Sony blames hacktivist group Anonymous for Playstation Network intrusion

File this one under “things not to do when dealing with massive network outages.” Sony has kicked the hornet’s nest today by blaming Anonymous, a massive network of hackers that regularly takes up activist causes, for indirectly causing a breach of security in its PlayStation Network (PSN) online gaming network that led to the attack that brought PSN down.

While the company isn’t blaming Anonymous for the attack itself, it said the hackers that stole gobs of sensitive data about PSN users were able to break into the network while it was defending itself from denial of service attacks orchestrated by Anonymous. Anonymous took on Sony after the company went after famed PS3 hacker George Hotz, who reverse engineered the PlayStation 3 to run unauthorized programs.

When the PlayStation Network crashed on April 21, Anonymous said it was not behind the attack. Instead, the hacktivist group said, “Sony is incompetent.” But an observer of the IRC forum used by members of Anonymous said the attackers behind this current Sony outage appear to have learned their methods from Anonymous’ activities of two weeks ago.

This really is not the time for Sony to start playing with fire. Anonymous doesn’t regularly respond to blame and threats, but because the network of hackers has taken on Sony before, there is no guarantee Sony’s latest accusation won’t spark some kind of retaliation. Anonymous has proven time and again that it is a force to be reckoned with. Sony has to focus on beefing up its network, not trying to shift blame around and incite more attacks against the already feeble network.

Hackers attacked the PSN on April 19, forcing the Japanese company to bring down the network, which has more than 77 million registered users. The nightmare then continued after hackers broke into the company’s Station.com site, which serves as a host for its PC games like Everquest. Hackers were able to steal information from as many as 24.6 million accounts on that site, according to Sony. In all, more than 100 million accounts might have been compromised.

The PSN breach was a massive security gaffe that has caused the U.S. government to get involved and demand answers — such as who attacked the network and what users were affected. Sony has sent warnings to PSN users about the possible credit card theft. The whole ordeal spawned an apology from Sony that lasted more than an hour and a half.

The network has been down for more than a week, denying 77 million registered gamers the ability to play online games, watch movies, listen to music or download other entertainment to their PlayStation 3 consoles and PlayStation Portable handhelds. The PlayStation Network is a critical service that competes with Microsoft’s Xbox Live online gaming service — as well as other online gaming services. There are also 948 games now available in the PlayStation Network store, as well as 4,000 pieces of add-on content for games.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Sony blames hacktivist group Anonymous for Playstation Network intrusion"https://www.voiceofgreyhat.com/2011/05/sony-blames-hacktivist-group-anonymous.html</a>

PlayStation Network Restored and Qriocity Services Begins

Sony Corporation and Sony Computer Entertainment (SCE) announced that Sony Network Entertainment International (SNEI, the company) will today begin a phased restoration by region of PlayStation®Network and Qriocity Services.  The phased restoration will be on a country by country basis beginning in the Americas, Europe, Australia, New Zealand, and Middle East.

The first phase of restored services for these countries and regions will include:

• Sign-in for PlayStation®Network and Qriocity services, including the resetting of passwords
• Restoration of online game-play across PS3 and PSP
• Playback rental video content, if within rental period, of PlayStation Network Video Delivery Service on PS3, PSP and MediaGo
• Music Unlimited powered by Qriocity, for current subscribers, on PS3 and PC
• Access to 3rd party services such as Netflix, Hulu, Vudu and MLB.tv
• 'Friends' category on PS3, including Friends List, Chat Functionality, Trophy Comparison, etc
• PlayStation Home

Increased Security Measures
As the result of a criminal cyber attack on the company's data-center located in San Diego, California, U.S.A., SNEI shut down the PlayStation Network and Qriocity services on April 20, in order for the company to undergo an investigation and make enhancements to the overall security of the network infrastructure. Working closely with several respected outside security firms, the company has implemented new and additional security measures that strengthen safeguards against unauthorized activity, and provide consumers with greater protection of their personal information.
The company has made considerable enhancements to the data security, including updating and adding advanced security technologies, additional software monitoring and penetration and vulnerability testing, and increased levels of encryption and additional firewalls.  The company also added a variety of other measures to the network infrastructure including an early-warning system for unusual activity patterns that could signal an attempt to compromise the network.
"I'd like to send my sincere regret for the inconvenience this incident has caused you, and want to thank you all for the kind patience you've shown as we worked through the restoration process," said Kazuo Hirai, Executive Deputy President, Sony Corporation.  "I can't thank you enough for your patience and support during this time. We know even the most loyal customers have been frustrated by this process and are anxious to use their Sony products and services again. We are taking aggressive action at all levels to address the concerns that were raised by this incident, and are making consumer data protection a full-time, company wide commitment."
"During the past 18 months, we've seen a dramatic rise in the volume of cyber attacks, their sophistication and their impact on businesses. Thwarting cyber-crime requires an evolutionary approach to security that is well integrated, reduces risk exposure and improves efficiencies," said Francis deSouza, Senior Vice President, Enterprise Security Group, Symantec. "Today's cyber crime attacks are proving to be more covert, more targeted and better organized than those we've seen in years past. In working with Sony on the move of their data-center, it's clear they're implementing measures to reduce security risks moving forward."  
As an additional measure, Fumiaki Sakai, president of Sony Global Solutions Inc. (SGS), has been appointed acting Chief Information Security Officer of SNEI.  In addition to his current role at SGS, Mr. Sakai, in his role at SNEI, will work to further reinforce overall information security across the company's network infrastructure.  Mr. Sakai will lead the recruiting effort in finding a new and permanent CISO for SNEI.  As CISO, Mr. Sakai will report to Tim Schaaff, president, SNEI, as well as to Mr. Shinji Hasejima, CIO, Sony Corporation.  
"While we understand the importance of getting our services back online, we did not rush to do so at the expense of extensively and aggressively testing our enhanced security measures. Our consumers' safety remains our number one priority," Hirai continued. "We want to assure our customers that their personal information is being protected with some of the best security technologies available today, so that everyone can feel comfortable enjoying all that PlayStation Network and Qriocity services have to offer."  
The restoration of the services across the Americas, Europe, Australia, New Zealand, and Middle East are beginning, and consumers will be able to enjoy some of the online functionality provided by both the PlayStation Network and Qriocity services.  Phased restoration in Japan and other Asian countries and regions will be announced in due course.  The company expects to have the services fully restored by the end of May 2011.  
The company will be offering customers a "Welcome Back" package of services and premium content to all registered PlayStation Network and Qriocity account services.  The details of this program will be announced in each region shortly.  
For more information about the PlayStation Network and Qriocity services intrusion and restoration, please visit http://blog.us.playstation.com or http://blog.eu.playstation.com/

