RSA was the victim of an extremely sophisticated cyber attack which resulted in the possible theft of the two-factor code used by their SecurID products.

The exact risk to customers isn’t clear, but there is risk that the assurance of two factor authentication has been reduced.

A security researcher created a $1,500 cell phone base station kit (including a laptop and two RF antennas) that tricks cell phones into routing their outbound calls through his device, allowing someone to intercept even encrypted calls (non Gold Lock) in the clear. Most of the price is for the laptop he used to operate the system. The device tricks the phones into disabling encryption and records call details and content before they are routed on their proper way through voice-over-IP. The low-cost, home-brewed device mimics more expensive devices already used by intelligence and law enforcement agencies — called IMSI catchers — that can capture phone ID data and content. The devices essentially spoof a legitimate GSM tower and entice cell phones to send them data by emitting a signal that’s stronger than legitimate towers in the area. Encrypted calls are not protected from interception because the rogue tower can simply turn it off. Although the GSM specifications say that a phone should pop up a warning when it connects to a station that does not have encryption, SIM cards disable that setting so that alerts are not displayed.

A group of cryptographers has developed a new attack that has broken Kasumi, the encryption algorithm used to secure traffic on 3G GSM wireless networks.

The technique enables them to recover a full key by using a tactic known as a related-key attack, but experts say it is not the end of the world for Kasumi. Kasumi, also known as A5/3, is the standard cipher used to encrypt communications on 3G GSM networks, and it’s a modified version of an older algorithm called Misty.

In the abstract of their paper, the cryptographers say the attack can be implemented easily on one standard PC. ‘In this paper we describe a new type of attack called a sandwich attack, and use it to construct a simple distinguisher for 7 of the 8 rounds of KASUMI with an amazingly high probability of 214.

By using this distinguisher and analyzing the single remaining round, we can derive the complete 128 bit key of the full KASUMI by using only 4 related keys, 226 data, 230 bytes of memory, and 232 time. These complexities are so small that we have actually simulated the attack in less than two hours on a single PC, and experimentally verified its correctness and complexity.

Reports are in that T-Mobile, the ever popular US communications firm has recently became victim to the theft of highly sensitive data on operations, customers and also financial records.  According to postings on the internet, this information has already made its way to the underground auctions where it awaits the highest bidder.

T-Mobile has recently confirmed that they were the subject of attack, but they have denied any sensitive information has been stolen.  Three days after the attacks, T-mobile released a statement to the press in response to a channel insider inquiry stating that “protection of our customers’ information and the security of our systems is paramount at T-Mobile.” T-Mobile went on to admit that ‘a document’ had been stolen and that an investigation is underway.

The hackers are yet to substantiate their claims with anything other than the list of ‘servers’ which T-Mobile has already admitted to losing.  Perhaps the attacks never took place, or perhaps T-Mobile is deliberately keeping quiet?

T-mobile does not have the best reputation when you look at their track record. In 2005, it emerged that they were the subject of another massive attack, in which a hacker managed to access the sensitive information of T-Mobile’s full subscriber base of over 16 million customers.

As security analysts and encryption experts, we have to ask the question about both attacks: – Why does T-Mobile not adopt more rigorous multi-layer security?  Is encryption not at the heart of their policies?  After all, if they followed an appropriately multi-layered security policy, they would be able to mitigate the risks of any data theft.

We live in an age where there is a constant battle of competition going on amongst hackers.  Corporations are the victims, and many are literally blind to the risks, until they find out someone has just stolen the information of 16 million customers.   That is a lot of credit cards…

Recently, an industrial company in Texas has suffered the consequences of lax security policies when hackers managed to steal over $1.2 million dollars in a mere 30 minutes.

Jugal Malani, owner of the Sugar Land Company located in the USA recently received the blunt end of the stick, when his network was exposed and his credit lines were exposed.

The attacks took a mere 30 minutes to perpetrate and those responsible have still not been located.

In response to the attack, Mr Malani expressed complete bewilderment stating he never believed his firm was vulnerable, and subsequently he has upgraded his security.

Constantly, smaller and smaller corporations are facing the brunt of experienced hacker’s intent on breaching network security.

These days, it is no longer a case of having to be a multi-national corporation to be vulnerable, but any organization risks being a target if appropriate security measures are not enforced.

This is an example of a worst-case scenario, but one that is preventable with modern security policies.

Utilizing things such as encryption on files and sensitive calls ensures that no sensitive information is ever available for drive-by hackers.  Drive-by hackers, or hackers that simply roam the internet looking for weak targets are now responsible for a growing majority of attacks on business networks, and they are often escaping without charge due to lax network security that means there is not sufficient evidence left behind to apprehend them.

