Posts Tagged ‘HACKED’
Darko on June 19th, 2008
Teenagers in the UK are using Google Earth to find homes with swimming pools in their area and then communicating the locations of the pools on Facebook so they can have impromptu pool parties with their friends.
Police said some homeowners are waking up to find teens swimming in their pools and other have arrived home after work to find their pools littered with beer cans.
Those who participate in the “dipping” parties typically wear nice clothes and are instructed to “bring a bike” so they can make a quick getaway.
One group bragged online that it held a pool party on Monday night where 16 people went to two pools. The group posted a specific meeting place for between midnight and 3am and gave out cell phone numbers for the organizers.
Invitations to the pool parties were sent to over 500 members of Facebook Comments left by fans of the group indicate that the trend could be growing and encourage other events.
“One message reads: “You crazy lot and your crazy antiks (sic). Don’t think I can make it but maybe I can do it on my own in London.”
A police spokesman said,” We are advising owners of swimming pools to be on their guard and extra vigilant,” according to the Telegraph. “We would also warn prospective swimmers that using someone else’s pool is trespassing and therefore illegal.”
Darko on June 19th, 2008
CHENNAI: Police on Tuesday arrested a college student for purchasing electronic goods online using credit card details of card holders from across the world.
T Bharathwaj Purohit (20), a resident of MKB Nagar and a member of a community of hackers, had been buying electronic goods online using other people’s credit cards since April.
Police recovered an electric guitar, a printer, an LCD TV, a digital camera, a weighing scale, a mobile and a laptop all worth Rs 3 lakh, and Rs 38,500 in cash from him. Purohit met Charu Sharma of Mumbai and Hathi Gogaiyan of Ahmedabad online a few months ago. They introduced him to an online hackers’ community on the net and gave him credit card details to make purchases.
“Following Sharma and Gogaiyan’s advice, Purohit tried to book an expensive mobile and i-pod using the data they provided. To his surprise, he received the items within a week. He also couriered the valuables to them as gifts. He started buying more goods online on eBay, an online auction website,” deputy commissioner of police B Vijayakumari said.
Sharma and Gogaiyan had given Purohit details of US credit card holders. Following complaints from an eBay investigation officer, the city police arrested Purohit. He had made his purchases from his personal computer. The police, with the help of the cyber crime wing, tracked down his IP address. Preliminary inquires revealed that this group of hackers got bank accounts and credit card details of people for a price.
“We have received information that the Mumbai police cornered Sharma and Gogaiyan a few days ago for another credit card cheating case in Mumbai. We have taken Purohit into custody to get more details,” a senior police officer said.
Police booked Purohit under several sections of the IPC, including 420 (cheating). He was remanded in judicial custody after being produced before the magistrate court on Tuesday.
Darko on June 17th, 2008
Australia has the highest incidence of cyber crime in the world, according to a global survey of nine countries by software security vendor, AVG.
The study, which canvassed 1000 users each in Australia, the US, France, Germany, Italy, Spain, Sweden, Brazil, and the Czech Republic, found that more than 39 per cent of Australians had been the victim of cyber crime, compared to 32 per cent in Italy, 28 per cent of Americans, and just 14 per cent in Sweden and Spain.
The most common forms of cyber theft experienced by Australians were:
Not receiving goods paid for at an online auction (16 per cent);
Fraudulent e-mails that resulted in financial damage (14 per cent);
Phishing (10 per cent);
Not receiving goods ordered online (eight per cent);
Credit card fraud (five per cent); and
Unauthorised bank transfers (three per cent).
Lloyd Borrett, marketing manager of AVG (AU/NZ), said the fact that Australia experienced more cyber crime was a little surprising, although it might have been impacted by the fact that Australians are more active online users than most other nations.
“While we don’t know whether Australians are actually targeted more heavily than other countries, these results highlight the importance of comprehensive security solutions to protect users from obvious threats like phishing and e-mail scams, as well as good education to warn people of the danger,” Borrett said.
Forty-seven per cent of Australians said they were more likely to experience cyber crime than to experience burglary, assault, or robbery, and 37 cent of said that cyber crime was a strong concern.
The AVG survey found that Australians had relatively high awareness of Internet security and demonstrated the second highest level of confidence (70.5 per cent after the US’s 73.3 per cent) in the protection provided by their software security vendor.
Darko on June 13th, 2008
Attackers could gain control of water treatment plants, natural gas pipelines and other critical utilities because of a vulnerability in the software that runs some of those facilities, security researchers reported Wednesday.
