“There is nothing in the IP data that points to Russia specifically” | Jan 2017

Wordfence Casts Doubt On DHS/FBI Russian Hacking Report

– DailyCaller

 

“Code identified by the Department of Homeland Security and Federal Bureau of Investigation as being used by Russian intelligence services is an outdated malware developed by Ukrainians that can be downloaded online, according to a blog post by the founder of WordFence.

WordFence is a plug-in designed to protect users of WordPress that has been downloaded over 1 million times. The report released last Thursday by the DHS and FBI, titled “Grizzly Steppe,” contains a PHP malware sample which WordFence employees analyzed.

“Our security analysts spend a lot of time analyzing PHP malware, because WordPress is powered by PHP,” the blog post written by WordFence founder and CEO Mark Maunder said in a post Friday. “We used the PHP malware indicator of compromise (IOC) that DHS provided to analyze the attack data that we aggregate to try to find the full malware sample.”

WordFence was able to find the name of the malware and the version. Maunder said it is a malware called “P.A.S. 3.1.0.,” which was available for download on a site that is currently down.

The tech CEO wrote: “The PHP malware sample they have provided appears to be P.A.S. version 3.1.0 which is commonly available and the website that claims to have authored it says they are Ukrainian. It is also several versions behind the most current version of P.A.S which is 4.1.1b. One might reasonably expect Russian intelligence operatives to develop their own tools or at least use current malicious tools from outside sources.”

In a series of FAQs published Monday, Maunder continued to criticize the DHS/FBI report. He said TechFence reviewed IP addresses that the DHS said was behind hacking efforts and found that they “belong to over 380 organizations and many of those organizations are well known website hosting providers from where many attacks originate. There is nothing in the IP data that points to Russia specifically.”

Much of the evidence tying Russia to hacking efforts has been criticized by cyber security experts. One link tying Russia to the leaking of Democratic National Committee emails is that documents leaked by hacker Guccifer 2.0’s were modified by a user named Felix Dzerzhinsky, the man who founded the Soviet secret police.

Cybersecurity expert Jeffrey Carr wrote in a blog post, “OK. Raise your hand if you think that a GRU or FSB officer would add Iron Felix’s name to the metadata of a stolen document before he released it to the world while pretending to be a Romanian hacker.”

….Continue reading @ DailyCaller

 

 

Without a trace: The techniques hackers use to evade capture

– Total Defense  |  Oct 2015

“Bjorn Sundin helped orchestrate a hacking scheme that led to the purchasing of over a million phony pieces of software, costing the victims a collective $100 million. Carlos Perez-Malara assisted in the development of spyware that monitored keystrokes and compiled personal data on unsuspecting targets. Peter Sahruvos was involved in a months-long virus-based attack that generated $2 million. But apart from all being cyber criminals who have benefited richly from their crimes, these three men share something else in common: They’re all still at large. And they’re hardly alone.

Cyber crime is a lucrative business not just because of the potential monetary return, but because it’s too often easy to get away with. Sometimes hackers get caught, but most of the time they don’t. Don’t take our word for it – just ask Kevin Mitnick, a hacking expert who is himself a former fugitive from (cyber) justice. Back in the early 1990s, Mitnick was Public Enemy Number One in the FBI’s cyber crime hunt. But, after getting captured in 1995 and serving five years in prison, he changed his ways and now helps the good guys by offering them the unique perspective of a reformed criminal hacker. Yet as Mitnick pointed out, the cyber criminal landscape has changed significantly since the 1990s – and most of the changes benefit those involved in virtual crime.

“With hacking, it’s much easier to commit the crime and the risk of punishment is slim to none,” Mitnick told The Huffington Post’s Gerry Smith. Plus, he added that hackers today reap the rewards of a more vulnerable digital world. “There’s a lot of information that is now available that could be used to compromise systems and networks that did not exist when I was a hacker.”

In Mitnick’s day, hacking was a solitary activity done out of, as he put it, “intellectual curiosity.” Today, it’s a global criminal practice that’s centered around the one element that ties all organized crime together: easy money. But the added advantage of cyber crime is that it’s carried out remotely, and is therefore a lot easier to get away with typically. And it’s not only that law enforcement officials find the process of catching cyber criminals inherently challenging – it’s that hackers themselves are deploying techniques to remain on the loose.”

….Continue reading @ Total Defense

U.S. Spy Net Snares Congress – Jan 2016