-
IP addresses are NOT logged in this forum so there's no point asking. Please note that this forum is full of homophobes, racists, lunatics, schizophrenics & absolute nut jobs with a smattering of geniuses, Chinese chauvinists, Moderate Muslims and last but not least a couple of "know-it-alls" constantly sprouting their dubious wisdom. If you believe that content generated by unsavory characters might cause you offense PLEASE LEAVE NOW! Sammyboy Admin and Staff are not responsible for your hurt feelings should you choose to read any of the content here. The OTHER forum is HERE so please stop asking.
Hacking 101
- Thread starter General Grievous
- Start date
28 November 2014 Last updated at 11:54 GMT
Airport raids tackle cyberthieves over ticket fraud
Wil Van Gemert, Europol: This fraud costs up to a billion dollars a year
Cyberthieves who used stolen credit cards to buy airline tickets have been targeted in a series of raids.
Europol co-ordinated the raids at airports, targeting people who were trying to travel using a fraudulently bought ticket.
In total, 118 people were arrested at 80 airports in 45 countries during the raids.
Airlines lose more than $1bn (£640m) a year to the trade in fraudulent tickets, said Europol.
"Airlines are fighting credit card fraud on their ticket sales on daily basis," said Meta Backman from the European airline fraud prevention group in a statement. "It is clear to the airlines that they are up against organised crime in this fight."
Europol said the raids marked the start of an initiative called Global Airport Action, which will build on the links forged between police forces, airlines and credit card companies in preparation for the raids.
These links helped to spot when tickets bought with stolen cards were being used to check in at an airport during the two days of the action. Police officers then swooped on the individuals using the tickets. Command centres in The Hague, Singapore and Bogota helped to direct the checking of tickets and travel documents as well as identifying individuals arrested.
Some of those arrested were already known to police and had been arrested before for trading in tickets.
In a statement, Europol said the stolen credit cards also helped organised crime groups keep operating and to facilitate the drug trade and human trafficking.
FBI in malware warning to US companies after cyber attack targets Sony Pictures
PUBLISHED : Wednesday, 03 December, 2014, 4:07am
UPDATED : Wednesday, 03 December, 2014, 4:07am
Reuters in Boston
Sony Pictures Entertainment was under a destructive cyberattack last week. Photo: Reuters
The Federal Bureau of Investigation has warned US businesses that hackers have used malicious software to launch a destructive cyberattack in the United States, following a devastating breach last week at Sony Pictures Entertainment.
Cybersecurity experts said the malicious software described in the alert appeared to describe the one that affected Sony, which would mark the first major destructive cyberattack waged against a company on US soil. Such attacks have been launched in Asia and the Middle East, but none have been reported in the US. The FBI report did not say how many companies had been victims of destructive attacks.
"I believe the coordinated cyberattack with destructive payloads against a corporation in the US represents a watershed event," said Tom Kellermann, chief cybersecurity officer with security software maker Trend Micro. "Geopolitics now serve as harbingers for destructive cyberattacks."
The five-page, confidential "flash" FBI warning issued to businesses late on Monday provided some technical details about the malicious software used in the attack. It provided advice on how to respond to the malware and asked businesses to contact the FBI if they identified similar malware.
The report says the malware overrides all data on hard drives of computers, including the master boot record, which prevents them from booting up.
"The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods," the report said.
The FBI released the document in the wake of last Monday's unprecedented attack on Sony Pictures Entertainment, which brought corporate email down for a week and crippled other systems as the company prepares to release several highly anticipated films during the crucial holiday season.
A Sony spokeswoman said the company was "working closely with law enforcement officials".
While the FBI report did not name the victim of the destructive attack in its bulletin, two cybersecurity experts who reviewed the document said it was clearly referring to the breach at the California-based unit of Sony Corporation.
FBI spokesman Joshua Campbell declined to comment when asked if the software had been used against Sony, although he confirmed that the agency had issued the confidential "flash" warning.
"The FBI routinely advises private industry of various cyberthreat indicators observed during the course of our investigations," he said. "This data is provided to help systems administrators guard against the actions of persistent cybercriminals."
Monday's FBI report said the attackers were "unknown".
