How Chinese hackers snooped on Indian defence agencies for over 10 years

A Singapore based firm has uncovered a large scale cyber espionage network that is says is linked to the Chinese government. The network has been active for 10 years in the region and targets India in particular by infecting computer systems of key, selected individuals and organisations. Terming it the APT30, Singapore firm FireEye says that the infection is specially targeted at Indian military, aerospace and maritime sector.
What is interesting is that Singapore researches have uncovered the modus operandi of the spying network that uses decoy documents that users would download or read in their emails or online. The decoy documents contain a bug that can transmit data and information from the infection computer system back to servers in China. The bug can even hide in documents and infect secure computers not connected to a network.
The Decoy documents are specially tailored to meet the interests of individuals or organisations to be targeted - these include government agencies, private industry and media groups. Chinese hackers used decoy documents on Indian military movements in the South China sea, papers on the indigenous aircraft carrier under construction in Kochi, incidents on the China border and relations with Nepal to infect key
A sample of the phising documents includes :
A document titled - "India deploys world's largest military transport plane.doc"
Decoy documents on China's relationship with India, specially on military matters.
Documents related to Indian military projects, like the aircraft carrier being built at Kochi
Documents on Indian military activity in the South China Sea
FireEye says Indian firms infected include an aerospace and defense company and a telecommunications firm
Documents also relate to foreign relations in the region, including Bhutan and Nepal.






Read more at:
http://articles.economictimes.indiatimes.com/2015-05-07/news/61902630_1_aircraft-carrier-chinese-hackers-decoy

How to hack a military DRONE!

The research paper turned how-to hacking guide

Esti Peshin, director of cyber programs for Israel Aerospace industries noted that the hacking and downing of a CIA stealth drone by Iranians occurred a month after one such paper was published. In December 2011, a report in the Christian Science Monitor highlighted that Iran navigated an unmanned CIA aerial vehicle safely to the ground by manipulating the aircraft’s GPS coordinates.

The research study from 2011, co-authored by Nils Ole Tippenhauer of ETH Zurich and other ETH and University of California academics, was titled “The Requirements for Successful GPS Spoofing Attacks.” The academics detailed how to mimic GPS signals to fool the GPS receivers on-board the UAV (Unmanned Ariel Vehicle) that aid navigation.

“It’s a PDF file… essentially, a blueprint for hackers,” Peshin said.

Peshin stressed that she does not know whether the CIA drone was hijacked using GPS spoofing or even whether the hacker read the study. Equally, she highlighted just how easily available the publication is online.

“You can Google, just look up ’Tippenhauer’ — it’s the first result in Google. Look up ‘UAV cyberattacks’ — it’s the third one. ‘UAV GPS spoofing attacks’ — the first one,” Peshin said, speaking at the Defensive Cyberspace Operations and Intelligence conference, an Israeli-American summit held in Washington.

In the research study, the academics explained where an attacker must be optimally located to generate fake signals capable of fooling GPS receivers. They also described ways to replace legitimate signals with an attacker’s bogus signals, which renders the target “losing the ability to calculate its position.”

Their intention was not to aid and abet terrorists, but rather to highlight “effect receiver-based countermeasures, which are not implemented yet in current standard GPS receivers,” the researchers noted. Despite this, hackers could have quickly exploited their instructions before defense manufacturers had time to update and fortify satellite-guided vehicles, Peshin said.

“The fact is that we are slower than the bad guys and the bad guys could take this article and render it into a form of an attack,” she said. “One of the things that keeps me up at night is cybersecurity for operational networks, military systems, weapons systems.”

Peshin also pointed to a 2013 NATO risk assessment that set a few alarm bells ringing. “At the end of the article, as if this was not enough, they listed several UAVs and said these are riskier than others by the way,” Peshin said.

She declined to comment on changes (if any), made to drone security after the papers were released.
Impact of the research papers on manufacturers

Clearly, the research papers had the desired effect at the end. The Pentagon is taking measures to protect drones from outside interference. A hacker-proof Boeing Little Bird helicopter drone is scheduled to take flight toward the end of 2017.

DARPA Developing Active AuthenticatiCognitive Fingerprintson with

The Defense Advanced Research Projects Agency (DARPA) is researching new biometrics-based authentication methodologies that take into consideration how a specific user uniquely processes information when they interact with technology.

“The current standard method for validating a user’s identity for authentication on an information system requires humans to do something that is inherently unnatural: create, remember, and manage long, complex passwords. Moreover, as long as the session remains active, typical systems incorporate no mechanisms to verify that the user originally authenticated is the user still in control of the keyboard,” DARPA said.

“Thus unauthorized individuals may improperly obtain extended access to information system resources if a password is compromised or if a user does not exercise adequate vigilance after initially authenticating at the console.”

The Active Authentication program DARPA has initiated will try to mitigate this issue by developing new ways of validating the identity of a user through the use of software based biometrics, one or more intrinsic physical or behavioral traits that can be associated with a specific individual.

“This program focuses on the behavioral traits that can be observed through how we interact with the world,” DARPA explained.

“Just as when you touch something your finger you leave behind a fingerprint, when you interact with technology you do so in a pattern based on how your mind processes information, leaving behind a cognitive fingerprint.”

The agency says that the first phase of the program will focus on researching biometrics that do not require the additional hardware like a fingerprint or retina scanner, but instead focus on unique characteristics that can be captured through current technologies that can map out these unique identifiers through patterns of behavior.

“These could include, for example, how the user handles the mouse and how the user crafts written language in an e-mail or document. A heavy emphasis will be placed on validating any potential new biometrics with empirical tests to ensure they would be effective in large scale deployments,” DARPA said.

Subsequent phases of the program will look at creating an authentication solution that integrates a combination of biometrics to create a better authentication platform that is could be used on a standard a Department of Defense desktop or laptop.

“The combinatorial approach of using multiple modalities for continuous user identification and authentication is expected to deliver a system that is accurate, robust, and transparent to the user’s normal computing experience,” DARPA said.

“The authentication platform will be developed with open Application Programming Interfaces (APIs) to allow the integration of other software or hardware biometrics available in the future from other sources.”

 See more at :  http://blog.norsecorp.com/2015/02/27/darpa-developing-active-authentication-with-cognitive-fingerprints/#prettyPhoto