Subscribe to:

Subscribe to :: ::

The U.S. Is Not The Worst Cyber Snooper

June 24, 2013 by  
Filed under Around The Net

The Indian government cyber snooping program is becoming so pervasive that it makes the US Prism operation look harmless. India is giving its security agencies and even income tax officials the ability to tap directly into e-mails and phone calls without oversight by courts or parliament, several sources said.

The excuse is that the move will help safeguard national security, because that excuse is always trotted out when governments do evil things. The Central Monitoring System (CMS) was announced in 2011 but there has been no public debate and the government has said little about how it will work or how it will ensure that the system is not abused.

The government started to quietly roll the system out state by state in April this year, according to government officials. Eventually it will be able to target any of India’s 900 million landline and mobile phone subscribers and 120 million Internet users.

Cynthia Wong, an Internet researcher at New York-based Human Rights Watch said that if India doesn’t want to look like an authoritarian regime, it needs to be transparent about who will be authorized to collect data, what data will be collected, how it will be used, and how the right to privacy will be protected.


Chinese Hackers Appear To Be At It Again

May 22, 2013 by  
Filed under Around The Net

Three months after hackers working for a cyberunit of China’s People’s Liberation Army went silent they appear to have resumed their attacks using different techniques.

The Obama administration had bet that “naming and shaming” the groups, first in industry reports and then in the Pentagon’s own detailed survey of Chinese military capabilities, might prompt China’s new leadership to crack down on the military’s team of hackers. But it appears that Unit 6139 is back in business, according to American officials and security companies.

Mandiant, a private security company that helps companies and government agencies defend themselves from hackers, said the attacks had resumed but would not identify the targets. The victims were many of the same ones the unit had attacked before. Mandiant said that the Chinese hackers had stopped their attacks after they were exposed in February and removed their spying tools from the organisations they had infiltrated.

But in the last two months, they have begun attacking the same victims from new servers and have reinserted many of the tools that enable them to seek out data without detection. The subject of Chinese attacks is expected to be a central issue in an upcoming visit to China by President Obama’s national security adviser, Thomas Donilon. However little is expected to come of it, the Chinese have always denied that they have a hacked anyone, ever.


Anonymous Went After North Korea Again

April 16, 2013 by  
Filed under Around The Net

Anonymous has restarted its attack against North Korea and once again is using a North Korean Twitter account to announce website scalps.

The Twitter account @uriminzok was the scene of announcements about the hacked websites during the last stage of Op North Korea, and reports have tipped up there again.

The first wave of attacks saw a stream of websites defaced or altered with messages or images that were very much not in favour of the latest North Korean hereditary leader, Kim Jong-un.

They were supported by a Pastebin message signed by Anonymous that called for some calming of relations between North Korea and the US, and warned of cyber attacks in retaliation.

“Citizens of North Korea, South Korea, USA, and the world. Don’t allow your governments to separate you. We are all one. We are the people. Our enemies are the dictators and regimes, our goals are freedom and peace and democracy,” read the statement. “United as one, divided by zero, we can never be defeated!”

Before the attacks restarted, the last Twitter message promised that more was to come. It said, “OpNorthKorea is still to come. Another round of attack on N.Korea will begin soon.” Anonymous began delivering on that threat in the early hours this morning.

More of North Korean websites are in our hand. They will be brought down.

— uriminzokkiri (@uriminzok) April 15, 2013

We’ve counted nine websites downed, defacements and hacks, and judging by the stream of confirmations they happened over a two hour period. No new statement has been released other than the above.…

— uriminzokkiri (@uriminzok) April 15, 2013

Downed websites include the glorious, a North Korean news destination. However, when we tried it we had intermittent access.

Last time around the Anonymous hackers had taken control of North Korea’s Flickr account. This week we found the message, “This member is no longer active on Flickr.”


Anonymous Latest CyberAttack Fails

April 10, 2013 by  
Filed under Computing

A cyberattack campaign, dubbed #OpIsrael by hacking group Anonymous failed to bring down the Israeli government websites over the weekend.

