Author: Techtime

Check Point Unveiled Identity of Iranian-Linked Cyber Espionage Attackers

Posted on by Techtime

Based on the nature of the attacks and associated repercussions, the report suggests Rocket Kitten’s motives were aligned with Iranian nation-state intelligence

CYBER

Check Point Software Technologies from Israel, published a 38-page report identifying specific details and broad analysis on cyber-espionage activity conducted by the group ‘Rocket Kitten,’ with possible ties to Iranian Revolutionary Guard Corps. The report also reveals details of the group’s global operations and unique insight into more than 1,600 of their targets.

Led by researchers in Check Point’s Threat Intelligence and Research Area, the never-before-published data paints a picture of strategic malware attacks supported by persistent spear phishing campaigns. The details show Rocket Kitten actively targeted individuals and organizations in the Middle East, as well as across Europe and in the United States.

The report trace and unmask the true identity of an aliased attacker, identified as “Wool3n.H4T,” as one of the prominent figures behind this campaign. Further, based on the nature of the attacks and associated repercussions, the report suggests Rocket Kitten’s motives were aligned with nation-state intelligence interests, aimed at extracting sensitive information from their targets.

Rocket Kitten is still active

The report mentions that since early 2014, an attacker group of Iranian origin has been actively targeting persons of interest by means of malware infection, supported by persistent spear phishing
campaigns. This cyber-espionage group was dubbed ‘Rocket Kitten,’ and is still active.

Characterized by relatively unsophisticated technical merit and extensive use of spear phishing, the group targeted individuals and organizations in the Middle East (including targets inside Iran itself), as well as across Europe and in the United States.

Live map of global cyber attacs on Check Point's website
Live map of global cyber attacs on Check Point’s website

The Rocket Kitten attacker group’s main attack vector is spear-phishing. An effective phishing campaign requires nothing more than a tailored phishing page, hosted on a cheaply-available web server. The Rocket Kitten attackers make extensive use of various phishing schemes, often including back-and-forth e-mail correspondence with the victims, or even phone calls to establish legitimacy and reason to open the malicious attachment.

Many of these targets were successfully compromised by various pieces of custom-written malware; and despite identification and flagging of their infrastructure, the attackers have struck again-and-again by making minor changes to their tools or phishing domains.

Check Point has obtained a complete target listing from the attackers’ servers; among confirmed victims are high ranking defense officials, embassies of various target countries, notable Iran researchers, human rights activists, media and journalists, academic institutions and various scholars, including scientists in the fields of physics and nuclear sciences.

This database revealed that phishing pages had 26% success in fooling victims to enter their credentials. These are surprisingly high results, potentially attributed to persistency and well-targeted e-mails.“This research provides a rare look at the nature and global targets of a global cyber espionage group,” said Shahar Tal, Research Group Manager, Check Point.

To the full report: Rocket Kitten: A Campaign with 9 Lives

Cisco decision pushed EZchip to look for potential buyers

Posted on by Techtime

EZchip: “History with Juniper suggests winning Cisco back will be very difficult due to its software investments around in-house ASIC”

Future giant: Mellanox's Eyal Waldman (right) and Eli Fruchter, CEO of EZchip
Future giant: Mellanox’s Eyal Waldman (right) and Eli Fruchter, CEO of EZchip

Cisco decision earlier this year to develop its own network processor in house, was one of the main considerations that pushed EZchip to go to market and look for potential buyers. This fact came to light following a struggle to approve the $811 million merger agreement with Mellanox Technologies. During the Annual General Meeting of EZchip’s shareholders, this week, it will be decided weather the network communication chips firm from Yoqneam, Israel, will be sold to Mellanox Technologies or will continue to be independent chip maker.

The agreement between the 2 companies came as a surprise, and brought an opposition from some investors, mainly Raging Capital Management, one of the largest shareholders of EZchip Semiconductor owning approximately 6.7% of the ordinary shares. “EZchip is a great company with significant growth potential and Mellanox is poised to reap the significant upside of EZchip if the merger is approved,” the fund wrote to shareholders.

