b is a second-generation version of Kelihos, another botnet that was shut down last September.


For more technology and electronics related news, visit the Electronics America blog.
For national and worldwide related business news, visit the Peak News Room blog.
For local and Michigan business related news, visit the Michigan Business News blog.
For healthcare and medical related news, visit the Healthcare and Medical blog.
For law related news, visit the Nation of Law blog.
For real estate and home related news, visit the  Commercial and Residential Real Estate blog.
For organic SEO and web optimization related news, visit the SEO Done Right blog.

Utah Medicaid Database Hacked

Story first appeared in the Chicago Tribune.

SALT LAKE CITY (Reuters) - A data security breach at the Utah Health Department, believed to be the work of Eastern European hackers, has exposed 24,000 U.S. Medicaid files bearing names, Social Security numbers and other private information, state officials said on Wednesday.

The intrusion initially appeared to have affected claims representing at least 9 percent of the 260,000 clients of Medicaid in Utah. But because each file often contains information on more than one individual, the full extent of the breach is probably wider, officials said.

Medicaid is a federal-state program that helps pay for healthcare for the needy, the aged and disabled. The state determines eligibility and which services are covered, and the federal government reimburses a percentage of the state's expenditures.

Hudachko said the Technology Services Department notified state health officials Monday evening about the cyber attack.

Technology Services had recently moved the claims in question to a new server, allowing the hackers "to circumvent the server's multi-layered security system," according to officials.

He said the cyber attack is believed to have originated in Eastern Europe, based on a suspicious Internet Protocol, or IP, address, but investigators are still trying to pinpoint the precise source.  It is possible that an outsourced IT Security Solution could have prevented this issue.

GRAVE CONCERNS

Utah state Senator Allen Christensen, who also is a practicing dentist, said each compromised claim is going to have two parties involved - both the recipient and the provider.

The chairman for the Utah State Health and Human Services Committee, expressed grave concerns over the impact on the Medicaid population in Utah and suggested the database was left vulnerable by human error.  An outsourced IT Security Solution would have been a good option to alleviate any possible human error.

State officials said they were examining all servers and reviewing policies and procedures to ensure effective security measures are in place.

The compromised files also contain individuals' names, addresses and other private information.

State Health officials are urging all their Medicaid clients and providers to keep a wary eye on their bank accounts and other personal records. Customers whose Social Security numbers are found to have been compromised will receive free credit monitoring services, officials said.

For more technology related news, visit the Electronics America blog.