Yitzhak Ben Yisrael, of the government’s National Cyber Bureau said that while the attack did take place, it did hardly any damage. Ben Yisrael said that Anonymous lacked the skills to damage the country’s vital infrastructure. And if that was its intention, then it wouldn’t have announced the attack before hand.

“It wants to create noise in the media about issues that are close to its heart,” he said, as quoted by the Associated Press news agency.

Posters using the name of the hacking group Anonymous had warned they would launch a massive attack on Israeli sites in a strike they called #OpIsrael starting April 7. Last week, a leading hacker going by the handle of “Anon Ghost” said that “the hacking teams have decided to unite against Israel as one entity…Israel should be getting prepared to be erased from the Internet,” according to Israeli media reports.

Israel’s Bureau of Statistics was down on Sunday morning but it was unclear if it was hacked. Defense and Education Ministry as well as banks had come under attack the night before but the security shrugged it off.
Anonymous did have a crakc at the stock market website and the Finance Ministry website but no one there noticed.

Where Anonymous was successful was when it targeted small business. Some homepage messages were replaced with anti-Israel slogans, media said. Israeli hackers hit sites of radical Islamist groups and splashed them with pro-Israel messages.


Are SmartTV’s Next For Hackers?

March 1, 2013 by  
Filed under Consumer Electronics

The growing variety of smart devices is bringing with it glaring holes in network security, according to researchers.

Speaking at the 2013 RSA conference in San Francisco, Cylance CEO Stuart McClure noted how devices ranging from industrial controllers to smart television sets can be manipulated to act as gateways to corporate networks and facilities.

McClure demonstrated a number of attacks that used relatively simple and low-tech processes to exploit smart devices and manipulate both the devices themselves and the networks that connect them.

Some of the exploits used uncommon means for accessing networks. Researchers showed how a common universal remote could be modified to access the infrared port on a smart TV and manipulate network security settings. When the settings were disabled, the researchers then accessed the TV from a PC and from there viewed the network itself.

In a second demonstration, the researchers described how an attacker can use web controls to access industrial control systems. By exploiting first a privilege escalation flaw then a second vulnerability, an attacker can gain control over industrial control hardware and manipulate either software and network credentials or cause real-world damage by instructing the unit to operate in unsafe conditions.

McClure said that part of the problem is the nature of smart devices themselves. In bolting network technology onto traditionally solitary devices, vendors have not only neglected security but in making devices accessible they have also created new opportunities for abuse.

“They say these are features, that we designed it this way,” McClure said.

“I say yes, but features can kill.”

Other hacking techniques can compromise companies with little to no technology. Cylance researchers showed how an attacker can exploit the emergency key lock-box units on facilities by duplicating the regional keys used by police and fire departments. In such a scenario an attacker would be able to unlock a facility and potentially steal hardware or intellectual property without triggering alarm systems.

McClure said that while the prospects for securing embedded systems can at first seem daunting, in many cases simple solutions can secure the devices. Methods ranging from electrical tape over the infrared ports on TV sets to connecting lock boxes with fire and security alarms can thwart the attacks described by researchers.

The key to securing embedded systems, said McClure, is for firms to change their thinking and open their eyes to the vulnerabilities around them.

“What we are proposing is to look back at prevention being first, we just need to get back to that mindset,” he explained.

“Being able to choke it at that point and having a secure process for managing all the inputs, you will go a long way to preventing all these attacks.”



Hackers Goes After Finland Over Pirate Bay

January 10, 2012 by  
Filed under Computing

Anonymous apparently has declared war on Finland after the country began blocking access to the filesharing web site Pirate Bay.

Yesterday we reported that the large Finnish ISP Elisa, had begun blocking the web site at the order of Finland’s High Court. This news was not taken well by Anonymous, which responded by hacking its ‘enemy’.

“TANGO DOWN Copyright Information & Anti-Piracy Centre In Finland | And We’ll keep it down as long as We want \o/,” wrote the Anon_Finland account on Twitter.

The cause caught the attention of the wider Anonymous hacktivist collective, and the Anonymous Finns got its support.

