@tuckfheman / tuckfheman.tumblr.com
McAfee finds sophisticated attacks targeting other 'critical sectors' of the economy
Summary: Cyber criminals are moving beyond financial services with an increasing number of attacks on other economic and governmental segments, according to McAfee.
Sports Fan : It's kinda like fixing FIFA matches allegedly. It's all fun & games, until someone fails to cover.
Jailed for Jailbreaking: New Law May kick you to Jail
Apple’s customers would be itching to get their devices updated iOS 6, which was recently launched by Apple. iOS 6 is said to come with a basket of new and fascinating features. These new features mostly relate to easy searching of movies and places, one can say it’s now possible find anything with ease on Apple’s newly updated software.
But, a hacking group by the name of “evad3rs” has found a jailbreak for all devices updated by iOS 6 and is reported to have launched it last Sunday.
...
But, the act of jailbreaking is considered as serious crime under the U.S. code of law, especially after the recent amendments to copyright laws. Actually, when a phone is been jailbroken it could be used with any carrier which is not acceptable to any brand. So, in order to curb it U.S. code of law has considered it as serious of crime.
...
(a) IN GENERAL.Any person who violates section 1201 or 1202 willfully and for purposes of commercial advantage or private financial gain
Now, you should have realized how serious this act is and how severe its consequences could be.
Coming Bank Virus & Cyber-Attack Will Wipe Out All Customer Accounts
Banks have been attacked in wave after wave of systematic network and data center compromises that have lead the US government to suspect the Iranian government as retaliating against America for imposing sanctions on the Middle Eastern nation.
Using cloud services, banks like Bank of America (BoA), Wells Fargo, US Bancorp, Capital One, HSBC and PNC have had distributed denial of service (DDoS) attacks that disrupt their ability to conduct online business.
The US government is planting the propaganda seed that according to “highly classified” documents provided by the Joint Chiefs of Staff’s Intelligence Directorate confirm that Iranian hackers are committing cyber-attacks against US financial institutions. This report assures that US mega-banks are a “valid target” of the Iranian “cyber army”.
According to rumored “US intelligence”, Iran’s military is suspected of having created a cybercorps in 2011 that would respond to potential cyberwar from the US. Highly classified documents held by the Joint Chiefs of Staff’s Intelligence Directorate claim that Iranian hackers are committing cyber-attacks against US financial institutions. These anonymous “officials” say that Iran’s cyber capabilities are far greater than those of Russia and China based on covert probes that confirmed the Middle Eastern nation was aiming toward stealing intellectual property for the expressed purpose of attacking US banking institutions as well as hacking into government agencies.
...
The scheme is referred to as ‘Project Blitzkrieg” (PB). In a beta-testing of the assault, it is reported that 300 bank accounts were affected in the US. The recruitment for PB is being linked to Russian cyber-criminals and an alleged cyber-mafia headed by an anonymous NSD. Those who enter into PB are tasked with infecting specified US computers with predetermined malware, cloning, syphoning passwords and login information, transferring digital information from customer accounts.
...
Thanks to the ruling on Sentinel Management Group (SMG) in August of 2012, when a customer deposits money into a bank, the bank essentially issues a promise to have those funds available when the customer returns to withdraw the deposited amount. When the same customer withdraws funds from their account (whether checking or savings) the customer assumes that the bank has enough funds to cover their withdrawal; including the presumption that their monies are separate from the bank’s assets.
...
The Federal Reserve Bank, one of the heads of banking cartels, has their own police force which operates as a protective security for the Fed against the American public. As part of the Federal Reserve Act signed in 1913, the designation of a Federal Law Enforcement – special police officers that are exclusively regulated by authority of the Fed (whether in uniform or plain clothes. These specialized police officers (who train with Special Response Teams) can work in tandem with local law enforcement or US federal agencies. These officers are heavily armed with semi-automatic pistols, sub machine guns and assault rifles as well as body armor.
Murders Could be the next form of cyber crime
As cyber crimes is getting sophisticated with each passing day, the experts now have now predicted a new dimension in the world of cyber crimes. This time around they have predicted the most worst form of criminal act i.e. A murder through the internet. However, they don’t see happening soon but in a year or so it may be possible.
But, one question would be lurking everyone’s mind how it can happen ? Well, it’s not so much difficult. Let us explain you, all the systems nowadays connected to the internet these days whether it be a system related to military or a simple hospital if not it might be in some time. We also know, hacking these is not a difficult task to be carried out by hackers.
So, if any hacker hacks a system which handles for example drone attacks can’t he take over drone attack on his own pc?
Charged 20 years in Jail for Exposing A Corporate Mistake
Luke Rudkowski got a chance to meet and interview well known hacker, Andrew Auernheimer, also known by his pseudonym, Weev. Weev was recently convicted for two felonies and currently is free on bail until sentencing, The court convicted him in one count of identity fraud and one count of conspiracy to access a computer without authorization. In this interview Weez explains what lead to these charges and how he is dealing with the situation. To find out more about Weev check out his website: http://freeweev.info/
TEHRAN - An Iranian MP has blamed the death in detention of blogger Sattar Beheshti on the country's cyber police, news agency Fars reported on Monday.
