UN to act over US hacking claims

The United Nations is to contact the United States about reports that America's National Security Agency (NSA) hacked the world body's internal communications.

 

The UN emphasised that international treaties protected its offices and all diplomatic missions from interference, spying and eavesdropping.
Its spokesman Farhan Haq said the UN would "reach out" to US officials about the reports of eavesdropping, as it has in the past when such allegations have been raised.
Mr Haq added that "the inviolability of diplomatic missions, including the United Nations and other international organisations, whose functions are protected by the relevant international conventions like the Vienna Convention, has been well-established international law."
The German magazine Der Spiegel reported that documents it obtained from American leaker Edward Snowden showed the NSA secretly monitored the UN's internal video conferencing system by decrypting it last year.
Der Spiegel also said the NSA installed bugs in the European Union's office building in Washington and infiltrated the EU's computer network.
The 1961 Vienna Convention regulates diplomatic issues and status among nations and international organisations. Among other things, it says a host country cannot search diplomatic premises or seize its documents or property. It also says the host government must permit and protect free communication between the diplomats of the mission and their home country.
But wiretapping and eavesdropping have been rampant for decades, most dramatically between the United States and the Soviet Union during the Cold War.

 

Fake Salman Khurshid account tweets on Syria cause flutter

New Delhi: Amid reports of an impending Western military strike on Syria over the alleged use of chemical weapons, a fake Twitter account of External Affairs Minister Salman Khurshid caused a flutter Wednesday, saying India was in touch with Britain and US over the crisis.

The government complained to the San Francisco-headquartered company and the fake account was blocked within hours.

The imposter Twitter handle 'Salman Khurshid @IndiaMEA' complete with a picture of the external affairs minister, had the posts: "US SECRETARY OF STATE INFORMS OUR GOVERNMENT THAT AN ATTACK ON SYRIA WILL STARTS WITHING 48 HOURS".

Another one went:" Phone talks with British FM W.Hague. Intervention against Syria to start tonight. India expressed concerns."

Its first post went" "This is my official account on Twitter. Welcome! S. Khurshid, Minister of Ext. Relations, India." It also claimed the minister has spoken to the Russian foreign minister on the Syrian crisis.

Soon the Twitter account of India's external affairs ministry spokesperson Syed Akbaruddin was flooded with queries asking if the news was true.

@AkbarMEA, the Twitter handle of the official spokesperson, replied to all queries saying: "The handle @IndiaMEA is a fake one masquerading as Minister Khurshid's account. He does not have a Twitter handle." And "@IndiaMEA is a fake account and has been reported to @Twitter."

Within a few hours, the imposter handle was blocked with the message "Sorry! That page does not exist!"

The fake posting caused All India Majlis-E-Ittehadul Muslimeen chief and Hyderabad MP Asaduddin Owaisi, with Twitter account @asadowaisi, to ask @Akbar MEA: "sir I am sure the GOI is keeping an eye on Syrian crisis as more than 5 million Indians work in that region."

A discerning Twitter account posted: "Seems improbable that India's foreign minister wd spill military secrets divulged in a private phone call on Twitter".

How Twitter Dodged Website Attack That Took Down New York Times

 

Chalk one up for Twitter Inc.

While the New York Times and Google Inc. (GOOG:US) had visitors to their sites redirected this week by hackers, the microblogging service was better able to deflect attacks because of a simple tool called a registry lock. Like alerts sent to credit-card users when something bad happens, the feature notifies website managers of attempts by intruders to tamper with critical information, such as Web-address data.
The cost? As little as $50 a year.

STORY: How Syrian Hackers Found the New York Times's Australian Weak Spot

Large banks, e-commerce companies, gambling sites and pornographers have used registry locks from VeriSign Inc. (VRSN:US) and NeuStar Inc. (NSR:US) to prevent unauthorized changes. Attacks by the Syrian Electronic Army routed New York Times readers to a site that displayed the group’s initials and altered some registration data. They underscore how vulnerable many companies are to relatively unsophisticated attacks, which can take down sites and harm their businesses.
“This is certainly an ah-ha moment,” said Rodney Joffe, a senior technologist at NeuStar. The Sterling, Virginia-based company began offering registry locks in 2010 and requires that website domain information be accompanied by two layers of verification, such as additional codes from security tokens.
“It is a niche business but there’s no reason for it to be,” he said. “It’s the kind of thing you have to do today.”