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">PlayStation Network Restored and Qriocity Services Begins"https://www.voiceofgreyhat.com/2011/05/playstation-network-restored-and.html</a>

EC-Council Warns SMEs About The Rising Cyber-Attacks Around Whole Spectrum

In light of increasing hacker sophistication and lack of banking security infrastructure, small and medium enterprises (SMEs) across the world may face a bleak future if they do not secure their networks against upcoming cyber threats which are on the rise, says network security training expert EC-Council.

Albuquerque, NM (PRWEB) September 23, 2011

Cyber criminals are stealing as much as $1 billion a year from the accounts of small to medium companies (SMEs) in the United States and Europe, according to estimates from Dell SecureWorks, a security arm of the computer maker. With rising incidences of hacking and other such network defence issues, network defence expert EC-Council advises SMEs to educate their employees on good information security practices and habits. According to a recent Bloomberg report, overseas gangs target small commercial accounts protected by rudimentary security measures at community or regional banks. The accounts typically aren't covered by fraud insurance, as individual accounts are, and businesses often find themselves held accountable by the banks for their losses.
Owners of SMEs conventionally face the challenge of having to be a jack of all trades, combining a keen knowledge of their core businesses with a basic knowledge of many other specialised fields such as IT security.
When it comes to IT security, small companies face a particularly problematic situation. While they have data which requires protection, most of them have neither the staff nor the capabilities to protect it effectively. Network protection has remained at the same levels for decades while viruses and other malware have grown more advanced in nature, able to bypass even the most updated network defence.
As such, network security courses are important in training SME's limited staff in the basics of network defence, such as learning to use effective passwords and encrypting sensitive data, says Jay Bavisi, President of EC-Council.
Some examples of courses offered by EC-Council would be the Advanced Network Defence course, a three-day comprehensive course that will educate participants from the psychological standpoint of a hacker, using that as the foundation for defending against such attacks.
The course will also cover techniques that will improve the security posture of any network from the smallest basic infrastructures to the largest enterprise networks.
"It is often said that the best defence is a good offense, and this course provides an offensive mind-set to provide a robust and solid defence", said Bavisi.
Through network security training like these, employees can learn the latest and best defence methods to stop or at least mitigate the impact of network attacks, including any advanced persistent threats to a database. Before investing in security technology, small businesses should assess their current network defence capabilities, and choose solutions specific to their individual situations. In the past, IT security for small businesses has been notoriously expensive and difficult to set up. However, it is an undeniable necessity in the digital marketplace of the 21st century.

-News Source (EC-Council & PR-Web)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">EC-Council Warns SMEs About The Rising Cyber-Attacks Around Whole Spectrum"https://www.voiceofgreyhat.com/2011/09/ec-council-warns-smes-about-rising.html</a>

WikiLeaks Launched Wlfriends.org - New Encrypted Social Network

WikiLeaks Launched Wlfriends.org - New Encrypted Social Network

WikiLeaks Twitter feed announced on 20 May 2012 that the WL Friends/Friends of WikiLeaks (FoWL) network is ready to launch an 'encrypted Facebook' as the whistleblowing website claims that Facebook sells users' information to governments. Wikileaks also criticize Facebook recently came out in support of CISPA, a proposed US law that infringes on privacy and freedom of speech. So WL claimed that from now onwards Facebook cannot be trusted any more.

In the press release WL said- "FoWL is currently in its beta stage. This means that people from all over the world are registering to be part of this network to support WikiLeaks. For some time, nothing else will happen - we need the network to be of a certain size before we can start introducing you to candidate friends. Registering now will allow you to be a part of the network before the beta stage network gets full. As soon as we are ready to give you some candidate friends we will let you know."

One WikiLeaks tweet noted that "Facebook sells your information to governments, is lauded by MSM. WikiLeaks gives government information to you for free and we're terrorists". Following this statement, WikiLeaks tweeted a dozen reasons why this new site is better than Facebook.

