Tuesday, February 26, 2013
Saturday, February 23, 2013
Hacker raided by FBI after leaking Microsoft next Xbox release information
He had claimed to know about the next Xbox and PlayStation, claimed to really have two prototype versions of the next Xbox.
The suspect, identified as Dan Henry a.k.a SuperDaE and he tweeted about the raid on his twitter and uploaded a warrant copy. Last year he reportedly sold a next-gen Xbox development kit on eBay for $20,100. A development kit is what Microsoft sends to companies so they can develop Xbox games.
The warrant revealed that there are many companies behind the charges filed, including Microsoft, eBay, and Paypal. The photo was removed after it was thought to be a hoax but developers later confirmed that the pictures were in fact accurate of the highly anticipated Xbox gaming console.
Henry has admitted in recent interviews that he breached networks at some gaming companies. He also said the FBI was trying to extradite him. He also leaked over 20 documents to Kotaku, which he said was not done for financial gain.
He said he was contacted by Microsoft last year for details of flaws in their security system. "This raid was a result from the Aussie police kissing America's ass." he tweeted.
Henry has admitted in recent interviews that he breached networks at some gaming companies. He also said the FBI was trying to extradite him. He also leaked over 20 documents to Kotaku, which he said was not done for financial gain.
He said he was contacted by Microsoft last year for details of flaws in their security system. "This raid was a result from the Aussie police kissing America's ass." he tweeted.
Wednesday, February 20, 2013
Hacking Facebook Passwords
Hacker found a way to hack and change your password like, just he used
to change his own password. Confused ? Recently Facebook fix a very
critical vulnerability on the tip of 'Sow Ching Shiong',
an independent vulnerability researcher. Flaw allows anyone to reset
the password of any Facebook user without knowing his last password.
At Facebook, there is an option for compromised accounts at "https://www.facebook.com/hacked"
, where Facebook ask one to change his password for further protection.
This compromised account recovery page, will redirect you to another
page at "https://www.facebook.com/checkpoint/checkpointme?f=[userid]&r=web_hacked" .
Researcher notice that the URL of the page having a parameter called "f"
which represents your user ID and replacing the user ID with victim's
user ID allow him to get into next page where attacker can reset the
password of victim without knowing his last password.Monday, February 18, 2013
Anonymous member Arrested by FBI
Anonymous hacker Barrett Brown was arrested by the FBI last night, his apartment raided while he was in the middle of a live TinyChat session.
For those that may not be familiar with Brown, he came to some notoriety last year for allegedly mounting an operation against the Zeta drug cartel in Mexico after they had kidnapped a member of Anonymous. Brown claimed to hold the names of 75 Zeta collaborators, which he threatened to release to the press unless the Anon member was set free.
Brown is the founder of Project PM and has worked closely with the Anonymous hacker collective on several past operations. This is not the first time that Barrett Brown’s home has been raided. Six months ago the FBI came knocking on Brown’s door and confiscated his laptop, but no charges were filed against him. That incident followed the arrest of then-LulzSec leader Sabu, or rather Hector Xavier Monsegur, who then turned informant in exchange for leniency, although it’s also been suggested that Sabu was working for the FBI prior to his arrest, which then served as a cover.
The arrest came just hours after the activist published a video in which he threatened to destroy FBI agent Robert Smith. The video came in response of the fact that, apparently, his mother was accused of obstruction of justice and threatened.
Brown has often denied acting as a spokesperson for Anonymous in any officially capacity, as the amorphous group has no such official structure. Nonetheless, his knowledge of many of the group’s activities has often left many with such an impression.
You can see his details on Dallas County Online Jail Search website. According to those who follow Brown, his behavior had become erratic as of late, as evident in the last video he posted to his YouTube account.
UPDATE :
Anonymous Hackers releases creditcard details of 13 FBI agents in retaliation for the arrest of Barrett Brown. "We didn't plan this #FFF. It just happened...." and continue with "we would be dropping an undeterminate amount of credit cards potentially belonging to govt officials (just and only just, underterminately probable) potentially all around of undeterminate number ofcarding forums, black markets and other underground places."
9 million PCs infected with ZeroAccess botnet
In recent months, we've seen the rootkit family Win32/Sirefef and Win64/Sirefef (also known as ZeroAccess Botnet)
update its command and control protocol and grow to infect more
computers while connecting to over one million computers globally
The ZeroAccess botnet not only
makes large amounts of money for its owners but it also causes
significant damage and loss in a variety of ways to a variety of
individuals and entities. Various aspects of ZeroAccess’ operation
consume considerable bandwidth. This is 1,227,300 bytes per hour,
29,455,200 per day and 895,929,000 bytes per month. 895 MB per month per
bot means a botnet with 1 million nodes could be producing as much as
895,000,000 MB or 895 Terabytes of network traffic per month. And all of
this occurs before any files are actually downloaded using the
protocol.
