Subscribe to:

Subscribe to :: ::

Symantec Tracks Down Zero-Day Exploiters

January 7, 2013 by  
Filed under Computing

Symantec thinks that it has tracked down the people behind the recently discovered Internet Explorer zero-day vulnerability.

The firm says that the zero-day exploit appears to have been discovered by the Elderwood group and is a continuation of its Elderwood project, a name given to attacks and exploits based on the same infrastructure components.

The exploit is used in what is called a Watering hole attack, a system whereby people with a specific interest are targeted after visiting a particular website.

It has a less snappy, but more precise name thanks to Microsoft and this is the Microsoft Internet Explorer ‘CDwnBindInfo’ Use-After-Free Remote Code Execution Vulnerability (CVE-2012-4792).

Symantec informs us that this is a zero-day vulnerability that affects Internet Explorer 8, Internet Explorer 7, and Internet Explorer 6, adding that the Elderwood project has what appears to be “a high level of technical capability,” in a PDF about the group.

The security firm is confident in saying that the group is behind this discovered exploit because of a number of commonalities that it has discovered in the SWF files used. It warned that the group might continue to devise sophisticated exploits over the course of the year.

“All the samples we identified include a function named HeapSpary. HeapSpary is a clear mistyping of Heap Spray, a common attack step used in vulnerability exploitation. In addition to this commonality, there are many other symbols in common between the files,” Symantec said.

“It has become clear that the group behind the Elderwood Project continues to produce new zero-day vulnerabilities for use in watering hole attacks and we expect them to continue to do so in the New Year.”



Islamic Hackers Go After Lottery Site

October 31, 2012 by  
Filed under Computing

Hackers have attacked the French Euromillions lottery website, posting a passage from the Koran. The hackers posted a warning people to stop gambling and drinking alcohol in both Arabic and French, with “wine” and “games of chance” described as the “work of the devil”.

The group calls itself the “Morrocanghosts” and the attack said that drinking and gambling would “sow hatred between yourselves and turn you away from God and prayer”. Given a choice between wine and god, the French would probably tell the almighty to bugger off, so this particular hack is not going to go down well.

Euromillions lottery operator La Francaise des jeux (FDJ) reassured customers that no personal data had been affected in the attack, which they said had not touched any of their other games. The attempt to put Islamic values on France is so bizarre that there are suspicions that Morrocanghosts is actually an attempt by the French Right to stir up a hate campaign against Muslims in the country.

The French Right is convinced that allowing too many Muslims into the country is forcing culture changes in a nation which is not renown for its adaptability in such matters. A hack attack which pretends to come from Muslims, who want to stop French drinking and gambling, falls too closely to the Right Wing agenda to be a coincidence.


Anonymous Goes After The Corrupt

February 20, 2012 by  
Filed under Uncategorized

Anonymous has promised that it will attack government, corporate and law enforcement web sites every Friday.

The hacker group already has a tradition of attacking web sites on a Friday, which it does under its ‘F*ck FBI Friday’, ‘F*ck CIA Friday’ and ‘Leakday’ banners. From now on this will become more encompassing, according to a short message posted to an Anonymous Twitter account.

AnonOps @anonops

#Anonymous Promises Regularly Scheduled Friday Attacks >>

20 Feb 12

“Each and every Friday Anonymous will be launching attacks… with the specific purpose of wiping as many corrupt corporate and government systems off our internet,” it says.

Last Friday the hacktivists ran through US government web sites on a defacement spree. In some cases they were able to delete the web site contents from their servers, in others they took over web pages with anti-ACTA messages.

Other Fridays have seen Anonymous expose the details and messages of law enforcement agencies.




Syria Becomes A Victim Of Anonymous

February 9, 2012 by  
Filed under Around The Net

Anonymous has gone after Syria’s president and managed to hack into his email account.

Many hours might have gone into the hacking, we don’t know. We do know that the hackers eventually broke through strong defences, a 12345 password, to gain access to president Bashar al-Assad’s emails.

The same tactic was used to break into almost sixty other accounts, although in some cases the cipher needed a ‘6’ on the end, making it the harder-to-crack 123456.

Anonymous, posting as Lulzfinancial, put the logins on Pastebin, the increasingly popular document sharing web site.

A separate statement from Anonymous places the activity under the banner of Opsyria, which is a movement working to stop government abuse of citizens in that country.

“For the third night in a row, Anonymous has set it’s sights on the Syrian Government, in an operation dubbed #OpSyria. The Syrian government has never been shy at using force against it’s own people. Intense tyranny and oppression have been going on for decades now inside Syria,” it said.

