Author Archives: user469294

Estonian intelligence chief invites hackers to work


The Estonian Foreign Intelligence Service (Välisluureamet) was previously known as the Estonian Information Board (Teabeamet).

This world is very fast and very good experts are required. Your homepage, which has become a little more informative recently, suggests that you are also looking for new people?
Of course we are looking. Do not we compete on the same market as other public authorities and the private sector? If we are talking about a big data or a better use of public sources in obtaining our information, then everyone with this competence is very much in demand.

At the end of the annual report (Estonian version), I found one challenge. These who can solve this could work for you?
Since we have a publication once a year, where we talk about our work openly, we also intended to use this publication to expand our recruiting field. If people reach to the last page of the document, then there may be some who can solve the puzzle and send the solution to us. I can not guarantee that the solution ensures a job, as other processes need to be followed. However, it definitely shows that the person has competence and analytical mind in cryptography.

You are giving interviews that would have been a big surprise many years ago. You reject the public myths about intelligence work. Your agency publishes puzzles to find potential employees. What is the future of your agency?
Yes, over the last few years, we have come out of the shadows and closer to the public. My clear view is that if you are not in the picture then you do not exist. However, if we want to recruit the best specialists, it is very difficult to find people for an institution that does not exist. Of course, we must at the same time be aware of security, but these risks can be handled. But in the future of intelligence, there are two keywords: co-operation and technology.

Crypto challenge:

Signal intelligence was able to capture an encrypted message: SDZROZDBITGNUMYNSF
However, the receiver was unable to decrypt the message and the message was transmitted again: YHDRCRLBUTIPUCMFGF

Questions:
(a) What was content of the message
(b) What key was used to encrypt

The solutions can be sent to info@valisluureamet.ee with topic “Nuputamisülesanne”

The crypto challenge seems just as a way to get attention. We are living in times where end-point exploitation is the tool to obtain intelligence. The capability to break ancient substitution cipher is unlikely to help.

Links:
https://geenius.ee/uudis/eesti-luurejuht-kutsub-toole-hakkereid-see-elus-ainulaadne-voimalus/
https://news.err.ee/681856/estonian-intelligence-chief-threat-of-direct-russian-military-attack-low
https://www.valisluureamet.ee/pdf/raport-2018-ENG-web.pdf
https://valisluureamet.ee/pdf/raport-2018-EST-web.pdf
https://news.postimees.ee/4404323/russia-looking-for-agents-of-influence-in-estonia

Cyber Security master’s theses defense in Tallinn University of Technology (January 2018)

January 8th, 2018, Akadeemia Tee 15a, Room ICT-315.

Time: 10:00
Student: Silvia Väli
Title: Analysis of Electron-based applications to identify XSS flaws escalating to code execution in open-source applications
Supervisor: Olaf Manuel Maennel
Reviewer: Bernhards Blumbergs

Time: 10:40
Student: Juhan Kaalep
Title: The Status, Reasons And Perspective of Cyber Security of Estonian SME-s in the Context of the Cyber Essentials Scheme
Supervisor: Andro Kull
Reviewer: Tiia Sõmer

Time: 11:20
Student: Tiiu Mamers
Title: The Art and Science of Information Security Investments for Small Enterprises
Supervisor: Olaf Manuel Maennel
Reviewer: Andro Kull

ETV showed sensitive information on the screen

On Tuesday, “Ringview” had the episode in which the reporter Jüri Muttika traveled around the editorial office of ERR and asked ETV TV presenters to demonstrate their handwriting. An embarrassing error by the video editors allowed the frame to be broadcasted, which contained “Terevisiooni” file transfer protocol (FTP) username and password, hence allowing everyone to view the content on the servers.

The clip shows that the TV presenters tried to hide their notebooks and computer screens from the camera, which makes it especially embarrassing – basically everyone was able to watch broadcast materials.

The error in ERR was quickly recognized and now the password should be changed. The topic is also up in Facebook IT-man’s group, where the IT people write jokingly: “No such user and password do not really hide anything.”