"The action taken by the judiciary in Beheshti's case was lawful, but the cyber police's infraction is indisputable," said Mehdi Davatgari, the parliament's special representative on the case.
Opposition activists say Beheshti, 35, was tortured to death after criticizing Iran's regime in his blogs.
He was found dead in his prison cell on November 3 after being arrested on October 30, chief prosecutor Gholam Hossein Mohseni Ejeie said last week.
The blogger's fate provoked an international outcry, and human rights watchdog Amnesty International said he may have died under torture.
"Unfortunately, the cyber police officers kept the suspect without a court order in a detention facility for one night, which is completely illegal," Davatgari said.
"Despite the judges' order to take him to a legal detention center, the cyber police took him to their own detention facility," where Beheshti died, Davatgari said, calling for the "resignation or dismissal of the cyber police chief."
He also promised a comprehensive report on the case which will be presented to parliament next week.
A Tehran court said on Thursday that Beheshti had died "probably from the impact of a strike to sensitive areas of his body, or from extreme psychological pressure."
Tehran's public prosecutor on November 11 announced the arrest of several people and the opening of an inquiry into Beheshti's death.
The following document was obtained from the website of the Oklahoma Bankers Association. The material is part of a collection of several documents provided to banks and financial institutions in the area by the local FBI Cyber Division office.
One of Anonymous hacker groups "FawkesSecurity" who claim responsibility for a DDOS cyber attack on HSBC Bank says that they also manage to get 20,000 debit card details.
- Mohit Kumar
Map showing the number and geographical location of Flame infections detected by Kaspersky Lab on customer machines. Courtesy of Kaspersky.
A massive, highly sophisticated piece of malware has been newly found infecting systems in Iran and elsewhere and is believed to be part of a well-coordinated, ongoing, state-run cyberespionage operation.
The malware, discovered by Russia-based anti-virus firm Kaspersky Lab, is an espionage toolkit that has been infecting targeted systems in Iran, Lebanon, Syria, Sudan, the Israeli Occupied Territories and other countries in the Middle East and North Africa for at least two years.
Dubbed “Flame” by Kaspersky, the malicious code dwarfs Stuxnet in size – the groundbreaking infrastructure-sabotaging malware that is believed to have wreaked havoc on Iran’s nuclear program in 2009 and 2010. Although Flame has both a different purpose and composition than Stuxnet, and appears to have been written by different programmers, its complexity, the geographic scope of its infections and its behavior indicate strongly that a nation-state is behind Flame, rather than common cyber-criminals — marking it as yet another tool in the growing arsenal of cyberweaponry.
Latest news on my Hardware Security Research by Sergei Skorobogatov
Hardware Assurance and its importance to National Security
Current issues.
UK officials are fearful that China has the capability to shut down businesses, military and critical infrastructure through cyber attacks and spy equipment embedded in computer and telecommunications equipment. The Stuxnet worm is the most famous and best case example of a cyber attack on a network which wreaked devastation having easily compromised conventional software defensive systems. There have been many cases of computer hardware having backdoors, Trojans or other programs to allow an attacker to gain access or transmit confidential data to a third party. Considerable focus and expense has been invested in software computer networks and system defences to detect and eradicate such threats.
However, similar technology with antivirus or anti Trojan capability for hardware (silicon chips) is not available. The computer or network hardware underpins and runs all the software defence systems. If the hardware has a vulnerability then all the energy in defending at the software level is redundant. An effort must be made to defend and detect at the hardware level for a more comprehensive strategy.
Our findings.
Claims were made by the intelligence agencies around the world, from MI5, NSA and IARPA, that silicon chips could be infected. We developed breakthrough silicon chip scanning technology to investigate these claims.
We chose an American military chip that is highly secure with sophisticated encryption standard, manufactured in China. Our aim was to perform advanced code breaking and to see if there were any unexpected features on the chip. We scanned the silicon chip in an affordable time and found a previously unknown backdoor inserted by the manufacturer. This backdoor has a key, which we were able to extract. If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key. This particular chip is prevalent in many systems from weapons, nuclear power plants to public transport. In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems. The scale and range of possible attacks has huge implications for National Security and public infrastructure.
Key features of our technology: - scans silicon/hardware for backdoors, Trojans and unexpected behaviour - low cost - very fast result turnaround time - high portability - adaptable - scale up to include many types of chip
Further funding is needed for us to progress to testing further silicon chips and to develop better search algorithms which would allow us to detect possible spy systems or vulnerabilities in a greater range of systems.
