Monthly Archives: February 2015


Omerta Information Security — Rotterdam, The Netherlands



Chinese state hackers hacked the Dutch chipmaker ASML. Various anonymous sources told The hackers in the attack gained access to the Dutch and French Network and stole possible information about high technology machines for chip manufacturing.

ASML Multiple sources, who will not be named, confirm to Tweakers that the hack was carried out by Chinese government hackers. It should be noted that hacking attacks are difficult to trace. The attack would have focused on the Dutch branch of the company, though according to one source also attacked the French branch of the company. ASML wants to confirm the news of Tweakers nor deny. “We never comment on individual security issues,” said a spokesman.



It is not clear when the company was precisely the target of the Chinese government hackers. According to one source, the company has this year been the target of the hack, but according to another source that was last year. It is not entirely clear how great was the impact of the hack. According to one interpretation, which is supported by two independent sources, the impact is large, and there are potentially sensitive documents stolen – although that is not certain.


The hack was part of a wave of attacks on European technology companies of a group which relate security to the Chinese government. The FBI and several Dutch and international security companies have investigated the attack. The researchers attribute the attack to a Chinese hacker group that earlier in the US and Europe business networks penetrated. It concerns likely to PLA Unit 61486, Chinese hacking unit according to security companies struck years tech companies. Among them were European organizations in the field of aerospace and satellite technology.


ASML makes machines for chip production. The company from Veldhoven is the market leader in this field and customers of the company include Samsung, Intel and TSMC. The company is the central link in maintaining Moore’s law and thus the progress of the faster, more efficient and cheaper chips.


According to one source in the attack information on the operation of EUV technology captured. EUV technology is used for the latest generation of lithography machines. Currently, the small details on chips by means of lithography using light having a wavelength of 193 nm arranged. In order to make chips with even smaller details, the newest machines from ASML with extreme ultraviolet, with a wavelength of 13,5nm. The technology for making the EUV machines is very valuable for ASML, and thus for the tech industry. Chip manufacturers like Samsung, GlobalFoundries and TSMC for their future chip products to a large extent dependent on ASML.

Last week it was announced that the French-Dutch Gemalto was Hacked . This time it  were not Chinese government hackers, but the intelligence agencies GCHQ and NSA would have stolen the encryption keys of SIM cards. Gemalto denies himself that the services have succeeded, though critics doubt that claim.

Thx to

Remo Hardeman

CEO Omerta Information Security


Omerta Information Security, Rotterdam The Netherlands.





Decentralisation part 2


3 weeks ago I wrote an article on decentralisation and the future of networking. In this article I want to show you some cool open source projects that fully confirm this idea of networking. Filesharing, encrypted decentralised email and distributed databases. These projects can provide solutions for your security needs in the next years to come. Although we highly depend on the current architecture landscape one should take a peak at he future. Also decentralisation will sometimes tell the opposite story, Let me explain. In order to decentralise you always have to (cloud) centralise monitoring, configuration and concentrating other tasks. So we are not there yet, the puzzle will not be simple. Lets have a look on a few cool projects…..


FlowingMail is the name of a new decentralized, secure and encrypted email protocol.The most used email systems rely on a central server that receives, stores and forward the messages: FlowingMail is decentralized and does not rely on a central server to deliver the encrypted emails.The scope of the FlowingMail protocol is to hide the information being transmitted and the parties involved in the communication. The main component of the FlowingMail protocol is a Kademlia Distributed Hash Table (DHT), which is responsible for storing the encrypted emails while they are in transit and the certificates of the participants in the FlowingMail network.



RetroShare is a Open Source cross-platform, private and secure decentralised communication platform. It lets you to securely chat and share files with your friends and family, using a web-of-trust to authenticate peers and OpenSSL to encrypt all communication. RetroShare provides filesharing, chat, messages, forums and channels. For more information CLICK here


MaidSafe consists of two key parts: the network and the client applications.

THE NETWORK,  The SAFE network is made up of unused hard drive space, CPU and communications capabilities of commodity computers. These computers are likely owned by the very users of the system, but need not be limited to that. Each computer will effectively mine for credits which can be traded for many other goods and services. These credits are called safe coin.

