The FBI arrested 20 persons suspected to be members and operators in an international cyber crime network charged with bank fraud scheme. The network compromised dozens of individual and business accounts in the U.S. and transferred more than $3 million under false identities. The FBI is charging more than 60 people from Russia, from Belarus, Kazakhstan and Ukraine, as well as U.S. nationals, some already convicted in money laundering and fraud. Of the 60 charged in this case only 20 were arrested in recent days, 17 are still at large in the U.S. and abroad. The charges followed Tuesday’s arrests of 19 people in Britain on computer crime charges being part of “a sweeping and coordinated effort to combat the 21st century’s variation on traditional bank robbery,” US Attorney Preet Bharara said in New York.
FBI Assistant Director-in-Charge Janice K. Fedarcyk, attributed the attack to the ‘Zeus Trojan’ malware which allegedly allowed hackers to get into victim accounts from thousands of miles away. “They did it with far less exertion than a safecracker or a bank robber.” Fedarcvk admitted but assured, they, “Like the money mules, many, if not all, will end up behind bars.”
According to the FBI, the scheme was headed by Artem Tsygankov, a Russian national, age 23, who recruited other young students to operate as mules and managed their activities, directing the money gained by the scheme through fraudulent wire transfers to the mules’ accounts. The network followed ‘multi-level’ scheme, where recruits and recruiters keep around 10% of the amount they transfer. The network recruited ‘mules’ by targeting young students holding U.S. tourist Visas, targeted on Russian social network sites. Tsygankov is still at large, wanted by the FBI. If convicted, he faces more than 30 years imprisonment.
After the ‘mules’ have opened hundreds of bank accounts, under false identities, at U.S. banks, the cyber attack was launched from Eastern Europe, unleashed by sending millions of emails containing the “Zeus Trojan”, targeting computers at small businesses and municipalities in the United States where security awareness is considered low. According to the FBI, once the email was opened, the malware embedded itself in the victims’ computers, and recorded their keystrokes – including their account numbers, passwords, and other vital security codes – as they logged into their bank accounts online. The hackers responsible for the malware then used the stolen account information to take over the victims’ bank accounts, making unauthorized transfers of thousands of dollars at a time to receiving accounts controlled by the co-conspirators.
Hundreds of receiving accounts were set up in advance by a “money mule organization” responsible for retrieving the proceeds of the malware attacks and transporting or transferring the stolen money overseas. To carry out the scheme, the money mule organization recruited individuals who had entered the United States on student visas, providing them with fake foreign passports, and instructing them to open false-name accounts at U.S. banks. Once these false-name accounts were successfully opened and received the stolen funds from the accounts compromised by the malware attacks, the “mules” were instructed to transfer the proceeds to other accounts, most of which were overseas, or to withdraw the proceeds and transport them overseas as smuggled bulk cash.
The investigation began in February 2010 when New York Police Department (NYPD) investigated a suspicious $44,000 withdrawal from Bronx bank, said Commissioner Raymond W. Kelly said: “It soon became evident that it was just the tip of an international iceberg.” said Kelly. The investigation unfolded far beyond New York, involving national and trans-national agencies to reach and decipher the international scheme which represents the profile of typical modern cyber crime. As the incidence of transnational cybercrimes continues to rise, investigations and prevention activities are elevated to include the Diplomatic and Secret Service. “The results of this investigation clearly demonstrate how the Secret Service is forging strong partnerships with other law enforcement agencies, successfully combating cyberfraud, and bringing high-tech perpetrators to justice.” DSS Special Agent-in-Charge Christopher Paul added “The charges announced today send a strong message: Diplomatic Security is committed to collaborating with our law enforcement partners to make sure that those who commit fraud face consequences for their criminal actions. Diplomatic Security’s strong relationship with the U.S. Attorney’s Office and other law agencies around the world continues to be essential in the pursuit of justice.”
Stuxnet uncovers the vulnerability of our infrastructure system – exposing the vulnerable interfaces between the logical and physical world, these elements are totally unprotected and open disastrous vulnerabilities to attack by cyber terrorism and cyber criminals.
