-
IP addresses are NOT logged in this forum so there's no point asking. Please note that this forum is full of homophobes, racists, lunatics, schizophrenics & absolute nut jobs with a smattering of geniuses, Chinese chauvinists, Moderate Muslims and last but not least a couple of "know-it-alls" constantly sprouting their dubious wisdom. If you believe that content generated by unsavory characters might cause you offense PLEASE LEAVE NOW! Sammyboy Admin and Staff are not responsible for your hurt feelings should you choose to read any of the content here. The OTHER forum is HERE so please stop asking.
Hacking 101
- Thread starter General Grievous
- Start date
Russian hackers used Windows bug to target Nato
October 14 2014
Technology
The bug targeted Nato and western governments among others
Russian hackers exploited a bug in Microsoft's Windows to spy on computers used by Nato and western governments, a report indicates.
The same bug was used to access computers in Ukraine and Poland, said cyber-intelligence firm iSight Partners.
It did not know what data the hackers had accessed but speculated that it was looking for information about the crisis in Ukraine.
Microsoft said it would fix the bug.
A spokesman said that the company would roll out an automatic update to affected versions of Windows.
State-sponsored?
The hacking campaign has been dubbed Sandworm because the researchers found reference to the science fiction series Dune in the software code.
Other victims include energy, telecommunications and defence firms, delegates of the GlobSec conference about national security and an academic who was an expert in Russian-Ukraine relations.
The hacking campaign had been going on for five years, although the use of the so-called zero-day vulnerability in Windows (meaning a bug that Microsoft was not previously aware of) began only in August this year and allowed the hackers to ramp up their campaign and target more sources.
Although iSight could not say whether the hackers had ties with the Russian government, one senior analyst said he thought the campaign was supported by a nation state because the hackers were engaged in information-gathering rather than making money.
In a 16-page report, iSight explained how, in December 2013, Nato was targeted with a document purporting to be about European diplomacy but with malicious software embedded in it.
At the same time, several regional governments in the Ukraine and an academic working on Russian issues in the US were sent malicious emails, claiming to contain a list of pro-Russian extremist activities.
Polish connection
Other research firms, including F-Secure have previously reported on the Sandworm bug - albeit under another name, Quedagh.
Senior researcher Mikko Hypponen said that the malware had gone undetected for years because it had been repackaged from an even older bug.
"The malware has been around for years - it used to be a denial-of-service bot called Black Energy which these hackers have repurposed for their needs."
"The interesting thing is that when it is detected by IT staff it will show up as Black Energy, which they will see as a very old run-of-the-mill bug that didn't do much."
The iSight research team said that it was tracking a "growing drum beat" of cyber-espionage activities emanating from Russia.
The ex-Soviet states had always been the number one source of malware, agreed Mr Hypponen and, since the Ukraine crisis, he too has also seen a rise in the number of espionage-based attacks.
"Although we have also seen as many attacks from the Quedagh bug in Poland as in Ukraine and we can't really explain that," he said.
South Korean ID system to be rebuilt from scratch
14 October 2014
Technology
South Korean president Park Geun-hye was herself a victim of data theft
South Korea's national identity card system may need a complete overhaul following huge data thefts dating back to 2004.
The government is considering issuing new ID numbers to every citizen aged over 17, costing billions of dollars.
The ID numbers and personal details of an estimated 80% of the country's 50 million people have been stolen from banks and other targets, say experts.
Rebuilding the system could take up to a decade, said one.
Some 20 million people, including the president Park Geun-hye, have been victims of a data theft from three credit card companies.
"The problems have grown to a point where finding a way to completely solve them looks unlikely,'' technology researcher Kilnam Chon told Reuters.
There are several reasons that the ID cards have proved so easy to steal:
- Identity numbers started to be issued in the 1960s and still follow the same pattern. The first few digits are the user's birth date, followed by either a one for male or two for female
- Their usage across different sectors makes them master keys for hackers, say experts
- If details are leaked, citizens are unable to change them
The news will be an embarrassment for a country that has gained a reputation as one of the most tech-savvy nations in the world.
