Showing posts sorted by relevance for query cyber-spy. Sort by date Show all posts
Showing posts sorted by relevance for query cyber-spy. Sort by date Show all posts

Criminals and foreign spy agencies launched more than 1,000 cyber attacks on the MOD last year

Posted by Avik Sarkar On 6/08/2011 03:47:00 pm





Criminals and foreign spy agencies launched more than 1,000 cyber attacks on the Ministry of Defence last year in an effort to steal secrets and disrupt services, Liam Fox has revealed.
In a speech on Tuesday night, the defence secretary laid out the growing threat to the country from cyberspace, saying that government departments were now under sustained attack.
He underlined the problem by saying that "across the core defence networks there were an average of over a million security alerts every day".
These comprise mainly of spam emails that are blocked before entering government computer systems. But many turn out to be deliberate attempts to infiltrate and steal from the MoD's computer systems.
Last week the Guardian revealed that the UK is now developing a cyber weapons programme to give ministers an attacking capability in cyberspace.
It also emerged that the FBI is investigating allegations that the Google mail accounts of senior US government officials have been attacked by Chinese hackers.
In his speech, Fox set out why the government had committed an extra £650m for cyber security in last year's Strategic Defence and Security Review. He also warned more would need to be done to protect the UK's core infrastructure from cyber attack.
"Between 2009 and 2010, security incidents more than doubled," he said: "Was this in Afghanistan? No. This was in cyberspace and the target was the MoD. I and my senior colleagues are routinely alerted to incidents that could have had severe consequences if they'd not been stopped.
"Our systems are targeted by criminals, foreign intelligence services and other malicious actors seeking to exploit our people, corrupt our systems and steal information.

"To give you an idea of the challenge, last year we in the MoD blocked and investigated over 1,000 potentially serious attacks. "
Fox described it as the "war of the invisible enemy" and said the boundaries between government, business and every individual internet user were becoming blurred."This threat is growing in scale and sophistication. My department is a prime target. Across the core defence networks there were an average of over a million security alerts every day."
He said the opening of a new Global Operations and Security and Control Centre would help to coordinate the Whitehall response to cyber attacks, but conceded that government could not do this alone.
"We now see weekly reports of cyber attacks against businesses, institutions and networks used by people going about their daily lives," he said. "The cost to the UK economy of cyber crime is estimated to be in the region of £27bn a year and rising. These are attacks against the whole fabric of our society.
"There is no Maginot Line in cyber space ... our national intellectual property in defence and security industries is at risk from a systematic marauding. Not only could it severely affect the future success of British industry, our economic advantage, and the country's financial recovery, but also directly impacts upon our national security today."
Last week, the US government said it was intending to rewrite its military rule book to make cyber-attacks a possible act of war. In May, the chancellor George Osborne said foreign intelligence agencies were carrying out cyber-attacks on the Treasury, targeting it with programs designed to steal information.
Some experts have warned against government's over-exaggerating the problems in cyberspace, noting that 80 per cent of all such attacks can be thwarted with better computer 'hygiene' – such as people using less obvious passwords. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Chinese Hackers Were Responsible For Cyber-Espionage In India, Japan & Tibet

Posted by Avik Sarkar On 4/03/2012 02:02:00 pm

Chinese Hackers Were Responsible For Cyber-Espionage In India, Japan & Tibet  

Tokyo based computer security firm Trend Micro confirmed that a breach of computers belonging to companies in Japan and India and to Tibetan activists has been linked to a former graduate student at a Chinese university  putting a face on the persistent espionage by Chinese hackers against foreign companies and groups. Chinese hackers have been linked to a cyber-espionage campaign that planted data-gathering malware in a total of 233 computers of Tibetan activists and military and industrial entities in Japan and India. The so-called "Luckycat" campaign has been active since at least June 2011 and has been linked to 90 attacks that use malware tailored for each victim. The hackers targeted military research institutions and shipping companies in India; energy, engineering and aerospace entities in China and 30 computers of Tibetan activists. Trend Micro researchers traced the attacks to an e-mail address used to register a command-and-control server. They also mapped the address to a Chinese instant messaging screen name and from there to an online alias, "scuhkr." The espionage has been going on for at least 10 months and is continuing. The attacks are technically similar to a spy operation known as the Shadow Network, which since 2009 has targeted the Indian government and also pilfered a year's worth of the Dalai Lama's personal e-mails
Few days ago the director of National Security Agency (NSA) General Keith Alexander confirmed that hackers from China was responsible for the serious attack on one of the leading IT security & cyber security company RSAAlso in 2011 China was responsible behind the attack on US Chamber of Commerce, Satellite System of U.S, Nortel Network & so on.  But few days ago National Computer Network Emergency Response Coordination Center of China (CNCERT/CC), China's primary computer security monitoring network claimed that China fallen victim of one of biggest cyber attacks originated from US, Japan & South Korea. We must have to say that this statement is truly irrelevant. Cyber crime investigator have found that China was directly responsible for the hack into Japan's Biggest Defense Contractor Mitsubishi, Japan Aerospace Exploration Agency (JAXA) & Parliament of Japan. In case of South Korea  more than 13 Million of MapleStory players data has been stolen, there also hackers from China was responsible. Now this report Trend Micro again proves China has became one of the biggest cyber threat in front of the whole world. The past activities are clearly indicating that hackers from China was directly linked and responsible for all those biggest cyber espionage. Still it is not clear that whether these cyber criminals are supported by the Govt. or not!!



