Tag: hacker

UK cyber security staff shortage loom

wargames-hackerUK companies are facing a cyber security staff shortage and companies fear they are being exposed to  hacker attacks.

According to a recent survey of recruitment agencies, 81 percent  expect a rise in demand for digital security staff, but only 16 percent were meeing the demand.

A number of high profile cyber attacks in 2017 have fuelled demand for professionals. In March, the mobile phone company Three suffered a serious breach that compromised 200,000 customers’ data. In April, the payday loan company Wonga had 250,000 customer records stolen including bank account details, phone numbers, and email addresses. A third of NHS trusts werei nfected by ransomware this year.

Adam Thilthorpe, the director of external affairs at BCS, the Chartered Institute for IT, warned that  there is going to be a shortage of skilled IT professionals.

He called for an integrated strategy across government and business from education, apprenticeships and diversity initiatives.

“We should recruit more women, ethnic minorities and [retrain] older workers to unfilled posts.”


Security firm hit by hackers

FireEye’s fail-sleeping-security-guards12consultancy firm has been hit by hackers.

A note purported to be from the hacker spread on social media while a FireEye analyst’s LinkedIn appeared to have also been hacked, with the perpetrator posting numerous expletive-laden messages.

The employee’s bio was changed to state: “I’ve been hacked, all my data, all your chats, all my contacts, your numbers, your emails along with my credentials have been leaked. My devices are also nuked [sic].”

At the same time Twitters users began sharing a link to a document that appeared to show details of the attack – claiming the hacker first gained access to Mandiant in 2016.

The document contained a link and password to a file which it claimed contains details of the information obtained from the hack – as well as a link to the hacked employee’s LinkedIn page. The LinkedIn profile has since been taken down.

The document contained the hashtag ‘#Leaktheanalyst’ which has since been used by numerous Twitter users speculating on the incident.

The report goes on to list “potential” targets, including the Israeli Prime Minister’s office, LinkedIn contacts and third-party contractors.

“Mandiant Internal networks and its clients data has been compromised (might be leaked separately),” it added.

However there is no sign that FireEye or Mandiant systems have been compromised and it appears it was just a social media hack.

The hacker ranted that their actions were not financially driven.

“For a long time, we – the 31337 hackers – tried to avoid these fancy a** “analysts” whom trying to trace our attack footprints back to us and prove they are better than us. In the #LeakTheAnalyst operation we say f**k the consequence let’s track them on Facebook, LinkedIn, Tweeter , etc.

“Let’s go after everything they’ve got, let’s go after their countries, let’s trash their reputation in the field. If during your stealth operation you pwned an analyst, target him and leak his personal and professional data, as a side job of course ;).”

Cyber Insurance market to triple

Republic_Fire_Insurance_Company_certificateThe cyber insurance market will triple in size to $7.5 billion in annual premiums by 2020 according to a new consultant’s report.

But PwC said insurance companies would not be laughing all the way to the bank as the insurance industry could face competition from disruptors such as Google.

Insurers and reinsurers are charging high prices for cyber cover and putting a ceiling on potential losses, deterring companies from buying cyber polices, in the report. Some insurers have kept out of the market, wary of the risks.
PwC’s Paul Delbridge said that if the industry takes too long, there is a risk that a disruptor could move in and corner the market by aggressively cutting prices or offering much more favourable terms.

Millennials – people in their 20s and 30s – are more likely to trust brands such as Google than conventional insurers and Google would be very creative.

Technology companies may also be better equipped than insurers to price cyber risk, he added.
Most of the $2.5 billion written in cyber insurance last year was in the United States, where requirements to notify data breaches have focused attention on cyber protection.

But the European Union is expected to follow suit, contributing strongly to growth in cyber insurance, Delbridge said.

Startups target for hacks

wargames-hackerHacking attacks are becoming a rite of passage for startups.

Slack, the communications start-up and witch, the hugely popular video streaming service both said that they had been hacked within days of each other.

But they are the latest in a long line of start-ups to get hacked. Apparently the moment a start-up starts to get momentum with users they are being hit by hackers.

Most of the time the hackers are hackers looking to steal, and monetize, the vast personal information they store on users, like email addresses and passwords. The idea is that the start-ups don’t have the security that bigger outfits have.

Slack and Twitch have the user base and the cash to beef up their security. Once Slack had surpassed 200 million messages a month, it attracted $180 million in venture funding. Once Twitch surpassed 55 million users, Amazon scooped it up for nearly $1 billion.

Both companies said they had put measures in place to keep hackers from easily exploiting their users’ information.