About 85% of South Korea's people are online, many with super-fast net access. The country's population owns 40 million smartphones.
Email vulnerable to 'Poodle' attack, Google warns
PUBLISHED : Wednesday, 15 October, 2014, 10:50pm
UPDATED : Thursday, 16 October, 2014, 4:07am
Reuters in Boston
It was the third time this year that researchers had uncovered a vulnerability in widely used web technology.
Three Google researchers have uncovered a security bug in widely used web encryption technology. They say it could allow hackers to take over accounts for email, banking and other services in what they have dubbed a Poodle attack.
The discovery of Poodle, which stands for Padding Oracle On Downloaded Legacy Encryption, prompted makers of web browsers to advise users on Tuesday to disable use of the source of the bug: the 18-year-old encryption standard SSL 3.0.
It was the third time this year that researchers had uncovered a vulnerability in widely used web technology, following April's Heartbleed bug in OpenSSL and last month's Shellshock bug in a piece of Unix software known as Bash.
Security experts said that hackers could steal browser cookies in Poodle attacks, potentially taking control of email, banking and social networking accounts. Even so, experts said the threat was not as serious as the two previous bugs.
"If Shellshock and Heartbleed were threat level 10, then Poodle is more like a five or a six," said Tal Klein, vice-president with cloud security firm Adallom.
The threat was disclosed in research published on the website of the OpenSSL Project, which develops the most widely used type of SSL encryption software.
Microsoft issued an advisory suggesting that customers disable SSL 3.0 on Windows for servers and PCs.
Matthew Green, a professor of computer science at Johns Hopkins University said that disabling SSL 3.0 could be difficult for some computer users.
"It's not going to take out the infrastructure of the internet. But it's going to be a hassle to fix."
Dropbox denies claims it was hacked
PUBLISHED : Wednesday, 15 October, 2014, 11:01pm
UPDATED : Thursday, 16 October, 2014, 4:08am
The Guardian
Dropbox denies claims it was hacked
Dropbox has denied claims that hackers broke into its systems and stole seven million usernames and passwords, which they are now threatening to leak.
Several hundred usernames and passwords were posted by the hackers on the text-sharing site Pastebin, claiming them to be a small sample of the logins taken directly from Dropbox servers.
The hackers are requesting Bitcoin "donations" to release the rest of the Dropbox user data.
"Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox," Anton Mityagin, who is part of Dropbox's security team, wrote in a blog. "Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens."
Mityagin said subsequent lists of usernames and passwords were not connected with Dropbox accounts.
Password reuse is blamed for some of the leaked details being seemingly coincidentally valid for Dropbox. It is unknown how many of them worked, but Dropbox has since revoked any that it found to be valid.
'Anonymous' Whisper app tracks its users and shares data with authorities
Anonymity claim rings hollow as company follows people who ask not to be, stores deleted messages and passes information to authorities
PUBLISHED : Saturday, 18 October, 2014, 4:53am
UPDATED : Saturday, 18 October, 2014, 4:53am
The Guardian
The US version of Whisper enables people to publish short messages superimposed over photographs or other images.
The company behind Whisper, a social media app that promises users anonymity and claims to be the "the safest place on the internet", is tracking the location of its users, including some who have specifically asked not to be followed.
Whisper is also sharing information with the US Department of Defence gleaned from smartphones it knows are used from military bases, and is developing a version of its app to conform with Chinese censorship laws.
The US version of the app, which enables people to publish short messages superimposed over photographs or other images, has attracted millions of users, and is popular among military personnel using the service to make confessions they would be unlikely to publish on Facebook or Twitter. Some post from secret bases such as Guantanamo Bay or Diego Garcia.
Asked to comment last week, Whisper said it "does not follow or track users". The company added that the suggestion it was monitoring people without their consent, in an apparent breach of its own terms of service, was false.
But on Monday - four days after learning that The Guardian intended to publish this story - Whisper rewrote its terms of service. It now explicitly permits the company to establish the broad location of people who have disabled the app's geolocation feature.