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Russian Hacker Behind Cyber Attack on Georgia Caught on His Webcam

Posted by Avik Sarkar On 11/02/2012 03:29:00 am

Suspected Russian Hacker Behind Cyber Attack on Georgia Caught on His Webcam 

It said that there may be hundred ways to commit crimes but there are chances of one hundred and one times to get busted. Exactly the same things happened for a Russian hacker who was behind the cyber attack against the country of Georgia. Since 2011 Georgia is blaming that few Russian hackers are disturbing their cyber space while attacking its computer networks, injecting malicious code into websites, and planting spyware to steal classified information. After discovering that a cyber-spy was infecting government computers with malware designed to mine important documents, government officials decided to fight fire with fire. They intentionally allowed the malicious software to infect one particular computer, and baited it with a ZIP file called “Georgian-Nato Agreement” — exactly the sort of thing they knew the intruder would be looking for. Instead of important documents, however, the bait file was loaded with the hacker’s own malware. Once the hacker downloaded and opened the file, the software went to work stealing his documents and, best of all, hijacking his webcam to capture clear video of his face. According to the CERT-Georgia report, an analysis of the attack's command-and-control center revealed that at least 390 computers were infected in the attack. 70% of compromised PCs were based in Georgia, with other victims found in the USA, Canada, Ukraine, France, China, Germany and Russia. Computers hit in Georgia were predominantly based in government agencies, banks and critical infrastructure the report claims. 
In a 27 page report, the Georgian government explains in details that, how in early 2011 Georgian news websites were hacked in order to exploit vulnerabilities, and spread malware that hijacked infected computers and searched for sensitive documents. 
According to report by Naked SecurityGeorgian officials lay a trap. Georgia's CERT deliberately infected one of its own PCs with the malware, and planted a ZIP file named "Georgian-Nato Agreement" on its drive, hoping it would prove irresistible for the hacker. Sure enough the hacker stole the archive file and ran malware that Georgia CERT had planted inside, meaning that now investigators had control over the hacker's own computer. This made it relative child's play to capture images of the suspect at work in front of his PC. The CERT researchers claim that they also found a Russian email conversation on the suspect's computer in which he gives instruction on how to use his malware and infect targets. Furthermore, the suspected hacker's city, ISP, email address and other information were also acquired. Curiously, a domain used by the attackers was registered to an address in Moscow belonging to the Russian Ministry of Internal Affairs, department of logistics - which just happens to be based close to the Russian Secret Service (FSB). Furthermore, according to CERT-Georgia, websites used to control the infected Georgian computers have links with RBN, the notorious Russian Business Network.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Three Secrets & Full Analysis of Flame's Command & Control Servers Unraveled

Posted by Avik Sarkar On 9/20/2012 05:40:00 pm

Three Secrets & Full Analysis of Flame's Command & Control Servers Unraveled

Flame the next generation cyber weapon which is also known as 'The Super Spy' has already fascinated the cyber-security industry with its sophistication and versatility as a Swiss-Army knife of cyber-spying. Recently security firm Kaspersky lab has published a new report on the sophisticated nation-state sponsored Flame cyber-espionage campaign. During the research, conducted by Kaspersky Lab in partnership with International Telecommunication Union’s cybersecurity executing arm - IMPACT, CERT-Bund/BSI and Symantec, a number of Command and Control (C&C) servers used by Flame’s creators were analyzed in detail. The analysis revealed new, groundbreaking facts about Flame. Particularly, traces of three yet undiscovered malicious programs were found, and it was discovered that the development of the Flame platform dates back to 2006.

