Tax heaven is also a hacker playground – Bermuda

Perhaps the legal firm Mossack Fonseca data breaches incident is a history. However headline news reveal another similar case which was happened on November last year.I was shock that Mossack Fonseca encountered data breach which astonish the world since Tycoon and famous people like President of Russia Putin virama was included in their customer list.  A slogan told that a Tax heaven is also a hacker playground. It looks that legal firm only know how to use law regulations to protect their client. On the other hand, former cyber security incident shown that they are ignore the technology risks. In the meantime, we receive the news on newspaper that a cyber attack encountered on their database November last year (2016). But sounds like another important factor might bring to their attentions. For instance, it is easy to find the lawyer public email address because of their business operation model. Such business running model let hacker easy to obtained the email address. A easy way to make use of email phishing techniques let receiver become a victim. Hacker will receive the credential after compromised the email account. As a result, it is easy to drawout the data. About the detail, please refer below url for reference. 

Another story of offshore law firm data leakage. The firm encountered cyber attack on Nov 2016.
The information released the news this month.

Existing encryption scheme looks have space to enhance – X.931security breach

The implementation of existing encryption scheme looks have space to enhance. Another bug has been found on X.931. It looks that the vulnerability found on encryption machanism last few months reveal the bottleneck in IT environment. Can you still remember that our Hero Edward Snowden alert. He was told that cyber espionage or government will relies ob backdoor of device or application to execute their task. A scandal reveal security vendor use the weak crypto scheme benefits to NSA to receive government contract.  Perhaps we did not focus on encryption mechanism since we believed that we are secure once we make it. However the design limitation is the cache. No matter  it is a hardware or software. Hacker relies on temporary cache retrieve the SSL key then execute man-in-the middle attack in antivirus software. A private key found on chipset which make more than million of mobile devices in security breach. My imagination of conspiracy theory, it looks that Hero Snowden and wikileak reveal how  NSA doing the surveillance program.  Since secret expose and therefore they are not going to use anymore. As a result more and more scandal or unknown bug will be open to public.  Below url will provides hints to you for reference.

RTOS(real-time operating system) is under attack. Do you think it is the 2nd round of test?

The terms IoT (Internet of things) looks a messed transformation of specifics definition. The suitable criteria to define a IoT component is that for a device demand data be processed without buffering delays. If you have habits read technology post daily. We known that IT security vendor (checkpoint) alert the world that a new IoT botneck is going to jeopardizing the world. Since the case is under their investigation. My personal opinion is that the specifics attacks focus on RTOS(real-time operating system). For instance, web cam, router, smart city facilities. I strongly believed that Microsoft not the major target. Since RTOS devices has large coverage on simplified linux base OS platform.  Keep your eye open, you might seen the result of reaper IoT attack relies on shellshock vulnerabilities and bruteforce attacks.In additional, if the device found vulnerabilities on the kernel. The malicious code will relies on it. Below url can provides the details to you in this regard. Perhaps we have more and more electronic computing devices supporting to our life daily. The hostile country engage the attack to suspend the daily operations of the enemy looks better than a bomb or military threatening.

INFINEON chip design flaw – not vulnerable in ECC, flaw only encountered on RSA

Bitcoin technology looks luck this round since INFINEON chip design flaw – not vulnerable in ECC (Elliptic Curve Cryptography), flaw only encountered on RSA.


The flaw resides in the Infineon-developed RSA Library version v1.02.013. A design weakness has been found. A vulnerability in an implementation of RSA Key Generation could allow private encryption key disclosure.

This vulnerability affects any products using the affected code library “RSA Library version v1.02.013” developed by Infineon Technologies. Keys generated with smartcards or embedded devices using the Infineon library are vulnerable, as well as devices certified by NIST FIPS 140-2 and CC EAL 5+.

Queries of this vulnerability – in regards to so called security regulatory standard

It is hard to believe that a tough and harsh security requirements issued by NIST (FIPS 140-2) and Common Criteria. However the certified products are also the victim.

Do you think is there a verification and identification gap in between hardware vendor and security authority? And therefore such embarrass status happened today.

Known effect areas:


Component: Smartcards (manufacturers using Infineon smartcard chips and TPMs)


Component: Smartcards and IoT devices (manufacturers using Infineon smartcard chips and TPMs)

Home Users:

Component: IoT (manufacturers using Infineon smartcard chips and TPMs)

Vendor announcement:

Laptops and mobile devices use Trusted Platform Module (TPM) hardware chips with the affected encryption key code library. For instance Google, Microsoft, HP, Lenovo, and Fujitsu. They claimed that the have patched their respective software.


Should you have interest in related topic, please refer to below url for reference.

WPA2 vulnerability found. But online Banking system customer do not shock.


