#Stuxnet precursor still in the wild. Are you a carrier?

Middle East Cyber War
Standard

Did Iran figure out the exploit, has the magic turned on the magician, forcing Microsoft to issue an alert, or is this just (MS) window-dressing for the nuke talks?

Given the close date of the next Patch Tuesday for November, we [...] will probably have to wait until December –  Wolfgang Kandek, CTO, Qualys, Inc

Since we knew about this attack vector for a couple of years (at least) why did they wait so long? Whatever, if you didn’t already think about how this might affect you, or those you are directly or indirectly connected to, best to take some precautions.

What to do if, like the embargoed Iranians, you OR your contacts use older versions of MS Office, MS Word, and Windows:

  1. Set your email reader to NOT display images by default, since apparently this code tries to run even when only previewing email messages
  2. Do NOT send MS Word files as email attachments. Convert to plain text, RTF, WordPad, etc (NOT PDF) or share using an online application. Better yet, paste the plain text into your email.
  3. Do NOT preview, open, or forward MS Word file attachments.
  4. Microsoft is encouraging customers concerned with the risk associated with this vulnerability to deploy two fixes

More details:

Microsoft is investigating private reports of a vulnerability in the Microsoft Graphics component that affects Microsoft Windows Vista and Windows Server 2008, Microsoft Office 2003 through 2010 – in other words, the older versions of software organizations in Iran are  likely to be stuck with because of the sanctions against supplying technology to the regime – and all supported versions of Microsoft Lync. Microsoft is aware of targeted attacks, largely in the Middle East and South Asia, that attempt to exploit this vulnerability in Microsoft Office products that affects customers using them.

The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images. An attacker could exploit this vulnerability by convincing a user to preview or open a specially crafted email message, open a specially crafted file, or browse specially crafted web content. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker’s website, or by opening an attachment sent through email.

1 Jan 2013 Updates

New Year's stampede in Abidjan  (Reuters)
Standard

Libya says it will put Saif al-Islam Gaddafi and Abdallahal- Senussi on trial “within a month”

Western Sahara: Right to self-determination affirmed by UN, international consultations in 2013 to unlock conflict. The Western Sahara issue witnessed a rebound during 2012, particularly with publication of the UN Secretary General’s hard-hitting report, criticizing barriers imposed on the MINURSO mission by Moroccan authorities and by Morocco’s withdrawal of confidence in Christopher Ross, later changing position due to strong international pressure.

Al Jazeera has a new television reporter in Mauritania, our very own Baba Hourma (@bHourma). He does an excellent job in this clip about immigration

1 Jan 2012 Mauritania bans plastic bagsI hope Baba will do an item soon on the ban on plastic bags which came into force in Mauritania today, an attempt to eradicate the extreme pollution caused by an influx of almost 1 billion bags annually. The campaign includes activities to raise awareness, including flyers,  distribution of paper bags, an explanatory video and media coverage. Penalties include up to a year in prison, and fines of up to 1 million Ouguiya (Euro 2,500) for manufacturers, 500,000 for importers, and up to 10,000 for users of the illegal plastic bags or “Zazo” as they are called. This is an ambitious enterprise for a country which has failed to eradicate descendant slavery despite repeatedly criminalising it, and which recently approved a new law prohibiting coups d’etat, which are almost a national sport in Mauritania.

Kinross Gold’s drilling subcontractor, Capital Drilling Mauritania, is accused of breaking labour laws to discriminate against CGTM union members. Capital Drilling gave itself an award for ‘Commitment and Excellence in Safety’ in August 2012 for having completed 500 days without any “lost time incidents” (LTI).

Meanwhile, reports that Mauritania’s Central Bank is restricting access to significant values of both local and foreign currency raised many questions and concerns. What happened to the bumper reserves boasted of in the middle of 2012, and praised by the IMF? Is this the result of massive capital flight following the “shooting incident of October 13? These and other questions are still looking for answers.

Despite the endless reinforcement in press statements that US and European troops will be involved in any future conflict as trainers and advisers only, Mali FM told JeuneAfrique journalist @Babahmed1: “Our soldiers are already trained”. He also added that elections are unacceptable while rebels still occupy the north, and is anticipating a donor conference this month. Interim president Traoré said more or less the same thin in a New Year’s Day speech. What is the point of the UN Resolution if they have no intention of abiding by the provisions attached to it?