Experts with Boston’s Core Security Technologies, who discovered the deficiency and described it to the Associated Press before they issued a security advisory, said there’s no evidence anyone else found or exploited the flaw.
Citect Pty. Ltd., which makes the program called CitectSCADA, patched the hole last week, five months after Core Security first notified Citect of the problem.
But the vulnerability could have counterparts in other supervisory control and data acquisition, or SCADA, systems. And it’s not clear whether all Citect clients have installed the patch.
SCADA systems remotely manage computers that control machinery, including water supply valves, industrial baking equipment and security systems at nuclear power plants.
Customers that use CitectSCADA include natural gas pipelines in Chile, major copper and diamond mines in Australia and Botswana, a large pharmaceutical plant in Germany, and water treatment plants in Louisiana and North Carolina.
For an attack involving this vulnerability that Core Security revealed Wednesday to occur, the target network would have to be connected to the Internet. That goes against industry policy but can happen when companies have lax security measures, such as connecting control systems’ computers and computers with Internet access to the same routers.
A rogue employee could also access the system internally.
Security experts say the finding highlights the possibility that hackers could cut the power to entire cities, poison a water supply by disrupting water treatment equipment or cause a nuclear power plant to malfunction by attacking the utility’s controls.
That possibility has grown in recent years as more of those systems are connected to the Internet.
The Citect vulnerability is of a common type. Called a buffer overflow, it allows a hacker to gain control of a program by sending a computer too much data.
“It’s not a very elaborate problem,” said Ivan Arce, Core Security’s chief technology officer. “If we found this thing - and this was not that hard - it would be easy for someone else to do it.”
Darko on April 16th, 2008
Hackers continue trying to exploit a patched vulnerability in Microsoft’s Graphic Display Interface (GDI), researchers said this week.
Craig Schmugar, threat researcher at McAfee, reported that the first exploit was discovered on Friday, three days after the issue was patched by bulletin MS08-021.
“One method the bad guys use is to take the patch and reverse engineer it,” Schmugar said on Tuesday. “They look at the files on the computer prior to installing the patch and then after, and try to compare the two and see how they can take advantage of the change.”
The exploit – which can permit remote code execution if a user opens a specially crafted EMF or WMF image file – does not affect customers who have installed the updates detailed in MS08-021, said Bill Sisk, security response communications manager for Microsoft.
“By default, Microsoft Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008 customers will have this update applied automatically through Automatic Updates,” Sisk said.
Microsoft encourages all customers to apply its most recent security updates to help ensure that their computers are protected from attempted criminal attacks.
Schmugar said that GDI has had vulnerability issues in the past. The fact that Microsoft credited three researchers with discovering the flaw suggests that multiple people were looking for potential problems and more problems could be on the way.
Darko on April 14th, 2008
Hackers attacked the websites of two organisations campaigning against the smoking ban last week, redirecting UK users to the NHS Smokefree site.
The attack, which targeted British organisation Freedom2Choose and Forces International, lasted 11 hours. Freedom2Choose webmaster Steven Cross said the redirect appeared to have been caused by a DNS poisoning attack.
“One hour after the attack we received a phone call about what was happening, but there was not much we could do since it was not our server that had been attacked,” he explained.
Freedom2Choose vice chairman Andy Davis said (without apparent irony): “It appears that Freedom2Choose has annoyed someone high up - it seems they don’t want the truth to get out.”
Both groups claim the smoking bans are based on fraudulent scientific claims about passive smoking. “Five out of six studies show second-hand smoke to be entirely harmless,” says Davis.
A spokeswoman for Freedom2Choose said that the organisation was funded by members and run by volunteers. It has 85 members who pay £10 to join.
Forces International president Stephanie Stahl said: “To redirect our UK visitors to an anti-smoking website shows that the anti-smoking movement must be very nervous about the information our pro-freedom groups provide. Domain names are sacred on the free-spirited information super highway - we trust that those responsible for this serious violation will be identified and held accountable.”
No one has been fingered as the author of the attack but, much to the relief of the tobacco-fanciers, both sites are working now. No matter how healthy the NHS Smokefree site may be, its content will never be as amusing as reading the claims that the smoking ban is a case of “social engineering”, or that the ban in NY is “causing all kinds of problems [and] ‘bad vibes’”
Darko on April 11th, 2008
Microsoft’s Vista Ultimate SP1 and Apple, Inc.’s MacBook Air have been hacked through applications, with only Ubuntu unbreached in the Pwn to Own challenge at CanSecWest. The zero-day vulnerabilities in Microsoft and Apple’s systems have been reported. Shane Macaulay won a laptop and $5,000 for hacking Microsoft Windows Vista.
