Tag: hacker

Hackers take a pizza de action

Hackers have stolen data on more than 600,000 Dominos Pizza customers in Belgium and France and threatened to publish the data unless the company pays a cash ransom.

At risk are customer names, delivery addresses, phone numbers, email addresses and passwords which were taken from a server used in an online ordering system that the company is in the process of replacing.

Dominos spokesman Chris Brandon said at this point it was not clear if the stolen passwords had been encrypted.

Using Twitter the hackers said that they would publish the customer data on the Internet unless the company pays $40,800.

Dominos said that it was unaware of ransom demands, but that the company would not be making any such payment.

Domino’s Vice President of Communications Tim McIntyre said the hacking was “isolated” to independent franchise markets of Belgium and France, where the company’s online ordering system did not collect credit card orders, so no financial data had been taken.

Andy Heather, VP EMEA at Voltage Security said that holding companies to ransom was becoming a tool of choice by hackers who saw the value of personal data.

“The theft of financial information has a limited lifespan, because the victim changes the account details etc. But the personal information that can be obtained has a much broader use and can be used to commit a much wider range of fraud and identity theft, and cannot be changed,” he said.

Heather said that the Dominos breach highlights a need for companies to place tighter controls on how their customers’ sensitive information is stored and protected.

“If Dominos had employed format-preserving encryption to protect the data itself, the attackers would have ended up with unusable encrypted data instead of the current outcome where an untold amount of their customers’ personal information is now in the hands of cyber criminals,” he said. 

Iranian hackers used Facebook socks

Iranian spooks were involved in a three year hacker campaign using Facebook socks and a fake news website to spy on military and political leaders in the United States, Israel and other countries.

ISight Partners, which uncovered the operation, said the hackers’ targets include a four-star U.S. Navy admiral, US lawmakers and ambassadors, members of the US Israeli lobby, and personnel from Britain, Saudi Arabia, Syria, Iraq and Afghanistan.

It is not clear what data had been stolen by the hackers, who were looking for passwords to government and corporate networks.

iSight Executive Vice President Tiffany Jones told Reuters that the fact the programme went for so long indicated that they had some success.

The hackers created six “personas” who appeared to work for a fake news site, NewsOnAir.org, which used content from the Associated Press, BBC, Reuters and other media outlets. They then built eight personas who purported to work for defence contractors and other organizations.

The next part of the plan was to set up false accounts on Facebook and other online social networks for these 14 personas, populated their profiles with fictitious personal content, and then tried to befriend the victims.

iSight said it was the most elaborate cyber espionage campaign using “social engineering” that has been uncovered to date from any country.

The hackers would approach high-value targets by first establishing ties with the victims’ mates, classmates, colleagues, relatives and other connections over social networks.

They then sent content that was not malicious, such as links to news articles on NewsOnAir.org, in a bid to establish trust. Later they would send links that infected PCs with malicious software, or direct targets to web portals that ask for network log-in credentials.

The hackers used the 14 personas to make connections with more than 2,000 people, the firm said, adding that it believed the group ultimately targeted several hundred individuals.

Facebook has removed all of the offending profiles found to be associated with the fake NewsOnAir organisation. 

Washington to ban Chinese hackers from Defcon

In a stonking stroke of hypocrisy the US government is banning Chinese hackers from attending Def Con and Black Hat in Las Vegas.

The US said that it is considering using visa restrictions to prevent Chinese nationals from attending popular summer hacking fests to curb Chinese cyber espionage.

It seems that the US thinks that if people concentrate on Chinese hacking efforts, it will forget about its own programmes which make anything Bejing does look slightly anaemic.

The United States has charged five Chinese military officers with hacking into US companies to steal trade secrets.

China has denied the charges, saying they were “made up”.

Organisers of the two conferences said that limiting participation from China was a bad idea.

Chris Wysopal, a Black Hat review board member, pointed out that restricting access would have little impact as hacking talks from both conferences are videotaped and sold on DVDs or posted on the web.