VIDEO: Anatomy of a Hack: How the NY Times Was Hit

While Twitter’s site operated normally, twitter.co.uk was inaccessible for some users. The Syrian Electronic Army, which backs the country’s president, Bashar al-Assad, claimed responsibility for the New York Times and Twitter intrusions, as well as the Washington Post this month and the Financial Times in early May. Unknown hackers altered Google’s website in the Palestinian territories, displaying a map without Israel.

Raising Bar

The attacks exploited weaknesses in a registration network called the Domain Name System, exposing risks that site operators face because they’re relying on third parties to handle their online addresses. Weaknesses in DNS, which was created in the 1980s to help computers find websites using names instead of numbers, haven’t been seen as a significant threat outside of the financial-services and retail sectors up to now, according to John Pescatore, director of emerging-security trends at the SANS Institute in Stamford, Connecticut.
“There are still a lot of sloppy practices,” Pescatore said. “There’s a lot of room to raise the bar.”

BLOG: Twitter Is Out to Destroy Obamacare

Because Twitter, based in San Francisco, monitors its DNS information in real time and had implemented a registry lock, it was better prepared than the New York Times, according to HD Moore, chief research officer at Rapid7, a Boston-based security firm. Since the attacks, many other companies have moved to institute similar safeguards, he said.

DNS Flaw

Twitter has had its DNS records hacked before. The company acknowledged in 2009 that its DNS records were compromised by hackers who defaced the site with a message about Iran. Jim Prosser, a spokesman for Twitter, declined to comment on the company’s security measures.
A vast system that underpins how computers locate each other, DNS is often called the phone book of the Internet. In 2008, Dan Kaminsky, a security researcher, uncovered a flaw in the system that would let hackers easily impersonate legitimate sites. He worked with technology companies to fix it. The finding prompted several companies that process financial transactions online to adopt additional security measures to ensure their domain information is secure, while others stayed on the sidelines, according to SANS’s Pescatore.

STORY: New York Times: We’ve Been Hacked

Security Steps

NeuStar and VeriSign, another provider of registry lock services, declined to identify the companies using its registry lock services. Danny McPherson, chief security officer of VeriSign, said in a statement that the technology gives customers more control over who can change information.
Eileen Murphy, a spokeswoman for the New York Times (NYT:US) Co., said the newspaper is looking at additional measures.
“In light of this attack and the apparent vulnerability even at what had been highly secure registrars, we are tightening all of our security,” she said.

STORY: Twitter to Advertisers: You Really Need Us

Jay Nancarrow a spokesman for Google, declined to comment on the company’s security. The company’s Palestine site itself wasn’t hacked and Google is talking with the domain manager to resolve the issue, he said.
One complication of hosting sites with addresses of specific countries or regions is that many of the registration providers don’t use registry locks and other protective steps, said Paco Hope, a principal consultant with Cigital Inc.
“When you’re a company like the New York Times or Twitter or Google, your stock in trade is the Internet, it’s the service you offer, and that’s why it makes sense to put in a lot more security,” Hope said.

The rise in sophisticated hacking attacks is helping fuel a market for computer-security technology that is expected to exceed $65.7 billion this year, according to Gartner Inc.

Many companies that didn’t prioritize a threat involving their DNS records are now rethinking that approach, SANS’s Pescatore said.

“It’s one of several Achilles’ heels of using the Internet,

Lack of Details on China Hacking Claim Puzzles Analysts

A netizen in Leping, Jiangxi province uses a smartphone to browse the China Internet Network Information Center (CNNIC) website, July 17, 2013.

ImagineChina

A recent cyberattack on China's country-level .cn domain may not be all that it seems, computer experts said this week.

Beijing's China Internet Network Information Center (CNNIC), which maintains the registry for the top-level domain, announced this week that it was crippled by two distributed denial of service (DDoS) attacks on websites using the .cn suffix in the early hours of Sunday morning.

