Tag: hack

Yahoo hacked again

13.-Hacker-1-696x464Yahoo has said that it was hacked again and data from more than a billion user accounts was nicked.

Apparently the attack happened in August 2013, making it the largest breach in history and we just found out about it.

The number of affected accounts was double the number implicated in a 2014 breach that the internet company disclosed in September and blamed on hackers working on behalf of a government. News of that attack, which affected at least 500 million accounts, prompted Verizon Communication Inc to say in October that it might withdraw from an agreement to buy Yahoo’s core internet business for $4.83 billion.

Verizon said about the latest attack that it would be reviewing the impact of this new development before reaching any final conclusions.

A Yahoo spokesman said the company has been in communication with Verizon during its investigation into the breach and that it is confident the incident will not affect the pending acquisition.

A spokesYahoo added it believes hackers responsible for the previous breach had also accessed the company’s proprietary code to learn how to forge “cookies” that would allow hackers to access an account without a password.

However some analysts have said that the company has screwed up and was found not to have been taking security seriously enough.

Yahoo said it had not yet identified the intrusion that led to the massive data theft and noted that payment-card data and bank account information were not stored in the system the company believes was affected.

Yahoo said it discovered the breach while reviewing data provided to the company by law enforcement. FireEye Inc’s Mandiant unit and Aon Plc’s Stroz Friedberg are assisting in the investigation, the Yahoo spokesman told Reuters.

 

Talktalk hit by hack

_86340980_talkmoreA hacker managed to bring down “a small number of customer routers” belonging to Britain’s Talktalk Telecom’s broadband.

Talktalk said that it was hit with the Mirai worm which is a malware which in October cut off access to some of the world’s best known websites, including Twitter and Spotify.

The phone outfit said that it was teaming up with several other ISPs in the UK and abroad, to try and tackle the worm.

It added that it had already made several changes to its own operations to prevent the worm’s return.

A cyberattack affecting some types of routers hit around 100,000 of Britain’s Post Office broadband customers on Sunday, the Post Office said in a statement on Thursday.

The company added: “Although this did result in service problems… no personal data or devices have been compromised. We have identified the source of the problem and implemented a resolution.”

On Tuesday, the German government and commercial security experts said hundreds of thousands of Deutsche Telekom AG customers suffered internet outages because of a worldwide attempt to hijack routing devices.

Oracle bug responsible for San Franciso hack

thCCYC72M0The attacker who infected servers and desktop computers at the San Francisco Metropolitan Transit Agency (SFMTA) with ransomware ogained access to the agency’s network by way of a known vulnerability in an Oracle WebLogic server.

That vulnerability is similar to the one used to hack a Maryland hospital network’s systems in April and infect multiple hospitals with crypto-ransomware. It appears that the hackers did not appear to have targeted SFMTA specifically.  It was just spotted with a vulnerablity scan.

SFMTA spokesperson Paul Rose said that the agency became aware of a problem on 25 November.  The ransomware encrypted some systems mainly affecting computer workstations.

The SFMTA network was not breached from the outside, nor did hackers gain entry through its firewalls. Muni operations and safety were not affected. Customer payment systems were not hacked and no data was nicked.

Based on communications uncovered from the ransomware operator behind the Muni attack published by security reporter Brian Krebs, an SFMTA Web-facing server was likely compromised by what is referred to as a “deserialization” attack after it was identified by a vulnerability scan.

Krebs said that it was possible to access to the mailbox used in the malware attack on the Russian e-mail and search provider Yandex by guessing its owner’s security question, and he provided details from the mailbox and another linked mailbox on Yandex.

Based on details found in e-mails for the accounts, the attacker ran a server loaded with open source vulnerability scanning tools to identify and compromise servers to use in spreading the ransomware, known as HDDCryptor and Mamba, within multiple organizations’ networks.

Three was hacked

maxresdefaultOne of Blighty’s biggest mobile phone companies, Three, has been hacked and its customer upgrade database may have been nicked.

The cyber security breach could put the private information of two thirds of Three’s nine million customers at risk.

A spokesthree said that the upgrade system does not include any customer payment, card information or bank account information.

