Edward Snowden obtained classified NSA documents by stealing coworker's password

 We are very cognizant of the releases that the Whistleblower Edward Snowden did against the US National Security Agency (NSA) and in the wake of perusing each related redesign, viewing each report that he gave to different news sites, every one of you are left because of an address that, How he could complete this entire operation without any making a difference?

Yes, you are correct! The previous NSA builder Edward Snowden supposedly figured out how to gain entrance to many the ordered records by taking one of his colleague's passwords, as per an unclassified NSA notice got by the NBC News.

Three Members, one NSA's regular person representative, a dynamic obligation part of the U.s. Military and a builder were discovered included in the activities that may have helped Snowden's operation; from which NSA's regular person worker has been stripped of his exceptional status and has surrendered.

Other two has been impeded from entering National Security Agency (NSA) offices, the reminder states showing that their status is under survey as of now.

The colleague said that he permitted Snowden to utilize his Public Key Infrastructure (PKI) endorsement to gain entrance to the grouped data on "Nsanet" that was formally denied to enter by Snowden.

The reminder's record doesn't furnish much detail, consistent with NBC, however experiencing the entire notice, Snowden's by one means or another got one of his non military person NSA workers and associates to enter his watchword "onto Snowden's work station," the update states. "Unbeknownst to the regular person, Mr. Snowden was equipped to catch the secret key, permitting him significantly more terrific access to arranged data"

The update additionally states that the citizen colleague was not cognizant of Mr. Snowden's propositions that he "proposed to unlawfully unveil ordered data," and imparted his PKI authentication, an arrangement of greatly secure qualifications that furnished more stupendous access to NSA's inside machine framework, and "neglected to follow security commitments," that made him leave.

This was not the first occasion when we caught wind of the inclusion of the associate of NSA in the matter of purported country's pride. Heat in the month of November, the update has all the earmarks of being the first official affirmation of a Reuters report in November; Reuters reported that a percentage of the workers, the same number as 20 to 25 specialists who imparted their passwords had been distinguished, addressed, and evacuated from their assignments, yet the NSA never openly remarked on that report and Snowden seemed to deny it throughout an open Google talk simply a month ago.

Right away this is the thing that NSA should very attentive to the control supported by the laborers who work at NSA to complete the most refined undertaking to spy on every person, while their inbuilt risk may pass their head over.

How to hack a Wireless DSL Router, Exploit posted online

A hacker from France named “Eloi Vanderbeken”found a way to hack NetGear and Linksys wireless routers on Christmas, and as well as, he distributed that secret exploit in public also.

The secret exploit allows an attacker to change the admin panel password to default without any admin authentication.

Eloi forgot his Linksys WAG200G router’s password and was trying to crack that , he scanned that and found a suspicious open TCP port. He researched on the part deeply and downloaded the copy Linksys firmware and then reverse-engineered that.

After a research 0n that port, he found that was a secret backdoor that allows anyone to send commands on admin basis without admin authentication. Well, it’s a cool exploit for- who really forgot the password, but may be dangerous for them where- Near-by “Hackers situated.”

 Eloi tried to describe you what and how he found the secret exploit, below are the routers which are affected by the Exploit:

• Cisco RVS4000 fwv 2.0.3.2
• Cisco WAP4410N
• Cisco WRVS4400N
• Cisco WRVS4400N
• Diamond DSL642WLG / SerComm IP806Gx v2 TI
• LevelOne WBR3460B
• Linksys RVS4000 Firmware V1.3.3.5
• Linksys WAG120N
• Linksys WAG160n v1 and v2
• Linksys WAG200G
• Linksys WAG320N
• Linksys WAG54G2
• Linksys WAG54GS
• Linksys WRT350N v2 fw 2.00.19
• Linksys WRT300N fw 2.00.17
• Netgear DG834[∅, GB, N, PN, GT] version < 5
• Netgear DGN1000
• Netgear DGN1000[B] N150
• Netgear DGN2000B
• Netgear DGN3500
• Netgear DGND3300
• Netgear DGND3300Bv2 fwv 2.1.00.53_1.00.53GR
• Netgear DM111Pv2
• Netgear JNR3210

May be affected:

• all SerComm manufactured devices
• Linksys WAG160N
• Netgear DG934 probability: probability: 99.99%
• Netgear WG602, WGR614 (v3 doesn’t work, maybe others…)
• Netgear WPNT834

Here is the Exploit code, if you are looking for, and you can find a detailed list of routers which are affected or not HERE.