Main findings:
  • The development of Flame’s Command and Control platform started as early as December 2006.
  • The C&C servers were disguised to look like a common Content Management System, to hide the true nature of the project from hosting providers or random investigations.
  • The servers were able to receive data from infected machines using four different protocols; only one of them servicing computers attacked with Flame.
  • The existence of three additional protocols not used by Flame provides proof that at least three other Flame-related malicious programs were created; their nature is currently unknown.
  • One of these Flame-related unknown malicious objects is currently operating in the wild.
  • There were signs that the C&C platform was still under development; one communication scheme named “Red Protocol” is mentioned but not yet implemented.
  • There is no sign that the Flame C&Cs were used to control other known malware such as Stuxnet or Gauss.
The Flame cyber-espionage campaign was originally discovered in May 2012 by Kaspersky Lab during an investigation initiated by the International Communication Union. Following this discovery, ITU-IMPACT acted swiftly to issue an alert to its 144 member nations accompanied with the appropriate remediation and cleaning procedures. The complexity of the code and confirmed links to developers of Stuxnet all point to the fact that Flame is yet another example of a sophisticated nation-state sponsored cyber operation. Originally it was estimated that Flame started operations in 2010, but the first analysis of its Command and Control infrastructure (covered by at least 80 known domains names) shifted this date two years earlier.
The findings in this particular investigation are based on the analysis of the content retrieved from several C&C servers used by Flame. This information was recovered despite the fact that Flame’s control infrastructure went offline immediately after Kaspersky Lab disclosed the existence of malware. All servers were running the 64-bit version of the Debian operating system, virtualized using OpenVZ containers. Most of the servers’ code was written in the PHP programming language. Flame’s creators used certain measures to make the C&C server look like an ordinary Content Management System, in order to avoid attention from the hosting provider.
Sophisticated encryption methods were utilized so that no one, but the attackers, could obtain the data uploaded from infected machines. The analysis of the scripts used to handle data transmissions to the victims revealed four communication protocols, and only one of them was compatible with Flame. It means that at least three other types of malware used these Command and Control servers. There is enough evidence to prove that at least one Flame-related malware is operating in the wild. These unknown malicious programs are yet to be discovered.
Another important result of the analysis is that the development of the Flame C&C platform started as early as December 2006. There are signs that the platform is still in the process of development, since a new, yet not implemented protocol called the “Red Protocol” was found on the servers. The latest modification of the servers’ code was made on May 18, 2012 by one of the programmers.
“It was problematic for us to estimate the amount of data stolen by Flame, even after the analysis of its Command and Control servers. Flame’s creators are good at covering their tracks. But one mistake of the attackers helped us to discover more data that one server was intended to keep. Based on this we can see that more than five gigabytes of data was uploaded to this particular server a week, from more than 5,000 infected machines. This is certainly an example of cyber espionage conducted on a massive scale,” commented Alexander Gostev, Chief Security Expert, Kaspersky Lab. 
Here we want to remind you that after the episode of 'Duqu'; In the middle of this year The Iranian Computer Emergency Response Team (MAHER) claims to have discovered a new targeted Stuxnet attacking the country's internal system. This newly found Stuxnet have been dubbed Flame (also known as Flamer or Skywiper). Later it was spotted in the wild when software giant Microsoft confirmed that its Windows Server Update Services (WSUS), Windows Update (WU) has been infected by Flame malware. Also in many fields, the name of 'Flame' was on the high node. 
For detailed analysis on Flame's command and control (C&C) servers click Here

-Source (Kaspersky)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

USA Accused For Planting "Flame" Malware to Hack France President's Network

Posted by Avik Sarkar On 11/23/2012 07:08:00 pm

USA Accused For Planting "Flame" Malware to Hack France President's Network

A well known French newspaper named "L'Express" has accused that United States is using dangerous cyber weapon "Flame" to break into the computer networks inside France’s presidential palace also known as the Elysee. In his report L'Express has published details of what it claims was a sophisticated state-sponsored hack into the offices of the French presidency earlier this year with the intention of stealing data. According to the newspaper, the malware attack took place in May 2012, shortly before the second round of presidential elections in France, but has been kept secret until now. The newspaper alleges that the attackers reportedly found their targets on Facebook, identifying people working inside the presidential palace and connecting with them on the social network. The social engineering laid the groundwork for the next phase of the attack; the victims were then sent links to a fake Elysee intranet page where their login credentials were stolen. Workers at the Élysée Palace are said to have been befriended on Facebook by hackers, who then sent their victims a link to what purported to be a login page for the Élysée intranet site. In this way, it's claimed, login credentials were stolen. It is alleged that malware was then installed on the network, infecting computers belonging to senior political advisors, including Xavier Musca, Secretary-General of Nicolas Sarkozy's office. The United States Embassy in Paris has denied any involvement in hacking its ally. “We categorically refute allegations of unidentified sources,” Mitchell Moss, Embassy spokesman, told l’Express. “France is one of our best allies. Our cooperation is remarkable in the areas of intelligence, law enforcement and cyber defense. It has never been so good and remains essential to achieve our common fight against extremist threat.” Though the secretary  of Department of Homeland Security Janet Napolitano did not deny the U.S. was involved. She told l’Express: “We have no greater partner than France, we have no greater ally than France. We cooperate in many security-related areas. I am here to further reinforce those ties and create new ones.”

While talking about Flame, we would like to remind you that after the episode of 'Duqu'; In the middle of this year The Iranian Computer Emergency Response Team (MAHER) claims to have discovered a new targeted Stuxnet attacking the country's internal system. This newly found Stuxnet have been dubbed Flame (also known as Flamer or Skywiper). Flame the next generation cyber weapon which is also known as 'The Super Spy' has already fascinated the cyber-security industry with its sophistication and versatility as a Swiss-Army knife of cyber-spying. Later it was spotted in the wild when software giant Microsoft confirmed that its Windows Server Update Services (WSUS), Windows Update (WU) has been infected by Flame malware. Also in many fields, the name of 'Flame' was on the high node. 