But the management’s answer to this challenge reveals the true nature of the the tough competition in this market, and why a successful chip maker such as EZchip, must sell itself to bigger companies: “EZchip has become the clear leader in network processors (NPU), but NPUs represent a small addressable market ($367 million market in 2014) in which the largest target routing customers are moving to develop NPUs in house:

“Juniper in 2009 (largest customer at that time), Huawei in 2012 and most recently Cisco in 2015 (~35% EZchip revenue in 1H 2015) decided to go in-house for NPU functionality. History with Juniper suggests winning Cisco back will be very difficult due to its software investments around in-house ASIC. With Alcatel-Lucent  that always developed NPUs in house, these are the four largest routing vendors and EZchip’s largest potential customers.”

Tilera Multi-core network adapter
Tilera Multi-core network adapter

“EZchip’s next generation NPS leapfrogs the competition, but must win high volume white box router designs in data centers to offset the loss of the traditional routing vendors: With its NPS product line, EZchip has won three tier-1 data center customers; however, it is not clear what revenue these design wins will translate to or when.

“It is possible that by the time NPS-400 reaches volume production (projected in 2017) there will be other third party chips that are not NPUs, but will provide simpler and lower cost routing solutions for white boxes, which could significantly reduce the addressable market for the NPS-400.

“Tilera acquisition enabled EZchip to enter the multi-core space and expand its addressable market (~$1.3 billion estimate for 2017), but in contrast to the NPU market, where EZchip was able to create a niche for itself, the multi-core space is crowded with well-capitalized, large scale competitors (including Avago/Broadcom, Intel/Altera, NXP/Freescale), and EZchip’s next generation multi-core CPU is not expected to be in production until 2018.”

Orbotech Enters Solder Mask LDI Market

Posted on by Techtime

The new Orbotech Diamond DI system addresses the solder mask manufacturing needs of the High Density Interconnect (HDI) and Multilayer board (MLB) segments of the PCB industry

ORBOTECH

With the introduction of a new family of Direct Imaging (DI) solutions for Printed Circuit Board (PCB) solder masks, ORBOTECH LTD enters a new market in the electronics production systems. The company estimates that the Direct Imaging, one of the methods utilized in imaging solder mask layers, is an increasingly important segment between $70M-$90M per annum.

The Orbotech Diamond DI system addresses the solder mask manufacturing needs of the High Density Interconnect (HDI) and Multilayer board (MLB) segments of the PCB industry by offering high power and throughput. Beta site testing by three different customers in diverse geographical regions has resulted in orders from all three PCB manufacturers.

“With the demand for smaller, sleeker and wearable electronics, today’s manufacturers require PCB flexible production solutions that enable them to produce compact, high-quality and low-cost PCBs with multiple competitive features in quick turnaround conditions” said Mr. Arik Gordon, Corporate Vice President and President of the PCB Division at Orbotech Ltd.

Orbotech Diamond DI Solution utilizes high power light source for maximum throughput for common solder resist, and wide wavelength spectrums to ensure best fit for conventional solder resists. Nuvogo 1000 DI Solution consists of High Depth of Focus (DoF) for highest line quality on challenging topographies, and MultiWave Laser Technology simultaneously generates a dual wavelength beam for maximum robustness on a wide range of solder and patterning resists.

Orbotech’s revenues for the third quarter of 2015 totaled $190.5 million, up 13.9% compared with $167.3 million in 2014. Revenues for the first nine months of 2015 totaled $564.3 million, compared with $385.3 million in the first nine months of 2014.

The Company expects revenues for the fourth quarter and full year of 2015 to be in the range of $184 million to $192 million and $748 million to $756 million, respectively, and gross margin for both the fourth quarter and full year of 2015 of approximately 45%.

Design note: Remote weather station using Thread

Posted on by Techtime

A complete remote weather station based on a single Kinetis microcontroller with wireless connectivity

Kevin Kemp, Freescale

Over the past year, a series of IoT ­themed senior design projects by students at Texas State University were created based on Kinetis microcontrollers and Thread wireless networking technology.

One of the projects was a remote weather station that measures temperature, barometric pressure, wind speed, wind direction and rainfall, and transmits the data over a Thread network. This is a great IoT application example that uses multiple sensors – each with very different functional, timing and signal characteristics – and can be easily implemented using a single Kinetis microcontroller that has wireless connectivity.