Yet the technology news site Re/code reported that Sony was investigating to determine whether hackers working on behalf of North Korea were responsible for the attack as retribution for the company's backing of the film The Interview, which mocks Pyongyang.
Cyberespionage ring stole corporate secrets in effort to rig stock market
Cyberespionage gang targeted major health care firms in scam that has compromised sensitive data of dozens of companies, security experts say
PUBLISHED : Wednesday, 03 December, 2014, 4:07am
UPDATED : Wednesday, 03 December, 2014, 4:07am
Reuters in Boston
Most targeted corporations are in the United States and trade on the New York Stock Exchange or Nasdaq. Photo: AFP
Security researchers say they have uncovered a cyberespionage ring focused on stealing corporate secrets for the purpose of gaming the stock market, in an operation that has compromised sensitive data about dozens of publicly held companies.
The hackers appear to be taking advantage of the current mergers-and-acquisitions boom to target publicly traded companies and their executives involved in pending deals.
Cybersecurity firm FireEye said that since the middle of last year, the group has attacked e-mail accounts at more than 100 firms, most of them pharmaceutical and health care companies.
The rise of mergers and acquisitions-specific hacking comes amid a boom time in the merger business. Global deals have topped US$3.2 trillion so far this year, the most since the financial crisis of 2008, according to the banking research firm Dealogic. The health care sector leads the way, accounting for more than 13 per cent of the value of the all deals.
The hacks also have sought information about clinical drug trials, insurance reimbursement rates and pending legal cases.
Victims also include firms in other sectors, as well as corporate advisers including investment bankers, attorneys and investor relations firms, according to FireEye. The cybersecurity firm declined to identify the victims. It said it did not know whether any trades were actually made based on the stolen data.
Still, FireEye Threat Intelligence Manager Jen Weedon said the hackers only targeted people with access to highly insider data that could be used to profit on trades before that data was made public.
They sought data that included drafts of US Securities and Exchange Commission filings, documents on merger activity, discussions of legal cases, board planning documents and medical research results, she said.
"They are pursuing sensitive information that would give them privileged insight into stock market dynamics," Weedon said.
The victims ranged from small to large corporations. Most are in the United States and trade on the New York Stock Exchange or Nasdaq, she said.
An FBI spokesman declined comment on the group, which FireEye said it reported to the bureau. The security firm designated it as FIN4 because it is number 4 among the large, advanced financially motivated groups tracked by FireEye.
The hackers don't infect the PCs of their victims. Instead they steal passwords to e-mail accounts, then use them to access those accounts via the internet, according to FireEye.
They expand their networks by posing as users of compromised accounts, sending phishing e-mails to associates, Weedon said. FireEye has not identified the hackers or located them because they hide their tracks using Tor, a service for making the location of internet users anonymous.
FireEye said it believes they are most likely based in the United States, or maybe Western Europe. Weedon said the firm is confident that FIN4 is not from China, based on the content of their phishing e-mails and their other techniques.
Researchers often look to China when assessing blame for economically motivated cyber espionage. The United States has accused the Chinese government of encouraging hackers to steal corporate secrets, allegations that Beijing has denied.
Weedon suspects the hackers were trained at Western investment banks, giving them the know-how to identify their targets and draft convincing phishing e-mails.
"They are applying their knowledge of how the investment banking community works," Weedon said.
Additional reporting by Los Angeles Times
__________________________________
Bitcoin battles
A top Australian law enforcement agency is investigating bitcoin's role in organised crime, a senior official said, just as politicians and financial regulators embrace the digital currency.
The investigation into bitcoin's crime links by one authority as others embrace it highlights the crossroads governments have reached as they struggle to regulate the five-year-old "cryptocurrency", a method of making anonymous payments which has surged in popularity around the world.
Australian Crime Commission Executive Director Judy Lind revealed investigators will monitor "misuse of virtual currencies to facilitate criminal activity" at a national and international level, under an operation named Project Longstrike.
"We know that virtual currencies including bitcoin are used as payment methods to facilitate illicit trade on the darknet," Lind said, referring to a hidden part of the internet where information can be shared anonymously and without revealing the location of its source.
