Wednesday, February 29, 2012

FBI Will Shutdown DNSChanger Name Servers On March 8 (Operation Ghost Click)



It is widely known to all that the FBI will shut down the DNSChanger name servers on the 8th March, so it can be expected that the Internet connection of many users over the whole spectrum will be hampered during this operation because the trojan named DNSChanger has occupied millions of computers in more than 100 countries. FBI has planned the whole stuff earlier in November 2011 & it was named Operation Ghost Click. What many people do not know is that the clean DNS servers which are operated by the Internet Systems Consortium (ISC) and used to replace the rogues will be shut down on March 8, 2012. From the start, the US District Court for the Southern District of New York permitted the ISC to operate these servers for a period of 120 days. However, on February 17, 2012 the US government requested this deadline be extended to July 9, 2012.

Barring an extension from the FBI, those systems still infected with DNSChanger will cease receiving DNS services from the ISC controlled name servers on this date.  In other words, they will not be able to properly access internet resources.  This gives information security professionals less than two weeks to detect, locate and remediate any systems on their networks that are still infected. The DNSChanger Working Group (DCWG) estimates there are still approximately 450,000 systems still infected as of January 28, 2012. Other statistics show that DNSChanger may be present in half of the Fortune 500 companies as well as at least 27 government organizations. In early February 2012 Internet Identity disclosed there were 3 million systems still infected globally. This is a relatively small number of systems when compared to other virus outbreaks.  Regardless it represents a challenge to security professionals. This can be a substantial undertaking for large enterprises.  The nature of DNSChanger was to redirect infected systems to malicious destinations.  Many of these sites in turn installed additional malware.  By finding a DNSChanger infected system you will be finding a system that has additional infections. This should justify the need for a thorough sweep for DNSChanger infections. Luckily there are many resources available to detect and remediate DNSChanger infections.  The easiest way is to utilize a network monitoring tool to isolate DNS traffic to the ISC operated DNS resolvers.

The Offending Netblocks Are:-
85.255.112.0/20 (85.255.112.0 through 85.255.127.255)
67.210.0.0/20 (67.210.0.0 through 67.210.15.255)
93.188.160.0/21 (93.188.160.0 through 93.188.167.255)
77.67.83.0/24 (77.67.83.0 through 77.67.83.255)
213.109.64.0/20 (213.109.64.0 through 213.109.79.255)
64.28.176.0/20 (64.28.176.0 through 64.28.191.255)

Tuesday, February 28, 2012

The GIFiles By Wikileaks Publishing: The Global Intelligence Files & Five Million E-mails From Stratfor



In the last month of 2011 U.S.-based security think tank Stratfor faced cyber attack from Hactvists. Anonymous claimed that they have stolen thousands of credit card numbers and other personal information belonging to clients of Stratfor’s confidential client list, which includes entities ranging from Apple Inc. to the U.S. Air Force to the Miami Police Department, and mining it for more than 4,000 credit card numbers, passwords and home addresses. But later in a press release Anonymous dines that attack so its quit difficult to figure out that who was really behind the hack.

But from this Monday Wikileaks has  planned to release over 5 Million emails from Stratfor Global Intelligence, whose website was hacked and emails and customer data stolen in December. 
According to official website Wikileaks:- 

"On Monday February 27th, 2012, WikiLeaks began publishing The Global Intelligence Files, over five million e-mails from the Texas headquartered "global intelligence" company Stratfor. The e-mails date between July 2004 and late December 2011. They reveal the inner workings of a company that fronts as an intelligence publisher, but provides confidential intelligence services to large corporations, such as Bhopal’s Dow Chemical Co., Lockheed Martin, Northrop Grumman, Raytheon and government agencies, including the US Department of Homeland Security, the US Marines and the US Defence Intelligence Agency. The emails show Stratfor’s web of informers, pay-off structure, payment laundering techniques and psychological methods..."

Wednesday, February 22, 2012

Iran will Develop their own security Software, No more foreign Solution



According to latest report, Iran's Information and Communications Technology Minister announce that - Iran has prohibited import of foreign computer security software.

Because International sanctions stopped Iran from obtaining anti-virus software. So, Iran stressed that no foreign software for computer security will be imported into the country, adding that Iran will rely on its own software, made by local developers. The Bonian Daneshpajouhan Institute has about 25 smaller firms that develop domestic security software of various nature, and country will rely on it. 