Thread¬-connected remote weather station built by Texas State University students
Thread¬-connected remote weather station built by Texas State University students

Key components of the weather station

The weather station is designed around a TWR-KW24D512 Kinetis Tower System module, which provides the necessary microcontroller functionality for the sensors and wireless connectivity for the Thread networking protocol. The anemometer (wind speed), weather vane (wind direction) and rain gauge sensor functions are implemented using a SparkFun SEN 08942 Weather Meter kit. A TWRPI­-MPL115A2 barometer attached to the TWR-­KW24 board is used to measure atmospheric pressure.

A TMP36 analog temperature sensor is used to measure ambient temperature. A TWR-PROTO board together with a TWR-ELEV system provides space for additional circuitry and robust connections to the external sensors.

The electronic components (excluding most of the sensors) are contained in a weatherproof enclosure mounted to the base of the weather station mast. The entire station is powered from a USB adapter plugged into a 110V AC outlet. The sensors are all connected via modular RJ11 jacks.

TWR­-KW24 Configuration

TWR-¬KW24D512 Tower System and wiring in the weatherproof enclosure
TWR-KW24D512 Tower System and wiring in the weatherproof enclosure

Together with the integrated low power 2.4 GHz IEEE 802.15.4­ 2011 radio frequency transceiver, the MKW24D512 device includes:

  • 50 MHz ARM Cortex­M4 Core (1.25 MIPS/MHz)
  • 512 KB of flash and 64 KB of RAM Power management controller with 10 different power modes
  • Security features including, secure flash, tamper detect, cryptography acceleration unit and 128­bit random number generator
  • 16­bit SAR ADC with one differential and up to 11 single-ended external analog inputs
  • Various timer modules including FlexTimer, Periodic Interrupt Timer, Programmable Delay Block and Independent Real –Time clock
  • USB, SPI, UART, and I2C interfaces
  • Up to 28 GPIO channels

The sensors used for the weather station project use two ADC channels for the wind vane and temperature sensor, two GPIO channels for the wind speed and rain gauge and an I2C channel via the TWRPI connector for the barometric pressure sensor.

Sensor algorithms

The sensors each have very different functional, timing and signal characteristics, so one of the challenges of this project was developing appropriate interfaces and algorithms for each of the sensors and getting them to all work together. The resulting implementation is based on a main sampling loop triggered by a 10ms periodic interrupt timer, with a callback function that executes the measurement algorithm for each sensor.

Wind vane

The wind vane sensor is a voltage divider consisting of a resistor array connected with eight magnetic reed switches. A magnet on the wind vane closes either one or two adjacent switches depending on the wind direction. This produces one of 16 different voltage levels corresponding to 16 discrete compass directions. The voltage is measured on one of the ADC channels and a lookup table is used to translate each voltage range to a corresponding wind direction. However, because the voltage levels do not change monotonically with wind direction we implemented a debounce algorithm to ensure that voltage transitions are not interpreted as an incorrect direction.

Wind vane voltage divider circuit
Wind vane voltage divider circuit

Anemometer

The wind speed measurement uses a cup-­type anemometer with a magnetic reed switch that generates a pulse with each half rotation. One pulse per second corresponds to a wind speed of 1.492 miles per hour. In order to provide sufficient accuracy over a wide range of wind speeds, the measurement algorithm measures the interval between pulses. A GPIO input channel is configured to trigger an interrupt on the rising edge of each pulse. The interrupt sets a flag that is checked every 10ms by the main measurement loop, and a software counter records the number of 10ms intervals since the previous pulse. If the flag has been set, the wind speed is calculated from the counter value and the counter is reset; if not the counter is simply incremented. This solution provides an error of <10% for wind speeds up to 15 miles per hour and a maximum measurement of 149.2 miles per hour. A 30 second timeout defaults the measured wind speed to zero for wind speeds less than 0.05 mile per hour.

Rain gauge

The rain gauge measures rainfall using a self-­emptying bucket with a magnetic reed switch that generates a pulse each time the bucket tips. Each tip of the bucket indicates 0.011 inches of rainfall. Similar to the anemometer, a GPIO input channel is configured to trigger an interrupt on the rising edge of each pulse. A software counter records the number of accumulated pulses and thus the total rainfall. A debounce function eliminates spurious counts from the reed switch.

