'The Secret Files'- Hackers Exposed Personal Details of Celebrities, Public Figure, FBI Director & National Leaders

'The Secret Files'- Hackers Exposed Personal Details of Celebrities, Public Figure, FBI Director & National Leaders 

Yet again celebrities fallen victim to cyber attack, no this time not the nude photo but confidential personal information. Renowned public figure, national leaders, celebrities like Kim Kardashian, US Vice President Joe Biden, Hillary Clinton, Mel Gibson, Michelle Obama, Ashton Kutcher, Jay Z, Beyoncé, Paris Hilton, Britney Spears, Sarah Palin, Hulk Hogan, Donald Trump and Arnold Schwarzenegger together became prey. The list does not end here, the hacker catches two more big fishes in his net and they are head of the Los Angeles police force Charlie Beck and FBI Director Robert Mueller. Many of you might be astonished of how such big public figure, including Vice President, FBI Director became victim in single round of cyber attack! Let me tell you what exactly happened- the hacked data dubbed "The Secret Files" by the hackers contains personal information and credit reports (including social security numbers, details of their mortgages, addresses, and details of their credit card and banking details) was made public by those hackers on a new website, as shown in the picture below. 

The hacker left a message or in other word a satire while saying "The Secret Files - If you believe that God makes miracles, you have to wonder if Satan has a few up his sleeve." Such hack, is very rare, where numbers of big fish get caught. The nature of this hack can be categorized as a clear identity theft. But the question is how? Well the answer is some of the United States' top credit bureaus have come forward and acknowledged that fraudulent and unauthorized access to the records of well-known figures have taken place. Most of the reports were apparently obtained from one of the three major U.S. credit ratings agencies Equifax, TransUnion and Experian — via a special Internet portal they maintain for the public to check their own credit ratings. All three companies have said that some of their reports had been fraudulently accessed since Monday by someone using personal data about the victims. Security experts said that suggests the attack is a “social hack” rather than a classic cyber security data breach. 

-Source (Sophos & WT)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">'The Secret Files'- Hackers Exposed Personal Details of Celebrities, Public Figure, FBI Director & National Leaders"https://www.voiceofgreyhat.com/2013/03/The-Secret-Files-Mega-hack-of-celebrities.html</a>

President of Philippines Official Website Hacked By Anonymous

President of Philippines Official Website Hacked By Anonymous in Protest of "Sabah Issue"

After remaining silent for a certain period, the infamous hacker collective group Anonymous strikes again. As you all might know that normally this group targets high profile websites like government organization, federal authorities, defense, ministry and other giant organization. This time also the same strategy get repeated, as the hacker group targeted the official website of the President of Philippines. During this cyber attack the hacker group has breached the security system and managed to get access in side the website, and as expected they defaced the index page. In the news section of the website the hacker group calling them selves "Anonymous Philippines"; affiliated to one of the worlds most dangerous and largest hackers community going by the name "Anonymous";  left message for the President Benigno Aquino III. From the message left by the hacker, we came to know that the hacking was a part of protest against the Aquino administration’s mishandling of  the crisis in "Sabah issue" 

Message of Anonymous Philippines:- 

“Greetings, President Aquino! We have watched how you signed into law a bill that endangers and tramples upon the netizens’ freedom of speech and expression. Now, we are silent witnesses as to how you are mishandling the Sabah issue. We did not engage the Malaysian hackers who invaded our cyberspace since we expected you to appropriately and judiciously act on the same, but you failed us.

“You did nothing while our fellow brothers are being butchered by the Malaysian forces, and while our women and children become subject of human rights abuses. If you can’t act on the issue as the Philippine President, at least do something as a fellow Filipino. We are watching.” 

As soon as this hack get spotted, the Philippine government took immediate step while closing the backdoor and removing the deface page. After an hour of maintenance the website get restored and came back in proper manner. Later in-front of press the Philippine government acknowledged the issue. In the official statement the Communications Secretary of Philippine Sonny Coloma said -“At around 1:30 a.m. today, we detected a breach when an errant sentence critical of the government on the Sabah issue was found to have been inserted in one of the news items within the website.” Coloma did assure the public that the site will be up and running “in a few hours.” 

“We expect to resume public display of the President's website in a few hours after needed protection measures have been put in place,” Coloma said, adding that the site was not compromised in any other way. “No further intrusions were made as the internal security protocols were activated,” he said. 

While covering the hack of President site, we must give you reminder that, this hack is not the first one, earlier half dozen of major government website of Philippine was targeted by the same hacker group, even in this year the official website of Senator Vicente C. Sotto III get hacked and defaced by Anonymous Philippines for the protest of "Cybercrime Prevention Act" 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">President of Philippines Official Website Hacked By Anonymous"https://www.voiceofgreyhat.com/2013/03/President-of-Philippine-hacked-by-Anonymous.html</a>

'Kali Linux' The Most Advanced & Stable Penetration Testing Distribution

From The Makers of BackTrack We Got 'Kali Linux' The Most Advanced & Stable Penetration Testing Distribution 

Fans of world famous penetration testing distribution 'BackTrack' can now taste another flavor as the developer at BackTrack and Offensive Security has introduced a new Linux distribution targets enterprise security, offering a suite of helpful tools for rigorous testing calling it "Kali Linux." In the official release note Offensive-Security claimed that Kali Linux is the most advanced, robust, and stable penetration testing distribution to date. From that note we also came to know that this new distribution is a product of seven years long knowledge and experience which make Kali Linux the “next generation” penetration testing distribution. Now lets look at the main features of Kali Linux at a glance: 

Kali Linux Features:-

Kali is a complete re-build of BackTrack Linux, adhering completely to Debian development standards. All-new infrastructure has been put in place, all tools were reviewed and packaged, and we use Git for our VCS.