“Finland is apparently just begging for some sweet, sweet Anonymous action. We shall oblige them. #Elisagate ^_^” wrote Youanonnews.

Anonymous Sabu, one of the more vocal members of the group also took an interest. “Ladies and gents: today we will focus on Finland. and every country like it who has begun a campaign of censorship. First steps to Cyberwar,” he tweeted, adding, “To the Finnish government: Stop censorship or deal with the consequences.”

Elisa is appealing the decision and is calling its block a temporary one. It also said that it installed the block to avoid a fine. It added that it did not make the decision, but the High Court.


Stratfor Security Hit By Anonymous

December 29, 2011 by  
Filed under Computing

The Stratfor, security firm whose website was compromised over the weekend by members of the anarchic computer-hacking group Anonymous, has reported that victims of the attack have had their credit cards used again.

Victims of the attack, mostly employees of major companies or agencies which use Stratfor’s, learnt at Christmas that their names, addresses and credit card details had been published online. The cards were then used to make large donations to major charities.

Now it seems that Stratfor is warning that the cards were being used again if the victims complained to the press. On another webiste Anonymous used another website to mock victims who spoke to the Associated Press about their experience. Its said “We went ahead and ran up your card a bit.”

Stratfor, which is based in Texas, provides analysis that helps customers to reduce their exposure to risk. We would have thought it should have known better and failed to take basic steps to encrypt customer data.




Will Anonymous Retaliate If SOPA Is Passed?

December 23, 2011 by  
Filed under Computing

Anonymous has said it will respond if the controversial Stop Online Piracy Act (SOPA) is passed into law in the US.

The group has posted a statement in which it reiterated its attitude towards SOPA and its plans to create an internet police state.

“The goal of the so-called ‘Stop Online Piracy Act’ SOPA is to empower litigious U.S. corporations to police the internet, with the ability to act as judge, jury and executioner,” it says.

“SOPA tramples civil rights laws, fair use, freedom of press and freedom of speech. Under SOPA an average person could be arrested, fined, sued and spend time in a federal prison for so little as uploading a video to YouTube or even linking to one. This law further proves the reality of corporate rule and totalitarianism.”

The vote on SOPA has been delayed due to opposition, according to the post, and is not likely to happen until next year. However, the hacktivists suggest that it will be delayed only as long as it takes for the media to lose interest.

“In a democracy this should be enough to defeat the bill, however, in the U.S. it only means that the vote will get delayed until the media loses interest and the backing corporate lobbyists have enough time to ‘influence’ [read: bribe] the vote to their favour,” they warn.

“However, it has been clandestinely moved forward in an attempt to fast track the law under the radar of a culture drunk on materialistic obsession – as such The House Judiciary Committee is reconvening on the 21st of December. In short, we were lied to.”

The hacktivist group said that it would react to this, and react strongly. “Our reaction will not be little,” it warns.

Anonymous wants to spread awareness and increase opposition to SOPA while it is still up for debate, and called on fellow Anons are asked to carry out points of action, the first being to hack into and replace the front page of “every website we can” with a protest page.

“Encourage friends, businesses, organizations, social media to take a stand along side us in the same way,” it says. “Use/distribute the OpBlackOut material we’ve provided for this purpose, or make your own (but please try to be concise and indict SOPA specifically so the message is clear, unanimous and omnipresent). Get this image and message everywhere online. Plant the seeds of dissent where ever they can grow.”

As well as acting online, Anonymous said that supporters should physically protest through stickering and tagging billboards, signs and advertising.

“Get people talking. Put the truth not only where it can be seen, but where it cannot be avoided,” it adds. “This is something everyone can do. We are legion, this is our voice, people are listening, we will be heard.”



Hackers Break Into The US Chamber of Commerce Systems

December 21, 2011 by  
Filed under Computing

Chinese hackers have broken into the US Chamber of Commerce computer systems and gained access to information about its three million members.

According to the Wall Street Journal, people familiar with the matter said that the hackers might have broken into the business lobbying group’s network more than a year before they were discovered. The attack, which involved at least 300 email addresses, was cut off in May 2010 and quietly closed down, the paper said.