Others have pointed out that it is racism and in any event the Chinese hackers who turn over US government sites don’t go to Defcon.

In fact there are few Chinese nationals who are going to speak at either conference. At Black Hat, an employee of Chinese security software maker Qihoo 360 is scheduled to speak on software vulnerabilities while two researchers with Chinese University of Hong Kong are set to talk on hacking social media. Def Con does not have any Chinese nationals speaking.

The only way that the government is going to be stopping Chinese nationals from attending as conference members is by stopping all Chinese from going to Los Vegas for the duration of the conference. 

Google wants Divide to conquer

Search engine outfit Google is about to write a cheque for a start-up it financed which aims to put Android software into enterprise environments.

The company is Divide. Terms of the deal have not been disclosed, but the Divide team will join the Android team.

Divide uses a container approach, in which corporate information is separated from personal information on a device. That allows businesses to manage their data even on devices they don’t own, and gives individuals freedom to still use their phone to run the kinds of apps they want to.

The company had raised some $25 million from investors including Google Ventures, Comcast Ventures, Qualcomm Ventures, Globespan Capital Partners and Harmony Partners.

The move is seen as a way that Android can compete with Microsoft and Blackberry for lucrative corporate clients.

Divide had an early deal with AT&T to power that carrier’s approach, but AT&T went with a rival for an updated version of the service.

Divide was started by Alexander Trewby and it has its background in the especially security-conscious financial services sector.

Motorola had bought a similar company, 3LM, but it’s not yet clear if that will stay or go with the larger team moving to Lenovo. 

US arrests Chinese hack suspects

In a desperate attempt to make people stop thinking that is spying on everyone, the US government arrested some Chinese officials and accused them of hacking.

Last week the NSA was caught opening the boxes of Cisco routers to install spyware, so the arrests have served to distract the American press a little and allow it to pretend to be a victim again.

The United States charged five Chinese military officers and accused them of hacking into American nuclear, metal and solar companies to steal trade secrets, ratcheting up tensions between the two world powers over cyber espionage.

China immediately denied the charges, saying in a strongly worded Foreign Ministry statement the US grand jury indictment was “made up” and would damage trust between the two nations.

US Attorney General Eric Holder said at a news conference that when a foreign nation uses military or intelligence resources and tools against an American executive or corporation to obtain trade secrets or sensitive business information for the benefit of its state-owned companies, we must say, ‘enough is enough’.

Targeted companies including Alcoa, Allegheny Technologies, United States Steel, Toshiba unit Westinghouse Electric Co, the U.S. subsidiaries of SolarWorld, and a steel workers’ union.

The victims had all filed unfair trade claims against their Chinese rivals, helping Washington draw a link between the alleged hacking activity and its impact on international business.

The US claims that Chinese state-owned companies “hired” Unit 61398 of the People’s Liberation Army “to provide information technology services” including assembling a database of corporate intelligence.

Security expert Tom Cross, of Lancope, said that the US Department of Justice is a step forward on the long road toward establishing a set of international norms regarding cyber espionage.

“A clear international legal framework exists for acts of warfare between nation states, even if those acts occur in cyberspace, but that framework only applies to attacks that damage physical infrastructure or that have the potential to harm people. There are fewer rules that apply to spying activity,” he said.

He added that part of addressing the problem of international spying on the Internet involves setting standards for what is and is not an acceptable target.

“This will prompt a dialog about International norms in this area, and having that dialog is a vital part of coming to grips with the impact that Internet security issues are having on our societies,” Cross said. 

Aussie cops help US hit hackers

The Australian Federal Police (AFP) are helping the FBI catch a bunch of hackers by the billabongs.

The FBI says Australians are being targeted in a global raid on users of the software program Blackshades Remote Access Tool (RAT).

