Showing posts sorted by relevance for query Sony hacked. Sort by date Show all posts
Showing posts sorted by relevance for query Sony hacked. Sort by date Show all posts

Why does Sony getting hacked for multiple times (full report)

Posted by Avik Sarkar On 6/09/2011 07:01:00 pm


Since the April Play Station Network breach that exposed over 100 million user accounts, Sony has been hacked more than 10 times. Sony Pictures,Sony Europe, Sony BMG Greece, Sony Thailand,Sony Music Japan, Sony Ericcson Canada, and others, have all been the target of attacks. Sony has had to contend with intense scrutiny from media, disgruntled users and lawmakers, with everyone asking the company how it could let such a breach happen. Sony has apologized repeatedly and said that the original attack was a highly professional, criminal cyber attack aimed at stealing credit card numbers. Other experts have said that Sony simply didn't have its security act together and that the attack was likely far simpler. Now, critics are wondering what exactly the motivation might be behind the continued hacks. While the initial PlayStation Network breach was the largest of the hacks to date, Sony's cyber attack problem has continued due to both inconsistent security across Sony's systems and the rise of new groups of hackers interested less in punishing Sony than in showing off their ability to breach the company's defenses, experts say.

Some analysts say Sony's security woes started when the company pressed charges against 20 year-old hacker, George Hotz, who reverse-engineered Sony’s PlayStation 3 so that it could run unapproved third-party applications. Sony responded by suing Hotz, a move that reportedly infuriated many in the hacker community. Many experts say the attack on the PlayStation Network in April could have been an act of vilgilante justice resulting directly or indirectly from Sony's lawsuit against Hotz.

"Sony's perceived abuse of the legal system in targeting reverse-engineer George Hotz infuriated hacker groups," said Randy Abrams, director of technical education at ESET, an IT security firm. Abrams also noted that even before the Hotz incident, Sony had drummed up "significant antipathy" as the result of a 2005 scandal involving Sony CDs that automatically installed a rootkit that made users' computers vulnerable to attack.
The PlayStation Network attack appears to have set off an avalanche of follow-ups.

"Other hackers and hacking groups realized they could jump on the bandwagon and break into other Sony properties and get in the news," said Richard Wang, manager of Sophos Labs, a security vendor. "Really anything that has the Sony brand on it has become a target for someone trying to make a name for themselves or trying to prove they can break into the website."

Fred Cate, director of the Center for Applied Security Research at the University of Indiana, said the first PlayStation Network breach may have tempted hackers by revealing Sony as open to attack. "There's sort of a pile-on effect," Cate said. "Once you hear that there's a vulnerable network out there, other folks start trying. Sony's now a new target of interest."
Other hackers seem to have joined up for reasons other than political or monetary gain. Sites like has sonybeen hacked this week.com demonstrate a curious mixture of genuine curiosity and weary cultural saturation.

"Prior to the PSN hack, the loosely organized Anonymous group had waged war against Sony, reflecting the opinion of a significant share of netizens who got infuriated by Sony's corporate attitude," said Guillaume Lovet, a senior manager of the threat response team at Fortinet. "But now, from being a target for opinion reasons only, it also became a target 'just for the lulz,' for [hacker group] lulzsecurity and others."
"The outcome," Lovet said, "is more attackers, thus more successful hacks."

Some critics have questioned whether Sony's security efforts both before and after the initial breaches have been adequate. Sony has since promised to boost its security systems and review existing procedures. Still, according to experts, many of the attacks used to breach Sony's sites are fairly basic hacks that the company could easily have protected against.

"They seemingly have an almost anarchistic approach to global network security, with no visible coordination of security practices across Internet properties," said Abrams. "Some properties, such as Sony Pictures, seem to have been ignoring basic security best practices."

Part of the problem is Sony’s huge international web presence. Experts say its highly unlikely that the company's multiple divisions, from movies to gaming, are following any coordinated set of security protocols.

"Sony has disclosed many breaches, including different servers in Indonesia and Thailand. I highly doubt that the same developers who developed these websites are the same developers who worked on the Playstation Network, Sony Pictures, etc.,” said Derek Manky, a senior security strategist at Fortinet. "Quite simply, there is a tradeoff: Security dwindles as you add convenience and complexity."

While the novelty of hacking Sony may continue to diminish as other cybersecurity stories hit the news, it's clear Sony must get its act together or risk more attacks, a loss of customer faith and money and possible government intervention. 

"Sony needs time to get their security house in order," Jeremiah Grossman, the CTO of WhiteHat Security wrote in an email. "As an organization, Sony could see this as an opportunity. A year or more from now, they could be an example of how security SHOULD be done across the entire industry."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Phishing site found on Sony’s servers.

Posted by Avik Sarkar On 5/20/2011 06:55:00 pm


Okay, okay. Sony has had a lot to deal with of late, what with its Playstation network being hacked and subsequently being taken offline for quite some time. But we believe that Sony has been hacked yet again, this time its Sony Thailand’s website.
As security firm f-secure reports, Sony Thailand’s hdworld.sony.co.th URL has a phishing site running on it, leading to an Italian credit card company.
SonyThailandHack
As you can see, visiting the site on Google Chrome reveals a blatant warning that the site is in fact a phishing scam:

The phishing site is in fact  a sub-domain of Sony Thailand’s website, and it’s possible the hackers either have access to Sony Thailand’s DNS record or there could be a redirect in place on the servers itself, but we can’t be sure. We’ll update this as more information comes in and once we’ve spoken to a security consultant to learn how this could actually be possible.
Update
Okay, we’ve now spoken with Jobert Abma, an online security consultant from Online24. When asked how common this is, he said:
“It’s not as common as other vulnerabilities such as ‘usual’ web issues like data injection. But, when having mayor issues like file access, the success rate of such an attack becomes much higher.”
When asked how phishers actually carried out these hacks, Abma stated that the hackers simply looked for weaknesses in the application or infrastrucutre:
“It can be done through, for example, having file access. To grant such access, weaknesses in the application or infrastructure need to be found. As application issues, you’d mention database access to write files, including remote scripts, able to execute commands on the server and so on. As for weaknesses in an infrastructure, weak passwords or buffer overflows in software could be used to grant access.”
Following on from our chat with Jobert Abma, we spoke with Mikko H. Hyppönen from f-secure – the firm that found this latest hack. Hyppönen came across the site while investigating potential Playstation phishing scams. After confirming it was definitely a hack, Hyppönen gave his thoughts on how access was gained:
“If you have a large site with lots of legacy apps and mini-sites, it’s not unheard of for something like this to happen. In Sony’s case, it’s likely its a PHP or SQL hole rather than DNS access or  htaccess edit on the server itself.”
Hyppönen also stated that this doesn’t necessarily mean that Sony.co.th or Sony.com got hacked, because the sub-domain in question may run on an external party’s server:
“I believe this particular site might run on some ad agency’s IP address. Nevertheless, it’s under Sony’s name, so technically, it’s Sony’s server.”
But it’s not just Sony that will suffer from this. It’s likely that part of the scam will involve spamming people with .it (Italy) email addresses whilst this phishing site is still live. And the hope for the scammers, of course, is they’ll hit someone who does hold the credit card in question.
So, not a good few weeks for Sony at all.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

PSN Hacked Again By Anonymous! 10 Million Users Affected [Sony Denis The Hack]

Posted by Avik Sarkar On 8/16/2012 05:46:00 am

PSN Hacked Again By Anonymous! 10 Million Users Affected [Sony Denis The Hack]

Oh! no again Sony Play Station Network faced cyber attack. Guess who was behind this??? Yes this time also hacker collective Anonymous have breached the PSN and stolen more than ten million account details (Email-id & encrypted passwords). Anonymous announced the hack on its Twitter account on Wednesday (though that tweet has since been removed). 

That tweet has claimed that yet again Anonymous have broken into PlayStation Network and has a 50 gigabyte database of email accounts and their passwords – this would put more than ten million accounts at risk. This would be a huge blow to Sony if Anonymous has in fact completed a successful PSN hack and PlayStation Network breach. If PSN has been breached millions of users personal information, including credit cards, would be in the hands of potentially malicious users.
However note that Sony completely denies the hack. The official twitter account of PSN says- "We can confirm that the recent claim that PSN was illegally hacked & that customer PWs and email addresses were accessed is completely false".

According to Kotaku reports that the list in the Pastebin doc is a copy of a seemingly unrelated list of email addresses from March 2012, called "Email accs! // universe security sucks." The PSN hack, in other words, appears to be a rumor that didn't turn out to be true.But still we have to wait for Sony's official response about the whole matter. 
Since last year the battle between hacktivist Anonymous, Lulzsec and Sony is running. Hackers have penetrated Sony's PSN network and stolen millions of user personal information. Later Sony was forced to shutdown its entire network & apologized for the whole massacre. Not only PSN, also Sony Online Entertainment, Sony Pictures, Several Sony's official website from different countries fallen victim to the hackers. 




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony CEO Stringer apologizes for hacked services & also promises ID theft protection

Posted by Avik Sarkar On 5/07/2011 12:10:00 am


Sony has promised that its hacked services will be back up “in the coming days”and has joined with Debix for an identity theft protection program that will insure users against identity theft for up to $ 1 million each.
The company said Thursday that it has started internal testing on its networks, something it calls an “important step” toward restoring its affected services.
On April 26, Sony announced that a Cyber attack on its system was large-scale, and had compromised millions of customers’ personal information. It cautioned that credit card information might have also been stolen. On May 2, Sony Online Entertainment, another Sony division, announced that credit card data had been stolen from its servers as part of an attack.
An apology letter from Sony CEO and president Howard Stringer was posted on the company’s blog Thursday night. The letter said that while Sony has not heard any confirmed reports of personal or credit card information being misused, it will offer a free identity protection plan to any affected user who registers for the program by June 18.
The Sony program offers identity theft protection for one year from the registration date. It includes cyber monitoring with monthly identity status reports, access to privacy and identity theft specialists and a $1 million theft insurance policy per user. Sony will e-mail users eligible for the program with more details. The program is currently only for U.S. users; Sony is working on offering similar programs worldwide.
Stringer also acknowledged customer complaints over Sony’s decisions to delay notifying customers. “I know some believe we should have notified our customers earlier than we did. It’s a fair question,” Stringer wrote, going on to say that, “...it took some time for our experts to find those tracks and begin to identify what personal information had — or had not — been taken.”
This is the first time Stringer has issued a comment on the breach. Spokesman Patrick Seybold has been issuing most of the company’s announcements, while Sony’s popular second-in-command, Kazuo Hirai, has been the public face of Sony at press conferences.
Even as Sony moves to heal its relationship with customers, however, a report from CNET warns that the company may soon face another attack. Citing a source who’s seen chatter from a hacker internet relay chat channel, the report says that a group announced they will attack Sony again and publicize customer names, credit card numbers and addresses taken from the company’s servers.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony's website in 13 countries been hit by hackers

