Hacker News: UK Parliament Hit by Cyberattack, Up to 90 MPs’ E-mail Accounts Hacked

uk-houses-of-parliament-emails-hacked

A cyber attack has hit the email system of UK Houses of Parliament on Friday morning that breached at least 90 emails accounts protected by weak passwords belonging to MPs, lawmakers, and other parliamentary staff.

Meanwhile, as a precaution, the Security service has temporarily shut down the remote access (outside the Westminster) to its network to protect email accounts.

Liberal Democrat Chris Rennard has advised on Twitter that urgent messages should be sent by text message.

“We have discovered unauthorized attempts to access accounts of parliamentary networks users and are investigating this ongoing incident, working closely with the National Cyber Security Centre,” the spokesperson said.

“Parliament has robust measures in place to protect all of our accounts and systems, and we are taking the necessary steps to protect and secure our network.”

The authorities found less than 1% of parliament’s 9,000 email addresses had been compromised using the brute-force attack that lasted for more than 12 hours.

But if the emails were successfully accessed, experts believe and have warned that politicians could be at risk of blackmail or terror attacks.

It is unclear who is responsible for the attack, but the breach has happened just two days after the passwords of British cabinet ministers and officials were reportedly being sold online by hackers on Russian underground forums.

However, most UK officials suspect Russia and North Korea for the British Parliament cyber-attack.

“We are continuing to investigate this incident and take further measures to secure the computer network, liaising with the Britain’s National Cyber Security Centre (NCSC).” spokeswoman said.

Mohit Kumar - Hacking News
Entrepreneur, Hacker, Speaker, Founder and CEO — The Hacker News and The Hackers Conference.

Hacker News: Microsoft’s Private Windows 10 Internal Builds and Partial Source Code Leaked Online

windows-10-source-code-leak-download

A massive archive of Microsoft’s top-secret Windows 10 builds, and the source codes for private software has been reportedly leaked online, which could lead to a nasty wave of Windows 10 exploits, journalist at the Reg claims.

The Leaked files – uploaded on BetaArchive website – contains more than 32 terabytes of data, which includes many non-public Windows 10 and Windows Server 2016 builds created by Microsoft engineers for testing purpose.

Interestingly, Windows 10 internal builds include private debugging symbols defined by the engineers usually to help other in-house developers understand how some specific codes in the operating system works and what functions it calls, the Register reports.

microsoft-internal-windows-10-builds

Private debugging symbols reveal some sensitive in-depth knowledge about the operating system that could be used by exploit writers to find vulnerabilities.

Moreover, the dump also contains Microsoft’s Shared Source Kit, which includes source code for Windows 10 hardware drivers, such as:

  • Plug-and-Play system
  • USB Stacks
  • Wi-Fi Stacks
  • Storage Drivers
  • ARM-specific OneCore kernel code

According to Microsoft’s website, Shared Source Kit is available only for “qualified customers, enterprises, governments, and partners for debugging and reference purposes.”

However, BetaArchive says that the leak is just 1.2GB in size and now has been removed.from its servers.

We have removed it from our FTP and listings pending further review just in case we missed something in our initial release. We currently have no plans to restore it until a full review of its contents is carried out, and it is deemed acceptable under our rules.” BetaArchive said.

microsoft-windows10-mobile-adaptation-kit

The leaked files also contain Microsoft’s Windows 10 Mobile Adaptation Kit, a private software toolkit created by Microsoft designed to run Windows 10 operating system on mobile devices.

So far, it’s unclear who is behind this massive leak, but it could be from one of the Microsoft OEM partners.

Microsoft Confirms the Leak

Microsoft has confirmed that a portion of Windows 10 source code has leaked online.

“Our review confirms that these files are actually a portion of the source code from the Shared Source Initiative and is used by OEMs and partners,” confirms a Microsoft spokesperson to The Verge.

Stay tuned for more information.

Mohit Kumar - Hacking News
Entrepreneur, Hacker, Speaker, Founder and CEO — The Hacker News and The Hackers Conference.

Hacker News: Brutal Kangaroo: CIA-developed Malware for Hacking Air-Gapped Networks Covertly

wikileaks-Brutal-Kangaroo-airgap-malware

WikiLeaks has published a new batch of the ongoing Vault 7 leak, this time detailing a tool suite – which is being used by the CIA for Microsoft Windows that targets “closed networks by air gap jumping using thumb drives,” mainly implemented in enterprises and critical infrastructures.

Air-gapped computers that are isolated from the Internet or other external networks are believed to be the most secure computers on the planet have become a regular target in recent years.

Dubbed Brutal Kangaroo (v1.2.1), the tool suit was allegedly designed by the Central Intelligence Agency (CIA) in year 2012 to infiltrate a closed network or air-gapped computer within an organization or enterprise without requiring any direct access.

The previous version of Brutal Kangaroo was named as EZCheese, which was exploiting a vulnerability that was zero-day until March 2015, though the newer version was using “unknown link file vulnerability (Lachesis/RiverJack) related to the library-ms functionality of the operating system.