“We have analyzed the code, and compared it to other, similar known malware, this new code has definitely the parameters of a ‘military code’, but it lacks some aspects one would expect to find in military cyber warfare application” Shai Blitzblau, Head of Maglan-Computer Warfare and Network Intelligence Labs, interviewed by Defense Update. Among these parameters are communications, encryption, internal self-protection (anti-anti debug) and certain methodologies that are followed by western cyber warfare specialists.
While Iran was marked as Stuxnet’s most popular target, other countries falling prey to the new malware were many third world nations where Siemens equipment is widely used and security and legal discipline in licensing and security methods are not strictly enforced. Stuxnet also attacked Indonesia, India, Russia, Belarus, and in Kirgizstan. What’s more important is where the Stuxnet didn’t attack – China and – most surprisingly – Germany, where only few systems were compromised yet none of the reports was confirmed!
“Siemens is reporting that industrial plants in Germany have also been hit by the Stuxnet worm. According to Wieland Simon, press spokesman at Siemens, approximately one third of the 15 infections discovered at industrial plants worldwide have been found at sites in German process industry sector. Siemens’ own plants are said not to be affected” simon added.
Although it was ‘discovered’ by the media in late September, Stuxnet is definitely not a new threat and, in fact, most of the vulnerabilities it exploited have already been ‘patched’. It was created sometime in January-February according to the ‘time stamps’ embedded into the compiled code. Initial anomalies related to the new threat were reported about two months later. Maglan received the new threat as part of our technical support services to some of our customers, who were hit by the malware. After thorough analysis we have uncovered several interesting aspects of the code that were not familiar before, and lead us to assume that Stuxnet was not created by a western cyber warfare organization. However, the great effort and resources invested in this code testify to its value to its creators, who spent great investments – financial, technical and in – most importantly, in assets considered scarce commodities among the hackers community.
First, and most important, the code was not written by “home based” hackers – unlike most other malware codes, it is not directed against conventional windows systems, but specifically at industrial systems, by exploiting four different vulnerabilities (security ‘holes’ detected by hackers but not yet patched, three months ago, by the targeted software provider – also called ‘Zero Day’ exploits). Such Zero-Day Exploits are not spent easily by hackers, and would rarely be used in tandem, let alone in a ‘quad’ formation, testifying to the fact that the developer team had no limits on the use of resources.
Multiplicity and redundancy were also employed addressing the targeted operating systems. The creators of Stuxnet also went into great effort to ensure the malware covers all potential avenues of approach – including systems that rarely interest hackers – like WindowsCC, a Microsoft operating system designed for embedded systems. The code also targets all Windows platforms from Windows ME, XP, NT, Vista, 2000, 2003 and 2008 to the latest Windows 7 – again not a simple task for regular hackers. Other aspects of the code target specific vulnerabilities attributed to Siemens PSC7 systems, designed to control Programmable Logic Controllers (PLC) widely used in utility and industrial SCADA systems.
While each of these penetration axes operates independently, these parallel lines are coordinated and supporting each others to achieve the goal – ‘hijack’ as many PLCs as possible and burry embedding itself into the command and control hubs. The malicious code does not carry the type of spyware commonly found in other bots, but is rather ‘attack oriented’ – carrying a ‘payload’ in form of a set of commands designed to bypass those controlling the PLC, and carry out a set of actions as instructed by the hijacker.
The carry out and control such attack the creators of Stuxnet embedded three separate means of communications in the code – two are considered ‘advanced’ and one ‘low level’. However, the code lacks communications elements that would enable a ‘nation state’ operation much more flexibility and control, having the capability and means to conduct operations in the proximity of the targeted site. One of the unique features of Stuxnet is the way its payload is ‘packed’ into the code.
Previous malware attacks employed a communications mechanism that could download the payload – the intelligence collecting ‘spyware’ or ‘attack’ from the command and control center – this enables the use of more compact code, better precision and more flexibility as the attack unfolds. Stuxnet has the payload built-in to the code, alluding to the fact that it was targeted against known targets and its creators had little consideration as to the collateral damage they create. Again, this methodology is rarely used among Western cyber warfare operatives.
Although the code was designed with remotely controlled ‘uninstall’ and termination function, these do not work properly in most cases, as the level of sophistication invested in this segment fall behind the general high standard of Stuxnet.