Posted by Avik Sarkar On 5/24/2011 10:11:00 pm




Sony Corp bounced from two-month lows after the electronics conglomerate said this year's operating profit would match last year's, easing worries about the impact of the March earthquake. In its first estimate for the year to March 2012, Sony said operating profit would come in around 200 billion yen (USD 2.44 billion), prompting Macquarie to upgrade its rating on the stock to outperform from neutral. Morgan Stanley, Credit Suisse and UBS reiterated their overweight, buy or outperform ratings. Separately, Sony said on Tuesday websites in three countries were hacked and personal information for 8,500 people were leaked from its Greek Sony Music Entertainment website, in the latest of a series of security breaches. The company said all three sites had been taken down and that no credit card information had been registered. Analysts said Sony had provided markets with a realistic view of the impact of the quake and a PlayStation network hacking incident, both of which had weighed on the shares. Sony said it expects the quake and the hacking incident to drag down operating profit by 164 billion yen in the current financial year. In contrast, the decline in Sony's market capitalisation of 264 billion yen since the quake "looks overdone," Macquarie analyst Jeff Loff wrote in a report. "With shares cheap and cost impacts one-time in nature, we expect the stock to reverse its fall." Sony expects to report a net loss of 260 billion yen (USD 3.2 billion) for the year ended March 31, its third straight annual net loss, after writing of tax credits following Japan's earthquake and tsunami.
Many of Sony's rivals, including Panasonic Corp, have yet to issue forecasts for the current year due to uncertainty following the disaster. Shares in Sony, the maker of PlayStation video games and Vaio computers, were up 2.4% by 0340 GMT, outperforming a flat Tokyo electrical machinery subindex . Sony's shares dipped nearly 1% in early trade, to its lowest since the immediate aftermath of the earthquake. Some fund managers however said the shares, down 22% so far this year, might not see sharp gains. "I agree that shares are unlikely to keep sliding, but neither do I see any new catalysts that would bring the share price up. I expect shares to continue meandering back and forth at low levels," said Makoto Kikuchi, chief executive officer at Myojo Asset Management. "It's not just Sony. Panasonic, Sharp -- all Japanese home electronics makers have seen the base of their share price sink. They can't compete in prices, so the only route they have is to create new markets with high added value. Products that would make people pay more." "Sony used to have this ability. But I don't see anything that would make share prices rise this fiscal year." Sony has seen a series of hacking attacks that have exposed more than 100 million accounts on its online gaming network to possible data theft, casting doubt on Sony's bid to reinvent itself through its online business. The company cut its annual net earnings forecast for the year ended March 31 to a loss of 260 billion yen from its previous estimate of a profit of 70 billion yen. Credit Suisse analyst Shunsuke Tsuchiya said shares in Sony were close to bottoming out and Morgan Stanley's Masahiro Ono said the announcement cleared uncertainty and was a positive. Sony has been largely squeezed out of the portable music market by Apple Inc's iPod, while losing market share to Samsung Electronics in flat-screen TVs. Sony, which had developed but scrapped products that could be said to predate both the iPod and iPad, is set to announce its full results on Thursday.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony Pictures Official Website & Facebook Page Hacked By Anonymous (#OpSony)

Posted by Avik Sarkar On 1/07/2012 09:32:00 pm


Remember few days ago we have covered that hacktivist Anonymous has given warning to Sony. Recently the have posted a YouTube video declaring that they will hack Sony again. If Sony doesn't stop their support of the Stop Online Piracy Act. Anonymous has confirmed that they have once again hacked Sony Pictures, gaining access to their Facebook account and website. Anonymous did threaten Sony for supporting the controversial SOPA bill and now it seems that the threats materialized.
The hack hit the Sony Pictures Facebook page and its web site homepage, according to reports and tweets from those involved. Comments were left on the web pages, but have since been removed.
The attacks carry the name #OpSony and were noted through the @s3rver_exe Twitter account


"#OpSony SonyPictures Hacked! by s3rver.exe , Anonnerd and N3m3515," says a tweet from that user, who continued, "I uploaded a @YouTube video (link removed) Sony Pictures Hacked By Anonymous."
"The hack wasn't big, but still the servers were vulnerable and I got access to the admin too," The Hacker added.
In 2011Anonymous caused major problems for Sony after successfully hacking into the firm's online gaming network and stealing the login information of thousands of users, forcing the system offline for several weeks.


-Source (The Inquirer)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony Hacked Again, 1 Million User Data Compromised