CLIENT APPLICATIONS, SAFE network client applications access this network via some innovative steps including:

  1. Self encrypting data
  2. Access and create cryptographically secured id’s on a decentralized PKI
  3. Self authentication

Examples of client apps are; cloud storage, encrypted messaging, web sites, crypto wallets, document processing of any data provided by any program, distributed databases, research sharing of documents, research and ideas with IPR protection if required, document signing, contract signing, decentralized co-operative groups or companies, trading mechanisms and many others. The clients can access every Internet service known today and introduce many services currently not possible with a centralised architecture. For more information CLICK here


Bitcloud project

Bitcloud is an open source distributed database and escrow agent that allows people to share data and create distributed applications.
The decentralized nature of Bitcloud allows anyone to publish large amounts of content that is free from censorship, high costs, and proprietary software.
Bitcloud can be the base for decentralized applications that require data storage and bandwidth.
There are many Bitcoin 2.0 projects in the works right now, but they all still rely on some type of blockchain. In Bitcloud, the blockchain is replaced by a distributed database, also known as the nodepool.Bitcloud creates a new decentralized system of trust where entire web applications can be hosted without a centralized server. For more info CLICK here


There are many many more alternatives I will mention in my next blog THE FUTURE OF NETWORKING: DECENTRALISATION part 3 in about a week. Stay tuned!


Remo Hardeman
CEO Omerta Information Security







Project Maelstrom: The Internet We Build Next


BitTorrent is currently working on a decentralised Torrent hosting program. A very interesting approach towards hosting but also towards networking for the future of the internet.

It started with a simple question. What if more of the web worked the way BitTorrent does?Project Maelstrom begins to answer that question with our first public release of a web browser that can power a new way for web content to be published, accessed and consumed. Truly an Internet powered by people, one that lowers barriers and denies gatekeepers their grip on our future.If we are successful, we believe this project has the potential to help address some of the most vexing problems facing the Internet today. How can we keep the Internet open? How can we keep access to the Internet neutral? How can we better ensure our private data is not misused by large companies? How can we help the Internet scale efficiently for content?The power of distributed technology that underpins BitTorrent and all of our products has long been an example in this regard and bringing more of this power to the web is only natural as these challenges loom.

What will we see then?

So think of all the possibilities: decentralised file sharing, decentralised password storage, decentralised everything! The Surface for snooping on your private data will be more difficult to attack.You could even think that domain networking should consider a different approach, If you can’t hide your data behind firewalls just put it in the open and make the data almost invisible ( I know it won’t happen that easy, but one could try:)

Hardware and bandwidth Upgrades

In the next years to follow we will see storage, bandwidth and connectivity possibilities expanding like we have never seen before. Together with Mesh networking variants Hackers, governments and all other misbehaviour on private data will probably focus on data from tech giants\social networks.  Why? you will ask…. Simple, thats where the easiest data can be collected. The tech Giants won’t be happy, but will certainly understand where their roadmap is heading.

Intercepting these torrents and conversations will be possible but very hard and time consuming,  there will be surveillance always! These guys will figure it out, one way or the other. In the mean time keep your eyes focussed on your Endpoint security, It will be the most important line of defense you will need!

Keep your eyes out on these techniques and follow us on Facebook,LinkedIn and Twitter!


Remo Hardeman

CEO Omerta Information Security


So whats up for 2015?

Omerta information Security –  Rotterdam,The Netherlands


This year we witnessed a series of high-profile security breaches, from the aftermath of the Target and Home Depot fiascos, to a number of attacks on other national retailers, including Michaels, Goodwill and Neiman Marcus. Then there was the massive breach at JP Morgan Chase, which compromised personal information of more than 83 million households and businesses, and finally over 100 terabytes of internal files and films recently stolen from Sony.

Nobody was safe in 2014. In addition to large retailers, media companies and financial institutions, technology companies like eBay and Snapchat were hacked, too, and so were government organizations and healthcare institutions. Also this year, massive Internet infrastructure vulnerabilities were discovered, including Shellshock, Heartbleed and POODLE.

Of course, these publicized events are only a fraction of the overall exposure to losses emanating from cyber incidents, which in 2014 we estimate to be well into the hundreds of billions of dollars. Hence, many firms have dramatically increased their cybersecurity budgets for 2015, and we project that these budget allocations will continue to rise.