Officials think that one of the people responsible for the hack was connected to the Chinese government. The hackers stole six weeks of emails belonging to four employees who focused on Asia policy.

The Chamber moved to shut down the operation by unplugging and destroying some computers and overhauling its security system.

The group timed the clamp down for a 36-hour period over one weekend when the hackers were expected to be off duty.

Chamber staff did not report any sign of harm to the group or its members.





Romanian Hackers Charged

December 9, 2011 by  
Filed under Computing

Romanian hackers have been charged with breaking into the card processing systems of 150 Subway sandwich shops and 50 other unnamed retailers.

Wired said that hackers nicked the credit-card data of more than 80,000 customers and used the data to make millions of dollars of unauthorised purchases between 2008 until May 2011. The hackers broke into 200 point-of-sale (POS) systems in order to install a keystroke logger and other sniffing software that would steal customer credit, debit and gift-card numbers. They also placed backdoors on the systems to provide ongoing access.

They found the vulnerable POS systems by scanning on the internet for devices with remote desktop software installed on them. They then used the software to log into the targeted POS system, either by guessing the passwords or using password-cracking software programs. Adrian-Tiberiu Oprea, 27, Iulian Dolan, 27, Cezar Iulian Butu, 26, and Florin Radu, 23, were charged in the District of New Hampshire with four counts, including conspiracy to commit computer fraud, wire fraud and access device fraud.

Oprea was arrested last week in Romania and is in custody there. Dolan and Butu were arrested upon entering the U.S. last August. Coppers have not found Radu yet. Also named in the suit is Computer World, a Louisiana-based retailer, which sold and maintained Radiant’s Aloha POS system.

Apparently Computer World’s technicians installed the remote-access program PCAnywhere on the systems to allow its technicians to fix technical problems from off-site. However they forgot to secure the program or update it. The default login was “administrator” and the
password was “computer.”




Are Governments Lacking Cyber Security Experts?

November 16, 2011 by  
Filed under Computing

As governments recognizing the need for cyber security strategies, (ISC)², which is the information security professional body has warned that there is not enough skilled staff out there.

There is an element of “it would say that” as it administrators the CISSP certificate for cyber security strategies. However, its comments do strike us as likely. It has called on national governments to recognize the requirement for internationally recognized skills, principals and practices to tackle what is a very sophisticated global threat landscape. With its own research anticipating a doubling of the workforce by 2015.

(ISC)² said that cyber security is rising up as a priority in political arenas, as evidenced by the recent London cyber security conference attended by world leaders from 60 countries; however, the skills and competency requirements do not appear to be high on the international discussion agenda.

A spokesman for (ISC)², John Colley, said that while many countries are examining the capacity and competencies required for national security, but there is a risk of too much focus on national politics rather than a real understanding of what is required. “They should be careful not to work in isolation,” he warns, adding that “nationally focused schemes risk confusion in a landscape that requires an ability to communicate and operate across borders,” Colley said.




Hackers Plan To Go After Fox News

November 1, 2011 by  
Filed under Computing

Anonymous plans to take out the Fox news network because of its coverage of the Wall Street Protests.

Dubbed “Operation Fox Hunt”, Anonymous announced the plans on YouTube to attack the Fox News website on the anniversary of Guy Fawkes Day. Anonymous is also planning to target former Fox News personality Glenn Beck as well as current Fox News representative Sean Hannity and Bill O’Reilly during “Operation Fox Hunt”.

Anonymous said that it has had a gutsful of “right wing conservative propaganda” and “belittling the occupiers” of the Occupy Wall Street demonstrations. Anonymous recently a distributed denial-of-service attack against the Oakland police department’s website after a 24-year-old wounded Marine home from serving two tours in Iraq was critically injured in the Occupy Oakland protest. Police allegedly threw an object that fractured the marine’s skull landing him in the hospital.

Inspiration for Anonymous members, Guy Fawkes is most commonly known as the only person to enter Parliament with an honest intention. He wanted to blow up the House of Lords on November 5 in the year 1605 as part of a Catholic uprising.




