Posted by Avik Sarkar On 2/27/2013 08:17:00 pm
Shahrukh.com -The Official Fan Site of Shahrukh Khan Hacked
Last week we covered the hack of several Yamaha motor's official website, where a newly formed hacker group named 'Dark Snipper' took responsibility of that attack. Yet again that group strikes while setting a new target and that is the official website of famous Indian actor Shahrukh Khan's fan. Shahrukh Khan widely known as SRK, one of the most famous actor in Indian industry called "Bollywood". The attack took place couple of days ago, where this Pakistani hackers community have gained access into the server where shahrukh.com was hosted and thus the defaced the index page. After the matter get spotted, the webmaster took action and recovered the website. But the hacker did not forget to create a deface mirror on Zone-H, to justify the hack. Though such kind of cyber attack against Bollywood celebrities is a very normal phenomenon, infarct earlier we have seen the official website of Shahrukh Khan's movie named 'Ra.One' Also the twitter account of srk once became the hot target of hackers. If we define the nature of the attack, then we must have to say no such big object or cause driven the hackers, so the main purpose of engaging the hack can be defined as fun purpose. While talking about relation between hackers and Bollywood we would like to remind you that earlier we have seen several instances where celebrities like Mahesh Bhatt, Kangna Ranaut, Mallika Sherawat, Arbaaz Khan, Vishal and Shekhar and so on have fallen victim to cyber criminals.
Posted by Avik Sarkar On 2/27/2013 08:17:00 pm
Hackers Hit Microsoft Windows Azure Causing 12 Hour Outage, Affecting Xbox & 52 Other Services
Windows Azure the cloud computing platform of Microsoft for building, deploying and managing applications and services through a global network of Microsoft-managed datacenters faced an unwanted disaster due to organized cyber attack which interrupted its service world wide. While looking at the scenario the Redmond based software giant sincerely apologize for the interruption and any issues it has caused and declared that they will refund Windows Azure customers impacted by the said outage last week caused by an expired SSL certificate. The Windows Azure Storage outage affected at least 52 services, including Xbox Live on Thursday night and Friday.
In a blog post while describing the situation Microsoft said - "HTTP traffic was unaffected but the event impacted a number of Windows Azure services that are dependent on Storage. We executed the repair steps to update the SSL certificate on the impacted clusters and availability was restored to >99% worldwide by 1:00 AM PST on February 23. At 8:00 PM PST on February 23, we completed the restoration effort and confirmed full availability worldwide. Given the scope of the outage, we will proactively provide credits to impacted customers in accordance with our SLA. The credit will be reflected on a subsequent invoice. Our teams are also working hard on a full root cause analysis (RCA), including steps to help prevent any future reoccurrence."
Posted by Avik Sarkar On 2/25/2013 02:07:00 pm
NBC.com Compromised, Hackers Exploited The Website to Spread Malware
The month of February is still going from bad to worse for the cyber domain, in this very month cyber criminals swallowed the security system of many giant companies like Facebook, Twitter, Apple, New York Times and many more. But the game is not over yet, as we have just passed a few weeks, when the attack on NY Times took place, which stolen the employ database; yet again the cyber criminals have targeted another media giant National Broadcasting Company widely known as NBC. During the attack, hackers have successfully gain access inside the server of NBC and planted malware, in order to harm innocent readers. Famous security expert and blogger Brian Krebs said that the hackers inserted code into the NBC.com homepage. This caused visiting browsers to load pages from third-party sites that were compromised. While explaining the nature of the attacker, Krebs said; "The compromised sites tried to foist the Citadel Trojan, a variant of the Zeus Trojan." The Zeus is a "sophisticated data theft tool that steals passwords and allows attackers to control machines remotely" he added. Not only the NBC’s home page, also several others were affected, including the pages of late night talk show hosts Jay Leno and Jimmy Fallon. Well known security firm Sophos explained how roughly attack played out, and how NBC got sucked into the equation:
- The IFRAME sucked in further malicious content from websites infected with an exploit kit known as RedKit.
- The exploit kit delivered one of two exploit files to try to take control over your browser via a Java vulnerability or a PDF bug.
- If the exploit worked on your computer, financially-related crimeware from the Citadel or ZeroAccess families was installed.
This, of course, is an example of a dreaded drive-by download, where the crooks use a cascade of tricks to download, install and execute software without going through any of the warnings or confirmation dialog you might expect. This, in turn, means that even if you are a careful and well-informed user, you may end up in trouble, since there are no obvious signs that you are doing anything risky, or even unexpected.
