Operation Shady RAT (The Biggest Cyber-Attack Ever)

Posted by Avik Sarkar On 8/04/2011 01:50:00 am



Researchers from security software concern McAfee say they have discovered the biggest series of computer intrusions ever, covering some 72 organizations and governments around the world, including the U.S., Taiwan, Vietnam, South Korea, Canada and India — some of them dating back as far as 2006. (See the map of targets, courtesy of McAfee, below.)
And these aren’t the kind of cyber attacks carried out by bumbling troublemakers like the LulzSec gang, which make headlines but really only cause a nuisance for companies like Sony. In these cases, networks were compromised by remote access tools — or RATs, as they’re known in the industry. These tools — and they are tools, because they have legitimate uses for system administrators — give someone the ability to access a computer from across the country or around the world. In this case, however, they were secretly placed on the target systems, hidden from the eyes of day-to-day users and administrators, and were used to rifle through confidential files for useful information. It’s not for nothing that McAfee is calling this Operation Shady RAT.
McAfee says the attacker was a “state actor,” though it declined to name it. I’ll give you three guesses who the leading candidate is, though you’ll probably need only one: China.
Dmitri Alperovitch, McAfee’s Vice President, Threat Research, makes a statement in his blog entry on the discovery that should give everyone minding a corporate or government network pause: “I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact.” He further divides the worldwide corporate landscape into two camps: Those who have been compromised and know it, and those who simply don’t know it yet.
This has been a particularly nasty year on the cyber security front. (I hate to say it, but I told you so.) Prior to this, the big attack whose full impact has not yet been fully sized up was the one against the RSA SecureID system, which uses popular keychain devices that create a constantly changing series of numbers that in turn create a second password for access to system resources. They’re widely used in government and military circles and among defense contractors. Google has been a regular target in recent years.
The RSA attack and Operation Shady RAT are examples, Alperovitch says, of an “Advanced Persistent Threat.” The phrase has come to be a buzzword that, loosely translated into English, means the worst kind of cyber attack you can imagine. Unlike the denial-of-service attacks and network intrusions carried out by LulzSec and its ilk, which require only minimal skill and marginal understanding of how networks and servers work, an APT is carried out by someone of very high skill who picks his targets carefully and sneaks inside them in a way that is difficult to detect, which allows access to the target system on an ongoing basis that may persist for years.
How did these attacks happen? Its very simple: Someone at the target organization received an email that looked legitimate, but which contained an attachment that wasn’t. This is called “spear phishing,” and it has become the weapon of choice for sophisticated cyber attackers. The attachments are not what they appear to be — Word documents or spreadsheets or other routine things — and contain programs that piggyback on the targeted user’s level of access to the network. These programs then download malware which gives the attackers further access. This all happens in an automated way, but soon after, live attackers log in to the system to dig through what they can find, copy what they can, and make a getaway — though they often leave the doors unlocked so they can come back for repeat visits.
Alperovitch notes — correctly, to my mind — that the phrase has been picked up and overused by the marketing departments of numerous security companies. His larger point is that too often those attacked in this way refuse to come forward and disclose what they’ve learned, thereby allowing the danger to continue for everyone else.
Alperovitch says that the data taken in Operation Shady RAT adds up to several petabytes worth of information. It’s not clear how it has been used. But, as he says, “If even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team’s playbook), the loss represents a massive economic threat not just to individual companies and industries but to entire countries that face the prospect of decreased economic growth.” It’s also bad for a target’s national security, because defense contractors dealing in sensitive military matters are often the targets. The best thing that can happen is that victims start talking about their attacks and sharing information with each other so that everyone can be ready for the next one, which is surely coming.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Watcher v1.5.3

Posted by Avik Sarkar On 8/04/2011 01:21:00 am


Watcher is a run time passive-analysis tool for HTTP-based Web applications. Being passive means it won’t damage production systems, it’s completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as operational configuration issues. Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads (potential XSS), cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer leaks, information disclosure, Unicode, and more.

This is The Official Change Log:-

X-Frame-Options check now checks every page, unique to path, ignoring query.
So, this release improvees performance of the X-Frame-Options HTTP response header.