Nowadays it’s easy to hack a website in just four steps

Till yesteryears it required Tech Geeks to have an above average knowledge to hack a website but these days it has become a child’s play. Like conventional searches, you can Google out the tools required to plan a Hack-Attack on a website and with a little effort you can execute the same with ease. Here it is, in 4 easy steps, how hackers execute it.

Step 1: Identifying

The Hacktivists first identify their target website which they want to attack upon. They first qualify the website, according to the vulnerability level, they wish to attack. Checking the vulnerability of the website allows the hacker to prepare tools and techniques required to bring down the website.

Hackers generally use Google Dork, or Google Hacking, to execute a vulnerability check against these easy-to-hack websites. It was very recent that a hacker posted a list of 5,000 such websites which were really easy to be attacked. If they don’t wish to Google it out, they can Bing it. This tool is heaven for hackers as it helps in qualifying such websites.

Hackers have a ready-to-refer index of Dorks which points out the websites having a particular vulnerability. Right from passwords to Login credentials, there is Dork available for everything. They would Google “intitle:”Index of” master.passwd” which will return them a file containing the passwords and then they have the list of potential victims ready with them to execute the hack.

Step 2: Spotting the vulnerabilities

Acunetix – a Windows based application to test the website – developed by a UK based company, was designed and is still in prominent use by developers to test the vulnerabilities in the website, but the technical expertise of hackers to this tool allows them access to point out the weakness levels of the website. Once the site is identified for attack, this tool is used by hackers to check the vulnerability of the website, as all websites qualified in level 1 may not be susceptible to attack.

Since the hackers have in-depth knowledge of the above mentioned software, they can not only crack the version from a trial one, but the cracked version is also available freely amongst the hacker community. Once they enter the URL or website address in this software they are able to point out the loopholes in the website and all they do is, move to step 3.

Step 3: The Attack on the website – SQL Injection

The SQL injection is the easiest and the most used way by hackers to hack into a website. It is used by hackers to hack into user accounts and steal information stored into its databases. This attack aims at information stealing using some lines of code of SQL (Structured Query List) which is a database programming language. The hacker’s don’t even have to learn the language for this attack, as there is an available software called “Havij” in the hacker forums where it is available free of cost. It comes as an easily useable application. Havij is originally a development from Iran. The word itself means carrot, a bad-slang for the word penis, ultimately meaning that the hack-ware helps penetrating a website.

Havij has 2 versions – paid and unpaid, both of them differential in powers of penetrating, although the paid version can be cracked and downloaded from other hacker forums. The interface of this software completely simple like any other windows application, which does its work when a newbie hacker just copies the link of the website needed to hack and pastes it into the application.

The tasks Havij can perform are very surprising. The best one for them and worst for the users of the website is called “Get”. It fetches all the data stored in the target website’s databases which range from usernames, passwords to phone numbers and bank details.

It is so easy for hackers that within a couple of minutes of their time, in which they can search, download, and use one or two automated hack-wares that allows them to access websites which are vulnerable to such attacks. Very much assured, that the websites of high profile companies like Google, Microsoft and Facebook are completely safe from such tools. As mentioned before, the vulnerability of the web is displayed by the attack made on Sony’s PlayStation Network which led to the leaking of their customers’ personal information in a very similar way.

Step 4: The DDoS – The A Game

SQL Injection has been used by the infamous hacktivist community – Anonymous for over a year now, but they tend to go forth with the DDoS when simple tools like the Havij don’t work. Again like the SQL (pronounced Sequel) Injection attack there are freely available tools for the DDoS as well.

As it appears, the DDoS is also as simple as the SQL Injection attack. The program used here is called the Low Orbit Ion Cannon (LOIC), which was brought to life by web developers for stress testing their own websites, but was later hijacked by hackers to attack the websites for non-social use.

The LOIC is available to the hackers freely on the website Source Forge. Again as simple as the Havij, the hackers just have to type in the link of the website they want to DDoS and the application does the rest. LOIC overloads the server of the target website with upto 200 requests per second.

