close

Hacking news

Hackers Compromise The Korean National Recruitment System maintained by the U.S. Department of the Army.

The Korean National Recruitment System (KNRS) which is maintained by the U.S. Department of the Army was breached by hackers last month.

Hackers Compromise The Korean National Recruitment System maintained by the U.S. Department of the Army.
The compromised information consisted of databases which stored personally identifiable information (PII) on U.S Army Korean National employees and applicants for United States Forces Korea (USFK) employment.


The two compromised database contained the sensitive personal information of more than 16,000 South Koreans employed by the United States Department of the Army.

The details which were breached include the individuals name, Korean Identification number, Contact Information, education and work experience.  This was disclosed by General Curtis M. Scaparrotti, U.S Army Commander in a notice to the employees whose personal information may have been compromised.

The affected system has since been removed from the network by the US Army and a alternate system has been added to facilitate the Korean National Recruitment into US Army process.

The Breach is currently being investigated by the Authorities.  The reports also said that the U.S Department of Army Senior Leaders and Republic of Korea Government officials have been approached for further assistance in the investigation. 

read more

GameOver Zeus Botnet which infected more than 1 Million computers Globally, disrupted by the FBI

The FBI and the Department of Justice in collaboration  with International law agencies has managed to significantly disrupt the effects of “GameOver Zeus Botnet” and “Cryptolocker the Ransomware” earlier this week

GameOver Zeus Botnet which is allegedly responsible for the theft of hundreds of millions of dollars from businesses and consumers around the world is believed to have infected more than 1 Million computers globally.

GameOver Zeus Botnet which infected more than 1 Million computers Globally, disrupted by the FBI

The GameOver Zeus Botnet Malware is a sophisticated variant of the Zeus Malware and is designed to steal the victim’s banking credentials to initiate or re-direct wire transfers to overseas accounts that are controlled by the criminal networks. The infected system or computer also becomes the part of a global network of compromised computers known as a botnet which can be controlled for more nefarious purposes by the cyber criminals like DDoS attacks against well known sites. The malware  spreads mostly through spam e-mail or phishing messages.

GameOver Zeus Botnet which infected more than 1 Million computers Globally, disrupted by the FBI

Unlike earlier Zeus variants, GameOver has a decentralized, peer-to-peer command and control infrastructure rather than centralized points of origin, which means that instructions to the infected computers can come from any of the infected computers, making a takedown of the botnet more difficult because even though the main server is shut down the ancillary botnets can be used assume control and send the commands.

Officials said that in addition to the filing a criminal case, the U.S government has also obtained authorisations from the Federal Court in Pittsburgh which authorized measures to sever communications between the infected computers, re-directing these computers away from criminal servers to substitute servers under the government’s control.   According to the reports the infected servers have been quarantined and and redirected for now but the same reports say that, it won’t take long before they popup again elsewhere. 

The court orders also authorized the FBI to identity the IP addresses of the victim computers reaching out to the substitute servers and to provide that information to Computer Emergency Readiness Teams (CERTs) around the world, as well as to Internet service providers and other private sector parties who are then able to assist victims in removing GameOver Zeus from their computers.

In related actions U.S. and foreign law enforcement officials also seized  Cryptolocker command and control servers. Cryptolocker is a type of Ransomware that encrypt’s or locks the Victim’s File on Computer and demands a ransom to unlock it. the devices infected with Cryptolocker are often infected by GameOver Zeus Botnet too.

The FBI has identified Russian Evgeniy Mikhailovich Bogachev as the leader of a gang of cyber criminals based in Russia and the Ukraine responsible for the development and operation of both the GameOver Zeus and Cryptolocker schemes. Evgeniy Bogachev aka  “lucky12345” and “slavik” tops the FBI’s Cyber’s Most Wanted 

GameOver Zeus Botnet which infected more than 1 Million computers Globally, disrupted by the FBI
Source:fbi.gov

Are You Infected too?
According to the FBI these are the major signs to check if your computer is Infected by GameOver Zeus Botnet:
– Your computer system operates very slowly.  
– Your cursor moves erratically with no input from you.  
– You notice unauthorized logins to your bank accounts or unauthorized money transfers.  
– Text-based chat windows appear on your computer’s desktop unexpectedly.  
– Your computer files lock up and a ransom demand is made to unlock files.

