Tag: hacker

Hackers aim to take out the whole net

Mr Robot A bunch of unidentified hackers is carrying out a campaign to find out how to take down the net, warns a security expert.

Writing in his bog, security expert Bruce Schneier said “precisely calibrated” attacks on key net firms had been seen for over a year and are probing weaknesses in the defences of organisations that oversaw critical parts of the net.

It is possible that the attackers are Chinese or Russian and the range of attacks he described was “the new normal” for many of the organisations.

The attacks are not clever they use DDoS attacks to probe defences, to knock it out by overwhelming it with data. But in this case they were “significantly larger” and lasted longer than most such attacks.

There was also a science involved with the amount of data being directed at victims was slowly turned up. Often, he said, the peak data rate of one series of attacks would be the starting point for the next wave.

The attackers were trying several different types of DDoS attack to see how the companies would respond.

Verisign has backed Schneier’s conclusions. In the latest edition of a regularly issued report, it said it had seen DDoS attacks become “more frequent, persistent and complex”.

Arbor Networks, which helps defend firms against DDoS attacks, said they had been growing in “frequency, volume, and sophistication” for many years.

However Roland Dobbins, principal engineer at Arbor, told the BBC it was “manifestly untrue” that only state-sponsored hackers could mount the most sophisticated and sizeable attacks as  the attacks could be done by anyone.

“Some are nation-state actors, some are affiliated with nation-states at arm’s length, many are non-state ideological actors, and many are commercially driven criminal actors,” Dobbins said.

Putin’s hackers target the Olympic doping committee

putin gunThe Tsar of all the Russias, Vladimir Putin, has ordered his hackers to take time out from getting his mate Donald Trump elected to wreck a terrible revenge on the Olympic doping committee for disqualifying most of the Russian athletes in the Rio Olympics.

The World Anti-Doping Agency (WADA) claimed that  Russian hackers gained access to its database and viewed information on athletes involved in this year’s Olympic games. The agency is certain that Putin’s state-sponsored group Fancy Bear crew is behind the attack.

The accessed data included medical information, like Therapeutic Use Exemptions issued by International Sports Federations and National Anti-Doping Organizations. The group has reportedly released some of this data and threatened to release more.

It was not a direct attack. The attackers used spear phishing emails to gain access to the database and eventually used credentials specifically made for the Rio Olympic games. Since the incident, WADA is conducting vulnerability tests and bringing in law enforcement to conduct an investigation.

Fancy Bear was also reported as the group behind this summer’s attack on the Democratic National Committee. In that case, three security firms independently verified the attribution and concluded the attack’s motives related to Russia and the country’s interests.

It is believed that the attack might be revenge for the doping scandal, with the hackers seeking to prove that the world is against Russia because it is really great.

Putin’s hackers practice gaming the US election

putin gunIt seems that hackers with links to Tsar Putin, are practising making sure that Donald Trump is elected by tampering with the electronic voting systems.

The FBI has warned that Arizona and Illinois voter registration systems were infiltrated by foreign hackers who downloaded personal data on up to 200,000 voters.

The Untouchables have warned US election officials to increase computer security measures after it uncovered evidence that hackers have targeted two state election databases in recent weeks,

Citing a state election board official, Yahoo News said the Illinois voter registration system was shut down for 10 days in late July after hackers downloaded personal data on up to 200,000 voters.

The Arizona attack was more limited and involved introducing malicious software into the voter registration system, Yahoo News quoted a state official as saying. No data was removed in that attack, the official said.

US intelligence officials have become increasingly worried that hackers sponsored by Russia or other countries may attempt to disrupt the November presidential election.  Donald Trump owes a lot of cash to Russian oligarchs so it would be helpful to Tsar Putin to have someone in the White House who does what he is told.

Officials and cybersecurity experts say recent breaches at the Democratic National Committee and elsewhere in the Democratic party were likely carried out by people within the Russian government. Kremlin officials have denied the allegations of Moscow’s involvement.

Concerns about election computer security prompted the homeland security secretary, Jeh Johnson, to convene a conference call with state election officials earlier this month, to offer help in making their voting systems more secure.