“The Syrian people have had enough and now this government has a revolution on it’s hands. The murders of innocent citizens by this regime have been ongoing. Anonymous has attacked Syrian Government servers and websites as a sign of solidarity with the Syrian people. More websites will follow. We will only stop when Bashar Assad steps down.”

Emails from the government have been posted online, again to Pastebin, and the Israeli newspaper Haaretz has published a number of translations, two sets of PDFs that are here and here.

These include the suggestion that Assad should sit for an interview with television journalist Barbara Walters, because the “American psyche can be easily manipulated”.



Anonymous Continues Its Assault On Brazilian Banks

February 6, 2012 by  
Filed under Computing

Anonymous has taken down the web sites of more Brazilian financial firms.

Yesterday we reported that the Brazilian branch of the populist group had attacked four major banks. The attacks have continued today, striking out at three more banks – Citibank, Panamericano, and Febraban.

Earlier the group said:

Anonymous Brasil @AnonBRNews

#OpWeeksPayment ATENÇÃO MARUJOS: Aumentem o volume de vossas vitrolas porque hoje teremos muitoTANGO! TRILHA…

3 Feb 12

Translated, it says, “# WARNING OpWeeksPayment Sailors: Increase the volume of your turntables because today we have much TANGO! TRACK …”

The group is protesting over economic inequality in the country and claims that the aim is not to defraud customers. It has also taken down Cielo, a credit and debit card operator.

It announced the attacks on Twitter, with tweets similar to, “# OpWeeksPayment – Sailors WARNING: Target reached! Citibank is drifting! TANGO DOWN!”

“# WARNING OpWeeksPayment Sailors: The joined the friends there in the sea! This will be grounded for a long time!” another read.

It’s unclear whether attacking eight financial targets will be enough for the busy group or whether more are in the firing line.




Hackers Goes After Finland Over Pirate Bay

January 10, 2012 by  
Filed under Computing

Anonymous apparently has declared war on Finland after the country began blocking access to the filesharing web site Pirate Bay.

Yesterday we reported that the large Finnish ISP Elisa, had begun blocking the web site at the order of Finland’s High Court. This news was not taken well by Anonymous, which responded by hacking its ‘enemy’.

“TANGO DOWN Copyright Information & Anti-Piracy Centre In Finland | And We’ll keep it down as long as We want \o/,” wrote the Anon_Finland account on Twitter.

The cause caught the attention of the wider Anonymous hacktivist collective, and the Anonymous Finns got its support.

“Finland is apparently just begging for some sweet, sweet Anonymous action. We shall oblige them. #Elisagate ^_^” wrote Youanonnews.

Anonymous Sabu, one of the more vocal members of the group also took an interest. “Ladies and gents: today we will focus on Finland. and every country like it who has begun a campaign of censorship. First steps to Cyberwar,” he tweeted, adding, “To the Finnish government: Stop censorship or deal with the consequences.”

Elisa is appealing the decision and is calling its block a temporary one. It also said that it installed the block to avoid a fine. It added that it did not make the decision, but the High Court.


Will Anonymous Retaliate If SOPA Is Passed?

December 23, 2011 by  
Filed under Computing

Anonymous has said it will respond if the controversial Stop Online Piracy Act (SOPA) is passed into law in the US.

The group has posted a statement in which it reiterated its attitude towards SOPA and its plans to create an internet police state.

“The goal of the so-called ‘Stop Online Piracy Act’ SOPA is to empower litigious U.S. corporations to police the internet, with the ability to act as judge, jury and executioner,” it says.

“SOPA tramples civil rights laws, fair use, freedom of press and freedom of speech. Under SOPA an average person could be arrested, fined, sued and spend time in a federal prison for so little as uploading a video to YouTube or even linking to one. This law further proves the reality of corporate rule and totalitarianism.”

The vote on SOPA has been delayed due to opposition, according to the post, and is not likely to happen until next year. However, the hacktivists suggest that it will be delayed only as long as it takes for the media to lose interest.

“In a democracy this should be enough to defeat the bill, however, in the U.S. it only means that the vote will get delayed until the media loses interest and the backing corporate lobbyists have enough time to ‘influence’ [read: bribe] the vote to their favour,” they warn.

“However, it has been clandestinely moved forward in an attempt to fast track the law under the radar of a culture drunk on materialistic obsession – as such The House Judiciary Committee is reconvening on the 21st of December. In short, we were lied to.”

The hacktivist group said that it would react to this, and react strongly. “Our reaction will not be little,” it warns.