Posted by Avik Sarkar On 6/03/2011 07:35:00 pm


A group of hackers that recently gained notoriety for hacking PBS.org’s home page with an image of NyanCat, announced Thursday that it has stolen data from Sony. It’s yet another in a seemingly endless string of embarrassing security incidents for the company, but what’s shocking is just how exposed the data was to begin with.
In a press release posted to their Web site, LulzSec claims to have broken into SonyPictures.com and “compromised over 1,000,000 users’ personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts.”
The theft included 75,000 “music codes” and 3.5 million “music coupons,” according to the group. LulzSec has posted segments of data they claim to have taken from Sony’s server to serve as proof of their accomplishment.
There are two astonishing twists to this story - one is that LulzSec was apparently able to access the information fairly easily, using what they describe as “a very simple SQL injection, one of the most primitive and common vulnerabilities.” Secondly, “every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just a matter of taking it. This is disgraceful and insecure: they were asking for it.”
If true, it’s devastating news for Sony, which is just getting back on its feet after shutting down access to its PlayStation Network and Sony Online Entertainment servers after hackers made off with personal information on more than 100 million user accounts.
The PlayStation Network, which controls PlayStation 3 and PlayStation Portable users’ ability to connect to one another to play online games, was down for more than three weeks through the last half of April and first half of May as Sony struggled to secure the system.
And only in the past 24 hours has Sony brought back its PlayStation Store, which serves as a way for PS3 and PSP users to download games and content for their systems.
Sony hasn’t even yet initiated its “Welcome Back” package for consumers affected by the PSN blackout - a collection of about $100 worth of games and content, as well as access to the company’s premium “PlayStation Plus” service.
SonyPictures.com isn’t directly related to the PlayStation 3 or PlayStation Network - it’s Sony’s consumer-facing Internet site for information on their movies, television and home entertainment offerings on Blu-Ray Disc and other formats. But Sony’s many Web sites and servers have been on the receiving end of security probes and hack attacks for some time, exacerbated by the company’s legal proceedings against George “Geohot” Hotz, a programmer who sought to “jailbreak” or enable the PlayStation 3 console to support Linux operating system software - a feature Sony once supported itself, but later removed in a firmware update. Since the widely-publicized outage of the PlayStation Network, hackers have stepped up their attempts to break into Sony’s systems.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony Online Entertainment Shut Down After 25 Million More Acounts Hacked

Posted by Avik Sarkar On 5/03/2011 04:40:00 pm



Sony Online Entertainment has temporarily shut down its online games service and its Facebook games after discovering the April break-in that led to the theft of 77 million user accounts also affected its system.
A spokesman for the online games unit said the service was taken down at 1:30 am Pacific time on Monday. The spokesman declined to say how many customers were affected and none were alerted beyond a terse message on its website.
Facebook games developed by Sony Online Entertainment including "PoxNora," "Dungeon Overlord," "Wildlife Refuge," as well as games based on the Star Wars movies, were all shut down.
Sony posted a message on Facebook saying "we had to temporarily take down SOE services during the night." A Sony spokesman said the Facebook games make money from microtransactions and the sale of virtual goods like costumes and weapons.
Facebook could not immediately be reached for comment.
Sony Online Entertainment is a division of Sony Corp, the global electronics company that operates online games such as "EverQuest" and is separate from the PlayStation video game console division.
Story continues below
The spokesman, who could not confirm a Nikkei report that 12,700 credit card numbers were stolen from the intrusion of Sony Online Entertainment, said it was not "a second attack" and was related to the April 17-19 break-in of the Sony PlayStation Network.
"In the course of our investigation into the intrusion into our systems we have discovered an issue that warrants enough concern for us to take the service down effective immediately," the company said on its website.
Sony on Monday denied on its official PlayStation blog that hackers had tried to sell it a list of millions of credit card numbers.
The news comes less than a week after Sony alerted customers that a hacker broke into Sony's PlayStation video game network and stole names, addresses, passwords and possibly credit card numbers of its 77 million customers.
Sony alerted customers a week after discovering the break-in.
Sony executives apologized on Sunday and said it would gradually restart the PlayStation Network with increased security and would offer some free content to users.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony Playstaion Vita is Vulnerable to Hacking !!

Posted by Avik Sarkar On 9/09/2012 01:00:00 am

Sony Playstaion Vita is Vulnerable to Hacking !!

Sony has always been the worst luck when it has come to hacking and preventing themselves from victimizing their system. Today a Gaming community named 'NeoGAF' said Sony's Playstaion Vita has allegedly been hacked. According to a coder and developer Yifan Lu there is a weakness that could lead to the hacking of the Vita.  Yifanlu started a new project called Usermode Vita Loader (UVLoader), it will be a homebrew loader for the PSV, basically. The project is allegedly based on a PS Vita exploit found by Yifan Lu, but no details have been revealed. At this stage only a few lines of code have been written. Being in such an early stage, there is no release date and it doesn't work, but Yifan Lu is actively seeking developers to assist in the project. Lu said he would be updating details on his personal blog. 
Almost anyone who is involved or knows of the gaming & security industry knows that the relation between Sony and hackers are not healthy at all. Since last year the battle between hacktivist AnonymousLulzsec and Sony is running. Hackers have penetrated Sony's PSN network and stolen millions of user personal information. Later Sony was forced to shutdown its entire network & apologized for the whole massacre. Not only PSN, also Sony Online EntertainmentSony Pictures, Several Sony's official website from different countries fallen victim to the hackers. Even last month hackers from Anonymous claimed to have breached PSN once again which affected more than 10 million users. Later Sony denies the hack. 






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony says 25 million more accounts hacked

Posted by Avik Sarkar On 5/03/2011 08:26:00 pm




Sony Corp. said Monday that hackers may have taken personal information from an additional 24.6 million user accounts after a review of the recent PlayStation Network breach found an intrusion at a division that makes multiplayer online games.

The data breach comes on top of the 77 million PlayStation accounts it has already said were jeopardized by a malicious intrusion.

The latest incident occurred April 16 and 17 - earlier than the PlayStation break-in, which occurred from April 17 to 19, Sony said.

About 23,400 financial records from an outdated 2007 database involving people outside the U.S. may have been stolen in the newly discovered breach, including 10,700 direct debit records of customers in Austria, Germany, the Netherlands and Spain, it said.

The outdated information contained credit card numbers, debit card numbers and expiration dates, but not the 3-digit security code on the back of credit cards. The direct debit records included bank account numbers, customer names, account names and customer addresses.

Company spokeswoman Taina Rodriguez said Sony had no evidence the information taken from Sony Online Entertainment, or SOE, was used illicitly for financial gain.