Whisper has developed an in-house mapping tool that allows its staff to filter and search GPS data, pinpointing messages to within 500 metres of where they were sent. The technology, for example, enables the company to monitor all the geolocated messages sent from the Pentagon and National Security Agency. It also allows Whisper to track an individual user's movements over time.
When users have turned off their geolocation services, the company also, on a targeted, case-by-case basis, extracts their rough location from IP data emitted by their smartphone.
The Guardian has also established that user data, including Whisper postings that users believe they have deleted, is collated in a searchable database. The company has no access to users' names or phone numbers, but is storing information about the precise time and approximate location of all previous messages posted through the app. The data is being stored indefinitely, a practice seemingly at odds with Whisper's stated policy of holding the data only for "a brief period of time".
Whisper's policy towards sharing user data with law enforcement has prompted it on occasions to provide information to America's FBI and Britain's MI5. Both cases involved potentially imminent threats to life, Whisper said, a practice standard in the technology industry.
But privacy experts who reviewed Whisper's terms of service for The Guardian said the company appeared to require a lower legal threshold for providing user information to authorities than other tech companies.
Whisper is developing a Chinese version of its app, which received a soft launch this month. Google, Facebook and Twitter are banned in China. Whisper said it had agreed to the demands the Chinese government places on tech companies operating in its jurisdiction, including a ban on the use of certain words.
Chinese iCloud user information targeted in cyberattacks amid Hong Kong protests
PUBLISHED : Monday, 20 October, 2014, 5:39pm
UPDATED : Monday, 20 October, 2014, 6:07pm
Patrick Boehler [email protected]
A man holds his new iPhone 6 in front of an Apple store in Shanghai on Friday. Photo: AFP
Chinese authorities appear to have expanded a large Internet eavesdropping campaign this month to Apple services, targeting private users’ passwords, emails, photos and contacts, a censorship watchdog has said.
iCloud accounts in China were targeted in a so-called “man-in-the-middle” attack, in which hackers trick users into believing that they are accessing online services through an encrypted connection, GreatFire.org wrote in a blogpost on Monday. The attacker then gains unrestricted access to user accounts.
The attack appears to coincide with the release of Apple’s new iPhone 6 in China on Friday. Apple in Hong Kong and Beijing did not immediately reply to requests for comments on Monday.
GreatFire had earlier suggested that Chinese users of Google and Yahoo services had come under “man-in-the-middle” attacks.
The blog post suggests that the most recent attack against iCloud services could be tied to Hong Kong’s pro-democracy demonstrations which have lasted more than three weeks. The protests also triggered the largest censorship effort so far this year on Chinese social media.
Netresec, a Swedish network security software developer, analysed the attack on Yahoo and found the attack originated in China.
In a blog post earlier this month, the company said that the primary purpose of the operation appeared not to be spying on users making random searches in China, but to “'kill' their connections to Yahoo when queries like ‘Umbrella Revolution’ and ‘Tiananmen Square Protests’ are observed”.
Charlie Smith, the co-founder of GreatFire.org, says there is little doubt that Chinese authorities were to blame for the latest attack on iCloud.
"We know that the attack point is the Chinese internet backbone and that it is nationwide, which would lead us to be 100 per cent sure that this is again the work of the Chinese authorities,” he said. “Only Chinese [Internet service providers] and the government have access to the backbone.”
Smith said the recent series of attacks could also reflect an attempt by Chinese authorities to adapt their surveillance methods as more online services move to encrypted connections. “We expect that there will be more [“man-in-the-middle”] attacks in the near future and that they will increase in severity."
More than 70 Hong Kong government websites ‘under attack from Anonymous hackers’
PUBLISHED : Wednesday, 22 October, 2014, 5:00pm
UPDATED : Wednesday, 22 October, 2014, 6:34pm
Emily Tsang [email protected]
A protester in Hong Kong wearing a Guy Fawkes mask. Supporters of the Anonymous movement have adopted the mask as their emblem. Photo: AFP
Over 70 government websites have been targeted this month by cyberattacks believed to have been directed by hackers operating under the banner of Anonymous, a brand adopted by activists and hackers around the world.
