Malware Is Still Spying On You Even When Your Mobile Is Off

February 20, 2015 – 5:24 AM

Most of us have seen Hollywood movies where hackers trace and spy on mobile devices even though they are switched off. Like most things in spy movies, we disregard it as fiction.

However, recent malware discovered by the AVG mobile security team may change this preconception.

This malware hijacks the shutting down process of your mobile, so when the user turns the power off button to shut down their mobile, it doesn’t really shut down.

After pressing the power button, you will see the real shutdown animation, and the phone appears off. Although the screen is black, it is still on.

While the phone is in this state, the malware can make outgoing calls, take pictures and perform many other tasks without notifying the user.

Source:
http://now.avg.com/malware-is-still-spying-on-you-after-your-mobile-is-off/

The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle

February 19, 2015 – 6:39 PM

AMERICAN AND BRITISH spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden.

The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data.

The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. The company operates in 85 countries and has more than 40 manufacturing facilities. One of its three global headquarters is in Austin, Texas and it has a large factory in Pennsylvania.

In all, Gemalto produces some 2 billion SIM cards a year. Its motto is “Security to be Free.”

With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.

As part of the covert operations against Gemalto, spies from GCHQ — with support from the NSA — mined the private communications of unwitting engineers and other company employees in multiple countries.

Source:
https://firstlook.org/theintercept/2015/02/19/great-sim-heist/

Lenovo shipping laptops with pre-installed adware that kills HTTPS

February 19, 2015 – 5:27 AM

Lenovo is in hot water after it was revealed on Wednesday that the company is shipping consumer laptops with Superfish (Adware) pre-installed. Security experts are alarmed, as the software performs Man-in-the-Middle attacks that compromises all SSL connections.

It’s a fact of life; PC manufacturers are paid to install software at the factory, and in many cases this is where their profit margin comes from. However, pre-installed software is mostly an annoyance for consumers. Yet, when this pre-installed software places their security at risk, it becomes a serious problem.

Lenovo, in comments posted to a company support forum, said they have partnered with a company called Superfish Inc. to deliver software “that helps users find and discover products visually.”

This is done by injecting ads on the sites displayed by Internet Explorer and Chrome; Firefox doesn’t seem to be impacted in this instance, but complaints that date back to last summer surrounding Superfish do include Mozilla’s browser.

Researchers have discovered that not only does Superfish inject ads; it also breaks SSL by installing a self-signed root certificate that can intercept encrypted traffic for any secured website a user visits.

Source:
http://www.csoonline.com/article/2886396/malware-cybercrime/lenovo-shipping-laptops-with-pre-installed-adware-that-kills-https.html

NSA planted surveillance software on hard drives, report says

February 17, 2015 – 6:10 PM

The National Security Agency is able to infect hard drives with surveillance software to spy on computers, Reuters said on Tuesday, citing information from cyber researchers and former NSA operatives.

In a new report, Kaspersky revealed the existence of a group dubbed The Equation Group capable of directly accessing the firmware of hard drives from Western Digital, Seagate, Toshiba, IBM, Micron, Samsung and other drive makers. As such, the group has been able to implant spyware on hard drives to conduct surveillance on computers around the world.

In a blog posted on Monday, Kaspersky said this threat has been around for almost 20 years and “surpasses anything known in terms of complexity and sophistication of techniques.” The security researcher called the group “unique almost in every aspect of their activities: they use tools that are very complicated and expensive to develop, in order to infect victims, retrieve data and hide activity in an outstandingly professional way, and utilize classic spying techniques to deliver malicious payloads to the victims.”

Surveillance software implanted on hard drives is especially dangerous as it becomes active each time the PC boots up and thus can infect the computer over and over again without the user’s knowledge. Though this type of spyware could have surfaced on a “majority of the world’s computers,” Kaspersky cited thousands or possibly tens of thousands of infections across 30 different countries.

Source:
http://www.cnet.com/news/nsa-planted-surveillance-software-on-hard-drives-report/

Millions stolen from banks through sophisticated malware

February 14, 2015 – 7:05 PM

Hackers infiltrated over 100 banks in several countries, stealing millions of dollars in possibly the largest bank theft the world has seen, according to a report published by the New York Times on Saturday.

The Times said it received an advance copy of an upcoming report by Moscow-based Kaspersky Lab that details how banks in Russia, Japan, the United States, and other countries fell victim to malware starting in late 2013 that allowed the hackers to watch video feeds, view daily operations, and impersonate bank officials.

The malware apparently allowed the hackers to transfer money from the banks to fake accounts. According to the Times, Kaspersky Lab said the total theft could be more than $300 million, although the cybersecurity firm has not nailed down an exact figure. Each transaction was limited to $10 million and some banks were hit more than once, according to the publication.

“This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert,” Chris Doggett, of Kaspersky’s Boston office, told the Times.

Kaspersky Lab does not name the banks involved in the massive theft operation in its report, and no banks have revealed that they have been hacked, according to the Times.

Source:
http://arstechnica.com/security/2015/02/report-millions-stolen-from-banks-through-sophisticated-malware/