How do i Protect Myself?
– Make sure you have updated antivirus software on your computer.  
– Enable automated patches for your operating system and web browser.  
– Have strong passwords, and don’t use the same passwords for everything.  
– Use a pop-up blocker.  
– Only download software—especially free software—from sites you know and trust (malware can also come in downloadable games, file-sharing programs, and customized toolbars).  
– Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an e-mail, even if you think it looks safe. Instead, close out the e-mail and go to the organization’s website directly.

The Victims have less than 2 weeks to protect themselves before the Cyber criminals restart the Network.

Last month FBI has also raided and arrested the BlackShades RAT Users Globally bringing up the chances of more arrests and crackdown in next few weeks.

read more

Hacker arrested for hacking into law enforcement agencies networks and Credit Card data theft

25-year-old Cameron Lacroix of New Bedford, Massachusetts was charged with hacking into computer networks around the United States, including networks belonging to law enforcement agencies, a local police department, and a local college. to obtain highly sensitive law enforcement data and alter academic records. and to steal credit, debit, and payment card numbers. FBI said this Monday.

Hacker arrested for hacking into Law Enforcement Networks, and Credit Card data Theft

Cameron was charged with a criminal case  with two counts of computer intrusion and one count of access device fraud. Cameron has pleaded guilty to all counts and will serve a four-year prison sentence.

In between May 2011 to May 2013 Lacroix allegedly stole payment card data for over 14,000 unique account holders.  He also obtained the account holders full name, address, date of birth, Social Security account number, e-mail address, and bank account and routing numbers, as well as listings of items they ordered with the cards.

From August 2012 through November 2012 Lacroix repeatedly hacked into law enforcement agencies computer networks containing sensitive information including police reports, investigation details, intelligence reports, arrest warrants, and other classified information. Prosecutors believes that in September 2012, Lacroix breached into the server of local Massachusetts Police Department and gained unauthorized access to the MPD Chief of  Police’s email account.

Lacroix is also found guilty of hacking into the servers of Bristol Community College to change his Grades and of other two students during September 2012 and December 2013.  

read more

Helping the Feds lets Sabu of LulzSec avoid jailtime

For the help provided to the federal authorities of United States, in identifying and preventing several infiltration attempts on worlds leading corporate, government and individual websites, Sabu aka Hector Xavier Monsegur has avoided jailtime.  As per Yahoo News, he has been sentenced to time served followed by one year of supervised release.
Helping the Feds lets Sabu of LulzSec avoid jailtime
According to Yahoo News, prosecutors in New York on Tuesday officially recounted Sabu aka Monsuegur’s cooperation with the federal government, explaining that the hacker should be “rewarded with leniency” for working with the FBI to stop cyberattacks by Anonymous and its offshoot LulzSec. 

As per the charges, Sabu could or should have probably faced decades in prison for originally pleading guilty to 9 counts of hacking and other allied criminal activities.  But his active collaboration with the FBI drastically reduced his sentence and helped him avoid jail time. Prior to the official sentence, prosecutors were pushing for as little as seven months behind bars.

You can read about the relationship between Sabu and US authorities on this post

Courtroom portrait of Hector “Sabu” Monsegur finished moments ago at his sentencing hearing. By @wikileakstruck pic.twitter.com/MJCrOOpgGq
— Andrew Panda Blake (@apblake) May 27, 2014

read more

Avast Anti Virus Forum hacked, Login Credentials of 400,000 users compromised

Antivirus firm Avast  has today confirmed that it took its Community support forum offline  following a data breach which may have affected log in ids and passwords of more than 400,000 users.

Avast Forum hacked, Login Credentials of 400,000 users Compromised

Company’s CEO Vincent Steckler today stated in a blog post that user’s nicknames, user names, email addresses and hashed passwords were compromised in a attack on Avast Forum which took place over this past weekend. Steckler also noted in the same blog, that although the passwords are hashed but  it could be possible for a sophisticated thief / progammer to derive these passwords.