As soon as this story get spotted the American commercial broadcasting television network, NBC News reported and confirmed that its site had been attacked. The broadcaster released the following statement regarding the website: "We've identified the problem and are working to resolve it. No user information has been compromised."
The emergency response team immediately take the situation under control and restored the website, and confirmed that the site is back again and completely safe for its visitors. But so far there is no evidence of attackers who were involved in this attack. For the safety of VOGH readers we would like to recommend you to update your operating systems and browser plugins. Also note that the attack on NBC was similar to many that have occurred in recent years in that the malicious sites tried to exploit vulnerabilities in Java. So it will better to disable Java, unless it is that much necessary. So stay tuned with VOGH and be safe in the cyber domain.
Posted by Avik Sarkar On 2/23/2013 02:01:00 pm
Twitter Account of Hacktivist Group Anonymous Hacked By 'Rustle League'
The scenario of hackers targeting another hacker has became a very common matter, in last two years we have seen many instances of the above matter where a hacker hit another hacker's site, community, blog, forums and so on. Today the story which I will about to discuss is the same matter where infamous hacker community named 'Anonymous' fallen victim. A newly formed hacker group calling them selves "Rustle League" targeted one of the officially recognized twitter account (@Anon_Central) belongs to hacktivist group which have more than 160,000 followers. According to security experts "the reason Anonymous fell victim is probably human weakness." Or in other word many of twitter accounts get hacked due to choosing week passwords. "Chances are that they followed poor password practices, like using the same password in multiple places or choosing a password that was easy to crack. Everyone should learn better password security from incidents like this - if it can happen to an account run by Anonymous supporters, it could happen to you" said another expert of security firm Sophos. The hack on Anonymous twitter account placed Thursday morning and three hours later, those running the feed tweeted that they had gained back control of their account.
While talking about attack on Twitter, we would like to remind you that, in this month a sophisticated cyber attack compromised the security system of the social networking giant twitter, where more than 250,000 twitter users have fallen victim. Though the hack of Anonymous twitter account does not resembles to the said matter, but the hack can be considered in the list of twitter hacking, widely known as #twithackery; where hackers gain temporary access of celebrity and famous twitter accounts. If you did the history we will find the following names, WWE champion John Cena, Star Rita Ora, Justin Bieber, Teyana Taylor,American pop singer Kesha, NBC News, Fox News Politics, USAToday, Lady Gaga’s Twitter Account, Anders Breivik, Mahesh Bhatt, Huffington Post; these are the famous names who have fallen victim to twithackery.
Posted by Avik Sarkar On 2/20/2013 06:52:00 pm
Apple Hacked, Macintosh Computers Infected By The Same Group Who Attacked Facebook
The month of February is not going good for cyber space, specially for giant organization. Last week the social networking giant Facebook fallen victim of a devastating cyber attack which did effected a number of systems. Facebook admitted that it faced a "sophisticated attack" on computers where it has been found the attackers used a zero-day Java exploit to initiate the attack, but that no user data was compromised. The same thing happened to micro blogging site Twitter and New York Times. And now it was the turn for Apple. The California based multinational company acknowledged that recently their systems has been attacked by hackers who infected Macintosh computers of some employees. Like Facebook here also no data has been effected, "there was no evidence that any data left Apple." -said Apple.
According to an exclusive report of Reuters -some unknown hackers infected the computers of some Apple workers when they visited a website for software developers that had been infected with malicious software. The malware had been designed to attack Mac computers. The same software, which infected Macs by exploiting a flaw in a version of Oracle Corp's Java software used as a plug-in on Web browsers, was used to launch attacks against Facebook, which the social network disclosed on Friday. The malware was also employed in attacks against Mac computers used by "other companies," Apple said, without elaborating on the scale of the assault. Experts are presuming that all these cyber attacks of February, that is Twitter, New York Times, Facebook & Lastly Apple Inc was originated from China, and executed by the same hacker group. On the other side few experts are also saying that the group responsible for the hack, has been identified as "Unit 61398" of the People's Liberation Army. But so far there is no proof.
Apple also revealed that it plans to release a software tool later Tuesday that will protect customers against the same type of software that was used against its employees.
Apple also provided a statement as follows:-
"Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.
Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days. To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found..."
