Showing posts sorted by relevance for query RSA. Sort by date Show all posts
Showing posts sorted by relevance for query RSA. Sort by date Show all posts

RSA Conference Online - World's Leading Information Security Conference

Posted by Avik Sarkar On 3/03/2012 01:43:00 am

RSA Conference Online - World's Leading Information Security Conference
RSA Conference the world's leading information security conferences has setup RSA Conference Online, a global experience that enriches and expands RSA Conference for attendees and the RSA Community at-large by providing online access to Conference content, as well as opportunities to connect and collaborate around the key industry topics that are transforming the information security industry. RSA Conference Online will feature live activities and programming, including keynotes, through March 15th.
In addition to watching the RSA Conference 2012 keynotes live online, you will be able to:-
  • Attend 20 minute video sessions followed by live Q&A with the industry experts
  • Join Peer2Peer collaboration sessions moderated by subject matter leaders
  • Access and download the latest industry resources, including sponsor whitepapers
  • Follow and contribute to the conversation via Twitter, chats, blogs, and discussions
  • Network with peers, colleagues and industry experts

For more information & to register click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

China Was Responsible for RSA Hack & Military Related Intellectual Property Theft- Said NSA

Posted by Avik Sarkar On 3/29/2012 12:54:00 am

China Was Responsible for RSA Hack & Military Related Intellectual Property Theft- Said NSA

The director of National Security Agency (NSA) General Keith Alexander confirmed that hackers from China was responsible for the serious attack on one of the leading IT security & cyber security company RSA. Yesterday the Cyber Command commander & Director Mr. Alexander presented the testimony at Senate Hearing. He has also confirmed that not only RSA, but also large amounts of military-related intellectual property has also been stolen and yet again China was behind this attack. "I can't go into the specifics here, but we do see [thefts] from defense industrial base companies," Alexander said, declining to go into details about other attacks. "There are some very public [attacks], though. The most recent one was the RSA exploits." The NSA director believes the US Government needs more real-time capabilities to work with the private sector to stop attacks. He explained how in one attack, the attackers were attempting to get 3GBs of data from a foreign defence contractor but the Department of Defence processes for communicating with that company were predominantly manual. He did not present any evidence for the China allegations and it is yet to be seen if there is any diplomatic fallout from his disclosures.
The attack was taken place in earlier March 2011, where hackers managed to gain access to the enterprise's servers and take sensitive data. The attackers manage to obtain data on SecurID, RSA's popular two factor authentication system. 
Also in 2011 China was responsible behind the attack on US Chamber of Commerce, Satellite System of U.S, Nortel Network & so on.  But few days ago National Computer Network Emergency Response Coordination Center of China (CNCERT/CC), China's primary computer security monitoring network claimed that China fallen victim of one of biggest cyber attacks originated from US, Japan & South Korea. We must have to say that this statement is truly irrelevant. Cyber crime investigator have found that China was directly responsible for the hack into Japan's Biggest Defense Contractor Mitsubishi, Japan Aerospace Exploration Agency (JAXA) & Parliament of Japan. In case of South Korea  more than 13 Million of MapleStory players data has been stolen, there also hackers from China was responsible.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

RSA Said: Zeus v2.1.0.10 Became The Most Infamous & Propagated Trojan in Cybercrime History

Posted by Avik Sarkar On 10/01/2011 01:12:00 pm


The RSA Research Lab investigated and monitord a large number of malicious cybercrime servers operating in the wild. What RSA researchers discovered was nothing less than the robust mercenary workings of a virtual heist machine, one that has been operational on an ongoing basis, militating and robbing financial data from hundreds of thousands of infected users all over the world. The tool of choice—Zeus v2.1.0.10, the most advanced variant of Zeus to date. The end result: endless logs of compromised financial data and untold numbers of wire-fraud transactions.
According to the official blog of RSA:- 