Commerce secretary Greg So Kam-leung told lawmakers that no information had been stolen or altered from the official websites, which had been intermittently inaccessible after surges of requests to access them.
By Wednesday, eight men and three women had been arrested by police in connection with the cyberattacks, on suspicion of accessing a computer with criminal or dishonest intent, So said.
“Attacks launched by the hacker group partly originated from Hong Kong, and partly from other regions outside Hong Kong,” he said.
“Since the group can be joined by any netizen, [the attack] could be originated from all over the world and it is hard to find out their nationalities.”
Internet users identifying themselves as Anonymous hackers issued a warning to the government and police force on October 2 after tear gas was fired at pro-democracy demonstrators in the city.
A number of official sites were made inaccessible on October 3 by distributed denial-of-service (DDoS) attacks. During such attacks, website infrastructure is overwhelmed by a huge number of requests to access the site, ultimately making the site inaccessible.
The attacks can also slow down website functionality. But So said the cyberattacks had not impacted significantly on the government’s online services, and emphasised that security had not been compromised.
The website of the pro-democracy newspaper Apple Daily has also been the target of sustained cyberattacks in recent weeks, coinciding with a blockade of its offices in Tseung Kwan O by pro-Beijing protesters.
No group has claimed responsibility for those cyberattacks, which followed similar attempts to make the Apple Daily website inaccessible in June during the Occupy Central electoral reform referendum.
An attempt to block access to the referendum's online polling system was described by one internet security expert as "the most sophisticated ever".
So mentioned that some individual local websites had also come under attack, but such actions had not had a “significant impact on the city’s economic activities”.
Police are still investigating those cases, he said.
Apple issues China iCloud security warning
Caution urged after Chinese users report seeing warnings they had been diverted to an unauthorised website when they attempted to sign into their accounts
PUBLISHED : Wednesday, 22 October, 2014, 11:04am
UPDATED : Wednesday, 22 October, 2014, 1:25pm
Associated Press and Patrick Boehler
Apple suggested users should verify they are connecting to a legitimate iCloud server by using the security features built into Safari and other browsers. Photo: AFP
Apple has posted a new security warning for users of its iCloud online storage service amid reports of a concerted effort to steal passwords and other data from people who use the popular service in China.
“We’re aware of intermittent organised network attacks using insecure certificates to obtain user information, and we take this very seriously,” the computer-maker said in a post on Tuesday on its support website. The post said Apple’s own servers have not been compromised.
Apple’s post did not mention China or provide any details on the attacks. But Chinese internet users have begun seeing warnings that indicate they had been diverted to an unauthorised website when they attempted to sign into their iCloud accounts.
That kind of diversion, known to computer security experts as a “man in the middle” attack, could allow a third party to copy and steal the passwords that users enter when they think they are signing into Apple’s service. Hackers could then use the passwords to collect other data from the users’ accounts.
Chinese activists blamed the attacks on that country’s government, according to news reports and the Chinese activist website GreatFire.org, which suggested the campaign was spurred by the fact that Apple recently began selling its newest iPhone models, the iPhone 6 and 6 Plus, in China. The new smartphones have software with enhanced encryption features to protect Apple users’ data.
Apple said in its post that the attacks have not affected users who sign into iCloud from their iPhones or iPads, or on Mac computers while using the latest Mac operating system and Apple’s Safari browser. But the company suggested users should verify they are connecting to a legitimate iCloud server by using the security features built into Safari and other browsers such as Firefox and Google’s Chrome. The browsers will show a message that warns users when they are connecting to a site that doesn’t have a digital certificate verifying that it is authentic.
“If users get an invalid certificate warning in their browser while visiting www.icloud.com, they should pay attention to the warning and not proceed,” Apple said in the post.
GreatFire had earlier suggested that Chinese users of Google and Yahoo services had come under “man-in-the-middle” attacks.