Posted by Avik Sarkar On 2/20/2013 06:52:00 pm
Hidden Costs of 'Data Theft' A Serious Issue! What You Need to Know to Be Safe
Sitting at the edge of technology, we the people of this century are blessed with all the required equipment which makes our work so easy that one could have even imagined three hundred years ago. Along with these positive sides, we must have to keep in mind that, these technologies not only elaborating our effort making life easier, but also posing high level of threat. As the main concern of VOGH is cyber domain, so here w would like to share a fact which will make you think and even make your cyber life and your personal life too uncanny. Yes, I am talking about the rising cyber threats; the more we are shedding with technologies, the more we are involving our lives with some dangerous threats and challenges. Now a days cyber criminals are every where, you don't even know, what trap has already been set for you, that can ruin your happy life. One of the big example is "Data Theft" which becoming boomerang for us. In an age of fully digitized data, consumers and businesses can lose thousands of dollars in the blink of a hacker’s eye. The costs of data theft are well known to anyone who has ever found themselves victim to financial identity or medical record fraud. What few of us realize is that the procedures required to right a financial wrong are often costlier than the crimes themselves. Lets share some interesting statistic, which will surely put terror in your mind - the economy loses an average of $22,346 for every time an identity is stolen. And to fully recuperate losses, repair credit and prosecute fraudsters, consumers, accountants, lawyers and IRS officials can spend up to 5,000 hours, the equivalent of two years of full-time work on a single case. Even so, 60% of medical record fraud victims admit that they don’t monitor their medical statements for inconsistencies.
Shocking!! Why not?
For one, most consumers don’t have time every month to file through complex medical or financial statements and check for accuracy. And secondly, the image of thousands of evil savants working around the clock to hack BOA databases sure makes a consumer feel helpless. Identity theft seems random and unpreventable–a stroke of bad luck like getting struck by lightning. If we are struck, we tell ourselves, banks, credit agencies and insurance companies are legally bound to recover our funds and correct our records.
Now lets check out a fascinating video in our Hidden Costs Series to get a deeper look at how our high-cost, high-risk data management systems really work.
Hidden Costs of Data Theft (Statistic At a Glance):-
Data theft includes financial identity theft, identity cloning, and medical identity theft. The average cost per victim was $22,346 in 2012. And the total national cost of just medical identity fraud was $41 billion in 2012. The worst part – nearly 60% of reported victims say they don’t ever check their medical records for fraud. Depending on the severity of the case, it can take over 5,000 hours (the equivalent of working a full-time job for two years) to correct the damage.
Since 1935, over 435 million social security cards have been issued. That’s over 2,175 tons of paper issued as cards, or 52,200 trees and 5 million new cards are issued every year.
Worldwide, digital warehouses storing private information, like banking and personal history, use about 30 billion watts of electricity, which equals roughly the output of 30 nuclear power plants. Data centers in the US make up almost a third of that usage, and waste 90% of the electricity they pull off the grid.
On average, 47% of victims encounter problems qualifying for a new loan and 70% have difficulty removing the negative information from their credit reports.
Over the next five years, the IRS stands to lose as much as $21 billion in revenue due to identity theft, and worldwide, businesses lose close to $221 billion a year with the US, UK, Canada and Australia ranking the highest in reported fraudulent activity.
After reading the above story carefully, many of you will feel insecure and panic. But I would like to inform you that the main purpose of sharing such important information, is to enhance carefulness, to rise cyber awareness. Many people became victim, not because of less knowledge, but of less information, less awareness. So from now onward before connecting your self into the digital world make sure that the significant & the emergent knowledge and information you have gathered from the article, should remain intact inside your brain. Trust me, if you became a bit cautious, you can easily get rid of all those cyber threats, and can enjoy the bless of technologies to make your life prosperous and happy.
So stay tuned with VOGH and also be canny, be attentive and be safe inside the digital world.
We the Team VOGH heartily thanks one of our invaluable reader and friend Emily Stewart of Insurance Quotes for the statistic and the awesome video. We love you Emily :)
Posted by Avik Sarkar On 2/20/2013 06:52:00 pm
Ambedkar Institute of Telecom Training India (BRBRAITT)Hacked By Hitcher
He was noiseless since his last massive attack against Israel, with the banner of #OpIsrael for Muslim Liberation Army. He was mum but not passive, and it shows when well known Pakistani hacker going by the name of "Hitcher" come back again. The name of Hitcher is common to us for defacing high profile websites, his last few high profile hack was HP Training Center, Bank of Punjab, Kingfisher Airlines, Central Statistical Agency of Ethiopia & 100+ Chinese Govt Websites, again ensue the same path. This time the target was the official website of Bharat Ratna Bhim Rao Ambedkar Institute of Telecom Training India (BRBRAITT) also known as India Premier National Level Telecommunication Training Center. As per sources the hacker managed to breach the server security and get administrative access into the BBBRAITT system. He not only hacked and defaced the index page, but also stolen sensitive data like employ details, course curriculum, student details, several ongoing project information, and few more confidential tidings. Immediately after the hack, webmaster of BBBRAITT noticed the issue and patched those security holes and back doors from which the hacker get in. Also he restored the site to its normal format. But still the deface mirror can be found on an archiving site called Th3Mirror.com, though the reason of this hack is still a mystery.