A Privately Developed Zeus Upgrade:-
Unlike the large majority of banking Trojan, the Zeus Trojan has always been a commercial code, sold by its creator to those who could afford an advanced fraud tool and understood how to use it. With time, Zeus became the most infamous and most propagated Trojan in cybercrime history. In October 2010, nearly one year ago, the bequeathing of the Zeus Trojan’s source code by its owner “Slavik”, to his then biggest rival, the SpyEye Trojan’s coder (“Harderman”), united the future of 2 giant commercial codes and threw a Zeus-faced wildcard into the game when its entire source code was leaked in March 2011.
But it was nearly two months before the announcement of the code ‘merger’ was even made that RSA researchers were already looking at a rather special upgrade of the Zeus Trojan: Zeus v2.1. A surprising and rare new version which included some of the most sophisticated additions to the Zeus code seen in recent times, making it more impervious and hardened thus shutting-out a lot of potential interference with this variant’s configuration and its communication patterns. At the time (early September 2010), our team was in the possession of a single variant of this upgrade and was not entirely sure what it represented as yet. The interesting part of the upgrade was its low propagation numbers and the time lapse it took for the Lab to see more of it in the wild. True Zeus 2.1.0.10 variants were not being sold in underground forums. These two initial observations already suggested that the new upgrade was the property of one cybercriminal or a single cybercrime gang.
Within six months, Zeus 2.1.0.10 was being detected more and more often, and although the number of variants kept growing, the trigger list in each and every one of them was identical – a rare case for Zeus variants in which each operator updates his own list of triggers. This was the third sign pointing to a single operations team for Zeus 2.1.0.10.
June 2011 – a sharp peak in Zeus 2.1.0.10 attacks resulted from the propagation of hundreds of variants of this upgraded version. To date, the RSA Research Lab detected 414 different variants, and yet, each and every variant still went after the exact same trigger list. At this point it was clear that Zeus 2.1.0.10 belongs to one gang who had the Zeus source code way before the merger, way prior to the code leak and before anyone even imagined what would become of Zeus.
This gang developed their own Zeus Trojan using Zeus’ source codes and its mainframe; this gang operates Zeus 2.1.0.10 without sharing their malevolent creation with outsiders.

Zeus 2.1.0.10 Has its Own Techniques:-
More than the actual upgrade of the Trojan code, the new Zeus 2.1.0.10 behaved in a new way, unlike the one observed in other Zeus variants. Unlike other advance Trojans who contact the mothership through reverse proxies, fast flux networks, or those who use their own botnet as proxies – Zeus 2.1.0.10 never communicates directly with the mothership. This special variant further uses another obfuscation technique for cases where it fails to find a live update point. In order to make sure the botnet always ‘calls home’ Zeus 2.1.0.10’s operators programmed a randomized, on-the-fly domain name generator, based on a constant algorithm the Trojan’s configuration dictates. The algorithm creates 1,020 domain names (URLs) per day. Each new and unique domain name is a string of letters. The suffix “/news” or “/forum” follows the domain name when it is used for the Trojan’s update and drop communications.
The cybercriminal operation team behind the scenes has the same algorithm. They know exactly when the whole botnet will attempt to communicate with a specific new domain name, and then simply go and buy that domain name, hosting each one through facilities located all over the world. At that point, the whole botnet queries the new domain with a request for the update file – and receives it, and the C&C queries its bots for the stolen data they have in store – and receives it.  Mission accomplished.
This all happens without anyone outside the gang knowing their algorithm or being able to guess which communication channel they will choose for their botnet next. Even if an external party was to attempt to solve the algorithm, they would have to buy the domains before the gang does, thus engaging in a race against time and paying for numerous domain registrations every hour (!). No matter how many domains an adversary buys, the bot masters will eventually buy one and the botnet will end up communicating with it.
The communication through randomized domains generated by the Trojan is directed through a list of legitimate VPS and legitimate cloud services used as a proxy. This raptures any further tracking possibilities of the true motherships which militate the immense botnet.
Zeus 2.1.0.10’s behavior pattern has never been used in Zeus or SpyEye variants, but it sure is identical to another Trojan’s sophisticated and diuturnal operations – Sinowal. A long standing, privately owned Trojan, operated by an organized cybercrime gang based out of Russia, Sinowal is perhaps one of the most persevering private banking Trojans; one whose nefarious nature has been the intrigue of many security researchers since as early as 2006.
It was initially somewhat surprising to see that Zeus 2.1.0.10 was not only a private version of Zeus, it also behaves exactly in the same manner as Sinowal similarly held by Russian-speaking cybercriminals. These common denominators raised a logical suspicion as to the possibility of the two sharing some links if not operated by the same gang altogether.

For more information and to see the RSA blog article about Zeus click Here




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Said, Our Security is Stronger than Sony & RSA, also We are not Vulnerable to DDoS

Posted by Avik Sarkar On 7/08/2011 03:24:00 pm


Microsoft's John Howie claims Microsoft security is stronger than Sony and RSA which were hacked due to "rookie mistakes." The software giant also released Volume 10 of its Security Intelligence Report.