Nevertheless, the creators took great effort to conceal the malicious code from detection, in an effort to mask its existence, activity and objectives. For example, the malicious code was written as a ‘dynamic link library’ (.dll) commonly associated with hardware device drivers – software elements rarely considered a risk, since these they are written, signed off and distributed by hardware providers to support specific functions of such hardware. Users commonly download these devices as part of hardware installations and support and trust their own anti-virus scanners and the companies that provided the drivers for their security. Alas, Stuxnet exploited this vulnerability – it uses highly sophisticated anti-anti-virus countermeasures, addressing 38 (!) known anti-virus programs, not only few of the most common ones, as most hackers will do.
In addition, the code is digitally signed by VeriSign as genuine Siemens software. Later, Siemens reported that these signatures were stolen but did not explain how such sensitive material was compromised and reached hostile elements. Technically, ‘extracting’ such signature from existing products is possible, but this capability is beyond the reach of hackers and could be done only with massive computing power not available in non governmental levels. In this area, Stuxnet creators have again demonstrated they can be generous – to ensure their code is accepted, they used two different signatures – by chip Taiwanese makers JMicron and Realtek. The fact that these signatures are time-stamped in within more than a week of each other could testify as to the lengthy process of the preparation, testing and operation planning.
The U.S. Department of Homeland Security (DHS) launched today the ‘Cyber Storm III’, a drill testing the nations’ resilience under a simulated, deliberate international cyber attack aimed at the hubs of government, infrastructure and business.
The three day exercise is the third and largest in a series of annual cyber attack drills conducted outside the defense community. The current event involves more participants that past years, form the federal, state, and commercial sectors. Among the ‘defenders’ are players from seven government departments, 11 states, 12 different countries and 60 private sector companies. The exercise is managed by the DHS’s National Cyber Security Division (NCSD).
The cabinet-level departments participating in Cyber Storm III are from Commerce, Defense, Energy, Homeland Security, Justice, Transportation and Treasury. In addition, the White House and representatives from the intelligence and law enforcement communities will also attend the event. Eleven states are taking part – California, Delaware, Illinois, Iowa, Michigan, Minnesota, North Carolina, New York, Pennsylvania, Texas and Washington. Among the participant countries are Australia, Canada, France, Germany, Hungary, Japan, Italy, the Netherlands, New Zealand, Sweden, Switzerland, and the United Kingdom (only four foreign nations participated in Cyber Storm II last year). DHS selected 60 companies from the private sector, to assess the effect of potential cyber attack on commercial services sectors, such as Banking and Finance, Chemical, Communications, Dams, Defense Industrial Base, Information Technology, Nuclear, Transportation, and Water.
The scenario developed by NCSD incorporates known, credible technical capabilities of adversaries and the exploitation of real cyber infrastructure vulnerabilities, resulting in a range of potential consequences – including loss of life and the crippling of critical government and private sector functions. By coincidence, such capabilities have surfaced in recent weeks, with the distribution of a new malicious code called Stuxnet, spreading through industrial systems and infrastructure networks. Such code has the potential to penetrate highly protected systems, including networks that are completely isolated from the internet, to conduct espionage, disruption or deliberate attack.
The ‘defenders’ could face over 1,500 separate events; some will be subtle, with only few hints indicating ongoing penetrations into computerized systems. Other events will be more dramatic, demonstrating the resulting effects to compromised networks. They will have to identify the ongoing attack in real time, mitigate the compromises and vulnerabilities that allowed it to occur, and deal with the possible consequences to compromised systems. “At its core, the exercise is about resiliency – testing the nation’s ability to cope with the loss or damage to basic aspects of modern life.” DHS officials explain, adding “the Cyber Storm III exercise scenario reflects the increased sophistication of our adversaries, who have moved beyond more familiar Web page defacements and Denial of Service (DOS) attacks in favor of advanced, targeted attacks that use the Internet’s fundamental elements against itself – with the goal of compromising trusted transactions and relationships.”
Cyber Storm III provides the DHS with the first opportunity to assess and strengthen cyber preparedness and resilience of the nation’s critical infrastructure and key resources (CIKR) – evaluating how the collective cyber preparedness and response capabilities perform against realistic cyber attack. It will also provide the first opportunity to assess the newly-developed National Cyber Incident Response Plan (NCIRP) – a blueprint directed by President Barack Obama, for cybersecurity incident response. The exercise will examine the roles, responsibilities, authorities, and other key elements of the nation’s cyber incident response and management capabilities and use those findings to refine the plan. It will also test the new, National Cybersecurity and Communications Integration Center (NCCIC) inaugurated in October of 2009, which serves as the hub of national cybersecurity coordination.
