-
IP addresses are NOT logged in this forum so there's no point asking. Please note that this forum is full of homophobes, racists, lunatics, schizophrenics & absolute nut jobs with a smattering of geniuses, Chinese chauvinists, Moderate Muslims and last but not least a couple of "know-it-alls" constantly sprouting their dubious wisdom. If you believe that content generated by unsavory characters might cause you offense PLEASE LEAVE NOW! Sammyboy Admin and Staff are not responsible for your hurt feelings should you choose to read any of the content here. The OTHER forum is HERE so please stop asking.
Hacking 101
- Thread starter General Grievous
- Start date
4 February 2015 Last updated at 11:41
Death threat hacker who fooled police is jailed
Yusuke Katayama set riddles and made threats that engrossed Japanese media
A hacker who hijacked computers to make death threats has been jailed for eight years.
Yusuke Katayama played a game of cat and mouse with the authorities, leading them to make numerous wrongful arrests.
He threatened a massacre at a comic book event, as well as to attack a school attended by the grandchildren of Japan's Emperor Akihito.
Katayama's campaign highlighted the difficulties the country's police force has had in dealing with cyber crime.
"He committed the crime, and the purpose of it was [for police] to make wrongful arrests," said presiding judge Katsunori Ohno at Tokyo District Court, adding that Katayama's actions had been "vicious".
Riddles
Throughout 2012, the 32-year-old used a virus to gain control of strangers' computers. He then issued threats - which appeared to come from the computer's owner - and a series of riddles that captured the attention of the national media.
Among the other threats made by Katayama - who went by the alias Demon Killer - was one to attack a plane.
The case highlighted the Japanese police's tendency to extract confessions from suspects, as four people owned up to crimes which the National Police Agency (NPA) later admitted they did not commit.
Computers belonging to each had been infected with a Trojan Horse virus, introduced via a link on the popular Japanese chat forum 2channel.
The NPA's chief apologised, acknowledging his force had been tricked by the hacker, and promising his cyber crime unit would improve.
Reward
Police held one falsely suspected person for several weeks before media and a cyber crime expert received anonymous messages containing information that investigators conceded could only have been known by the real culprit.
Katayama had taunted police in emails that sent them all over Japan.
In one message, investigators were told to go to Enoshima, an island off Tokyo, and to look for a cat that turned out to be wearing a collar on which was a memory card.
The card held details of the code and malicious program he had used to gain remote control of victim's computers.
In December 2012, the police offered a 3m yen (£16,822) reward for information leading to the arrest of the culprit.
But it was the cat that led police to arrest Katayama in February 2013, who was seen on CCTV footage with the animal.
Tens of millions of customers' details hacked at US insurer Anthem
Date February 6, 2015 - 5:46AM
Crayton Harrison and Jordan Robertson
Hackers broke into the company's database in an attack bound to stoke fears many people have about the privacy of their most sensitive information. Photo: Michael Conroy
New York: Anthem, the second biggest US health insurer by market value, said hackers obtained data on tens of millions of current and former customers and employees in a sophisticated attack that has led to a Federal Bureau of Investigation probe.
The information compromised includes names, birthdates, Social Security numbers, medical IDs, street and e-mail addresses and employee data, including income, Anthem said. The company will notify customers who were affected and provide credit and identify-theft monitoring services for free, Chief Executive Officer Joseph Swedish said in a letter to members.
"As soon as we learned about the attack, we immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation," Anthem said. The Indianapolis-based company, formerly known as WellPoint, didn't provide information on how the breach occurred or when it was discovered.
The hacking of personal data has become a major issue for consumers and companies alike.
There's no evidence that credit-card numbers or medical information such as claims, test results or diagnostic codes were compromised, Anthem said.
The Anthem breach is the biggest in the health-care industry since Chinese hackers stole Social Security numbers, names and address from 4.5 million patients of Community Health Systems, the second-biggest for-profit hospital chain, last year. The attack is on a similar scale to hacks of customer data from Target and Home Depot last year in terms of the number of people affected.