A GreatFire blog post suggested that the most recent attack against iCloud services could be tied to Hong Kong’s pro-democracy demonstrations which have lasted more than three weeks. The protests also triggered the largest censorship effort so far this year on Chinese social media.
Netresec, a Swedish network security software developer, analysed the attack on Yahoo and found the attack originated in China.
In a blog post earlier this month, the company said that the primary purpose of the operation appeared not to be spying on users making random searches in China, but to “‘kill’ their connections to Yahoo when queries like ‘Umbrella Revolution’ and ‘Tiananmen Square Protests’ are observed”.
Charlie Smith, the co-founder of GreatFire.org, says there is little doubt that Chinese authorities were to blame for the latest attack on iCloud.
“We know that the attack point is the Chinese internet backbone and that it is nationwide, which would lead us to be 100 per cent sure that this is again the work of the Chinese authorities,” he said. “Only Chinese [internet service providers] and the government have access to the backbone.”
Smith said the recent series of attacks could also reflect an attempt by Chinese authorities to adapt their surveillance methods as more online services move to encrypted connections. “We expect that there will be more [“man-in-the-middle”] attacks in the near future and that they will increase in severity.”
The attacks appear unrelated to an episode last month in which hackers stole nude photos from the iCloud accounts of several US celebrities. In that case, Apple said its investigation concluded the hackers had obtained the users’ passwords through so-called “phishing attacks” or by guessing at the answers to security questions that allowed access. The company said its servers were not breached in that case.
US researchers say unit called Axiom is China's elite hacking group
US researchers say hacker group Axiom is state-backed and highly sophisticated
PUBLISHED : Wednesday, 29 October, 2014, 4:50am
UPDATED : Wednesday, 29 October, 2014, 4:24pm
The Washington Post
Unlike PLA hacker group Unit 61398, Axiom is focused on spying on dissidents as well as on industrial espionage and theft of intellectual property.
A Chinese cyberespionage group is targeting US and Western government agencies as well as dissidents inside and outside China by hacking into thousands of computers around the globe, a group of researchers claim.
The security researchers say the state-sponsored group, dubbed Axiom, appears to be more sophisticated than any other known Chinese hacker unit.
In recent weeks, Axiom malicious software has been detected on at least 43,000 computers around the world belonging to law enforcement and other government agencies, journalists, telecommunications and energy firms, as well as human rights and pro-democracy groups.
The allegations come just two weeks before US President Barack Obama is due to arrive in Beijing for a series of high-level talks - including on the issue of cybersecurity.
Researchers said Axiom was going after intelligence benefiting Chinese domestic and international policies - an approach that combined commercial cyberespionage, foreign intelligence and counterintelligence with monitoring dissidents.
Axiom's work is more sophisticated than that of Unit 61398 - a People's Liberation Army hacker group that was highlighted in a report last year.
Unlike Unit 61398, Axiom is focused on spying on dissidents as well as on industrial espionage and theft of intellectual property.
"Axiom's activities appear to be supported by a nation state to steal trade secrets and to target dissidents, pro-democracy organisations and governments," said Peter LaMontagne, chief executive of Novetta Solutions, a cybersecurity firm in the US state of Virginia that heads the coalition.
"These are the most sophisticated cyberespionage tactics we've seen out of China."
Chinese embassy spokesman Geng Shuang said that "judging from past experience, these kinds of reports or allegations are usually fictitious".
Researchers said there were indications that Axiom might be behind a high-profile cyberattack on Google, announced in 2010, which compromised the company's source code and targeted Chinese dissidents using Gmail. At least one Chinese-language computer in the US was targeted.
Novetta technical director Andre Ludwig said Axiom had been active for at least six years, and buried malware within legitimate computer traffic.
The researchers were unable to identify the locations in China where Axiom operates from, or identify its members. Ludwig said Axiom's members were better at covering their tracks than Unit 61398.
The research coalition is made up of at least a dozen companies, including Microsoft. Its malicious-software tool automatically detects and removes Axiom malware.
