Tag: hacker

Hacker took over the BBC

Red-faced security experts at the BBC are having to explain how a hacker broke into their systems over the Christmas break.

According to Reutersthe hacker was only revealed after he launched a Christmas Day campaign to convince other cyber criminals to pay him for access to the system.

It is not clear if the hacker found any buyers, but the BBC’s security team responded to the issue on Saturday and believes it has secured the site.

Reuters could not find out if the hacker stole data or caused any damage in the attack. However, they did manage to compromise a server that manages an obscure password-protected website called ftp.bbc.co.uk.

The Beeb was warned about the attack by Hold Security, a cybersecurity firm in Milwaukee that monitors underground cyber-crime forums in search of stolen information.

Hold spotted a Russian hacker known by the monikers “HASH” and “Rev0lver,” attempting to sell access to the BBC server on December 25.

HASH showed files that could only be accessed by somebody who really controlled the server.

The BBC has been targeted by the Syrian Electronic Army, which supports Syrian President Bashar al-Assad, and other hacker activist groups that deface websites and take over Twitter accounts. 

Hackers nick Facebook, Google, Twitter, Yahoo passwords

Hackers have managed to steal millions of Facebook, Google, Twitter, Yahoo data by installing key logging software on peoples’ PCs.

Researchers at cybersecurity firm Trustwave said that the virus was capturing log-in credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers.

Last month Trustwave researchers tracked that server to Holland and they found compromised credentials for more than 93,000 websites, including:

318,000 Facebook accounts, 70,000 Gmail, Google+ and YouTube accounts, 60,000 Yahoo accounts, 22,000 Twitter accounts and 8,000 LinkedIn accounts were hacked.

Trustwave notified these companies of the breach. So far, there is no evidence that hackers have used the passwords.

John Miller, a security research manager at Trustwave, said that his team had not worked out how the virus got onto so many personal computers. The hackers set up the keylogging software to rout information through a proxy server, so it is impossible to track down which computers are infected.

The hacking campaign started secretly collecting passwords on October 21, and it might be ongoing. It is believed that there are several other proxy servers running the attack which have not been found yet.

The virus running in the background is hidden, Miller said that antivirus software and download the latest patches for Internet browsers, Adobe (ADBE) and Java will detect it and prevent it running. 

Hackers get miffed at better security

 A group of hackers was so miffed with a company it was attacking managed to lock them out and it resorted to some other tactics to hack the security experts off.

Administrators at Orlando, Florida-based TorGuard  managed to defeat  a series of increasingly powerful denial-of-service attacks designed to cripple their virtual private networking service.

They did this by locking down the TorGuard servers and then moving them behind the protective services of anti-DoS service CloudFlare.

TorGuard administrator Ben Van Pelt told Ars Technica that the next wave of attacks became a little more personal.

Throughout the day, the office received multiple unrequested deliveries from local pizza chains, Chinese food, and one large order of sushi. Electricians and plumbing services started to show up and had to be turned turned away. Van Pelt was surprised that no one called the cops or fire services.

The campaign went on for two months. Van Pelt suspects that carried out by a business rival because they started after a promotional campaign. Within 24 hours, the company’s support inbox received torrents of junk e-mails that were spoofed to appear as if they were coming from the company’s support desk.

The SMTP servers generating the 10 million daily e-mails were in Argentina. After a few added rules on the Apache firewall module mod-security we were successfully blocking the ‘mailbomb’ attack.”

A month later, TorGuard there was another promotion and 24 hours after the e-mail went out, TorGuard came under another attack. This one was a little more complicated. The 10Gbps waves of traffic appeared to come from PowerStresser.com, AvengeStressor.com and they sent junk traffic only at IP addresses used by the new VPN nodes announced in the newsletter.

Initially TorGuard periodically changed the IP addresses used by the targeted nodes, but after a new address was provisioned, it would come under attack. In other words, the hackers were running the TorGuard service so they could keep track of the internal servers it used. Van Pelt was able to block the assault by modifying the company’s border gateway protocol. The new routes funnelled the junk traffic into a virtual black hole rather than to the VPN servers

The last attack happened when the the service released new proxy software that made it easier for customers to use TorGuard with Vuze, uTorrent, and other BitTorrent programs. This time it seemed that the business rivals had paid for botnets of infected computers.

This time the company had to use the anti-DDoS mitigation service CloudFlare. Almost immediately, service was restored.  The hackers attempted to brute-force crack their e-mail account passwords, and made lots of calls to the company’s toll-free support number and when that did not work the pizzas arrived.