WPA2 vulnerability found. But online Banking system customer do not shock. Take it easy. The WPA2 wireless encryption scheme looks secure before specifics vulnerability occurred. Security expert found that hacker is able to relies on 3rd handshake doing injection which causes man-in-the-middle of attack. As a result your wireless network data traffic will be hunted by hacker. The data includes on-line banking credentials, social media credentials,….etc. But if you think it over. The SSL tunnel end point of online banking web application is seat on your mobile. Hacker must install the web server SSL public PKI key certificate in the 1st phase, otherwise he cannot view the data embedded in the traffic pattern. Perhaps hacker already install the public cert. However a HSM will be protect your password from online banking system. Since password will be shown as random code. Hacker cannot reuse. How about VISA 3D secure method? You will receive SMS alert of your payment transactions finally. You can verify by yourself.  For more detail about the WPA2 vulnerability, please refer below url for reference.

How will be effect to cyber world – a scandal from Microsoft

Reuters interviews with Microsoft former employees. A scandal given by former employees was that Microsoft responded quietly after detecting secret database hack in 2013. It looks that this is official commercial tactics. I have no surprise that hackers relies on known bug on vendor bug track database to formula new generation of virus. Believe it or not, we seen this virus already. We all know that the 1st version of Ransomware development relies on Microsoft bug which found by United Stated National Security Agency. The scandal happened this month. We have more and more news update afterwards. For more details about the journalist interviews.. Please see below url for reference. 

Reminder: Oct 2000 – Microsoft admits that its corporate network has been hacked and source code for future windows products has been seen. Hacker suspected to be from St. Petersburg.


Potential risk of CVE-2017-15265

CVE-2017-15265 found on Linux causes privileges escalation. Cisco expert found that it the vulnerability is due to a use-after-free memory error in the ALSA .The ALSA Framework design for audio function. However Android and IoT devices are deployed the ALSA framework on demand. Since Cisco do not have sound on their router, network switch, IDS and firewall devices. However hacker is able to use this vulnerability on all Linux OS platform. No one can say this is only a critical incident. This design weakness jeopardizing the IT world. Keep your eye open. Perhaps there are under going cyber attacks or data leakages cases relies on this design weakness which infiltrate the victim devices.However we do not find yet till now! For details of this vulnerability, Cisco provides their findings. Please refer below url for reference.


The art of cyberwar – Internet of things (IoT)


The art of war (孫子兵法) written by Sun Tzu. The Art of War is an ancient Chinese military treatise dating from the Spring and Autumn period in 5th century BC. The work, which is attributed to the ancient Chinese military strategist Sun Tzu, is composed of 13 chapters. Perhaps the art of cyberwar do not have author. It is created by Artificial Intelligence.

The art of cyberwar first chapter (IoT Operating System)

The foundation of Open Systems Interconnection model strengthen the technology world. A common standard categorized software application, network protocol, network communications and hardware. Perhaps the standard founded in 1983. However it become mature till earlier of 90’s.

Obviously the situation of Internet of things (IoT) have certain similarity comparing with 80’s technology world. Since such period of time the vendor not intend enforce OSI model standard.

The Internet of Things presents a new set of data storage. Meanwhile it create cyber security challenges. First, there is large-file data, such as images and videos captured from smartphones and other devices. The second data type is very small, for example, log-file data generated from sensors. The operation system will be embedded on Flash Drive and SD Ram. Be my guest, let’s take a closer look of popular IoT OS system.

The art of cyberwar 2nd chapter

What are the parameters for selecting a suitable IoT Operating System.

Yes, it is the memory requirement and OS footprint.

The art of cyberwar 3rd chapter

Due to the Design limitation of free disk space and API library. And therefore it limit the types of cyber attack.

The art of cyberwar 4th chapter

IoT Jeopardize the world records (see below):

The art of cyberwar 5th chapter

This chapter looks straight forward. A common standard is waiting for all of you especially software developer and vendor define!

Not a sophisticated technique, but it got his way to compromised ATM windows OS machine


Not a pulp fiction! Kaspersky Lab found that the latest generation of Malware focus in Bank ATM machine attack operate lightweight and simple. But we known that ATM machine was hardening the connectivity. May be you will be interested? In what way let the machine compromised?

Introduction to Bank ATM malware types (malware found since 2015)

i. Rufus – a malicious code used to clean out ATMs running outdated Windows XP software across states.

ii. GreenDispenser – GreenDispenser attempts to query the microsoft windows registry location (see below) to find the peripheral name for the cash dispenser.


The malware will make a call to WFSExecute with the command set to WFS_CMD_CDM_DISPENSE” and a timeout of 12000 to dispense cash (see above picture). GreenDispenser capable to execute the sdelete to remove itself from the ATM.

iii. Ploutus – Ploutus enabled criminals to empty ATMs using either an external keyboard attached to the machine or via SMS message. It could run on ATMs running the Windows 10, Windows 8, Windows 7 and XP operating systems. The attack targer aim to control Diebold ATMs.

iv. SUCEFUL – The (SUCEFUL) malware target design to attacks Diebold and NCR ATMs machines.The malicious code features are capable to do the following:

  1. Reading data from the chip of the card
  2. Control of the malware via ATM PIN pad
  3. Suppressing ATM sensors to avoid detection

v. Skimer – Skimer was distributed extensively between 2010 and 2013. Its appearance resulted in a drastic increase in the number of attacks against ATMs, with up to nine different malware families identified by Kaspersky Lab. The criminal (Skimer) group using social engineering technique implant malware to the ATM system through physical access, or via the bank’s internal network.