BAE Systems announced today the planned acquisition of three intelligence services companies, for a total investment of almost US$300 million. The companies to be acquired are SpecTal LLC, Advanced Concepts Inc., and McClendon LLC – all part of the L-1 Identity Solutions Inc.’s (L1ID) Intelligence Services Group. Following the completion of the acquisition expected by the fourth quarter of 2010, BAE will add more than 1,000 skilled information and security employees to its workforce. This acquisition reflects its global strategy to enhance and grow its business in the area of customer support and services, which includes cyber and security as well as readiness and sustainment activities focusing on four key customer missions – intelligence and counterintelligence, homeland security, law enforcement and support to military operations. For the six months to 30 June 2010, this area of the business generated 49% of BAE Systems revenues.
Focusing on its core security activities, L1ID itself is being acquired by the French Safran group. This move is expected to be completed by the first quarter of 2011. L1ID provides Secure Credentialing Solutions, Biometric and Enterprise Access Solutions and Enrollment Services. These businesses are expected to have combined estimated Fiscal Year 2010 revenues of $486.0 million. The acquisition by Safran is expected to open international growth opportunities for L-1. According to Jean-Paul Herteman, Chief Executive Officer of Safran, the company plans to integrate L-1′s operations into its subsidiary, Morpho.
Israel Weapon Industries (IWI) Ltd. was established after privatization of the former Israel Military Industries (IMI) Small Arms Division, which has been the leading weapon manufacturer in Israel for over 70 years.
Company Website: israel-weapon.com
IWI Product Line:
Today, IWI is part of a group of companies specializing in the development, manufacturing and marketing of defense products for the local, and international market, offering equipment to customers, including military forces and law- enforcement agencies.
Employing state of the art design, development and manufacturing technologically, IWI has consistently provided weapons favored by the best military and police forces around the world – from the legendary UZI SMG to IWI’s latest addition, the TAVOR, X-95 Assault Rifles and NEGEV Light Machine Gun.
Development, manufacturing, testing and quality assurance, specified to the most stringent military standards, are carried out in-house at IWI’s facilities, enabling the company to operate efficiently, maintain highest quality standards, while rapidly adapting to customer- requirements and market trends.
IWI’s firearms are developed in close collaboration with the IDF. IWI and the IDF established joint Research and Development (R&D) teams, to create the weapons, whose ultimate configuration is the product of ongoing interaction, field tests and modifications, applied from most recent combat requirements.
IWI Product Line:
IWI is one of the world’s leading producers of combat proven small arms for over 70 years. The company’s range of weapon systems include:
The Tavor was developed by IWI in cooperation with the IDF. Its compact rifle and long barrel are key attributes for its excellent usability for modern, asymmetric combat. The weapon has an integral, advanced and accurate sighting system attached directly to the barrel. Designed with optimal ergonomics Tavor increases the user’s comfort and confidence level.
The standard LMG of the Israel Defense Forces. High reliability and versatility that suits a large variety of operations. NEGEV can optimized for dismounted operations. It can also be used as vehicle mounted weapon, on helicopters or naval crafts.
Galil is a lightweight, air-cooled, gas-operated, magazine fed multi-purpose personal weapon. It is designed for firing from the shoulder or hip. The Galil was combat proven as a highly reliabile weapon, proving itself in difficult and extreme conditions. The ACE is based upon the reliable mechanism of the GALIL. It is perfectly suitable for modern battle field, with enhanced human engineering. The five Picatinny rails allow adding an array of optical devices and accessories. The ACE is easy to use and simple to maintain.
This is a semi automatic sniper rifle, designed for high accuracy, ease of operation and convenient carriage under tough operating conditions. The weapon is offered with a folding stock for use by special units and law enforcement. Galil Sniper Rifle is in service with military and government agencies worldwide.
The first and leading SMG. The legendary UZI has been the most popular weapon for over 50 years. Since the introduction in 1956 over 2 million units were sold worldwide. The combat-proven UZI has proved itself as the most reliable SMG to date.