“This software was sold and distributed to thousands of people in more than 100 countries and has been used to infect more than 500,000 computers worldwide,” the FBI said in a statement.

So far the program has already been used by hackers to steal personal data and launch cyber attacks.

The Blackshades RAT malware was uncovered during a previous international investigation called Operation Cardshop, which targeted “carding” crimes and offences in which the internet was used to traffic and exploit stolen credit cards and bank accounts.

You can tell if you have been infected if your cursor moves erratically with no input from you, if your web camera light unexpectedly turns on, or your monitor turns off while in use.

All this means that usernames and passwords for online accounts have been compromised and there will probably be unauthorised logins to bank accounts or unauthorised money transfers. It is also possible that a text-based chat window appears on your computer’s desktop unexpectedly

Michael Hogue and Alex Yucel have been identified as the Blackshades co-developers and Yucel, the head of the organisation that sold the malware, has been arrested in Moldova and is awaiting extradition to the US.

The FBI says the malware performs unwanted actions on computer systems including hacking into social media accounts, recording keystrokes, accessing documents and photos and activating webcams.

Aussies coppers have confirmed they are assisting the United States with the investigation, but a spokeswoman says the extent of its involvement cannot be revealed for operational reasons. It has ruled out a routine search under coolibah trees and random stop and searches of jolly swagman. 

University formats every computer by mistake

A private research university in metropolitan Atlanta, Emory University stuffed up a Windows 7 roll-out in a tragedy of biblical proportions.

Everyone knows that when you install a new operating system, that message comes up and asks you if you want to reformat you old hard-drive. It seems that Emory University, which has proudly been running Windows XP since the university was founded in 1836, really did not have a clue when it came to these “new fangled” operating systems.

During the roll out a Windows 7 deployment image was accidently sent to all Windows machines, including laptops, desktops, and even servers.

This image started with a repartition/reformat set of tasks. As soon as the accident was discovered, the SCCM server was powered off – however, by that time, the SCCM server itself had been repartitioned and reformatted.

The fallout was quite dramatic, but could have been worse.  The deployed image included a number of key applications such as Office, other such as Visio and Project required manual installation which meant that not everything was over written.

According to WinBeta,   IT technicians worked through the night to restore “mission critical” computers to help speed up the process of getting others systems back up and running.

All told, the clean-up took a couple of days from start to finish, although there is still some work to be done to get all system fully operational again. It is not clear how much of everything was backed up as different sources say different things.

Iranian hackers target US defence industry

Security outfit FireEye has noticed an up-tick in attacks from an Iran-based hacking group.

The Ajax Security Team, which sounds like a group that would clean your bath rather than hackers, is better known for defacing websites.

But FireEye said the group has shown increased ambition over the past few months, targeting US defence contractors and Iranian dissidents.

FireEye said in its report, called “Operation Saffron Rose that a network of computers AST uses to steal data has shown continued activity distributing malware aimed at higher-value targets,

The security company recovered information on 77 people targeted by the group by analyzing a command-and-control server used to store stolen data. Most of the victims had their computers set to the Persian language and to Iran’s time zone. FireEye said it also uncovered evidence the group targeted US defense contractors.

The report said that there is no clear link between the group and Iran’s government, although the country has been trying to expand its offensive cybercapabilities.

“While the objectives of this group are consistent with Iran’s efforts at controlling political dissent and expanding offensive cyber capabilities, the relationship between this group and the Iranian government remains inconclusive,” the report said.

The Ajax Security Team’s move from “patriotic” hacking—defacing websites in defence of Iran’s government—to more cyber-espionage is a pattern which the company noticed with Chinese groups.

“Members of the Chinese hacking community that participated in such attacks soon found that transitioning to cyberespionage was more rewarding,” FireEye said.

In one attack, the group created a fake website for the IEEE Aerospace Conference, an annual weeklong conference attended by high-ranking government and military members.

It then targeted conference-goers with emails leading to the fake website. The website then tried to persuade visitors to install proxy software in order to access the site, which was actually malware, FireEye said. 