Stone-throwing Palestinian protesters carry an injured protester during clashes with Israeli security officers in the West Bank village of Tamoun, near the West Bank city of Jenin January 1, 2013. Clashes broke out after an Israeli military operation in the village on Tuesday. REUTERS/Ammar Awad

Stone-throwing Palestinian protesters carry an injured protester during clashes with Israeli security officers in the West Bank village of Tamoun, near the West Bank city of Jenin January 1, 2013. Clashes broke out after an Israeli military operation in the village on Tuesday. REUTERS/Ammar Awad

Israeli soldiers disguised as vegetable vendors raided the Palestinian village of Tammoun, north of Nablus city. The village has been repeatedly raided, leading to many arrests over several years.
Today’s clandestine operation and the subsequent arrest of Murad Bani Odeh, a member of Islamic Jihad, led to clashes with residents who threw stones. Soldiers replied with live ammunition, rubber bullets and tear gas. One man was hit in the eye with a tear gas canister and taken to hospital for treatment, and over 100 people suffered inhalation effects of tear gas. A state of siege is now being reported.

More than 60 people were killed in a stampede at a New Year’s Eve celebration in Ivory Coast‘s capital, Abidjan

New Year's stampede in Abidjan  (Reuters)

New Year’s stampede in Abidjan (Reuters)

Details of Tunisia‘s new government line up were published by Al Jazeera. Now they need new policies & attitudes.

Last but not least, today is a special day for the internet.

Happy 30th Anniversary, Internet and TCP/IP!

 

Stupid Movies, Dumb Moves

Image: Artstruck on deviantart.com
Standard

Today there is a big conference [ar] starting, organised by Mauritania’s Tewassoul party, with high-level delegates in attendance from many Arab states, including Tunisia, Kuwait, Palestine, Saudi Arabia, Morocco and Algeria. I’d expect increased security in and around Nouakchott, but have not seen the usual reports of any. Last night, the political opposition coalition held a licensed event which tens of thousands attended, but they were denied permission for a similar event a couple of weeks ago, with the authorities claiming the need to avoid large gatherings because of the security risks. Yet a few days ago, the American Embassy in Mauritania issued an oddly paranoid statement to nationals, warning them to be cautious in case of unrest or protests on or near December 14 and 19. These events are likely, they claim, because of the anticipated release of another film which is deliberately insulting to Muslims,  as well as a new video about Osama bin Laden.

The Embassy in Mauritania has a quiet little Facebook page that mainly posts friendly invitations to attend the regular sessions they host for throngs of hopeful student visa applicants at the “American Corner” of Nouakchott University. The statement is not posted on Facebook, and I would never have known about it, except for a tweet from the US State Dept’s travel advisory account:

To be honest, I had ignored an earlier “exclusive” report on a local website with little to commend it in the way of credibility, which claimed the embassy had sent all residents a warning note.

People in Mauritania were baffled by the embassy’s official warning. “When did we ever see a protest in Mauritania about bin Laden?” one asked. Another said “bin Laden is no prophet, people can make any film they want about him, and no one will care.” One replied to @TravelGov:

Bearing in mind that less than 5% of the population has internet access, and even then most of the time it’s like dial-up that has been heavily sedated,  there’s precious little chance either film will reach a sizeable audience even in Nouakchott. To be super helpful in case any random terrorists really do fancy their chances, Ould Abdel Aziz listed a few potential targets during his recent speech at a UNESCO event in Paris, his default location since the 13 October incident. Taking all this into account, and  in light of recent events in Egypt and the Maghreb region, it  makes sense to stay tuned.

Stupid Movie 2

Stupid Movie 2

The sequel to the highly successful (in terms of provoking riots, and making a few people in the State Department look foolish) but very stupid “Innocence of Muslims” movie is called “The Innocent Prophet” and was delayed by the Spanish authorities threatening to revoke the Pakistani film maker Imran Firasat’s refugee status if he released it on 14 December as planned. But it’s out now, and the news cycle has calmed down enough to make space for a bigger splash than it would have gotten on December 14, given the terrible tragedy that occurred in Connecticut that day. Like it’s fore-runner, The Innocent Prophet has a staggeringly small number of views so far. I suppose intelligence agency cyber trolls will have to post the link liberally on “jihadist” forums if they want to see more riots, arson attacks and deaths in time for Christmas.

Randy Wilson was arrested by FBI officers, just as he and his family were boarding a plane in Atlanta

Randy (Rasheed)Wilson was arrested by FBI officers, just as he and his family were boarding a plane in Atlanta

(Updated 21 Dec) While I am thinking about false flags, do be on the lookout for more news about the two Alabama men arrested separately in Georgia, allegedly planning to make their way to Mauritania to “wage violent jihad”. It’s possible* Mohammad Abdul Rahman Abukhdair** and Randy (Rasheed) Wilson***, like so many others before them, got the idea after speaking to an undercover FBI agent. Including the agent, that is three people I would not want to have near any weapons or explosives. In any case, you could probably staff an entire katiba of terrorists and the necessary weapons for the price of their air fare from Alabama, by recruiting within the region. It just does not make sense for people to travel half way across the world to do it, unless they were incredibly dumb, or were just playing along, intending to renege on their end of the deal and get a free desert safari in the process. Now that international aid and development agencies are more interested in hiring locally, would it be too much to expect the FBI to follow suit?