Anonymous wants to spread awareness and increase opposition to SOPA while it is still up for debate, and called on fellow Anons are asked to carry out points of action, the first being to hack into and replace the front page of “every website we can” with a protest page.

“Encourage friends, businesses, organizations, social media to take a stand along side us in the same way,” it says. “Use/distribute the OpBlackOut material we’ve provided for this purpose, or make your own (but please try to be concise and indict SOPA specifically so the message is clear, unanimous and omnipresent). Get this image and message everywhere online. Plant the seeds of dissent where ever they can grow.”

As well as acting online, Anonymous said that supporters should physically protest through stickering and tagging billboards, signs and advertising.

“Get people talking. Put the truth not only where it can be seen, but where it cannot be avoided,” it adds. “This is something everyone can do. We are legion, this is our voice, people are listening, we will be heard.”



Are Governments Lacking Cyber Security Experts?

November 16, 2011 by  
Filed under Computing

As governments recognizing the need for cyber security strategies, (ISC)², which is the information security professional body has warned that there is not enough skilled staff out there.

There is an element of “it would say that” as it administrators the CISSP certificate for cyber security strategies. However, its comments do strike us as likely. It has called on national governments to recognize the requirement for internationally recognized skills, principals and practices to tackle what is a very sophisticated global threat landscape. With its own research anticipating a doubling of the workforce by 2015.

(ISC)² said that cyber security is rising up as a priority in political arenas, as evidenced by the recent London cyber security conference attended by world leaders from 60 countries; however, the skills and competency requirements do not appear to be high on the international discussion agenda.

A spokesman for (ISC)², John Colley, said that while many countries are examining the capacity and competencies required for national security, but there is a risk of too much focus on national politics rather than a real understanding of what is required. “They should be careful not to work in isolation,” he warns, adding that “nationally focused schemes risk confusion in a landscape that requires an ability to communicate and operate across borders,” Colley said.




Hackers Plan To Go After Fox News

November 1, 2011 by  
Filed under Computing

Anonymous plans to take out the Fox news network because of its coverage of the Wall Street Protests.

Dubbed “Operation Fox Hunt”, Anonymous announced the plans on YouTube to attack the Fox News website on the anniversary of Guy Fawkes Day. Anonymous is also planning to target former Fox News personality Glenn Beck as well as current Fox News representative Sean Hannity and Bill O’Reilly during “Operation Fox Hunt”.

Anonymous said that it has had a gutsful of “right wing conservative propaganda” and “belittling the occupiers” of the Occupy Wall Street demonstrations. Anonymous recently a distributed denial-of-service attack against the Oakland police department’s website after a 24-year-old wounded Marine home from serving two tours in Iraq was critically injured in the Occupy Oakland protest. Police allegedly threw an object that fractured the marine’s skull landing him in the hospital.

Inspiration for Anonymous members, Guy Fawkes is most commonly known as the only person to enter Parliament with an honest intention. He wanted to blow up the House of Lords on November 5 in the year 1605 as part of a Catholic uprising.




Stuxnet Computer Worm Sibling (DuQu) Is Out In The Wild

October 19, 2011 by  
Filed under Around The Net

The STUXNET computer worm that crippled an Iranian nuclear fuel plant last year now has a sibling called Duqu that’s already in place on European computers, according to a detailed report by an anonymous research lab.

The virus, named after the DQ prefix it adds to files it creates, is reportedly “very similar to Stuxnet”, according to security firm Symantec, which gained access to the report and samples of the virus. “Parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose. Duqu is essentially the precursor to a future Stuxnet-like attack.”

Symantec revealed that the the Duqu virus is designed to gather industrial control system data, including keystrokes from engineers, in an effort to compile information for a possible further attack some time in the future.

The difference between Duqu and Stuxnet is that the former is mainly a remote access trojan, designed to steal information, and the virus does not self-replicate. Stuxnet, however, affects industrial control systems much more directly, so much so that it can alter their operations in an effort to cause extreme damage, which many experts believe is what happened to Iran’s nuclear fuel enrichment systems.

“The creators of Duqu had access to the source code of Stuxnet,” Symantec said, according to Reuters. It is widely believed that the US or Israel was behind development of the Stuxnet worm, which means that this could be a follow-up monitoring attempt or perhaps a response from Iran to try to find a rival target to sabotage.

The US Department of Homeland Security said that it is aware of the virus, has issued a public alert, and is working to analyze the worm.




Anonymous Goes After PayPal Again

October 19, 2011 by  
Filed under Around The Net

Anonymous is launching a second round of protests against online payment service Paypal, which could see thousands of people closing their Paypal accounts.