Here are five of the most prominent cybersecurity market trends that we believe will define the sector next year:

The Rise of Automated Incident Response

Today, enterprises must not only detect and prevent potential threats; they must also be prepared to react quickly when breaches occur. Enterprises like Target are successfully being sued by banks for failing to act on security alerts. Incident Response solutions counter the aftermath of a breach, allowing businesses to limit damages and reduce recovery time.

Intrusion Detection/Prevention Systems (“IDS/IPS”) strengthen the organization’s security posture, however highly targeted attacks do penetrate eventually. Determined hackers find their way into the network, despite the various IDS/IPS systems that generate an increasing number of alerts for the security operations team to handle. It is now only a matter of time – how long before a breach is reacted upon and remediated?

One of the clear lessons from Target’s attack is that the traditional Incident Response process, which is mostly based on manual processes, is broken. Reducing the time from detection to remediation could dramatically minimize an attack’s damage.

That’s where Automated Incident Response solutions come in – they don’t leave alerts unhandled, and can react instantly (much faster than humans) when bad scenarios unfold. Enterprises, with their limited human resources, face escalating liabilities for failing to adequately respond to detected threats. Expect chief information security officers (“CISOs”) to turn to Automated Incident Response solutions in 2015.

Cloud Security Becomes a Shared Responsibility

Enterprise IT departments are generally behind in keeping the cloud secure, heavily relying on security features provided by cloud vendors. Most of the SaaS vendors in particular don’t have security as first priority, and so they fail to provide sufficient data governance, control and compliance. In 2014, many CIOs and CISOs have realized that maintaining enterprise-grade security in cloud application usage is a shared responsibility, and we expect that in 2015 they will act on that.

A new crop of startups provides deeper visibility into cloud usage, unique threat analysis and proactive enforcement of cloud application security policies. These startups enable employees to enjoy all of the cloud’s advantages securely. There are so many great cloud applications out there, and CIOs desire to be business enablers rather than blockers. That’s what makes this sector so exciting. Expect CIOs and CISOs to allocate meaningful budgets to it in 2015.

Advanced Persistent Threats Surge

In 2015, cybersecurity departments should be particularly careful about advanced persistent threats (APTs). These attacks are stealthy as they target a specific entity and secretly penetrate the network over weeks or months, waiting for the right moment to make their move and exfiltrate valuable data from the enterprise. Credit card numbers will still be valuable to hackers throughout 2015 because the deadline for retailers to upgrade to point-of-sale systems capable of processing chip-and-PIN credit cards is not until October 2015, and we foresee this deadline being extended.

To carry out APTs, custom malicious code gets installed on one or multiple hosts to perform specific tasks while remaining undetected for the longest possible time. Sometimes these attacks are financially driven; in other cases, government or corporate-sponsored hackers are after intellectual property. In the long run, APTs can sever national security and economic stability of nations.

According to the Ponemon Institute, the average cost of a data breach in 2014 was .5 million, while Target optimistically projected more than 8 million in damages. Accurate detection is the necessary first step toward threat remediation. There are various methods to detect an ongoing cyber attack, and we feel that the ones that are focused on the late stages of the cyber kill chain, post-infection, will be the most interesting in the near future.

“Cloud-first” detection solutions that leverage multiple sources of threat intelligence (for example: botnet interception + log analysis + sandboxing) and are easy for enterprises to deploy will be the most successful in 2015.

Cybersecurity Vendors Become Frenemies

The constant formation of new cyber-threat categories results in the nonstop introduction of startups that are working on new solutions. Managing multiple point solutions is nontrivial for CISOs. For example, there are various vendors that detect malware in the enterprise network, in the data center, on employees’ PCs and mobile devices. Some of these are signature-based, others use machine-learning algorithms, and some use big-data analytics. Buyers find themselves perplexed with the plethora of offerings.

Rather than manage all of these processes separately, CISOs prefer to deploy comprehensive solutions that integrate well with one other, and create a synergetic security posture. This past year we noticed increasing security vendor collaboration. For example, Fortinet, McAfee, Palo Alto Networks, and Symantec founded the Cyber Threat Alliance. Check Point created an alliance with several threat intelligence vendors to merge their feeds. Increased collaboration among cybersecurity vendors is key to helping CISOs fight cybercrime more effectively, and this trend will accelerate in 2015.