Navy sailor hacked from aircraft carrier

A former Navy sailor who carried out hacks on US government and private websites from a US aircraft carrier said he and his associates were “just a group of people that were dumb and did dumb things.”

Nicholas Knight told ABC news that he was in trouble for posting all of the stuff on Twitter.

“Although a lot of people are saying I was the leader of some crime organisations that was out to get people [that] wasn’t true. Just a group of people that were dumb and did dumb things,” he said.

Prosecutors claim that while Knight served in the Navy as a systems administrator in the nuclear reactor department of the USS Harry S. Truman, he was a self-proclaimed “nuclear black hat”. They say he was the leader of a hacking group called Team Digi7al that stole or attempted to steal confidential or private information and post it online.

The group hit high-profile US government websites – including the website for the National Geospatial-Intelligence Agency (NGA), a Department of Homeland Security site and a US Navy site. But they also hit sites at random including the websites of the Library of Congress, Harvard University, the World Health Organisation, San Jose State University and Kawasaki.

After the attacks, the group then bragged about their accomplishments on Twitter, with Knight acting as the main “publicist,” according to the Department of Justice.

Three alleged members of the group were minors when they joined and one of the members told told investigators that some in the group were “somewhat politically inclined” to find and release secret information.

However most of them were just in it for the Lols. Knight said he is not very political. However, he did say that he was aboard the Truman while allegedly conducting unlawful Team Digi7al activities on the Navy’s computer network. The filing does not accuse him of trying to hack the ship’s own protected systems.

Knight said that it was one of his co-conspirators who was the one actually doing most of the hacking, and Knight said he was just posting the results. Knight also said he worked with investigators for four months to help catch that co-conspirator. The filing said Knight had agreed to cooperate with authorities after his home was raided in February 2013. Knight was never arrested.

“I did something dumb and am willing to suffer the consequences,” Knight told ABC News. 

Top IT security threats in 2013 counted

Verizon’s latest annual report on data breach investigations shows that Web application attacks, cyber-espionage and point-of-sale intrusions were among the top IT security threats in 2013.

The financial Industry is the worst leaker of data with 465 breaches. However, the UK public sector suffered 175 such incidents, retail had 148 and accommodation dealt with 137 breaches.

The number of breaches attributed to cyber-espionage has been on the rise over the past few years and of course the biggest offender would be the US government.

Hacking, malware and social engineering remained the top threats associated with data breach incidents.

The use of stolen credentials, which Verizon classifies as hacking, was the leading threat action in 2013 and contributed to 422 breaches. It was followed by malware-based data exfiltration, phishing, the use of RAM scrapers and use of backdoors.

All up, the report covers 1,367 confirmed data breaches, and 63,437 security incidents that put the integrity, confidentiality or availability of information assets at risk.

Organizations have slightly improved the speed at which they are able to detect breaches, but attackers are getting faster at compromising their targets.

Paul Pratley, an investigations manager with the RISK Team at Verizon said that attackers look for vulnerable victims on the Internet and deploy automated attacks.

Often it will take seconds to minutes before a network is compromised, but it can take weeks to months or even a year to discover the hack, he said.

Data breaches discovered by organisations themselves outnumbered those discovered by external fraud detection systems for the first time.

The government is not only creating problems, it has been useful at actually discovering hacks which are not created by the NSA.

The report said that coppers and other third-party organizations like computer security incident response teams (CSIRTs) were playing an increasingly important role in discovering breaches and notifying victims.

Web application attacks were the leading cause of security incidents with confirmed data disclosure last year — 35 percent of breaches — and were primarily driven by either ideological or financial motives.

Breaches that result from Web application attacks are usually discovered by external parties, the report data shows.

In the case of financially motivated Web application breaches it’s usually the customers who notice the problem first; only 9 percent of victim organisations discovered such incidents internally.