Temperature

The TMP36 analog temperature sensor was selected to measure ambient air temperature. The sensor is protected from the elements and direct sunlight in a simple housing made from PVC plumbing parts. The temperature sensor is powered by 3.3V DC from the TWR-­KW24D512 board and produces an analog output voltage that is linear with temperature. The output voltage is measured on one of the KW24 ADC channels and translated to temperature using specified calibration values. During initial testing we noticed some crosstalk between the temperature sensor and wind direction sensors, which are both measured using multiplexed channels on the same ADC. This problem was solved by alternating these measurements between successive 10ms sampling intervals to allow sufficient settling time on the ADC input. In addition, we filtered the measured temperature using a 50 sample moving average to reduce noise.

Barometer

The MPL115A2 absolute digital pressure sensor uses a MEMs pressure sensor and an on­board processor to convert the atmospheric pressure measurement to a 16 bit digital value that is communicated over an I2C interface. The TWRPI-­MPL115A2 module is attached to the TWRPI connector on the TWR­KW24D512 board, which is configured to use the I2C interface on the KW24. The MPL115A2 is sampled every 10ms by the main measurement loop, and the measured value is filtered using a 30 sample moving average. An initial setup routine performs calibration of the barometer. Thread Communication Communicating the sensor data over the IEEE 802.15.4 network using Thread was actually one of the easiest parts of this project. The Thread stack implements all the required wireless networking functionality including link configuration and provisioning, network topology management, and security features. All that was needed was to assemble the measurements into a JSON (JavaScript Object Notation) string, which is passed to the Thread stack in a single function call.

The weather station is configured as a Thread Router, which means that it can act as a repeater node in the mesh network as well as a source of sensor data. For this demo we used a US-B­KW24D512 configured as the Thread Border Router. The USB­-KW24D512 communicates with a Utilite IOT Gateway running Proximetry AirSync agent to send the measurement data to the Proximetry cloud service. The weather station is configured to transmit data once every 15 seconds, although this can easily be changed. The data appears in near­real time on the Proximetry portal, which also provides network status and topology information.

Ambient pressure: Weather station data on the Proximetry portal
Ambient pressure: Weather station data on the Proximetry portal
Ambient temperature: Weather station data on the Proximetry portal
Ambient temperature: Weather station data on the Proximetry portal
Wind speed: Weather station data on the Proximetry portal
Wind speed: Weather station data on the Proximetry portal
Wind direction: Weather station data on the Proximetry portal
Wind direction: Weather station data on the Proximetry portal
Daily rainfall: Weather station data on the Proximetry portal
Daily rainfall: Weather station data on the Proximetry portal

Kevin Kemp manages Freescale university research programs and mentors student design teams. This article was originally published on Freescale Embedded Beat.

INFINIDAT Reports 61% Overall Sales Growth in Q3

Posted on by Techtime

The INFINIDAT InfiniBox offers mainframe-class reliability with 99.99999% availability and up to 900K IOPS and 12.5 GB/s of throughput

The provider of advanced enterprise data storage solutions, INFINIDAT, said that the company delivered 61% quarter over quarter sales growth in Q3 2015, including a 255% increase in international sales. INFINIDAT, which has been shipping the InfiniBox enterprise storage solution since late 2013, surpassed a quarter of an Exabyte in the amount of storage shipped to customers. An Exabyte is 1000 Petabytes.

The INFINIDAT InfiniBox storage solution delivers advanced, high performance enterprise-class storage at a disruptive price point. InfiniBox offers mainframe-class reliability with an unprecedented 99.99999% availability, while providing up to 900K IOPS and 12.5 GB/s of throughput. By providing multi-petabyte capacity in a single rack, along with continuous data protection and rich storage automation, INFINIDAT is changing the paradigm of storage efficiency and productivity while dramatically reducing operational overhead, complexity and cost.

“We are consistently experiencing sizable sales growth from quarter to quarter, particularly around the world as we become further established in international markets such as EMEA and Asia Pacific,” said Moshe Yanai, INFINIDAT Founder and CEO. “While storage sales have stagnated for many traditional storage vendors, we are seeing exponential increases as a result of our ability to deliver a unique hybrid architecture with high performance, scalability, reliability and the best TCO in the industry. INFINIDAT is revolutionizing storage to provide customers with a solution that is cost-effective yet solves the challenges they are having with managing their expanding volumes of data.”

