Google data breach, Company’s Surveillance Database hacked

Chinese hackers who breached Google in 2010 are responsible for the recent violation to Google Company’s Surveillance Database according officials revelations.

Google data breach is reality and Google Company’s Surveillance Database has been violated by the same hackers who breached Google’network in 2010, the attackers have obtained the access to the company’s tracking system for management of surveillance requests from law enforcement.
The news has been published by the Washington Post and confirmed the voices on the Google data breach.
The database hacked is used by Google company to archive the court orders submitted by law enforcement who are investigating on a user’s profile, but the repository also includes classified Foreign Intelligence Surveillance Act (FISA) orders that are used in foreign intelligence surveillance investigations.
FISA is a US law which outlines practices for the physical and electronic surveillance and “collection of “foreign intelligence information” between “foreign powers” and “agents of foreign powers”, “the sections of FISA authorizing electronic surveillance and physical searches without a court order specifically exclude their application to groups engaged in international terrorism. “
The Google’s database contained precious information on surveillance activities conducted during the last years, it’s clear the purpose of the attack, it was arranged to gather information on law enforcement and intelligence agency’s investigation on Chinese intelligence operatives in the US, a former US official confirmed to the Washington Post it:

“Knowing that you were subjects of an investigation allows them to take steps to destroy information, get people out of the country,” 

The Post states:

“The breach appears to have been aimed at unearthing the identities of Chinese intelligence operatives in the United States who may have been under surveillance by American law enforcement agencies.”

In 2010 numerous companies were hacked by Chinese hackers, including Adobe and many other financial institutions and defense contractors, with a series of sophisticated cyber attacks. The attackers stolen from Google source code and also tried to access to the Gmail accounts of Tibetan activists.
The hackers that targeted Google in December also hit 33 other companies using a zero-day vulnerability in Adobe Reader to deliver malware to the victims and steal  source-code management systems to obtain the access to company source code as well as to modify it to make customers who use the application vulnerable to attack.
The Google data breach was originated in China, Secretary of State Hillary Clinton publicly condemned the intrusion requesting for the Chinese Government to give information on the attack.
Google hasn’t confirmed the impairment of its systems for processing law enforcement surveillance requests, but announced to stop collaborating with Chinese authorities for censoring Google search results in that country.

Google isn’t unique victims of this new wave of attacks, last month, a senior Microsoft official denounced that Chinese hackers had targeted the company’s systems having the same function of Google Surveillance DB about the same time that Google’s was breached.

“What we found was the attackers were actually looking for the accounts that we had lawful wiretap orders on,” David W. Aucsmith, senior director of Microsoft’s Institute for Advanced Technology in Governments, said at a conference near Washington, according to a recording of his remarks. “If you think about this, this is brilliant counterintelligence,” he said in the address, which was first reported by the online magazine CIO.com. “You have two choices: If you want to find out if your agents, if you will, have been discovered, you can try to break into the FBI to find out that way. Presumably that’s difficult. Or you can break into the people that the courts have served paper on and see if you can find it that way. That’s essentially what we think they were trolling for, at least in our case.”

According the Washington Post,  Justice Department faced with Google resistance to show evidence of the attacks providing full access to internal logs and to authorize a further forensic investigation of the breach … It is still unclear what Google provided to the investigators.
Michael M. DuBose, former chief of the Justice Department’s Computer Crime and Intellectual Property Section, commented the attacks defining them a wake-up call for the government that the overall security and effectiveness of lawful interception and undercover operations is dependent in large part on security standards in the private sector.

“Those,”  “clearly need strengthening.” DuBose said,

The incidents raise once again the need to share information on cyber attacks and data breaches, incidents like these are clear indications of ongoing sophisticated intelligence operations.

