Mediaboss Marketing

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues.

Your message has been sent.

There was an error emailing this page.

A Russian government-sponsored cyberespionage group has been accused of using a leaked NSA hacking tool in attacks against one Middle Eastern and at least seven European hotels in order to spy on guests.

Why reinvent the wheel, or a hacking tool, when the NSA created such an effective one? The NSAs EternalBlue was leaked online by the Shadow Broker in April. Now the security firm FireEye says it has a moderate confidence that Fancy Bear, or APT28, the hacking group linked to the Russian government and accused of hacking the Democratic National Committee last year, added EternalBlue to its arsenal in order to spy on and to steal credentials from guests at European and Middle Eastern hotels.

In a campaign aimed at the hospitality industry, attackers leveraged a malicious document in spear-phishing emails. The hostile hotel form, which Microsoft Threat Intelligence Center General Manager John Lambert tweeted about in July, appeared to be a hotel reservation document. If macros were allowed to run on the computers used by the hotel employees who opened it, then Fancy Bears Gamefish malware would be installed.

Fancy Bear, according to a report by the security firm FireEye, used novel techniques involving the EternalBlue exploit and the open source tool Responder to spread laterally through networks and likely target travelers. Once inside the network of a hospitality company, APT28 sought out machines that controlled both guest and internal Wi-Fi networks.

The Gamefish malware would download and run EternalBlue to spread to computers which were connected to corporate and guest Wi-Fi networks. After gaining access, Fancy Bear deployed Responder which listens for broadcasts from victim computers attempting to connect to network resources. Responder, FireEye explained, masquerades as the sought-out resource and causes the victim computer to send the username and hashed password to the attacker-controlled machine.

Its definitely a new technique for Fancy Bear, FireEyes cyber espionage researcher Ben Read told Wired. Its a much more passive way to collect on people. You can just sit there and intercept stuff from the Wi-Fi traffic.

While FireEye didnt observe business travelers credentials being stolen via hotel Wi-Fi networks in July, the security firm cited a similar hotel attack by Fancy Bear in 2016.

In the 2016 incident, the victim was compromised after connecting to a hotel Wi-Fi network. Twelve hours after the victim initially connected to the publicly available Wi-Fi network, APT28 logged into the machine with stolen credentials. These 12 hours could have been used to crack a hashed password offline. After successfully accessing the machine, the attacker deployed tools on the machine, spread laterally through the victim's network, and accessed the victim's OWA account. The login originated from a computer on the same subnet, indicating that the attacker machine was physically close to the victim and on the same Wi-Fi network.

The latest hotel attacks, FireEye added, is the first time we have seen APT28 incorporate this exploit [EternalBlue] into their intrusions. While the investigation is still going on, FireEye told Reuters it is moderately confident that Fancy Bear is behind the attacks. We just don't have the smoking gun yet.

The targeted hotels were not named, but were described as the type where valuable guests would stay. FireEye told Wired, These were not super expensive places, but also not the Holiday Inn. Theyre the type of hotel a distinguished visitor would stay in when theyre on corporate travel or diplomatic business.

FireEye wants travelers, such as business and government personnel, to be aware of the threats like having their information and credentials passively collected when connecting to a hotels Wi-Fi. While traveling abroad, high value targets should take extra precautions to secure their systems and data. Publicly accessible Wi-Fi networks present a significant threat and should be avoided whenever possible. Wired suggested the safest approach for travelers is to bring their own hotspot and altogether skip connecting to the hotels Wi-Fi.

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues.

Sponsored Links

See more here:
Russian hackers used NSA's leaked EternalBlue exploit to spy on hotel guests - CSO Online

Print Sunday 13th August, 2017 Accra, Aug. 11, GNA - StarTimes, official Broadcaster of the Ghana Premier League, on Friday, met the leadership of the National Sports Authority (NSA). The StarTimes delegation held fruitful discussion with the Director General of the NSA, Mr. Robert Sarfo Mensah concerning the development of sports in the country. As part of StarTimes' aim of getting involved in promoting all sports in Ghana,

Accra, Aug. 11, GNA - StarTimes, official Broadcaster of the Ghana Premier League, on Friday, met the leadership of the National Sports Authority (NSA).