Three Hackers From Anonymous Arrested In Greece



Earlier this month Greece faced massive cyber attack from Anonymous and after investigation Greek police said they had arrested an 18-year-old suspected of hacking into the justice ministry's website. Also two other suspect aged 16 & 17 also being sought over the case.  In the February 2nd hackers from anonymous performed a cyber-attack on the Greek Ministry of Justice website, and warned of plans to target a further 300 ministry and media sites. The hack was apparently a protest against the Greek government's signing of the Anti-Counterfeiting Trade Agreement (ACTA), which is designed to reduce Internet piracy. After that Greek police confirmed via twitter that they have started investigation and all the countermeasures have been taken. Indeed the output is in-front of us, 3 teenagers from Greece are behind the bar. The authority also said- The three youths have been linked to dozens of cyber attacks against Greek websites, using the alias Greek Hacking Scene and the nicknames "delirium", "nikpa" and "extasy". Authority also confirmed that these teens may have to face 1 year of imprisonment.

This the second time of this year when hackers from Anonymous get busted by police. In January a 22 year aged student arrested in south-western Poland for allegedly hacking the prime minister's website and local authority said that he was a part of Hactivist Anonymous. 

Friday, February 10, 2012

Anonymous Exposed Personal Details Of Top Officers Of Oakland City



#OccupyOakland movement continues. Today top city official of Oakland confirms that their personal details has been stolen. Concerned with the continuous acts of police brutality perpetrated by law enforcement in Oakland, California, the online hacktivist group Anonymous has published the personal details of some of the city’s leading officials. All the hacked credentials including Full name, Address, Phone Number, Social Network Details and other personal details has been openly posted on pastebin by Anon hackers. 

In the #OccupyOakland Press Release Anonymous said:-

"Citizens of Oakland -
Anonymous has been watching. Since the inception of Occupy Oakland, We have been actively monitoring your behavior, and exposing the identities and sensitive information of Officers of the Oakland Police Department; as they have continued to act in an unprofessional and violent manner. You tear gassed Us. You shot Us with your weapons. You arrested Us. You beat Us. You also did this to Our Friends, and to Our Families. We watched as you cut budgets, cut Our jobs, closed Our schools, Our parks, and Our libraries, while leaving your own salaries alone. We laughed in disgust as Deanna Santana said she would need to speak to her attorney before discussing her pay cut. The people on this list are supposed to represent the best of what the City of Oakland has to offer. If they are the best, why is there so much trouble within the Police Department, and in the City of Oakland?
We are shocked and disgusted by your behavior. Before you commit atrocities against innocent people again, think twice.
You should have expected Us..."

#OccupyOakland Anonymous Performed DDoS Attack On Oakland Police & Exposed Confidential Data



Another Occupy Wall Street protest by Anonymous. Previously Anonymous Hacked IACP & Exposed 600 MB of Personal Data and this time the target was Oakland police. Members of the 'hacktivist' launched a DDOS attack that brought down the main web site of the Oakland Police Department for much of last night, cracked at least part of the security on an Oakland city government server and posted information on the names and data structure of Oakland city servers and the names, addresses and other personal data on Oakland police.

Members of the group have also put out the call for more hacked data and offered a $1,000 reward for specific data on the officer who fired the riot-control weapon that critically injured Iraq War veteran Scott Olsen. Olsen, a former Marine who participated in the protest Tuesday night, was apparently struck in the head by either a tear-gas canister or flash-bang grenade fired by Oakland riot police during a violent effort to drive OccupyOakland protesters off the streets.

In a Press Release Anon Said:-

"#OccupyOakland has come under attack from city police, who now appear to be calling in reinforcements from Palo Alto. A protester who did two tours in Iraq is in critical condition with fractured skull and brain injury after a cop shot him in the head with a "non-lethal" weapon. A crowd of protesters were deliberately hit with a flashbang while rendering first aid to an injured protester. Police claimed in a recent press release that "no injuries" have been reported so far.

These are among the most disturbing and criminal acts to be have been proven on the part of U.S. police since NYPD officers were outed as having routinely planted drugs on suspects earlier this month. The time has come to retaliate against Oakland police via all non-violent means, beginning with doxing of individual officers and particularly higher-ups involved in the department's conduct of late.
Those willing to assist in doxing should send any found materials to transistor@hushmail.com. To work with Anonymous, use an IRC client to join irc.anonops.li #anonops.
I'm offering a $1,000 reward, no questions asked, for the name of the officer who threw a flashbang at the injured Iraqi vet. "

To see the entire press release of Anonymous Click Here.