The first started around midnight Beijing time, and service was restored by around 2:00 p.m. local time, CNNIC said in a statement.

The second, which hit at around 4:00 p.m. local time, was the largest ever DDoS attack to hit China's Internet.

Many websites were rendered completely inaccessible or extremely slow to load for an unspecified period of time, it said.

Beijing's Ministry of Industry and Information Technology, which oversees CNNIC, has launched "specific contingency plans" to protect national domain name resolution services.

But no details of the attack or the contingency plans were made public, leading cybersecurity experts to question the point of the announcement.

Call for details

Rutgers University computer scientist Zhou Shiyu called on Beijing to make detailed information about the attack public.

"The problem is that there's no evidence that indicates whether this attack came from within China or from overseas," Zhou said. "They must explain this clearly."

"All we know is that [DDoS] attacks are the commonest method of attack," he said.

He added that China was no stranger to carrying out large-scale cyberattacks itself.

"The Chinese government has spent huge amounts of money and resources on developing its ability to carry out online attacks," he said.

Smokescreen attack?

Meanwhile, U.S.-based Internet security analyst Li Hongkuan said the likelihood of Chinese government-backed attacks against the .cn domain existed, but wasn't large.

Beijing could even have staged the attacks as a smokescreen, given that its standard response to allegations of government-backed cyberattacks overseas is that it, too, is the target of such attacks.

"It's quite possible that the Chinese government is a thief crying 'thief,' or that it's bluffing," Li said.

"It's also possible that these attacks came from hackers within China who are critical of the government."

For the time being, CNNIC has apologized for the disruption promised that more details will be made public as soon as they are discovered.

Mandiant

China has rejected claims that its People's Liberation Army (PLA) was behind a series of hacker attacks on U.S. corporate networks described in February report by the security firm Mandiant.

Beijing's Ministry of National Defense denied claims made in a 74-page report by U.S.-based Mandiant which said it had traced a large number of transnational cyberattacks to IP addresses assigned to a building it said belonged to the PLA in Shanghai.

Mandiant said the building was the home of the PLA's cyberespionage "Unit 61398," which it said had stolen data, including intellectual property, from at least 141 companies since 2006.

Mandiant's report said it was "highly unlikely" the Chinese government was unaware of the hacking attacks, and was possibly supporting the cyberespionage.

New York Times

In the same month, The New York Times newspaper accused hackers traced to China of "persistently" infiltrating its computer networks over the last four months, also sparking an angry denial from Beijing.

The paper had hired a team of computer security experts to trace the attacks and block any back doors through which they were gaining access to the system, it said.

Cybersecurity experts said the report should be taken in the context of widespread cyberespionage carried out by a large number of countries.

Expect more Web hacking if U.S. strikes Syria: cybersecurity expert

WASHINGTON — The Syrian hacker group that has taken credit for causing outages on the websites of the New York Times and other news organizations probably will increase its activity if the U.S. launches military strikes on the Middle Eastern nation, a cybersecurity expert said Wednesday.
The Syrian Electronic Army wants to keep people from reading what it views as negative information about the regime of President Bashar Assad, which it supports, said Adam Meyers, vice president of intelligence for CrowdStrike, an Internet security firm in Irvine.
The group does so by launching hacking attacks on news and social media sites.
"They’re gearing up to continue the campaign, and if the hammer starts to come down on the current regime, they’re going to start desperately trying to provide positive messaging and negatively impact those speaking badly about the regime," Meyers said.
PHOTOS: Biggest tech flops of 2013 -- so far
In the attack on the New York Times website, which was down for large parts of Tuesday and into Wednesday, the Syrian Electronic Army used a tactic known as "spear phishing" to get access to the user name and password of a sales partner at an Australian Internet company.
The firm, MelbourneIT, allows website owners to buy Internet addresses and the hackers were able to prevent computers from accessing the New York Times website. The news organization redirected readers to a bare-bones alternate site Wednesday.
Twitter, the Huffington Post and other news organizations also were affected by the attack Wednesday and in recent weeks.
"We placed twitter in darkness as a sign of respect for all the dead #Syria-ns due to the lies tweeted it," the Syrian Electronic Army said on its Twitter account Tuesday, one of several tweets referencing the hacking attacks.
This summer, CrowdStrike detected activity by the Syrian Electronic Army aimed at the Los Angeles Times, Meyers said. The group used a Facebook page that has since been taken down to post a flood of comments on articles about Syria to raise doubts about their credibility, he said.
"Their big initiative is to impact dialogue and change messaging to have a pro-Syrian slant to it," Meyers said. "Anything they can do to put up a pro-Syrian slant...or negatively impact an anti-Syrian slant, they do."
The Tribune Co. had no comment, said spokesman Gary Weitman.
Peter Boogaard, a spokesman for the Department of Homeland Security, would not comment on whether the government was monitoring the hacking attacks.
He said the agency's U.S. Computer Emergency Readiness Team "provides response, support and defense against cyberattacks when requested."