The peer-to-peer protocol used by the latest version of ZeroAccess contains only a few commands and is designed to spread files and IP addresses across the network quickly. It is encrypted to avoid easy detection and there are a number of measures taken to avoid the network being poisoned or taken over. This generally held at around 150,000 new installations per day, with a noticeable drop at the end of August
Before, disclosed that it creates its
own hidden partition on the hard drive and uses hidden alternative data
streams to hide and thrive. Then ZeroAccess developer changed infection
tactics and stopped using kernel-mode components in the latest version
Security firms tracked the growth of x64 version infections.
But Recently uncovered by SophosLabs that ZeroAccess botnet took a major shift in strategy and operating entirely in user-mode memory.
There are two distinct ZeroAccess botnets, and each has a 32-bit version and a 64-bit version, numbering four botnets in total. Each botnet is self-contained because it communicates exclusively on a particular port number hard-coded into the bot executable. The botnets can be categorised based on their port numbers. Ports 16464 and 16465 are used by the 32-bit and 64-bit versions of one botnet; ports 16470 and 16471 are used by the 64-bit and 32-bit versions of the other botnet.
There are two distinct ZeroAccess botnets, and each has a 32-bit version and a 64-bit version, numbering four botnets in total. Each botnet is self-contained because it communicates exclusively on a particular port number hard-coded into the bot executable. The botnets can be categorised based on their port numbers. Ports 16464 and 16465 are used by the 32-bit and 64-bit versions of one botnet; ports 16470 and 16471 are used by the 64-bit and 32-bit versions of the other botnet.
They also disclose
the ZeroAccess has been installed on computers over nine million times
with the current number of active infected PCs numbering around one
million.
The current size of the botnet
is somewhere in the region of 9 million machines spread throughout the
world, but with the majority located in the U.S.
Other than U.S other top infected countries are :
- Brazil
- Japan
- Romania
- Argentina
- Venezuela
- Chile
The ZeroAccess botnet currently
creates two primary revenue streams: click fraud and Bitcoin mining.
Click fraud and Bitcoin mining can earn the botnet owners a potential
$100,000 a day. "The traffic generated by the ad-click fraud can burn
through your bandwidth cap. We have been following a number of bots
such as ZeroAccess whose primary function is ad-click fraud. These bots
receive instructions from a controller directing them to click on ads on
specific web sites. The web site owner gets paid by the advertiser on a
per click basis usually through the intermediary of an ad network. The
advertisers and ad network operator have a number of safeguards in place
to protect against click fraud," the report said.
The peer-to-peer protocol used by the latest version of ZeroAccess contains only a few commands and is designed to spread files and IP addresses across the network quickly. It is encrypted to avoid easy detection and there are a number of measures taken to avoid the network being poisoned or taken over. This generally held at around 150,000 new installations per day, with a noticeable drop at the end of August
Hackers steal more than $450,000 from Burlington city bank
The city of Burlington is warning its employees to check their bank
accounts after finding out funds have been stolen. The Skagit Valley
Herald reports the money was electronically transferred to various
personal and business accounts throughout the United States during a
two-day period this week.
We really don't know exactly how it happened," said City Manager Bryan Harrison. "Multiple banks in multiple states involved." "Someone, either through the city system or Bank of America had actually accessed our electric authorization account."
They believe the money has been shifted to different banks around the
world. Officials say they will recover the money that was stolen, and
that it will not affect city business
We really don't know exactly how it happened," said City Manager Bryan Harrison. "Multiple banks in multiple states involved." "Someone, either through the city system or Bank of America had actually accessed our electric authorization account."
The theft was first reported by the Skagit Valley Herald newspaper which
said that Burlington’s finance department reported the theft Thursday.
Police and the Secret Service are investigating. Burlington is a city of
about 8,400 people roughly 60 miles north of Seattle.
Anonymous Hackers dumps 600k Emails from most popular Israeli web portal
As part of Operation Israel (#OpIsrael) Anonymous
Hackers once again strike on Israeli infrastructure by dumping the
600,000 emails and passwords from one of the most popular Israeli web
portal 'Walla', which is know for providing news, search and e-mail system, among other things.
