The internet security firm Comodo Group said it had been victim to a hacker attack that appeared to have been part of a larger scheme to eavesdrop on encrypted e-mail and chat communications that may have been sponsored by Iran.
Comodo, a digital certificate authority and security software maker, said on Wednesday that it unwittingly issued fraudulent digital certificates for Web sites operated by Google, Yahoo, Microsoft, Skype and Mozilla. Digital certificates are used to vouch for the authenticity of a site owner and facilitate encrypted communications between sites and their users. Comodo revoked all of the certificates immediately upon discovery of the incident and notified the site owners, the major browser makers and relevant government authorities, it said.
The firm described the attack as well-planned and deployed with âclinical accuracyâ from computers located mainly in Iran, though it pointed out in a company blog post that those computers could have been used to âlay a false trail.â But it said that the characteristics of the attack, and the fact that Iran has sought to penetrate online communication services in the past, led it to âone conclusion onlyâ â that the attack was likely to be âstate-driven.â
The Iranian government, like others in the Middle East facing opposition movements leveraging the Internet to organize protests and press for democratic change, has aggressively sought to restrict and monitor Internet access by its citizens.
With the certificates, a hacker would be able to set up server computers that would appear to work for the targeted Web sites. A government that controls Internet traffic inside its country would be able to use such a server to gain access to encrypted e-mail and chat conversations and collect user names and passwords for individualsâ accounts, said Mikko H. Hypponen, chief research officer at the security firm F-Secure, in a blog post.
Even without a grip on Internet traffic, a hacker could lure dissidents or other Web users to the rogue server and then intercept their communications and account details, said Roel Schouwenberg, a senior researcher at the security firm Kaspersky. âYou can âownâ a target without having to compromise anything at the targetâs end,â he said. âIt might not be easier, but it might be âcleaner.ââ
The fraudulent certificate for Mozilla, which was for its Firefox add-on site, might have allowed the attacker, posing as Mozilla, to install malware on targeted PCs or to block the installation of Firefox extensions that help users bypass government-imposed censorship filters, Mr. Hypponen said.
âEverything points to this being an intelligence operation,â Mr. Schouwenberg said, noting that theft of certificates has become a favored tactic among governments.
The Stuxnet worm that targeted Iranian nuclear installations last year also made use of stolen certificates, though those certificates were stolen from hardware companies who owned and used them to âsignâ their products, not the certificate authorities that issued them.
In this recent attack, Comodo, one of several companies with the authority to issue digital certificates to Web sites, said one of its partners in Southern Europe, a so-called registration authority, which acts as an intermediary between it and some Web-site customers, suffered a security breach on March 15. That breach allowed the hacker to set up a bogus account and quickly prompt Comodo to generate the nine certificates.
News of the breach led to calls for increased scrutiny of the entire certificate system.
âThis should serve as a wake up call to the Internet,â wrote Jacob Appelbaum in a blog post for Tor Project, a nonprofit group that makes free software that dissidents, journalists and other privacy-conscious people use to surf the Web anonymously and defeat online monitoring. âWe need to research, build, and share new methods for ensuring trust, identity, authenticity, and confidentiality on the Internet,â he wrote.
Comodo said it has evidence that the hacker tried to use one bogus certificate for Yahoo, but no evidence of use for the other companies singled out. Yahoo said it was aware of the incident and âwill continue to monitor this closely.â
Skype also said it was monitoring the situation and had taken steps to mitigate an attack on its service. âWe do not expect any issues as a result,â Skype added in a statement.
Google said it had not detected any use of fraudulent Google certificates.
The major browser makers have all issued updates for their software to block the bogus certificates. Google pushed out an update to users of its Chrome browser on March 17. Mozilla said in a blog post Tuesday that it issued an update to its Firefox browser and urged users to download it. Microsoft did the same on Wednesday.
When Marcone Supply bought a competitor last year, it looked
like the sort of low-risk deal that happens all the time in
unglamorous industries like appliance parts.