Uh-oh. There's nothing quite like throwing down the gauntlet and virtually taunting hackers to prove a proud boast is false. In what some attackers might consider a dare,  John Howie, Microsoft's senior director in the Online Services Security & Compliance (OSSC) team, basically claimed that Microsoft sites are unhackable and can't be DDoSed.
According to Microsoft, "rookie mistakes" by Sony and security firm RSA caused the corporations to be brought down by hackers. Howie told Computing News that Sony was coded badly and failed to patch its servers. "These are rookie mistakes," Howie said.  In regards to the breach at RSA, Howie stated, "RSA got hacked because someone got socially engineered and opened a dodgy email attachment. A rookie mistake."
Howie added, "At Microsoft we have robust mechanisms to ensure we don't have unpatched servers. We have training for staff so they know how to be secure and be wise to social engineering. We have massively overbuilt our internet capacity, this protects us against DoS attacks. We won't notice until the data column gets to 2GB/s, and even then we won't sweat until it reaches 5GB/s. Even then we have edge protection to shun addresses that we suspect of being malicious."
In other Microsoft security news, after analyzing 600 million computers worldwide, Microsoft released Volume 10 of its Security Intelligence Report. It  focuses on malware, software vulnerability disclosures, vulnerability exploits, and related trends. The majority of all vulnerabilities in 2010 were vulnerabilities in applications versus operating systems or web browsers. Exploiting Java vulnerabilities topped the list of exploitation categories over generic HTML/scripting exploits, operating system exploits, and document exploits. Adobe Acrobat and Reader accounted for the highest number of document format exploits. Windows 7 and Windows Server 2008 R2 had the lowest operating system infection rate for both client and server platforms. 64-bit versions of Windows 7 which "appeal to a more technically savvy audience than their 32-bit counterparts" have the lowest infection rates.
In regard to malicious websites, phishers targeted gaming sites in the first half of 2010 but then targeted social networks. Yet the "number of active sites targeting gaming sites remained relatively high during the second half of the year, which suggests that more campaigns may be coming."
According to the SIR [PDF] Global Threat Assessment graph below, in the 4th quarter of 2010, the most common threat in the USA  was miscellaneous Trojans which affected 38.6% of all cleaned computers. This was down from 43.8% in the 3rd quarter. The second most common threat was Adware which affected 28.3% of all cleaned computers and was up from 23% in the third quarter. "Miscellaneous Potentially Unwanted Software" was the third most common threat in the U.S. and affected 24.6% of cleaned computers. The MSRT detected malware on 11.6 of every 1,000 computers scanned in U.S. in 4Q10 giving the States "a CCM score of 11.6, compared to the 4Q10 average worldwide CCM of 8.7."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Most Organized Banking-Trojan Called 'Gozi Prinimalka' By Russian Hackers Targeting U.S. Banks

Posted by Avik Sarkar On 10/14/2012 06:25:00 pm

Most Organized Banking-Trojan Called 'Gozi Prinimalka' By Russian Hackers Targeting U.S. Banks

We all might be aware of massive attack which took place last month, targeted several leading banking and financial sector of United StatesThe attack came just after 'anti Islamic' video was posted online. The US National Security officials accused the Iranian government for engaging cyber attacks against US Banks mainly Bank of America. Sooner or later the situation came under control. But cloud of trouble for US Banking sector is not gone completely, recently security professionals unveiled that a cartel of Russian hackers is planning to launch a separate attack aimed at stealing money from about 30 U.S. financial institutions, an apparent attempt to piggyback and capitalize on the ongoing cyber attacks on U.S. banks. The emergence of Russian hackers suggests a potential shift in the motivation of the cyber attacks from ideological to financial and also points to a longer duration of the ongoing attacks. Security experts have picked up on chatter in the cyber underworld indicating Russian cyber hackers have set their sights on about 30 U.S. financial institutions. Dubbed “Operation Blitzkrieg,” the attack is planned for this fall on 30 U.S. banks, though it’s not clear which specific institutions will be targeted. In a blog post last week, RSA said it “believes this is the making of the most substantial organized banking-Trojan operation seen to date.”

So far it’s not clear who the specific Russian hackers are, but famous security professional & blogger Brian Krebs pointed to series of posts beginning in early September on Underweb forums by a Russian hacker who uses the nickname “vorVzakone,” which translates to “thief in law.” RSA said “underground chatter” indicates the gang plans to deploy a Trojan, called “Gozi Prinimalka,” in an effort to complete fraudulent wire transfers via Man-In-The-Middle (MiTM) manual session-hacking scenarios. Herberger said MiTM is a type of attack that aims to deceive targets by violating otherwise secure communications, similar to tapping into a landline phone conversation or breaching a VPN session. “If successfully launched, the full force of this mega heist may only be felt by targeted banks in a month or two,” RSA said. The Trojan is part of a family of malware used by a crime gang that has successfully siphoned at least $5 million from banks, RSA said. The Russian hackers are also offering to pay individuals who help them carry out the attacks, indicating a desire to monetize the intrusions.

So now the vows of hacker group named 'Izz ad-Din al Qassam Cyber Fighters' is proving to be more dangerous for US. The hacker group earlier said "These series of attacks will continue until the Erasing of that nasty movie from the Internet". For your reminder this hacker group was responsible for all the major DDoS attacks against US financial sector. “It’s not uncommon that people who have a financial motive may try to take advantage of nefarious techniques,” said Herberger. “They will jump in because they can take advantage of the fact banks are laboring and security departments are becoming overrun and softened for a different kind of motivated attack.” The emergence of the threat from Russian groups underscores the prolonged nature of the attacks against corporations, especially in the financial industry. “Security teams are coming to terms that these attacks are long,” often measured in days and weeks, said Herberger. However, security teams often aren’t “staffed for attrition.”

