We interrupt this program to warn the Emergency Alert System is hackable

The US Emergency Alert System, which interrupts live TV and radio broadcasts with information about national emergencies in progress, is vulnerable to attacks that allow hackers to remotely disseminate bogus reports and tamper with gear, security researchers warned.

The remote takeover vulnerability, which was fixed in an update issued in April, affected the DASDEC-I and DASDEC-II application servers made by a company called Digital Alert Systems. It stems from a recent firmware update that mistakenly included the private secure shell (SSH) key, according to an advisory published Monday by researchers from security firm IOActive. Administrators use such keys to remotely log in to a server to gain unfettered "root" access. The publication of the key makes it trivial for hackers to gain unauthorized access on Digital Alert System appliances that run default settings on older firmware.

"An attacker who gains control of one or more DASDEC systems can disrupt these stations' ability to transmit and could disseminate false emergency information over a large geographic area," the IOActive advisory warned. "In addition, depending on the configuration of this and other devices, these messages could be forwarded and mirrored by other DASDEC systems."

Read 5 remaining paragraphs | Comments

    


US agency baffled by modern technology, destroys mice to get rid of viruses

Certified 100% malware free.

The Economic Development Administration (EDA) is an agency in the Department of Commerce that promotes economic development in regions of the US suffering slow growth, low employment, and other economic problems. In December 2011, the Department of Homeland Security notified both the EDA and the National Oceanic and Atmospheric Administration (NOAA) that there was a possible malware infection within the two agencies' systems.

The NOAA isolated and cleaned up the problem within a few weeks.

The EDA, however, responded by cutting its systems off from the rest of the world—disabling its enterprise e-mail system and leaving its regional offices no way of accessing centrally held databases.

Read 6 remaining paragraphs | Comments

    


Hard drive-wiping malware that hit South Korea tied to military espionage

The hackers responsible for a malware attack in March that simultaneously wiped data from tens of thousands of South Korean computers belong to the same espionage group that has targeted South Korean and US military secrets for four years, researchers said.

The conclusion, reported in a recently published research paper from security firm McAfee, is surprising. Most groups behind network-based espionage campaigns take pains to remain hidden to ensure their advanced persistent threat (APT) is able to siphon as much sensitive data as possible. The "Dark Seoul" attack, by contrast, has attracted huge amounts of attention because of its coordinated detonation. It struck government and media networks in South Korea precisely at 2pm local time on March 20, affecting both Internet and mobile banking applications, while taking automatic teller machines offline. Until now, researchers speculated the unknown group behind the attack was primarily motivated by a goal of causing disruptions.

In fact, Dark Seoul was just one component of "Operation Troy," a long-term spying campaign targeting military organizations that dates back to at least 2009. The covert operation gets its name from references to the ancient city found in malware developed by the attackers. The malware made use of a sophisticated control network to carry information over Web and Internet relay chat connections that were secured with strong encryption. Remote access tools installed on compromised target machines methodically searched for military terms and downloaded only documents that were deemed important. The malware initially took hold after the attackers planted a previously undocumented "zero-day" exploit on a military social networking site. The technique is known as a watering-hole-style attack, because it attempts to plant drive-by exploits into sites frequented by the people the attackers hope to infect (similar to a hunter targeting its prey as it drinks water).

Read 5 remaining paragraphs | Comments

    


Mass-login attack on Nintendo fan site hijacks 24,000 accounts

Almost 24,000 user accounts on Nintendo's main fan site have been hijacked in a sustained mass-login attack that began early last month, the company said.

The wave of attacks on Club Nintendo exposed personal information associated with 23,926 compromised accounts, including users' real names, addresses, phone numbers and e-mail addresses, according to a press release Nintendo issued over the weekend. The campaign began on June 9 and attempted more than 15.5 million logins over the following month. Attackers likely relied on a list of login credentials taken from a site unrelated to Nintendo.

Club Nintendo offers rewards to Nintendo customers in exchange for having them register their products, answer surveys, and provide personal data. The site operates internationally and has about four million users in Japan, the primary region of most affected users. Things came to a head on July 2, when the wave of logins crested. By Friday, July 5, Nintendo had reset passwords on the site.

Read 2 remaining paragraphs | Comments