Jul 31 2014

Stealthy new malware snatching credit cards from retailers’ POS systems

US Computer Emergency Response Team, in cooperation with the Secret Service and researchers at Trustwave’s Spiderlabs, have issued an alert about a newly identified variant of malware installed on point-of-sale (POS) systems that was used in a series of recent attacks by cyber criminals. Called “Backoff,” the malware shares characteristics with the one used to attack Target’s point of sale systems last year: it scrapes credit card data out of the infected computer’s memory. Until now, it was undetected by antivirus software; testing by researchers found it had a "zero percent detection rate" on commercial antivirus products.

POS machines are a big target for hackers, who use malware like Backoff to collect data from credit cards and other transaction information to either create fraudulent credit cards or sell the data. In many ways, the Backoff-based attacks were similar to the attack in 2011 on Subway franchises—hackers used remote desktop software left active on the machines to gain entry, either by brute-force password attacks or by taking advantage of a default password, and then installing the malware on the hacked system.

According to US-CERT, Backoff—which is Windows-specific malware—runs in the background watching memory for the “track” data from credit card swipes, which can be used to both obtain the account number on the card and to create fraudulent cards that can be used in ATMs and other point-of-sale systems. Backoff also has a keylogger function that records the key-presses on the infected computer. The malware installs a malicious stub in Windows Explorer that can reload the in-memory component if it crashes and communicates with the criminals’ command and control network—sending home captured credit card data and checking for malware updates.

Read 1 remaining paragraphs | Comments

Jul 31 2014

CIA boss apologizes for snooping on Senate computers

The head of the Central Intelligence Agency has apologized to leaders of the Senate Intelligence Committee after determining that his officers improperly accessed computers that were supposed to be available only to committee investigators, according to multiple reports on Thursday.

The mea culpa from CIA Director John O. Brennan was in sharp contrast to a defiant statement he made in March. After US Senator Dianne Feinstein accused the agency of breaching long-recognized separations between employees of the legislative and executive branches, Brennan maintained that there had been no inappropriate monitoring of Senate staffers' computer activity.

"When the facts come out on this, I think a lot of people who are claiming that there has been this tremendous sort of spying and monitoring and hacking will be proved wrong," he said at the time.

Read 2 remaining paragraphs | Comments

Jul 31 2014

This thumbdrive hacks computers. “BadUSB” exploit makes devices turn “evil”

When creators of the state-sponsored Stuxnet worm used a USB stick to infect air-gapped computers inside Iran's heavily fortified Natanz nuclear facility, trust in the ubiquitous storage medium suffered a devastating blow. Now, white-hat hackers have devised a feat even more seminal—an exploit that transforms keyboards, Web cams, and other types of USB-connected devices into highly programmable attack platforms that can't be detected by today's defenses.

Dubbed BadUSB, the hack reprograms embedded firmware to give USB devices new, covert capabilities. In a demonstration scheduled at next week's Black Hat security conference in Las Vegas, a USB drive, for instance, will take on the ability to act as a keyboard that surreptitiously types malicious commands into attached computers. A different drive will similarly be reprogrammed to act as a network card that causes connected computers to connect to malicious sites impersonating Google, Facebook or other trusted destinations. The presenters will demonstrate similar hacks that work against Android phones when attached to targeted computers. They say their technique will work on Web cams, keyboards, and most other types of USB-enabled devices.

"Please don't do anything evil"

"If you put anything into your USB [slot], it extends a lot of trust," Karsten Nohl, chief scientist at Security Research Labs in Berlin, told Ars. "Whatever it is, there could always be some code running in that device that runs maliciously. Every time anybody connects a USB device to your computer, you fully trust them with your computer. It's the equivalent of [saying] 'here's my computer; I'm going to walk away for 10 minutes. Please don't do anything evil."

Read 10 remaining paragraphs | Comments

Jul 31 2014

Russian ransomware author takes the easy route

Malware uses legitimate open source components to encrypt files