Avast Forum hacked, Login Credentials of 400,000 users Compromised

Avast claims that this attack seems to have affected less than 0.2% of a total of 200 million users of the forum.  It also claimed that no financial details like payment, license terms or other data was compromised.

The Forum (forum.avast.com) has since been taken offline and is being rebuilt and moved to a more secure platform. Avast has already informed all the affected parties via email asking them to immediately change their passwords.  Users may also change their other passwords like Facebook, gmail and other emails, banking etc. if its the same as the Avast forum account

Once the forum is back online, effected users will be asked to reset their password while trying to logging in with the old password.

The company said the Forum was hosted on a third-party Software platform.  This third party software may have been the weak link in the defences of the forum which was most probably the attackers took advantage of.   It is not understood how a big AV and security firm could rely on third party software for such important website without ample security considerations.

read more

Pro-Russian Hackers leaks documents from Central Election Commission Of Ukraine

Ukrainian hackers using the online handle “Cyber Berkut” has managed to hack into the web system of Central Election Commission Of Ukraine, the hackers said in a statement released on their website.

Pro-Russian Hackers leaks documents from Central Election Commission Of Ukraine


The leaks comes just two days before the presidential election in Ukraine to be held on May 25.

“We Cyber Berkut, in protest against the legitimization of crimes Kiev junta completely destroyed the network and computing infrastructure of the Central Election Commission of Ukraine.”
“We declare that the Unified Information-Analytical System ‘Elections’ created under complete control of the United States ceased to exist said the hacker on their website.

The Hackers also leaked large archive of emails, as well as the technical documentation of the CEC system administrators online.

“Our special thanks for a fascinating quest to wonderful administrators who were storing data on access to the network in text files on their desktops,” the hackers said.

Earlier this year “Cyber Berkut” brought down Several Nato websites over Crimea stance

read more

New on-demand penetration testing service released by High-Tech Bridge – ImmuniWeb.

When testing a website for vulnerabilities, most business turn to automated scanners. But there is another way – a new online on-demand web penetration testing service called ImmuniWeb was officially launched last week.
New on-demand penetration testing service released by High-Tech Bridge – ImmuniWeb.
Techworm had already wrote about the website security assessment when it was in Beta in 2013, and now with over a year’s worth of Beta testing, ImmuniWeb is available to all. 

ImmuniWeb takes a new approach to scanning a web app or website for vulnerabilities.  The ImmuniWeb service uses both manual web application penetration testing and automated vulnerability scanning to create a report on a website’s vulnerabilities. 
New on-demand penetration testing service released by High-Tech Bridge – ImmuniWeb.
Manual testing is conducted by High-Tech Bridge web penetration testers and guarantees zero false-positives while significantly minimising the number of false-negatives in a web security assessment report. The automated side of the assessment is performed by the company’s proprietary ImmuniWeb Security Scanner. Project configuration and management, secure online payment and report delivery is done online via ImmuniWeb Portal.

ImmuniWeb’s hybrid approach to web application security testing offers a real alternative to automated tools, scanners and services that currently dominate the market. Every ImmuniWeb report is manually written by a professional penetration tester who provides analyse each weakness and vulnerability detected, and recommend fixes in easy to understand language that any non-technical person can understand. 

The service seems to have some important fans as in the press release about the launch Graham Cluley, independent computer security analyst and owner of Grahamcluley.com, said of ImmuniWeb:

“What’s cool is that the ImmuniWeb service isn’t just a web vulnerability scanner, hunting for flaws on customers’ websites. At the same time as that is running, High-Tech Bridge also has a team of ethical hackers, with years of professional web security experience, manually attempting to penetrate websites, and searching for flaws and weaknesses.”

During beta stage, ImmuniWeb has been tested on thousands live websites, that use different web frameworks, platforms and web programming languages. According to High-Tech Bridge, the vast majority of security assessments already performed by ImmuniWeb demonstrated the highest vulnerability detection rate compared to traditional vulnerability scanners and automated SaaS solutions.

The service is also endorsed by some notable security organisations and ImmuniWeb SaaS successfully received CWE and CVE compatibility certification from MITRE in 2013.