Now again, the bigger websites can easily cope up with this type of an attack without crashing, most of the other websites cannot. Surely if a group of hackers, although newborn, dedicates itself to the job, it is very easy for them to complete it.

This type of technology horrifies the readers, but it is very simple to use by the hackers that they can even control it from their phones, meaning that they could well be watching a movie with their buddies in the cinema while attacking the website they want to bring down.

This is not an exhaustive list and processes how the hackers execute the act but there are many a tutorials on various hacking forums that teach how to perform the attack. There is no end to this notoriousness, in many cases a heinous crime, which has caused a loss of millions and millions of dollars to the world. So are you going to get your website checked through your developer today? May be today would be a real good day to get it done.

1295 Bitcoins stolen by hackers by breaking into BIPS

A group of hackers cracked Denmark BIPS accounts and stole 1,295 Bitcoins – more than a million dollars in equal. An incident outraged many of Bitcoins owners; they blamed BIPS’ leadership of carelessness and frivolity.

One of suffers who said he’s lost 90 bitcoins has created an online forum to let others sign up for possible legal action against BIPS.

The website made a statement that “BIPS will temporarily close down the wallet initiative to focus on real-time merchant processing business which does not include storing of Bitcoins”.

BIPS founder and CEO Kris Henrikson explained the situation at bitcointalk.org forums.
“On Nov. 15th BIPS was the target of a massive distributed denial-of-service (DDoS) attack, which is now believed to have been the initial preparation for a subsequent attack on Nov. 17th that overloaded our managed switches and disconnected the iSCSI connection to the SAN on BIPS servers”.

“Regrettably, despite several layers of protection, the attack caused vulnerability to the system, which has then enabled the attacker/s to gain access and compromise several wallets.” – he added.

Affected individuals will be contacted – no matter how many Bitcoins were stored in their wallets – and merchants will be contacted too if automatic conversion of Bitcoin was not enabled, – Henrikson reassured Bit users.

It is third big theft for this month. Another $1.4 million concerned an online wallet service known as Inputs.io. And $4 million stolen from Chinese exchange.

Russia: Chinese planting hidden chips in Irons & electric kettles which serve malware in systems

China is planting Microchips practically in every electrical device, as recently it has been discovered that the electric iron and kettles were modified with this technique to launch spam attacks.

How will you react when you will came to know—your Chinese Iron has inbuilt chip which is being used to server malware on to your systems, well if you talk mine then i will throw that outside and will call that “The NSA Aunty.”

A Russian TV Rossiya 24 reported about this Malware machine even they showed footage of technician while opening the Iron included in a batch of Chinese imports to find a “spy chip” with what he called “a little microphone”.

These types of hidden chips are being used to spread viruses through connecting to any computer with in a 200m (656ft) radius which were using unprotected Wi-Fi networks. Other components like mobile phones and car dashboard cameras are also affected with this hidden chip, the Russian TV reported.

One thing also reported by the channel that these hidden chips look small, but had been attacked company networks, sending out spam without administrators’ knowledge.

According to a news agency the latest order of these irons have been cancelled but more than 30 devices had already been sent to retailers in St. Petersburg.

From now, would you like to bring that NSA aunty to your home, tell us in comments, we like to hear from you.

NSA leaker Edward Snowden gets job in a major Russian website

The NSA leaker Edward Snowden got a job after three months of his shipment to Russia. He got the job in a major Russian website, his lawyer said Thursday.

Edward Snowden will start working at a big Russian company on Friday, November 1. His job will be to support and develop a major Russian website,”lawyer said.

Asking upon the company’s name in which Snowden got job, lawyer didn’t disclose that, citing security concerns.

Speculation over Snowden’s new employer centred on the Russian equivalent of Facebook, Vkontakte, whose charismatic founder Pavel Durov publicly offered Snowden a post in August.

Right now two major Russian internet companies—yandex.ru and Mail.Ru Group said, “No, we didn’t hire Snowden.”

According to Snowden’s lawyer, he was running out of money that’ why he need a job.

After the revelation of secret documents of NSA, he was on a year temporary asylum in Russia.

Snowden spent more than a month in a Moscow airport before receiving a year’s temporary asylum and heading to a secret address.