Reasons:- 

1. WL Friends introduces you to people you want to know, but don't know yet. Facebook connects you to people you already know - no point.
2. Facebook is a mass surveillance tool. You put your friends into it, you betray your friends. Do friends betray friends? WL Friends doesn't know your friends. It introduces you to new friends.
3. Facebook records everything you do, hands it over to the US government and corporations. WL Friends doesn't.
4. WL Friends keeps your data so encrypted, not even the system admins can decrypt it. You and your friends decrypt on login automatically.
5. WL Friends uses military grade cryptography and the best industry standards (OpenPGP + Elliptic Curves).
6. WL Friends even uses homomorphic encryption for certain operations so WL Friends doesn't even know how many friends you have.
7. The more you use WL Friends, the less you use WL Friends. WL Friends is designed to build, not control, a robust network of shared value.
8. WL Friends is designed for more than just WikiLeaks. It is a general solution to build a robust support network under hostile conditions.
9. Friends of Israel, Friends of Palestine, Friends of the Tea Party, Friends of Catholicism are all possible with WL Friends.
10. WL Friends is designed to make infiltration costly. No person can be seen to be more important than any other or individually targeted.
11. WL Friends builds a strong support network instantly for any shared belief by connecting supporters in a way that maximizes communication.
12. As time goes by the WL Friends network for any shared belief is designed to mathematically grow stronger and stronger. 

-Source (WL Central, Wikileaks)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">WikiLeaks Launched Wlfriends.org - New Encrypted Social Network"https://www.voiceofgreyhat.com/2012/05/wikileaks-launched-wlfriendsorg-new.html</a>

Implementing Intrusion (Cyber) Kill Chain -A Plenary Overview

Implementing an Intrusion (Cyber) Kill Chain 

The Intrusion (Cyber) Kill Chain is a phrase popularized by infosec industry professionals and introduced in a Lockheed Martin Corporation paper titled; “ Intelligence Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains”. 

The intrusion kill chain model is derived from a military model describing the phases of an attack. The phases of the military model are: find, fix, track, target, engage, and assess. The analyses of these phases are used to pinpoint gaps in capability and prioritize the development of needed systems. The first phase in this military model is to decide on a target (find). Second, once the target is decided you set about to locate it (fix). Next, you would surveill to gather intelligence (track). Once you have enough information, you decide the best way to realize your objective (target) and then implement your strategy (engage). And finally, you analyze what went wrong and what went right (assess) so that adjustments can be made in future attacks.

Lockheed Martin analysts began by mapping the phases of cyber attacks. The mapping focused on specific types of attacks, Advanced Persistent Threats (APTs) - The adversary/intruder gets into your network and stays for years– sending information, usually encrypted – to collection sites without being detected. Since the intruder spent so much time in the network, analysts were able to gather data about what was happening. Analysts could then sift through the data and begin grouping it into the military attack model phases. Analysts soon realized that while there were predictable phases in cyber attacks, the phases were slightly different from the military model.  The intrusion (cyber) kill chain shown below, describe the phases of a cyber attack.

The chain of events or activities are as follows:

  

Link in the Chain	Description
1.  Reconnaissance	Research, identification and selection of targets- scraping websites for information on companies and their employees in order to select targets.
2.  Weaponization	Most often, a Trojan with an exploit embedded in documents, photos, etc.
3.  Delivery	Transmission of the weapon (document with an embedded exploit) to the targeted environment.  According to Lockheed Martin's Computer Incident Response Team (LM-CIRT), the most prevalent delivery methods are email attachments,websites, and USB removable media.
4.  Exploitation	After the weapon is delivered, the intruder's code is triggered to exploit an operating system or application vulnerability, to make use of an operating system's auto execute feature or exploit the users themselves.
5.  Installation	Along with the exploit the weapon installs a remote access Trojan and/or a backdoor that allows the intruder to maintain presence in the environment
6.  Command and Control	Intruders establish a connection to an outside collection server from compromised systems and gain 'hands on the keyboard' control of the target's compromised network/systems/applications.
7.  Actions on Objective	After progressing through the previous 6 phases, the intruder takes action to achieve their objective.  The most common objectives are:  data extraction, disruption of the network, and/or use of the target's network as a hop point.

Lockheed Martin's analysts also discovered while mapping the intruder's activities, that a break (kill) in any one link in the chain would cause the intrusion to fail in its objective. This is one of the major benefits of the intrusion kill chain framework as security professionals have traditionally taken a defensive approach when it comes to incident response. This means that intrusions can be dealt with offensively too.

Lockheed Martin's case studies reveal that knowledge about previous intrusions and how they were accomplished allow analysts to recognize those previously used tactics and exploits in current attacks.  For example, mapping of three intrusions revealed that all three were delivered via email, all three used  very similar encryption, all three used the same installation program and connected to the same outside collection site. All of the intrusions were stopped before they accomplished their objective.

How did they do this? How can my company utilize this approach?

Monitoring and mapping is the key.

The following list contains some of the necessary components (not in any particular order) needed to do intrusion mapping and setting up the kill.

·         Network Intrusion Detection (NIDS)

·         Network Intrusion Prevention (NIPS)

·         Host Intrusion Detection (HIDS)

·         Firewall access control lists (ACL)

·         Full packet inspection

·         A mature IT asset management system

·         A mature and comprehensive Configuration Management Database (CMDB)

·         Device and system hardening

·         Secure configurations baselines

·         Website inspection

·         Honeypots

·         Anti-virus and anti-malware

·         Verbose logging – network devices, servers, databases, and applications

·         Log correlation

·         Alerting

·         Patching

·         Email and FTP inspection and filtering

·         Network tracing tools

·         Information Security staff trained in tracking and mapping events end-to-end

·         Coordination and partnering with IT, Application Owners, Database Administrators, Business Units and Management both in investigation and communicating the mapped intrusions.

In short, in order to implement intrusion kill chain activity a company needs to have a mature inter-operating and information security program. Additionally, they need trained staff that can investigate, map and advise 'kill' activities, keep a compendium of mapped intrusions, analyze and compare old and new intruder activity, code use, and delivery methods to thwart current and future intrusions.

