SECURITY TO THE CORE

Posts tagged “Hacking

Sony network attacked again, hackers claim !!

A hacker group has claimed it has attacked the Sony network and stolen more than one million passwords, email addresses and other information.

CaptureLulz Security said it broke into servers that run SonyPictures.com. Sony said it was aware of Lulz Security’s statement and was investigating, the Associated Press reported.

In April, hackers broke into Sony’s PlayStation Network and stole data from more than 77 million accounts. That attack was considered the biggest in internet history and led to Sony shutting down the PlayStation Network and other services for almost a month.

The company has estimated the data breach will result in a $170m (£104m) hit to its operating profit.

Since then, Sony’s networks have become targets for hackers and the company has confirmed at least four other break-ins prior to the claimed attack on Sony Pictures.

Lulz Security claims to be behind one of those attacks: an assault on Sony Music Japan.

The latest alleged attack will come as a blow to the Japanese firm, 24 hours after it announced the PlayStation Network would be fully restored in the US and Europe, and said it had beefed up its security systems.

‘Asking for it’

In a statement on Thursday, Lulz Security said it had hacked into a database that included unencrypted passwords as well as names, addresses and dates of birth of Sony customers.

"From a single injection, we accessed EVERYTHING," it said. "Why do you put such faith in a company that allows itself to become open to these simple attacks?"

"What’s worse is that every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plain text, which means it’s just a matter of taking it.

"This is disgraceful and insecure: they were asking for it."

The group also recently claimed responsibility for hacking the website of the PBS network and posting a fake story in protest at a news programme about WikiLeaks.

BBC News


Two Koreas in Cyber Proxy War

 

Uriminzokkiri, a North Korea propaganda site, early this week blamed “South Korea’s extreme right-wingers” for a cyber attack that disrupted its website last weekend. The China-based site claimed the hackers were trying to stop its “influence from spreading.”

“They should stop acting recklessly and think carefully about a grave consequence that could be caused by their mean acts,” it warned.

On January 8, the day widely believed to be Kim Jong Eun’s birthday, pictures and messages that derided the Kim dynasty, were posted by hackers on the website as well as the related Twitter account. Meanwhile, a video clip making fun of the younger Kim was posted on YouTube.

Dcinside.com, a Seoul-based internet website, claimed responsibility.

“Some of our users did that in retaliation for a DDOS (denial of service) attack on our site on January 6,” said Kim Yoo-sik, who runs the site. “It is unclear whether it was done by North Korea or a group of North Korea sympathizers inside South Korea.”

Right after the attack disabled his site for 30 minutes, he posted a statement on the front page that said “Jong Il, Jong Eun, Come out, Let’s fight!” in order to show “a strong willingness not to back down at least in cyber world.”

The site, with daily visitors of 1.3-1.5 million, started in 1999 as a small web forum for digital camera users, but now has more than 1,400 boards for free discussion on various topics from North Korea, politics, and entertainment.

Mr. Kim said he sees a change towards North Korea among site users. “Since the Yeongpyeong attack, people have become more fearful but also furious about what happened. They wanted to show their feelings through this cyber attack” (on the North Korea site), he said.

The North Korea site denied the accusation that it attacked dcinside.com, saying that while South Korean site was misleading public opinion, Uriminzokkiri is not a “childish” group that “invades other’s websites or does hacking for fun.”

Meanwhile, the four Tweets posted by hackers from the South Korean site are strangely still available at the time of writing. One of them says “Let’s kill senile Kim Jong Il and tyrannical offspring pig Kim Jong Eun with one stroke of our sword, so that we can eat rice and meat soup and live as happily as people in the South.”

- Wall Street Journal

Attackers Now Using Honeypots to Trap Researchers

honeypotAttackers are constantly changing their tactics and adapting to what the security community and researchers are doing, and it’s not unusual for the bad guys to adopt techniques used by their adversaries. The latest example of this is a malware gang that has deployed what amounts to a honeypot designed to monitor the activity of researchers or other attackers who try to access a command-and-control server.