-Source (FOX Business)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Operation Shady RAT (The Biggest Cyber-Attack Ever)

Posted by Avik Sarkar On 8/04/2011 01:50:00 am



Researchers from security software concern McAfee say they have discovered the biggest series of computer intrusions ever, covering some 72 organizations and governments around the world, including the U.S., Taiwan, Vietnam, South Korea, Canada and India — some of them dating back as far as 2006. (See the map of targets, courtesy of McAfee, below.)
And these aren’t the kind of cyber attacks carried out by bumbling troublemakers like the LulzSec gang, which make headlines but really only cause a nuisance for companies like Sony. In these cases, networks were compromised by remote access tools — or RATs, as they’re known in the industry. These tools — and they are tools, because they have legitimate uses for system administrators — give someone the ability to access a computer from across the country or around the world. In this case, however, they were secretly placed on the target systems, hidden from the eyes of day-to-day users and administrators, and were used to rifle through confidential files for useful information. It’s not for nothing that McAfee is calling this Operation Shady RAT.
McAfee says the attacker was a “state actor,” though it declined to name it. I’ll give you three guesses who the leading candidate is, though you’ll probably need only one: China.
Dmitri Alperovitch, McAfee’s Vice President, Threat Research, makes a statement in his blog entry on the discovery that should give everyone minding a corporate or government network pause: “I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact.” He further divides the worldwide corporate landscape into two camps: Those who have been compromised and know it, and those who simply don’t know it yet.
This has been a particularly nasty year on the cyber security front. (I hate to say it, but I told you so.) Prior to this, the big attack whose full impact has not yet been fully sized up was the one against the RSA SecureID system, which uses popular keychain devices that create a constantly changing series of numbers that in turn create a second password for access to system resources. They’re widely used in government and military circles and among defense contractors. Google has been a regular target in recent years.
The RSA attack and Operation Shady RAT are examples, Alperovitch says, of an “Advanced Persistent Threat.” The phrase has come to be a buzzword that, loosely translated into English, means the worst kind of cyber attack you can imagine. Unlike the denial-of-service attacks and network intrusions carried out by LulzSec and its ilk, which require only minimal skill and marginal understanding of how networks and servers work, an APT is carried out by someone of very high skill who picks his targets carefully and sneaks inside them in a way that is difficult to detect, which allows access to the target system on an ongoing basis that may persist for years.
How did these attacks happen? Its very simple: Someone at the target organization received an email that looked legitimate, but which contained an attachment that wasn’t. This is called “spear phishing,” and it has become the weapon of choice for sophisticated cyber attackers. The attachments are not what they appear to be — Word documents or spreadsheets or other routine things — and contain programs that piggyback on the targeted user’s level of access to the network. These programs then download malware which gives the attackers further access. This all happens in an automated way, but soon after, live attackers log in to the system to dig through what they can find, copy what they can, and make a getaway — though they often leave the doors unlocked so they can come back for repeat visits.
Alperovitch notes — correctly, to my mind — that the phrase has been picked up and overused by the marketing departments of numerous security companies. His larger point is that too often those attacked in this way refuse to come forward and disclose what they’ve learned, thereby allowing the danger to continue for everyone else.
Alperovitch says that the data taken in Operation Shady RAT adds up to several petabytes worth of information. It’s not clear how it has been used. But, as he says, “If even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team’s playbook), the loss represents a massive economic threat not just to individual companies and industries but to entire countries that face the prospect of decreased economic growth.” It’s also bad for a target’s national security, because defense contractors dealing in sensitive military matters are often the targets. The best thing that can happen is that victims start talking about their attacks and sharing information with each other so that everyone can be ready for the next one, which is surely coming.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

CloudCrack: An NVIDIA GPU-Accelerated Cryptanalysis Suite!