Snowden supporter website also has raised $49,000 in donations.

iOS apps vulnerable to HTTP Request Hijacking attacks over WiFi

Security researchers Adi Sharabani and Yair Amit have disclosed details about a widespread vulnerability in iOS apps, that could allow hackers to force the apps to send and receive data from the hackers' own servers rather than the legitimate ones they were coded to connect to.

Speaking about the issue at RSA Conference Europe 2013 in Amsterdam, researchers have provided details on this vulnerability, which stems from a commonly used approach to URL caching.

Demonstration shows that insecure public networks can also provide stealth access to our iOS apps to potential attackers using HTTP request hijacking methods.

The researchers put together a short video demonstrating, in which they use what is called a 301 directive to redirect the traffic flow from an app to an app maker’s server to the attacker’s server.

There are two limitations also, that the attacker needs to be physically near the victim for the initial poisoning to perform this attack and the flaw works only against HTTP traffic.

“A victim walks into Starbucks, connects to the Wi-Fi and uses her favorite apps,” explains an example. “Everything looks and behaves as normal, however an attacker is sitting at a nearby table and performs a silent HRH attack on her apps. The next day, she wakes up at home and logs in to read the news, but she’s now reading the attacker’s news!”

They estimate that at least 10,000 iOS apps in the Apple App Store are vulnerable to the hack. As a result, apps that display news, stock quotes, social media content, or even some online banking details can be manipulated to display fraudulent information and intercept data sent by the end user.

Victims can uninstall apps to scrub their devices clean, and Skycure has released app code that prevents the web caching from taking place. It may be a while until developers can get this fix implemented, so connect to those public networks with extreme caution.

Hackers breach PureVPN website by exploiting a zero-day WHMCS vulnerability

Customers of the Virtual Private network provider "PureVPN" over the weekend started receiving a fake email claiming to be from the founder saying that "due to an incident we had to close your account permanently".

"We are no longer able to run an anonymization service due to legal issues we are facing" The fake email reads.

"We had to handover all customer’s information to the authorities unfortunately. They might contact you if they need any details about the case they are working on. The following information was handed over: your name, billing address and phone number provided during purchase and any documents we had on file (for example scan of your ID or driver’s license if you have provided these to our billing department)."

However, the Co-founder ,Uzair Gadit, said in the official blog post that the email is fake and confirmed the purevpn website hit by a security breach.

Hackers exploited a vulnerability in 3rd party application WHMCS and compromised the email IDs and names of registered users.

"We repeat no billing information such as Credit Card or other sensitive personal information was compromised." The blog post reads.

Vulnerability in WhatsApp allows decrypting user messages

A serious vulnerability in WhatsApp allows anyone who is able to eavesdrop on WhatsApp connection to decrypt users' messages.

Whatsapp, the mobile application for instant messaging platform has become one of the main communication tools of the present day and its popularity makes it attractive for security researchers and hackers.

This time it is debated in the protection of the messages exchanged through the application, thanks to a vulnerability in the crypto implementation they can be intercepted by an attacker.

Thijs Alkemade is a computer science student at Utrecht University in The Netherlands who works on the open source Adium instant messaging project, during its research activity he disclosed a serious issue in the encryption used to secure WhatsApp messages.

In the post titled "Piercing Through WhatsApp’s Encryption" Alkemade remarked that Whatsapp has been plagued by numerous security issues recently, easily stolen passwords, unencrypted messages and even a website that can change anyone’s status.

"You should assume that anyone who is able to eavesdrop on your WhatsApp connection is capable of decrypting your messages, given enough effort. You should consider all your previous WhatsApp conversations compromised. There is nothing a WhatsApp user can do about this but expect to stop using it until the developers can update it." states the researcher.

An attacker sniffing a WhatsApp conversation is able to recover most of the plaintext bytes sent, WhatsApp uses RC4 software stream cipher to generate a stream of bytes that are encrypted with the XOR additive cipher.

The mistakes are:

• The same encryption key in both directions
• The same HMAC key in both directions

Below the trick used by the researcher to reveal the messages sent with WhatsApp exploiting first issue:

WhatsApp adopts the same key for the incoming and the outgoing RC4 stream, "we know that ciphertext byte i on the incoming stream xored with ciphertext byte i on the outgoing stream will be equal to xoring plaintext byte i on the incoming stream with plaintext byte i of the outgoing stream. By xoring this with either of the plaintext bytes, we can uncover the other byte."