IWI is offering two types of handguns – the Jericho and Barak. Jericho is built on a high quality, all steel construction. Its barrel has polygonal rifling for greater accuracy and longer barrel life. Among the ergonomic features are the forward-positioned center of gravity providing for reduce barrel jump, polymer stock and safety on slide. Barak Is a lightweight, ergonomically designed handgun offered for self-defense and law enforcement needs. It is available in 3 cal: 9mm, .40 S&W, .45 ACP.
CONTROP specializes in the development and production of Electro-Optical and Precision Motion Control Systems. The company’s specialists have over 35 years of experience in Electro-Optical / Infra-Red (EO/IR) products for surveillance, defense and homeland security.
Company website: controp.com
CONTROP’s main product lines include automatic passive intruder detection systems for coastal surveillance, port and harbour security, border surveillance, security of sensitive sites, perimeter security surveillance and ground troops security; High performance stabilized observation payloads used for day and night surveillance on board UAVs, mini UAVs and aerostats/balloons, helicopters, light aircraft, maritime patrol boats and ground vehicles; Thermal imaging cameras with high performance Continuous Zoom Lens and state-of-the-art image enhancement features, and more. The company’s range of surveillance, defense and homeland security systems include:
CONTROP’s specialists design and assemble optical lenses (zoom), in high accuracy mechanical subsystems. The company’s products are also supported by in-house electronic design, of both analog and digital systems, software design and implementation, inertial stabilization, servo-loops design testing, with inertial and GPS-aided INS systems expertise.
CONTROP’s main product lines include: Automatic passive intruder detection systems for coastal surveillance, port and harbor security, border surveillance, securing sensitive sites, perimeter security surveillance and ground troops security; High performance stabilized observation payloads are used for day and night surveillance on board UAVs, mini UAVs and aerostats/balloons, helicopters, light aircraft, maritime patrol boats and ground vehicles; thermal imaging cameras with high performance Continuous Zoom Lens and state-of-the-art image enhancement features, and more. CONTROP’s products are in daily operational use by many of the most critical homeland security and defense programs worldwide.
The company has a vast in-house knowledge base in all technological fields related to inertially-stabilized electro-optical payloads, and their applications for airborne, land or naval applications. The company also has the required design, simulation and testing tools and equipment supporting the product’s life cycle, from CONTROP has mastered all critical technological aspects required for successful implementation and integration of technological advances in electro-optical systems, including system-level design, analysis and simulation of electro-optical and Infra-red (thermal) sensors – both cooled and uncooled thermal imaging cameras. The company’s R&D teams specialize in real-time image enhancement and image processing, video tracker hardware / software design, implementation and integration of laser systems.
CONTROP has mastered all critical technological aspects required for successful implementation and integration of technological advances in electro-optical systems, including system-level design, analysis and simulation of electro-optical and Infra-red (thermal) sensors – both cooled and uncooled thermal imaging cameras. The company’s R&D teams specialize in real-time image enhancement and image processing, video tracker hardware / software design, implementation and integration of laser systems.
CONTROP’s payloads are gyro-stabilized in two or three axis, using 3, 4 or 5 gimbals for applications in helicopters, aircraft or ground surveillance vehicles, Unmanned Aerial Vehicles, Unmanned Ground Vehicles, land vehicles or naval vessels, as well as sensors protecting fixed sites. These payloads can carry multiple sensors or a single camera, according to the user’s requirements. They come in different weight and performance levels, from 46 kg to 0.75 kg. Back
CONTROP was one of the world pioneers in the development of Scanning & Observation Surveillance Camera Systems. These sensors are providing both observation and panoramic scan capabilities using a single camera observation system. The company has been delivering such systems since the late 1990′s, meeting a wide range of operational requirements with numerous military and governmental agencies. Typical applications are Intruder Detection for border protection, perimeter security for air bases and other strategic sites, coastal defense and air defense applications. Back
CONTROP developed a range of cooled and uncooled, high performance thermal cameras, providing night, daylight and adverse weather visibility. Typical applications of these cameras are for military, homeland security uses. CONTROP’s FLIRs are used throughout the company’s product range and also by other manufacturers and are also provided as an OEM sensor. Back
The company offers Gyro Stabilized Gimbal Assemblies and Antenna Pedestals applicable for various optronic payloads and directional datalink antenna assemblies used on UAVs, aerial, naval and land-based systems. Back
CONTROP also offers high brightness, ruggedized flat panel monitors for use with air, land and naval platforms and applications, including fixed and rotary wing aircraft, sea vessels and ground vehicles. These Super VGA displays are available in 15″, 10.4″ or 8.4″ LCD active matrix (TFT) screen sizes and are compatible to operate at altitudes of up to 20,000 feet. Back
Defense Update posts about Controp:
The Russian Emergencies Ministry signed a $330 million contract with the Beriev design bureau for the procurement of eight Be-200 Altair amphibious planes configured for firefighting. The Russian news agency Novosti reports. The Altair is the largest multipurpose amphibious aircraft currently operational. This acquisition comes as a quick reaction to the criticism of Russian authorities failing to contain wildfires raging through western Russia for two months in the summer of 2010.