The intrusion (cyber) kill chain is not an endeavor that can be successfully implemented in place of a comprehensive Information Security Program, it’s another tool to be used to protect the company's data assets.

The good news is if your company doesn't have a mature information security program there is a lot you can do while making plans to introduce an intrusion kill chains in your department's arsenal.

·         Educate your employees to watch for suspicious emails. For instance, emails that seem to be off – such as, someone in accounting receiving an invitation to attend a marketing conference. Let them know that they shouldn't open attachments included in email like this.

·         Make sure you have anti-virus and anti-malware software installed and up to date.

·         Start an inventory of your computing devices, laptops, desktops, tablets, smartphones, network devices and security devices.

·         You have an advantage over intruders. You know your network and what is normal and usual, they don't.  Notice user behavior that is not usual and look into it.  For example, a login at 2am for someone who works 9 to 5. Or an application process that normally runs overnight that is kicking off during the day.

·         Keep your security patches up to date.

·         Create and monitor baseline configurations.

·         Write, publish and communicate information security policies and company standards.

·         Turn on logging and start collecting and keeping logs. Start with network devices and firewalls and then add servers and databases.  Set up alerts for things such as repeated attempts at access.

·         Spend some time using search engines from outside your network to see how much information can be learned about your company from the Internet.  You'd be surprised how much you can find including sensitive documents.

All of these practices and activities give you more information about your computing environment and what is normal and usual. The more you know about your environment, the more likely it is that you will spot the intruder before any damage is done.

Disclaimer:- Before conclusion, on behalf of Team VOGH, I would like to personally thank Mr. Adrian Stolarski for sharing this remarkable article with our readers. I would also like to thank Ryan Fahey  of Infosec Institute for his spontaneous effort. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Implementing Intrusion (Cyber) Kill Chain -A Plenary Overview "https://www.voiceofgreyhat.com/2014/02/implementing-intrusion-cyber-kill-chain.html</a>

GFI LanGuard 2012 One Solution For vulnerability Scanning, Patch Management, Network & Software Audit

GFI LanGuard 2012 One Solution For Vulnerability Scanning, Patch Management, Network & Software Auditing 

Earlier we have talked about GFI LanGuard, but while looking at the rising cyber threats, security researcher  continue to identify new, sophisticated malware threats, vulnerability and patch management are more critical than ever as a key component of a layered security approach. To get rid of all those security challenges, GFI Software announced the availability of GFI LanGuard 2012, in which the manufacturer claimed to provide network and system administrators with the ability to manage 100 percent of their patching needs through a single, intuitive and easy-to-use interface, without the need for other update tools. So lets take a roam of this fine product of GFI Software-

Enhanced Features of GFI LanGuard 2012 include:

• Comprehensive Patch Management – Administrators can now manage 100 percent of their patching needs – both security and non-security updates – from a centralized console. No other update tools are necessary.
• Strong Vulnerability Assessment for Network Devices – Network devices such as printers, routers and switches from manufacturers such as HP and Cisco, can now be detected and scanned for vulnerabilities. GFI LanGuard 2012 performs over 50,000 checks against operating systems, installed applications and device firmware for security flaws and misconfigurations. It also runs network audits that now detect mobile devices running iOS and Android operating systems.
• Improved Scan and Remediation Performance – New Relay Agents receive patches and definition files directly from the GFI LanGuard server and distribute as appropriate – helping IT resources save time, manage network bandwidth and increase the number of devices that can be accommodated. This is particularly effective in multi-site and large networks.

GFI LanGuard 2012 combines vulnerability scanning, patch management, and network and software auditing into one solution that enables IT professionals to scan, detect, assess and correct potential security risks on their networks with minimal administrative effort. GFI LanGuard also enables administrators to inventory devices attached to their networks; receive change alerts, such as notification when a new application is installed; ensure antivirus applications are current and enabled; and strengthen compliance with industry regulations through automated patch management that defends against potential network vulnerabilities. With GFI LanGuard, IT administrators can manage more than 2,500 machines from a single console, it integrates with more than 1,500 security applications and includes keyword search functionality.

After going through the above brief description, many of you must be excited about this new product. For the kind information of our readers, yes indeed GFI LanGuard 2012 is one of the finest tool ever released in this domain. Detailed information LanGuard 2012 can be found here. Also a 30 day trail pack of GFI LanGuard 2012 has been made available for download. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">GFI LanGuard 2012 One Solution For vulnerability Scanning, Patch Management, Network & Software Audit"https://www.voiceofgreyhat.com/2013/05/GFI-LanGuard-2012-released-for-download.html</a>

White House Unclassified Network Hacked By Chinese Hackers Using Spear Phishing

White House Unclassified Network Hacked By Chinese Hackers Using Spear Phishing

Another cyber espionage generated from China targeted the White House. U.S. government computers reportedly including systems used by the military for nuclear commands were breached by Chinese hackers. The White House it self confirmed the breach, while saying that hackers indeed made an attempt to infiltrate its computer system, but says it thwarted the effort and that no classified networks were threatened. Also the security breach did not appear to have stolen any data. White House spokesman Jay Carney told reporters the White House is equipped with mitigation measures that identified the attack, isolated it and prevented its spread. He said there was no indication that any data was removed. “There are distinctions between those networks that contain classified information and those that don’t, and the attack was against an unclassified network,” Carney said. 