However, the company said that is not the only bad thing that has been happening to the outfit. For the last month, it has been hit by a wave of attempted handset fraud.

“To date, we have confirmed approximately 400 high-value handsets have been stolen through burglaries and eight devices have been illegally obtained through the upgrade activity,” Carter said.

“This has been visible through higher levels of burglaries of retail stores and attempts to unlawfully intercept upgrade devices.”

At least the hackers appear have been identified. Three men have been arrested in connection with the breach at Three, the BBC said this morning.

The National Crime Agency arrested a man from Kent and two men from Manchester on Wednesday, the Beeb said. All three have been bailed pending further enquiries

Hackers take an entire country offline

li-areaHackers have managed to take an entire country offline, which even it is a small one, is showing the power of a denial of service attack.

The Mirai botnet was tuned to attack Liberia in Africa and chucked more than 1.1Tbps at the small country,  Security researcher Kevin Beaumont, who was one of the first to notice the attacks and wrote about what he found, said that the attack was one of the largest capacity botnets ever seen.

One transit provider said the attacks were over 500Gbps in size. Beaumont said that given the volume of traffic, it “appears to be the owned by the actor which attacked Dyn”.

Liberia has a basic and spotty internet coverage, which has a single fiber internet cable off its shores providing internet to the country. Just six percent of the country has an internet connection, according to official statistics. Most residents with an internet connection used satellite technology to get online until the arrival of the ACE fibre cable in 2011 along the west African coast, which provides a capacity of up to 5.1Tbps of data and is divided up to serve the entire coast.

“The attacks are extremely worrying because they suggest a Mirai operator who has enough capacity to seriously impact systems in a nation state,” said Beaumont.

It is not clear why anyone would want to attack Liberia, some security experts think that it is being used as a testing ground for new cyberweapons.

 

Linux has had a huge bug for nine years

bugA huge bug has been sitting in the Linux kernel for nearly nine years which gives untrusted users unfettered root access and no one noticed.

Now it seems the hole is under active exploit, according to researchers who are advising users to install a patch as soon as possible.

Dan Rosenberg, a senior researcher at Azimuth Security, told Ars Technica that it was the most serious Linux local privilege escalation ever.

The underlying bug was patched this week by the maintainers of the official Linux kernel and downstream distributors are in the process of releasing updates that incorporate the fix. Red Hat has classified the vulnerability as “important”.

Attacks exploiting this specific vulnerability were found by Linux developer Phil Oester who discovered it using an HTTP packet capture.

It took him less than five seconds to get total control.

Yahoo called out on “state sponsored hack”

13.-Hacker-1-696x464Troubled search outfit Yahoo has been called out over its claim that it was the victim of a state sponsored hacker in 2014.

Yahoo got into all sorts of hot water after it was revealed that it had been hacked a while ago and forgot to tell anyone It appeared to make matters worse by implying that it was not a regular common garden hack that bought its security to its knees but one of those government hacks which are impossible to stop.

According to InfoArmor, which claims to have some of the stolen information the hack was carried out by a bunch of hackers whose main clients are spammers.  “Group E,” a team of five professional hackers believed to be from Eastern Europe and are not backed by any government at all.

Andrew Komarov, InfoArmor’s chief intelligence officer claimed that Group E was behind high-profile breaches at LinkedIn, Dropbox and Tumblr. To sell that information, the team has used other hackers, such as Tessa88 and peace_of_mind, to offer the stolen goods on the digital black market.

“The group is really unique,” Komarov said. “They’re responsible for the largest hacks in history, in term of users affected.”

InfoArmor’s claims dispute Yahoo’s contention that a “state-sponsored actor” was behind the data breach, in which information from 500 million user accounts was stolen. Some security experts have been skeptical of Yahoo’s claim and wonder why the company isn’t offering more details.

The database that InfoArmor has contains only “millions” of accounts, but it includes the users’ login IDs, hashed passwords, mobile phone numbers and zip codes, Komarov said.

The security firm says it obtained the data from “operative sources” about a week ago and has verified that the account information is real. Komarov wouldn’t say more about how InfoArmor got the data.