Security needs a huge paradigm shift from that of a single point of defence into a multi-layered model, which means that should attackers breach one layer of security, they still have many more until they can gain access to sensitive material, and each attempt will leave more and more incriminating evidence.

Next time you are trying to save $2000 on security, just think about this story because it could just end costing two million.

The University of London has just published news pertaining to a serious vulnerability in the popular Open Secure Shell(OpenSSH) encryption algorithm.
Their shocking revelation is that attackers are able to effectively ‘steal’ 32 bits of plaintext data in an exploit, which is active in some versions of OpenSSH on the linux platform.

This recent vulnerability has been identified as critically important because researchers have admitted to the significance of this as a major design flaw in OpenSSH.

Essentially, this is a main-in-the-middle attack with a difference. By snooping packets of data and sending them back to the server repeatedly until an error is triggered and the encryption is breached. This results in attackers slowly being able to reconstruct messages.

Whilst the vulnerability in all honesty is relatively minor as it is tremendously difficult to exploit, the fact that it exists has put a cloud of doubt over OpenSSH.
The attacks were revealed at the IEE security symposium, which was held in California, and the full details of the flaw were released into the public in order to raise awareness and force organizations to move over to more secure methods.

The security vulnerability in OpenSSH has been identified and fixed, but software professionals have admitted that this is not a weakness in coding, but a fundamental vulnerability in the design of Open SSH.

Whilst there were no reports of this vulnerability actually being exploited for any other purpose than security research, this does highlight the weaknesses that can exist when organizations rely on single layers of security. The conclusion that people should be making is that this is an example of a possible breach, and a possible breach could most likely than not be a real one before long.

In today’s world of wireless networks and internet communications, would you be surprised to know that the majority of information you send over the internet is viewable by third parties?
The shocking truth is that many of our activities over the Internet are highly vulnerable to third party man in the middle attacks.

This presents a variety of real and pressing issues for both home users and businesses, which may be conducting business via risky unsecured networks.

A recent study found that many people still think it is safe to access an unencrypted wireless network. With the number of unencrypted networks rising in places such as airports, hotels and cafes there is a misconception that they are secure places to carry out remote working.

This could not be further from the truth due to the way that the HTTP protocol and the internet in general works. Literally, every website you visit will be available to hackers with little equipment other than a laptop and a powerful Wi-Fi receiver. The person sitting next to you may be intercepting everything you read online, the e-mails you send and any communications via instant messenger.

It does not stop there however; unencrypted wireless networks are real gold mines for even novice hackers. If you’re in the business of sending sensitive e-mails at the local cafe, just remember that what is being sent is visible to anyone with the same equipment you have (laptop & computer).

Luckily, information theft is preventable with adequate security policy. One of the best ways to ensure that information is safe is by using virtual private networks to link back to your office and effectively encrypt everything. However, even in some cases, this is not sufficient and as a result some form of encryption is always recommended to ensure that e-mail security and file security is maintained.

Nokia 1100 - Firmware Encryption Keys Hacked

Recently, security groups have been receiving increased reports of hackers successfully intercepting SMS messages and subsequently gaining access to banking details of individuals.

This shocking revelation came to light just recently, when the security group “Ultrascan” managed to acquire not just the full working details of this exploit, but also all the hardware required.

This attack relies on the Nokia 1100 telephone, which was one of the few Nokia phones in which the firmware encryption keys have reached public domain and thus it has successfully been decrypted, reverse engineered and modified.

Hackers have managed to effectively clone a mobile phone by hacking this firmware and then by using it to eavesdrop on SMS messages, were able to intercept secure banking information and breach online security.

When used in conjunction with key loggers and other snooping tools hackers are effectively bypassing the once thought rugged security methods of European online banking.

This vulnerability essentially involves rewriting the firmware of a cell phone, and then using it as a secret receiver to eavesdrop SMS messages.

GSM security has been vulnerable to attack for a while now and the old GSM proprietary encryption algorithms have already been breached on multiple occasions.

For the average hacker, obtaining the devices is out of the question, but organized gangs of criminals who are already in the process of cloning SIM cards and conducting online fraud already are actively seeking these cellular devices.

These devices are now appearing on the black market for sale to criminals who are looking to use them to conduct cyber fraud in online banking.
Given the latest vulnerability with SMS messages, then perhaps banks and consumers need to start thinking about using some sort of encryption for all GSM communications, not just GSM voice data.