Here’s How the Air-Gap Attack Works

air-gap-malware

Like most air-gapped malware techniques we reported on The Hacker News, this hacking tool first infects an Internet-connected computer within the target organization and then installs the Brutal Kangaroo malware on it.

wikileaks-Brutal-Kangaroo-airgap-malware

Even if it’s hard to reach an Internet-connected PC within the target organisation, they can infect a computer of one of the organisation’s employees and then wait for the employee to insert the USB drive into his/her computer.

Now, as soon as a user (the employee of the organisation) inserts a USB stick into the infected computer, Shattered Assurance, a server tool infects the USB drive with a separate malware, called Drifting Deadline (also known as ‘Emotional Simian’ in the latest version).

wikileaks-Brutal-Kangaroo-airgap-malware

The USB drive infects with the help of a flaw in the Microsoft Windows operating system that can be exploited by hand-crafted link files (.lnk) to load and execute programs (DLLs) without user interaction.

The .lnk file(s) must be viewed in windows explorer, and the tool will be auto-executed without any further input.” the manual says.

When the infected USB drive is used to share data with air-gapped computers, the malware spreads itself to those systems as well.

“If multiple computers on the closed network are under CIA control, they form a covert network to coordinate tasks and data exchange. Although not explicitly stated in the documents, this method of compromising closed networks is very similar to how Stuxnet worked,” WikiLeaks said.

“Brutal Kangaroo components create a custom covert network within the target closed network and providing functionality for executing surveys, directory listings, and arbitrary executables,” a leaked CIA manual reads.

air-gap-malware.png

The malware then starts collecting data from infected air-gapped computers (which utilizes Shadow, the primary persistence mechanism) covertly and a module within the Brutal Kangaroo suit, dubbed “Broken Promise,” analyzes the data for juiceful information.

Previous Vault 7 CIA Leaks

Last week, WikiLeaks dumped an alleged CIA framework used for monitoring the Internet activity of the targeted systems by exploiting vulnerabilities in Wi-Fi devices.

Dubbed “Cherry Blossom,” the framework was basically a remotely controllable firmware-based implant for wireless networking devices, including routers and wireless access points (APs), which exploits router vulnerabilities to gain unauthorized access and then replace the firmware with custom Cherry Blossom firmware.

Since March, the whistleblowing group has published 12 batches of “Vault 7” series, which includes the latest and last week leaks, along with the following batches:

  • Pandemic – a CIA’s project that allowed the agency to turn Windows file servers into covert attack machines that can silently infect other computers of interest inside a targeted network.
  • Athena – a spyware framework that has been designed to take full control over Windows PCs remotely, and works against every version of Microsoft’s Windows operating systems, from Windows XP to Windows 10.
  • AfterMidnight and Assassin – Two apparent CIA malware frameworks for the Windows platform that has been designed to monitor and report back activities of the infected remote host computer and execute malicious actions.
  • Archimedes – Man-in-the-Middle attack tool allegedly created by the CIA to target computers inside a Local Area Network (LAN).
  • Scribbles – Software reportedly designed to embed ‘web beacons’ into confidential files and documents, allowing the agency to track whistleblowers and insiders.
  • Grasshopper – A framework which allowed the agency to easily create custom malware for breaking into Windows operating system and bypassing antivirus protection.
  • Marble – The source code of a secret anti-forensic framework, basically an obfuscator or a packer used by the spying agency to hide the actual source of its malware.
  • Dark Matter – Revealed hacking exploits the CIA designed to target iPhones and Macs.
  • Weeping Angel – A spying tool used by the CIA to infiltrate smart TV’s and then transform them into covert microphones.
  • Year Zero – Disclosed several CIA hacking exploits for popular hardware and software.
Swati - Hacking News
Technical Writer, Security Blogger and IT Analyst. She is a Technology Enthusiast with a keen eye on the Cyberspace and other tech related developments.

Hacker News: New GhostHook Attack Bypasses Windows 10 PatchGuard Protections

ghosthook-windows-10-hacking

Vulnerabilities discovered in Microsoft PatchGuard kernel protection could allow hackers to plant rootkits on computers running the company’s latest and secure operating system, Windows 10.

Researchers at CyberArk Labs have developed a new attack technique which could allow hackers to completely bypass PatchGuard, and hook a malicious kernel code (rootkits) at the kernel level.

PatchGuard, or (or Kernel Patch Protection) is a software tool that has been designed to forbid the kernel of 64-bit versions of Windows OS from being patched, preventing hackers from running rootkits or executing malicious code at the kernel level.

Dubbed GhostHook, the attack is what the CyberArk Labs researchers call the first attack technique that thwarts the defensive technology to bypass PatchGuard, though it requires a hacker to already be present on a compromised system and running code in the kernel.

So, basically, this is a post-exploitation attack.

“[GhostHook] is neither an elevation nor an exploitation technique. This technique is intended for a post-exploitation scenario where the attacker has control over the asset,” CyberArk researchers said.

“Since malicious kernel code (rootkits) often seeks to establish persistence in unfriendly territory, stealth technology plays a fundamental role.”