Marcone, a 79-year-old parts distributor in Creve Coeur, was
already No. 1 in its industry. Several previous acquisitions had
extended its geographic reach, and buying Buffalo-based AP Wagner
would solidify its position in the Northeast.
A few months after the deal closed, however, Marcone noticed
that many of Wagner’s best customers were no longer placing orders.
A few months after that, Marcone filed a lawsuit accusing two
former employees and a competing company, Detroit-based 1st Source
Servall, of corporate espionage.
The trouble, Marcone Vice President David Ganz says, is that the
list contains much more than names and addresses. It had data on
past orders, pricing and credit history.
Somebody with access to that data could quickly set up a
competing operation and grab Marcone’s best customers. And that,
the lawsuit alleges, is just what Servall did.
The Detroit company, which didn’t have much presence in the
Northeast before, hired Karl Rosenhahn and Mark Creighton, the two
former Wagner executives who are co-defendants in Marcone’s suit.
After they began using the list, Ganz says, Marcone identified 640
customers whose orders dried up. The loss of sales, he says,
amounted to $12 million last year.
Marcone’s suit doesn’t specify a damage amount, and no trial
date has been set. New York Justice John Michalek did, though,
issue an order last month that prohibits Servall from soliciting
business from Marcone’s customers. A New York appellate court
upheld the order on March 10, with a modification that allows
Servall to accept unsolicited orders from those customers.
Servall issued a statement calling the appellate ruling “a
significant victory” and saying that it wants to serve “customers
impacted by Marcone’s recent poor service and price gouging.”
Ganz, the Marcone executive, points out that it’s Servall
employees who have admitted unethical behavior. Rosenhahn and
Creighton first denied that they had taken any confidential
information, then admitted the theft after Marcone got court
permission to examine their computers.
Ganz also says that Marcone reduced some of Wagner’s prices,
kept most of its employees and invested more than $1 million in its
offices and warehouses. The merger wasn’t, in other words, a
slash-and-burn deal.
“It should have strengthened both entities,” he said. “Last
year, instead of being kind of a fun year with new people and new
locations, it wasn’t comfortable and it wasn’t fun.”
Michael Moberly, a security consultant and founder of Knowledge
Protection Strategies in University City, says information-theft
cases like this are not unusual. “We have this natural tendency to
want to trust our employees; we want to trust everybody,” he
said.
The highest-profile cases, Moberly says, involve high-tech
companies whose employees spirit away a key software program or a
new microchip design. But all companies â even those whose business
revolves around mundane things like hoses and dishwasher racks â
have valuable know-how and customer-relationship data.
And, as Marcone learned the hard way, information in the wrong
hands can do a lot of damage.
QUEENSLAND Police have slammed an iPhone app that allows users to tap into police radio frequencies on which officers name victims of domestic violence, sexual assaults and other crimes.
The TuneIn Radio app features a pre-programmed menu from which users can listen in and record police radio frequencies in several large regional centres, including Ipswich and Redcliffe.
“There are obvious privacy concerns for victims of crime, as well as operational safety considerations and potential for impacts on ongoing investigations,” said a police spokeswoman.
The app, which also picks up thousands of commercial stations and allows users to listen in to emergency services radio, only receives analog frequencies and doesn’t pick up the Brisbane city police network, which is digitally encrypted.
Queensland Privacy Commissioner Linda Matthews said the app made it easier for people to use the information for the wrong reasons. “The technology to access these broadcasts isn’t new what’s really new is the way it broadens the accessibility.”
She said the Queensland Government could not demand Apple remove the app from its online store because privacy legislation didn’t cover the private sector.
Middleware giant Software AG conducted an elaborate corporate espionage scheme replete with “sex, lies and an audiotape,” according to allegations in a lawsuit filed by RFID (radio frequency identification) vendor GlobeRanger.
GlobeRanger, of Richardson, Texas, “poured a decade of work and tens of millions of dollars into developing technology that is truly transformative and promised to exponentially facilitate the flow of goods and information throughout the world,” according to its complaint, which was originally filed in a Dallas County, Texas, court in December and moved to federal court this month.
