FBI begins investigation into 1.2 billion stolen credentials after Hold Security's Report

23:14 Anuran Barman 0 Comments
The U.S. Federal Bureau of Investigation (FBI ) is investigating a report by a U.S. cyber security firm that it uncovered some 1.2 billion Internet logins and passwords amassed by a Russian crime ring. If the investigations prove the information to be correct, this could be the largest known collection of such stolen data.
FBI begins investigation into 1.2 billion stolen credentials after Hold Security's Report
Hold Security, a Wisconsin-based security firm, uncovered the massive credentials cache through months of research. As per Hold Security, a Russian group called “CyberVor” allegedly stole the logins over several years from more than 400,000 websites and servers

"The FBI is investigating the recently reported incident involving the potential compromise of numerous user names and passwords, and will provide additional information as the nature and scope of the incident becomes clearer," agency spokesman Josh Campbell said on Tuesday to Reuters via email.

Hold Security said on Aug. 5 that it obtained the credentials from a criminal gang that it has dubbed CyberVor, which focuses on stealing login credentials. 

Hold Security believes CyberVor accessed underground markets and stolen credential databases to begin their login collection and were later able to return to those markets and access data through botnet networks. 

L.K Advani's Official website hacked by Pakistani hacker

A Pakistani hacker going by the online handle "Muhammad Bilal" who is member of Team Pak Cyber Experts have once again hacked the official website of India's ruling Bhartiya Janata Party's (BJP) senior most leader L.K Advani.
The hacked website ( including one of its subdomain ( was left defaced with a message for Indian Army and Government.

Free Kashmir .. Freedom is our goal..  " Indian Penal Code Act No. 45 of 1860) CHAPTER-II SEC 18: India.- India means the territory of India excluding the State of Jammu and Kashmir."  This institutionalized impunity with which the killings of civilians by military and police forces in Jammu and Kashmir continues should be a source of shame for India which propagates to be a democracy!  Kashmir does not want militarized governance - STOP killing children, They just want freedom! Freedom from the evil of the Indian Military!  Ghandi said - Freedom is never dear at any price. It is the breath of life. What would a man not pay for living?  Everyday 100s of innocent people are abused, raped and even killed in Kashmir by the Indian army, a third of the deaths are children,  - take back your men, your guns and go back to where you came from, All we ask is for freedom, you can kill us but you cant kill us all, we shall not give up,  Giving up is not an option! 

The hacker also used abusive language for Indian prime minister Mr. Narendra Modi and Army chief Dalbir Singh Suhag.

One of the Image from the deface page shows Pakistan's National flag covering the entire map of India.

The hacker also said that changing the server or redesigning the website will not help the website to be safe from them.

This is not the first time when L.K Advani's website is hacked by a Pakistani hacker, earlier in April this year the website was hacked by same hacker which indicates that there is some security flaw in the website which is being exploited time and again.

However in a conversation with Techworm, the hacker said the website was redesigned and the vulnerability which let him hack the website was entirely new. he also added that he also have access to some of the Other official websites of BJP. 

At the time of writing the Article the website was still showing the deface page.

UPS Store hacked, Customers data including Payment card details may have been exposed

11:46 Abhishek kumar 0 Comments
The United Parcel Service (UPS) is the latest retail chain to have discovered a data breach which may have exposed Customers credit and debit card information.
UPS Store hacked, Customers data including Payment card details may have been exposed
UPS announced on Wednesday that "Customer's information at 51 franchises in 24 states may have been exposed. the data breach was limited to about 1% of 4,470 franchised center locations throughout the United States. however data on approximately 105,000 customer transactions between January and August may have been compromised."

UPS said a malware was responsible for this breach.  The malware was able to infect their system as early as January 20, 2014. but the attack came in play after March 26th 2014. 

The breach came into notice after an investigation which was setup by UPS after they received a Untied States government bulletin regarding a broad-based malware intrusion targeting retailers in the United States.  The authorities had issued a high alert bulletin in the wake of breach of Target and other online retailers.  The threat was eliminated as of August 11, 2014 as soon as the breach was detected.

Customer information that may have been exposed, includes customers’ names, postal addresses, email addresses and payment card information, the company said.  It also said that the UPS store has not detected any fraud arising from the incident and is offering identity protection and credit monitoring services at no charge for one year to any customer who used a credit or debit card at one of the affected center locations during the period in question.

Customers are asked to closely monitor their card account activity and report any concerns to their bank or card issuer, UPS Store does not have sufficient customer information to contact potentially affected customers directly. the list of affected stores can be seen here

Last week Grocery giants Albertsons and SUPERVALU announced a data breach which had affected US Departments stores across 18 states.

Malaysian authorities say that Hackers stole secret MH370-crash probe related documents

23:18 Vijay Prabhu 0 Comments
Many of us may have forgotten the ill fated Malaysian Airlines Flight MH370 since its disappearance on March 8th but it seems that it had interested some hackers. The Malaysian Airlines MH370 passenger flight had disappeared from the radar on 8 March 2014 while en route from Kuala Lumpur, Malaysia, to Beijing, China. Now reports have emerged that cyber criminals orchestrated a targeted phishing attack on a handful of Malaysian officials involved in investigating the disappearance of flight MH370.  The hackers believed to of Chinese origin have reportedly stolen a trove full of classified materials related to the disappearance of Flight MH370.
Malaysian authorities say that Hackers stole secret MH370-crash probe related documents
According to a Malaysian news website The Star, some 30 computers belonging different authorities and individuals, involved in the multi-nation probe were infected by a malware.  The cyber criminals successfully hacked into the systems of the personnel including those of Civil Aviation Department and the National Security Council and MAS with the help of this malware.  Star reported that the malware was sent posing as a PDF attachment to a new article emailed to the investigating officers on the next day of the disappearance i.e. on 9th March itself.  From the day the malware was installed, the hackers had access to all the confidential data being collated and shared by the multi nation probe into the disappearance.

As per Amirudin Abdul Wahab of CEO of CyberSecurity Malaysia, the hackers may have stolen tonnes of data before Malaysian cyber security  experts and authorities found and closed the breach.  It is however, not known till what time the hack window was open for the hackers since the attack on 9th March. The data was transferred to the hackers via emails which the malware initiated and was being funneled to a IP address located in China. It seems that the unknown emails being sent alerted the Malaysian authorities.

“Those email contained confidential data from the officials’ computer, including minutes of meetings and classified documents,” he said as cited by The Star. “Some of these were related to the MH370 investigation.”

The Malaysian Cyber Police, CyberSecurity Malaysia then requested that China’s Internet Service Providers (ISP) block the transmissions to the particular IP and also shut down  all the infected machines at its end, to stop further leaks of data. According to The Star, the agency suspects that the motive of the hacking was specifically to obtain information on the probe on Flight MH370’s still-unsolved disappearance.

CyberSecurity Malaysia and the local police are currently working with Interpol to identify the culprits behind the hacking who are believed to be private individuals, however it is to note that Flight MH370 had 152 Chinese citizens among the 239 people on board that ill fated flight so it is possible that some clandestine Chinese state authorities may be behind the hack.  

The MAS Boeing 777-2ER carrying 239 people aboard took off from Kuala Lumpur International Airport (KLIA) on March 8 and was headed to Beijing, China, before it fell off the radar less than an hour later. Five months have passed since this tragic incident but the authorities are yet to unravel the mystery behind the disappearance. 

The case of disappearance of MH370 has been treated as closed by Malaysian authorities, you can read all about it here.