At Slack, the company said hackers were able to access a database containing usernames, email addresses, phone numbers, Skype IDs and passwords. The company noted that those passwords were encrypted using a process known as hashing and salting, which makes it much harder, though not impossible, for hackers to crack them. Last month, Slack had half a million daily users.

Twitch also said it encrypted passwords, but warned that hackers might have been able to capture passwords in the clear as users were logging on.

FBI captures its most wanted cyber criminal

The_UntouchablesThe Untouchables have finally fingered the collar of the world’s most wanted “cybercriminal”.

Noor Aziz Uddin, 52, was wanted for his alleged involvement in an international telecommunications scheme that defrauded victims of amounts in excess of $50 million.

He was found in Pakistan following a two-and-a-half year manhunt. Aziz Uddin’s presumed accomplice, Farhan Arshad, 41, was also arrested in the pre-dawn raid carried out by Pakistan’s Federal Investigation Agency in Karachi.

The FBI had offered separate rewards of up to $50,000 for information leading to the arrest of both Aziz Udin and Arshad, having issued arrest warrants for the men on 29 June, 2012.

“(The telecommunications scheme) defrauded unsuspecting individuals, companies, and government entities, to include large telecom companies, in both the United States and abroad,” the FBI’s Most Wanted files on the pair stated.

“Between November of 2008 and April of 2012, Noor Aziz Uddin is alleged to have compromised computer systems and conducted the scheme which ultimately defrauded victims of amounts in excess of $50 million.”

The international operation extended into Pakistan, the Philippines, Saudi Arabia, Switzerland, Spain, Singapore, Italy, and Malaysia, according to the FBI.

Aziz Uddin was arrested by Interpol in Malaysia but let go due to a lack of evidence.

Malaysia Air attacked by hacker lizards

lizardIf it was not bad enough that Malaysia Air keeps losing its aircraft, or they’ve shot down after flying though a war zone, it appears the outfit is now being targeted by hackers.

A group calling itself “Official Cyber Caliphate” hacked on Monday the official website of national carrier Malaysia Airlines (MAS), although the airline said its data servers remained intact and passenger bookings were not affected.

The website, www.malaysiaairlines.com, showed a photograph of a lizard in a top hat, monocle and tuxedo, surrounded by the messages ‘404 – Plane Not Found’ and ‘Hacked by Lizard Squad – Official Cyber Caliphate’. A rap song was also played, showing that the Lizard Squad is familiar with musical as well as hacking atrocities.

However MAS insisted its website was not hacked, but that users were redirected to a hacker website. It said the official site would be back up within 22 hours.

“Malaysia Airlines assures customers and clients that its website was not hacked and this temporary glitch does not affect their bookings and that user data remains secured,” it said.

Malaysia Airlines lost two flights last year. Flight MH370 disappeared last March with 239 passengers and crew on board and Flight MH17 was shot down over eastern Ukraine on July 17, killing all 298 passengers and crew.


Apple’s Siri in data heist

tim-cook-glareApple’s voice activated personal assistant Siri is being used to steal sensitive information from iOS based smartphones.

Luca Caviglione of the National Research Council of Italy and Wojciech Mazurczy of the Warsaw University of Technology warn that “malicious actors” could use Siri for stealthy data exfiltration by using a method that’s based on steganography, the practice of hiding information.

Clearly the malicious actors are hacked off that people have been stealing their pictures from the iCloud and posting them online and have taken Siri hostage.

iOS malware is also increasingly common, as the popularity of the iPhone is matched by the company’s misplaced belief in its own security vulnerability.

Mazurczy and Caviglione have demonstrated that iOS malware could become difficult to detect.

When users talk to Siri, their voice is processed with the Speex Codec, and the data is transmitted to Apple’s servers where the voice input is translated to text.

Using an attack method called iStegSiri, the “shape” of this traffic embeds sensitive data from the device. This covert channel could be used to send credit card numbers, Apple IDs, passwords, and other sensitive information from the phone to the criminals.

First, a secret message is converted into an audio sequence based on voice and silence alternation. Then, the sound pattern is provided to Siri as input through the internal microphone. Finally, the recipient of the secret message inspects the traffic going to Apple’s servers and extracts the information based on a decoding scheme..

In their experiments, Mazurczy and Caviglione managed to use this method to exfiltrate data at a rate of 0.5 bytes per second. At this speed, it would take roughly 2 minutes to send a 16-digit payment card number to the attacker.

It only works on jail broken devices and attackers somehow need to be able to intercept the modified Siri traffic. However, the researchers highlighted that the purpose of iStegSiri is to help the security community with the detection of malware on the iOS platform.