Brief About BRBRAITT:-
BRBRAITT is one of the premier institutes of BSNL India, imparting training in various fields like latest technologies in field of telecommunications, computer networking, accounting, management, providing competency and skills to meet the ever changing needs of esteemed customers.
Posted by Avik Sarkar On 2/18/2013 08:55:00 pm
NASA Sub-domain is Vulnerable Allowing Serious Information Disclosure
National Aeronautics and Space Administration, widely known as NASA used to fascinate the hackers to come and breach its security system. Many of our readers may be astonished after reading the above lines, but its a fact and history is the witness of that. So far NASA have been targeted several times, where hackers have figured out vulnerability and penetrated the digital security. Yet again same thing happened to NASA, when an ethical hacker from India going by the name of "Zero Cool" find out serious loopholes in one of the sub-domain of NASA, which could lead sensitive information disclosure. The hacker shared a vulnerability report with us, where he has shown that, exploiting the vulnerability one malicious attacker can easily extract lots of confidential data from NASA server, such as source code of various programs (used by NASA), current project information, future research paper, topological graph, license information, several executable files, .dll files, private application software & it's source codes, employ details and many more highly confidential or in other word "Top Secrete" data and files. For security and privacy purpose we are not disclosing those vulnerable links, but exclusively for VOGH readers we are sharing few images to justify the fact.
This vulnerability report has already been submitted to NASA, and as expected they immediately reacted and promised to path those loopholes with immediate effect. While talking about the ethical hacker "Zero" we would like to remind you that, before this NASA vulnerability disclosure, he exposed several vulnerabilities among many major and high profile websites such as Facebook, Reebok,Indiagames, mtv, lapdonline, UNESCO, Toshiba, Discovery.com, Novell.com, Microsoft Store India, several Pakistani and Bangladeshi Govt websites and many more.
Posted by Avik Sarkar On 2/18/2013 08:55:00 pm
Yamaha Motor's Official Website of Six Different Countries Hacked By Dark Snipper
Yamaha, Japanese multinational corporation; widely known to us for manufacturing motorcycles and power sports equipment, have fallen victim in front of hackers. A newly formed hacker group calling themselves "Dark Snipper" targeted several websites of Yamaha. This round of cyber attack has blown Six Yamaha websites from different countries like Bosnia Herzegovina, Croatia, Montenegro, Macedonia, Slovenia & Serbia. According to sources a few hackers code named 'Soul Inj3ct0r, P4K-CoMManDeR, Error Haxor, Dream.Killer, X3o-1337 & SOG' mainly from Pakistan took responsibility of the hack. So far the reason of the attack is not clear, but still the deface page is saying that the attack was inspired by the cause of "Free Palestine". But it is very irrelevant that, why the hacker group targeted Yamaha, as there is hardly any relation between the cause of Gaza, Palestine and Yamaha. What ever! Yamaha authority and the cyber response team immediately recovered those hacked sites by deleting the hacker's page (as shown in the picture below) and patched the security hole.
It is come to our concern that, team 'Dark Snipper' managed to get access into Yamaha server, where all those domain were hosted, and that is why it became possible for the hackers to breach all those Yamaha sites. But, Yamaha did not passed any reaction after the breach.
Posted by Avik Sarkar On 2/14/2013 03:16:00 pm
Julian Assange Started His Journey For Australian Senate on Behalf of WikiLeaks Party
The world knows Julian Paul Assange, as the editor-in-chief and founder of WikiLeaks, which publishes submissions of secret information, news leaks and classified media from anonymous news sources and whistleblowers, will now see a different avatar as Mr. Assange have taken the first step toward a Senate run in the Australian state of Victoria as a member of the newly formed WikiLeaks Party. According to sources, Assange's electoral enrollment application was submitted to the Australian Electoral Commission in Melbourne by WikiLeaks supporters, including Assange's father, John Shipton. Mr Shipton said Mr Assange's enrolment was ''a first step'' in a political campaign that would focus on ''the democratic requirement of truthfulness from government''. The party, not yet registered with the Australian Electoral Commission, has an initial 10-member national council comprised of close associates of Mr Assange and pro-WikiLeaks activists. Its constitution highlights the promotion of openness and transparency in government and business. Mr Assange has nominated his mother's home in Mentone, in the federal electorate of Isaacs, as his address for eligible enrolment before his most recent trip overseas in June 2010 -reported a reputed Australian daily.