Mergers & Acquisitions on the Rise

Now more than ever, most cybersecurity innovation is carried out by small teams working within startups. The large vendors are always on the lookout to acquire new products to complement their existing portfolios, fully realizing that customers seek comprehensive (rather than point) solutions.

Two of the most notable acquisitions in 2014 were FireEye’s purchase of Mandiant and Palo Alto Networks acquiring Cyvera. Generally this past year, large security vendors acquired companies with capabilities outside of their core business, with intention to expand their offerings and gain competitive advantage. Thus, now FireEye offers professional services powered by Mandiant, complementing its core detection products, and Palo Alto Networks released TRAPS, an endpoint protection product powered by Cyvera, complementing its Next-Generation Firewall.

We project an active M&A scene in cybersecurity in 2015. Expect to see large vendors acquiring more high-tech startups to strengthen their core competencies and rapidly expand their offering.

The Venture Capitalist’s Perspective

In 2014, most mid-to-large enterprises experienced a sharp increase in cyber-attacks, both in breadth and sophistication. Awareness for potential damages is high at boards of directors and management teams of the Fortune 1000. Gartner estimates that the global cybersecurity market will grow from billion in 2013 to billion in 2017.

According to CB Insights, in 2013 venture capital firms invested an all-time record of .4 billion in 239 cybersecurity companies. During just the first six months of 2014, cybersecurity investments already totaled 4 million. We expect this upward trend to continue in 2015, as demand for innovation in this category stays high.

We are ever more enthusiastic about the cybersecurity sector. Enterprises require advanced solutions to combat ever-more-sophisticated adversaries. Incumbent security vendors need new bleeding-edge technology. The venture capital industry is eager to back the entrepreneurs that can deliver outstanding solutions in 2015 and beyond.


Remo hardeman

CEO Omerta Information Security


Omerta Information Security, Rotterdam The Netherlands.


| Newly released snowden documents shows us that if hackers steal data Governments are on the trail snooping on hacked data. Also data is tagged with special codes to identify stolen data by “one of us”  Hereunder you find the classified document released yesterday by Edward Snowden, Glenn greenwald and partners:


SID Today



Welcome! Saturday, 10 Nov 2012

SIDtoday Article
Letter to the Editor
SIGINT-y Social Media Page
(TS//SI//REL) Who Else Is Targeting Your Target? Collecting Data Stolen by Hackers
FROM: (U//FOUO) Menwith Hill Station (F77)
Run Date: 05/06/2010
(TS//SI//REL) Hackers are stealing the emails of some of our targets... by collecting the hackers' "take," we 1) get access to the emails themselves and 2) get insights into who's being hacked.
(TS//SI//REL) People who open attachments from unknown senders (gasp) or respond to "Nigerian" money laundering emails aren't the only individuals on the internet being hacked. Some of our targets are also being targeted by outside forces, both by state-sponsored and freelance hackers. Could your target's communications be the
target of other countries or groups?
(TS//SI//REL) Recently, Communications Security Establishment Canada (CSEC) and Menwith Hill Station (MHS) discovered and began exploiting a target-rich data set being stolen by hackers. The hackers' sophisticated email-stealing intrusion set is known as INTOLERANT. Of the traffic observed, nearly half contains category hits
because the attackers are targeting email accounts of interest to the Intelligence Community. Although a relatively new data source, TOPIs have already written multiple reports based on INTOLERANT collect.
(U) Technique
(TS//SI//REL) To the analyst using SIGINT databases, collected INTOLERANT data looks like Simple Mail Transfer Protocol (SMTP) mail. In this case, though, the traffic fairy has been hard at work... To hide the traffic, the hackers' programs split a victim's email into pieces. Each piece is then obfuscated, given a different, spoofed,
source IP address and sent to a different destination IP address. Having different destination IP addresses serves to route the pieces across separate channels1 of a satellite signal. The channels being used carry large amounts of traffic, allowing INTOLERANT data to hide as background noise. Much collaboration between CSE, MHS,
GCHQ and NSAW has brought about the transformation of INTOLERANT data we collect into "readable" SMTP mail.
(U//FOUO) Victim Set
(TS//SI//REL) INTOLERANT traffic is very organized. Each event is labeled to identify and categorize victims. Cyber attacks commonly apply descriptors to each victim - it helps herd victims and track which attacks succeed and which fail. Victim categories make INTOLERANT interesting:
A = Indian Diplomatic & Indian Navy
B = Central Asian diplomatic
C = Chinese Human Rights Defenders
D = Tibetan Pro-Democracy Personalities
E = Uighur Activists
F = European Special Rep to Afghanistan and Indian photo-journalism
G = Tibetan Government in Exile
(TS//SI//REL) New victims appear to flood out their entire inbox, going back months or, even, years. Then only new mail is transmitted. Hundreds of emails are seen on an average day.
(U) Attribution
(TS//SI//REL) Within the world of cyber exploitation, attribution is always difficult and INTOLERANT is no exception. Initial analysis points toward a likely state sponsor based on the level of sophistication and the victim set. Determining which state is sponsoring the activity has yet to be done. Since the traffic is traveling over satellite,
the culprit must be within the satellite beam's footprint to receive the stolen emails. There was hope the footprint would point to which state was responsible, but that hope was not realized as shown in the image.