Posted by Avik Sarkar On 4/27/2011 12:26:00 am


You must be aware of our previous posts such as – MOSCRACK and WPA Cracker. We now have another open source offering that is NOT a cracker, but a cryptanalysis suite that is written in CUDA – a parallel computing architecture.
CloudCrack is a GPU-enhanced cryptanalysis suite for cloud computing platforms such as the Amazon EC2 Cluster Compute cloud. It is a NVIDIA GPU-accelerated cryptanalysis suite written in CUDA, NVIDIA’s massively parallel concurrent programming language. CloudCrack contains custom CUDA multiprecision math libraries for storing a large target RSA modulus n in shared GPU memory, with each GPU core working as a parallel factoring process to break the target modulus.
CloudCrack is based upon a Pollard’s Rho factoring hybrid with an updated Brent cycle finder, and includes performance optimizations to the traditional Rho factoring method. The massively parallel design of the NVIDIA GPU architecture lends itself quite well to Pollard’s Rho, and the reduction sieve performance enhancements added with CloudCrack can reduce by several orders of magnitude the size of the keyspace required to search for a successful brute force attack against a large RSA target modulus n.
The only thing that will hurt us is that our small time home computers will not be able to support thisapplication. To run this open source software, you will need a Fermi capable GPU such as a GeForce GTS 450 or GTX 460 series, and a Linux-based NVIDIA CUDA (3.2 or better) development environment. RHEL 5.5 or Fedora 13 is preferred for maximum compatibility with future EC2 parameterized launch instances.  The most recent generation of consumer CUDA GPUs from NVIDIA contain hundreds of cores, each core of which can be utilized as a concurrent Rho factoringthread (the GTS 450 has 192 hardware cores; the GTX 460 has 336; and, the M2050/2060 Tesla series have 448 cores each). You ofcourse could rent them from Amazon, etc.
All this certainly sounds awesome and we are sure that there will be a spurt in cracking services. This software currently comes in two versions -
  • REVA, which implements the Greatest Common Denominator (gcd) function on the GPU itself; currently there is a bug in the Montgomery math routines in the REVA gcd however.
  • REVB includes reduction sieve performance enhancements but with the gcd function implemented on the host CPU, which requires about 25% of the PCIe bus bandwidth to shuffle targets from the GPU to the host CPU for the gcd test.
We can expect a REVC soon, which will include all of the performance enhancements inherent to the REVB fork, with a GPU-localized gcd like the architecture of REVA.
Download CloudCrack_REVA.tar.gz and CloudCrack_REVB.tar.gz or view the complete archivehere.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

FBI Used LulzSec To Track & Spy on Wikileaks Founder Julian Assange

Posted by Avik Sarkar On 6/02/2012 02:03:00 am

FBI Used LulzSec To Track & Spy on Wikileaks Founder Julian Assange

After the inside story of Anonymous former leader Hector Xavier Monsegur aka "Sabu" case get revealed, the world came to know that Sabu was working as an under cover agent of FBI which lead a series of arrest for several key members of hacker collective Anonymous & LulzSec. Now we got another twist which came from a new book written by Parmy Olson, the London bureau chief for Forbes Magazine, saying that FBI used an agent inside the LulzSec hacker group to track and spy on Wikileaks founder Julian Assange. According to the book, an associate of WikiLeaks contacted LulzSec spokesman Topiary on June 16 hours after the assault on the CIA. The two would eventually converse over an Internet Relay Chat channel that was reported to be witnessed by Assange, who confirmed his identity by providing a video to the hacker in real time during their chat. For a few weeks, writes Olson, Assange and/or his associate returned to the LulzSec IRC channel “four or five more times,” during which others occasionally engaged in conversation with both sides. During at least one of those conversations, Assange’s contact at WikiLeaks offered LulzSec a spreadsheet of classified government data contained in a file named RSA 128, which she says was heavily encrypted and needed the manpower of black hat hacktivists to decode.
According to an exclusive report of RT - Aside from a few unsealed court documents, details about the now-defunct hacktivism group LulzSec remains few and far between. One journalist is saying she got inside the organization though — along with Julian Assange.
“We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency” is an upcoming book from Parmy Olson, the London bureau chief for Forbes Magazine. And although her alleged account has not yet hit the shelves, a lengthy excerpt has been leaked to the Web — and its contents suggest that that the world’s once most powerful hacking collective was in correspondence with WikiLeaks founder Julian Assange after he allegedly reached out to the organization for assistance. The US government says that they had already infiltrated LulzSec by then, though, meaning that WikiLeak’s plea to the hacking collective was actually being offered to an FBI mole.
According to Olson, the June 2011 attack on the public website of the US Central Intelligence Agency by LulzSec caught the attention of Assange, who was residing in the countryside manor of an English journalist while on house arrest.Once he saw that a LulzSec-led invasion had crippled CIA.gov, Assange allegedly sent out two tweets from the WikiLeaks Twitter account, only to delete the micomessages shortly after:
"WikiLeaks supporters, LulzSec, take down CIA . . . who has a task force into WikiLeaks," read one."CIA finally learns the real meaning of WTF” reads the other.
Assange “didn't want to be publicly associated with what were clearly black hat hackers” writes Olson, speaking of computer compromisers who target network for perhaps no real intention other than mischief making. “Instead, he decided it was time to quietly reach out to the audacious new group that was grabbing the spotlight,” she says. Olson says that one of those hackers aware the newfangled relationship was Hector Xavier Monsegur, who spearheaded LulzSec by serving as a leader of sorts under the handle Sabu. Perhaps unbeknownst to all engaged in the IRC chats, however, was that Sabu had been arrested on June 7 and, according to the federal government, began immediately working as an FBI informant.
"Since literally the day he was arrested, the defendant has been cooperating with the government proactively," Assistant US Attorney James Pastore said at a secret bail hearing on August 5 2011, according to a transcript released this March after his arrest was made public.
While details of Sabu’s escapades under the direct influence of the FBI are obviously being kept confidential, federal attorneys have said that the hacker more or less masterminded the group under their command until LulzSec dissolved on June 25; Jake Davis — Topiary — was arrested in the UK on August 1. If Olson’s allegations add up, that could mean that the FBI’s top-secret informant, Sabu, was speaking directly with America’s cyber-enemy number one: Julian Assange.
On Wednesday this week, the UK Supreme Court agreed to extradite Assange to Sweden, where he is facing a lawsuit unrelated to his involvement with WikiLeaks. Once there, however, the United States may be able to more easily fight to have him sent stateside to be charged with aiding the enemy — the crime being pegged to alleged WikiLeaks contributor Bradley Manning, who now faces life in prison for that involvement. The uncertainty of who exactly conversed with whom might be near impossible to confirm given the widespread anonymity of hacktivists tied with LulzSec and Anonymous alike, but if Olson’s account adds up, the FBI’s inside man may very well have come close to working with Assange. On his part, Topiary claims that he never received the RSA 128 file.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Chinese Hackers Eavesdropping European Diplomats Before G20 Summit