The hackers breached the network by using a technique known as spear phishing, in which they target victims who have access to sensitive computer networks by sending personalized emails that appear to come from trusted sources. Once the victims click on the bogus attachment or link, the hackers can install malicious software on the PCs to spy on users and steal data.  A law enforcement official who works with members of the White House Military Office confirmed the Chinese attack to press on Monday, but it remains unclear what information, if any, was taken or left behind. But still The White House officially did not say whether the recent attack was linked to China or not. 

"This [White House Communications Agency] guy opened an email he wasn't supposed to open," the source said. That email contained a spear phishing attack from a computer server in China, the law enforcement source told the press. The attack was first reported by the conservative blog Free Beacon. Spear phishing involves the use of messages disguised to appear as valid; in fact, they contain targeted, malicious attempts to access sensitive or confidential information. 

While talking about this breach, we would like to remind you that just few days ago Chinese hackers breached Telvent's corporate network & gained control of US Power Grid. Couple of months ago we have seen that Chinese hackers have broken into Indian Navy's Computer System & stolen sensitive data. Few months before this hack, Tokyo based computer security firm Trend Micro confirmed that Chinese hackers were responsible for biggest cyber-espionage in India, Japan & Tibet. Also the director of National Security Agency (NSA) General Keith Alexander confirmed that hackers from China was responsible for the serious attack on one of the leading IT security & cyber security company RSA. Also in 2011 China was responsible behind the attack on US Chamber of Commerce, Satellite System of U.S, Nortel Network & so on.  But few days ago National Computer Network Emergency Response Coordination Center of China (CNCERT/CC), China's primary computer security monitoring network claimed that China fallen victim of one of biggest cyber attacks originated from US, Japan & South Korea. We must have to say that this statement is truly irrelevant. Cyber crime investigator have found that China was directly responsible for the hack into Japan's Biggest Defense Contractor Mitsubishi, Japan Aerospace Exploration Agency (JAXA) & Parliament of Japan. In case of South Korea  more than 13 Million of MapleStory players data has been stolen, there also hackers from China was responsible. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">White House Unclassified Network Hacked By Chinese Hackers Using Spear Phishing"https://www.voiceofgreyhat.com/2012/10/White-House-Unclassified-Network-Hacked-By-Chinese-Hackers.html</a>

Airtel Network Crashed, 8 million consumers became helpless

The failure of Bharti Airtel’s network on Thursday— it crashed for several hours without notice leaving 8 million consumers helpless — has raised two fundamental issues. One, whether the launch of 3G value-added services is adversely affecting primary services. And two, whether India’s largest telecom company has over-outsourced its equipment and management to vendors.

The company did not give any reason for failure of its network. “An unforeseen technical outage had affected services on some of our circuits,” a Bharti spokesperson said. “As a result some of Airtel Delhi mobile subscribers have experienced connectivity issues.”

But the issues could be larger. “The network architecture has become very complex after the launch of 3G services,” said a former CTO of a large telecom company. “That’s why calls drop frequently on networks that are offering 3G services.

The 3G network is overlayed over the existing 2G network and use the same core network.

“There are about 15 to 20 main switching centres (MSC) of Airtel in Delhi,” said the head of another telecom company. “Possibility is that due to some software glitch a few MSCs may have stopped working.

It could also be the firm’s aggressive outsourcing model. When a company outsources its entire technology to outside vendors, it does not have control over it in crisis situations.

While Bharti was the first company to outsource its network management and IT to vendors, other private operators have followed suit.

Citing that all its officials were busy in internal meetings, the company refused to comment.

“The problem is that the Indian companies do not have enough technical expertise to monitor the outsource activities,” said a former CMD of a government-owned telecom service provider.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Airtel Network Crashed, 8 million consumers became helpless"https://www.voiceofgreyhat.com/2011/05/airtel-network-crashed-8-million.html</a>

Why does Sony getting hacked for multiple times (full report)

Since the April Play Station Network breach that exposed over 100 million user accounts, Sony has been hacked more than 10 times. Sony Pictures,Sony Europe, Sony BMG Greece, Sony Thailand,Sony Music Japan, Sony Ericcson Canada, and others, have all been the target of attacks. Sony has had to contend with intense scrutiny from media, disgruntled users and lawmakers, with everyone asking the company how it could let such a breach happen. Sony has apologized repeatedly and said that the original attack was a highly professional, criminal cyber attack aimed at stealing credit card numbers. Other experts have said that Sony simply didn't have its security act together and that the attack was likely far simpler. Now, critics are wondering what exactly the motivation might be behind the continued hacks. While the initial PlayStation Network breach was the largest of the hacks to date, Sony's cyber attack problem has continued due to both inconsistent security across Sony's systems and the rise of new groups of hackers interested less in punishing Sony than in showing off their ability to breach the company's defenses, experts say.

Some analysts say Sony's security woes started when the company pressed charges against 20 year-old hacker, George Hotz, who reverse-engineered Sony’s PlayStation 3 so that it could run unapproved third-party applications. Sony responded by suing Hotz, a move that reportedly infuriated many in the hacker community. Many experts say the attack on the PlayStation Network in April could have been an act of vilgilante justice resulting directly or indirectly from Sony's lawsuit against Hotz.

"Sony's perceived abuse of the legal system in targeting reverse-engineer George Hotz infuriated hacker groups," said Randy Abrams, director of technical education at ESET, an IT security firm. Abrams also noted that even before the Hotz incident, Sony had drummed up "significant antipathy" as the result of a 2005 scandal involving Sony CDs that automatically installed a rootkit that made users' computers vulnerable to attack.

The PlayStation Network attack appears to have set off an avalanche of follow-ups.