(TS//SI//REL) Attribution of INTOLERANT data is difficult, since the satellite beam footprint is so large. Eventually, the virtual team working this effort would like to know who is hacking whom.
(U) Way Forward
(TS//SI//REL) Analysis continues with the goal of learning more about the attacks as well as improving attribution. Efforts are also being made to inform relevant parties, including NTOC, due to the obvious operations security (OPSEC) concerns where US and UK authorities have contact with Indian diplomats or the European Special
Representative, for instance.
(TS//SI//REL) So the next time you scan your target's email, pay special attention to the case notation. If it contains 4PXFIL2 (E9BDJ4PXFILtargetNumber in the case of INTOLERANT), then the email is likely available because somebody else has hacked your target. For additional details, send an email to
(U) Notes:
1. (U//FOUO) Packet Identifiers, PIDs are used in satellite hub signals to designate sub-channels.
2. (TS//SI//REL) 4PXFIL stands for "fourth party exfil" or "out-sourcing SIGINT." These terms are used within the SIGINT community to refer to the practice of collecting data as it transits the Internet going from the victim's computer to the attacker's.
(U//FOUO) SIDtoday editor's note: This article is reprinted from MHS's Horizon newsletter, March edition.
Comments/Suggestions about this article?
"(U//FOUO) SIDtoday articles may not be republished or reposted outside NSANet without the consent of [REDACTED] ([REDACTED])."
Information Owner: [REDACTED] Page Publisher: [REDACTED]
Last Modified: 11/10/2012 / Last Reviewed: 11/10/2012

Head slapping data breaches

Omerta Information Security – Rotterdam,  The Netherlands


Sometimes data breaches are head slapping stupid, here are 10 of the most painfull breaches from the last century.

1. Your Privacy Is Garbage

What happens when you don’t pay your bills for a storage service? At Grand Teton Storage in Idaho, an employee tossed out seven boxes belonging to a deadbeat customer.

The problem: The client was The Children’s Center medical office, and the boxes were filled with records that contained the names, addresses and Social Security numbers of patients, as well as billing and payroll information, according to Local News 8. The Children’s Center did not respond to a request for comment.

Luckily, someone found the boxes in a dumpster and alerted the media. The state health department took the records and shredded them.

The lesson: Be careful when throwing away other people’s stuff.


2. Put a Hole in It

When the city of Macon sold some old computers, it forgot an important step.

The machines’ hard drives weren’t erased, which meant the buyers found a trove of sensitive data, including the names and Social Security numbers of police officers, according to The Telegraph, a newspaper in Georgia. Fortunately, the buyers turned over the 39 hard drives, two computer servers and two central processing units to authorities.

Georgia has a remedy that’s meant to prevent such disclosures: By law, hard drives containing sensitive data usually must have holes drilled in them before they’re discarded or sold, according to the paper.

3. Prescription for Trouble

Michael Ramirez noticed last year that a flaw in Rite Aid’s mobile application allowed him to see other people’s medical files, including their names and prescription histories.