To find out more, visit https://www.htbridge.com/immuniweb/
Or here’s some useful reading. Compare ImmuniWeb with others website vulnerability solutions: 

You can also view ImmuniWeb® assessment technical details at the following webpate:
read more

Several Government websites of Ukraine hacked and defaced by Argentina hack team under OpUkraine

Hacker going with the handle Libero from Argentina hack team has hacked and defaced several Government websites of Ukraine under #OpUkraine, protesting against the Ukraine Government.

Several Government websites of Ukraine hacked and defaced by Argentina hack team under OpUkraine

All total of 14 websites were hacked and defaced, most of them with a deface page simply reading “Hacked by Libero” “WE ARE ANONYMOUS”
One of the defaced website was showing a Video Statement released by Anonymous Ukraine, which said:

Criminal Government has violated all international conventions
They applied firearms against Protestors
Interior Ministry confirmed that police used live ammunition
Yanukovich and president administration are outlaw
All force Structures are Criminal and Outlaw
We have facts that Russian Forces kill Ukrainian people 
Party of Religions is outlaw
Communist party is outlaw
Crimes of this Government are crimes against humanity
All Criminals should be punished
Support us in #OpUkraine
We are Anonymous
We are Legion
We do not Forgive
We do not Forget
Expect us
List of Defaced websites:

https://sumylis.gov.ua 
https://mrr.gov.ua/ 
https://dairivne.gov.ua/ 
https://khedai.gov.ua/ 
https://pfu-sumy.gov.ua/ 
https://rivneoblzem.gov.ua/ 
https://sumyrayrada.gov.ua/ 
https://sumyzemres.gov.ua/ 
https://uns.adm-pl.gov.ua/ 
https://zaksoc.gov.ua/ 
https://rada-vv.gov.ua/ 
https://brody-rda.gov.ua/images/x.gif 
https://apcourtlg.gov.ua/ 
https://vbeloz.gov.ua/

Mirror (WebCached version ) of the websites can be seen here
At the time of writing the Article all the websites were still showing the deface page.

read more

RedHack leaks email id’s and password from Turkish Cooperation and Coordination Agency (TIKA)

The email id’s and password of The Personnel of Turkish Cooperation and Coordination Agency (TIKA) was leaked today by RedHack.

RedHack leaks email id's and password from Turkish Cooperation and Coordination Agency (TIKA)

The Leak was Announced by Official RedHack Account on twitter

Turkish Cooperation&Development Agency, system & e-mail users&passwords LEAKED. https://t.co/8rJmPgTPfX & https://t.co/5sSKfrmc3C #Anonymous
— RedHack_EN (@RedHack_EN) May 18, 2014


One of the RedHack member told Techworm that the leak is dedicated to Revolutionary leader ?brahim Kaypakkaya and also a protest against the corrupt Government.

The leak has came just a day before the opening ceremony of TIKA establishments to be inaugurated
by Prime Minister Recep Tayyip Erdo?an.

The leaked data can be viewed from the paste provided below 


https://justpaste.it/fijd

RedHack also claims that One of the email id used by the Government official is used to access the Adult Dating Site

Personnel at T?KA uses government e-mail account for dating sites. Must be AKP adherent 😉 pic.twitter.com/2NLncYuoTu #RedHack #Anonymous
— RedHack_EN (@RedHack_EN) May 18, 2014

 

read more

San Francisco Traffic sign hacked to warn travellers of Godzilla Attack

What will you do when a traffic sign board will warn you of a “Godzilla Attack”, This is what happend last wednesday in San Francisco when a electronic traffic sign on Van Ness Avenue started displaying warning of a “Godzilla Attack” and asking the travelers to “Turn Back”.

San Francisco Traffic sign hacked to warn travellers of Godzilla Attack

The mobile sign was supposed to be warning drivers about traffic delays during Sunday’s Bay to Breakers foot race. however a prankster hacked it to display the warning “Godzilla Attack”, “Turn Back”.

The traffic sign board was fixed soon after the incident.

This is not the first time when hackers have targeted “traffic sign board”. in 2012 a traffic sign in Maine was changed to display “Zombies Ahead” and a traffic sign in Loomis, California was changed to read “Caution Loose Gorilla!”. a year later in 2013 Serbian hackers hacked a traffic billboard to display supportive message to Pirate bay.

read more