Hack said to cause fiery pipeline blast could rewrite history of cyberwar

Bloomberg News is reporting evidence of a watershed event in the annals of cyberwarfare, a 2008 hack attack that caused a Turkish oil pipeline to spectacularly burst into flames.

If true, the hack could rewrite the history of cyberwar. The first known use of a computer hack digital weapon to cause physical damage on an enemy is the Stuxnet worm, which in 2009 caused the destruction of uranium centrifuges in Iran's Natanz nuclear facility. (The malware was unleashed on a handful of carefully selected targets a year or so earlier, journalist and author Kim Zetter reported in a recent book, but it took time for the malware to infect its intended target.) The timing has earned Stuxnet the title of the world's first known digital weapon. The Bloomberg account suggests the hack on the Turkish pipeline occurred around the same time Stuxnet was released and was able to successfully detonate its payload effect physical damage a year earlier than Stuxnet did. Update: As several readers have pointed out in comments below, the suspected sabotage of a Siberian pipeline in 1982 is believed to have used a logic bomb.

As described by Bloomberg, attackers gained access to the pipeline's computerized operational controls and increased the pressure of the crude oil flowing inside. By hacking the video and sensors that closely monitored the 1,099-mile Baku-Tbilisi-Ceyhan pipeline, the attackers were able to prevent operators from learning of the blast until 40 minutes after it happened, from a security worker who saw the flames, Bloomberg said. As many as 60 hours of surveillance video were also erased. According to Bloomberg:

Read 2 remaining paragraphs | Comments

The Security Risks That Could Be Lurking in Your WordPress Backup Plugin

One of the things that we have noticed in looking at security vulnerabilities in WordPress plugins over the years is that backup plugins are often found to have vulnerabilities. While working on our new plugin that lets you know what vulnerabilities are or have in the past existed in the WordPress plugins you use we have seen that the poor security of backup plugins is continuing. Two examples highlight the problems with security of not just backup plugins, but all plugins.

DB Backup Plugin

Because backup plugins create files containing sensitive data, backup plugins need to prevent unauthorized users from downloading those files. One way to do that is block direct access to the files and then permit users to download them through the plugin. Unfortunately that can introduce a new security risk since if the download mechanism is not secured it can be abused to download files that someone shouldn’t have access to. That is the case with the plugin DB Backup, which was found to allow anyone to download arbitrary files from the website. That could for example be used to download the wp-config.php and therefore provide the login credentials for the website’s database.

The bigger problem that this highlights is what happens when a security vulnerability doesn’t get fixed, as is the case with this plugin. Right now if you go to the page for this plugin https://wordpress.org/plugins/db-backup/ you get served a search page:

Page shown for https://wordpress.org/plugins/db-backup/

This is due to the plugin being pulled from the Plugin Directory, probably due to someone notifying WordPress of the issue. This prevents anyone from downloading the plugin, but what about people that already have it installed? Unfortunately they are not given any notice that they are using a plugin with a security vulnerability. That obviously shouldn’t be the case, but despite our pushing for that to change for years WordPress still has corrected this issue. If you would like to see that change then please vote for that to happen.

XCloner – Backup and Restore

Another general problem with plugins is that the developers don’t always have much concern for security. The developer of the XCloner – Backup and Restore plugin falls in to that category, which has put the users of the plugin at risk in multiple ways.

The most recent vulnerability discovered in the plugin allowed any one who could log in to WordPress to download any backup files created by XCloner. What is of more concern is the developer’s response. The person who discovered vulnerability states that they notified the developer on November 7 and 13, the vulnerability wasn’t fixed after either of those. It also wasn’t fixed after the vulnerability was publicly disclosed on November 19. It finally got fixed within a day of us reporting the vulnerability to WordPress and the plugin being pulled pending a fix. You can see they only had to make minor changes to fix the issue, so this could have easily been fixed before if they had been interested. If we hadn’t reported the vulnerability it is quite possible the vulnerability still wouldn’t have been fixed.

This isn’t an isolated incident. Below is the list of the unsuccessful attempts a security company made to notify of them of vulnerabilities in a standalone version of XCloner:

- 6 notifications by email
– 4 notifications via contact form
– 1 notification via twitter.

The latest vulnerability is one of five that have been discovered in the plugin. The others are:

The developer’s lack of concern for security isn’t just for their software, seeing as their website is currently running a nearly four year old version of WordPress:


The XCloner website is running WordPress 3.0.5

Nation-backed malware targets diplomats’ iPhones, Androids, and PCs

Researchers have uncovered yet another international espionage campaign that's so sophisticated and comprehensive that it could only have been developed with the backing of a well resourced country.

Inception, as the malware is dubbed in a report published Tuesday by Blue Coat Labs, targets devices running Windows, Android, BlackBerry, and iOS, and uses free accounts on Swedish cloud service Cloudme to collect pilfered data. Malware infecting Android handsets records incoming and outgoing phone calls to MP4 sound files that are periodically uploaded to the attackers. The researchers also uncovered evidence of an MMS phishing campaign designed to work on at least 60 mobile networks in multiple countries in an attempt to infect targeted individuals.

"There clearly is a well-resourced and very professional organization behind Inception, with precise targets and intentions that could be widespread and harmful," the Blue Coat report stated. "The complex attack framework shows signs of automation and seasoned programming, and the number of layers used to protect the payload of the attack and to obfuscate the identity of the attackers is extremely advanced, if not paranoid."

Read 9 remaining paragraphs | Comments

Sony Digital Certs Being Used To Sign Malware

So at the end of November, Sony got owned, owned REAL bad – we wrote about it here: Sony Pictures Hacked – Employee Details & Movies Leaked. It seems in as a part of the massive haul of documents, the digital certificates used to sign software were also stolen. Which is bad, as you can [...] The post Sony Digital Certs Being Used To...

Read the full post at darknet.org.uk