Ramirez, a computer scientist, worked with Rite Aid to fix the problem but said the fixes didn’t go far enough, he told the website Ashley Flower, a spokeswoman for Rite Aid, said the company took the necessary steps to protect patient privacy and is not aware of any personal health information being compromised.

In mobile health care, the message is clear: Do no harm, and heal thy apps.


4. Clinic Reveals HIV Status

The Northstar Healthcare clinic in Chicago sent a mass e-mail to patients last year that revealed more than it should have.

More than 170 patients, many of whom were being treated for HIV and AIDS, got e-mails from the clinic that did not hide their e-mail addresses, according to CBS 2. Northstar did not respond to a request for comment.

Here’s some advice from more than a decade ago that’s still appropriate today: If you’re sending mass e-mails, hide the recipient list. Please.


5. Privacy Goes Up in Smoke

Medical marijuana patients in New Jersey got to know each other in an unexpected way in December.

The state Department of Health had to apologize for an “insensitive” e-mail it sent to more than 450 patients that didn’t mask any of the recipients’ e-mail addresses, according to The Star-Ledger.

The sharply-worded messages instructed people to call the state’s first medical marijuana dispensary, the Greenleaf Compassion Center, instead of the state to set up appointments.


6. No Dashes, No Worries

It’s not just e-mail that’s susceptible to simple breaches of privacy. Snail mail can be just as vulnerable.

Last year, the Family Medical Care Plan sent letters to members of the National Electrical Contractors Association and the International Brotherhood of Electrical Workers that had their Social Security numbers printed on the envelopes.

The medical plan apologized to its members but said the numbers didn’t have dashes to indicate they were Social Security numbers, according to a notice filed with the California Attorney General’s office. The medical plan did not respond to a request for comment.


7. Camera Phone Chicanery

Daremia Nikeka Crews, 24, is accused of stealing the names and Social Security numbers of at least 261 patients of the Shands Jacksonville Brentwood Primary Care Center in Florida, where she was an intern.

According to an arrest report obtained by The Florida Times-Union, Crews used her phone to snap photos of patients’ records displayed on her computer screen, and then sent the images to a third party as part of an identity-theft ring.

Dan Leveton, a spokesman for the Shands Jacksonville Medical Center, which oversees the clinic, confirmed the incident and said Crews no longer works there. Jackelyn Barnard, a spokeswoman for the State Attorney’s Office, declined to comment, citing an ongoing investigation.

In an increasingly mobile world, it doesn’t take much to steal sensitive data.


8. Give Until It Hurts

Don’t let this discourage you from donating to your favorite nonprofit: A former volunteer for Texas Southern University’s radio station who worked on fundraising drives is accused of stealing the identities of more than 50 donors.

Michael Edward Whitfield had already been arrested several times for credit-card and other fraud, and only had to sign an affidavit asserting his trustworthiness to help out at the school, according to the Houston Chronicle.

TSU didn’t have a strong background-check process to vet volunteers, but it now does, Eva Pickens, a spokeswoman for the university, told the paper.

Whitfield is still in jail, held on $200,000 bail, according to Sara Marie Kinney, a spokeswoman for the Harris County District Attorney’s office.


9. When Software Attacks

When the Cumberland County Sheriff’s Office in Maine used new software to automatically update its Facebook page and media list with the latest arrest reports, something went wrong.

The Social Security numbers for about 180 people who were arrested were blasted out to the public, according to the Bangor Daily News. This lasted for 45 minutes before it was caught, and about 70 people had access to the information, according to the newspaper.

Sheriff Kevin Joyce wrote in an e-mail that the issue was fixed and the automated system has been working well since the incident. The software no longer releases Social Security numbers, he said.


10. Digital Prison Break

Some state prison inmates in New Hampshire pulled off one of the scariest hacks we’ve heard of.

Last year, an unknown number of inmates were able to hack into the prison computer system. That gave them access to records and possibly the ability to alter parole dates and obtain home addresses of prison guards, according to the New Hampshire Union Leader.

It’s not known whether any changes were made or sensitive data accessed. The state’s Department of Corrections confirmed that a computer was breached, but declined to provide more information.


this article was posted first on Bloomberg business 2 years ago! So please be aware of those stupid misstakes! They still happen!

Remo Hardeman

CEO Omerta Information Security