"We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1 we concluded that SOE account information may have been stolen and we are notifying you as soon as possible," Sony said in a message to customers.

Sony said that it shut service Monday morning to Sony Online Entertainment games, which are available on personal computers, Facebook and the PlayStation 3 console. Its most popular games include "EverQuest," "Free Realms" and "DC Universe Online."

The company said it will grant players 30 days of additional time on their subscriptions, along with one day for each day the system is down. It is also creating a "make good" plan for its multiplayer online games.

On Sunday, Sony executives bowed in apology and said they would beef up security measures after an earlier breach caused it to shut down its PlayStation network on April 20. The company is working with the FBI and other authorities to investigate what it called "a criminal cyber attack" on Sony's data center in San Diego, Calif.

The company said it would offer "welcome back" freebies such as complimentary downloads and 30 days of free service to PlayStation customers around the world to show remorse and appreciation.

PlayStation spokesman Patrick Seybold, in a blog post Monday, denied a report that said a group tried to sell millions of credit card numbers back to Sony.

He also said that while user passwords had not been encrypted, they were transformed using a simpler function called a hash that did not leave them exposed as clear text.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Nintendo Servers Hacked, Next target XBOX

Posted by Avik Sarkar On 6/05/2011 10:49:00 pm


Nintendo reports that a Web server for its U.S. unit was hacked. The attack on Nintendo shows that this new era of hacking isn't going to end any time soon, and should serve as a wakeup call for other companies that were hoping this was purely a Sony issue. To be fair, the Nintendo incident is nothing compared to the Sony debacle. It's like comparing the United States "invasion" of Grenada, with the United States bombing Hiroshima and Nagasaki. While Sony has been hacked repeatedly for the past month--compromising sensitive information from more than 100 million user accounts in the process, the Nintendo hack appears to have yielded a simple server configuration file, and not exposed any sensitive data.
Hackers continue to take down networks for hacktivism bragging rights. The current plague of hacks and network takedowns is not limited to game console vendors, nor is it limited to one hacking collective. LulzSec is dominating headlines right now after attacking PBS, the FBI, hacker magazine 2600, and now Nintendo, but there are other groups out there as well--like the notorious Anonymous.
2600 seems to have nailed it on the head when it tweeted, "Hacked websites, corporate infiltration/scandal, IRC wars, new hacker groups making global headlines - the 1990s are back!"
Yes. That seems to sum things up. Granted, the vast majority of these attacks are driven by "hacktivism"--a pseudo-noble attempt to stand up for an issue and make a statement. But, there is a fine, fine line between that "Robin Hood complex" vigilantism, and just being a cyber thug.
The problem with hacktivism is that there are hackers representing both sides. While hacker groups battle it out online for bragging rights, innocent users are caught in the crossfire. I can sympathize with some of the hacktivist causes, but regardless of my opinion of Sony, or any other organization, I can't condone or support exposing sensitive information of users, or even interrupting services that those users have paid for and enjoy using.
While malware has evolved from script kiddies in search of bragging rights to organized crime in search of money, hacktivism is bringing back the "Wild West" days of the Internet. The thing is, hacktivism is just hacking--it's easy to rationalize by making it about trying to stand up for an issue or make some sort of statement, but really the only statement it makes is "look how great I am--I got in to your network."
The days of "All Your Base Are Belong to Us" are back. Watch your back Xbox Live, you're probably next as some group attempts to "outdo" LulzSec.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Google Pakistan Hacked & Defaced By Turkish Hacker

Posted by Avik Sarkar On 11/24/2012 07:05:00 pm

Google Pakistan Along With Microsoft  HP, HSBC, Apple, PayPal, Blogspot Hacked & Defaced By Turkish Hacker

Today was most probably the worst day in the history of Pakistan cyber space. Ten big domains of Pakistan has been stroked very badly. Many of you are guessing that it was Indian hackers who cost this damage. But in reality the attack was not generated from India, Bangladesh or such any other native countries,  but it was a Turkish hacker who have reportedly taken down the home and search page of Google Pakistan while leaving an image of two penguins walking across a bridge for million of users. I think now you got that, yes it was Google Pakistan which has been hacked and defaced by a Turkey hacker code named "KriptekS". In the deface page the hacker left several messages in Turkish language, the translation of the text, written on the website, is: "eboz. My homies in a friend always there for me. Have not shot by me with every breath." Also the hacker left a message saying "Pakistan Downed" which is indicating that the home page of Google Pakistan is indeed take down. According to deface mirror on Zone-H, the attack took place around 02:17 in the afternoon, but still, when I am writing this article, the home page of Google Pakistan is still offline. 
May be you are thinking that the story is over, but no; as I told earlier it was the worst day for Pakistani cyber fence, trust me indeed it was. As along with Google, KriptekS, the Turkish hacker also targeted Pakistani domain of Blogger, HSBC, Coca-Cola, Fanta, Paypal, Microsoft, HP & Apple. Also it has been reported that Pakistani domain of Sony, Yahoo & Windows has also been allegedly hacked. And all those hacked domains are still offline. 