Wouldn’t we expect the ETV internal FTP server to be firewalled from the external world?

Links:
http://publik.delfi.ee/news/kino/sajandi-teleaps-ringvaade-naitas-ekraanil-tundlikku-siseinfot?id=80476232

State confiscates first criminally obtained bitcoins

The employees of the Criminal Police organized crime department in the summer arrested a young man living in Estonia who sold large amount of different drugs on the darkweb. With the help from the cybercrime unit of the Central Criminal Police, the bitcoins earned from the sale of drugs were also obtained, which, by the present moment, based on the county court order have been confiscated. The information about the amount of bitcoins sized is not available.

According to the Prosecutor General Vahur Verte, it is true that identifying the owner of the crypto money and tracking the movement of money is more complicated, but certainly not impossible.

How did the police technically size the bitcoins? Were they transfered to state-owned bitcoin wallet? Who paid for the transaction fees?

Links:
https://geenius.ee/uudis/eesti-riik-arestis-esimesed-kuritegelikul-teel-saadud-bitcoinid/

Passwords of 200’000 Estonian social media accounts leaked

CERT Estonia, the organization responsible for the management of security incidents in .ee computer networks, informed nearly 200,000 Estonians via their employers that their social media passwords had been leaked. According to RIA, a database was created in Dark Web, containing 1.4 billion user information and a password in the open form. The database also contains email addresses with more than 190,000 ending in .ee.

For each institution, CERT sent a list of individual email addresses. “For example, if there were people from national broadcasting, let’s say mari.maasikas@err.ee, then we sent information to the head of ERR’s information security that the passwords of these people have leaked.” explained Mägi.

The number of Estonians at risk is much bigger, since most of the personal e-mail accounts are not using .ee domain. Some Good Samaritan could instead send out direct warning e-mails to all of the addresses in the database.

Links:
http://news.err.ee/648949/200-000-estonians-social-media-passwords-breached
https://geenius.ee/uudis/200-000-eestlase-sotsiaalmeedia-konto-murti-lahti/
https://www.ria.ee/ee/tumeveebis-avaldati-14-miljardi-kasutaja-paroolide-seas-ka-eesti-inimeste-paroolid.html
https://geenius.ee/uudis/eesti-kuberkaitsja-tegelikult-voib-eestist-lekkinud-paroole-olla-palju-rohkem-kui-200-000/
https://medium.com/4iqdelvedeep/1-4-billion-clear-text-credentials-discovered-in-a-single-database-3131d0a1ae14

Reproducing Android Vote Verification Application Builds for Estonian I-Voting System

The main objective of this work is to check whether the vote verification applications distributed in the app stores can be compiled from the source code that has been made publicly available by Estonian National Electoral Committee. The experiments were performed using the Vote Verification application versions that were distributed in the I-voting period of the Estonian municipal council election held in October 2017.
The report will go through the different steps that were done during this experiment – monitoring the binaries, building the app from the source code, comparing build result with the distributed version and trying to reproduce it based on the differences found.

This is the report for UT course “Research Seminar in Cryptography (MTAT.07.022)”. The work deals with reproducible build problem of vote verification software used in Estonian i-voting held in October 2017.

The TL;DR; is that the source code available in GitHub is outdated and apparently was not the source code which was used to build the applications that were distributed to Android devices in Google Play Store.

Links:
https://courses.cs.ut.ee/MTAT.07.022/2017_fall/uploads/Main/annika-report-f17.pdf

Estonian cryptographer rejects claims of being Bitcoin’s creator

Los Angeles lawyer Justin Sobaje is convinced that Helger Lipmaa, senior researcher of the University of Tartu’s computer science institute, is Satoshi Nakamoto – the creator of bitcoin, and says he has analyses and studies that prove it.