-Source (NS & threatpost)







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

White House Unclassified Network Hacked By Chinese Hackers Using Spear Phishing

Posted by Avik Sarkar On 10/03/2012 04:37:00 am

White House Unclassified Network Hacked By Chinese Hackers Using Spear Phishing

Another cyber espionage generated from China targeted the White House. U.S. government computers reportedly including systems used by the military for nuclear commands were breached by Chinese hackers. The White House it self confirmed the breach, while saying that hackers indeed made an attempt to infiltrate its computer system, but says it thwarted the effort and that no classified networks were threatened. Also the security breach did not appear to have stolen any dataWhite House spokesman Jay Carney told reporters the White House is equipped with mitigation measures that identified the attack, isolated it and prevented its spread. He said there was no indication that any data was removed. “There are distinctions between those networks that contain classified information and those that don’t, and the attack was against an unclassified network,” Carney said. 
The hackers breached the network by using a technique known as spear phishing, in which they target victims who have access to sensitive computer networks by sending personalized emails that appear to come from trusted sources. Once the victims click on the bogus attachment or link, the hackers can install malicious software on the PCs to spy on users and steal data.  A law enforcement official who works with members of the White House Military Office confirmed the Chinese attack to press on Monday, but it remains unclear what information, if any, was taken or left behind. But still The White House officially did not say whether the recent attack was linked to China or not. 

"This [White House Communications Agency] guy opened an email he wasn't supposed to open," the source said. That email contained a spear phishing attack from a computer server in China, the law enforcement source told the press. The attack was first reported by the conservative blog Free Beacon. Spear phishing involves the use of messages disguised to appear as valid; in fact, they contain targeted, malicious attempts to access sensitive or confidential information. 

While talking about this breach, we would like to remind you that just few days ago Chinese hackers breached Telvent's corporate network & gained control of US Power GridCouple of months ago we have seen that Chinese hackers have broken into Indian Navy's Computer System & stolen sensitive data. Few months before this hack, Tokyo based computer security firm Trend Micro confirmed that Chinese hackers were responsible for biggest cyber-espionage in India, Japan & Tibet. Also the director of National Security Agency (NSA) General Keith Alexander confirmed that hackers from China was responsible for the serious attack on one of the leading IT security & cyber security company RSAAlso in 2011 China was responsible behind the attack on US Chamber of Commerce, Satellite System of U.S, Nortel Network & so on.  But few days ago National Computer Network Emergency Response Coordination Center of China (CNCERT/CC), China's primary computer security monitoring network claimed that China fallen victim of one of biggest cyber attacks originated from US, Japan & South Korea. We must have to say that this statement is truly irrelevant. Cyber crime investigator have found that China was directly responsible for the hack into Japan's Biggest Defense Contractor Mitsubishi, Japan Aerospace Exploration Agency (JAXA) & Parliament of Japan. In case of South Korea  more than 13 Million of MapleStory players data has been stolen, there also hackers from China was responsible. 








SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

German National Cyber Security Centre is under Cyber Attacks

Posted by Avik Sarkar On 7/24/2011 02:12:00 pm


Just a few weeks after German authorities opened a national Cyber Defense Centre in Bonn, it was attacked by hackers and now officials are struggling to arrest all of those involved.
While security authorities reported they had arrested two members of the hacking group linked to the attacks, the group released a statement saying that only its leader was under arrest. A 23-year-old calling himself Darkhammer, leader of the so-called "n0n4m3 cr3w", was arrested on Sunday, the Office of Criminal Investigation in the state of Nordrhein-Westfalen reported.

The Federal Criminal Police office issued a press release saying that it had searched the apartment of a second suspect. Responding to that arrest and media reports regarding those taken into custody, the hacking group said: "Apparently none of the suspects is a member of the No Name Crew."
Members of the No Name Crew had claimed responsibility for infiltrating computers of the federal police and the customs service. They were able to steal information from servers running the spy program Patras, and put it on their website. Patras is used by customs authorities, the federal police and police in the German states for tracking serious criminals. After the attacks were uncovered several federal and state authorities temporarily shut down their servers.
The attacks first became known already on July 8, but attracted bigger attention just after German newspaper Bild am Sonntag cited a confidential report by the federal information security agency, BSI, saying that computers of the federal police had been infected by Trojans for months without detection.
The hacking group now offers an encrypted file for downloading on its website stating that it had collected emails and confidential data from the police and customs authorities. The group said it would release the password for the encrypted file should police arrest more of the group's members.