The StarTimes delegation held fruitful discussion with the Director General of the NSA, Mr. Robert Sarfo Mensah concerning the development of sports in the country.

As part of StarTimes' aim of getting involved in promoting all sports in Ghana, the NSA boss was consulted to partner the dream.

According to the Country Director of StarTimes, Leo Hao, sports must have a new look in Ghana.

"It is our dream to help grow Ghana sports.

"We want a successful collaboration that will see all sports get a better face lift as we are committed to grow sports in all aspects."

Mr. Sarfo Mensah was delighted to meet the StarTimes delegation and confirmed his office's readiness to partner them.

"My office wants to give Ghana sports the best, in terms of development.

"We are actually preparing to host the National Sports Festival, where more talents will be identified and nurtured. "

"I am very glad to have you and am confident that we can together promote Ghana sports," he noted.

GNA

Read this article:
StarTimes pay courtesy call on NSA boss - Ghana News Agency

Sugar Grove, West Virginia was, by the accounts of its residents, a fine place to live until the Pentagon shuttered the sprawling naval base that sustained the town for decades leaving it with a state secret as its sole remaining attraction. A new documentary film by director Elaine McMillion Sheldon, a longtime chronicler of West Virginian life, visitsSugar Grove after the base was decommissioned and being auctionedoff, and traces the abiding shadow of a nearby National Security Agency facility still looming over the town.

The film is embedded above.

Antennae at the NSA listening post, codenamed TIMBERLINE, were built to capture Soviet satellite messages as they bounced off the moon, imbuing a pristine stretch of Appalachia with a sort of cosmic gravity. Residents lived with the knowledge that something was hidden away on a hilltop above the town, even if it was something they could never know. TIMBERLINEs mission has, to say the least, changed in the intervening years, as submarine-laid internet cables have become a greater priority for American spies than foreign satellite communication.

TIMBERLINE remains operational, but the facility, known to locals as the off-limits Upper Base, was never what kept Sugar Grove alive. The towns heart was the sprawling Lower naval base that served as a robust employer and de facto community center until the Sept. 11 attacks, when residents say even the Navy gym and recreational areas theyd always enjoyed were sealed up, like forbidding TIMBERLINE. Sheldons film reveals a parcel of the country thats dealing not just with a faltering economy and collapsed job base hardly unique to Sugar Grove but also with a legacy thats literally unspeakable. One of the only moments the film captures of anyone talking about the NSAs presence in Sugar Grove comes from a General Services Administration auctioneer Kristine Carson in a vacant naval gymnasium. Asked about the Upper Base, Carson notes, with a small smile, Its underground, I understand. Of course I cant speak to that.

Top video: The film is directed and produced by Elaine McMillion Sheldon/Field of Vision.

Read more here:
Film: The Tiny West Virginia Town Haunted by an NSA Secret - The Intercept

WASHINGTON, D.C.The Electronic Frontier Foundation (EFF) asked the Supreme Court to review and overturn an unprecedented ruling allowing the government to intercept, collect, and storewithout a warrantmillions of Americans electronic communications, including emails, texts, phone calls, and online chats.

This warrantless surveillance is conducted by U.S. intelligence agencies under Section 702 of the Foreign Intelligence Surveillance Act. The law is exceedingly broadSection 702 allows the government to conduct surveillance of any foreigner abroadand the law fails to protect the constitutional rights of Americans whose texts or emails are incidentally collected when communicating with those people.

This warrantless surveillance of Americans is unconstitutional and should be struck down.

Yet the U.S. Court of Appeals for the Ninth Circuit, ruling in U.S. v. Mohamud, decided that the Fourth Amendment doesnt apply to Americans whose communications were intercepted incidentally and searched without a warrant. The case centered on Mohammed Mohamud, an American citizen who in 2012 was charged with plotting to bomb a Christmas tree lighting ceremony in Oregon. After he had already been convicted, Mohamud was told for the first time that information used in his prosecution was obtained using Section 702. Further disclosures clarified that the government used the surveillance program known as PRISM, which gives U.S. intelligence agencies access to communications in the possession of Internet service providers such as Google, Yahoo, or Facebook, to obtain the emails at issue in the case. Mohamud sought to suppress evidence gathered through the warrantless spying, arguing that Section 702 was unconstitutional.