For more information and to see the server details and other confidential information leaked by Anon Click Here.

Exposed Names, Addresses and other Personal data of Oakland Police are Here.

Thursday, February 9, 2012

US Govt Sites are Targeted by DNSChanger Trojan



Security researcher suspecting that malware named "DNS Changer" still targeting US Govt sites. Even researcher said: "hundreds of Govt sites are infected with that particular malware."

About DNSChanger: 
The malware, known as the “DNSChanger Trojan” quietly alters the host computer’s Internet settings to hijack search results and to block victims from visiting security sites that might help scrub the infections. DNSChanger frequently was bundled with other types of malware, meaning that systems infected with the Trojan often also host other, more nefarious digital parasites.

Earlier few guys ware busted for using the Trojan to control more than four million computers in over 100 countries - including an estimated 500,000 in the United States. Investigators timed the arrests with a coordinated attack on the malware’s infrastructure. The two-pronged attack was intended to prevent miscreants from continuing to control the network of hacked PCs, and to give Internet service providers an opportunity to alert customers with infected machines. Computers still infected with DNSChanger are up against a countdown clock. As part of the DNSChanger botnet takedown, the feds secured a court order to replace the Trojan’s DNS infrastructure with surrogate, legitimate DNS servers. But those servers are only allowed to operate until March 8, 2012. Unless the court extends that order, any computers still infected with DNSChanger may no longer be able to browse the Web.

Wednesday, February 8, 2012

Symantec verifies stolen source code posted by Anonymous is "legitimate"



Symantec is in an ongoing fight against hackers in the group Anonymous that last January attempted to extort a payment of around $50,000 from Symantec in exchange for not publicly posting stolen Symantec source code they had stolen for various older Symantec security products dating to 2006.

Late yesterday, hackers did release the source code for an older version of Symantec's pcAnywhere and Norton Internet Security by uploading it to the Pirate bay website. Symantec confirms this is legitimate Symantec source code, and Symantec spokesman Chris Paden says the concern now is that other code that Anonymous claims to have in its possession will soon be posted as well.

Interesting story: US become victim of Indian spy agency...!



A recently leaked memo reveals that American and Canadian based company’s Apple, Research in Motion and Nokia may have helped the government of India spy on U.S. agencies in order to receive larger shares of the overall Indian cell phone market.

Last week, an Indian hacker crew successfully broke into a secured Indian military government network. The group, the Lords of Dharmaraja (who posted up outdated Norton security source code last week) posted documents that infer Apple, Nokia, and Research In Motion gave the Indian government backdoor access to their devices in exchange for mobile phone market rights.

Australian Nokia Sub Domain Defaced by Hackers



Latest News coming from Zone-H that Australian Nokia Sub Domain Defaced by Hacker going with codename - "aldyfrz" an Indonesian hacker. Reason of Hacking is Unclear and Security Breach possibly just Damage the Site.

The Hacker Sub domain of Nokia is : http://press.nokia.com.au Press Club Site and While writing this update Nokia Restore the site , So if anyone miss to see the Deface page, They can check at Zone-H mirror link.

University of Washington: Database Leaked by Hacker



A few days back, a Team INTRA member hacked into the University of Washington database and released much data. Today, N0B0DY and N0LIFE hacked into it again, releasing the most recent passwords on Pastebin.

HTC Patched Wi-Fi Vulnerability In Its Android Phones



Wi-Fi vulnerability in Android Phones of HTC has been pacthed. The company has provided a firmware update to fix a "small" security hole which allowed Wi-Fi credentials to be easily stolen. Both HTC and Google were informed of the problem last September.

Tuesday, February 7, 2012

Interesting story of a Hungarian Hacker - who gets 30 months for extortion plot on Marriott



A Hungarian hacker who attempted to extort money from Marriott International Inc. by stealing confidential data from its computers and threatening to expose it was sentenced to 30 months in prison.

Attila Nemeth, 26, will also serve three years of supervised release following his prison term, federal prosecutors said in a statement Friday.

Nemeth had previously pleaded guilty to charges of transmitting malicious code and attempted extortion, in U.S. District Court in Maryland.