List of Hacked Sites:-

http://www.google.com.pk
http://www.google.pk
http://www.hp.com.pk
http://www.apple.pk
http://www.hsbc.pk
http://www.blogspot.pk
http://www.coca-cola.pk
http://www.fanta.pk
http://www.paypal.pk
http://www.microsoft.pk
www.visa.com.pk
www.ebay.pk
www.msn.org.pk
www.sony.pk
www.windows.com.pk
www.yahoo.pk


Deface Mirrors:-

http://zone-h.com/mirror/id/18639529
http://zone-h.com/mirror/id/18639530
http://zone-h.com/mirror/id/18639528
http://zone-h.com/mirror/id/18639527
http://zone-h.com/mirror/id/18638930
http://zone-h.com/mirror/id/18638890
http://zone-h.com/mirror/id/18638879
http://zone-h.com/mirror/id/18638866
http://zone-h.com/mirror/id/18638824
http://zone-h.com/mirror/id/18638825
http://zone-h.com/mirror/id/18638826
http://zone-h.com/mirror/id/18638827
http://zone-h.com/mirror/id/18638828
http://zone-h.com/mirror/id/18638820
http://zone-h.com/mirror/id/18638822
http://zone-h.com/mirror/id/18638823


While talking about this dangerous cyber attack, we would like to remind you that few days ago couple of Pakistani hackers defaced several big Israeli domains including MSN, Bing, Live, Skype, Microsoft Store, BBC, CNN, Coca-Colla, XBOX, Windows, Intel, Philips, Israeli Parliament, Citi Bank and so on. Whether it is not clear that this attack on Pakistan has nay relation with that attack on Israel. But what we can say is that "KriptekS" exactly followed the same path, which Pak hackers shown the world few days ago. 




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Unpatchable Security Hole in PlayStation 3 Leading The "final hack" Also LV0 Cryptographic Keys Revealed

Posted by Avik Sarkar On 10/26/2012 05:59:00 am

Unpatchable Security Hole in PlayStation 3 Leading The "final hack" Also LV0 Cryptographic Keys Revealed

We all are very much aware that Sony along with its product's were always been a very hot favorite target of hackers. But here there are few twists, so the word 'Hack' will be be the appropriate one to describe of what happened to Sony. According to a report on Eurogamer Sony's PlayStation 3 is facing a new security threat - one it hasn't seen since the system was cracked via the PSJailbreak in 2011. The PS3 has been hacked before, but Sony was able to inhibit the hack with an update to its own firmware. This is much like the history of jailbreaking on Apple's iOS. But the latest PS3 break is being dubbed unpatchable and the final hack. That's because this hack isn't giving you an exploit to use against a programming hole. It's giving you Sony's so-called LV0 (level zero) cryptographic keys
A decryption key that is reported to be circulating on the net is said to remove the final protective barrier on some models of Sony's PlayStation 3 consoles. In the long run, the release of the key will probably allow unsigned software such as homebrew games, Linux distributions, or pirate copies of software to run on some PS3 consoles. Allegedly, the private key can be used to modify and sign the "LV0" (Level 0), for example to disable its security checks. When the PS3 system boots, from version 3.60 of the PS3's firmware, the LV0 is directly launched by the bootloader (bootldr) that is built into the system's hardware – which means that the chain of trust is broken at a very early stage. As Sony won't be able to update the bootloader with a software update, the hacker community considers this the "final hack" of the PS3 in its current forms. Eurogamer says that these keys may not have been released at all if not for a Chinese hacking outfit called "BlueDiskCFW," who gained access to the keys and planned to charge for new custom firmware updates it would create. The original group that created the LV0 had no plans on releasing them, but eventually they were leaked onto the Internet in some limited fashion. Seeing that someone was going to profit on them, the group known as "The Three Tuskateers" decided to release them into the wilds of the Internet. 
In a statement the hacker group says that "You can be sure that if it wouldn't have been for this leak, this key would never have seen the light of day, only the fear of our work being used by others to make money out of it has forced us to release this now," 





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony Pakistan Hacked By Optik Fiber (Team Openfire)

Posted by Avik Sarkar On 9/18/2011 10:11:00 pm


Sony Pakistan Hacked By Optik Fiber of Team Openfire also known as Indian Cyber Force. The hacker group hacked the Database of Sony Pakistan and exposed  admin credentials and so on.
Websites:-
http://sonycenter.com.pk/

Here are some exposure submitted by Team Openfire:-

INFECTED FILE : CATEGORY.PHP
ADMIN USERNAME :- admin                                       
PASSWORD :- pa$$word

For More Information Click Here



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Said, Our Security is Stronger than Sony & RSA, also We are not Vulnerable to DDoS

Posted by Avik Sarkar On 7/08/2011 03:24:00 pm


Microsoft's John Howie claims Microsoft security is stronger than Sony and RSA which were hacked due to "rookie mistakes." The software giant also released Volume 10 of its Security Intelligence Report.