Another way to make machine vulnerable especially Windows Operating System


  • Infection technique through phishing, embedded malware in MS-word document ,download malware infection file and visit compromised website.
  • Try to infect server especially WSUS server
  • Compromise ATM machines through software path management and ATM application software update
  • ATM windows operating system compromised
  • As a result, the ATM machine might become crazy!


Protect Yourself:

It is better to use the ATM machine inside of a bank lobby.


Should you have interest to elaborate more, please read below details.

ATM thieves are all in jail. Can you tell me that bank ATM environments are safe now?

Do you think Kaspersky is a Scapegoat?


U.S. Orders Federal Agencies to Remove Kaspersky Software Over Security Concerns!

Discussion topics – Do you think Kaspersky is a Scapegoat?

Headlines news told that Eugene Kaspersky trained by former USSR KGB. For some potential reason predicted that his antivirus product design intend to collect the computer privacy thus doing the surveillance activities. From my personal opinion is that defendant Kaspersky might not engaged such treason activities. My stand points are shown below:

Allegation of their design mechanism similar as a Russian proxy

Below details highlights is the investigation team by US government written on incident report.

US investigators believe the contractor's use of the software alerted Russian hackers to the presence of files that may have been taken from the NSA, according to people with knowledge of the investigation. Experts said the software, in searching for malicious code, may have found samples of it in the data the contractor removed from the NSA.

But how the antivirus system made that determination is unclear, such as whether Kaspersky technicians programed the software to look for specific parameters that indicated NSA material. Also unclear is whether Kaspersky employees alerted the Russian government to the finding.

My bold hypothesis to object above speculations

We known the well-known names such as Symantec, McAfee and AVG may contains inherent risks and letting hackers and criminals secretly access your PC. What is the inherent risks will be encountered? Let’s take a quick closer look see whether you can find hints in this regard.

I. Design limitation and defense mechanism

a. Vulnerability (Design limitation)

For instance, Symantec anti-virus products found multiple vulnerabilities by Google researcher. The flaws affected both Mac and Windows PCs, and could be triggered simply by emailing a file to someone or sending them a link to a malicious website. The historical records are displayed below:

May 2016 – Symantec/Norton Antivirus ASPack Remote Heap/Pool memory corruption Vulnerability CVE-2016-2208 (see below url for reference)

Jan 2017 – Google Security Researcher Finds Serious Vulnerability In Kaspersky’s TLS Interception Tool

Hacker wants to intercept traffic, for which the 32bit key is 0xdeadbeef.
Step 1: Hacker sends you the real leaf certificate for, which Kasperksy validates and then generates its own certificate and key for.
Step 2: On the next connection, hacker sends you a colliding valid certificate with key 0xdeadbeef, for any commonName (lets say
Step 3: Now hacker redirects DNS for to, Kaspersky starts using their cached certificate and the attacker has complete control of
Step 4: vulnerability occurred
b. Defense mechanism

Since a kernel hook method so called kernel hook bypassing engine.


  • Attacker can use the system call instruction directly without calling of Windows API
  • Malicious code can be passed to the AntiVirus through the hooks functions for analysis and as soon as it bypass the security checks.

In order to avoid this rootkit or antivirus bypassing incident occurs, anti-virus manufacturer better stand in front of any boot loader processes. And therefore it will using so called in proper hook technique to governance the overall activities. As a result antivirus program including build in IDP, malware detector will be received more privileges. From technical point of view, it is not possible to do it if anti-virus itself not hook to all core kernel process.

This is the major concerns of many informaiton security experts. But be reminded that such design feature not the only one make by Kaspersky. Other anti-virus vendors are using the same design of mechanism.

From general principal of common law system, benefit of the doubt goes to defendant.

II.  The company not loyal to Russia in regards to past cyber detection behaviors

a. Detection of Russia area APT activities

Above APT Trends report Q2 2017 statistic diagram issued by KASPERSKY. We did not seen the company intend to hide cyber security attacks given by Russia area. Meanwhile, the report highlight that the second quarter of 2017 has seen multiple incidents involving Russian-speaking threat actors. Topping the list of ‘attention grabbers’ were the Sofacy and Turla threat actors. Should you have interest, please feel free to review the specify report in below url

b. Russia arrests top cyber security expert amid allegations of treason

There is not require for me to mention of this matter, for more detail please refer below headline news posted by

Russia arrests Kasperky cyber security expert amid allegations of treason


My observation cannot guarantee will be generated false positive (incorrect) on this matter, however above items of evidence looks that the company is a Scapegoat!