Last week saw the MacBook Air hacked through a Safari browser at the CanSecWest security conference. But before the week ended, Microsoft ’s Vista Ultimate also fell victim to hackers in the Pwn to Own challenge.
CanSecWest organizers offered a Fujitsu U810 laptop running Vista Ultimate SP1 to any security researcher who could find a way to breach security and gain access to the contents of system files using a previously undisclosed zero-day attack.
Shane Macaulay from Security Objectives won the laptop by exploiting an Adobe Flash zero-day vulnerability. The vulnerability was disclosed to Adobe, which is reportedly working on the issue. No other information is available about the Adobe flaw. Macaulay also won a $5,000 cash prize.
At the end of the last day of the three-day hacker challenge, which was sponsored by 3Com’s TippingPoint , only the Sony VAIO laptop running Ubuntu (Linux) was left standing.
Shifting Rules
The first day of the contest, hackers were only allowed to hack into the computers over a network. No one was able to claim the prizes. On the second day, the rules changed. Contestants were allowed to use the machines to visit Web sites and open e-mail messages.
That rule change made it possible for Charlie Miller, a researcher at Independent Security Evaluators, to hack the MacBook Air using the Safari browser within two minutes.
But the Vista and Ubuntu laptops seemingly remained airtight. On the third day of the contest, the judges again broadened the rules, opening up the scope beyond just default installed applications on those laptops to any popular third-party application, such as Adobe’s Acrobat Reader, the Firefox browser, and voice-over-IP program Skype.
Macaulay installed Adobe Flash on the laptops and proceeded to compromise the system. Macaulay had some help from Security Objectives colleague Derek Callaway and independent researcher Alexander Sotirov.
Means Justifies the End
Contests such as this tend to be high profile and gain a great deal of attention, but people need to realize that similar vulnerabilities are discovered every day and many stay hidden in the underground where they are used by attackers for some time before they’re patched, according to Michael Sutton, director of security research at Safe Channel and a former director at VeriSign iDefense.
“Third-party researchers deserve to be rewarded for the considerable work that goes into uncovering vulnerabilities, so long as they handle the issues responsibly and report them to the appropriate parties to ensure that patches are created and distributed,” Sutton said. “In this case, the contest does just that, so the end justifies the means.”
Client-side vulnerabilities like the ones exploited in the hacking contest are an increasingly popular attack vector. It’s easy to protect a single server that’s guarded by a well-designed fortress of controls, Sutton explained, but it’s a nightmare to secure thousands of client-side applications under the control of nonsecurity-savvy end users.
Darko on April 10th, 2008
A team of experts headed by security guru Ira Winkler was hired by an anonymous power company to test the security of a power grid’s network. The door was practically held open for them.
In a matter of hours, the team infiltrated the grid’s supervisory, control and data acquisition (SCADA) networks using simple phishing tools: social engineering and browser exploits.
Social Engineering is seen by many as a glamorized confidence trick. The penetration team checked distribution lists for SCADA user groups, harvested appropriate email addresses, and then employed a simple trick to gain the targeted user’s access. Employees were sent an e-mail about a plan to cut their benefits which included a link to a Web site with “more information.” The address linked to a malware that granted the hackers remote access. The trick was effective within minutes.What could be done given the level of access these white hats obtained would not be limited to simply shutting down a grid, like a group of hackers managed to do for 17 days to a “practice network” in California in 2001. In comments to CNN last year regarding a leaked video of a staged hack that resulted in the self-destruction of a power generator, Joe Weiss of Applied Control Solutions said, “What people had assumed in the past is the worst thing you can do is shut things down. And that’s not necessarily the case. A lot of times the worst thing you can do, for example, is open a valve — have bad things spew out of a valve.”
Winkler says that these SCADA systems suffer the same vulnerabilities any system does that runs on the same standard operating system and server hardware. Companies have perpetuated the weakness of these systems by not performing important software upgrades because they would force downtime.
But a scheduled downtime is no doubt preferable to suffering the consequences of an exploit. Winkler stressed the seriousness of security in these systems while maintaining a lighthearted air to his job, “We had to shut down within hours,” Winkler says, “because it was working too well. We more than proved that they were royally screwed.”