Software AG, which dwarfs GlobeRanger in size, “had an irresistible motive,” the complaint adds. “It stood to make hundreds of millions of dollars from stealing GlobeRanger’s technology and attaching it to a product already deployed in tens of thousands of companies worldwide.”
RFID technology is not new, GlobeRanger’s complaint notes. But its platform is “a true chameleon” that can be deployed in any enterprise within two to three months, it claims.
Its products are used to track crime scene evidence in Holland and monitor the removal of hazardous materials from a Tennessee nuclear site, the complaint states. It even “knows just where ‘your dollop of Daisy’ sour cream is between farm and market.”
GlobeRanger has also won contracts making it “the enterprise standard” for the U.S. Defense Logistics Agency and the U.S. Air Force, according to the complaint.
Software AG’s April 2007 purchase of middleware vendor WebMethods for US$546 million is at the root of the conspiracy alleged in GlobeRanger’s filing.
“WebMethods was worth so much because it is literally everywhere — in every industry, every sized enterprise,” the complaint states. An integration between RFID technology and WebMethods would constitute a “holy grail” and a “massive home run” for Software AG, it adds.
However, WebMethods was not developed with RFID in mind, according to the complaint.
Now with WebMethods in hand, it would be years before Software AG could develop a viable RFID product, leading the company to make a brazen move, according to the complaint.
“Software AG had just spent a half a billion dollars. It had to show returns on this investment,” it states. “Software AG decided that it would develop an RFID Solution through corporate espionage.”
GlobeRanger’s complaint also names two systems integrators it had worked with, Main Sail and Naniq Systems, as defendants.
A director at Naniq, Kim Gray, “was unusually successful” at winning contracts from the Navy’s Automatic Identification Technology Office, according to the complaint, which said, “She was also having an improper relationship with Bob Bacon, the married head of Navy AIT.” Gray was also “involved with a man at Software AG,” it alleges.
Seoul (The Korea Herald/ANN) – South Korea concluded Friday (March 25) that the recent sex scandal involving several of its officials in Shanghai and a young Chinese woman was not a case of espionage, avoiding diplomatic fallout with China which has been closely monitoring the investigations.
Several officials, including former Consul General Kim Jung-ki, underwent government investigation over allegations they leaked confidential state information to a married Chinese woman while working in Shanghai.
Deng Xinming, the 33-year-old housewife at the center of the scandal, disappeared from the public eye after news broke earlier this month, also avoiding a probe by the Seoul investigation team which had been in Shanghai last week.
ÂWe recognize this case as an incident caused by serious indiscipline of officials at overseas missions, which led to leakage of some state information, illegal visa issuances and inappropriate relationships,” Kim Seok-min, deputy minister of SeoulÂs Prime MinisterÂs Office, said in a news briefing.
Officials had made the mistake of conducting Âanomalous diplomacy relying on unofficial and inappropriate sources such as the accused Chinese woman and were found to have had inappropriate relationships at hotels in China, Kim said, adding that more than 10 related officials will be punished.
Deng appears to have approached the Korean officials mainly for help with visa issuances. About 19 state documents did leak via the Shanghai mission, but none of them are considered information that calls for legal action, the Prime MinisterÂs Office said.
Korean officials at the Shanghai mission were initially suspected of passing classified government files to Deng, which were said to include contact information of some 200 high-ranking Korean officials and the schedule of President Lee Myung-bak.
When the scandal was first reported earlier this month, some speculated that Deng was an A-class spy hired by her government, citing her wealth and way of dealing with men.
The Chinese government expressed regrets about Seoul turning the incident into a spy case, its main newspaper warning of negative effects on Seoul-Beijing ties unless the case was Âquietly dealt with in an editorial.
After the government investigation results were made public, the Foreign Ministry said it would Âsternly deal with the officials involved, including former consular chief Kim.
The ministry also said it would conduct stricter inspection of its officials at overseas missions and recall anyone with disciplinary problems.
The latest scandal was unveiled shortly after the Foreign Ministry announced a set of reform measures to overcome a nepotism scandal that led to the resignation of its minister, dealing another blow to the ministry often considered an organization of elites.