"The terrifying fact about these attacks is that the delinquents are quite young. If these 17 year old schoolboys are able to do that, what would happen if a much more experienced hacker would attack?" said Lars Sobiraj, editor-in-chief at the German magazine gulli who interviewed members of the group.
In the interview, members of the group said they regarded their hacking as a wake-up call for the German public to see that the state kept the population under permanent surveillance. The group announced on its website that it will initiate more attacks. "New targets have been chosen," it said.

The attacks came just four weeks after German Federal Secretary of the Interior Hans-Peter Friedrich opened the Cyber Defense Centre. The centre is run by the BSI, the federal office for the protection of the constitution and the disaster control agency. The authorities whose systems were attacked also contribute to the operation of the centre.
A spokesman of the BSI, said that the agency would not comment about the events due to the ongoing investigations.

The centre against cyberattacks has been criticised for not having the ability to fight electronic attacks. After its opening in June, Memet Kilic, a member of the Green party that is part of the opposition, said the centre did not have enough financial and human resources. According to the BSI, the centre has 10 full time employees.
In an interview with the news magazine "Der Spiegel" this week, Klaus Jansen, leader of the German union of police detectives, said that security authorities do not have enough experts working with them to effectively fighting cybercrime.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Pentagon Is Expanding Cyber-Security Program

Posted by Avik Sarkar On 8/22/2011 01:07:00 pm


The Pentagon is exploring whether to expand a pilot program that protects the networks of defense contractors to include other companies, and even those in industries that serve mainly civilians. But some private sector officials are not sure that the Defense Department should lead the effort.
Speaking at a conference in Baltimore this week, Deputy Defense Secretary William J. Lynn III said that the Defense Industrial Base (DIB) Cyber Pilot, which currently involves 20 large defense companies, is already showing signs of success. It relies on classified threat “signatures” or data that can help detect malicious code before it penetrates a network.
The signatures and other data that help detect threats are provided by the National Security Agency, which collects electronic data on foreign adversaries and operates under the auspices of the Pentagon. The signatures are loaded into devices run by the Internet service providers, including AT&T and Verizon, which provide Internet services to the companies.
The voluntary 90-day pilot, which the Pentagon said should be completed by early fall, has already shown that “it stops hundreds of signatures that we wouldn’t previously have seen,” Lynn said. “It appears to be cost-effective.”

The Pentagon has declined to give details to back up Lynn’s assertions. In an email earlier this week, Pentagon spokeswoman April Cunningham said: “We do not yet have enough information regarding the pilot to make any decisions about the success or effectiveness of the pilot.” She added: “We are not yet in a position to discuss specific metrics.”
She declined to say whether the Pentagon tested NSA’s signatures and other data against other models for effectiveness. “It is the long-standing policy of the Department of Defense not to discuss matters of operational security.”
Speaking at a conference run by the Defense Information Systems Agency, Lynn expressed significant concern “that over the past decade we’ve lost terabytes of data to foreign intruders, foreign intelligence services, to attacks on corporate networks of defense companies.” A great deal of it, he said, “concerns our most sensitive systems-- aircraft avionics, surveillance technologies, satellite communication systems, and network security protocols.”
As a result, he said, the Pentagon is considering expanding the pilot to more defense companies, and discussing with other agencies whether to “apply this same concept to other sectors, whether it’s the power sector, nuclear energy, the transportation sector or the financial sector.’’
But some officials in other industries questioned whether the Pentagon is the right leader for the effort. One concern involves privacy. NSA participation — even if tangential-- raises fears that the spy agency may at some point gain access to private citizens’ data. Defense officials have addressed that worry for now by saying that the government will not directly filter the network traffic or receive any of the captured malicious code.
Then there is the issue of who leads the initiative. The Department of Homeland Security, which is involved in the Pentagon’s cyber pilot program, is also working with other critical sectors on cyber security.
A financial services industry official, who was not authorized to speak publicly, said his industry would prefer “one point” of collaboration. That point, he said, likely would be DHS. “Let’s not have 10, 20, 30 different bilateral arrangements with each government agency and each sector,” he said. “That would result in a web of confusion.”
A telecom industry official, who also was not authorized to speak publicly, agreed: “What we would like is one consolidated government effort that we can hitch our wagons to.” 

-News Source (Washington Post)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

British Spy Agency GCHQ Performed DDoS Attack Against Anonymous -Snowden Documents Transpired