"Organised crime groups continue to make use of darknets to harbour trading in illicit commodities, including child exploitation material, illicit drugs and firearms, stolen credit card and identity data, and hacking techniques."
Project Longstrike is just the latest example of Australia's determination to crack down on bitcoin-enabled crime. Last month, Australia said it extradited to the United States the alleged primary moderator of Silk Road, a website where people bought illegal drugs like heroin using bitcoins.
In October, police seized Queensland state's first bitcoin automated teller machine five months after it opened, with media reporting police believed it was being used by a former motorcycle gang member to deal crystal methamphetamine.
Regulators around the world are wary after the Mt Gox bitcoin exchange filed for bankruptcy in Tokyo earlier this year, saying it lost some 850,000 bitcoins - worth about US$300 million at current prices - in a hacking attack.
Hackers use email to threaten Sony Pictures staff and their families
PUBLISHED : Sunday, 07 December, 2014, 6:14am
UPDATED : Sunday, 07 December, 2014, 6:14am
Agence France-Presse in Los Angeles
Hackers use email to threaten Sony Pictures staff and their families
Sony Pictures staff received a threatening email claiming to be from the hackers who breached the entertainment giant's computer network, reportedly with warnings that they and their families were "in danger".
The email from a group calling itself Guardians of Peace (GOP) also warned that "all hope will leave you and Sony Pictures will collapse", according to the industry journal Variety.
A Sony Pictures spokesman confirmed that the threatening email was sent to some staff on Friday, but not the nature of the threat. Sony Pictures confirmed the hack attack earlier in the week, calling it a "brazen" effort that netted a "large amount" of confidential information, including movies, as well as personnel and business files.
It is not clear who GOP are, but Sony Pictures has downplayed a report that North Korea was behind the attack.
Spokesman Robert Lawson did not verify the full content of the threatening email, but a transcript published by Variety warned that "removing Sony Pictures on earth is a very tiny work for our group which is a worldwide organisation".
"What we have done so far is only a small part of our further plan … All hope will leave you and Sony Pictures will collapse," the email read.
In clearly non-native English it continued: "Many things beyond imagination will happen at many places of the world. Our agents find themselves act in necessary places.
"Please sign your name to object the false of the company at the email address below if you don't want to suffer damage. If you don't, not only you but your family will be in danger."
According to security researchers, the Sony hackers leaked sensitive personal information on some 47,000 individuals, including celebrities.
An analysis by security firm Identity Finder found full names, social security numbers, birth dates and home addresses, giving "a clear path for criminals intent on committing identity fraud".
The researcher found 601 files containing this data, including more than 15,000 social security numbers belonging to existing or former Sony employees.
Sean Sullivan, a researcher for another security firm F-Secure, said the attack "is fast becoming the worst hack any company has ever publicly suffered. But he said reports suggesting North Korea was behind the incident appeared "implausible".
100k+ WP websites compromised by SoakSoak malware
Posted on 15 December 2014.
Sucuri Security researchers are warning about a massive compromise of WordPress sites sporting malicious JavaScript leading visitors to malware.
The discovery was made on Sunday, when Google blacklisted over compromised 11,000 domains. After poking around a bit, the researchers discovered that most of the affected hosts are running WordPress.
They believe that the compromise was the result of the exploitation of a patched vulnerability in the Slider Revolution Premium plug-in.
The SoakSoak malware, dubbed this way because it's pulled from the SoakSoak.ru website, modifies the wp-includes/template-loader.php file to include a JavaScript that causes wp-includes/js/swobject.js to be loaded on every page a visitor views on the site.
The object in question contains a Java-encoded script malware (hxxp://soaksoak.ru/xteas/code) which, when loaded, redirects users to the SoakSoak.ru website and may silently download malware.
How come website owners haven't patched that vulnerability? Those who update their plug-ins regularly did, and those that bought the plug-in directly from the developer have been kept safe by the auto-updater.
Unfortunately, the plug-in is also wrapped into theme packages, and this is where the auto-updater doesn't work. Add to this the fact that the vulnerability has been patched silently, and you get a lot of users that don't even know about it.
Sucuri researchers are urging site administrators to check whether their sites have been compromised with this or other malware via their free website malware and security scanner.