Uh-oh. There's nothing quite like throwing down the gauntlet and virtually taunting hackers to prove a proud boast is false. In what some attackers might consider a dare,  John Howie, Microsoft's senior director in the Online Services Security & Compliance (OSSC) team, basically claimed that Microsoft sites are unhackable and can't be DDoSed.
According to Microsoft, "rookie mistakes" by Sony and security firm RSA caused the corporations to be brought down by hackers. Howie told Computing News that Sony was coded badly and failed to patch its servers. "These are rookie mistakes," Howie said.  In regards to the breach at RSA, Howie stated, "RSA got hacked because someone got socially engineered and opened a dodgy email attachment. A rookie mistake."
Howie added, "At Microsoft we have robust mechanisms to ensure we don't have unpatched servers. We have training for staff so they know how to be secure and be wise to social engineering. We have massively overbuilt our internet capacity, this protects us against DoS attacks. We won't notice until the data column gets to 2GB/s, and even then we won't sweat until it reaches 5GB/s. Even then we have edge protection to shun addresses that we suspect of being malicious."
In other Microsoft security news, after analyzing 600 million computers worldwide, Microsoft released Volume 10 of its Security Intelligence Report. It  focuses on malware, software vulnerability disclosures, vulnerability exploits, and related trends. The majority of all vulnerabilities in 2010 were vulnerabilities in applications versus operating systems or web browsers. Exploiting Java vulnerabilities topped the list of exploitation categories over generic HTML/scripting exploits, operating system exploits, and document exploits. Adobe Acrobat and Reader accounted for the highest number of document format exploits. Windows 7 and Windows Server 2008 R2 had the lowest operating system infection rate for both client and server platforms. 64-bit versions of Windows 7 which "appeal to a more technically savvy audience than their 32-bit counterparts" have the lowest infection rates.
In regard to malicious websites, phishers targeted gaming sites in the first half of 2010 but then targeted social networks. Yet the "number of active sites targeting gaming sites remained relatively high during the second half of the year, which suggests that more campaigns may be coming."
According to the SIR [PDF] Global Threat Assessment graph below, in the 4th quarter of 2010, the most common threat in the USA  was miscellaneous Trojans which affected 38.6% of all cleaned computers. This was down from 43.8% in the 3rd quarter. The second most common threat was Adware which affected 28.3% of all cleaned computers and was up from 23% in the third quarter. "Miscellaneous Potentially Unwanted Software" was the third most common threat in the U.S. and affected 24.6% of cleaned computers. The MSRT detected malware on 11.6 of every 1,000 computers scanned in U.S. in 4Q10 giving the States "a CCM score of 11.6, compared to the 4Q10 average worldwide CCM of 8.7."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