While researching a piece of malware related to the Zeus botnet, a group of researchers at The Last Line of Defense gained access to a remote server used to help control the attack. This particular attack was sending out huge amounts of spam throughout October, specifically targeting business owners who file quarterly taxes. Known as the EFTPS malware, the spam included a link that sent victims to a site that loaded the Zeus Trojan on their machines and then forwarded them to the actual site at the Treasury Department that handles these payments.

But the interesting part is what the researchers found when the accessed the back end server: a fake administrative console. Many, if not most, large-scale malware campaigns now have some kind of admin interface on a remote server that enables the attackers to login and access statistics on infections, geographic distribution of compromised PCs and other measurements. And researchers have been able to access these consoles on a number of occasions, mining them for key intelligence on the attackers behind the malware and how the attack works.

But in this case, the attack crew apparently anticipated this and set up a phony login interface, complete with weak username and password and a simple SQL-injection vulnerability. The console clearly is meant to attract researchers, and perhaps other attackers, to poke around and allow the crew behind EFTPS to observe their movements and methods.

“This admin interface acts as a ‘hacker honeypot’ that records detailed information about who attempted to access the admin console, as well as who attempted to hack into it. The fake login system conveniently accepts default/easily guessed credentials and common SQL injection strings. After the researcher/hacker is ‘authenticated’, they are shown random exploit statistics,” the Last Line of Defense researchers said in a blog post.

The admin console also has a feature that allows remote users to upload new “bots,” a tactic evidently designed to entice other attackers to try and compromise the server so the EFTPS crew can get a read on what they’re up to.

Legitimate security researchers have been using honeypot systems for years now and they have become a key tool for gathering information on new exploits, attack techniques and botnet research. The most prominent example is The Honeynet Project, a network of volunteers around the world who maintain complex honeypots and publish a lot of research based on what they collect and observe.

(Source: Threat Post)


Combat The Top 5 Hidden Computer Security Threats !!

I am sure every one of you must be aware of the constant threat presented by IT Insects (Computer Malware) these days. But tell me honestly have you ever fear that one day your computer system will be compromised or attacked by malware or malicious hackers because you have never took any precautionary measures to stop hidden computer security threats?

By the way do you know that due to lack of knowledge, thousands of computer users, i must say millions of computer users are becoming the victims of hacking attacks and are getting exposed to possible identity theft every year. According to a survey released by Javelin Strategy & Research on Feb 2010, there’s over 11.1 million cases of online identity theft registered in the U.S. last year. And the amount of money potentially affected by these frauds is about $54 billion. Shocking, isn’t it? This the one of the first and foremost reason to take computer security seriously.

Don’t let it happen to you. There are many ways to protect yourself from the most recent and most malignant security threats. The following are a few best practice guidelines to follow which can help you avoid becoming the next victim of these heinous crimes by halting them in their tracks that could be lurking around waiting for your next wrong move.

Top Hidden Security Threats

Social Networking

One of the most recent security threats including phising, scams initiated on popular social networking websites. These threats can be a real disaster waiting to happen to you. If you have connected with someone on social networking websites like Facebook, Orkut, Twitter, LinkedIn, Hyves or another social network website, it’s probably because you know and trust them. But still you should take a few important steps to protect yourself from being attacked. I am sure you must be wondering WHY? Reason is because Attackers, can take control of your friend’s online persona and then exploit that trust. But you can take few precautionary measures to protect yourself from being attacked. One step you can take is check your privacy settings  within Facebook, Orkut and Twitter. These settings allow others users to view your personal details that you may have forgot that you provided, which in-turns open the floodgates and permit everyone to see your information . By locking down the privacy settings you can block an authorized person to dig your information that could give away a password to an online account. In addition to that don’t accept any friend requests from people that you do not know because this can easily give an outside attacker access to additional information that you block for others. So if you’re damn serious about protecting your personal details then you shouldn’t accept such requests.

