Unschön ist diese Nachricht, die wir da dieser Tage vernehmen müssen: WordPress ist ein beliebtes Ziel für Hackern. So lautet das Ergebnis einer Analyse von Imperva – eines der größten Unternehmen für Datensicherheit im Netz. So würden WordPress-basierte Seiten im Vergleich zu allen anderen Plattformen deutlich häufiger angegriffen. Besonders betroffen seien Shopbetreiber, die dank Login-Funktion deutlich mehr Daten über ihre Nutzer bekommen.
24,1 Prozent häufiger gehackt: Im Vergleich zu anderen Content Management Systemen wird WordPress um 24,1 Prozent häufiger angegriffen.
The NSA plants rootkits in the computer chips to invade our privacy. These rootkits act as keystroke loggers that transmit — in real time
— what you type, to the NSA. Even if you don’t post or save a file of
your text, you’re still in trouble. Simply typing whats on your mind..
Evil NSA builds hardware/firmware rootkit chips and solders them onto
motherboards. This means the people who are supposed to protect us are
mistreating us.
„Firmware rootkit implies use of creating a permanent illusion of
rootkit malware. It can remain hidden in firmware as this is not
checked for code integrity. This was proved by John Heasman in ACPI[8]
and also PCI expansion of ROM.“
Hardware/firmware rootkits are the nastiest type of rootkits because
there is no way to eliminate them without physically-damaging your
computer.
„Firmware rootkits are the most malicious type of malware because they
are capable of creating malcode inside the firmware while you computer
is shut down. Every time you start your computer this type of malware
will reinstall. Firmware cannot be detected by the user and is very
difficult to remove.“
„Researchers can slip an undetectable trojan into Intel’s Ivy Bridge CPUs New technique bakes super stealthy hardware trojans into chip silicon.
In addition to the Ivy Bridge processor, the researchers applied the dopant technique to lodge a trojan in a chip prototype that was designed to withstand so-called side channel attacks.
The attack against the Ivy Bridge processors sabotages random number generator (RNG) instructions Intel engineers added to the processor. “
„This type of exploit seems very useful to a nation state that tramples human rights (or the NSA!), but this seems to be something that will be out of reach to most criminal organizations from a cost, effort and time perspective.“
„Everything in life is a balancing act, with compromising computer systems being no exception. Compromising hardware is incredibly powerful because it’s so difficult to detect and because of its staying power. It’s incredibly weak in that you have no portability, mobility, or re-usability. Software can spread and usually can’t be totally destroyed permanently (unless you zap all copies). Hardware cannot be easily transferred or downloaded and can be destroyed permanently. “ http://arstechnica.com/security/2013/09/researchers-can-slip-an-undetectable-trojan-into-intels-ivy-bridge-cpus/
„SPIEGEL published two pieces this morning about the NSA’s Tailored Access Operations (TAO) division, aka premier hacking ninja squad. According to Snowden documents, TAO has a catalog of all the commercial equipment that carries NSA backdoors. And it’s a who’s who of a list. Storage products from Western Digital, Seagate, Maxtor and Samsung have backdoors in their firmware, firewalls from Juniper Networks have been compromised, plus networking equipment from Cisco and Huawei, and even unspecified products from Dell. TAO actually intercepts online orders of these and other electronics to bug them.
SPIEGEL notes that the documents do not provide any evidence that the manufacturers mentioned had any idea about this NSA activity. Every company spokesperson contacted by Spiegel reporters denied having any knowledge of the situation, though Dell officials said instead that the company „respects and complies with the laws of all countries in which it operates.“
TAO uses software hacking in things like Windows bug reports to get the information and device control they need, of course. But if that’s not enough, they even have a special group of hardware hackers who create modified equipment for TAO specialists to try and plant. A monitor cable that allows „TAO personnel to see what is displayed on the targeted monitor,“ costs $30. An „active GSM base station“ for monitoring cellphone calls costs $40,000, and converted flashdrives that plant bugs and can also transmit and receive data with hidden radio signals come in 50-packs for more than $1 million. The NSA octopus spreads its tentacles even further. [SPIEGEL, SPIEGEL]“
Sounds like a Rutkowska Legacy… Why are these people presenting and working for the bad guys?