Fast food aside, Van Pelt said that he was quite happy about the attacks.  By putting pressure on the company it had forced it to create a really robust and secure network and it only cost about $800 a month more.

US spying is killing its own cloud industry

US mass internet spying is killing off its chances to be seen as a world player on the cloud internet scene.

Cloud based systems are tipped to be the next big thing in business, but the founder of Wikipedia Jimmy Wales has warned that the US has disqualified  itself before the race is run.

He told the Economic Times  that the revelations of US mass spying is going to have a big impact on the cloud computing industry as people are afraid to put data in the US.

Wales said that BMW is not going to be at all happy about putting its data into US cloud companies where the can be sniffed out by US spooks and could find their way under the bonnet of competitors.

But the spying allegations will also harm operations like Wikipedia, Wales warned. It will be difficult to convince oppressive regimes to respect basic freedoms and privacy as Wikipedia seeks to limit censorship of its content.

The allegations of spying give the Chinese every excuse to be as bad as they have been.  He said that the disclosures had been really embarrassing.  After all the US could not lecture China about press freedoms and censorship while it was monitoring the Internet.

China and countries in the Middle East have been most active in filtering Wikipedia content to restrict access to certain information, Wales said.  Now they can say that they need to do that for the same reasons that the Americans need to readour emails.

Hackers lose constitutional rights

If you call yourself a hacker online you automatically lose rights under the US constitution, a court has ruled.

The US District Court for the State of Idaho ruled that an ICS product developer’s computer could be seized without him being notified or even heard from in court.

The reason the court gave was because the hacker in question, Corey Thuen, said on his web site that he liked hacking things and don’t want to stop.

According to Digital Bond, what makes the case particularly unpleasant is that the case was being bought by an employer.  Battelle Energy Alliance is the management and operating contractor for Idaho National Laboratory. It has sued Thuen and his company Southfork Security.

The INL was developing a computer program aimed at protecting the United States’ critical energy infrastructure from cyber attacks. Thuen helped develop the software which was later dubbed Sophia which identifies new communication patterns on ICS networks.

Battelle wants to license this technology, Corey wanted it to be open source. Eventually Corey left INL, created Southfork Security, and wrote a similar “situational awareness” program called Visdom.

The case claims that Corey stole the code and violated agreements with INL. But again that is not the real story here.

Battelle asked for a restraining order without first notifying Corey because the Southfork web site said “We like hacking things and we don’t want to stop”.

They also got a warrant to seize his computer because he claims to like hacking things on the Southfork web site.

Even in the US, courts are reluctant to allow the copying of a hard drive. But it was swayed by the fact that Corey claimed publically he was a hacker and could probably wipe his hard drive. 

Santander Bank cyber raid men arrested

Four men appeared in court on Saturday after an alleged attempt to steal millions of pounds from Santander was foiled by Inspector Knacker of the Yard.

According to NDTV,  the would-be thieves tried to graft hardware onto a computer at a London branch of Spanish bank Santander. The hardware would have allowed the transmission of the entire computer’s desktop and “allowed the suspects to take control of the bank’s computer remotely”. The thieves could have drained millions from the bank’s coffers.

It looks like one of the men was arrested as he tried to install the hardware.

Twelve men were arrested on Friday, following an operation by the Metropolitan Police’s Central e-Crime Unit, over the alleged plot which cantered on a Santander branch in southeast London.

So far four people have been charged late on Friday and appeared on Saturday at Westminster Magistrates’ Court for an initial hearing.

Lanre Mullins-Abudu, 24, Dean Outram, 34, Akash Vaghela, 27, and Asad Ali Qureshi, 35 were remanded in custody.

Eight others have been released on police bail pending further enquiries.

Snowden seriously hacked into NSA

The NSA has had to question ever hiring brilliant people ever again after the Edward Snowden incident, according to one senior spook.

Whistleblower Edward Snowden accessed some seriously secret national security documents by spoofing some of the agency’s top spooks.

An NSA spokesperson said that every day the agency is learning how brilliant Snowden was and found more good reasons to only let dimmer people into its systems.

“You don’t hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble,” the agency told NBC

While Snowden was a Honolulu-based employee of Booz Allen Hamilton, his job gave him system administrator privileges on the NSA’s intranet, NSAnet.

Apparently the NSA still doesn’t know exactly what Snowden took, but a forensic investigation is starting to show how deep he got into their networks.

Part of the difficulty is that Snowden impersonated high-level officials on the network so well that it is difficult to tell if it was them, or him who was reading the agency’s most sensitive stuff.