The researchers told IEEE Spectrum that they have not made specific details on iStegSiri public to prevent cybercriminals from using their work. We guess that Apple have not modified anything in the iOS to stop it happening if someone works it out.

Microsoft Xbox SDK leaked by open sourcers

rms-meets-open-sauce-detail (1)Software giant Microsoft has had the embarrassment of having its Xbox One SDK leaked to the great unwashed by an open sauce group calling itself H4LT.

H4LT insists that it is not a hacker group, but is distributing the SDK to improve the software.

“Progress is achieved faster than alone. Something kept between us will not achieve anything. Share it with the community equals creativity and research. Shared is how it should be. The SDK will basically allow the community to reverse and open doors towards homebrew applications being present on the Xbox One,” the group announced to Hot Hardware .

The SDK for any given product is available behind some degree of registration and does not necessarily cost users. So getting your paws on a copy was not a matter of sneaking it out of a heavily guarded back vaults using minis.

The SDK includes Microsoft’s Pix which shows that the Xbox One’s has an optional seventh core for game programming. There are also multiple Xbox Kinect tools, including the Kinect Studio and the Kinect Visual Gesture Builder.

Kinect also has an app for testing and creating applications that listen for speech.

The group has also claimed that once the SDK is out, people who have knowledge or has in the past reversed files related to the Windows 8 operating system should definitely have a go at reversing some files in there.

The Xbox One is practically a stripped Windows 8 device and has introduced a new package format that hasn’t had much attention. This format is responsible for updating the console and storing applications Games are under the category of ‘Applications’ on the Xbox One and is a modification of Virtual Hard Disks.

North Korean unternet went dark

2014040401712_0North Korea experienced a complete unternet outage for hours before links were restored this morning.

At the moment it is unclear what caused the country’s internet to go dark – it could have been a technological glitch or a hacking attack. The US government denied that it was involved in any cyber action against Pyongyang in revenge for attacking its paymasters in Hollywood recently.

US President Barack Obama had vowed to respond to the major cyber-attack on Sony, which he blamed on North Korea, “in a place and time and manner that we choose”,

North Korea’s internet links were unstable on Monday and the country later went completely offline.

South Korea, which remains technically at war with the North, also had a motive. It recently revealed that a nuclear power plant operator had been hacked, probably by North Korea.

South Korean President Park Geun-hye said the leak of data from the nuclear operator was a “grave situation” that was unacceptable as a matter of national security, but she did not mention any involvement of North Korea.

Most North Korean’s would have been unaware that the internet was broken. Very few of its 24 million people have access.

Almost all its Internet links and traffic pass through China. North Korea is dependent on a single international provider, China Unicom.

Apparently the United States asked China to shut down servers and routers used by North Korea that run through Chinese networks.  It also asked them to identify any North Korean hackers operating in China and, if found, send them back to North Korea. It wants China to send a strong message to Pyongyang that such acts will not be tolerated.

If the Chinese had switched off the internet for a few hours to send a message to North Korea they did not tell anyone about it.

In Beijing, the Chinese Foreign Ministry said while it opposed all forms of cyberattacks and that there was no proof that North Korea was responsible for the Sony hacking.

Dell cleaning up in India

Dell logoTin box shifter, Michael Dell is doing rather well in the growing Indian server market according to beancounters at IDC.

The analyst firm claims that Dell India has become the largest server player in the India market, doubling its shipments in the third quarter and commanding 38 percent market share in terms of revenue.

While the other players saw a decline in server shipments in the third quarter, Dell shipments more than doubled largely due to investments by the Retail industry.

HP, market leader in terms of overall shipments, saw a decline of 12 percent, while IBM’s market share dropped by about five percent. Dell grew by 17 percent in terms of overall shipment units, coming close second to HP, with about 29 percent market share.

“The non x86 server market saw a decline of 58 percent in terms of revenue in Q3 2014 as compared to Q3 2013 due to large refreshes in verticals like Banking and telecom being on hold due to various factors,” IDC said.

Dell India has been growing in the server as well as PC market as it completely revamped its go-to-market strategy in India after its privatisation.

It is now trying to offer integrated systems to enterprises as it attempts to fill in a void created by IBM’s exit from commoditised x86 server business, which is not only helping it expand its  market but also get higher value deals.

North Korea causes US to surrender

Kim Jong Un, courtesy of North Korea news agencyWhen it comes to winning a war which does not involve flinging bullets at the enemy, flying high tech-drones, or cruise missiles, it seems that the US is hopeless.

After the FBI identified that the Sony hack was caused by North Korean cyber warriors who were miffed about a comedy film which involved North Korean leader Kim Jong-un, Sony immediately surrendered and pulled the flick “The Interview” from distribution.