Ten years ago Wired published an article called Hacking the Power Grid, which included the following: “With deregulation, there is an increasing interest in energy futures trades at the commodities exchange on Wall Street. [IBM senior consultant Nick] Simicich said hackers might use social engineering techniques to obtain passwords to computers with access to the networks containing sensitive information from these sources.”
Apparently little has changed in a decade.
Darko on April 10th, 2008
Email, once the cyber criminals’ favourite method of delivering malware to your computer, has been replaced by the web as the primary conduit of attack says internet security firm Symantec.
In its latest Internet Security Threat Report, Symantec says that in the past, users had to intentionally visit malicious sites or click on malicious email attachments to become a victim of malcode. “Today, hackers are compromising legitimate websites and using them as a distribution medium to attack home and enterprise computers. Symantec noticed that attackers are particularly targeting sites that are likely to be trusted by end users, such as social networking sites.”
The company says it detected 11,253 instances where cyber criminals used cross-site scripting vulnerabilities - where attackers inject malicious code into web pages - in the last six months of 2007. However, it says only 473 (about 4 per cent) of those were patched and that typically took 50 days to happen.
The result is that cross-site scripting has become a key propagation vector for cyber criminals, says Symantec New Zealand systems engineer Rogan Mallon.
One of the first examples seen in the wild was the attack kit MPack37, observed in May 2007. This compromises web pages, typically through the insertion of iframes, to redirect users to an MPack server that attempted to exploit browser and plug-in vulnerabilities, and install malicious code. It took advantage of users visiting legitimate, trusted web pages that had been compromised.
Symantec adds that over the last six months of 2007, 18 per cent of malicious code samples in the APJ region had the ability to modify web pages. This is significantly more than the 7 per cent observed globally, and a substantial increase from the 5 per cent recorded in the APJ region during the first half of 2007, the company says.
One explanation for the greater percentage is that three of the top malicious code samples and three of the top new malicious code families in the region modify HTML code as a means of propagation.
Fujacks was the second most common sample causing potential infections in the region. Symantec says this malicious code is interesting for two reasons: First, it attempts to modify HTML files on a local file system by seeking out common web format files (.html, .aspx, etc), which are appended with an invisible iframe. Second, if and when a browser views that HTML content, locally or remotely, the browser will be redirected to a malicious website where a code download is attempted.
The Symantec report also says that in 2007, 711,912 new threats were detected compared to 125,243 in 2006 - an increase of 468 per cent. More than half of those codes appeared in the second half of 2007.
Mallon says another important security development for 2007, that of the 54,609 unique applications released to the public, 65 per cent were malicious - the first time the company had observed malicious software outpacing legitimate applications.
This means, according Mallon, that in the future security firms will start releasing “white lists” of safe applications rather than blacklists.
“Traditionally, security companies have relied on issuing blacklists of malicious code to protect users. But if there is now more malicious code being released than good code, there is a real business case to create and release white lists instead.”
This becomes even more valid in light of a new type of malcode that turns traditional attack techniques on its head. Instead of attempting to infect as many computers as quickly as possible, this code is developed to infect as few as five machines. “This is so it can fly under the radar of security companies and their blacklists,” says Mallon.
Cyber criminals then sit on infected machines, either to selectively harvest very lucrative personal or financial details, or to launch a wider attack at a later date, he explained.
Darko on April 9th, 2008
To demonstrate why using fingerprints to secure passports is a bad idea, the German hacker group Chaos Computer Club has published what it says is the fingerprint of Wolfgang Schauble, Germany’s interior minister.
According to CCC, the print of Schauble’s index finger was lifted from a water glass that he used during a panel discussion that he participated in last year at a German university. CCC published the print on a piece of plastic inside 4,000 copies of its magazine Die Datenschleuder that readers can use to impersonate the minister to biometric readers.
Several years ago the CCC published a guide to lifting and reproducing fingerprints.
Schauble is a big proponent of the use of fingerprints in passports but is not the CCC’s only target. The group has called for help in obtaining the prints of other German officials, including Chancellor Angela Merkel.
The CCC’s publication of the fingerprint coincides this week with the presentation of a security researcher who demonstrated a biometric keylogger that can capture digital fingerprints and other digital biometric data as its transmitted from a scanning device to the server where the information is processed. The hacker can then analyze and re-use the data to subvert biometric systems and gain entry to secured buildings.
Matt Lewis, a researcher with British-based Information Risk Management, demonstrated his Biologger tool at the Black Hat security conference in Amsterdam but said the easy part is intercepting the data — the hard part is getting the biologger onto a network.
