Archive for July 31, 2017

Russian Airline "S7 Airlines" started using blockchain to issue tickets

"Alfa-Bank" and "S7 Airlines" started the innovative block chain platform for automation of commercial transactions, namely the sale of air tickets.

The solution implemented by companies, is based on the Ethereum platform to create decentralized online services on the basis of the block chain.

Reportedly, the calculation speed increased from 14 days to a record 23 seconds. Thus, the airline does not provide deferred payment to agent and gaines revenue immediately after booking the ticket. The agent, in turn, is free of a Bank Guarantee paperwork.

Moreover, the implementation of block chain allows to minimize a human factor and to increase the reliability of transactions.

In the future S7 Airlines hops to extend the scope of the block chain platform. The suppliers of fuel and food, for example, can be engaged in the project.

 - Christina

Flaws in Radiation Monitoring Devices, Vendors decline to fix them

Ruben Santamarta, the principal security consultant for IOActive, has found various Black Hat vulnerabilities in multiple product models of nuclear Radiation Monitoring Devices (RDMs) from three vendors, including Digi, Ludlum and Mirion, who when contacted by the researcher, declined to fix the reported flaws, each for various reasons.

According to research unveiled at Black Hat USA 2017 on Wednesday, these flaws present a potential mechanism for triggering false alarms and worse. Santamarta's research, which is accompanied by a whitepaper, focused on testing software and hardware, firmware reverse engineering and radio frequency analysis.

Santamarta says he tested various radiation monitor models, from massive car and human scanning portals to small sensor boxes that engineers pin on walls across a nuclear power plant's building complex.

RDMs are used to monitor the radiation found in critical infrastructure, such as nuclear power plants, sea ports, borders, and even hospitals. While these are edge case scenarios, radiation monitors are generally used to detect when nuclear power plant employees try to smuggle radioactive material out of their compound, and when someone attempts to cross the border with radioactive equipment and/or materials. 

However, like many Internet of Things devices, security shortcomings provide a means to subvert their operation. This type of equipment is quite critical as it provides an early alarm system for radiation spikes in nuclear power plants, but also the presence of dirty bombs in a city's range.

Inspection of software that ships with the Model 53 Gamma Personnel Portal from Ludlum revealed a backdoor password. "As a result, malicious personnel can bypass the RPM's authentication and take control of the device, which could be used to disable it, thus preventing the RPM from triggering proper alarms," Santamarta warned.

Ludlum's gate monitors – Model 4525 – for vehicle inspection, lack any security measure for data communication. Any attacker on the adjacent network can change the device's network settings, which opens the door to multiple attacks. Worse yet, the device communicates via cleartext, so attackers would be able to falsify readings, disable alarms, or perform any other originally supported operation.

Attackers could falsify measurement readings to simulate a radiation leak, tricking authorities to give incorrect evacuation directions, or increasing the time an attack against a nuclear facility or an attack involving a radioactive material remains undetected by sending normal readings to deceive operators.

“Failed evacuations, concealed persistent attacks and stealth man-in-the-middle attacks are just a few of the risks I flagged in my research,” said Santamarta. “Being able to properly and accurately detect radiation levels, is imperative in preventing harm to those at or near nuclear plants and other critical facilities, as well as for ensuring radioactive materials are not smuggled across borders.”

Santamarta says he contacted all three vendors. Below are the responses he got from the manufacturers:

Digi acknowledged the report, but will not fix the issues as they do not consider them security issues.

Ludlum acknowledged the report, but refused to address the issues. According to them, these devices are located in secure facilities, which is enough to prevent exploitation.

Mirion acknowledged the vulnerabilities, but will not patch them as it would break WRM2 interoperability. Mirion contacted their customers to warn of this situation. They will work in the future to add additional security measures.

UIDAI files FIR against Ola Money

The Unique Identification Authority of India (UIDAI) has reportedly registered a FIR  against a private company for allegedly misusing  Aadhaar card data from the UIDAI's website.

The Bengaluru police have filed the FIR against Chennai-based Qarth Technologies, which was acquired by cab aggregator Ola in March 2016,  strengthen Ola's mobile wallet service, Ola money.

The complaint was registered against Qarth co-founder Abhinav Srivastava on Wednesday after the requests Ashok Lenin, Deputy Director of UIDAI’s regional office at Bengaluru.

“Qarth workers have developed an app and access details on the Aadhaar website without authentication and provided the same as e-KYC details. The accused has joined hands with miscreants in leaking Aadhaar information and illegally using the same,” he said.

The FIR has been registered under different sections, including 37 and 38 of Aadhar Act 2016, Sections 65 and 66 of IT Act of 2000, and IPC Sections 120 B, 468 and 271. Finally, the case has been transferred to cyber crime police on Thursday.

Clarifying on the complaint, Ola released a statement saying, "Ola has neither commissioned nor is involved in any such activity. No such complaint has been brought to our notice.“

Government entities to be protected by Firewall

According to the sources, the Indian government is considering the establishment of the defensive firewall at the national level for protecting data servers of state owned banks and companies. The contemplated action is a defensive measure against cyber attacks against India's key institutions where data sensitivity is very high. After the recent global ransomware attacks that affected various countries and led to data destruction and blackmail demands, the government is considering this step as a defensive measure, according to the sources.

According to one of the officials, "A meeting was held which was attended by some senior members of the ministry of electronics and information technology and (cyber security chief) Gulshan Rai","Pros and cons of a national firewall were discussed at the meeting." After the Petya or Petwrap attacks, the meeting held in June. However, the scientists at the ministry of electronics and information technology Gulshan Rai and AK Garg, didn't respond to queries. 

"One point which was raised in the meeting was mistrust of multinationals of such a firewall since their sensitive data could be monitored by a country," said of the official. Many international companies and banks have reservations about operating in countries where they fear data could be compromised. 

Cybercrimes on state infrastructure have increased in the last two years, said the person. "State-owned companies, banks and government websites and servers would first be protected by the national firewall." 
"What India needs is not just a post-incident reaction but proactive monitoring and defense mechanisms against cyber attacks, whether state sponsored or by hackers," said Amit Jaju, partner, cyber forensics, data analytics, EY. 

"There is a spike in the cyber attacks emanating from countries in the last few years, and while these attacks are planned, they take an opportunity of an incident and happen around that time," said Altaf Halde, MD for South Asia at Kaspersky Lab, a Russian cyber security and anti-virus provider. "While a firewall may be able to give some protection, but the way we use the internet, the attackers may be able to bypass these protections, and so it is important to have a multi-layered protection." 

Citadel Trojan Developer Jailed For 5 Years

(pc-Google Images)
A Russian cyber-criminal has been sentenced to five years behind bars in the United States for his part in developing the Citadel information-stealing malware.

Mark Vartanyan, also known by his online moniker “Kolypto”, was sentenced by a US District Court in Atlanta.

(pc-Google Images)
Vartanyan was extradited from Norway to the United States in December 2016, when he was 28 years old. While Vartanyan admitted to providing software development expertise to help refine Citadel, it's not clear if he was a major player in the cybercrime ring behind the malware.

The Citadel malware is a banking Trojan. It’s used by crooks to steal banking credentials and extort money. According to some estimates, the malware was used to steal about half a billion dollars. The malware was distributed in Russian underground forums, in which Kolypto was very active. The original code for Citadel borrowed heavily from the ZeuS banking Trojan.

The Justice Department has tied Citadel botnets to infections of 11 million PCs worldwide that caused more than $500 million in fraud.