"This attack is another reminder of the persistent threats we face," US Representative Michael McCaul, a Texas Republican who leads the Homeland Security Committee, said.
It's not known yet where the attack came from or how the hackers got inside Anthem's computer systems, said Vitor De Souza, spokesman for FireEye Inc., whose Mandiant division was hired this weekend to investigate the breach and began sending specialists to Anthem's headquarters.
What is known is that the malicious software used to infiltrate the network and steal data was customised, which can be a sign of an advanced attacker, and is a variant of a known family of hacking tools, Mr De Souza said. What's rare in this case is that Anthem discovered the breach itself, instead of being alerted to it by a third party such as a bank or a credit-card company, Mr De Souza said. Such organisations are often the first to detect fraud and link stolen data to a hacking attack.
Investigators were able to track the stolen data to an Internet storage service that the attackers were using to warehouse their pilfered information, he said.
Mr De Souza added that Mandiant, which has investigated such big- name breaches as Sony Pictures Entertainment and JPMorgan Chase & Co., is seeing more attacks against health-care companies, which are repositories of personal information that can be used for all kinds of fraud.
"We have seen a large uptick in health-care attacks -- health care is now a common vector of attack," he said. "You have your traditional ones, government, finance, high-tech and critical infrastructure are dominating, but health care and legal stand out as among the fastest-growing attack vectors in the world."
Aetna Inc., the third-largest US insurer, said in 2009 it was notifying about 65,000 people that their personal information, including Social Security numbers, may have been compromised on a job applicant site in 2009.
Social Security numbers are among the worst kind of data to have stolen, because they are difficult to change and are used pervasively, especially for access to medical care, government services and opening new lines of credit.
Most large breaches, such as Target's, involve payment-card numbers, as those are of most immediate and easiest use for cyber-criminals, who exploit the gap between when information is taken and when companies discover a breach to withdraw cash from ATMs and run up fraudulent charges before the cards are canceled. For cyber-criminals, Social Security numbers are more useful, in that they can be used to validate people to lenders, but they require the extra step of setting up new accounts, which some online crooks find too time-consuming and risky.
Bloomberg
OpISIS: Anonymous crushes 800 Twitter accounts, 12 Facebook pages of ISIS supporters
Posted on February 10, 2015 by Waqas
The online hacktivist Anonymous has claimed that it took down about 800 Twitter accounts and 12 Facebook pages belonging or somehow supporting the terrorist group Islamic State of Iraq and the Levant (ISIS).
The operation was conducted under the banner of #OpISIS but originally announced after the Charlie Hebdo attack in Paris. Anonymous had announced that it would make sure the ISIS and its supporters are taken off the Internet considering the use of social media platforms for threats and propaganda.
A post on Pastebin from Anonymous shows it took down more than 800 Twitter, Facebook pages and about 50 email addresses on suspicion of supporting the ISIS.
Anonymous also released a video explaining its motives behind the OpISIS. The video warned ISIS in following words:
“We Are: Muslims, Christians, Jews… You will be treated like a virus, and we are the cure. We own the Internet.”
You can watch the video below:
[video=youtube;BPE_sRhZp6M]https://www.youtube.com/watch?v=BPE_sRhZp6M[/video]
After conducting an in-depth analysis we at HackRead found that some targeted twitter accounts were suspended while some where still active. However, all targeted Facebook pages were found either deleted or unpublished.
Chinese hackers ‘target US defence, finance firms’ after Forbes cyberattack
PUBLISHED : Wednesday, 11 February, 2015, 1:00pm
UPDATED : Wednesday, 11 February, 2015, 7:06pm
Agence France-Presse in San Francisco
The US security firms allege that hackers targeted companies visiting the Forbes site. Photo: Reuters
US cyber security firms say a Chinese espionage team hacked Forbes magazine to then attack defence contractors, financial firms and other unsuspecting prey visiting the popular news website.
