China Finally Admits It Has Army of Hackers

China finally admits it has special cyber warfare units — and a lot of them.
From years China has been suspected by U.S. and many other countries for carrying out several high-profile cyber attacks, but every time the country strongly denied the claims. However, for the first time the country has admitted that it does have cyber warfare divisions – several of them, in fact.
In the latest updated edition of a PLA publication called The Science of Military Strategy, China finally broke its silence and openly talked about its digital spying and network attack capabilities and clearly stated that it has specialized units devoted to wage war on computer networks.


An expert on Chinese military strategy at the Center for Intelligence Research and Analysis, Joe McReynolds told TDB that this is the first time when China has explicit acknowledged that it has secretive cyber-warfare units, on both the military as well as civilian-government sides.
CHINESE CYBER WARFARE UNITS
According to McReynolds, China has three types of operational military units:
Specialized military forces to fight the network -- The unit designed to carry out defensive and offensive network attacks.
Groups of experts from civil society organizations -- The unit has number of specialists from civilian organizations – including the Ministry of State Security (its like China’s CIA), and the Ministry of Public Security (its like FBI) – who are authorized to conduct military leadership network operations.
External entities -- The unit sounds a lot like hacking-for-hire mercenaries and contains non-government entities (state-sponsored hackers) that can be organized and mobilized for network warfare operations.
According to experts, all the above units are utilized in civil cyber operations, including industrial espionage against US private companies to steal their secrets.
"It means that the Chinese have discarded their fig leaf of quasi-plausible deniability," McReynolds said. "As recently as 2013, official PLA [People's Liberation Army] publications have issued blanket denials such as, 'The Chinese military has never supported any hacker attack or hacking activities.' They can't make that claim anymore."
CHINESE CYBER UNIT 61398
In 2013, American private security firm Mandiant published a 60-page report that detailed about the notorious Chinese hacking group 'Unit 61398', suspected of waging cyber warfare against American companies, organizations and government agencies from or near a 12-story building on the outskirts of Shanghai.
The UNIT 61398 also targeted a number of government agencies and companies whose databases contain vast and detailed information about critical United States infrastructure, including pipelines, transmission lines and power generation facilities.
MOST WANTED CHINESE HACKERS
Last year, the United States filed criminal charges against five Chinese military officials, named Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui, for hacking and conducting cyber espionage against several American companies.
The alleged hackers were said to have worked with the PLA’s Unit 61398 in Shanghai. Among spying on U.S companies and stealing trade secrets, they had also accused for stealing information about a nuclear power plant design and a solar panel company’s cost and pricing data.

FREAK' — New SSL/TLS Vulnerability Explained

Another new widespread and disastrous SSL/TLS vulnerability has been uncovered that for over a decade left Millions of users of Apple and Android devices vulnerable to man-in-the-middle attacks on encrypted traffic when they visited supposedly 'secured' websites, including the official websites of the White House, FBI and National Security Agency.

Dubbed the "FREAK" vulnerability (CVE-2015-0204) - also known as Factoring Attack on RSA-EXPORT Keys - enables hackers or intelligence agencies to force clients to use older, weaker encryption i.e. also known as the export-grade key or 512-bit RSA keys.

FREAK vulnerability discovered by security researchers of French Institute for Research in Computer Science and Automation (Inria) and Microsoft, resides in OpenSSL versions 1.01k and earlier, and Apple's Secure Transport.

90s WEAK EXPORT-GRADE ENCRYPTION

Back in 1990s, the US government attempted to regulate the export of products utilizing "strong" encryption and devices were loaded with weaker "export-grade" encryption before being shipped out of the country.

At that time, it was allowed a maximum key length of 512 bits for "export-grade" encryption. Later in 2000, with the modification of the US export laws, vendors were able to include 128-bit ciphers in their products and were able to distribute these all over the world.

The only problem is that "export-grade" cryptography support was never removed and now three decades later, FREAK vulnerability make it significantly easier for hackers to decode the website’s private key and decrypt passwords, login cookies, and other sensitive information from HTTPS connections.

HOW FREAK VULNERABILITY WORKS ?

Assistant Research Professor Matthew Green of Johns Hopkins University's Information Security Institute in Maryland summarizes the FREAK vulnerability in ablog post detailing how a hacker could perform MitM attack:

• In the client's Hello message, it asks for a standard 'RSA' ciphersuite.
• The MITM attacker changes this message to ask for 'export RSA'.
• The server responds with a 512-bit export RSA key, signed with its long-term key.
• The client accepts this weak key due to the OpenSSL/Secure Transport bug.
• The attacker factors the RSA modulus to recover the corresponding RSA decryption key.
• When the client encrypts the 'pre-master secret' to the server, the attacker can now decrypt it to recover the TLS 'master secret'.
• From here on out, the attacker sees plain text and can inject anything it wants.

36% SSL WEBSITES VULNERABLE TO HACKERS

A scan of more than 14 million websites that support the SSL/TLS protocols found that more than 36% of them were vulnerable to the decryption attacks that support RSA export cipher suites (e.g., TLS_RSA_EXPORT_WITH_DES40_CBC_SHA).

Cracking a 512-bit key back in the '90s would have required access to supercomputers of that time, but today, it can be done in seven hours and cost nearly $100 per website only.

It is possible to carry out FREAK vulnerability attack when a user running a vulnerable device — currently includes Android smartphones, iPhones and Macs running Apple's OS X operating system — connects to a vulnerable HTTPS-protected website. At the moment, Windows and Linux end-user devices were not believed to be affected.

'FREAK' VULNERABILITY SIMILAR TO 'POODLE'

FREAK vulnerability is similar to last year's POODLE flaw or Padding Oracle On Downgraded Legacy Encryption, which allowed hackers to downgrade the entire SSL/TLS Internet-communication security suite to the weakest possible version. FREAK affects only those SSL/TLS implementations that accept export versions of protocols that use the RSA encryption algorithm.

Security researchers are maintaining a list of top vulnerable websites and encourage web server administrators to disable support for export suites, including all known insecure ciphers, and enable forward secrecy.

You can also use an Online SSL FREAK Testing Tool to check whether a website is vulnerable or not.

APPLE AND GOOGLE PLANS TO FIX FREAK

Google said an Android patch has already been distributed to partners. Meanwhile, Google is also calling on all websites to disable support for export certificates.

Apple also responded to the FREAK vulnerability and released a statement that, "We have a fix in iOS and OS X that will be available in software updates next week."

Courtesy: THN