Posted by Avik Sarkar On 12/13/2013 01:23:00 am

Researchers At FireEye Found -Chinese Hackers Snitching  Europeans Before G20 Summit 
Story of cyber espionage by Chinese hackers used to remain one of most highest pick of breakneck. Yet again another breathtaking issue of  eavesdropping by Chinese hackers get spot light, when  California-based renounced computer security firm FireEye Inc have figured out that a group of Chinese hackers eavesdropped on the computers of five European foreign ministries before last September's G20 Summit, which was dominated by the Syrian crisis. From the detailed analysis we came to know that the hackers have infiltrated the ministries' computer networks by sending emails to staff containing tainted files with titles such as "US_military_options_in_Syria," which sells virus fighting technology to companies. Whenever the targeted recipients opened those documents, they loaded malicious code on to their personal computers. Researchers of FireEye said that they were able to monitor the "inner workings" of the main computer server used by the hackers to conduct their reconnaissance and move across compromised systems for about a week in the late August. But suddenly they lost access to the hackers after they moved to another server shortly before the G20 Summit in St. Petersburg, Russia
Though the company has declined in open press to identify the nations whose ministries were hacked, although it said they were all members of the European Union. But FireEye informed the FBI about the whole issue in details. FireEye also confirmed that the hackers where from China, but they did not find evidence which may link those hackers to the Chinese government. Not surprisingly and obviously like earlier the Chinese government has distanced itself from any claim that it might have hacked foreign governments for data. FireEye also successfully monitor several dozen hacking groups operating in China, most of which they suspect of having ties to the government. The firms also suspect the hacking groups of stealing intellectual property for commercial gain. The researchers had been following the hackers behind the Syria-related attack for several years, but this is the first time the group's activities have been publicly documented. The company calls the group "Ke3chang," after the name of one of the files it uses in one of its pieces of malicious software"The theme of the attacks was U.S. military intervention in Syria," said FireEye researcher Nart Villeneuv. 
On reaction Chinese Foreign Ministry spokesman Hong Lei said- "U.S. internet companies are keen on hyping up the so-called hacker threat from China, but they never obtain irrefutable proof, and what so-called evidence they do get is widely doubted by experts. This is neither professional nor responsible," 
While talking in this story of Chinese eavesdropping, I also want to dig some points from decent parts where we all became very habituated of seeing Europe & U.S. countries blaming China for engaging cyber attacks; and China also do the same for accusing U.S. like vice versa. I am reviving your memories of last few years where If you look at the story of major cyber attacks of this year we will find that the name of China has been involved several times for engaging cyber attacks against several high profile websites and organization of U.S. including New York TimesTwitterNBC and so on. And if you refresh our memory then then we will find the scenario of big cyber attack and espionage by Chinese hackers have been spotted several times. In 2012 Chinese hackers had  breached Telvent's corporate network & gained control of US Power Grid. Also in the middle of last year, we have seen that Chinese hackers have broken into Indian Navy's Computer System & stolen sensitive data. Few months before this hack, Tokyo based computer security firm Trend Micro confirmed that Chinese hackers were responsible for biggest cyber-espionage in India, Japan & Tibet. Also the director of National Security Agency (NSA) General Keith Alexander confirmed that hackers from China was responsible for the serious attack on one of the leading IT security & cyber security company RSA. Also in 2011 China was responsible behind the attack on US Chamber of CommerceSatellite System of U.SNortel Network & so on.  But few days ago National Computer Network Emergency Response Coordination Center of China (CNCERT/CC), China's primary computer security monitoring network claimed that China fallen victim of one of biggest cyber attacks originated from US, Japan & South Korea. We must have to say that this statement is truly irrelevant. Cyber crime investigator have found that China was directly responsible for the hack into Japan's Biggest Defense Contractor MitsubishiJapan Aerospace Exploration Agency (JAXA) & Parliament of Japan. In case of South Korea  more than 13 Million of MapleStory players data has been stolen, there also hackers from China was responsible.  