Anonymous member and spokesperson Sabu told some 25,000 supporters on his Twitter page, “If you haven’t already – close out your paypal accounts. Transfer your money to a credit union. Small steps we need to take for big picture.”

Another tweet that is making the rounds on Twitter is, “Today is #OpPayPal round two. Close out your paypal accounts. Inform your family//peers. Email companies that rely on PP to use alts. RT!”

For those who want to continue making online payments without using Paypal, Sabu suggested using an “anonymous prepaid visa card”, which can bought from many local shops.

However, users might encounter problems with online payments, as many online retailers use Paypal for everything, even normal credit card purchases. This means that those who do buy a prepaid credit card could be forced to use it through Paypal anyway.

In response to this concern Sabu said, “Might have to start emailing companies to use alternative payment systems. If enough people communicate this point: win.”

There are no recent tweets about Paypal on the Anonymous Twitter page, but it’s likely only a matter of time before the news starts appearing on multiple accounts associated with the group.

This latest round of Paypal protests appears to be in response to Paypal’s decision to freeze donations to the independent social networking project Diaspora. Paypal refused Diaspora’s appeal and has failed to provide an explanation of what it alleges Diaspora did wrong. It can hold Diaspora’s money, which is around $45,000, for up to six months. Diaspora is now using Stripe in place of Paypal.




Will Anonymous Join The Wall Street Protest?

October 4, 2011 by  
Filed under Around The Net

Anonymous has said that it is joining in the anti-Wall Street Protests in New York.

Despite low press coverage the Occupy Wall Street protests gaining traction around the US and now the hacking collective known as Anonymous issued a statement about a planned attack for the financial district. It said that it would specifically target the New York Stock Exchange on October 10 and claims to “erase” the NYSE from the Internet on that day.

Operation Invade Wall Street is likely to be a Distributed Denial of Service (DDoS) attack on the New York Stock Exchange website. The message was included in a video uploaded to YouTube that’s designed to recruit more hackers to the Operation Invade Wall Street cause.

A one-day DDoS attack would be a nuisance for the officials of the NYSE, it’s unlikely to cause any significant damage. However, there are fears that Anonymous will attack to disrupt the exchange and attempt to harm trading on October 10.

So far Anonymous targets the New York City police department which has been doing its best to kill off any good will it might have gained during September 11, by battering harmless protesters and innocent bystanders. Anonymous has released personal information in regards to the officer using the pepper spray such including his phone number, home address and names of relatives.





Hackers went after CIA, MI6 and Mossad

September 6, 2011 by  
Filed under Uncategorized

Diginotar released a list of over 500 fraudulent certificates issued by the hackers who broke into the company’s infrastructure last month. Some of them are for the domains of the CIA, Mossad and the British Secret Intelligence Service (SIS).

The Diginotar breach was discovered a week ago when a rogue * certificate issued by the certificate authority (CA) was used in attacks against Gmail users in Iran. The company admitted suffering an intrusion back in July which resulted in fraudulent certificates being issued for a number of domains.

The browser vendors reacted promptly by removing the Diginotar CA root certificate from their products, but kept the one for Diginotar’s PKIoverheid sub-CA, which was used to sign Dutch government certificates.

The investigation into the incident is ongoing, but the security lapses identified are so serious that the Dutch minister of internal affairs announced in an urgent press conference at 1:15am on Saturday that the PKIoverheid sub-CA should no longer be trusted either.

Ever since the company’s first public statement about the incident, the security community has wondered how many rogue certificates were issued and what domains were targeted. The Dutch government has now shed some light on this by releasing a list of 531 fraudulent certificates associated with Diginotar.

From the looks of it, the hackers didn’t just target big internet services from Google, Yahoo, Facebook, Microsoft, and so on, but intelligence agencies as well, with, and, allegedly being among the targeted domains.

Furthermore, the hackers tried to use their access to issue rogue root certificates for other CAs like Comodo, Equifax, Verisign and Thawte. These certificates would have allowed them to bypass security features like certificate pinning.

Certificate pinning is built into Chrome and restricts the number of CAs that can sign a certificate for a particular domain. For example, only Gmail certificates signed by a couple of CAs will be trusted by the web browser.

The hackers also managed to issue what are known as wildcard certificates for *.*.com and *.*.org. This would have allowed them to spoof any SSL-protected second-level domain under those TLDs.

They probably failed to issue certs for *.com and *.org directly due to restrictions built into the system. But even so, the *.*.com one would have allowed spoofing successfully, for example.