Stuxnet Computer Worm Sibling (DuQu) Is Out In The Wild

October 19, 2011 by  
Filed under Around The Net

The STUXNET computer worm that crippled an Iranian nuclear fuel plant last year now has a sibling called Duqu that’s already in place on European computers, according to a detailed report by an anonymous research lab.

The virus, named after the DQ prefix it adds to files it creates, is reportedly “very similar to Stuxnet”, according to security firm Symantec, which gained access to the report and samples of the virus. “Parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose. Duqu is essentially the precursor to a future Stuxnet-like attack.”

Symantec revealed that the the Duqu virus is designed to gather industrial control system data, including keystrokes from engineers, in an effort to compile information for a possible further attack some time in the future.

The difference between Duqu and Stuxnet is that the former is mainly a remote access trojan, designed to steal information, and the virus does not self-replicate. Stuxnet, however, affects industrial control systems much more directly, so much so that it can alter their operations in an effort to cause extreme damage, which many experts believe is what happened to Iran’s nuclear fuel enrichment systems.

“The creators of Duqu had access to the source code of Stuxnet,” Symantec said, according to Reuters. It is widely believed that the US or Israel was behind development of the Stuxnet worm, which means that this could be a follow-up monitoring attempt or perhaps a response from Iran to try to find a rival target to sabotage.

The US Department of Homeland Security said that it is aware of the virus, has issued a public alert, and is working to analyze the worm.




Anonymous Goes After PayPal Again

October 19, 2011 by  
Filed under Around The Net

Anonymous is launching a second round of protests against online payment service Paypal, which could see thousands of people closing their Paypal accounts.

Anonymous member and spokesperson Sabu told some 25,000 supporters on his Twitter page, “If you haven’t already – close out your paypal accounts. Transfer your money to a credit union. Small steps we need to take for big picture.”

Another tweet that is making the rounds on Twitter is, “Today is #OpPayPal round two. Close out your paypal accounts. Inform your family//peers. Email companies that rely on PP to use alts. RT!”

For those who want to continue making online payments without using Paypal, Sabu suggested using an “anonymous prepaid visa card”, which can bought from many local shops.

However, users might encounter problems with online payments, as many online retailers use Paypal for everything, even normal credit card purchases. This means that those who do buy a prepaid credit card could be forced to use it through Paypal anyway.

In response to this concern Sabu said, “Might have to start emailing companies to use alternative payment systems. If enough people communicate this point: win.”

There are no recent tweets about Paypal on the Anonymous Twitter page, but it’s likely only a matter of time before the news starts appearing on multiple accounts associated with the group.

This latest round of Paypal protests appears to be in response to Paypal’s decision to freeze donations to the independent social networking project Diaspora. Paypal refused Diaspora’s appeal and has failed to provide an explanation of what it alleges Diaspora did wrong. It can hold Diaspora’s money, which is around $45,000, for up to six months. Diaspora is now using Stripe in place of Paypal.




Will Anonymous Join The Wall Street Protest?

October 4, 2011 by  
Filed under Around The Net

Anonymous has said that it is joining in the anti-Wall Street Protests in New York.

Despite low press coverage the Occupy Wall Street protests gaining traction around the US and now the hacking collective known as Anonymous issued a statement about a planned attack for the financial district. It said that it would specifically target the New York Stock Exchange on October 10 and claims to “erase” the NYSE from the Internet on that day.

Operation Invade Wall Street is likely to be a Distributed Denial of Service (DDoS) attack on the New York Stock Exchange website. The message was included in a video uploaded to YouTube that’s designed to recruit more hackers to the Operation Invade Wall Street cause.

A one-day DDoS attack would be a nuisance for the officials of the NYSE, it’s unlikely to cause any significant damage. However, there are fears that Anonymous will attack to disrupt the exchange and attempt to harm trading on October 10.

So far Anonymous targets the New York City police department which has been doing its best to kill off any good will it might have gained during September 11, by battering harmless protesters and innocent bystanders. Anonymous has released personal information in regards to the officer using the pepper spray such including his phone number, home address and names of relatives.





Next Page »