Group E has sold the stolen Yahoo database in three private deals, Komarov said. At one point, the Yahoo database was sold for at least $300,000, he said. His firm has been monitoring the group’s activities for more than three years.

 

Yahoo’s hack spinning is not working

ElderlyspinneraTroubled search engine outfit Yahoo is getting itself deeper and deeper into hot water over the hacking scandal.

For those who came in late, Yahoo suffered a major hack which effected 500 million users, however for some reason it forgot to tell people about it for years.

The outfit’s latest trick is to claim that its massive data breach on a “state-sponsored actor” however it has not explained how it arrived at that conclusion. Nor has it provided any evidence.

Security analysts think that Yahoo is not telling the full truth about the hack.. The company has protocols in place that can detect state-sponsored hacking into user accounts. In a December 2015 blog post, the company outlined its policy, saying it will warn users when this is suspected.

Yahoo blaming foreigners is pure spin. There is a perception that while companies can handle ordinary hackers it is unfair to expect them to be able to take on “state hackers.”

In fact, it is pretty likely it was your run-of-the-mill common-garden hacker who took down Yahoo.

National spooks are more interested in state secrets they don’t really care about emails and passwords from a Yahoo account.”

What is also likely is that Yahoo is not talking about the hack because Verizon has agreed to pay $4.8 billion to buy Yahoo.  Verizon might be less keen on buying the company if it knows it has to fork out to buy a mess to clean it up.

Yahoo said it only recently learned of the data breach. But the hack actually occurred back in late 2014 — meaning the perpetrators had two years to secretly exploit the data.  This has got them in trouble with the US government who feels they should have declared it sooner.

Security expert jailed for 20 days for “political stunt”

jailA security researcher will be jailed for 20 days after hacking two websites belonging to the Florida state elections department.

David Levin, 31, of Estero, Florida was indicted on three hacking-related charges, pleaded guilty after turning himself in, in early May.

Leven is also the owner of Vanguard Cybersecurity. He will serve his prison sentence during the weekends so he can attend law school during the week. He also received two years of probation.

Coppers had no difficulty finding that Leven was the bloke they were after. He posted details of his hack of Lee County Elections Department on You Tube.

Levin recorded the video with Dan Sinclair, a candidate at the time in the local election’s supervisor race, revealing how easily he hacked the Lee County Elections website.

Police searched his home in February and seized his computers as evidence. Levin confessed to police, revealing that, on December 19, 2015, he illegally accessed the Lee County Elections website, and then on January 4 and 31, 2016, he gained access to the Department the State Elections website as well.

The cyber-security expert says he forwarded a report to the Florida Department of Elections about the issues he discovered in their websites.

Police charged Levin regardless because he didn’t ask for permission before performing the hacks. L

Levin also used credentials he found on one of the websites to access the account of then current Supervisor of Elections, Sharon Harrington.

In court, Levin described the whole incident as a “political stunt.” Sinclair, the person with whom Levin appears in the video detailing the hack, lost the election which made it all pointless.

Trump claims he was hacked too

Donald-Trump-funnyRepublican candidate Donald Trump has hired security outfit CrowdStrike after claiming his campaign has been hacked just like the Democrats.

But while the Democrats were almost certainly hacked by Trump’s allies in the Kremlin, it is less clear how significant the Republican hack really was. The US press claims that the “tools and techniques” used to hack Republican targets resemble those employed in attacks on Democratic Party organisations, including the DNC and Clinton’s campaign organisation. The implication is that the Russians were also spying on Trump.

Apparently one Trump staff member’s email account was infected with malware in 2015 and sent malicious emails to colleagues. It was unclear whether or not the hackers actually gained access to campaign computers. So basically any hacker who uses email to get into a system is hired by the Kremlin, which does not sound very logical.

The Trump campaign has hired security firm CrowdStrike, which also is assisting the Democratic National Committee. The company declined to comment.

Two US security officials said the FBI and the Department of Homeland Security have offered assistance to both political parties in identifying possible intrusions and upgrading their defenses against what one of the officials called “constantly evolving threats.”