Anonymous Activist knows 'AnonSabre' dumped email addresses, password MD5 hashes and salts across 95 Pastebin posts containing this sensitive information have been published over the course of 24 hours.
Walla also confirmed that the list was posted online, but they said that the information leaked by Hacker is Useless because the password posted by hacker is in Encrypted form.
Walla also confirmed that the list was posted online, but they said that the information leaked by Hacker is Useless because the password posted by hacker is in Encrypted form.
I think, they are not aware about fastest MD5 cracker 'oclhashcat' or other cloud based cracking services, anyway they also said,“However, we are working on 'hermetically' sealing off user details in Walla! accounts,”.
The #OpIsrael campaign was announced last December, and according to Anonymous, is for the “children and families in Gaza that are suffering as a result of the policies of the Israeli government.”
As part of the campaign, hackers took down the Israeli military spokesperson’s website, and hacked into the Israeli Vice Prime Minister’s site in past months.
As part of the campaign, hackers took down the Israeli military spokesperson’s website, and hacked into the Israeli Vice Prime Minister’s site in past months.
Sunday, February 17, 2013
Facebook hacked in Zero-Day Attack
Facebook operator of the largest social network with more than 1 billion members, said on Friday it had been the target of an unidentified hacker group, but that no user information was compromised during the attack.
The attack occurred when a handful of the company's employees visited a developer's compromised website, which led to malware being installed on their laptops.
‘Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack,’ read thestatement, despite the laptops being ‘fully-patched and running up-to-date anti-virus software.’
Reports say Facebook knew about the attacks, which likely exploited a zero-day Java software flaw, well before the announcement.
"We are working continuously and closely with our own internal engineering teams, with security teams at other companies, and with law enforcement authorities to learn everything we can about the attack, and how to prevent similar incidents in the future," Facebook said on its website.
"We are working continuously and closely with our own internal engineering teams, with security teams at other companies, and with law enforcement authorities to learn everything we can about the attack, and how to prevent similar incidents in the future," Facebook said on its website.
Facebook was not alone in this attack, Twitter social network, said earlier this month that it had been hacked, and thatapproximately 2,50,000 user accounts were potentially compromised, with attackers gaining access to information including user names and email addresses.
Hackers deface Hostgator Indian domain
Hacking group 'today hack and deface Hostgator Indian domain Hostgator.in , which handles the Indian Operations ofHostgator.com with locally available servers and localized currency billing as well as support.
Rather than editing homepage or other pages of site, hacker just added new file at on ftp with defacement purpose. At the time of writing, the page has been removed by firm but we had taken a screenshot this morning as shown below:
The defacement page ends with message,"We Are Anonymous". No doubt that group have nothing to do with Hacktivist group Anonymous, but may be they use this term just for fun.
Saturday, February 16, 2013
Zeus Trojan History
Zeus is a Trojan horse that steals banking information by Man-in-the-browser keystroke logging and Form Grabbing. Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became more widespread in March 2009. In June 2009, security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster.com, ABC, Oracle, Play.com, Cisco, Amazon, and BusinessWeek.
The various Zeus' botnets are estimated to include millions of compromised computers (around 3.6 million in the United States).As of October 28, 2009 over 1.5 million phishing messages were sent on Facebook with the purpose of spreading the Zeus' trojan. On November 3, 2009 a British couple was arrested for allegedly using Zeus to steal personal data. From November 14–15, 2009 Zeus spread via e-mails purporting to be from Verizon Wireless. A total of nine million of these phishing e-mails were sent.
In 2010 there were reports of various attacks, among which one, in July, disclosed by security firm Trusteer, indicating that the credit cards of more than 15 unnamed US banks were compromised.
On October 1, 2010, FBI announced it had discovered a major international cyber crime network which had used Zeus to hack into US computers and steal around $70m. More than 90 suspected members of the ring were arrested in the US, and arrests were also made in the UK and Ukraine.
In May 2011, the then-current version of Zeus's source code was leaked and in October the abuse.ch blog reported about a new custom build of the trojan that relies on more sophisticated peer-to-peer capabilities.
Proliferation
The Zeus Trojan-controlled machines are in 196 countries, including isolated states such as North Korea. The five countries with the most significant instances of infected machines are Egypt, the United States, Mexico, Saudi Arabia, and Turkey. Altogether, 2,411 companies and organizations are said to have been affected by the criminal operations running the botnet.Targeted Operating Systems
Zeus targets Microsoft Windows machines. It does not work on Mac OS X, or Linux.In 2012, Kaspersky Lab researchers discovered five new variants of Zeus that infected BlackBerry and Android phones.