The technique doesn't directly reveal all bytes but works in many cases, another element that advantage the attacker is that messages follow the same structure and are easy to predict starting from the portion of plaintext that is disclosed.

The second issue related to the HMAC id more difficult to exploit, Alkemade said WhatsApp also uses the same HMAC key in both directions, another implementation error that puts messages at risk, but is more difficult to exploit.

The MAC is used to detect data alteration but it is not enough to detect all forms of tampering, the attacker potentially could manipulate any message.

"TLS counters this by including a sequence number in the plaintext of every message and by using a different key for the HMAC for messages from the server to the client and for messages from the client to the server. WhatsApp does not use such a sequence counter and it reuses the key used for RC4 for the HMAC."

Alkemade is very critical to the development team of the popular platform:

“There are many pitfalls when developing a streaming encryption protocol. Considering they don’t know how to use a xor correctly, maybe the WhatsApp developers should stop trying to do this themselves and accept the solution that has been reviewed, updated and fixed for more than 15 years, like TLS,” he said.

I agree with the thinking of the researcher, security for applications such as WhatsApp is crucial given its level of penetration, it is true that the interest of the scientific community and cybercrime will surely lead them to discover new vulnerabilities to which WhatsApp have to provide a quick solution.

Alkemade confirmed that there is no remediation for the flaw in this moment, that's why he suggest to stop using WhatsApp until developers produce a patch.

Antivirus firm ESET and BitDefender website defaced by Pro-Palestinian Hackers

A pro-Palestinian hacktivist group 'KDMS Team', who recently managed to briefly hijack the Metasploit website of security firm Rapid7 and become popular after Hacking World's largest Web Hosting Network Leaseweb website and antivirus vendors AVG, Avira as well as mobile messaging service WhatsApp's websites.

Now even I have to say that - Security is just an Illusion, because just now the group aligned with Anonymous has successfully hijacked another two Antivirus firm website - ESET and Bitdefender.

The KDMS Team successfully changed the DNS records of both sites to redirect people to a website playing the Palestinian national anthem and displaying a political message under the title "You Got Pwned".

Message posted on Bitdefender and Eset website says:

Hello bitdefender
Touched By KDMS team
We was thinking about quitting hacking and disappear again ..!
But we said : there is some sites must be hacked
You are one of our targets Therefore we are here ..
And there is another thing .. do you know Palestine ?
There is a land called Palestine on the earth This land has been stolen by Zionist Do you know it ?
Palestinian people has the right to live in peace Deserve to liberate their land and release all prisoners from israeli jails We want peace Long Live Palestine

Both affected domains are registered from REGISTER.COM, INC. by companies, which is also a domain registrar for Metasploit website -- was hijacked yesterday via a spoofed change request faxed to Register.com. But the technical details on how hackers managed to hijack the ESET and Bitdefender website is not yet available, we are in contact with hackers.. Will update the article in a few hours. Stay Tuned !

Defacement of Security companies is really embarrassing and hacker's tactics allowed them to get their political message to millions of users. One of their team members tweeted, "When it's a matter of resistance no one will blame you. . Free Palestine .. Fight for Palestine"

Chinese hackers miss Google network, but the checks go on

Google exec Schmidt says U.S. government networks are in danger 'because no one is there' during the shutdown to stop hackers - See more at: http://www.computerworld.com/s/article/9243040/Chinese_hackers_miss_Google_network_but_the_checks_go_on#sthash.a3ec9xiO.dpuf

 Google exec Schmidt says U.S. government networks are in danger 'because no one is there' during the shutdown to stop hackers.

He put a question to an audience Gartner's Symposium ITxpo here on Monday. "Raise [your] hand if you're sure the Chinese are not inside your corporate network."

Many of the 8,500 attendees were in the hall to hear the question, but only five hands were raised. "Congratulations," Schmidt said from the stage.

Getting more serious, Schmidt lamented the open pathways in corporate networks, letting hackers slip in via NT servers.