In a dangerous and unprecedented ruling, the Ninth Circuit upheld the warrantless search and seizure of Mohamuds emails. EFF, the Center for Democracy & Technology, and New Americas Open Technology Institute filed a petition today asking the Supreme Court to review that decision.

The ruling provides an end-run around the Fourth Amendment, converting sweeping warrantless surveillance directed at foreigners into a tool for spying on Americans, said EFF Senior Staff Attorney Mark Rumold. Section 702 is unlike any surveillance law in our countrys history, it is unconstitutional, and the Supreme Court should take this case to put a stop to this surveillance.

Section 702, which is set to expire in December unless Congress reauthorizes it, provides the government with broad authority to collect, retain, and search Americans international communications, even if they dont contain any foreign intelligence or evidence of a crime.

We urge the Supreme Court to review this case and Section 702, which subjects Americans to warrantless surveillance on an unknown scale, said EFF Staff Attorney Andrew Crocker. We have long advocated for reining in NSA mass surveillance, and the incidental collection of Americans private communications under Section 702 should be held unconstitutional once and for all.

For the petition: https://www.eff.org/document/mohamud-eff-cert-petition

For more on Section 702: https://www.eff.org/document/702-one-pager-adv

For more on NSA spying:https://www.eff.org/nsa-spying

See the rest here:
EFF Urges Supreme Court to Take On Unconstitutional NSA Surveillance, Reverse Dangerous Ruling That Allows ... - EFF

Enlarge / Part of a booby-trapped Microsoft Word document that was sent to multiple hotels. Once infected, computers would attempt to compromise other computers connected to the same network.

FireEye

A Russian government-sponsored group accused of hacking the Democratic National Committee last year has likely been infecting other targets of interest with the help of a potent Windows exploit developed by, and later stolen from, the National Security Agency, researchers said Friday.

Now, researchers at security firm FireEye say they're moderately confident the Russian hacking group known as Fancy Bear, APT 28, and other names has also used Eternal Blue, this time in a campaign that targeted people of interest as they connected to hotel Wi-Fi networks. In July, the campaign started using Eternal Blue to spread from computer to computer inside various staff and guest networks, company researchers Lindsay Smith and Ben Read wrote in a blog post. While the researchers didn't directly observe those attacks being used to infect guest computers connected to the network, they said a related campaign from last year used the control of hotel Wi-Fi services to obtain login credentials from guest devices.

In the earlier attack, the APT 28 members used a hacking tool dubbed Responder to monitor and falsify NetBIOS communications passed over the infected networks.

"Responder masquerades as the sought-out resource and causes the victim computer to send the username and hashed password to the attacker-controlled machine," the FireEye researchers wrote. "APT 28 used this technique to steal usernames and hashed passwords that allowed escalation of privileges in the victim network." The researchers continued:

In the 2016 incident, the victim was compromised after connecting to a hotel Wi-Fi network. Twelve hours after the victim initially connected to the publicly available Wi-Fi network, APT28 logged into the machine with stolen credentials. These 12 hours could have been used to crack a hashed password offline. After successfully accessing the machine, the attacker deployed tools on the machine, spread laterally through the victim's network, and accessed the victim's OWA account. The login originated from a computer on the same subnet, indicating that the attacker machine was physically close to the victim and on the same Wi-Fi network.

We cannot confirm how the initial credentials were stolen in the 2016 incident; however, later in the intrusion, Responder was deployed. Since this tool allows an attacker to sniff passwords from network traffic, it could have been used on the hotel Wi-Fi network to obtain a users credentials.

The attack observed in July used a modified version of Eternal Blue that was created using the Python programming language and later made publicly available, Fire Eye researchers said in an e-mail. The Python implementation was then compiled into an executable file using the publicly available py2exe tool.

Fancy Bear used a spear phishing campaign to distribute a booby-trapped Microsoft Word document to several unnamed hotels, FireEye said. When the document was opened on computers that allowed Word macros to execute, the machines were infected by Fancy Bear malware known as Gamefish. Once a computer was infected, it attempted to infect other computers connected to the same Wi-Fi network.

See more here:
Russian group that hacked DNC used NSA attack code in attack on hotels - Ars Technica