Posted by Avik Sarkar On 2/10/2014 01:49:00 am

British Spy Agency GCHQ Performed DDoS Attack Against Hacktivist Anonymous & LulzSec -Snowden Documents Transpired
While excavating the past, it was always found that cyber criminals, large hacker collective groups were the culprits for engaging voluminous denial of service attack. But this widely transfusing story get a one eighty degree reverse turn, when the former NSA contractor Edward Snowden revealed another trade secret. Recently a lurid story get spot lighted, as the whistle blower Snowden unfold yet another breathtaking stealthy  documents taken from the National Security Agency. The clandestine documents taken the mask from the so called good guys, unveiling British spy agency GCHQ had launched a secret war against the infamous hacktivist collective Anonymous and a splinter group known as LulzSec several years ago. Many of you guessed right, this was happened when Anonymous were targeting various UK companies and government websites. The documents disclose that GCHQ carried out seemingly illegal DDoS attacks against the collective, flooding their chatrooms with so much traffic that they would become inaccessible – and all with the approval of the British government. The revelations come less than a year after several LulzSec activists were jailed by a British court for carrying out similar DDoS attacks against targets including the CIA, the UK’s Serious Organized Crime Agency (SOCA), News International, Sony and the Westboro Baptist Church, among others. 
This sensational issue was made public by NBC News deferentially with the help of none other than Edward Snowden. In their exclusive report headed 'War on Anonymous: British Spies Attacked Hackers,' NBC said -The blunt instrument the spy unit used to target hackers, however, also interrupted the web communications of political dissidents who did not engage in any illegal hacking. It may also have shut down websites with no connection to Anonymous. According to the documents, a division of Government Communications Headquarters (GCHQ), the British counterpart of the NSA, shut down communications among Anonymous hacktivists by launching a “denial of service” (DDOS) attack – the same technique hackers use to take down bank, retail and government websites – making the British government the first Western government known to have conducted such an attack.
The documents, from a PowerPoint presentation prepared for a 2012 NSA conference called SIGDEV, show that the unit known as the Joint Threat Research Intelligence Group, or JTRIG, boasted of using the DDOS attack – which it dubbed Rolling Thunder -- and other techniques to scare away 80 percent of the users of Anonymous internet chat rooms. 
The existence of JTRIG has never been previously disclosed publicly. The documents also show that JTRIG infiltrated chat rooms known as IRCs and identified individual hackers who had taken confidential information from websites. In one case JTRIG helped send a hacktivist to prison for stealing data from PayPal, and in another it helped identify hacktivists who attacked government websites. 
As soon as this story getting all the spot lights, immediately the GCHQ responded to this saying all their movements and operations were lawful“All of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensure[s] that our activities are authorized, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All of our operational processes rigorously support this position.” -GCHQ said the press. To know more detail about this story, don't forget to stay tuned with VOGH



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

CNAIPIC Hacked & More 8Gb Data Leaked (#Antisec)

Posted by Avik Sarkar On 7/25/2011 05:23:00 pm

National Anti-Crime Computer Centre for Critical Infrastructure Protection hacked By Anonymous and Lulzsec community.


The Official Statement Of the Hackers are:-


"...
////////////////////////////////////////////////////////////////////////////////////////////
+Legion of Anonymous Doom+ Release Zero1+
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Heynow,
This is a prerelease of a series we are going to make to reveal the biggest in history of European LE cyber operation Evidence exploitation and abuse. Thing's gonna get published and twittered all over anonymous and lulzsec community.

 Today we were granted with the Italian law enforcement Pandora box, we really think it shall be a new era of “regreaissance” to the almighty Homeland Security Cyber Operation Unit in EU.
So we decided to leak everything they got since they were established as a full scale cyber taskforce named CNAIPIC.

 This corrupted organization gathered all the evidence from the seized property of suspected computer professional entertainers and utilized it over many years to conduct illegal operations with foreign intelligence agencies and oligarchy to facilitate their lust for power and money, they never used obtained evidence to really support ongoing investigations.

 Today we reveal a whole Load of stuff (estimated leak would be over 8Gb) from such owned institutions, just to make it clear all of this stuff was stored on CNAIPIC evidence servers for years while people are doing time in jail waiting for the trial while CNAIPIC used the evidence in the global spy game galore:
  Egypt: Ministry of Transport and Communication
  Australia: Ministry of Defence
  Russia: Atomstroyexport, Diaskan, Sibneft, Gazprom etc.
  Ukraine: several embassies and consulates on it’s territory
  Nepal: Ministry of Foreign Affairs
  Belarus: Ministry of Foreign Affairs, Belneftehim, Belspetzexport
  Gibraltar, Cyprus, Cayman Islands etc: Tecno Develp, Line Holdings,    Dugsberry Inc, Alpha Prime, Alpha Minerals etc.
Vietnam: PetroVietnam (PTSC), Ministry of Natural Resources (MONRE)
  USA: EXXON MOBIL, US Department of agriculture and hundreds of attorneys and DOJ accounts including: McCallion & Associates LLP, Goodkind, Labaton, Rudoff & Sucharow, LLP, and hundreds of bullshit agencies we don’t even know why we pay taxes to support all of them.