Targeted information
Every criminal can control which information he's interested in and fine tune his copy of Zeus to only steal those. Examples include login credentials for online social networks, e-mail accounts, online banking or other online financial services. The top sites with stolen login credentials, according to Netwitness' report are Facebook, Yahoo, Hi5, Metroflog, Sonico and Netlog.Removal and detection
Zeus is very difficult to detect even with up-to-date antivirus software due to being stealthy. This is the primary reason why its malware family is considered the largest botnet on the Internet: Some 3.6 million PCs are said to be infected in the U.S. alone. Security experts are advising that businesses continue to offer training to users to prevent them from clicking hostile or suspicious links in emails or on the web while also keeping up with antivirus updates. Symantec claims its Symantec Browser Protection can prevent "some infection attempts" but it remains unclear if modern antivirus software is effective at preventing all of its variants from taking root.FBI crackdown
The hackers then used this information to take over the victims’ bank accounts and make unauthorized transfers of thousands of dollars at a time, often routing the funds to other accounts controlled by a network of money mules. Many of the U.S. money mules were recruited from overseas. They created bank accounts using fake documents and phony names. Once the money was in their accounts, the mules could either wire it back to their bosses in Eastern Europe, or turn it into cash and smuggle it out of the country. For their work, they were paid a commission.
More than 100 people were arrested on charges of conspiracy to commit bank fraud and money laundering. Of those, over 90 were in US, and the other arrests were made in UK and Ukraine.
Before they were caught, members of the theft ring managed to steal $70 million.
Retirement
In late 2010, a number of Internet security vendors including McAfee and Internet Identity claimed that the creator of Zeus had said that he was retiring and had given the source code and rights to sell Zeus to his biggest competitor, the creator of the SpyEye trojan. However, those same experts warned the retirement was a ruse and expect the cracker to return with new tricks.As of 13 May 2011, the source code and compiled binaries are found to be hosted on GitHub
Zeus banking Trojan in Japan
Zeus continues to strike online bank accounts and users, and technology designed to thwart these Trojan attacks continually fails to keep up. Symantec recently came across a new Zeus file targeting five major banks in Japan.
The malware, which has caused serious problems to banking customers in Europe and the U.S, now having maximum concentration on Japanese banks. Target information was reveled by Symantec after decryption of configuration file from new sample. The attacker uses Blackhole exploit kit in order to install Zeus
eus, a financially aimed malware, comes in many different forms and flavors. It can be tweaked to hijack personal PCs, or come in the form of a keylogger that tracks keystrokes as users enter them.
But once installation over, Zeus malware aims to steal online-banking credentials, and phishing schemes and drive-by downloads are most often the avenues hackers use to spread this increasingly sophisticated and evolving Trojan.
In this case, the functionality is the same as that of other Zeus variants. Once infected, Zeus monitors the Web browser visiting the targeted banks and injects HTML code that displays a message in Japanese that states in English: "In order to provide a better service to our customers, we are updating our personal internet banking system. Please re-enter the information that you provided when you first registered.".
Zeus gained notoriety in 2006 as being the tool of choice for criminals stealing online banking credentials. If your are one of the victim of Zeus, we recommend that you change your passwords for your online accounts and if you have used your credit card while Zeus Trojan was on your computer, contact the bank and let them know that you might be be victim of a phishing attack.
Zeus gained notoriety in 2006 as being the tool of choice for criminals stealing online banking credentials. If your are one of the victim of Zeus, we recommend that you change your passwords for your online accounts and if you have used your credit card while Zeus Trojan was on your computer, contact the bank and let them know that you might be be victim of a phishing attack.
Google Play privacy issue, sends app buyers personal details to developers
The main problem is that Google is not asking explicit permission from buyers to share that information with developers, but according to privacy groups and with careful inspection of the policies, Google does not clearly mention that it is sharing personal information to app developers nor does it create a good deal of effort in informing buying customers.
The sign-up process for Google Wallet tells prospective users that they will need to share some basic information with merchants to conduct their transactions. But from a practical point of view, many people seemed blindsided by the news that their information was being shared. There was a mention that developers could take any type of personal information and still sell it to another party.
Last year, Google was accused of violating the consent order by placing tracking cookies on the computers of Safari users, despite telling those same users they would be automatically opted-out of such tracking. Google agreed to pay a record $22.5 million to the FTC.
Subscribe to:
Posts (Atom)