"Other hackers and hacking groups realized they could jump on the bandwagon and break into other Sony properties and get in the news," said Richard Wang, manager of Sophos Labs, a security vendor. "Really anything that has the Sony brand on it has become a target for someone trying to make a name for themselves or trying to prove they can break into the website."

Fred Cate, director of the Center for Applied Security Research at the University of Indiana, said the first PlayStation Network breach may have tempted hackers by revealing Sony as open to attack. "There's sort of a pile-on effect," Cate said. "Once you hear that there's a vulnerable network out there, other folks start trying. Sony's now a new target of interest."

Other hackers seem to have joined up for reasons other than political or monetary gain. Sites like has sonybeen hacked this week.com demonstrate a curious mixture of genuine curiosity and weary cultural saturation.

"Prior to the PSN hack, the loosely organized Anonymous group had waged war against Sony, reflecting the opinion of a significant share of netizens who got infuriated by Sony's corporate attitude," said Guillaume Lovet, a senior manager of the threat response team at Fortinet. "But now, from being a target for opinion reasons only, it also became a target 'just for the lulz,' for [hacker group] lulzsecurity and others."

"The outcome," Lovet said, "is more attackers, thus more successful hacks."

Some critics have questioned whether Sony's security efforts both before and after the initial breaches have been adequate. Sony has since promised to boost its security systems and review existing procedures. Still, according to experts, many of the attacks used to breach Sony's sites are fairly basic hacks that the company could easily have protected against.

"They seemingly have an almost anarchistic approach to global network security, with no visible coordination of security practices across Internet properties," said Abrams. "Some properties, such as Sony Pictures, seem to have been ignoring basic security best practices."

Part of the problem is Sony’s huge international web presence. Experts say its highly unlikely that the company's multiple divisions, from movies to gaming, are following any coordinated set of security protocols.

"Sony has disclosed many breaches, including different servers in Indonesia and Thailand. I highly doubt that the same developers who developed these websites are the same developers who worked on the Playstation Network, Sony Pictures, etc.,” said Derek Manky, a senior security strategist at Fortinet. "Quite simply, there is a tradeoff: Security dwindles as you add convenience and complexity."

While the novelty of hacking Sony may continue to diminish as other cybersecurity stories hit the news, it's clear Sony must get its act together or risk more attacks, a loss of customer faith and money and possible government intervention. 

"Sony needs time to get their security house in order," Jeremiah Grossman, the CTO of WhiteHat Security wrote in an email. "As an organization, Sony could see this as an opportunity. A year or more from now, they could be an example of how security SHOULD be done across the entire industry."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Why does Sony getting hacked for multiple times (full report)"https://www.voiceofgreyhat.com/2011/06/why-sony-does-soney-getting-hacked-for.html</a>

Going Mobile: Security in the Age of Ubiquity

This isn’t an official rant, but there’s one thing that drives me completely insane.  It’s a link in a message in my email.
As you might imagine, there are many touch points running a $2 billion security business. A lot of that gets manifested in Web-based applications that get issued for everything that happens within the organization: ordering prototype equipment, managing travel, hiring, and promotions. All of these apps generate an email. Any given day, I get 20 of these emails, and I have to respond to every one of them.
While all that’s expected is a review of the data and a simple click for approval, I’m often traveling and mostly working on a traditional email-only device, and so this simple task is impossible. Within a few hours these requests pile up and everyone’s freaking out, “Tom, you didn’t approve this yet?” My solution: I call my admin and go over each one of these decisions on the phone, often at odd hours. It’s ridiculous.
I find myself fantasizing about the ability to have just one device that I hold in my hand that allows me make all the important decisions I have to make every five minutes. Back to reality: I log onto my laptop, boot up, find a hot spot, launch the VPN, generate a token, connect, sync my mail, find the link, and then comes the magic “click.” Or I wake up my executive assistant.
Why the trouble? Simple: the enterprise needs to have security.  But this security blanket must extend beyond traditional corporate PCs to include the new consumer end point as well. A new study by Deloitte shows that companies will buy more than 10 million tablet computers this year and that for the first time, sales of personal computers will represent less than half of the total computing device market. And yet, for many of us, today the security blanket doesn’t cover the device du jour.  It needs to.  In a new world of myriad mobile devices, cloud-based apps and increasing rich media, we need to rethink security. Three major trends sweeping through the enterprise—the rapid rise of the consumerized end point , the adoption of cloud computing, and growing use of high definition video conferencing —are transforming business and demanding a fundamental shift in how security is developed and deployed. 
It’s time for a change. Security was developed when the enterprise network was relatively static and the Internet experience was totally different. Users came to work and sat at a desk that had a PC that rarely moved. It was connected by a wire to a port in the wall and it had a controlled set of software—the “corporate image,” which included security scanning and configuration.  This corporate end point was one of the primary places that security was enforced. The other place security was injected was at the edge of the corporate network.  Branch and remote traffic was backhauled to a small number of egress points where the corporate network met the Internet. Known as the DMZ, this is the place where network security traditionally resides: firewalls, IPS systems, Web and email gateways.
But today, as we work in a more distributed, mobile and cloud-oriented world, this traditional “hub and spoke” model of the network no longer makes sense. A vast array of consumer devices have flooded into the enterprise and blown the end point into a million pieces.  Furthermore, DMZ is becoming less relevant because the Internet touches the network in thousands of places, not ones or tens of places.
Additionally, companies engage in increasingly complex business relationships with contractors, partners, and suppliers, and often the number of non-traditional employees that need to access corporate assets exceeds the number of employees that need access! A new era of mobile computing and the modern, global, outsourced business has yielded a dynamic, uncontrolled, highly mobile user community.  And it’s not just users that are on the move, but corporate data is as well.  With the rapid onset of data center virtualization, cloud computing, and SaaS, it’s getting quite difficult for the IT team to point a finger and say, “my data resides here.”   
We need a new architecture to provide security in this type of world. Security solutions based on physical infrastructure, and policy expressed in terms of a particular device, the corporate PC, an IP address, network port, or application protocol are becoming useless in a mobile, borderless world. The new security architecture needs to have higher-level constructs so that a policy can be expressed in terms of the who, what, where, when, and how of security as opposed to the IP address. It needs to be separated from the physical infrastructure underneath it and instead, have security flow through it. And, it needs to be highly distributed so it can be deployed in hundreds of locations around the world—wherever the borderless enterprise touches the unwashed Internet.
The security architecture of tomorrow is no longer at the beginning or the end. It’s in the middle; it’s everywhere. In the future, security is a fabric that permeates the network, both within the corporate WAN and in the public cloud.
The good news for me is that within Cisco we have deployed our next gen security system.  “Eating our own caviar” as John Chambers likes to say.  So now I can read my email on my iPhone, and with our secure mobility solution, I can just click right through to my enterprise apps and approve away.  Huzzah!