Currently all they can do is look for discrepancies between the real world actions of an NSA employee and the online activities linked to that person’s computer user profile.

The NSA has found several cases where Snowden borrowed someone else’s user profile to access documents.

Snowden had “top secret” security clearance, but it is clear he needed higher levels of clearance.

He did this by using his admin rights to create and modify user profiles for employees and contractors. He also had the ability to access NSAnet using those user profiles, meaning he could impersonate other users in order to access files. He borrowed the identities of users with higher level security clearances to grab sensitive documents.

His admin rights also let him download files from his computer to an external storage device. This is how he got 20,000 documents put onto thumb drives before leaving Hawaii for Hong Kong on 20 May. 

Facebook denies hacker $500 exploit reward

Idiots at Facebook were humiliated by a hacker after they tried spin out the news the software was flawed.

Facebook has a policy that it will pay a minimum $500 bounty for any security flaws that a hacker finds.

Khalil, a systems information expert from Palestine, found a vulnerability that allows anyone to post to another user’s timeline whether they’re friends or not. He tried to report it to Facebook’s security team twice.

He even warned them that he could post to Zuckerberg’s wall, but they told him that it was not a bug and to go away.

So Khalil posted an Enrique Iglesias video to Sarah Goodin’s wall. Goodin was a woman that Zuckerberg went to college with.

The security team still claimed that since you can’t see that post unless you’re a friend of sarah, it is not a bug.

So he posted onto Mark Zuckerberg’s wall details of the security hole. Khalil was very nice about it and said he was sorry for violating his privacy.

In less than a minute his Facebook account was suspended and he was contacted by a Facebook engineer requesting all the details of the exploit.

They claimed that he had not given enough technical information for them to take action on it. Why do we have the impression that this one was bumped up to someone’s supervisor?

However, they said that by proving to them the hack existed, Facebook could not pay him for the vulnerability because his actions violated Facebook’s Terms of Service.

Of course, it’s all his fault, the security team couldn’t have said, “Yeah we see what you’re talking about we need some more technical information.” Khalil tried at least two times to contact them and both times they told them to go forth and multiply. So in other words the guy finding the exploit loses out by forcing someone at Facebook to realise it was a flaw.

In effect, the hacker was punished for his good faith – when it could have been possible to sell it on to a third party and make more cash that way.

Apple developer site laid low by intruder

It appears that the two angels with fiery swords which are supposed to protect Apple’s walled garden of delights were having a day off last week.

Apple’s site for developers was attacked by an intruder who tried to gain access to developer information.

Apple decided it was best to take the service down even though the most sensitive information on that site was encrypted.

The company said that it’s keeping the site down while security is being hardened.  It is not clear what hardening it is using and why such precautions were not taken earlier. 

Apparently Apple has had to completely overhaul its developer systems, update its server software, and rebuild the entire database.

However, it appears that it is taking a jolly long time and there is no indication when the site will be back up.

In a note to developers, Apple said it could not rule out the possibility some developers’ names, mailing addresses, and/or email addresses may have been accessed.

Apple’s developer site is home to software downloads, documentation and forums for third-party software developers.

CNET said that the outage sparked some concerns about there being a larger, behind the scenes security problem.

Users had been saying they had received password reset e-mails, suggesting others were attempting to gain access to their Apple ID accounts.

US gov has fibre optic spying deals with foreign telcos

The US government has managed to sign deals with foreign fibre companies that allow it to spy on other nations.

In a lengthy feature, the Washington Post revealed during months of private talks, a team of lawyers from the FBI and the departments of Defence, Justice and Homeland Security demanded that one Asian company maintain what amounted to an internal corporate cell of American citizens with government clearances.

This involved ensuring surveillance requests got fulfilled quickly and confidentially.

It was called a “Network Security Agreement,” and it was signed in September 2003 by Global Crossing, becoming a model for other deals over the past decade.

The agreements do not authorise spying, but make sure that when US government agencies seek access to the massive amounts of data flowing through their networks, the companies have systems in place to provide it.

The foreign companies are practically forced into the deal because US spooks can order the FCC to forbid them cable licences.

In deals involving a foreign company, the FCC has held up approval for many months while the squadron of lawyers – dubbed Team Telecom – developed security agreements that went beyond what’s required by the laws governing electronic eavesdropping.

For example, the security agreement for Global Crossing, whose fibre-optic network connected 27 nations and four continents and required the company to have a “Network Operations Centre” on US soil could be visited by US officials.

All surveillance requests had to be handled by US citizens screened by the government and sworn to secrecy. A company’s executives and directors were not allowed to know the information being shared.