Not to mention, a Facebook “friend” or Twitter “follower” can send also send you malicious messages as because they himself chances get compromised because malware infection or clickjacking attack. So you should be cautious every time.

Computer Snooping

If you use a public computer to access any of your personal information or banking websites, then it is highly recommended to erase your tracks, as because at the end of every browsing session, there is considerable amount of tidbits information gets stored in Internet TEMPORARY Files. This can be done by erasing the history in the web browser that you used and choosing the option to NOT save passwords.

It is never suggested that you use a public computer to access any of your personal or confidential information. Even using your own personal computer can be a risk as well if you allow others to access to the same account or profile. If you use a personal desktop or laptop computer then always ensure that you use best password to protect it to keep others from accessing personal data.

Scareware

Scareware  is a class of software designed only to cause anxiety in the unsuspecting user. One of the best example is  rogue anti-malware program that puts up a dialogue box saying “Attention !! Dangerous Threats Found On Your System” with two  buttons labeled OK (To download the anti-spyware) and CANCEL. Regardless which button is chosen you would be either taken to fake website or will be compromised by getting rogue software installed in your system.

The use of scareware aka extortionware is a growing problem that the normal computer user might not be aware of. Popular rogue anti-spyware program such as AntiVirus 2010 are used to initiate scareware tactics on the affected system without any end-user intervention. Once  the malware is installed onto a user’s computer, it opens up numerous possibilities on how the malware can take advantage of the end user.

Sometimes these attacks are presented in the form of alert messages that pop-up on the computer screen or an email message that appears to be from a legitimate banking or financial institution. Being in-the-know of these types of hidden threats can greatly reduce the risks/chances of your computer system being compromised or even being damaged by malicious scareware aka extortionware methods. Another and most foolproof way to protect yourself from these hidden threats is by installing and running an updated Anti-Malware software.

Wi-Fi Network Security/Rogue Wi-Fi Networks

Today, one of the most popular hidden threats that exist literally in thin air is a rogue Wi-Fi access points or malicious Wi-Fi network. If you connect to the internet at your local coffee shop, shopping mall or even at the airport, chances are there is a cyber-spy who can capture your PC’s traffic and can assemble all the insightful information such as your user name & password, banking information and other confidential information. Any unsecured wireless network can be hacked into to monitor and view every communication you make over the internet.

This kind of hidden threat can be avoided by simply finding out the SSID of that center’s network. Security Set Identifier (SSID) is the name of the wireless network which is relayed over the airwaves and your computer receives this networks signal as a result of which the name appears in the list of all the existing networks. Connecting to only a secured Wi-Fi network is always advisable and also a good step to take. Just because a Wi-Fi network appears in your list of available networks doesn’t mean that it is safe to connect to.

Outdated Software

Do you know that Microsoft and Adobe products  are one of the most leading and favorite targets for cyber criminals? It is not just Windows operating systems that hackers only target. Attackers usually target many Microsoft and Adobe applications too that are out dated or left un-patched. That simply means if you are running an outdated software application that had a vulnerability discovered, then a hacker can use those vulnerabilities and weakness of that specific program to attack your system. These are the main reasons why companies such as Microsoft and Adobe keep rolling out security patches within the application updates. The same thing also applies to security applications such as Anti-Virus or Anti-Spyware programs. The main purpose for downloading and installing latest virus definitions is to keep your Anti-Malware application updated so that it can able to recognize a new threat that was recently released into the wild. If a program is left out-dated by you, then there is a high chance that your machine could be at risk of being getting compromised or attacked. The best way to guard you self from this type of attack is to keep all your software applications updated.

You can also use a program such as the Secunia Personal Software Inspector a FREE security tool which is designed to detect known vulnerabilities and out-dated programs and plug-ins which expose your PC to attacks and install the necessary updates.

Keep in your mind that “You are the ONLY one who can protect yourself from being getting compromised” … Stay Safe, Stay Secured !!

If you know more hidden security threats that you have discovered recently, then do share it with me… 🙂