According to post of The Age we came to know that --Australian citizens living overseas can enrol to vote as an overseas elector, and consequently run as a Senate candidate if they left Australia within the past three years and intend to return within six years of their date of departure.
Mr Assange has indicated that if elected and unable to return to Australia to take up a seat in the Senate, a WikiLeaks Party nominee would fill the vacancy. Opinion polls last year by UMR Research, the company the Labor Party uses for its internal polling, suggest that Mr Assange could be a competitive Senate candidate in Victoria.
Assange spoke of his political ambitions in December, when he said he was interested in running for Senate, adding that "a number of very worthy people admired by the Australian public" had signaled they'd be willing to join him on a party ticket. A representative for the Australian Electoral Commission said the application for electoral enrollment is a private matter between the applicant and the commission, so he would not discuss individual cases.
While talking about Jullian Assange and WikiLeaks, we would like to give you reminder that in this year we got several leaks from WikiLeaks, among them -'Detainee Policies' containing more than 100 classified or otherwise restricted files from the United States Department of Defense covering the rules and procedures for detainees in U.S. military custody. SpyFiles, GI Files (Global Intelligence Files & Five Million E-mails From Stratfor) & The Syria Files Containing 2.5 Million Emails of Syrian Politicians, Govt, Ministries & Companies.
Posted by Avik Sarkar On 2/14/2013 03:16:00 pm
#opSOTU By Anonymous To Oppose Executive Cyber Security Order (The Revised CISPA)
Last year the Internet and its trillion of users across the globe has faced several barrier when, number of approach from Senate and government, along with few corporate and other organization were in the target to make the entire Internet censored. To engage this motive they have approached and introduced a number of regulations and act such as SOPA, PIPA, CISPA & ACTA. But to implement those enactment was not that easy, as huge number of organization (including White House, Wikipedia & so on), billions of mass people stand against those controversial act, and as expected those acts were ruled back, that said protest might not get the full success, if hackers around the globe did not take part in it. It was the hackers communities who forced the govt to roll back those rules. But the victory was not that easy to achieve, as the president of U.S. appeared before a joint session of Congress to deliver the State of the Union Address and he plans to sign an executive order for cyber-security as the House Intelligence committee reintroduces the defeated CISPA act which turns private companies into government informants. As soon as the deceleration of the executive order for cyber-security came, immediately protest came. Hacktivist group Anonymous yet against stand against the controversial CISPA, and called an operation dubbed Operation SOTU (#opSOTU). In the campaign the hacker group states a clear intent to obstruct Internet broadcasts of the president's State of the Union address, an action the group justifies by pointing to renewed interest in Congress to pass the Cybersecurity Intelligence Sharing and Protection Act (CISPA), a measure Anonymous has long opposed.
Press Release of Anonymous (#opSOTU):-
Last year we faced our greatest threat from lawmakers. We faced down SOPA, PIPA, CISPA and ACTA.
And we won!
But that victory did not come easily. Nor did it come without a price.
Aaron Swartz was one of the leading voices in the fight against these idiotic and destructive efforts to control the last free space on Earth.
Aaron Swartz was persecuted. Now Aaron Swartz is dead.
Tonight, the President of the United States will appear before a joint session of Congress to deliver the State of the Union Address and tomorrow he plans to sign an executive order for cyber-security as the House Intelligence committee reintroduces the defeated CISPA act which turns private companies into government informants.
He will not be covering the NDAA, an act of outright tyrannical legislation allowing for indefinite detention of citizens completely outside due process and the rule of law. In fact, lawyers for the government have point-blank refused to state whether or not journalists who cover stories or groups the Government disfavors would be subject to this detention.
He will not be covering the extra-judicial and unregulated justifications for targeted killings of citizens by military drones within the borders of America, or the fact that Orwellian newspeak had to be used to make words like “imminent” mean their opposite.
He will not be covering Bradley Manning, 1000 days in detention with no trial for revealing military murders, told that his motive for leaking cannot be taken into consideration, that the Government does not have room for conscience.
He will not be covering the secret interpretations of law that allow for warrant-less wiretapping and surveillance of any US citizen without probably cause of criminal acts, or the use of Catch-22 logic where no-one can complain about being snooped on because the state won’t tell you who they’re snooping on, and if you don’t know you’re being snooped on, you don’t have a right to complain.
We reject the State of the Union. We reject the authority of the President to sign arbitrary orders and bring irresponsible and damaging controls to the Internet.
The President of the United States of America, and the Joint Session of Congress will face an Army tonight.