To download Watcher v1.5.3 (WatcherSetup.exe) here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NSA (National Security Agency) is Searching For Good Hackers

Posted by Avik Sarkar On 8/03/2011 05:31:00 pm

 
The National Security Agency has a challenge for hackers who think they’re hot stuff: Prove it by working on the “hardest problems on Earth.”
Computer hacker skills are in great demand in the U.S. government to fight the cyberwars that pose a growing national security threat — and they are in short supply.

For that reason an alphabet soup of federal agencies — DOD, DHS, NASA, NSA — are descending on Las Vegas this week for Defcon, an annual hacker convention where the $150 entrance fee is cash only — no registration, no credit cards, no names taken. Attendance is expected to top 10,000.
The NSA is among the keen suitors. The spy agency plays offence and defence in the cyberwars. It conducts electronic eavesdropping on adversaries, and it protects U.S. computer networks that hold super-secret material — a prime target for America’s enemies.

“Today it’s cyberwarriors that we’re looking for, not rocket scientists,” said Richard “Dickie” George, technical director of the NSA’s Information Assurance Directorate, the agency’s cyber-defense side.

“That’s the race that we’re in today. And we need the best and brightest to be ready to take on this cyberwarrior status,” he told Reuters in an interview.
The NSA is hiring about 1,500 people in the fiscal year, which ends Sept. 30, and another 1,500 next year, most of them cybersecurity experts. With a workforce of about 30,000, the Fort Meade-based NSA dwarfs other intelligence agencies, including the CIA.
It also engages in cyber-spying and other offensive operations, something it rarely, if ever, discusses publicly.
But at Defcon, the NSA and other “Feds” will be competing with corporations looking for hacking talent.
The NSA needs cybersecurity experts to harden networks, defend them with updates, do “penetration testing” to find security holes and watch for signs of cyberattacks.
The NSA is expanding its fold of hackers, but George said there is a shortage of those skills. “We are straining to hire the people that we need.”

It might seem to be an odd-couple fit — strait-laced government types with their rules and missions trying to recruit hackers who by definition want to defy authorities.
George said the NSA is an environment where the hacker mind-set fits with “a critical mass of people that are just like them.”
But what about culture rifts?
“When I walk down the hall there are people that I see every day and I never know what color their hair’s going to be,” George said. “And it’s a bonus if they’re wearing shoes. We’ve been in some sense a collection of geeks for a long, long time.”
The agency has long been known for its brilliant, but sometimes eccentric, mathematicians and linguists.
Jeff Moss, a hacker known as Dark Tangent, knows something about bridging the two worlds. He founded Defcon and the companion Black Hat conference for security professionals and is now a member of the Department of Homeland Security’s Advisory Council, which advises the government on cybersecurity.
“They need people with the hacker skill set, hacker mind-set. It’s not like you go to a hacker university and get blessed with a badge that says you’re a hacker. It’s a self-appointed label — you think like one or you don’t,” Moss told Reuters.

-News Source (Washington Post)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Personal Details of Sun Newspaper Readers Hacked

Posted by Avik Sarkar On 8/03/2011 05:24:00 pm

 
Personal details of Sun newspaper readers - including Miss Scotland applicants - have been stolen by hackers in the latest online security breach.
Britain's biggest selling daily has sent out e-mails warning that information, including addresses, dates of birth and phone numbers, have been accessed. But it added: "No financial or password information was compromised."
News Group Newspapers, which also published the News of the World until it closed last month, said the breach took place on 18 to 19 July, at about the time hackers created a link from the Sun's website to a spoof page that said company owner Rupert Murdoch had been found dead in his garden.
Hacking group LulzSec claimed to be behind that breach but has been silent since alleged spokesman Jake Davis, 18, from Shetland, was arrested on 28 July. Davis faces a string of charges relating to the hacking of organizations such as Sony, the CIA and the UK's Serious Organised Crime Agency, allegedly carried out by LulzSec and another group, Anonymous.
However, a Twitter user, Batteye, has claimed responsibility for taking the Sun readers' details, denied being part of either LulzSec or Anonymous and said the theft took place before 18 July.
Some of the information, including a Scottish students' poll and biographies of Miss Scotland applicants, then appeared on the website Pastebin.
One Miss Scotland entrant said: "I'm not happy at all. I'm kind of worried - because that's everything about me.