Sckipio Receives Investment from Intel Capital

Posted on by Techtime

Sckipio develops chips for G.fast modems. “This strategic investment is another milestone for the Intel Connected Home Division.”

Sckipio team in Ramat-gan
Sckipio team in Ramat-gan

Sckipio Technologies from Ramat-gan, Israel, today announced it has received investment from Intel Capital, the strategic investment and M&A arm of Intel Corp. Sckipio is a fabless semiconductor company focused on G.fast modems, that deliver 1Gbps connectivity over twisted pair copper wires.

The company was founded in 2012 to deliver fiber-like broadband access over existing wires using the new ITU-T broadband access technology standard, G.fast. The details of Intel’s total investment remain confidential. Previously, Sckipio raised $27 million from venture capital firms Amiti Ventures, Aviv Ventures, Genesis Partners, Gemini Israel Ventures and Pitango Venture Capital.

“Sckipio and Intel have been working closely together since the beginning of the G.fast market and jointly announced the first G.fast residential gateway reference design in the fall of 2014,” noted Dan Artusi, Intel vice president and general manager of its Connected Home Division. “This strategic investment is another milestone for the Intel Connected Home Division.”

Sckipio reference design for 1Gbps modem
Sckipio reference design for 1Gbps modem

In the past year, Sckipio achieved many achievements including the first 16-port Distribution Point Unit, the first to run UHDTV content across G.fast, the first to demonstrate SDN running over G.fast (in partnership with AT&T), and the first to deliver 1Gbps at 300 meters – changing the dynamics of the broadband access market.

In October this year, Sckipio announced it can deliver up to 2Gbps of throughput over twisted pair copper wiring with G.fast. Sckipio uses standard-compliant G.fast silicon by bonding two copper pairs to a single G.fast-enabled CPE.

This solution helps telcos compete very effectively against both cable operators using DOCSIS 3.1 and against companies who have implemented fiber to the home. G.fast provides several key advantages over existing broadband technologies: Lowers the cost to deploy fiber-like speeds by as much as 90%, Eliminating home installations and installer-induced delays and simplifies deployments by using remote power feed, which eliminates complex permissions to power FTTdp field units.

Gilat Launched SDN-based Architecture for Communication Satellite Operators

Posted on by Techtime

The revolutionary Gilat’s X-Architecture is a distributed VSAT ground segment architecture based on Software Defined Networking (SDN)

GILAT-X-ARCHITECTURE

Gilat Satellite Networks from Petah Tikva, Israel, announced today the launch of X-Architecture for SkyEdge II-c. It describes it as a revolutionary distributed Architecture to address the growing demands of HighThroughput Satellites (HTS) .

The The X-Architecture is based on Software-Defined Networking concept, to allow satellite operators and service providers to support mobility, enterprise, cellular and consumer broadband applications and business models from a single platform. It is a cloud-based architecture that allows networks of any size, using traditional wide-beam and high-throughput satellites, to deliver managed services in hosted or virtual network business models.

X-Architecture was built to support dynamic on-demand services. Cloud bandwidth management capabilities enable both mobility and Virtual Network Operators (VNOs) services over spot-beam satellites. Flexibility is enabled by the distributed architecture, which separates data center functions from baseband elements.

GILAT-X

The network is controlled by Gilat’s TotalNMSa, a global, unified and centralized network management system. With X-Architecture, satellite service providers can easily expand their offerings to reach a broad range of up-and-coming markets for high-bandwidth satellite communications, including broadband access, 4G/LTE cellular rapid deployments, as well as mobility applications for in-flight connectivity (IFC), maritime and trains.

“We believe that X-Architecture is the only platform on the market capable of realizing the full potential of HTS,” stated Dov Baharav, Gilat’s Chairman and Interim CEO. “X-Architecture has already enjoyed early success in major deals with leading satellite operators in Europe, China and Latin America.

X-Architecture for SkyEdge II-c will be unveiled at Gilat’s booth (J2) at the China Satellite Conference in Beijing, October 28-30, 2015, and will also be showcased at AfricaCom in Cape Town, November 17-19, 2015.

Gilat Satellite Networks provides of products and services for satellite-based broadband communications: satellite ground segment equipment and VSATs, as well as mobile SOTM (Satellite-on-the-Move) solutions such as low-profile antennas, solid-state power amplifiers and modems.