http://m.washingtonpost.com/business/technology/2013/12/06/352ba174-5397-11e... Noticed this tonight.. Not saying the WP is always on target, but what software could be installed via a browser on any computer to gather all of that data? And how would it be done without the OS speaking up about it? Far fetched.. Or do the Firefox / chrome guys have some 'splainin to do? Sent from my Mobile Device.
The wording sounds like it was tied to his yahoo account Tammy Sent from my iPhone On Dec 8, 2013, at 1:24, Warren Bailey <wbailey@satelliteintelligencegroup.com> wrote:
http://m.washingtonpost.com/business/technology/2013/12/06/352ba174-5397-11e...
Noticed this tonight.. Not saying the WP is always on target, but what software could be installed via a browser on any computer to gather all of that data? And how would it be done without the OS speaking up about it? Far fetched.. Or do the Firefox / chrome guys have some 'splainin to do?
Sent from my Mobile Device.
On 12/08, Warren Bailey wrote:
http://m.washingtonpost.com/business/technology/2013/12/06/352ba174-5397-11e...
Noticed this tonight.. Not saying the WP is always on target, but what software could be installed via a browser on any computer to gather all of that data? And how would it be done without the OS speaking up about it? Far fetched.. Or do the Firefox / chrome guys have some 'splainin to do?
My first thought as I read the article Friday evening was that they were attempting to exploit a vulnerability in a popular application (first guess: Adobe Flash) in order to execute arbitrary code -- at which point they have full control of the victim's PC and can do (or install) whatever they want. "A software update to a program the surveillance software was planning to target, meanwhile, raised fears of a malfunction, forcing the FBI to refashion its malicious software before sending it to Mo’s computer." However, the article also states that: "Federal magistrate Judge Kathleen M. Tafoya approved the FBI’s search warrant request on Dec. 11, 2012, ..." "The surveillance software was sent across the Internet on Dec. 14, 2012 ..." December 11, 2012 fell on a Tuesday. More specifically, it fell on the second Tuesday of the month, a.k.a. "Patch Tuesday". Perhaps it was a vulnerability in Microsoft Windows itself, then, that they were attempting to exploit? Six of the seven vulnerabilities fixed that month "could allow remote code execution". Internet Explorer and Microsoft Office were among the affected software, according to http://technet.microsoft.com/en-us/security/bulletin/ms12-dec. "... but the FBI’s program didn’t function properly, ..." Oops. /p
On 12/8/13, Warren Bailey wrote:
http://m.washingtonpost.com/business/technology/2013/12/06/352ba174-5397-11e...
Noticed this tonight.. Not saying the WP is always on target, but what software could be installed via a browser on any computer to gather all of that data? And how would it be done without the OS speaking up about it? Far fetched.. Or do the Firefox / chrome guys have some 'splainin to do?
"The goal of the software was to gather a range of information — Web sites he had visited and indicators of the location of the computer..." That's available from just the browser - don't need to install any software on the computer. Altho if the browser is exploitable http://www.wired.com/threatlevel/2013/08/freedom-hosting/ The malware showed up Sunday morning on multiple websites hosted by the anonymous hosting company Freedom Hosting. That would normally be considered a blatantly criminal “drive-by” hack attack, but nobody’s calling in the FBI this time. The FBI is the prime suspect. https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html To be clear, while the Firefox vulnerability is cross-platform, the attack code is Windows-specific. Regards, Lee
http://m.washingtonpost.com/business/technology/2013/12/06/352ba174-5397-11e...
Noticed this tonight.. Not saying the WP is always on target, but what software could be installed via a browser on any computer to gather all of that data? And how would it be done without the OS speaking up about it? Far fetched.. Or do the Firefox / chrome guys have some 'splainin to do? Let's remember that the information in the article was filtered through no less than two people who don't fully speak tech. I think I can
On 13-12-08 03:24 AM, Warren Bailey wrote: translate it back: «The FBI crafted a custom piece of malware targeting Mo, designed to snoop his activities . A link was emailed to Mo in a spear phishing attack in an attempt to get hin to download and install the malware from the FBI's monitored servers. The attempt failed; the software was downloaded but never executed in a manner enabling the software to send back information to the FBI.» Nothing too special. I wonder if Mo had the balls to submit the software to Sophos etc. for malware analysis. :) M. -- Michael Brown | The true sysadmin does not adjust his behaviour Systems Administrator | to fit the machine. He adjusts the machine michael@supermathie.net | until it behaves properly. With a hammer, | if necessary. - Brian
On Sun, Dec 8, 2013 at 2:24 AM, Warren Bailey < wbailey@satelliteintelligencegroup.com> wrote:
Noticed this tonight.. Not saying the WP is always on target, but what software could be installed via a browser on any computer to gather all of that data? And how would it be done without the OS speaking up about it? Far fetched.. Or do the Firefox / chrome guys have
Not really; it's well within the realm of possibility, and not even unlikely. The answer about what software could be installed that way, would be taylor-made covert software; plenty of that is known to exist. Law enforcement would have it well within their ability to potentially intercept and modify traffic on web pages accessed by the user, and inject targetted exploits into the user's in-flight data connections. Software can be installed via the browser through a variety of vectors; mostly vulnerabilities leveraging Javascript, browser-specific flaws, viewer flaws, API flaws such as fonts, or plugins such as Java, Silverlight, Flash, Quicktime, or Adobe reader. Then a sandbox defeat, and privilege escalation using a variety of unpublished exploit techniques. Once that has occured; software may be deployed undetectably and persistently in a variety of ways. A payload specific to the target may be downloaded and configured in the background. It is also possible, that the malware may simply modify existing programs such as the operating system running in RAM --- diskless malware that doesn't save a copy of itself, but reinfects the system after a reboot, when the user browses the web again, and the exploit kit is launched again. -- -JH
participants (6)
-
/dev/ph0b0s
-
Jimmy Hess
-
Lee
-
Michael Brown
-
Tammy Firefly
-
Warren Bailey