Hackers offer to sell NSA virus tools

spyA hacking group called the Shadow Brokers have claimed to have hacked the National Security Agency’s Equation Group and are  auctioning off what they claim to be a small but dangerious set of Equation Group’s cyberweapons to the highest bidder.

The bidding for the potential cyberweapons has officially begun considerably lower than the asking price. The Shadow Broker’s Bitcoin address shows a kick-off bid of 0.0355 BTC, equivalent to less than $20.

The Shadow Broker website claims. “We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.”

It looked a bit silly, but cybersecurity experts think it could be the real and that the  auctioned data might be stolen straight from the NSA.

Matt Suiche, founder of UAE-based cybersecurity startup Comae Technologies said that while he had not tested the exploits they appear real.

Apparently Washington is all a buzz thinking that those responsible for the hack might be Tsar Putin’s hacker team who also took down the Democrat servers to help Donald Trump to win the election. We would have thought though that the NSA’s hacker tools would be more useful to the Russians if only it knew about them.

 

Chinese hackers posted Delta airlines vulnerablities on the dark web

chinese-propaganda-posterChinese hackers appear to have been flogging Delta Airlines vulnerablities on the dark web and some of these are already being exploited.

This week Delta Airlines started to suffer from an attack which caused worldwide delays to flights. Although the source of this attack has not been found, it appears to be a concidence that Chinese government hackers just happened to be looking on the dark web for suggested hacks on Delta Airlines earlier this year.

In January a darknet black market run by Chinese state hackers published an advertisement for information and vulnerabilities in a long list of major airlines that included Delta Airlines, United Airlines, Japan Airlines, FedEx, and others.

According to Epoch Times  the advertisement was under the “Air Attacks Infrastructure” category under the premium section of the online black market run by hackers who call themselves “Babylon APT.”

Darknet researcher, Ed Alexander, who runs the world’s largest known team of darknet cybercrime undercover investigators said that the full list of airlines included Delta Airlines, but noted this doesn’t necessarily mean the current outage is tied to the vulnerability posted for sale by the cybercriminals.

He said: “That is not to say that Babylon is not a part of it, but they certainly had some level of access.”

Babylon APT is run by Chinese military hackers who use it to resell information and access to critical networks after finishing contract cyberattacks under the Chinese regime. The hackers also offer mercenary cyberattacks on critical infrastructure, businesses, or personal networks. Their clients include foreign governments and organized gangs of cybercriminals.

AI computers will try to hack each other

cybermen__quot_delete_quot__campaign_by_degaspiv-d33hjoaSeven AI computers will have a crackat hacking each other in Las Vegas early next month.

The seven will take part i nDARPA’s Cyber Grand Challenge finals and try to defend themselves and point out flaws without any human control. The object is to show that machines can beat even the best human hackers.

Mike Walker, programme manager for the CGC siad that it was  proof that eventually the entire security life cycle could be automated.

On average,  flaws in software go unnoticed for around 312 days — which hackers can often exploit. And then once those flaws are noticed by a human, they need to be understood, patched, and then released out to the broader community.

The CGC hopes this problem could be fixed within minutes, or even seconds, automatically.

Seven teams of finalists were given a DARPA-constructed computer. Their task was program it to be able to recognize and understand previously-undisclosed software, find its flaws, and fix it. And once the challenge starts, they won’t be able to jump on a keyboard and do anything more.

“The machines have to comprehend the language of the software, author the logic for that software, write their own network clients, And arrive at the path of the new vulnerabilities entirely on their own.”

While they are scanning their own systems for problems, the machines can also scan the other teams’ systems for issues, but they can’t actually hack them.

Walked likened it to calling your shot in a game of pool, without actually hitting the ball.

Instead, they will send a message of sorts to the DARPA referee, who will then go ahead and see if that exploit is correct, or if what was pointed out could crash the other machine.

The first place team will take home $2 million so it is worth a crack.

Malware writer told to pay $6.9 million damages

top-10-hacker-arrests-in-2013_NikitaA Russian man who spent about three years behind bars in the United States for creating the computer malware known as Gozi has been told to pay $6.9 million to cover losses to bank customers.

Nikita Kuzmin, 28, could have received more prison time but was sentenced to time served at a hearing in Manhattan federal court. He was jailed in August 2011 and held for 37 months before authorities released him.