New proof-of-concept malware demonstrates virus for OS X

Security researchers have found a proof-of-concept attack that appears to be the first true viral malware approach for compromising OS X.
The malware is called "Clampzok.A" and is a cross-platform malware package that alters the binary files on an affected system so when executed, the binary will infect neighboring binary files.
The malware is written in assembly code, and was originally released in 2006 for Windows and Linux systems, but was recently updated to affect 32-bit Mach-O binary files in OS X machines.
Unlike Trojan horses, spyware, and adware that hide in one location on the system and persistently run to steal information or otherwise be a nuisance, viral malware attempts to spread itself around the system. Of these, a form known as a worm will try to replicate itself, but does not infect otherwise healthy files. The classic virus, by contrast, will inject itself into the compiled code of an executable or into the structure of a file, modifying it significantly so that when the file is read, the virus is executed and further injects itself around the system, wreaking havoc on the system's ability to function.
This latest malware shows promise to do just that.
When infected, the virus will modify the __PAGEZERO segment of a healthy binary so it holds the virus code. With other modifications to this segment the virus enables both read and execution ability on this code. Next, the virus alters the command "LC_UNIXTHREAD" in the binary so it points to the location of the virus instead of the desired execution point of the binary file.
When the binary is then executed, the virus code will run and search for additional 32-bit binary files in the same environment as the infected one, and attempt the injection on them. The malware tries to target the BSD tools and other programs stored in the /bin and /usr/bin directories on OS X systems.
In this manner, if one executes simple terminal commands on an affected system, then other terminal tools could get infected.
This development marks one of the first such viral attacks that can affect the OS X platform; however, it does have its limitations, both in current function and in its ability to hide. For one, the attack only works on 32-bit Mach-O binary files. While there are still plenty of 32-bit programs for OS X, recent versions are migrating to 64-bit code.
In addition, if a system is infected with malware that uses this mode of attack, then it will be easily detectable since a scanner simply needs to check for the read and execute ability on the __PAGEZERO segment of the binary. If this exists, then the binary has been compromised and can be easily quarantined or otherwise flagged. Furthermore, this attack will break code-signed programs, so any that have a valid signature (i.e.those from the Mac App Store) will no longer work if infected.
Overall, while this development does outline a true viral attack on OS X, it is just a proof of concept effort, meaning it is not used in any known malware on OS X. Additionally, it is so far quite limited in scope, and easy to detect. Does this mean you need to lock down your system? Not at all. However, it may be wise to simply be mindful that malware efforts are ongoing for the Mac platform, and among the various Trojan horse attempts, even viral breakthroughs are occurring.

FUD in Information Security Employment

---

Security people sure have it good. The United States Bureau of Labor Statistics tells us that in 2012, self-described information security professionals experienced 0.9% unemployment – a sliver of the roughly 8% national average. The Bureau projects 22% job growth in InfoSec by 2020. Granted, even the BLS admits their numbers aren’t to be taken as gospel, but that’s only because they couldn’t find enough security professionals for a representative sample size. The Pentagon alone plans to add about 4,000 employees to the Defense Department’s Cyber Command. For organizations in the private sector, recruitment of security talent has become such a priority it’s a full-time job. I should know. With this kind of demand for their skills, you’d think security professionals could simply waltz into any company they like, find perfect jobs ideally matching their backgrounds, and write their own checks.
However, a serious disconnect exists between the desperate need for security talent and the hiring behaviors of many organizations. Human resources departments still release job descriptions with little or no information about the actual day-to-day work to be performed. The titles aren’t much better, when a “security analyst” can be anything from a DLP implementation engineer to an application penetration tester. Understaffed and over-utilized hiring managers don’t have time to conduct searches themselves, but routinely express dissatisfaction with the quality of candidate their corporate recruiters find. And it figures: HR isn’t incented to know about ethical hacking, risk assessments or malware reversing, or how to tell the difference between a keyword-rich résumé and the best technical and cultural fit for their security organization.
This disconnect creates fear, uncertainty and doubt, or FUD, on the part of both talent-hungry organizations and those elite individuals who command the best information security jobs. Companies know they must attract security experts; candidates know their skills are in high demand. And yet InfoSec hiring has become a problem of distribution, like world oil supply or food to the needy: the resources are there, but because of FUD, they’re not being intelligently routed to the places they’re needed. Companies fear the risk they assume in remaining short of security staff (and they should), but they’re uncertain about how to better attract talent and doubt they’ll be able to do so. Candidates fear (and loathe) calls from recruiters who don’t understand what they do; vague, incomprehensible and sometimes impossible job postings make them uncertain as to whether to pursue new opportunities, so when they find a role where they’re relatively happy, they doubt they’ll want to leave anytime soon. The process stagnates and the demand isn’t supplied.
Don’t succumb to FUD in your job search or hiring process. If you’re a candidate for a new role, work with recruiters and hiring managers at organizations that duly value candidate experience and finding the ideal match for the job – not just anyone with the right acronym on her résumé. If you’re looking to hire security talent, prioritize best practices in InfoSec hiring. Certainly be aware that you have to move fast, that you’re competing with literally every major organization for talent, and that you cannot afford to treat security talent as a “nice to have” competency in your company. Then realize that streamlining and clarifying your recruitment process will only help you in reducing time-to-hire for the security experts you need. Take a deep breath, smile, and cut the FUD.