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Going Mobile: Security in the Age of Ubiquity"https://www.voiceofgreyhat.com/2011/05/going-mobile-security-in-age-of.html</a>

Full Story of Hacking Anonymous IRC Server

War rages between competing factions within the hacker collective Anonymous after this weekend's drama-filled takeover of the main Anonymous IRC server network. That network, used by Anons to plan and conduct attacks, was taken over by one of its own, an IRC moderator known as "Ryan."

His attack has sparked a debate over the "leadership" of Anonymous.

Hacking the hackers:-

The main Internet chat servers used by Anonymous have been run by a group called "AnonOps," which provides communications platforms for the group. Pointing IRC clients at anonops.ru or anonops.net would connect anyone to the servers, where they could then join channels like "#OpSony" and participate in various Anon activities.

Though Anonymous is often described as leaderless, factions like AnonOps by necessity have a loose structure; servers must be paid for, domain names must be registered, chat channels must have at least some moderation. Ryan was one of those IRC mods, and this weekend he proceeded with an attack that seized control of the AnonOps servers away from the small cabal of leaders who ran it.

Those leaders include people with handles like "shitstorm," "Nerdo," "blergh," "Power2All," and "Owen"—and if you're paying attention, you'll remember that HBGary Federal's Aaron Barr had fingered Owen as one of three "leaders" of all Anons.

The most popular channel on the old IRC servers now says simply, "anonops dead go home." Ryan also put up a set of chat logs showing Owen and others reacting to the weekend's massive denial of service attacks against AnonOps that culminated in the server takeover. (In the transcript below, "doom" is one of the AnonOps servers.)

Owen -> SmilingDevil: we lost a numbe rof servers last night
SmilingDevil -> owen: :P we need some more security.
t forcved level3 to stop anno
Owen -> SmilingDevil: dude
Owen -> SmilingDevil: 
iuning a /24
Owen -> SmilingDevil: it was in the gbps range
vil -> owen: gigabit or gigabyte?
Owen -> Smili
Owen -> SmilingDevil: doom alone got hit with 1 gb
SmilingD
engDevil: all leafs went down
Owen -> SmilingDevil: add it all up
Owen -> SmilingDevil: yeah huge
ly they know about
Owen -> SmilingDevil: um thats called the hub
Owe
SmilingDevil -> owen: :P we need a hidden irc server for the admins.
SmilingDevil -> owen: that o
nn -> SmilingDevil: :)
SmilingDevil -> owen: did they take that too?
Owen -> SmilingDevil: but anyhow
Owen -> SmilingDevil: we suffered alot of damage

The "old" leaders released a statement this morning explaining what happened over the weekend and why IRC remained down:

We regret to inform you today that our network has been compromised by a former IRC-operator and fellow helper named "Ryan". He decided that he didn't like the leaderless command structure that AnonOps Network Admins use. So he organized a coup d'etat, with his "friends" at skidsr.us . Using the networks service bot "Zalgo" he scavenged the IP's and passwords of all the network servers (including the hub) and then systematically aimed denial of service attacks at them (which is why the network has been unstable for the past week). Unfortunately he has control of the domain names AnonOps.ru (and possibly AnonOps.net, we don't know at this stage) so we are unable to continue using them.

Not everyone buys the explanation. One Anon pointed out that the Zalgo bot in question is controlled by a user named "E," not by Ryan.

Second, Zalgo can only see chan msgs and msgs to zalgo. The net staff is saying (pretty much) Ryan used Zalgo to steal server passwords (false, I know server protocol) which were tranfered in channels in plain text for the to see (true).

Third: Take everything AnonOps says with a grain of salt. They're putting out lies and not telling the whole story.

Others pointed out that E and Ryan are friends and that E was actually recommended as an op by Ryan.

However it happened, the end result was that Ryan redirected some of the AnonOps domain names he had control over, he led an attack on the IRC servers with denial of service data floods, and he grabbed (and then published) the non-obfuscated IP addresses of everyone connected to the IRC servers. Ryan apparently also gained root access to the Zalgo network services bot, which is presumably how he harvested the non-obfuscated IP addresses, though it's not clear exactly what Zalgo did or how much access it provided Ryan.