Schmidt suggested a better network would eliminate the corporate intranet.

"We're going to have just a network. We're going to make sure that gaining access is application to application," he said.

In an interview on stage with Gartner analysts David Willis and Drue Reeves, Schmidt was asked whether he's sure that Chinese hackers haven't penetrated Google's corporate network.

"We're quite sure they are not right now," said Schmidt of the Chinese, "although every second we check." The audience chuckled.

"I can be quite sure that the Chinese are visiting the U.S. government at the moment because no one is there," said Schmidt, a reference to the federal government shutdown.

Major vendors, and other companies, have faced attacks from China.

Meanwhile, when asked about the security of mobile devices running the Google built Android operating system, Schmidt said "it's more secure than the iPhone."

Eric Schmidt, Google's executive chairman, put a question to an audience Gartner's Symposium ITxpo here on Monday. "Raise [your] hand if you're sure the Chinese are not inside your corporate network."

Many of the 8,500 attendees were in the hall to hear the question, but only five hands were raised. "Congratulations," Schmidt said from the stage.
Getting more serious, Schmidt lamented the open pathways in corporate networks, letting hackers slip in via NT servers.
Schmidt suggested a better network would eliminate the corporate intranet.
"We're going to have just a network. We're going to make sure that gaining access is application to application," he said.
In an interview on stage with Gartner analysts David Willis and Drue Reeves, Schmidt was asked whether he's sure that Chinese hackers haven't penetrated Google's corporate network.
"We're quite sure they are not right now," said Schmidt of the Chinese, "although every second we check." The audience chuckled.
"I can be quite sure that the Chinese are visiting the U.S. government at the moment because no one is there," said Schmidt, a reference to the federal government shutdown.
Major vendors, and other companies, have faced attacks from China.
Meanwhile, when asked about the security of mobile devices running the Google built Android operating system, Schmidt said "it's more secure than the iPhone."
- See more at: http://www.computerworld.com/s/article/9243040/Chinese_hackers_miss_Google_network_but_the_checks_go_on#sthash.a3ec9xiO.dpuf

WhatsApp Website defaced by KDMS team

WhatsApp Defaced Page

 

 

 

 

 

 

 

 

 

 

The Web site of WhatsApp, a widely used messaging app, appeared to have been defaced Tuesday.
The site showed a pro-Palestinian message at 2:40 a.m. PT Tuesday and was given the title "You Got Pwned." A group called KDMS Team claimed credit for the attack.

According to the Whois database, which can be used to see what numeric Internet Protocol (IP) address is assigned to a given Internet domain, the whatsapp IP address record was changed on Tuesday. Such a change, made through the Internet's Domain Name Service (DNS) system, is one way that users who typed in the whatsapp.com name would be redirected to a different Web site.
It wasn't immediately clear if there were any problems with WhatsApp's customer data or services. CNET contacted the company for comment and will update this story with its reply.
WhatsApp is used to send billions of messages a day using mobile apps.

AVG Antivirus and Avira Websites defaced by Palestinian Hackers

AVG Antivirus Hack Screenshot

The Website of Word's most popular Antivirus Firm - AVG were hacked this morning and defaced by a new Palestinian Hacker group - KDMS Team, affiliated with Anonymous Group.

The Defacement page titled 'You got Pwned', with Anonymous Logo and playing Palestinian national anthem in the page background, says: 

we want to tell you that there is a land called Palestine on the earth
this land has been stolen by Zionist
do you know it ?
Palestinian people has the right to live in peace
Deserve to liberate their land and release all prisoners from israeli jails
we want peace and "There Is No Full Security We Can Catch You !"

UPDATE : Another Antivirus Firm 'AVIRA' website also defaced by hackers, just few minutes before.

Avira Website Defaced Page

NETWORK SOLUTIONS, LLC is common Domain Registrar for AVG, Avira and Whatsapp . Possibly, hacker compromised the Domain Registrar and modifies the DNS settings to perform DNS Hijacking.

16-Year School boy arrested for World's biggest cyber attack ever

16-Year-Old Teenager has been arrested over his alleged involvement in the World's biggest DDoS attacks against the Dutch anti-spam group Spamhaus.