Sobaje writes that he is convinced – based on an article in which Nakamoto first describes the nature of bitcoin – that the author or authors of the piece had to have been experts of timestamping technology and hash trees. That is the focus of Helger Lipmaa’s doctoral thesis and scientific papers published in the late 1990s. Lipmaa has cited another two articles the original creator of the bitcoin also cites on his homepage. Conclusion: Lipmaa knows five out of eight articles.

Sobaje continues: “Satoshi was an experienced C++ programmer. Lipmaa created timestamping software while working at Cybernetica.” He lists the years Lipmaa spent working for the company until two years before the birth of bitcoin. How was the name Satoshi Nakamoto created? Sobaje has found three Japanese cryptographers mentioned on Lipmaa’s website – Satoshi Obana, Junko Nakajima, Takeshi Okamoto – and concludes that the name of the world’s most wanted man is a combination of the three.

Helger Lipmaa, commenting on the matter to Postimees, rejects the idea. “I’m certainly not Satoshi and I don’t understand how he got to my name of all things,” he said, adding that bitcoin’s original creator wasn’t a cryptographer.

Professor of software science at the Tallinn University of Technology Ahto Buldas, who worked with Lipmaa on timestamping technology in the late 1990s, laughs out loud when told an American lawyer believes Lipmaa to be Nakamoto. “The number of scientists that worked on it at the time was not great, while there are other candidates for Nakamoto. I don’t want to say that Lipmaa is not Satoshi Nakamoto; even though I don’t really believe it, it cannot be ruled out either,” he says. “We could all have been Nakamotos.

This could be a potential topic for BSc/MSc thesis, to use open source intelligence to verify if there is some correlation between public activities of Satoshi and Helger/Ahto.

Links:
https://news.err.ee/652328/estonian-cryptographer-rejects-claims-alleging-he-created-bitcoin
https://news.postimees.ee/4365547/hunt-for-the-world-s-most-wanted-man-reaches-estonia
http://novaator.err.ee/648962/tartu-ulikooli-vorguteenused-sattusid-pahatahtliku-runnaku-alla

 

TallinnSec meetup: HW Crypto, RCE and Bug Bounty programs

Tuesday, February 20, 2019, 17:00 to 20:00 at k-space.ee.

Agenda:
17:15 – Stefano Alberico (Crip.to): Communication solution based on end-to-end hardware encryption
18:00 – Silvia Väli (Clarified Security): Only an Electron away from code execution
18:45 – Joakim Tauren (Visma): Stories from a bugbounty program

Links:
https://www.meetup.com/TallinnSec/events/245824754/

Personnel changes in RIA cyber security division


Anto Veldre, a legendary Estonian security specialist leaves RIA:

From the beginning of the year, the State Information System Authority (RIA) discharged an experienced IT security expert and promoter Anto Veldre. Veldre has worked as an analyst at the incident handling department at CERT-EE and in the Communications Department.

Helen Uldrich, head of RIA Communications Department, explained the discharge of Anto Veldre by the change in the structure of their unit from 2018. The analyst’s place where Veldre previously worked was changed into a spokesperson’s position and, as a result, his duties changed.

“Unfortunately, RIA did not have another position to offer Anto that would correspond to his professional profile. The whole staff of the State Information System Agency highly appreciates Anto and his contribution, for example, to explaining the functioning of the e-state,” added Uldrich.


Klaid Mägi, the head of CERT-EE leaves RIA:

Klaid Mägi, head of CERT-EE will leave the state office and continue to work at CybExer Technologies, a private Estonian company promoting cyber hygiene. Mägi has led the unit since autumn 2014. Previously, he has worked at the Ministry of Finance, Elisa and Elion.

Uku Särekanno, the new Deputy Director General of RIA Cyber Security Branch:

The authority organised a public competition last October to find a director for the Cyber Security Branch. About ten people applied for the position. The Director General of the Information System Authority chose the suitable candidate in early December.

Previously, Uku Särekanno has worked at different positions in the European Commission, the Government Office, and the Ministry of Foreign Affairs, led the Public Order and Criminal Policy Department of the Ministry of the Interior, and represented Estonia in Brussels regarding issues of migration and police cooperation.