Clashing factions

Ryan is associated with 808chan, a 4chan splinter site and apparent home of the recent denial of service attacks on AnonOps. Ryan is "DDoSing everything that he doesn't own with his band of raiders from 808chan," says one Anon.

The 808 brigade apparently valued big botnets, and made users prove their abilities before letting them participate. AnonOps had a more democratic ethos; anyone could show up, configure the Low Orbit Ion Cannon attack tool, and start firing at Sony or others.

"It's an open network where everyone, mostly newfags can join and not have to prove they're able to wield a botnet and can just join a channel of their choosing, fire up LOIC and hit some organization for reasons they believe are right," said one Anon.

Ryan's control of AnonOps extends to some of the actual domain names, including AnonOps.ru. This wasn't a hack; he was actually given administrative control over the domains some time ago by AnonOps leaders.

One Anon explained the reason for this, saying: "As for the domains, they were transferred to Ryan after some of us got vanned so he can keep the network up. What he did certainly wasn't the plan." (Getting "vanned" refers to getting picked up by the police.)

According to another Anon, the current fight was precipitated when Ryan's IRC credential were revoked. "You morons don't realize Ryan IS LEGALLY THE OWNER OF DOMAINS," he wrote. "Nerdo and Owen removed Ryan's oper, Ryan took domains."

Smoky back rooms?

Among Anons arguing over what happened this weekend, the key debate involves the issue of leaders. Anonymous also said it was leaderless and memberless, but is it? The AnonOps statement above claims that Ryan was angry at the "leaderless" structure of the group and wanted to set himself up as king; again, though, not everyone is so sure.

Owen, for instance, helps to shape the conversation and planning in IRC. One Anon complained privately to me that Owen has booted him from the IRC servers—and thus from the place where all the real work against Sony was taking place several weeks ago. "Owen has not only told me that he doesn't really give a shit about freedom of speech, he's also moderately against the action that's being taken on Sony," this Anon said.

Owen and others conduct some of their work in private, invite-only channels, which leads some Anons to suspect that the really important operations and hack attempts are only discussed in a virtual back room. As one Anon put it yesterday:

"Have you ever been in one of their invite-only chats? This is no bullshit. EVERYTHING is decided on them, the eventual course of the operation, the hivemind's target, the channel's topic, everything. Why all this secrecy? These invite-only chats have NO reason to exist. You want to keep out trolls? Turn on mute, and give voice to a few. At least we can see what is being written."

Others were even angrier. A former AnonOps member wrote:

From the fucking beginning (during the hack at Aiplex which started Operation Payback) there has been an secret club, an aristocracy in AnonOps, deciding how operations will play out in invite-only channels.

It's obvious, for they control the topic, the hivemind, the guides, every single thing behind the scenes.

I don't know if the Owen's current bureaucracy is to be trusted, or Ryan's new delegation (from 808chan!) is.

What I do know is that AnonOps no longer has a good reason to exist. The insane amount of power the channel operators wield, and the reputations gained by their NAMES, causes them to become dictator-like, as "power corrupts".

Why did we leave the comforts of the womb of anonymous imageboards, and end up in name-fagging circlejerks controlled only by a few? Why?

Anonymous, this is bullshit. Neither side, neither Ryan's coalition of hackers nor Owen's bureaucracy can be trusted.

Others argued against this equivalence. "Ryan was the dictator, not the one who decided to solve the dictator problem," said one. Another responded, "Lol, how do you know? For all you know, Owen and Ryan are just the classic generals duking out to take over."

For his part, Ryan told the UK's Thinq today that he shared the concerns over private decision making. Owen and the other leaders "crossed the barrier, involving themselves in a leadership role," Ryan said. "There is a hierarchy. All the power, all the DDoS—it's in that [private] channel."

But among those who backed AnonOps, one thing was clear: Ryan needs to get got. Anons quickly embarked on a mission to find Ryan "dox," and quickly unearthed what they said was his full name, his home address (in Wickford, Essex, UK), his phone number, his Skype handle, and his age (17).

On Twitter, some Anons began spreading the word that Ryan had "betrayed" Anonymous, and that he had done so "to mess up all after having stolen PSN credit cards." No evidence for this last assertion was provided.

As the old AnonOps team attempted to get a handle on what had happened—and after they switched to an Indian domain name—they expressed irritation with early media mentions ("fail reporting") of the attack.

"Some 'mainstream' media is calling this the 'insider threat,'" they wrote, "which isn't really a fair representation, AnonOps doesn't have any corporate secrets, its run by the people for the people on a basis of mutual trust. Drama happens almost 24/7, occasionally drama overspills the network.

"Also we must remind the press AnonOps DOES NOT EQUAL Anonymous, saying they are one and/or the same thing in a blog/article just makes you look stupid. AnonOps is just a IRC network and a few other services that ANYONE can use, its not the only place Anonymous gather, and unlikely to be the *last* (see Streisand effect)."

But will the AnonOps leaders ever gather on a forum they don't control? Ryan took great delight in posting the following alleged comment from Owen to another AnonOps leader: "yo odnt honestly think we're goign to some other irc where we have no control do you?"

Of course, Anonymous has always been about drama and "the lulz," so the current confusion may not even bother them that much; this is just par for the course. But it's certainly amusing to others.

"Lmao. You fucking twits can't even keep your shit safe," wrote someone watching the debacle. "This literally made me laugh out loud. Not lol, but laugh. You all are so stupid."

Click here To see the Dump of Anon Ops Chat 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Full Story of Hacking Anonymous IRC Server"https://www.voiceofgreyhat.com/2011/05/full-story-of-hacking-anonymous-irc.html</a>