This followed the fact that five theatre circuits in North America have decided not to play Sony’s The Interview.

Regal Entertainment, AMC Entertainment, Cinemark, Carmike Cinemas and Cineplex Entertainment have all decided against showing the film.

“Due to the wavering support of the film The Interview by Sony Pictures, as well as the ambiguous nature of any real or perceived security threats, Regal Entertainment Group has decided to delay the opening of the film in our theatres,” Regal said.

Cinemark also confirmed Wednesday that the chain had determined that they would not exhibit the film “at this time.” In addition, Cineplex, which is based in Canada, said it had decided to “postpone” the movie, with a spokesman saying, “Cineplex takes seriously its commitment to the freedom of artistic expression, but we want to reassure our guests and staff that their safety and security is our number one priority.”

It seems that the hackers managed what Kim Jong-un’s rocket threats, and artillery shelling could not – the complete surrender of US forces.

Sony had refused to back down from its plans to release the film, starring Seth Rogen and James Franco, on December 25. Instead, in discussions with exhibitors, it told the exhibitors it was up to them whether or not they played the movie and that Sony would support whatever decision they made.

However, clearly, the distributors were terrified of the North Koreans and any stiff upper lip was above a loose flabby chin.

What this means, of course, is that Kim’s Cyber Warriors will be back. After all, if you have a weapon which can bring the United States to its knees that easily, you will use it. Sony would have been better off running the film and telling everyone it was a matter of patriotic pride to show North Korea who really was boss.  Apparently running screaming like a four year-old girl from a guy in a clown mask is US defence policy now – clearly following the role model given by the French who helped found the country.


TorrentLocker has trapped 39,000 victims

mantrap Cybercriminals behind the TorrentLocker malware may have earned as much as $585,000 over several months from 39,000 PC infections.

But apparently more than 9,000 of the victims were from Australia thanks to a poisoned website which claimed to be the Australia Post newspaper.

TorrentLocker is one of several ransomware threats that have emerged in the wake law enforcement action against CryptoLocker earlier this year.

TorrentLocker demands payment of up to $1,500 in Bitcoin to unlock victim’s encrypted files. Whether victims pay depends on how much they value files.

Security vendor ESET said that the hackers behind TorrentLocker put extra effort into defrauding Australian computer users via a several bogus websites for Australia Post and the NSW Office of State Revenue.

The hackers were more successful Turkey which made 11,700 infections, but that country has a bigger population with less crocodiles. Italy, the UK, the Czech Republic, and Netherlands all had infections of between 4,500 and 2,280 each, which was also on the higher side.

Few victims actually paid. According to ESET researcher and author of the report, Marc-Etienne M.Léveillé, only 1.44 percent or 577 of the infections translated in to payment for the hackers. Still, based on the Bitcoin exchange rate of $384.94 on November 29, TorrentLocker’s operators may have earned between anywhere between $292,700 and $585,401, which is not bad money.

The PCs were infected by spam email that encourages the victim to open what appears to be a document but is in fact an executable file that will install the malware and encrypt the files.

Messages included tricking victims into opening files marked unpaid invoices, package tracking and unpaid speeding tickets.

“For example, if a victim is believed to be in Australia, fake package tracking information will be sent spoofed to appear as if it comes from Australia Post. The location of the potential victim can be determined by the top level domain used in the e-mail address of the target or the ISP to which it is referring,” ESET notes in its report.

The fake Australian domains the attackers have bought for the campaign include sites that look like the legitimate Australia Post domain austpost.com.au. These are austpost-tracking.com and austpost-tracking.org. Domains they have acquired to appear like the NSW Office of State Revenue’s real domain osr.nsw.gov.au include the bogus domains nsw-gov.net and osr-nsw-gov.net.

TorrentLocker’s “side task” is to steal the address book from email clients on the infected machine and contains code that enables this feature for Thunderbird, Outlook, Outlook Express and Windows Mail.

FBI warns of more North Korean cyber attacks

USmilitaryOUTThe Untouchables have warned businesses that North Korean hackers are using malicious software to launch a destructive cyberattack in the United States.

The alert appeared to describe the one that affected Sony, which would mark first major destructive cyber-attack waged against a company on US soil. Such attacks have been launched in Asia and the Middle East, but none have been seen in the United States. The FBI report did not say how many companies had been victims of destructive attacks.

Analysts think that the attack is a watershed event and that politics now serve as harbingers for destructive cyberattacks.

The five-page, confidential “flash” FBI warning issued to businesses last night provided some technical details about the malicious software used in the attack. It provided advice on how to respond to the malware and asked businesses to contact the FBI if they identified similar malware.