"(This data] should have been locked up. This was last year's, so they didn't need to keep my details."
The Batteye post said it was an attempt to expose those who could not be trusted with personal information.

The statement on Pastebin said: "We will begin today by presenting to you various files obtained from the Sun, a company within the News Corp group.
"We will continue, then, by exposing the world for what it is; a less than perfect place where we cannot trust those who we ask to protect our information."
 
On Twitter, Batteye posted a message saying: "OK - Anon and @lulzsec may have carried out their own attack, with defacements, emails, and whatnot. This is different."

The hacking of the Sun's website follows hacking by sister newspaper the News of the World of celebrities, politicians, war widows and victims of crime, including murdered schoolgirl Milly Dowler.
The so-called "hacktivist" code deployed by the likes of LulzSec, combines mischief-making or irony with the aggressive targeting of corporations or large organizations they believe are guilty of wrongdoing.

-News Source (Scotsman)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

XSS Vulnerability Found On HP (Hewlett Packard ) By Mohit Pande

Posted by Avik Sarkar On 8/03/2011 05:05:00 am

Non persistent XSS Vulnerability Found On HP (Hewlett Packard ) By Mohit Pande Aka Toshu


Vulnerable Website:-

Vulnerable Link:-

 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

G.NA’s Official Twitter Account Hacked

Posted by Avik Sarkar On 8/03/2011 04:53:00 am

 
Fans were surprised to see that G.NA’s official Twitter account was hacked by a spam bot.
In the early morning, a spam tweet was posted on her Twitter with instructions on how to make $470 USD.  Since G.NA was preparing for her comeback in the practice room, she didn’t discover what happened until much later. 
She quickly tweeted, 
 
“I was hacked. No!”
 
Cube Entertainment said, “It seems her account was either hacked or her password was leaked. Twitter is a form of communication between singers and their fans, so this issue has taken us by surprise.”
 
Now that her Twitter seems more secure, G.NA can refocus on her comeback, scheduled for next mont

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

PayPal Sent 1,000 IP Addresses List of Anonymous to FBI

Posted by Avik Sarkar On 8/03/2011 04:48:00 am


In cooperation with the FBI, PayPal sent them a list of about 1,000 IP addresses that carried malicious code during Anonymous' attacks on it last year, which helped agents target specific people in recent raids that led to 16 arrests.
An affidavit filed by Special Agent Chris Thompson reveals that PayPal worked closely with the feds to nail down those responsible for the attacks on it, from the time the attacks started to about a week later, when PayPal found warnings about the FBI sweeps circulating amongst participants in the attacks.  
As early as December, FBI agents had been in contact with Dave Weisman, PayPal's senior manager of its Electronic Crimes and Threat Intelligence Unit. They shared a conference call two days after PayPal was hit with a distributed denial of service (DDos) attack in retaliation for suspending donations  to WikiLeaks through its PayPal account. PayPal reported several attacks to the FBI that occurred between Dec. 6 and 10.
On Dec.15, PayPal provided agents with a thumb drive that contained "logs and report detailing information regarding approximately 1,000 IP addresses that sent malicious network packets to PayPal during the DDoS attacks."
The 1,000 IP addresses were derived from logs created by a PayPal-owned Radware device that records the attackers' IP addresses and the malicious signature it's programmed to recognize. According to the affidavit, a senior security engineer at eBay identified the specific set of strings being used in the attacks, and found only half a dozen variations, leading investigators to be able to pinpoint the patterns of the infiltration.
The IP addresses captured by PayPal were able to be linked to specific premises through subpoenas served upon AT&T and other Internet Service Providers. One of the 1,000 IP addresses given to the FBI by PayPal sent more than 3,600 "malicious network packets" to PayPal between Dec. 8 and 9. A federal grand jury subpoena was served on AT&T on Jan. 6, which AT&T complied with a response on Jan. 18, which led to Valori S. Reid and Peter B. Reid, and their 19-year-old son Ethan, in Arlington, Texas. 
The Reids weren't arrested, but their home was the site of one of 35 search warrants executed by the FBI in relation to the Anonymous investigation. 

Here is a screen shots or warning for every suspects who might have been involved in that operation:-  


-News Source (NBC)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search