Snowden's Latest

The latest revelation by Snowden is a catalog of exploit tools used by the Joint Threat Research Intelligence Group.

It includes some really surprising, and in some ways awesome tools including (code names and short descriptions):

Birdsong - Automatic posting of twitter updates.

Godfather - Public data collection from Facebook

Mouth - Tool for collection of download files from a users archive.org.

Photon Torpedo - Technique to actively grab IP address of an MSN messenger user and many many more.

You can find the entire list here.

Meet Hidden Lynx: The most elite hacker crew you've never heard of...

Last June, one of the world’s most advanced hacker groups hit a problem. The US defence contractor whose systems it wanted to access only allowed a small set of trusted IP addresses to connect to their network. In an unusual move – hackers typically go for the low-hanging fruit – the group hacked the company that provided the IP white-listing service (Bit9), enabling it to forge access certificates.
This group, which calls itself Hidden Lynx, was given a vague face last week when antivirus software-maker Symantec released a report profiling it. Believed to be based in China, the group is known only through traces of malicious software bearing its mark found in the compromised computers of some of the world’s largest companies.

The Bit9 intrusion underscores the resourcefulness and persistence of the group. As thorough as that attack was, the hack was a mere detour taken on a longer path in a much more serious campaign. Dubbed VOHO, that campaign targeted US defence contractors. As it turned out, many of the VOHO targets used Bit9's application white-listing service to prevent malware infections.

When the Hidden Lynx attackers' progress was blocked by this obstacle, they reconsidered their options and found that the best way around the protection was to compromise the heart of the protection system itself and subvert it for their own purpose," Symantec analysts wrote. This is exactly what they did when they diverted their attention to Bit9 and breached their systems. Once breached, the attackers quickly found their way into the file signing infrastructure that was the foundation of the Bit9 protection model. They then used this system to sign a number of malware files and then these files were used in turn to compromise the true intended targets.

The group pioneered so-called watering hole attacks, which infect a site with malware in the hopes of compromising the high-value targets known to frequent it. Members wield advanced, zero-day attacks that exploit security vulnerabilities in Oracle's Java, Microsoft's Internet Explorer, and other widely used software frameworks or applications. The report said their tactics and exploits are far more advanced than those of the Comment Crew, a China-affiliated hacking crew that researchers from security firm Mandiant said has siphoned terabytes of sensitive data from 141 organizations over the past seven years. Hidden Lynx also wielded one of the trojans that was used by the group that breached Google and at least 34 other companies in 2010.

For the entire report from Symantec, click here.