Before I conclude, I request you to closely look at the above mentioned stories, you will find China majorly responsible for eavesdropping & security breach. On the same side China also been effected by the same way. So in conclusion, we cant put a full stop in this chain of cyber attacks, hackingeavesdropping, as it comes from both end. So this exciting episode will be continued like it does. If you want to stay updated then don't forget to stay tuned with VOGH



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Infondlinux: Install Useful Security Tools and Firefox Addons!

Posted by Avik Sarkar On 4/28/2011 04:02:00 pm



infondlinux is a script that installs most of tools, that we use during penetration tests and capture the flag tournaments. It is a post configuration script for Ubuntu Linux. We can also install it on other *nix system but not all of the below mentioned tools may work depending on environment. It has been actively tested on Ubuntu 10.10.
It installs useful security tools and Firefox addons. Tools installed by script are listed at the beginning of source code, which we can edit as per our requirement.
List of security tools included:
Debian packages:
  • imagemagick
  • vim
  • less
  • gimp
  • build-essential
  • wipe
  • xchat
  • pidgin
  • vlc
  • nautilus-open-terminal
  • nmap
  • zenmap
  • sun-java6-plugin et jre et jdk
  • bluefish
  • flash-plugin-nonfree
  • aircrack-ng
  • wireshark
  • ruby
  • ascii
  • webhttrack
  • socat
  • nasm
  • w3af
  • subversion
  • mercurial
  • libopenssl-ruby
  • ruby-gnome2
  • traceroute
  • filezilla
  • gnupg
  • rubygems
  • php5
  • libapache2-mod-php5
  • mysql-server
  • php5-mysql
  • phpmyadmin
  • extract
  • p0f
  • spikeproxy
  • ettercap
  • dsniff :
    • arpspoof Send out unrequested (and possibly forged) arp replies.
    • dnsspoof forge replies to arbitrary DNS address / pointer queries on the Local Area Network.
    • dsniff password sniffer for several protocols.
    • filesnarf saves selected files sniffed from NFS traffic.
    • macof flood the local network with random MAC addresses.
    • mailsnarf sniffs mail on the LAN and stores it in mbox format.
    • msgsnarf record selected messages from different Instant Messengers.
    • sshmitm SSH monkey-in-the-middle. proxies and sniffs SSH traffic.
    • sshow SSH traffic analyser.
    • tcpkill kills specified in-progress TCP connections.
    • tcpnice slow down specified TCP connections via “active” traffic shaping.
    • urlsnarf output selected URLs sniffed from HTTP traffic in CLF.
    • webmitm HTTP / HTTPS monkey-in-the-middle. transparently proxies.
    • webspy sends URLs sniffed from a client to your local browser
  • unrar
  • torsocks
  • secure-delete
  • nautilus-gksu
  • sqlmap
Third party packages:
  • tor
  • tor-geoipdb
  • virtualbox 4.0
  • google-chrome-stable
Manually downloaded software’s and versions:
  • DirBuster (1.0RC1)
  • truecrypt (7.0a)
  • metasploit framework (3.6)
  • webscarab (latest)
  • burp suite (1.3.03)
  • parosproxy (3.2.13)
  • jmeter (2.4)
  • rips (0.35)
  • origami-pdf (latest)
  • pdfid.py (0.0.11)
  • pdf-parser.pym (0.3.7)
  • fierce (latest)
  • wifite (latest)
  • pyloris (3.2)
  • skipfish (1.86 beta)
  • hydra (6.2)
  • Maltego (3.0)
  • SET
Author made scripts:
  • hextoasm
  • md5crack.py (written by Corbiero)
  • chartoascii.py
  • asciitochar.py
  • rsa.py
Firefox extensions:
  • livehttpheaders
  • firebug
  • tamperdata
  • noscript
  • flashblock
  • flashgot
  • foxyproxy
  • certificatepatrol
  • chickenfoot 1.0.7
Pretty good list of applications we must say.
How to install?
1
sudo infondlinux.sh
or
1
sh infondlinux.sh
Download infondlinux v0.5 (infondlinux.sh) here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

U.S. Water Supply System Under Cyber Attack, FBI & DHS is Investigating

Posted by Avik Sarkar On 11/21/2011 10:50:00 pm


Hackers from Russia have has allegedly remotely intruded into the industrial control systems of a hydroelectric power plant in the US state of Illinois. Reports in the US media say that the hacker managed to repeatedly switch the pump on and off, destroying it in the process. This would be the first time that parts of a country's critical infrastructure have been successfully attacked and crippled via the internet.
Although the FBI and DHS started to investigate the incident, they initially downplayed the risk – this provoked the alleged hacker, "prof", who proceeded to intrude into a second water utility in Houston, Texas. To prove his intrusion, he released five screenshots of the utility's SCADA (Supervisory Control And Data Acquisition) system. 