 So to cut the crap let’s get it over with fellaz…

http://imgur.com/a/tkFdY#UTByw  
Is the image preview to get a glimpse on what is meant to be said.

http://depositfiles.com/files/tm7zeqiq9 
first of 2 preview archives with preview documents to get a general idea.

http://depositfiles.com/files/nn6dbleyv
2nd preview archive

http://www.sendspace.com/file/ta62tk  
CNAIPIC file structure and listing Part 1


Thank you all,
Stay tuned...4 update on this one.
NKWT LOAD  .."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

FBI Used LulzSec To Track & Spy on Wikileaks Founder Julian Assange

Posted by Avik Sarkar On 6/02/2012 02:03:00 am

FBI Used LulzSec To Track & Spy on Wikileaks Founder Julian Assange

After the inside story of Anonymous former leader Hector Xavier Monsegur aka "Sabu" case get revealed, the world came to know that Sabu was working as an under cover agent of FBI which lead a series of arrest for several key members of hacker collective Anonymous & LulzSec. Now we got another twist which came from a new book written by Parmy Olson, the London bureau chief for Forbes Magazine, saying that FBI used an agent inside the LulzSec hacker group to track and spy on Wikileaks founder Julian Assange. According to the book, an associate of WikiLeaks contacted LulzSec spokesman Topiary on June 16 hours after the assault on the CIA. The two would eventually converse over an Internet Relay Chat channel that was reported to be witnessed by Assange, who confirmed his identity by providing a video to the hacker in real time during their chat. For a few weeks, writes Olson, Assange and/or his associate returned to the LulzSec IRC channel “four or five more times,” during which others occasionally engaged in conversation with both sides. During at least one of those conversations, Assange’s contact at WikiLeaks offered LulzSec a spreadsheet of classified government data contained in a file named RSA 128, which she says was heavily encrypted and needed the manpower of black hat hacktivists to decode.
According to an exclusive report of RT - Aside from a few unsealed court documents, details about the now-defunct hacktivism group LulzSec remains few and far between. One journalist is saying she got inside the organization though — along with Julian Assange.
“We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency” is an upcoming book from Parmy Olson, the London bureau chief for Forbes Magazine. And although her alleged account has not yet hit the shelves, a lengthy excerpt has been leaked to the Web — and its contents suggest that that the world’s once most powerful hacking collective was in correspondence with WikiLeaks founder Julian Assange after he allegedly reached out to the organization for assistance. The US government says that they had already infiltrated LulzSec by then, though, meaning that WikiLeak’s plea to the hacking collective was actually being offered to an FBI mole.
According to Olson, the June 2011 attack on the public website of the US Central Intelligence Agency by LulzSec caught the attention of Assange, who was residing in the countryside manor of an English journalist while on house arrest.Once he saw that a LulzSec-led invasion had crippled CIA.gov, Assange allegedly sent out two tweets from the WikiLeaks Twitter account, only to delete the micomessages shortly after:
"WikiLeaks supporters, LulzSec, take down CIA . . . who has a task force into WikiLeaks," read one."CIA finally learns the real meaning of WTF” reads the other.
Assange “didn't want to be publicly associated with what were clearly black hat hackers” writes Olson, speaking of computer compromisers who target network for perhaps no real intention other than mischief making. “Instead, he decided it was time to quietly reach out to the audacious new group that was grabbing the spotlight,” she says. Olson says that one of those hackers aware the newfangled relationship was Hector Xavier Monsegur, who spearheaded LulzSec by serving as a leader of sorts under the handle Sabu. Perhaps unbeknownst to all engaged in the IRC chats, however, was that Sabu had been arrested on June 7 and, according to the federal government, began immediately working as an FBI informant.
"Since literally the day he was arrested, the defendant has been cooperating with the government proactively," Assistant US Attorney James Pastore said at a secret bail hearing on August 5 2011, according to a transcript released this March after his arrest was made public.
While details of Sabu’s escapades under the direct influence of the FBI are obviously being kept confidential, federal attorneys have said that the hacker more or less masterminded the group under their command until LulzSec dissolved on June 25; Jake Davis — Topiary — was arrested in the UK on August 1. If Olson’s allegations add up, that could mean that the FBI’s top-secret informant, Sabu, was speaking directly with America’s cyber-enemy number one: Julian Assange.
On Wednesday this week, the UK Supreme Court agreed to extradite Assange to Sweden, where he is facing a lawsuit unrelated to his involvement with WikiLeaks. Once there, however, the United States may be able to more easily fight to have him sent stateside to be charged with aiding the enemy — the crime being pegged to alleged WikiLeaks contributor Bradley Manning, who now faces life in prison for that involvement. The uncertainty of who exactly conversed with whom might be near impossible to confirm given the widespread anonymity of hacktivists tied with LulzSec and Anonymous alike, but if Olson’s account adds up, the FBI’s inside man may very well have come close to working with Assange. On his part, Topiary claims that he never received the RSA 128 file.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Flame -The "Super Spy" Even On Offline Computers Turning Users into Data Mules