According to court documents, Nemeth informed Marriott officials in November 2010 that he had gained access to the company's computers and had stolen proprietary information from its systems.

As proof, he emailed Marriott eight documents, seven of which were later confirmed to be proprietary company information. The stolen data included sensitive financial information.

An investigation by Marriott showed that Nemeth had planted two remotely controlled Trojans on the company's systems that allowed him access to other systems on the network. Nemeth gained initial access to the systems by getting a handful of Marriott employees to click on infected email attachments that he had sent to them.

Nemeth threatened to release the data he had stolen to Marriott's rivals or to its employees, or post it publicly if the company did not give him a job. His demands included a job based in Europe paying at least $150,000 annually, a hotel room in any hotel of his choice, free flights to wherever he wanted and the right to work whenever he felt like it.

In exchange, Nemeth said he would destroy the stolen data in two years.

"You fire your incompetent IT staff and hire me as an outside contractor to take care of your IT network security ," Nemeth write in an email. "After my new job works out for a couple of years all the docs I collected from your network going to wanish (sic)," he wrote.

A U.S. Secret Service agent, posturing as "Phillip Bender," a Marriott IT executive, established contact with Nemeth and engaged him in a discussion about a possible job in the U.S. Nemeth agreed to come to the U.S. for an employment interview with Marriott.

The agent, masquerading as the Marriott executive, interviewed the hacker. Nemeth, believing he was speaking with a Marriott executive, disclosed details of how he had gained access to the company's systems, and the location of the servers where the stolen data was stored.

The loss to Marriott as a result of Nemeth's intrusion was about $1 million in salaries, consultant expenses and other costs.

Anonymous Hacks FBI and Records Conference Call



Earlier today, Anonymous released a confidential conference call between the FBI and law enforcement officers in the UK. The 16-minute call discusses ongoing investigations into hackers associated with Anonymous, AntiSec, and LulzSec.

Sunday, February 5, 2012

12 Thousand Websites Hacked By Teamgreyhat (TGH)



Hacktivist Teamgreyhat strikes again. This time it was really a big one. In this blow they have blown more than 12 Thousand websites. In dead this is the biggest attack ever done by TGH guys. According to TGH authority "this attack is just the trailer........ wait and stay tuned for the entire episode...."  Also in their press release TGH has declared that their next target will be two high profile websites of India and they are Central Drug Research Institute (CDRI) & Bhabha Atomic Research Centre (BARC). Through this massive attack the hacker group also spreed their message and that is:-
#free education from the beginning to masters....or even more.
#free health (proper treatment)

Saturday, February 4, 2012

NASA and Pentagon Hacker - TinKode Arrested in Romania



Romanian police have arrested a man believed to be TinKode, the notorious hacker responsible for several daring, high-profile cyberattacks, including last year's breach of NASA's servers, Royal Navy, The European Space Agency and MySQL.com. The 20-year-old man, named as Razvan Manole Cernaianu, allegedly attacked Pentagon and NASA computer systems, revealed security holes, and published information about SQL injection vulnerabilities he had discovered, the Romanian Directorate for Investigating Organized Crime and Terrorist (DIICOT) said in a press release.

Friday, February 3, 2012

Syrian president’s e-mail hacked by Saudi hackers



A hacker based out of Saudi Arabia, identified as Salman Al Anzi, claims to have hacked the private email account of Syrian president Bashar Al Assad. He also hack a number of Syrian ministries, the Al-Arabiya TV Channel. The hacker threatened to reveal Assad's personal correspondence containing scandalous facts if the president doesn't meet his requirements.

Wednesday, February 1, 2012

Facebook sues Adscend Media for malware and spam




Facebook and the state of Washington have filed separate lawsuits against West Virginia-based Adscend Media LLC, alleging the company was responsible for spreading malware through Facebook and for stealing personal information from users of the social networking site.
The suits, filed in U.S. district courts in Santa Clara, Calif., and Seattle, respectively, contend that the defendants operated an advertising network that misled users into clicking on links that they thought would deliver certain types of content, such as videos or surveys, but instead installed malware on their systems and stole private information. The suits also claim that Adscend was aware and encouraged its affiliates to engage in this activity.

The Washington suit also alleges that the activity violates the state's Commercial Electronic Mail Act (CEMA) because Adscend aided its affiliates.