We will form a virtual blockade between Capitol Hill and the Internet. Armed with nothing more than Lulz, Nyancat and PEW-PEW-PEW! Lazers, we will face down the largest superpower on Earth.
And we will win!
There will be no State of the Union Address on the web tonight.
For freedom, for Aaron Swartz, for the Internet, and of course, for the lulz.
We Are Anonymous,
We Are Legion,
We Do Not forgive,
We Do Not forget,
But unlike last year, this time the approach of CISPA is more organized, as not only Congress but also the White House will also unveil President Barack Obama's long-awaited executive order on cyber security. So to stand against such an organized and well planned act, the protester need to be more decent and more united. As we all want and prefer freedom and privacy in our personal life as well as in the Internet, so we will fight and expect to win. So stay tuned with VOGH, and lets see what is coming for us.
Posted by Avik Sarkar On 2/12/2013 07:05:00 pm
President Obama & Congress Will Issue Long Awaited Executive Cyber Security Order
Last week we reported that Pentagon has declared that they are moving toward a major expansion of its cyber security force to counter increasing attacks on the nation’s computer networks, as well as to expand offensive computer operations on foreign adversaries. Just one week after this declaration another crucial movement came from the U.S. government. A secret legal review on the use of America’s growing arsenal of cyber weapons has concluded that President Obama has the broad power to order a pre-emptive strike if the United States detects credible evidence of a major digital attack looming from abroad. According to sources President Barack Obama will issue a long-awaited cyber security executive order this week. Two former White House officials told the publication that the order is expected to be released after Tuesday night's State of the Union address.
Given his status as commander-in-chief, Obama seems to be the clear choice, but since cyber warfare is such a new and unknown thing, the government hasn't actually figured out the rules of engagement yet. In the past couple of decades, the power to use America's cyber weapons has been shared between the Pentagon and the various intelligence agencies. With the exception of a series of strikes on the computer systems that run Iran's nuclear enrichment facilities an attack that Obama ordered himself the U.S. hasn't launched any major cyber attacks in recent memory, however. This probably won't be the case in the future. So the government is working on new rules of engagement, as it realizes that the capabilities of cyber weapons are evolving at a startling rate. The rules will be not unlike the set that governs how drone attacks are ordered and who orders them. Cyber warfare certainly stands to affect the average American more, though. On Capitol Hill this week, Rep. Dutch Ruppersberger (D-Md.) and Rep. Mike Rodgers (R-Mich.) are set to reintroduce the Cyber Intelligence Sharing and Protection Act (CISPA) during a speech at the Center for Strategic and International Studies.
According to an exclusive report the bill would allow the government to share classified cyber threats with the private sector so that those companies can then protect their systems from cyber attacks. The bill was killed last year due to privacy concerns. Civil-liberty groups argued that the bill allows companies to exchange too much personal information back and forth without regulation.
Posted by Avik Sarkar On 2/09/2013 01:46:00 pm
HostGator India Hacked & Defaced By Indian Hacker Group Named "Cyber Rog"
In the cyber space no one is secured, whether its a defense organization, govt sector, federal authorities, giant IT company or even a hosting provider. The famous line "Security is an Illusion" is quite true, and it happens to one of the giant of web hosting provider "HostGator." It was the Indian domain of HostGator which have fallen victim in front of hackers. Few Indian hackers calling them selves "Cyber Rog" breached the tight security system of HostGator, not only that, but also the hackers uploaded his deface page in order to give some message to this giant hosting provider. "Let look at your face, you get pawned man" -said those hackers from Cyber Rog. They also vows to hit back while saying "Secure your website, next time we will be back." At the end the hacker group made a satire while camouflaging them selves while saying "We are Anonymous" followed by a funny symbol. Immediately after this massacre get spotted the HostGator team restored the site and deleted the hackers page as shown in the picture below.
But you can still view the deface page from a mirror site called "Legend-H" Such matter is deferentially shameful for company like HostGator who had passed the 200,000 mark in registered domains in 2008 and now that number has touched 80,00,000.
Posted by Avik Sarkar On 2/06/2013 07:12:00 pm
Pentagon Assigning More Experts to Boost Cyber Security & Protect U.S. Computer Networks
Cyber security has become one of the most sophisticated area of National security and defense, and in order to implement that Pentagon has increased their estimated expense on cyber security. And this deceleration has been made while publishing the budget late in last year. Now that implementation is getting executed as the Pentagon is moving toward a major expansion of its cyber security force to counter increasing attacks on the nation’s computer networks, as well as to expand offensive computer operations on foreign adversaries. This confirmation has came from defense officials. The expansion would increase the Defense Department’s Cyber Command by more than 4,000 people, up from the current 900, an American official said. Defense officials acknowledged that a formidable challenge in the growth of the command would be finding, training and holding onto such a large number of qualified people. The Pentagon “is constantly looking to recruit, train and retain world class cyberpersonnel,” a defense official said Sunday.