The malware overrides all data on hard drives of computers, including the master boot record, which prevents them from booting up.

“The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods,” the report said.

The document was sent to security staff at some U.S. companies in an email that asked them not to share the information.

The FBI released the document in the wake of last Monday’s unprecedented attack on Sony Pictures Entertainment, which brought corporate email down for a week and crippled other systems as the company prepares to release several highly anticipated films during the crucial holiday film season.

A Sony spokeswoman said the company had “restored a number of important services” and was “working closely with law enforcement officials to investigate the matter.”

The FBI said it is investigating the attack with help from the Department of Homeland Security. Sony has hired FireEye’s Mandiant incident response team to help clean up after the attack, a move that experts say indicates the severity of the breach.

Hackers used malware similar to that described in the FBI report to launch attacks on businesses in highly destructive attacks in South Korea and the Middle East, including one against oil producer Saudi Aramco that knocked out some 30,000 computers. Those attacks are widely believed to have been launched by hackers working on behalf of the governments of North Korea and Iran.

Sony may have been targeted by North Korea for releasing a film called “The Interview”.

The movie, which is due to be released in the United States and Canada on Dec. 25, is a comedy about two journalists recruited by the CIA to assassinate North Korean leader Kim Jong Un. The Pyongyang government denounced the film as “undisguised sponsoring of terrorism, as well as an act of war” in a letter to U.N. Secretary-General Ban Ki-moon in June.

The FBI report said some of the software used by the hackers had been compiled in Korean, but it did not discuss any possible connection to North Korea.

Chinese hack US post

postman_file_640_4806bc074ad1dChinese government hackers are suspected of breaching the computer networks of the United States Postal Service, compromising the data of more than 800,000 employees — including the postmaster general.

According to the FBI, the intrusion was discovered in mid-September, said officials, who declined to comment on who was thought to be responsible.

The announcement comes just as President Barak Obama arrived in Beijing for high-level talks with his counterpart, President Xi Jinping.

China has consistently denied accusations that it engages in cybertheft and notes that Chinese law prohibits cybercrime. But China has been tied to several recent intrusions, including one into the computer systems of the Office of Personnel Management and another into the systems of a government contractor, USIS, that conducts security-clearance checks.  Of course the US spooks have been doing the same thing in China, so it is a matter of all is fair in love and cold war.

The only question is why did the Chinese spooks think that hacking a the postal service was a good idea.

Postmaster General Patrick Donahoe said in a statement that it was an unfortunate fact of life these days that every organisation connected to the Internet is a constant target for cyber intrusion activity. “The United States Postal Service is no different. “Fortunately, we have seen no evidence of malicious use of the compromised data and we are taking steps to help our employees protect against any potential misuse of their data,” he said.

The compromised data included names, dates of birth, Social Security numbers, addresses, dates of employment and other information, officials said. The data of every employee were exposed.

No customer credit card information from post offices or online purchases at usps.com was breached, officials said.

While the OPM and USIS breaches involved data of people who had gone through security clearances and so could be useful to a foreign government seeking to gain access to individuals in sensitive government work, it is not clear why Postal Service employees would be of such interest.

Security experts rubbish CBS hacking claim

face-palmSecurity experts have poured cold water on CBS hackettes Sharyl Attkisson’s claim that she was being hacked by the government,

In her new book Stonewalled, Attkisson claims that both her personal Apple laptop and a CBS News-issued Toshiba laptop were hacked in late 2012 while she was reporting on the Benghazi terrorist attacks.

In June 2013, CBS News confirmed that the CBS News computer was breached, using what the network said were “sophisticated” methods and unnamed sources confirmed for Attkisson that an unnamed government agency was behind the attack.

However Attkisson released a video she took with her mobile of one apparent hack of her personal Apple laptop. The video shows words typed into a Microsoft Word document rapidly disappearing. During the video, Attkisson’s voice can be heard saying she’s “not touching it.”

Computer security experts who reviewed the video have told Media Matters that Attkisson’s computer had a broken backspace key.

Matthew Brothers-McGrew, a senior specialist at Interhack was quoted as saying sometimes computers “malfunction, a key can get stuck, sometimes dirt can get under a keyboard and a key will inadvertently be held down.”

Brad Moore, also a senior specialist at Interhack said that based on what he saw and was able replicate, there were multiple explanations for this sort of action and a stuck backcase key was the easiest.

Peter Theobald, computer forensics investigator with TC Forensics said that if a hacker tried to infiltrate her laptop and delete her files there would be better ways to do it and it it wouldn’t be so obvious to her.