Apparently he got a lot of time off for helping coppers with their inquiries.  Kuzmin’s attorney, Alan Futerfas, confirmed the sentence and said Kuzmin was glad to put the episode behind him and move on to the next stage of his life. He declined to say what Kuzmin’s plans were.

It is not clear if Kuzmin had a spare $6.9 million lying around, but at the time Prosecutors described Kuzmin as an innovator in online crime, saying he not only created Gozi but rented it out to criminals who used it to steal tens of millions of dollars from bank accounts.

Kuzmin was arrested in 2010 after he travelled to a conference in the United States. He pleaded guilty in May 2011 in a cooperation agreement with US prosecutors.

More than 700,000 websites hijacked

Hijack_posterBeancounters working for Google have worked out that more than  700,000 websites were breached between June 2014 and July 2015.

The research showed that vulnerable webservers were routinely hijacked for “cheap hosting and traffic acquisition”. Google recorded 760,935 “hijacking incidents” within the period but said that its direct communication with webmasters had curbed the amount of breaches.

Google’s Safe Browsing Alerts sendnotifications to network administrators when harmful URLs are detected on their networks. It said that these had increased the likelihood of a “cleanup” by over 50 percent and reduced “infection lengths” by at least 62 percent.

WordPress experienced the most breaches. The platform accounted for almost half of all attacks.

Attacks were primarily conducted on websites run in English, with attacks on Chinese, German, Japanese and Russian language websites following closely behind.

Google currently monitors approximately 40 percent of all active networks on the web.

Missing Scot’s family disavows Anonymous video

anonThe family of a missing Scot have disavowed a video from Anonymous which threatens the Scottish police with cyber attacks for not doing enough to find him.

The video accuses the police investigators in the Allan Bryant case of failing to effectively investigate the case. However Bryant’s family have said that while the video did represent their views about Police Scotland not doing enough, they were shocked by the way it ended because they’re actually threatening police officers in Glenrothes.

.ryant’s father, also called Allan told the Daily Record: “I’ll not condone anything that threatens violence towards any police officers. It’s not the right way to go about things. I don’t want anyone threatening police officers in my son’s name.”

Bryant was last seen on 3 November 2013, outside a nightclub in Fife. A CCTV footage of him leaving the Styx Nightclub in Glenrothes was the last known sighting of the missing Scot, who his family now believe has been murdered.

The threatening video posted accused police investigators of “failing the Bryant family and went on to threaten the police by saying: “This is a message to Police Scotland. We are aware of your lack of cooperation with the family of missing man Allan Bryant junior. This is a warning to Police Scotland and particularly the Glenrothes Police headquarters — should you not to more to have the culprits that have harmed Allan Bryant junior brought to justice then we are going to initiate our very own justice against you and your officers.”

A Police Scotland spokeswoman said: “Police in Fife have been made aware of a communication that suggests reprisals towards officers in Glenrothes. The safety of the public and our officers is an absolute priority. Inquiries are ongoing to establish the full circumstances surrounding this and respond appropriately.”

Police Scotland added that the Allan Bryant missing person search “remains the largest ever conducted within Fife” and is still an ongoing investigation. The police have also appealed to the public to come forward with any information regarding Bryant’s whereabouts or movements after his departure from the Styx Nightclub.

Brazilian coders create platform friendly malware

brazilBrazilians are a friendly bunch and now its hackers are starting to design malware on Java JAR files which can play nicely on all three major platforms, Mac, Linux, and Windows.

Virus vendor Kaspersky has spotted a few families of Java executables in the wild which don’t really care what operating system you use.

By packing malware as a JAR file, crooks are practically making sure their content will be executed on all targets, regardless of operating system.

True the Java engine needs to be installed on each victim’s computer for the malware to run, but given it is installed on 70-80 percent of computers that is pretty much a no-brainer.

According to Kaspersky, Brazil’s criminal underground seems to be the first one that has taken this step. At the moment they are running spam campaigns and banking trojans.

Right now, infections with these three malware families that use JAR files are popping up mainly in Brazil, but a large number of victims was also recorded in China and Germany, where Kaspersky says that local cyber-crime gangs are also experimenting with the same JAR-packing techniques.