As part of the expansion, officials said the Pentagon was planning three different forces under Cyber Command: “national mission forces” to protect computer systems that support the nation’s power grid and critical infrastructure; “combat mission forces” to plan and execute attacks on adversaries; and “cyber protection forces” to secure the Pentagon’s computer systems. Cyber Command’s connections to the NSA are also leading some officials to ask how much of the expansion will be focused domestically, especially considering the opening of the NSA’s new, $2 billion Utah Data Center, scheduled to go live later this year. An unnamed "senior defense official" said that the agency’s efforts would remain focused outside US networks, unless it were asked to assist "another agency with domestic authority, such as the FBI." There is significant overlap between Cyber Command and the NSA — until recently, some employees of the former had nsa.gov email addresses, for instance — and there is some doubt that the nascent offshoot of US Strategic Command will be able to achieve true independence under NSA Director Alexander.
-Source (NY Times, Washington Post)
Posted by Avik Sarkar On 2/06/2013 07:12:00 pm
A Man From India Jailed For Posting "Communal & Inflammatory" Post on Facebook (#Censorship)
Freedom of social media in India has been revoked, as the Indian govt has implemented several policy by which they made the social network completely censored. Though this step has been criticized randomly but the decisions has remain unchanged. And the result is in front of us; when a man from Agra get busted. The incident occurs immediately after he made a posts on social networking site Facebook targeting Prime Minister Manmohan Singh, union Communications Minister Kapil Sibal and Uttar Pradesh's ruling Samajwadi Party (SP) chief Mulayam Singh Yadav. According to police the post which the man from Agra made violated the policy of Indian govt and that's why it is taken as "communal and inflammatory." the man named Sanjay Chowdhary, a resident of the Dayalbagh suburb of Agra, was arrested late Monday and his laptop, sim card and data card impounded.
Police in Agra, about 360 km from here, said the arrest, which some see as an attempt to muzzle freedom of speech and expression on social networking sites, that the arrest was made on "specific information" about certain "communal and inflammatory" posts by Chowdhary. However, officials here admitted that the "case became hypersensitive after some remarks were made on the SP chief".
Senior Superintendent of Police (SSP) Agra, Subhash Chandra Dubey said police had acted "purely on law and order basis" in the matter.
"We are not involved in the political angle of the whole issue, our concern were the inflammatory comments and posts on the Facebook wall of this man and we acted to prevent any communal flare up," Dubey told the media. Some officials, however, said the case was "fast tracked" once cartoons lampooning the three leaders were posted on his Facebook wall.
Soon after his arrest, the inflammatory posts were deleted from his Facebook profile and later his account was deactivated. Chowdhury, a civil engineer and chairman of a public school, was booked under sections 153 A of the Indian Penal Code (IPC) and 66 A of the Information Technology (IT) Act.
"We have arrested him and he is being sent to jail under the due process of law," a police official said.
-Source (Yahoo News)
Posted by Avik Sarkar On 2/03/2013 01:55:00 am
Twitter Hacked, More Than 250,000 User Data Compromised
The social networking giant and the world famous micro blogging site Twitter again fallen victim of cyber attack. Last year we have seen that the tight security system if twitter have been compromised many times. Yet again in this year the San Francisco based social media giant who have more than 500 million registered users failed to protect them selves from hackers. On last Friday Twitter acknowledged that it had become the latest victim in a number of cyber-attacks against media companies, saying hackers may have gained access to information on 250,000 of its more than 200 million active users. The micro blogging giant said in a blog posting that earlier this week it detected attempts to gain access to its user data. It shut down one attack moments after it was detected. According to reports usernames, email addresses, session tokens and encrypted/salted passwords for 250,000 users might have been accessed in what it described as a “sophisticated attack”
"This attack was not the work of amateurs, and we do not believe it was an isolated incident,” said Bob Lord, Twitter’s director of information security. “The attackers were extremely sophisticated, and we believe other companies and organisations have also been recently similarly attacked” Bob added.
Jim Prosser, a Twitter spokesman, would not say how hackers infiltrated Twitter’s systems, but Twitter’s blog post said hackers had broken in through a well-publicized vulnerability in Oracle’s Java software. Last month, after a security researcher exposed a serious vulnerability in the software, though Oracle patched the security hole, but Homeland Security said the fix was not sufficient. The DHS issued a rare alert that warned users to disable Java on their computers. Prosser said Twitter was working with government and federal law enforcement to track down the source of the attacks. For now, he said the company had reset passwords for, and notified, every compromised user. The company encouraged users to practice good password hygiene, which typically means coming up with different passwords for different sites, and using long passwords that cannot be found in the dictionary.