Still on jihad, something that is jarring my instincts: these pastebin posts allegedly from a new(ish) cyber army of angry “Qassam Cyber Fighters” who hate American banks so much they decided to give advance notice of their intention to take down their websites, and even apologised for the delay in staging their onslaught, codenamed “Operation Ababil”. Nice and polite, if not exactly stealthy, but thanks for giving all your targets time to tighten security, change passwords, etc. Anyone would think they were not a real cyber army at all. If you are a linguaphile, have fun analysing and comparing their use of Arabic and English. If not, have fun wondering why an Iranian regime cyber operation (as claimed) would use Arabic, when they apparently have a proud, Farsi-speaking, cyber army.

A late, but convenient addition to end with: a random tweet was posted yesterday about an alleged hacking ten months ago of  Bank of Israel by a group calling themselves “Mauritania Hacker Team”

https://twitter.com/SaudiAnonymous1/status/281117976319643648

Here’s their Facebook page, where the old news reports were reposted yesterday, which I assume explains the tweet.

Back in February, they posted this video claiming to show evidence of  an intrusion that netted “all” Bank of Israel customer accounts:

http://www.youtube.com/watch&v=ik9X1rSmRHo

Ignoring the fact that it looks decidedly fake, note the speed with which typing errors of English words are corrected, and use of words like “bingo” and the phrase “don’t try this at home”. Add to that the use of classroom French, typed more slowly with far higher accuracy in their next video. It gives the impression whoever created at least the first and probably the second would feel more at home in Oxshott than Nouakchott. No offence to Oxshottonians, it could be any cosy corner of over-privileged middle-class and perhaps even middle-aged (bingo? really?) England.

Additional information added 21 December 2012:

American terror suspect Omar Hammami, aka Abu Mansour al-Amriki

American terror suspect Omar Hammami, aka Abu Mansour al-Amriki

* In the criminal complaint that led to his arrest, Randy Wilson was said to be a former room mate of another Mobile, Alabama man, Omar Shafik Hammami (aka Abu Mansour al-Amriki), who was just reportedly kicked out of Somalian al-Qaeda franchise Al-Shabaab for spreading the wrong message in videos he posted online.  Although they did know one another about 10 years ago, the  information about Wilson and Hammami’s living arrangements turned out to be false (see below). There was a rather long delay between news about his first video – in which he said he feared his life was in danger – appearing in March 2012, and the 17 December reports of the announcement of Hammami’s expulsion. March was also when the coup in Mali was claimed to have accelerated the spread of rebel groups in the north, as the vast region was abandoned by both civil and military authorities along with most NGOs and aid agencies. This heightened activity was accompanied by reports that fighters from other al Qaeda groups were moving into Mali. Wherever Hammami – who incidentally is married to a Somali woman, and they have at least one child, a daughter – shows up next, it is unlikely to be America.

** According to this post, a Syracuse, NY native by the name of Mohammad Abdul Rahman Abukhdair was arrested in Egypt in 2010 on charges of suspected terrorist activity. In 2011, he was deported back to the U.S., taking residency in both Ohio and Alabama.

*** Randy Wilson appeared in court and was refused bail after the judge heard testimony from FBI Special Agent Tim Green, who had established an online relationship with the defendant and his co-accused over a period of two years, by pretending to have a shared interest in Islam. Green also confessed in court that the story about Wilson being a former room mate of Omar Hammami was a lie and claimed he” didn’t know where it came from”. Wilson’s case will be heard on December 27, local press reported. There are no similar reports for Mohammad Abdul Rahman Abukhdair as yet. Given the fact that the two New Jersey men arrested in the almost identical “Operation Arabian Knight” case in 2010 have still not been sentenced, despite accepting a plea bargain, we should not expect any swift justice.

Related Posts

The Two Worst Rogue States in the United Nations

Noam Chomsky
Standard

My transcript of part of a public lecture “The Emerging World Order: its roots, our legacy” given by Noam Chomsky at Politeama Rossetti in Trieste, Italy on September 17, 2012.