 

The 16-year-old was detained by detectives at his home in south-west London after “significant sums of money” were found to be “flowing through his bank account”. He was also logged on to what officials say were “various virtual systems and forums” & had his computers and mobiles seized as officers worked through the night to secure potential evidence.

The March 20 attack on Spamhaus has been dubbed as the “biggest cyber attack in the history of the Internet” which saw server of the Dutch anti-spam organization being bombarded with traffic in tune of 300 billion bits per second (300Gbps).

 

A DDoS attack takes place when hackers use an army of infected computers to send traffic to a server, causing a shutdown in the process.

It's unclear what role the teenager played in the massive distributed denial of service (DDoS) attack. The boy has been released on bail until later this year. A 35-year-old Dutchman was detained and his computers, data carriers and mobile phones were seized, local media speculates that the person is none other than CyberBunker spokesman Sven Olaf Kamphuis.

 

FBI Cyber Division put 'Syrian Electronic Army' Hackers in wanted list

 

The Syrian Electronic Army (SEA), a pro-regime hacker group that emerged during Syrian anti-government protests in 2011, and involved in cyber attacks against western media organizations are now in the FBI's wanted list.

The Federal Bureau of Investigation has issued an alert warning of cyber attacks by the Syrian Electronic Army and finally put them on its radar. "The SEA'S primary capabilities include spear-phishing, web defacements, and hijacking social media accounts to spread propaganda." they said. The FBI also has increased its surveillance of Syrians living in the US.

According to some anti-Assad activists, the group was founded by former intelligence agents and hardcore Assad supporters. SEA had compromised social media profiles for Western news organizations by sending fake email messages to news staff in an attempt to gain access to login credentials.

 

Most recently, the group grabbed international attention after commandeering the websites of the New York Times, Washington Post and this week the recruitment website for the US Marine Corps.

The group's was able to compromise the multiple Associated Press (AP) Twitter feeds, then using them to issue bogus messages, including the following alert on April 23 i.e. "Breaking: Two Explosions in the White House and Barack Obama is injured." In the wake of that tweet, the White House confirmed that the president was unharmed, that there had been no explosions and that the FBI was investigating the hoax tweets.

So how did the SEA get better in only a few months? ''I don't think it would be unreasonable to suspect someone more skilled is helping them out,'' says Adam Myers, vice president of intelligence for security firm CrowdStrike.

Is the Syrian Electronic Army based in Syria? After Syria reestablished its Internet connection last week, following a blackout that lasted approximately 24 hours. Security Experts noticed that Syrian Electronic Army Hackers were online on twitter. These kinds of cuts do not affect the terrorists operating in Syria as they have their own US-supplied communication equipment.

The Syrian Electronic Army has multiple domains seized by its domain registration firm. Interestingly, The Syrian Electronic Army's first domain name was registered by the Syrian Computer Society, hosted on the network of the Syrian government.

“Please maintain heightened awareness of your network traffic and take appropriate steps to maintain your network security,” the FBI memo said. FBI request anyone who suspects they're under attack to call its CyWatch division at 855-292-3937.

Researchers Discover 'Hesperbot' - A New and Potent Banking Trojan

 

Security firm ESET has discovered a new and effective banking trojan, targeting online banking users and designed to beat the mobile multi-factor authentication systems.

Hesperbot detected as Win32/Spy.Hesperbot is very identical to the infamous Zeus and SpyEye Banking Malwares and infects users in Turkey, the Czech Republic, Portugal, and the United Kingdom.

Trojan has functionalities such as keystroke logging, creation of screenshots and video capture, and setting up a remote proxy.

The attackers aim to obtain login credentials giving them access to the victim’s bank account and getting them to install a mobile component of the malware on their Symbian, Blackberry or Android phone.

Some other advanced tricks are also included in this banking Trojan, such as creating a hidden VNC server on the infected system and can do network traffic interception with HTML injection capabilities.

The trojan also harvests email addresses from the infected system and sends them to a remote server. It is possible that these collected addresses were also targeted by the malware-spreading campaigns.

 

So far, the Trojan hasn't spread too far. The campaign was first detected in the Czech Republic where the attackers had used phishing emails impersonating the country’s postal service. Armed with this information, the crooks can try to log into victims' online bank accounts to siphon off their cash.