After an investigation it was determined the system had been hacked into from a computer in Russia, the Washington Post reports.
An Illinois state fusion centre report on the attack said it is not known how many other systems might be affected.
The Department of Homeland Security confirmed that a water plant in Springfield, Illinois, had been damaged. He said: 'DHS and the FBI are gathering facts surrounding the report of a water pump failure in Springfield, Illinois.
'At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety.'
A report from the Illinois terrorism and intelligence center said there had been problems with the system in Springfield for two to three months.
The system 'would power on and off, resulting in the burnout of a water pump,' the report said.
It added that cyber attackers broke into a software company’s database and got hold of user names and passwords of various control systems that run water plant computer equipment. The method used, hacking a security company to gain entry to another company, was employed earlier this year by cyber attackers in China.
They stole data from RSA, a division of EMC that provides secure remote computer access to government agencies. They then went on to get into the computer systems of companies, including Lockheed Martin.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

White House Calls China to Stop Hacking & Cyber Espionage Against U.S.

Posted by Avik Sarkar On 3/15/2013 12:49:00 am

White House Calls China to Stop Hacking & Cyber Espionage Against U.S.

The story of cyber espionage by Chinese hackers used to remain on the spot light due to its consistency, but now the situation get nasty and takes a new way as the national security adviser of U.S. President Obama directly pointed his finger to China. Many of our readers might take this issue lightly as earlier China has been blamed for engaging cyber attacks against different countries for many times. But this time there is a twist as the U.S. government vows to take the issue in a very serious manner. In his speech the national security advisory Tom Donilon said that "The international community cannot afford to tolerate such activity from any country," Like earlier China has denied any type of involvement and condemned the report for lack of hard evidence. But this time such reaction will not at all be entertained as the president said in the State of the Union, "we will take action to protect our economy against cyberthreats." The above two statements can be taken in both friendly warning or also in a serious threat. The White House already warned China to end the campaign of cyber espionage against U.S. companies, saying in its toughest language yet on the issue that the hacking activity threatens to derail efforts to build stronger ties between the two countries. 
Donilon did not directly accuse the Chinese government of launching the attacks on U.S. computer systems, only noting that the attacks are coming from inside the country. "Increasingly, U.S. businesses are speaking out about their serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyber intrusions emanating from China on an unprecedented scale," he said. Another important message came from the Obama administration saying United States “will not accept North Korea as a nuclear state” and called on Chinese leaders to get serious about cracking down on cyber-related crimes. 
While covering this story we would like to remind you that couple of weeks ago Chinese officials issued a same complain against United States where they blamed U.S. for engaging massive cyber attacks against Chinese military and defense system. If you look at the story of major cyber attacks of last few days we will find that the name of China has been involved several times for engaging cyber attacks against several high profile websites and organization of U.S. including New York TimesTwitterNBC and so on. And if you refresh our memory then then we will find the scenario of big cyber attack and espionage by Chinese hackers have been spotted several times. In 2012 Chinese hackers had  breached Telvent's corporate network & gained control of US Power GridAlso in the middle of last year, we have seen that Chinese hackers have broken into Indian Navy's Computer System & stolen sensitive data. Few months before this hack, Tokyo based computer security firm Trend Micro confirmed that Chinese hackers were responsible for biggest cyber-espionage in India, Japan & Tibet. Also the director of National Security Agency (NSA) General Keith Alexander confirmed that hackers from China was responsible for the serious attack on one of the leading IT security & cyber security company RSAAlso in 2011 China was responsible behind the attack on US Chamber of Commerce, Satellite System of U.S, Nortel Network & so on.  But few days ago National Computer Network Emergency Response Coordination Center of China (CNCERT/CC), China's primary computer security monitoring network claimed that China fallen victim of one of biggest cyber attacks originated from US, Japan & South Korea. We must have to say that this statement is truly irrelevant. Cyber crime investigator have found that China was directly responsible for the hack into Japan's Biggest Defense Contractor Mitsubishi, Japan Aerospace Exploration Agency (JAXA) & Parliament of Japan. In case of South Korea  more than 13 Million of MapleStory players data has been stolen, there also hackers from China was responsible. 


-Source (The Hill, Cnet & WT)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search