The basic reason for the concern [over the possibility of Iran building nuclear weapons] has been expressed succinctly by General Lee Butler, the former head of the US Strategic Command, which is in charge of nuclear weapons and the strategic policies involved. He writes, “it is dangerous in the extreme, that in the cauldron of animosities, that we call “the Middle East”, one nation should arm itself with nuclear weapons, which may inspire other nations to do so.”
General Butler, however, was not referring to Iran. He was referring to Israel. That’s the country that ranks highest in polls of European public opinion, as the most dangerous country in the world, right above Iran. But not in the Arab world. In the Arab world, the public regards the United States as the second most dangerous country after Israel  and that goes back quite a while. Iran is generally disliked, but it ranks far lower as a threat – among populations, that is. Just not the dictatorships.

Western media and commentary keep almost entirely to the views of the dictators, so we constantly hear that the Arabs want ‘decisive US action against Iran, which is that’s true of the dictators, and you may recall that a while ago, WikiLeaks released the diplomatic documents quoting Arab dictators – Saudi Arabia and the Emirates – as calling for strong US action against Iran.

The commentary about that was interesting. It was almost euphoric: “Isn’t this wonderful? The Arabs support US policy against Iran!” which is true of the Arab dictators. At the very same time, Western-run polls were coming out, showing that it’s quite the opposite, that though again, they don’t like Iran, they’re not regarded as a threat. The United States is regarded as a threat. In fact opposition to US policy was so strong, that a majority – and in some countries like Egypt, a substantial majority, thought that the region would be more secure if Iran had nuclear weapons. They don’t want Iran to have nuclear weapons, but if the United States and Israel have them and are there, that’s what’s needed.

That was almost never mentioned. And that reaction is pretty striking. It illustrates the contempt for democracy among Western elite opinion: it doesn’t matter what the population thinks, that’s derided as the “Arab street” – who cares what they think? What matters is what the dictators think. That’s a commentary about us, not about the Arab world.

Noam Chomsky

Unlike Iran, Israel refuses to allow [IAEA] inspections, refuses to join the non-proliferation treaty (NPT). It has hundreds of nuclear weapons and advanced delivery systems, and it also has a long record of violence and repression (it has annexed and settled conquered territories illegally in violation of [UN] Security Council orders and court decisions), and many acts of aggression: it has invaded Lebanon five times with no credible pretext, and much more.

Meanwhile, severe threats of attack continue, from the United States and particularly Israel. Daily, there are strong threats of attack, and there’s reaction from US Government. The Secretary of Defence, Leon Panetta, reacted to the threats from Israel by saying, ‘we don’t want them to attack Iran, but they’re a sovereign country, they can do what they like’. If Iran was making comparable threats about Israel – and it isn’t – the reaction would be quite different.

You may remember there is a document called the United Nations Charter. The key provision in the UN Charter is a ban against the threat or use of force in international affairs. But now there are two rogue states, the United States and Israel, that pay no attention to this, and are constantly issuing severe threats. And the European Union goes along, politely. The threats are not just words: there is an ongoing war – or at least what we would regard as an ongoing war, if it was directed against us – and there are regular assassinations of scientists and terrorist acts, there’s a very severe economic war.

The US threats, which are unilateral, have cut Iran out of the international financial system. The European countries don’t disobey the United States so they’ve gone along. Five high-level former NATO commanders have recently released what they call a ‘new grand strategy’, which identified various acts of war that justify a violent response. One of them is ‘weapons of finance’ – that justifies a military reaction, when it’s directed against us. But cutting Iran out of the global financial markets, is different.

The US Government is very proudly announcing that it’s undertaking extensive cyber-warfare against Iran. The Pentagon has identified cyber-warfare as a serious military attack, which justifies our military response. But that’s the difference between what we do to them and they do to us. Israel has an enormous lethal armoury, not just nuclear. Only recently, in the last few months, Israel has received advanced submarines provided by Germany. These are capable of carrying Israel’s nuclear tipped missiles, and they’re sure to be deployed in the Persian Gulf, or nearby. They may already be there. Certainly, if Israel proceeds with its plan to bomb Iran,  the US has a vast array of nuclear weapons surrounding the region, from the Indian Ocean, all the way to the West. In the Persian Gulf itself, the US has enough fire-power to destroy the world many times over.

Full lecture: http://www.youtube.com/watch?v=8BK0XIm0DXE

Remains of 91 Martyrs Returned to #Palestine from #Israel

JordanValleyMartyrs
Standard

Al Jazeera video [ar] showing the return of the remains of 91 martyrs from Israel, where they had been in a Jordan Valley cemetery  for years. Families can now pay proper respects to their loved ones.  The ceremony was conducted by the Palestinian Authority. 12 of the coffins were received in Gaza by ‘representatives of all factions’ according to the description.