Twitter said it “hashed” passwords — which involves mashing up users’ passwords with a mathematical algorithm — and “salted” those, meaning it appended random digits to the end of each hashed password to make it more difficult, but not impossible, for hackers to crack. Once cracked, passwords can be valuable on auction-like black market sites where a single password can fetch $20.
While talking about Twitter and cyber issues, I would like to remind you that in last year twitter faced several cyber attacks where more than 55,000 twitter account details was leaked, after this issue in the middle of last year the social networking giant faced massive denial of service which interrupted its services. Later a huge number of Twitter users across the globe received emails warning that their account have been compromised and their passwords had been reset, and it was another security breach which affected twitter. Such big organization are not at all careless about security, so as twitter and it has been proved when they hired renowned white hat hacker Charlie Miller to boost up their security, but after this current massacre, it seems that twitter need to think more and emphasize a lot to make sure that their system is good enough to prevent cyber attacks. For all the hot cyber updates and reviews stay tuned with VOGH.
Posted by Avik Sarkar On 2/03/2013 01:54:00 am
Chinese Hackers Breached New York Times & Stolen Employee's Password
Yet again the story of cyber espionage by Chinese hackers spotted in the wild, when the famous and one of the most popular American news daily reported that their system has been compromised by a round of sophisticated cyber attack generated from China. After the hack of White House unclassified network, it is the second time in last six month; when Chinese hackers have targeted the American cyber space. The New York Times has reported that for the last four months Chinese hackers have been infiltrating its networks, broken into the email accounts of senior staff, stolen the corporate passwords for every Times employee and used those to gain access to the personal computers of more than 50 employees.
According to a blog post of NYT - The timing of the attacks coincided with the reporting for a Times investigation, published online on Oct. 25, that found that the relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings. Security experts hired by The Times to detect and block the computer attacks gathered digital evidence that Chinese hackers, using methods that some consultants have associated with the Chinese military in the past, breached The Times’s network. They broke into the e-mail accounts of its Shanghai bureau chief, David Barboza, who wrote the reports on Mr. Wen’s relatives, and Jim Yardley, The Times’s South Asia bureau chief in India, who previously worked as bureau chief in Beijing.
“Computer security experts found no evidence that sensitive e-mails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied,” said Jill Abramson, executive editor of The Times. The hackers tried to cloak the source of the attacks on The Times by first penetrating computers at United States universities and routing the attacks through them, said computer security experts at Mandiant, the company hired by The Times. This matches the subterfuge used in many other attacks that Mandiant has tracked to China.
Cyber Espionage of China (2011-2012) at a Glance:-
While talking about this cyber attack, we would like to refresh your memory last two years, where the scenario of big cyber attack and espionage by Chinese hackers have been spotted several times. In 2012 Chinese hackers had breached Telvent's corporate network & gained control of US Power Grid. Also in the middle of last year, we have seen that Chinese hackers have broken into Indian Navy's Computer System & stolen sensitive data. Few months before this hack, Tokyo based computer security firm Trend Micro confirmed that Chinese hackers were responsible for biggest cyber-espionage in India, Japan & Tibet. Also the director of National Security Agency (NSA) General Keith Alexander confirmed that hackers from China was responsible for the serious attack on one of the leading IT security & cyber security company RSA. Also in 2011 China was responsible behind the attack on US Chamber of Commerce, Satellite System of U.S, Nortel Network & so on. But few days ago National Computer Network Emergency Response Coordination Center of China (CNCERT/CC), China's primary computer security monitoring network claimed that China fallen victim of one of biggest cyber attacks originated from US, Japan & South Korea. We must have to say that this statement is truly irrelevant. Cyber crime investigator have found that China was directly responsible for the hack into Japan's Biggest Defense Contractor Mitsubishi, Japan Aerospace Exploration Agency (JAXA) & Parliament of Japan. In case of South Korea more than 13 Million of MapleStory players data has been stolen, there also hackers from China was responsible.
All those above stories it has been clearly identified that China was the point of those said attacks, but it doesn't necessarily prove that it the operation is backed by the Chinese government or intelligence services. It could just as easily be a patriotic group of skilled, independent Chinese hackers upset with how the Western media is portraying their country's rulers. For all kind of cyber related topics and expert reviews on those matters just stay tuned with only VOGH.