As for the UK, a special variant of the malware has been created, but ESET said it could not provide any further detail on it.

Hacking Facebook to delete any account; Facebook again refuses to pay Bounty

In the past few days, Facebook refused to pay bounty to Khalil Shreateh, the security researcher who used the bug he discovered to post directly on Facebook CEO Mark Zuckerberg’s Timeline after Facebook Security rejected his attempts to report it.

Ehraz Ahmed, an independent Security Researcher claimed that he reported a critical vulnerability to the Facebook Security team, which allows the attacker to delete any account from Facebook.

But Facebook refuses to Pay Bug Bounty, because he tested flaw once on his friend's account, "I reported this bug to Facebook, I'm really not happy with them. After waiting for such a long time for their reply, they denied it saying that you used this bug only works for test accounts, where as I used it for removing real accounts and now the vulnerability is also fixed after their email." he said on his blog.

Vulnerable URL:

https://www.facebook.com/ajax/whitehat/delete_test_users.php? fb_dtsg=AQA1E-WE&selected_users[0]=[Victems Profile ID]&__user=[Attackers Profile ID]&__a=1

Where selected_users[0] and __user parameters are vulnerable to run exploit.

 

Secunia launches the next generation of Complete Patch Management: The Secunia CSI 7.0

Cybercrime costs organizations millions of dollars and to protect business from the consequences of security breaches, vulnerability intelligence and patch management are basic necessities in the toolbox of any IT team, as emphasized by organizations like the SANS Institute and the National Institute of Standards and Technology under the US Department of Commerce (NIST).

The Secunia CSI 7.0 is the Total Package: Vulnerability Intelligence, Vulnerability Scanning with Patch Creation and Patch Deployment Integration.

To help IT teams counter the threat, vulnerability research company Secunia merges the in-house vulnerability expertise with a sophisticated patch management solution into the Secunia Corporate Software Inspector (CSI 7.0). The foundation of the Secunia CSI is a unique combination of vulnerability intelligence and vulnerability scanning, with patch creation and patch deployment integration.

Fake 'Grand Theft Auto V' Torrent Spreads Malware

Excitement continues .. Rockstar Games schedule the release of latest The Grand Theft Auto series, GTA 5 on September 17, but Cyber Criminals has already released a fake version of GTA 5 contains malware on torrent networks.

Romanian security firm BitDefender issued warning that GTA V hasn’t been leaked, and during installation you will be asked to complete a survey and send off a text message to gain the serial number. You will then be charged €1 per day on your phone bill and will be infected by a virus.

The PC version has yet to be announced, so trying to install it on your PC is a ridiculous idea; but that seems to be what a lot of people are doing.

"The survey opens in a web browser and, therefore, is able to perform a geographic redirect to the web page that corresponds to the area you are located in," said, Bitdefender Senior E-Threat Analyst Bogdan Botezatu.

This malware is a generic Trojan Trojan.GenericKDV.1134859, which can steal user information, tamper with system files or draft a computer into a botnet. This will result in you being charged for premium rate text messages sent by bogus firms.

The easiest way to avoid this malicious software is to not illegally download copies of GTA V, especially when the game isn't yet launched.

Code-sharing site GitHub now offers two-factor authentication to its users

Code repository GitHub offers two-factor authentication to beef up security around its users’ accounts. Github is a coding repository where developers used to build their projects projects that may turn out to be valued knowledgeable assets.

Two-Factor Authentication adds another layer of authentication to the login process, Now users have to enter their username and password, and a secret code in the second step, to complete the sign in. If a hacker manages to steal a user's credentials through phishing or trojans, cannot do anything, as they do need a second key to enter.

“We strongly urge you to turn on 2FA for the safety of your account, not only on GitHub, but on other websites that support it,” the company says. This two-factor authentication for Githu can be turned on in your account settings.

GitHub hit 3.5 million users’ landmark along with 6 million repositories deposited on its 5th anniversary in April. Two-factor authentication can protect you from phishing attacks, where hackers try to trick you into giving over your information.

For receiving the second authentication factor, users can either choose to receive it via a text message or can use dedicated authentication mobile app i.e. Google Authenticator for Android/iPhone/BlackBerry or Duo Mobile for Android/iPhone or Authenticator for Windows Phone 7.