Forest and peat bog fires raged in European Russia in July-August 2010 killing more than 50 people and destroying thousands of homes and crops in open farmland. The role of aerial firefighting with Be-200 amphibious planes was made clear when Prime Minister Vladimir Putin took part in putting out wildfires in Ryazan Region on board a Be-200. On this flight, the aircraft scooped up water from the nearby Oka River and dumped it on the flames.
The aircraft designed by the Taganrog-based Beriev Aviation Scientific-Technical Complex (TANTK) can be configured for fire fighting missions, search and rescue, maritime patrol, cargo and passenger transportation. In this configuration the Altair can hold 12 tons of water mixed fire retardant agents, dispersing its cargo over wildfires in areas difficult for access by other means of fire fighting.
Beriev is one of the world’s pioneers of amphibious flight. The company introduced its first amphibian aircraft in 1932 and is currently marketing the firefighting version of the BE-200 worldwide. BE-200 firefighters were demonstrated in the USA, and participated in active firefighting campaigns in Spain and Greece.
In April 2010 the U.S. subsidiary of the Australian company Metal Storm has won a $1.48 development contract, awarded by the U.S. Marine Corps, for the development and demonstration of Mission Payload Module for the Non Lethal Weapon System (MPM-NLWS). The system is based on Metal Storm’s FireStorm weapon system.
This weapon addresses the corps’ requirement for an effective crowd control weapon, enabling a single HMMWV to cover a wide area. The system and payload should be effective at distances of 30-150 meters, disperse over 25 m2 or more within 4-8 seconds and incapacitate 75% of personnel within this target area for a minimum duration of 20 seconds or up to five minutes. The Marines intend to buy an initial batch of 312 MPM-NLWS in the first acquisition spiral. For this contract we lead a team including BAE Systems.
Originally, FireStorm was designed as a four barrel, 24 shot automatic grenade launcher, based on the EOS multi-purpose remotely controlled weapon station. The Marines will be able to tailor the system to their requirements, stacking 10, 15, or even 30 barrels on each platform, depending on specific requirements. For the demonstration testing the NLWS will be attached to the overhead gun shield also known as the Marine Corps Transparent Armored Gun Shield or MCTAGS. The FireStorm can fire both lethal and non-lethal munitions. For the non lethal munitions, different munitions could be used to deliver a wide range of effects, with frangible impact node, irritant, cargo rounds and advanced airburst flash-bang projectiles. The same system can also fire lethal grenades as well.
In April 2010 General Dynamics Ordnance and Tactical Systems (GD-OTS) has won a $3 million contract for a technology demonstration (TD) and evaluation of its competing MPM-NLWS candidate system known as ‘Medusa’, developed in cooperation with ATK Aerospace Systems.
The GD-OTS ATK team plans to modify the advanced 66mm grenade and launcher technology to provide improved counter-personnel and non-lethal capabilities that temporarily incapacitate targets through intense light, sound and pressure stimuli.
The Medusa uses an articulated launcher and fire control system, firing non-lethal grenade munitions with electronic, in-tube, range-programmable fuzing that provides precision placement of the non-lethal effect. In addition to the new MPM, the launcher will retain its capability to deploy the current inventory of 66mm non-lethal and obscuration-effect.