ICYMI: Microsoft takedown, policing cybercrime & eyes on Tor and Tails

This week's In Case You Missed It (ICYMI) looks at Microsoft's action against cybercriminals, the cyber security skills gap and NSA spying on Tor users.

ICYMI: Microsoft takedown, policing cybercrime & eyes on Tor and Tails
ICYMI: Microsoft takedown, policing cybercrime & eyes on Tor and Tails

Microsoft takedown gets mixed response

Microsoft this week carried out a massive takedown on the US-based No-IP internet service, in a bid to stop cyber-criminals from Kuwait or Algeria infecting millions worldwide with destructive malware.

The action elicited a mixed response from the general public and industry; people criticised the Redmond software giant on Twitter and on forums for inadvertently disrupting millions of websites, but Kaspersky praised the company for not only stopping Mohamed Benabdellah and Naser Al Mutairi from exploiting the Bladabindi and Jenxcus RAT malware families, but also for hitting at least 25 percent of the advanced threat (APT) groups that Kaspersky is currently tracking. 

These APTs included Flame/Miniflame, Turla/Snake/Uroburos, Epic, Cycldek, Shiqiang, Hacking Team RCS customers, Banechant and Ladyoffice.

Microsoft publicly said that the action resulted in a ‘temporary loss of service', but No-IP contested this saying that some its domains were still experiencing outages.

BAE exercise: The truth?

This week's most confusing news story came from BAE Systems which initially reported that it had been involved in an alleged hacking incident against a hedge fund, only to later redact that statement and say instead that this was just a “scenario” used by analysts at the firm.

Paul Henninger, global product director for BAE Systems Applied Intelligence, told CNBC in June that his firm had found and stopped a malicious cyber-intrusion into a hedge fund client, which remains unidentified.

"This particular attack happened at the end of 2013," he said in that interview. "It took a couple of months before the firm itself realised that something was wrong. And then it took about a few weeks for the investigation to get to the point where we made the connection between the network anomalies and the trading anomalies. So the actual resolution of the attack was fairly rapid." 

But a spokesperson later said that the event Henninger had described as a real event had in fact been a “scenario”. On the day that the initial story was posted, BAE stock went up 1.6 percent with trading volume higher than usual.

Henninger has not commented since – and has been working away from the company – leading some to suggest that either an employee mistake or a bodged PR exercise.

Police closes cybercrime skills gap

A lot continues to be written about the cyber security skills gap –we heard a lot about it this week alone. One area where the gap is of particular concern is in law enforcement, who are tasked with bringing cybercriminals to justice – even if they use the darknet and the cloud to hide their identity.

Met Police has had problems in this area, former investigators have said that the same skills are being taught as in 1987, and some agencies in the E.U are still getting their heads around what cybercrime entails. Andy Archibald, head of NCCU, also admitted concern with the ‘very large skills gap' earlier this week.

Good news is coming, though.  Europol – fresh from announcing a strategic partnership with ENISA to fight cyber-crime – is hosting a two-week event to train some 37 officers from 22 countries on cyber-crime. The event is being organised by the Spanish Police Academy in Avila and will teach “prevention, detection and disruption of advanced cybercrime targeting individuals, companies, governments and academia”. It will be followed by a nine-week online training session.

Board pumps cash into cyber security

The Westminster e-Forum event on Tuesday in London offered an excellent insight into the world of cybercrime – and what exactly the UK government must do about it.

Giles Watkins, head of Information Protection at KPMG, began talks saying there has been an “explosion of how information is used in our lives” and that as it becomes more embedded in it, the risks are bigger.

He emphasised the importance of raising awareness on the dangers of this new technological age and says “we're playing catch-up” in this cyber-warfare. He does admit there has been a positive movement in regards to IT protection, saying in 2013, 10 million companies invested in cyber security and this year the figure has risen to 650 million.

Watkins' comments came days before KPMG released an earlier study (of 498 C-level execs) showing that cyber security and data protection rank third in boardroom priorities.

He continued to insist the need for a change of attitude in regards to cyber security as a nation. He quoted the Chinese president, saying that “without cyber security, there is no national security” and explained that “this can't be done in isolation – we need to join up. The UK cannot see itself as an ‘island'. This is a global effort.”

By Nazan Osman

NSA brands Tor and Tails users as ‘terrorists'

New reports suggest that the National Security Agency (NSA) is targeting those who use the Tor (The Onion Router) IP anonymising system, as well as the privacy-focused, Linux-based Tails operating system.

Citing official sources, German public broadcaster ARD said that two Tor servers in Germany were being actively watched by the US surveillance agency, and added that almost anyone searching for – or installing - Tor could be watched.

NSA has reportedly tapped into the traffic of these two directory servers used by Tor, and grabbed IP addresses and physical addresses of the people who visited Tor. This data was said to have been used to build a profile on those IP addresses in terms of their web browsing habits.

Tor was, ironically, originally funded by the NSA. The addresses that the NSA grabbed were monitored via an analysis system it developed called XKeyscore, said ARD. XKeyscore, as first revealed publicly by former CIA contractor Edward Snowden last summer, works by spying on information passing through the few exchanges around the world where data hops from one ISP to another.

This can supposedly allow NSA staff to pick up a person's phone number or email address, view the content of an email and observe full Internet activity, including browsing history – without a warrant.

"XKeyscore is an analytic tool that is used as a part of NSA's lawful foreign signals intelligence collection system," a spokeswoman for the NSA told news site Ars Technica. "Such tools have stringent oversight and compliance mechanisms built in at several levels.

"All of NSA's operations are conducted in strict accordance with the rule of law," she said.

At the same time, the launch of the blocked.org.uk website started testing websites for blocks and found that a number of the leading UK ISPs were blocking access to the Tor network.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US