Currently there is no economical or timely way of ascertaining if a manufacturer's specifications have been altered during the manufacturing process (99% of chips are manufactured in China), or indeed if the specifications themselves contain a deliberately inserted potential threat.
Conclusions.
It is clear that cyber attacks will increasingly be of this nature, having most impact; it is imperative that this issue is addressed as a matter of urgency. We would suggest making hardware assurance (HWA) & hardware defence (HWD), the testing of silicon chips for backdoors and Trojans, and their defence, a greater priority within the National Cyber Strategy. Until now it was not possible to perform such analysis in a timely or cost effective manner. Our technology provides a solution. A variation in this technology could be used as a backstop defence on a computer or network system where it can monitor instructions and possible reprogramming or activation of a buried spy system in a real time environment, thereby preventing Stuxnet type attacks.
Further funding is needed for us to progress to testing further silicon chips and to develop better search algorithms which would allow us to detect possible spy systems or vulnerabilities in a greater range of systems.
Today anonymous hackers leaked more than 55.000 hacked twitter accounts username and password through Pastebin. It was very shocking to see such a massive number of Twitter accounts are hacked. Also celebrity accounts are hacked.
Summary: The Patch Tuesday batch for May 2012 covers at least 23 documented vulnerabilities in Microsoft Office, Microsoft Windows, the Microsoft .NET Framework and Microsoft Silverlight.
By Dancho Danchev | May 5, 2012
Summary: Security researchers from Trusteer have intercepted a ransomware variant being pushed using the Citadel crimeware platform.
By Kim Zetter
Oak Ridge National Laboratory was hit by a targeted hacker attack in 2011 that forced the lab to take all its computers offline. Photo: Oak Ridge National Laboratory.
The attackers chose their moment well.
On Apr. 7, 2011, five days before Microsoft patched a critical zero-day vulnerability in Internet Explorer that had been publicly disclosed three months earlier on a security mailing list, unknown attackers launched a spear-phishing attack against workers at the Oak Ridge National Laboratory in Tennessee.
The lab, which is funded by the U.S. Department of Energy, conducts classified and unclassified energy and national security work for the federal government.
The e-mail, purporting to come from the lab’s human resources department, went to about 530 workers, or 11 percent of the lab’s workforce.
The cleverly crafted missive included a link to a malicious webpage, where workers could get information about employee benefits. But instead of getting facts about a health plan or retirement fund, workers who visited the site using Internet Explorer got bit with malicious code that downloaded silently to their machines.
Although the lab detected the spear-phishing attack soon after it began, administrators weren’t quick enough to stop 57 workers from clicking on the malicious link. Luckily, only two employee machines were infected with the code. But that was enough for the intruders to get onto the lab’s network and begin siphoning data. Four days after the e-mails arrived, administrators spotted suspicious traffic leaving a server.
Only a few megabytes of stolen data got out, but other servers soon lit up with malicious activity. So administrators took the drastic step of severing all the lab’s computers from the internet while they investigated.
Oak Ridge had become the newest member of a club to which no one wants to belong – a nonexclusive society that includes Fortune 500 companies protecting invaluable intellectual property, law firms managing sensitive litigation and top security firms that everyone expected should have been shielded from such incursions. Even His Holiness the Dalai Lama has been the victim of an attack.
By Steve Ragan on May 04, 2012
A hacker group going by the name “The Unknowns” is gaining attention for a string of attacks against government and private networks, which started back in March. However, there are questions as to whether or not their recent actions could lead to their downfall.
The Unknowns, as the group refers to themselves, entered the public’s eye a few weeks ago, and since then they have claimed credit for attacks against Oak Ridge National Labs, NASA, the European Space Agency, the French Ministry of Defense, the U.S. Air Force, Harvard, Bahrain’s Ministry of Defense, a French radio station, and the Jordanian Yellow Pages.
One of the most recent attacks included the defacement of Oak Ridge National Labs’ DAAC portal. According to ORNL, the Distributed Active Archive Center (DAAC) “...provides data and information relevant to biogeochemical dynamics, ecological data, and environmental processes, critical for understanding the dynamics relating to the biological, geological, and chemical components of Earth's environment.”
The attack, according to the group’s public face (who is known as Zyklon B), was successful in part thanks to a PHP shell uploaded to the webserver, which was only possible after a staffer at ORNL fell victim to social engineering via email. We’ve reached out to ORNL for a statement. At the time this article went to press, no one was available for comment.
Last week, NASA acknowledged that The Unknowns had targeted a website hosted at the Glenn Research Center. That hack centered on the Interagency Advanced Power Group, and resulted in the loss of 307 records that were taken from a compromised database. However, the records lost and the other information housed on the server were not critical, NASA said.
“NASA security officials detected an intrusion into the site on April 20 and took it offline. The agency takes the issue of IT security very seriously and at no point was sensitive or controlled information compromised,” a spokesperson for the agency said in a statement.
[Full Article] - [The Lulz]