Before, since September 2011, this responsibility has been borne by Toomas Vaks, who previously worked as a risk manager for bank cards in Swedbank, before he was employed at Hansapank.

Links:
https://tehnika.postimees.ee/4367831/ria-koondas-legendaarse-eesti-turvaspetsialisti-anto-veldre
https://geenius.ee/uudis/ria-koondas-eesti-turvaspetsialisti-anto-veldre/
https://www.err.ee/654409/ria-uks-juhivtootaja-klaid-magi-lahkub-toole-erasektorisse
https://geenius.ee/uudis/riast-lahkus-toolt-jargmine-tippekspert-certi-juht-klaid-magi/
https://geenius.ee/uudis/peterkop-me-ei-suuda-erasektoriga-voistelda-aga-pakume-erilist-tood/
https://www.ria.ee/en/uku-sarekanno-is-the-deputy-director-general-of-the-information-system-authority.html
https://geenius.ee/uudis/uus-eesti-kuberkaitse-juht-meie-maine-hoidmiseks-ei-piisa-enam-ainult-raakimisest-ja-konverentsidel-kaimisest/
http://arileht.delfi.ee/news/uudised/ria-endine-kuberturbejuht-macgyveri-teibiga-e-riiki-ei-ehitata?id=79908056

President to decorate persons who helped to solve ID card crisis

The President decided to recognize with decorations three people who helped to solve the crisis of the ID-card that struck Estonia last year. The Order of the White Star, 5th Class will be handed to Margus Arm, the head of the State Information System Agency eID field, Kaija Kirch, who led the crisis management team at the Police and Border Guard Board, and Kaarel Raspel, a Nortal employee, who helped RIA to develop a solution to solve the ID-card crisis:

Margus Arm, promoter of information society. Margus Arm, as head of the eID field of the State Information System Authority, played a key role in removing the security risk of ID-card. He worked out key proposals for resolving the crisis and led the work of the team who developed the technical solutions.

Kaija Kirch, promoter of internal security. Kaija Kirch was in charge of a crisis team formed to eliminate the security card ID card at the Police and Border Guard Board. Under her leadership, both the completion of the new ID-card production line and PPA’s customer service, as well as cooperation with other public authorities, the private sector and citizens took place.

Kaarel Raspel, promoter of field of e-services. Kaarel Raspen, as a staff member of AS Nortal, made a great personal contribution preventing the security risk of the ID-card from realizing. He had a leading role in developing a fundamental solution that allowed the ID-card ecosystem to be replaced with elliptical curve encryption algorithms, which prevented the ID-card chip from encountering security risk.

The Order of the White Star, 4th Class will be also handled to:

Raimo Peterson, promoter of cybersecurity cooperation. Raimo Peterson has helped the NATO Cyber ​​Defense Center to become an internationally recognized center of expertise. Under his leadership, the Locked Shields cyber defense exercise has become one of the world’s largest among its kind. He has also developed a critical information infrastructure capability in the form of a laboratory that is used by both Estonian state authorities and large private companies.

Congratulations!

Links:
https://news.err.ee/679885/president-of-estonia-to-bestow-state-decorations-on-166-individuals
https://tehnika.postimees.ee/4398027/id-kaardi-kriisi-lahendaja-eesti-e-riiki-ei-saa-kinni-panna
https://president.ee/et/eesti-tanab/teenetemarkide-kavalerid-2018/14008-margus-arm/layout-decoration.html
https://president.ee/et/eesti-tanab/teenetemarkide-kavalerid-2018/14039-kaarel-raspel/layout-decoration.html
https://president.ee/et/eesti-tanab/teenetemarkide-kavalerid-2018/14015-kaija-kirch/layout-decoration.html
https://president.ee/et/eesti-tanab/teenetemarkide-kavalerid-2018/13972-raimo-peterson/layout-decoration.html