The implications of this attack are huge and will probably lead to changes in the way public key infrastructure (PKI) works in the long run. It’s clear at this point that the CA-based model is flawed and the compromise of a single CA can have too much of an impact on online trust.

“The attack on Diginotar doesn’t rival Stuxnet in terms of sophistication or coordination. However, the consequences of the attack on Diginotar will far outweigh those of Stuxnet. The attack on Diginotar will put cyberwar on or near the top of the political agenda of Western governments,” said Roel Schouwenberg, senior antivirus researcher at Kaspersky labs.

Mozilla has already announced that it will also remove PKIoverheid from the list of trusted certificates following the Dutch government’s assessment. It also stressed that the removal of all Diginotar root certificates is final and not temporary. Other browser vendors are taking a similar stance, so this most likely means the end for the company in the SSL CA business.

It seems that Diginotar’s biggest mistake was its failure to communicate with vendors and affected parties immediately after learning about the compromise. “The integrity of the SSL system cannot be maintained in secrecy. Incidents like this one demonstrate the need for active, immediate and comprehensive communication between CAs and software vendors to keep our collective users safe online,” said Johnathan Nightingale, Mozilla’s director of Firefox engineering.


Courtesy-TheInq by Lucian Constantin

The Linux Kernel Home Got Hacked

September 1, 2011 by  
Filed under Computing

Servers that are part of the Linux infrastructure were affected during a recent intrusion where attackers managed to gain root access and plant Trojan scripts.

According to an email sent out to the community by chief administrator John Hawley, known as warthog9, the incident started with the compromise of a server referred to as Hera. The personal colocated machine of Linux developer H Peter Anvin (HPA) and additional systems were also affected.

“Upon some investigation there are a couple of boxes, specifically hera and odin1, with potential pre-cursors on demeter2, zeus1 and zeus2, that have been hit by this,” Hawley wrote.

The intrusion was discovered on 28 August and according to preliminary findings attackers gained access by using a set of compromised credentials. They then elevated their privileges to root by exploiting a zero-day vulnerability that the administrators have yet to identify.

Fortunately, logs and parts of the exploit code were retained and will help the investigation. A Trojan was added to the startup scripts of affected systems, but gave itself away through Xnest /dev/mem error messages.

According to the admins, these error messages have been seen on other systems as well, but it’s not clear if those machines are vulnerable or compromised. “If developers see this, and you don’t have Xnest installed, please investigate,” the administrators advised.

The good news is that the exploit failed on systems running the latest Linux kernel version, 3.1-rc2, which was released two weeks ago. This is possibly the fortunate consequence of one of the bugfixes it contains.

All of the affected boxes were taken offline following the incident and will be reinstalled. The official Linux kernel source code is also being analysed for unauthorised changes, however, these should be very easy to spot thanks to the security measures built into the git repository.

Furthermore, over four hundred users will be forced to change their credentials and SSH keys as a precaution. The project’s security policies will also be reviewed and improved.This is not the first time that a major open source project has had to deal with such an intrusion.

Last December, Savannah, the collaborative development platform maintained by the Free Software Foundation was taken offline after hackers managed to break in through an SQL injection vulnerability. And in September 2009 the infrastructure team of the Apache Software Foundation took several mirrors offline after the main staging server was compromised using a stolen SSH key.



Courtesy-TheInq by Lucian Constantin


Is Anonymous Going After Wall Street?

August 26, 2011 by  
Filed under Uncategorized

Anonymous has called on its followers to descend on Wall Street next month and occupy it.

The group has joined an existing campaign that is being promoted by Adbusters and Culture Jammers under the S17 banner, and has asked its followers to attend with tents and portable kitchens so that it can set up a barricade.

The date for the occupation is 17 September, and on its poster Anonymous said that it had one simple demand, which is “Bring Tent”. We expect it will have others to make of Wall Street itself however.

Adbusters was pleased by the groups joining and welcomed it on its own web site. The flood of attention could also help it carry out other ‘occupations’ in other major cities.

“Simultaneous occupations of financial districts are now being planned in New York City, Madrid, Milan, London, Paris and San Francisco. With a bit of luck, this list of participating cities will grow,” it wrote.

“If we can pull together just the right mix of nonviolence, tenacity and strategic smarts, S17 could be the beginning of the global revolution we’ve all been dreaming about for so long … wouldn’t that be lovely.”

Anonymous announced its support earlier this week with a video, but has increased the campaign with a poster as the event draws closer.
 by Dave Neal

Next Page »