I’d like to point out why these malwares are classified as “god mode.” First, most of the malware uses an internal (NSA) codename in the realms of “gods,” such as DEITYBOUNCE, GODSURGE, etc. Second, these malwares have capabilities similar to “god mode” cheats in video games, which make the player using it close to being invincible. This is the case with this type of malware because it is very hard to detect and remove, even with the most sophisticated anti-malware tools, during its possible deployment timeframe.
This part of the series focuses on the DEITYBOUNCE malware described in the NSA ANT Server document, leaked by Edward Snowden.
ARKSTREAM is basically a malware dropper which contains BIOS flasher and malware dropper functions. ARKSTREAM can install DEITYBOUNCE on the target server either via exploits controlled remotely (network infection) or via USB thumb drive infection. This infection method, in a way, is very similar to the STUXNET malware dropper. ARKSTREAM installs DEITYBOUNCE via BIOS flashing, i.e., replacing the PowerEdge server BIOS with the one that is “infected” by DEITYBOUNCE malware.
DEITYBOUNCE provides software application persistence on Dell PowerEdge servers by exploiting the motherboard BIOS and utilizing system management mode (SMM) to gain periodic executions while the operating system (OS) loads.
Third Party Attacks (Secret Services) in Social Networks and major government controlled Internet Pages, like YouTube, Facebook, etc.
Very Typical Remote Attacks by Third Parties:
1. Remote Browser Crashing / Browser.Exploit.
(Mozilla based Browsers, as well as Google based Browsers)
2. CPU-Freezing, by direct CPU-Subversion. (e.g. Intel-CPUs)
3. Illuminazi.Flashplayer.Exploit (Facebook, Youtube, etc..)
4. Port Scans through Facebook. (Vulnerability analysis from a distance)
5. Firewall-Bypass Subversion. (Akamai-Lane)
6. Direct OS-Subversion/OS-Exploits (Limelight-Lane)
7. Early Login Firewall Bypass. (e.g. Microsoft)
8. Surface Erasure. (GUI-Exploits)
9. Bootroot and Hardware-Manipulations.
10. Audio&RadioFrequency/Satellite-Attacks.
11. Process Walking Injection. (Akamai-Lane)
12. System-wide UDP Backdoor tunneling in all browsers/firewalls to attack or corrupt systems. (very old method)
Drittparteien Angriffe (Geheimdienste) in Sozialnetzwerken und hauptsächlich regierungskontrollierte Internetseiten, wie YouTube. Facebook, etc.
Sehr typische Fernangriffe durch Drittparteien.
1. Zusammenbruch des Browsers durch Fernzugriff. / Browser.Exploit.
(Mozilla basierte Browser, als auch Google basierte Browser)
2. CPU-Einfrierung durch direkte CPU-Unterwanderung. (z.B. Intel-CPUs)
3. Illuminazi.Flashplayer.Exploit (Facebook, Youtube, etc..)
4. Port Scans über Facebook. (Schwachstellenanalyse aus der Ferne)
5. Firewall-Bypass Unterwanderung (Akamai-Bahn)
6. Direkte Betriebssystem Unterwanderung/OS-Exploits. (Limelight-Bahn)
7. Frühzeitiger Login Firewall-Bypass. (e.g. Microsoft)
8. Oberflächenlöschung. (GUI-Exploits)
9. Bootroot und Hardware-Manipulationen.
10. Audio&Radiofrequenz/Satelliten-Angriffe.
11. Process Walking Injektion. (Akamai-Bahn)
12. Systemweite UDP-Backdoor Tunnelung in sämtlichen Browsern/Firewalls, um die Systeme anzugreifen oder zu korrumpieren. (sehr alte Methode) PortScanbyFacebook23-07-2014