Running Rootkit at Kernel-Level in Windows 10

An attack scenario would include using a hacking exploit or malware first to compromise a target machine and then deploy GhostHook to set up a permanent, secret presence on a compromised 64-bit Windows 10 PC.

Once compromised, an attacker can plant a rootkit in the kernel of the compromised machine, which would be completely undetectable to third-party antivirus and security products and invisible to Microsoft’s PatchGuard itself.

ghosthook-windows-10-hacking

CyberArk believes the issue may be extremely difficult for Microsoft to patch, as the technique uses hardware to gain control of critical kernel structures.

GhostHook Exploits Weakness Microsoft’s Implementation of Intel PT

GhostHook attack bypasses PatchGuard by leveraging a weakness in Microsoft’s implementation of a relatively new feature in Intel processors called Intel PT (Processor Trace), specifically at the point where Intel PT talks to the operating system.

Released months after PatchGuard, Intel PT enables security vendors to monitor and trace commands that are executed in the CPU in an attempt to identify exploits, malware or code before they reach the main operating system.

Although this technology can be abused for legitimate purposes, attackers can also take advantage of the “buffer-is-going-full notification mechanism” in order to take control of a thread’s execution.

“How can we achieve that with Intel PT? Allocate an extremely small buffer for the CPU’s PT packets,” the researchers said. “This way, the CPU will quickly run out of buffer space and will jump the PMI handler. The PMI handler is a piece of code controlled by us and will perform the ‘hook.'”

Hooking techniques, which have both harmless (like application security solutions, system utilities, and tools for programming), as well as malicious (like rootkits) purpose, can give hackers control over the way an operating system or a piece of software behaves.

Microsoft in No Mood to Release a Fix, at least Right Now

Microsoft did not consider GhostHook as a serious threat and told the security firm that the company does not think any emergency any patch is needed but may address in a future version of Windows.

“The engineering team has finished their analysis of this report and determined that it requires the attacker already be running kernel code on the system,” said a Microsoft’s spokesperson. “As such, this does not meet the bar for servicing in a security update however it may be addressed in a future version of Windows. As such I have closed this case.”

In response to this report, Microsoft also released a statement, which reads:

“This technique requires that an attacker has already fully compromised the targeted system. We encourage our customers to practice good computing habits online, including exercising caution when clicking on links to web pages, opening unknown files, or accepting file transfers.”

However, CyberArk is disappointed with the company’s response, saying Microsoft should realize that PatchGuard is a kernel component which, in any case, should not be bypassed.

Swati - Hacking News
Technical Writer, Security Blogger and IT Analyst. She is a Technology Enthusiast with a keen eye on the Cyberspace and other tech related developments.

 The Over-Criminalization of American Life

sentinelblog

Source: Charles Hugh Smith via OfTwoMinds blog

The over-criminalization of America has undermined justice, the rule of law and legal egalitarianism.
While the corporate media devotes itself to sports, entertainment, dining out and the latest political kerfuffle, America has become the Over-Criminalization Capital of the World. The proliferation of laws and administrative regulations, federal, state and local, that carry criminal penalties has swollen into the tens of thousands.
The number of incarcerated Americans exceeds 2.3 million, with the majority being non-violent offenders–often for War on Drugs offenses.

Holly Harris has written an important summary of this profoundly destabilizing trend: The Prisoner Dilemma: Ending America’s Incarceration Epidemic (Foreign Affairs, registration required).
The over-criminalization of America is a relatively recent trend. As Harris notes:
It wasn’t always like this. In 1972, for every 100,000 U.S. residents, 161 were incarcerated. By 2015, that rate had more than quadrupled, with nearly…

View original post 858 more words

Matt Taibbi on JPMorgan Chase’s Worst Nightmare: The $9 Billion Witness

sentinelblog

Source: Silver Doctorsby James Hall

“In reality, there is nothing surprising in Matt Taibbi’s latest piece since returning to Rolling Stone from the Intercept, as it tells a story everyone is by now is all too familiar with: a former bank employee (in this case Alayne Fleischmann) who was a worker in a bank’s (in this case JPM) mortgage operations group, where she observed and engaged in what she describes as “massive criminal securities fraud” and who was fired after trying to bring the attention of those above her to said “criminal” activity.
The story doesn’t end there…

View original post 765 more words

One Million Europeans Call For Ban Of Deadly Monsanto Products

Nwo Report

Over one million Europeans have demanded that the EU completely ban Monsanto weedkiller glyphosate over fears that it causes cancer. 

As of Thursday, one million people had signed a petition that asks the EU to withdraw is license of the controversial best-selling herbicide Roundup.

France24.com reports: “In less than five months, more than one million EU citizens have joined our call for a glyphosate ban,” said David Schwartz, coordinator at the European Citizens Initiative, which is behind the petition.

“European citizens aren’t fooled by the pesticide industry’s lobbying efforts or the faulty science it’s peddling,” he added.

The group said it had attained the signature threshold to require a formal response from the European Commission — one million names from at least seven countries — in record time.

“Our politicians need to hear this message loud and clear,” Schwartz added.

The 28-nation EU will formally decide in December whether to…

View original post 121 more words