A Tribute to The 10 Most Infamous Student Hackers of All Time

Posted by Avik Sarkar On 9/15/2012 04:01:00 pm

A Tribute to The 10 Most Infamous Student Hackers of All Time

Since last two years, we the VOGH team has been covering all the latest cyber security updates. But today lets do some thing different. One of our frequent reader and fan Katina Solomon has requested us to share a fantastic article. Everyday VOGH draws headlines of hackers around the world and their activities. While trying to maintain speed with time, we usually forgot our past. Today we will take you into the past, where we will discuss about those heroes, who are always been ill treated by the society & the system while revamping those heroes into cyber-criminals or infamous hackers. Its our question to our humanity "Did the system has done justice with them??" 
Hacking has always been inherently a young person’s game. The first usage of the word “hacker” was to describe pranksters meddling with the phones at MIT. Many hackers have cited boredom, a desire for change, or the thrill of going somewhere one is not supposed to go as their motivation for hacking, all of which could apply to scores of common activities on college campuses. While today’s hacking scene is dominated by large hacking groups like Anonymous and Masters of Deception, many of the greatest hacks ever have been pulled off by college, high school, and even middle school kids who rose to infamy armed only with a computer and the willingness to cross the bounds of legality.
  1. Sven Jaschan: In the words of one tech expert, “His name will always be associated with some of the biggest viruses in the history of the Internet.” The viruses: the Sasser and NetSky worms that infected millions of computers and have caused millions of dollars of damage since their release in 2004. The man behind the viruses proved to be not even a man at all, legally. Seventeen-year-old hacker Sven Jaschan, a student at a computer science school in Germany, claimed to have created the viruses to become a hero by developing a program that would eradicate the rampaging Mydoom and Bagle bugs. Instead he found himself the subject of a $250,000 bounty courtesy of Microsoft, for which some of his classmates turned him in.
  2. Jonathan James: In 2000, at the age of 16, James, or “C0mrade” as he was known in the hacker community, infamously became the first juvenile federally sentenced for hacking. The targets of his notorious hack jobs were a wing of the U.S. Department of Defense called the Defense Threat Reduction Agency, NASA, and the Marshall Space Flight Center in Huntsville, Ala. (By hacking the latter James gained the ability to control the A/C in the International Space Station.) All of these were pulled off “for fun” while James was still a student at Palmetto Senior High in Miami. Unfortunately, the fun ran out when James was tied into a massive identity theft investigation. Though insisting he was innocent, James took his own life, saying he had “no faith in the justice system.”
  3. Michael Calce: Yahoo. CNN. Ebay. Amazon. Dell.com. One by one in a matter of days, these huge websites crashed at the hands of 15-year-old Canadian high school student Michael Calce, aka “MafiaBoy.” Armed with a denial-of-service program he called “Rivolta” that overloaded servers he targeted, the young hacker wreaked $7.5 million in damages, according to court filings. Calce was caught when he fell victim to a common ailment of teenage boys: bragging. The cops were turned on to him when he began boasting in chat rooms about being responsible for the attacks. On Sept. 12, 2001, MafiaBoy was sentenced to a group facility for eight months on 56 counts of cybercrime.
  4. Kevin Mitnick: Before performing hacks that prompted the U.S. Department of Justice to declare him “the most wanted computer criminal in United States history,” Kevin Mitnick had already made a name for himself as a hacker in his school days, first at Monroe High School in LA and later at USC. On a dare, Mitnick connived an opening into the computer system of Digital Equipment Corporation, which some fellow hackers then used to steal proprietary source code from the company before ratting on him. While still on probation for that crime, Mitnick broke into the premises of Pacific Bell and had to go on the run from police in the aftermath, during which time he hacked dozens of systems, including those of IBM, Nokia, Motorola, and Fujitsu.
  5. Tim Berners-Lee: “Scandalous” is a synonym for “infamous,” and for this legendary computer scientist, knight of the British Empire, and inventor of the World Wide Web to have been a hacker in his school days is certainly a juicy factoid. During his time at Oxford in the mid-’70s, Sir Tim was banned from using university computers after he and a friend were caught hacking their way into restricted digital areas. Luckily by that time he already knew how to make his own computer out of a soldering iron, an old TV, and some spare parts. And also luckily for him, he will always be revered as the father of the Internet.
  6. Neal Patrick and the 414s: In the early ’80s, hacking was still a relatively foreign concept to most Americans. Few recognized the enormous power hackers could hijack with a few strokes on a keyboard, which explains why a young group of hackers known as the 414s (after a Milwaukee area code) were virtual celebrities after they hacked into the famous Los Alamos National Laboratory, the Memorial Sloan-Kettering Cancer Center, and elsewhere. While today hacking a lab where classified nuclear research is conducted could earn you a one-way ticket to Guantanamo, the 17-year-old ringleader and high school student Neal Patrick was on the cover of Newsweek. The group members got light sentences but prompted Congress to take a stronger role in cybercrime.
  7. Robert T. Morris: The first ever Internet worm, the Morris Worm derived its name from Cornell grad student Robert Tappan Morris. In 1988, Morris released the worm through MIT’s system to cover his tracks, which would seem to contradict his claims that he meant no harm with it. But that’s exactly what resulted: the worm spread out of control, infecting more than 6,000 computers connected to the ARPANET, the academic forerunner to the World Wide Web. The damages reached as high as an estimated $10 million, and Morris earned the ignominious distinction of being the first person prosecuted under the Computer Fraud and Abuse Act. Morris got community service but was apparently not considered too infamous to be offered his current job as a professor at MIT.
  8. George Hotz: To some, George Hotz (aka “geohot,” aka “million75,” aka “mil”) is a public menace, a threat to electronic businesses everywhere. To many, Hotz is a hero. The high-schooler shot to fame/infamy in 2007 at the tender age of 17 by giving the world its first hacked, or “jailbroken” iPhone. He traded it for a new sports car and three new iPhones, and the video of the hacking received millions of hits. Apple has had to grudgingly come to terms with jailbreaking, seeing as the courts have declared it legal, but Sony Corp. is definitely not OK with such tampering. When Hotz hacked his PlayStation 3 and published the how-to on the web, the company launched a vicious lawsuit against him. In turn, the hacker group Anonymous launched an attack on Sony, stealing millions of users’ personal info.
  9. Donncha O’Cearbhaill: According to the FBI, this 19-year-old freshman at Trinity College Dublin is one of the top five most wanted hackers in the world. Well, he was; now that he’s been arrested he’s not really “wanted” anymore. The Feds contend the young man is a VIP member of the Anonymous and LulzSec hacking groups that have already been mentioned and whose targets have included the FBI, the U.S. Senate, and Sony (in the Hotz backlash). It seems “Palladium” (O’Cearbhaill) took the liberty of listening in on a conference call between the FBI and several international police forces who were discussing their investigations of the hacking groups. He could be sentenced to up to 15 years in prison if convicted for that hack alone.
  10. Nicholas Allegra: Just as George Hotz moved on from the Apple hacking game, Brown University student Nicholas Allegra is also hanging up his jersey. “Comex,” as he is known to millions of rooted iPhone fans, created the simple-to-use Apple iOS jailbreaking program JailbreakMe in 2007 and has since released two newer versions of it. However, Comex seems to have gone over to the dark side, accepting an internship with the very company whose products he became famous exploiting. Still, Allegra’s hacking skills are so advanced (one author puts him five years ahead of the authors of the infamous Stuxnet worm that corrupted Iran’s nuclear facilities) and so many people availed themselves of his talents, he will forever live in hacking infamy.

We want to dedicate the above post to the legendary hacker, who left us -Jonathan James aka “C0mrade”. Also the post is a tribute to all the so called 'infamous hackers'. You are our heroes and inspiration, you will always be there in our soul. Team VOGH salutes you...... 


-Thank you Katina & Online Degrees




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Anonymous hacked by one of its own

Posted by Avik Sarkar On 5/11/2011 12:24:00 pm


Infamous hacktivist group Anonymous has been hacked by one of its own. In a message posted to the AnonOps.in site, the group claimed a former member organised the attack, taking over its AnonOps.ru and .net communications sites and publishing names and IP addresses of users online.
After receiving media attention worldwide when Sony claimed it was unwittingly involved in hacking the PlayStation Network, it seems Anonymous now has its own crisis to deal with.
"We regret to inform you today that our network has been compromised by a former IRC-operator and fellow helper named 'Ryan'," the group claimed.
The hacker brigade strongly advised users to stay clear of the AnonOps network and added: "He decided that he didn't like the leaderless command structure that AnonOps Network Admins use. So he organised a coup d'etat."
After stealing the IP addresses of hundreds of the message board's users, the mysterious Ryan reportedly launched denial-of-service attacks against AnonOps.ru and AnonOps.net, the platforms that provide communications for the group. It is where hundreds of supporters have collaborated when they brought sites such as PayPal and Bank of America offline, and commanded the cyber attacks in support of WikiLeakslast year.
Anonymous is still under attack. Going to AnonOps.net diverts to a page with the title 'LOL ANONOPS DEAD' followed by some rather unpleasant language.
Despite repeatedly denying responsibility for the hack, Anonymous has been in the spotlight since the Chairman of Sony Computer Entertainment, Kazuo Hirai, wrote to US authorities suggesting the group played a role in Sony's massive data breach.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search