Times site affected by hacking attack

New York: The New York Times website was unavailable to readers on Tuesday afternoon after an online attack on the company's domain name registrar, Melbourne IT. The attack also forced employees of The Times to take care in sending emails.

Marc Frons, chief information officer for The New York Times Co., issued a statement at 4:20 p.m. warning employees that the disruption - which appeared to still be affecting the website well into the evening - was "the result of a malicious external attack." He advised employees to "be careful when sending email communications until this situation is resolved."

In an interview, Frons said the attack was carried out by a group known as "the Syrian Electronic Army, or someone trying very hard to be them."

The website first went down after 3 p.m.; once service was restored, the hackers quickly disrupted the site again. Shortly after 6 p.m., Frons said that "we believe that we are on the road to fixing the problem."

The Syrian Electronic Army is made up of hackers who support President Bashar Assad of Syria. Matt Johansen, head of the Threat Research Center at White Hat Security, posted on Twitter that he was directed to a Syrian Web domain when he tried to access The Times' website.

The SEA first emerged in May 2011, during the first Syrian uprisings, when they started attacking a wide array of media outlets and nonprofits and spamming popular Facebook pages like President Barack Obama's and Oprah Winfrey's with pro-Assad comments. Their goal, they said, was to offer a pro-government counter narrative to media coverage of Syria.

The group has consistently denied ties to the Assad government and has said it does not target Syrian dissidents, but security researchers and Syrian rebels are not convinced. They say the group is the outward-facing campaign of a much quieter surveillance campaign targeting Syrian dissidents and are quick to point out that Assad once referred to the SEA as "a real army in a virtual reality."

Until now, The Times has been spared from being hacked by the SEA, which has successfully disrupted the Web operations of news organizations including The Financial Times.

On Aug. 15, the group attacked The Washington Post's website through a third-party service provided by a company called Outbrain. At the time, the SEA also tried to hack CNN. Some information security experts said the group also appeared to be ready to attack The New York Times website that day. (Just a day earlier, on Aug. 14, The Times' website was down for several hours. The Times cited technical problems and said there was no indication the site was hacked.)

In a post on Twitter on Tuesday afternoon, the SEA also said it had hacked the administrative contact information for Twitter's domain name registry records. According to the Whois.com lookup service, the Syrian Electronic Army was listed on the entries for Twitter's administrative name, technical name and email address.

Jim Prosser, a Twitter spokesman, said the social network was "looking into" the Syrian Electronic Army's claim that it had taken control of a Twitter domain.

Frons said the attacks Tuesday on Twitter and The New York Times required significantly more skill than the string of SEA attacks on media outlets earlier this year, when the group attacked Twitter accounts for dozens of outlets ranging from The Guardian to The Associated Press. Those attacks caused the stock market to plunge after the group planted false tales of explosions at the White House.

"In terms of the sophistication of the attack, this is a big deal," said Frons. "It's sort of like breaking into the local savings and loan versus breaking into Fort Knox. A domain registrar should have extremely tight security because they are holding the security to hundreds if not thousands of websites."

© 2013, The New York Times News Service