Posted by Avik Sarkar On 6/17/2012 02:48:00 am

Flame -The "Super Spy" Even On Offline Computers Turning Users into Data Mules

The program known as Flame has fascinated the cyber-security industry with its sophistication and versatility as a Swiss-Army knife of cyber-spying. Now researchers have discovered another unexpected tool in its data-stealing arsenal: You.
Malware analysts at the security firm Bitdefender say they’ve found a unique capability within Flame’s code that would potentially allow it to steal data even from computers that aren’t connected to the Internet or to other networked machines. Instead of simply uploading stolen data to a remote server as traditional spyware does, Flame can also move the target information–along with a copy of itself–onto a USB memory stick plugged into an infected machine, wait for an unwitting user to plug that storage device into an Internet-connected PC, infect the networked machine, copy the target data from the USB drive to the networked computer and finally siphon it to a faraway server.
Spreading itself over an infected USB device is hardly a new trick for malware. But Bitdefender’s researchers say they’ve never before seen a cyberespionage program that can also move its stolen digital booty onto the USB stick of an oblivious user and patiently wait for the opportunity to upload it to the malware’s controllers.
“It turns users into data mules,” says Bitdefender senior malware analyst Bogdan Botezatu. “Chances are, at some point, a user with an infected flash drive will plug it into a secure computer in a contained environment, and Flame will carry the target’s information from the protected environment to the outside world…It uses its ability to infect to ensure an escape route for the data. This is is somewhat revolutionary for a piece of malware.”
Flame was designed to use the same .lnk autorun vulnerability first exploited by the NSA-built Stuxnet malware to invisibly install itself on USB devices. To hide its trove of stolen data on the user’s device, Flame copies both itself and its data to a folder labelled with a single “.” symbol, which Windows fails to interpret as a folder name and thus renders as invisible to the user. “What we have here is a little hack/exploit performed on how the operating system is interpreting file names,” Bitdefender’s researchers wrote in a blog post on Flame last week.
When an infected USB is plugged into a networked machine, Flame checks that it can contact its command and control server through that computer. Then it moves its target data off the USB to the PC, compresses it, and sends it to the remote server via HTTPS, according to Bitdefender’s analysis. The researchers found that while Flame is capable of infecting networked PCs for the purpose of exfiltrating its data, the version they analyzed had rendered that infection capability inactive, perhaps to avoid the spyware spreading too far, so that only PCs already infected with Flame would be capable of acting as gateways back to the malware controller’s server. The fact that the spyware’s infection technique was turned off may be evidence that the “data mule” in the Flame operation may in fact have been aware of his or her role as an data smuggler.


Regardless, Botezatu says Flame’s USB-piggybacking trick fits with its profile as a highly sophisticated spying tool meant to steal a target’s most protected secrets–not just another cybercriminal keylogger designed to catch credit card numbers. “Most of the infrastructure it targets is highly contained, often without Internet access,” says Botezatu. “It’s natural for Flame to have a mechanism for moving data from one environment to another that doesn’t rely on Internet or network communications.” For additional details can be found here

-Source (Forbes)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Researcher Security Hole Found in US Power Plants, DHS is Investigating

Posted by Avik Sarkar On 8/23/2012 02:54:00 pm

Researcher Security Hole Found in US Power Plants, DHS is Investigating  

Security researcher figure out seirous flaws in software for specialized networking equipment from Siemens could enable hackers to attack US power plants and other critical systems. A security expert said that he had found a backdoor in hardware from a Siemens subsidiary. The alleged flaw was made public by security researcher Justin W Clarke at a conference in Los Angeles. The equipment is widely used by power companies mainly based on US. Clarke said that the discovery of the flaw is disturbing because hackers who can spy on communications of infrastructure operators could gain credentials to access computer systems that control power plants and other critical systems. "If you can get to the inside, there is almost no authentication, there are almost no checks and balances to stop you," Clarke said.
The Department of Homeland Security said it was in contact with the firm to assess the claim. After this issue came in-front, the US Govt immeditely taken stpes & investigating the whole scenario. RuggedCom, a Canadian subsidiary of Siemens that sells networking equipment for use in harsh environments such as areas with extreme weather, said it was investigating Clarke's findings, but declined to elaborate. This is the second bug that Clarke, a high school graduate who never attended college, has discovered in products from RuggedCom, which are widely used by power companies that rely on its equipment to support communications to remote power stations.
In May, RuggedCom released an update to its Rugged Operating System software after Clarke discovered that it had a previously undisclosed "back door" account that could give hackers remote access to the equipment with an easily obtained password. The Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team, which is known as ICS-CERT, said in its advisory on Tuesday that government analysts were working with RuggedCom and Clarke to figure out how to best mitigate any risks from the newly identified vulnerability. "According to this report, the vulnerability can be used to decrypt SSL traffic between an end-user and a RuggedCom network device," Read the full advisory. 

This is not the first time, earlier in 2011 - researcher found vulnerability in the security system of US Power Grid, form which NSA suspected that hacktivist Anonymous may even shutdown the entire US Power Grid. later The White House introduced an Electric Sector Cybersecurity Risk Maturity ModelFor these kind of cyber security updates & news, just stay tuned with VOGH


-Source (Reuters & BBC)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search