[ISN] Tipsters exposed after South Africa's national police force hacked
http://www.theregister.co.uk/2013/05/23/saps_anon_hack/ By John Leyden The Register 23rd May 2013 The identities of more than 15,000 South Africans who reported crimes or provided tip-offs to the police have been exposed following an attack on a SAPS (South African Police Service) website. The names and personal details of whistleblowers and crime victims were lifted from www.saps.gov.za and uploaded to a bullet-proof hosting site. Names, phone numbers, email addresses and ID numbers of people who thought they had been providing information in confidence and anonymously have been spaffed on the net. The data dump includes information on 15,700 individuals who used the website from 2005, according to eNews Channel Africa, the local news service that broke the story of the leak. Usernames and passwords of around 40 SAPS personnel were also leaked. [...] __ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org
[ISN] 'Anonymous' a little less so, thanks to Israeli hackers
http://www.timesofisrael.com/anonymous-a-little-less-so-thanks-to-israeli-hackers/ By DAVID SHAMAH The Times of Israel May 24, 2013 After April’s largely unsuccessful campaign by Anonymous and Arab hackers, #OpIsrael, to “remove Israel from the Internet,” a second round of hack attacks against Israeli sites, “OpIsrael Reloaded,” is planned for Saturday. The followup campaign seeks to demonstrate that Israel did indeed sustain a great deal of damage and economic loss during the first effort. The campaign has picked up some steam on hacker networks, but is unlikely to be as large as #OpIsrael. There were dozens of YouTube videos “advertising” that campaign with hundreds of thousands of views, while #OpIsraelReloaded showed up just a few times on the site, with only a few thousand views recorded, as of Thursday evening. Nevertheless, system administrators in government and enterprise are redoubling their network defenses to ensure that they weather the coming storm. This time, however, the identities of the Anonymous hackers planning the attack are a little less, well, Anonymous. Born on the eve of the original #OpIsrael in April, a pro-Israel hacker team called the Israel Elite Force has been responding in kind, defacing sites in Arab countries and publishing what it claims are names and passwords for credit card, Facebook, bank and email accounts, and other information that is supposed to be secure. The IEF’s latest gambit seeks to “rip the mask off the hackers attacking Israel,” the group says in a video. A message on a hacker site and in the IEF’s Twitter feed refers web surfers to a web page listing personal details of individuals the group says are key figures in the #OpIsrael hacking operations. The information was gathered, the group said, by hackers in its own organization, and with the help of a joint team of American and Israeli hackers. [...] __ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org
[ISN] Should the U.S. allow companies to ‘hack back’ against foreign cyber spies?
http://www.washingtonpost.com/blogs/worldviews/wp/2013/05/23/should-the-u-s-allow-companies-to-hack-back-against-foreign-cyber-spies/ By Max Fisher The Washington Post May 23, 2013 Foreign hackers do remarkable damage by breaking into American companies, stealing intellectual property worth enormous amounts of money, swiping proprietary secrets for military technology or other uses and, in the case of some recent Chinese attacks, even exposing U.S. counterintelligence efforts. The Obama administration has made clear that it takes the threat seriously and is escalating efforts to stop it. One suggestion increasingly floated in the private sector is to allow companies to “hack back.” Current U.S. law makes it illegal for private firms to launch retaliatory cyberattacks, and the issue is highly controversial. But it’s entering the mainstream. A new report, from a private commission on intellectual property theft chaired by former U.S. ambassador to China Jon Huntsman and former director of national intelligence Dennis Blair, raised the possibility of changing the law to allow for hacking back. While it stopped short of directly advocating such attacks, it did call for a milder, legal form of hacking back and said the United States should consider changing the law if other measures fail. It can be tough to talk about allowing corporations to run their own mini cyberwars because, like hacking itself, no one is exactly sure what sorts of norms will develop and where the technology will lead us. The conversations tend heavily toward the hypothetical. Advocates of “hacking back” point out that criminal and state-run hackers are only getting better, and that because they risk little by attacking purely defensive systems, they will simply persist until they succeed. Opponents warn that such a serious escalation could erode what few cyber-norms already exist, turning the Internet into a battlefield where not just rogue states and freelance criminals, but a lot very rich corporations, are invading privacy, stealing data and otherwise hacking for the specific purpose of doing damage. [...] __ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org
[ISN] US government has no idea how to wage cyberwar: Ranum
http://www.zdnet.com/us-government-has-no-idea-how-to-wage-cyberwar-ranum-715840/ By Michael Lee ZDNet.com May 24, 2013 Military strategies and tactics that may work in the physical world do not have a place in guiding cyberwarfare, and those that attempt to use them demonstrate a key lack of understanding, according to Tenable Security's chief of security Marcus Ranum. Ranum, who spoke at AusCERT 2013 at the Gold Coast, Queensland, on Friday, highlighted several methods that strategists and tacticians use that simply do not work in the online world. The concept of castle defence, for example, is commonly used as a metaphor for firewalls, but many of the strategic reasons that castles were useful in terms of defence don't apply. Perimeter defence has long been dismissed by security experts as ineffective, he said, and the advantages of high ground to see attackers coming from a long way off — tactical surprise — simply don't apply online. The term tactical surprise is completely meaningless in cyberwar, because you will always be surprised. Even if Anonymous says, 'I'm attacking you on Wednesday', they're probably not going to tell you, 'and it's coming from this IP address on this port, why don't you put a block in'. [...] __ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org
[ISN] Iran Hacks Energy Firms, U.S. Says
http://online.wsj.com/article/SB10001424127887323336104578501601108021968.html By SIOBHAN GORMAN and DANNY YADRON The Wall Street Journal May 23, 2013 WASHINGTON -- Iranian-backed hackers have escalated a campaign of cyberassaults against U.S. corporations by launching infiltration and surveillance missions against the computer networks running energy companies, according to current and former U.S. officials. In the latest operations, the Iranian hackers were able to gain access to control-system software that could allow them to manipulate oil or gas pipelines. They proceeded far enough to worry people, one former official said. The developments show that while Chinese hackers pose widespread intellectual-property-theft and espionage concerns, the Iranian assaults have emerged as far more worrisome because of their apparent hostile intent and potential for damage or sabotage. U.S. officials consider this set of Iranian infiltrations to be more alarming than another continuing campaign, also believed to be backed by Tehran, that disrupts bank websites by denial of service strikes. Unlike those, the more recent campaigns actually have broken into computer systems to gain information on the controls running company operations and, through reconnaissance, acquired the means to disrupt or destroy them in the future, the U.S. officials said. [...] __ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org