Invincea and iSight Partners detailed what they described as a “watering hole” campaign late last year that took advantage of Forbes.com and other legitimate websites.
“A Chinese advanced persistent threat compromised Forbes.com to set up a watering hole style web-based drive-by attack against US defence and financial services firms in late November 2014,” Invincea said in a report posted on its website.
The “brazen attack” took advantage of vulnerabilities in Adobe Flash and Internet Explorer software which have since been patched, according to Invincea.
Watering hole attacks typically involve hackers breaking into websites popular with their desired targets and then booby-trapping venues with viruses to infect visitors.
The cyber espionage campaign focused on Forbes.com appeared to last only a few days, but the security firms said deeper investigation could determine it went on for a longer period of time.
ISight believed that the culprits behind the attack were Chinese cyber espionage agents it called Codoso Team but also referred to as Sunshop Group.
The group has been linked to previous cyber spying campaigns against the US government, military and defence sites, think tanks covering foreign affairs, financial services companies, energy firms and political dissidents, according to security researchers.
Rather than spreading malicious code to the machines of the millions of people who visited Forbes.com, the hackers appeared to be after select targets such as defence and financial services firms, according to iSight.
Further investigation reportedly revealed a set of websites being used by Codoso to target dissident groups.
Forbes.com is ranked the 61st most popular website in the United States and the 168th most popular in the world, meaning the reach of the espionage campaign could be vast, security researchers said.
Cybercrime ring steals US$1b from 100 banks in two-year global heist
PUBLISHED : Monday, 16 February, 2015, 8:16am
UPDATED : Monday, 16 February, 2015, 8:16am
Reuters in New York
Cybercrime ring steals US$1b from 100 banks in two-year global heist
A sophisticated global cyberattack struck more than 100 banks in 30 countries stealing hundreds of millions of dollars, The New York Times has reported.
The multinational gang of cybercriminals has stolen as much as US$1 billion from financial institutions in about two years, Russian computer security company Kaspersky Lab said.
It said the gang consisted of cybercriminals from Europe, including Russia and Ukraine, as well as China.
Hackers largely focused on banks in Russia, but millions of dollars were also taken from banks in Japan, the Netherlands, Switzerland and the US. They stole as much as US$10 million in each raid.
The company said it was working with Interpol, Europol and authorities from different countries to try to uncover more details on what is being called an unprecedented robbery.
The gang, which Kaspersky dubbed Carbanak, takes the unusual approach of stealing directly from banks, rather than posing as customers to withdraw money from companies' or individuals' accounts.
Carbanak used carefully crafted emails to trick pre-selected employees into opening malicious software files, a common technique known as spear phishing.
They were then able to get into the internal network and track down administrators' computers for video surveillance.
In this way, Kaspersky said, the criminals learned how the bank clerks worked and could mimic their activity when transferring the money.
In some cases, Carbanak inflated account balances before pocketing the extra funds through a fraudulent transaction.
Because the legitimate funds were still there, the account holder would not suspect a problem.
Kaspersky, Russia's largest maker of antivirus software, said Carbanak also remotely seized control of ATMs and ordered them to dispense cash at a predetermined time, when a gang member would be waiting to collect the money.
"These attacks again underline the fact that criminals will exploit any vulnerability in any system," Sanjay Virmani, director of Interpol Digital Crime Centre, said in a statement prepared by Kaspersky.
"It also highlights the fact that no sector can consider itself immune to attack and must constantly address their security procedures."
"These bank heists were surprising because it made no difference to the criminals what software the banks were using," said Sergey Golovanov, principal security researcher at Kaspersky Lab's global research and analysis team. "It was a very slick and professional cyberrobbery."
Additional reporting by Agence France-Presse, Bloomberg