• More than 300 penetration testing tools: After reviewing every tool that was included in BackTrack, we eliminated a great number of tools that either did not work or had other tools available that provided similar functionality.
• Free and always will be: Kali Linux, like its predecessor, is completely free and always will be. You will never, ever have to pay for Kali Linux.
• Open source Git tree: We are huge proponents of open source software and ourdevelopment tree is available for all to see and all sources are available for those who wish to tweak and rebuild packages.
• FHS compliant: Kali has been developed to adhere to the Filesystem Hierarchy Standard, allowing all Linux users to easily locate binaries, support files, libraries, etc.
• Vast wireless device support: We have built Kali Linux to support as many wireless devices as we possibly can, allowing it to run properly on a wide variety of hardware and making it compatible with numerous USB and other wireless devices.
• Custom kernel patched for injection: As penetration testers, the development team often needs to do wireless assessments so our kernel has the latest injection patches included.
• Secure development environment: The Kali Linux team is made up of a small group of trusted individuals who can only commit packages and interact with the repositories while using multiple secure protocols.
• GPG signed packages and repos: All Kali packages are signed by each individual developer when they are built and committed and the repositories subsequently sign the packages as well.
• Multi-language: Although pentesting tools tend to be written in English, we have ensured that Kali has true multilingual support, allowing more users to operate in their native language and locate the tools they need for the job.
• Completely customizable: We completely understand that not everyone will agree with our design decisions so we have made it as easy as possible for our more adventurous users tocustomize Kali Linux to their liking, all the way down to the kernel.
• ARMEL and ARMHF support: Since ARM-based systems are becoming more and more prevalent and inexpensive, we knew that Kali’s ARM support would need to be as robust as we could manage, resulting in working installations for both ARMEL and ARMHF systems. Kali Linux has ARM repositories integrated with the mainline distribution so tools for ARM will be updated in conjunction with the rest of the distribution. Kali is currently available for the following ARM devices:
• rk3306 mk/ss808
• Raspberry Pi
• ODROID U2/X2
• Samsung Chromebook

Kali is specifically tailored to penetration testing and therefore, all documentation on this site assumes prior knowledge of the Linux operating system. For more information, I would like to request you to visit the official website of Kali Linux. 

To Download Kali Linux (.iso, VMWare Image, Samsung Chromebook ARM, Odroid U2, Raspberry Pi & rk3306 mk/ss808) Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">'Kali Linux' The Most Advanced & Stable Penetration Testing Distribution"https://www.voiceofgreyhat.com/2013/03/KaliLinux-Most-Advanced-Pen-Testing-Distribution.html</a>

Aaron Swartz Will be Honored With Posthumous 'Freedom of Information' Award

Aaron Swartz Will be Honored With Posthumous 'Freedom of Information' Award 

Well-known Internet activist and Reddit co-founder Aaron Swartz who committed suicide earlier this year causing a havoc temblor in the cyber domain. The reason behind his suicide was mainly disgrace, for which he would face a trail for an alleged cyber crime counts for downloading and publishing roughly 4 million academic journal articles from the database JSTOR. Before the day of his court trial; Swartz, a political activist and computer programmer, reportedly hanged himself last week in his Brooklyn apartment. After this mishap a massive protest came from several part of the world which really arises question against the law and order and the justice system. Along with this, the name of Swartz have been linked with many controversies like being linked with WikiLeaks and so on. What ever, today the entire world of activists will be pleased after hearing that Aaron Swartz is slated to receive posthumous recognition in Washington for his efforts promoting free access to taxpayer-funded research. The James Madison Freedom of Information Award is administered by the American Library Association, and recognizes "individuals who have championed, protected and promoted public access to government information and the public’s right to know national information." The award will be presented by Rep. Zoe Lofgren (D-CA), a strong advocate for digital rights in Congress who rallied in support of Swartz shortly after his suicide in January. Swartz had faced charges under the decades-old Computer Fraud and Abuse Act for downloading a large amount of academic research articles from the JSTOR database at MIT. But despite MIT dropping its own charges, the government pursued a criminal case against Swartz which some evidence suggests was politically motivated and subject to prosecutorial overreach. 

Lofgren, a Democratic congresswoman who represents Silicon Valley, will present the award to his family during a ceremony at Newseum's Knight Conference Center in Washington, D.C. Lofgren, who received the award last year for her efforts to ensure public access to government information, has introduced legislation to reform computer fraud laws linked to his death. The award will be accepted by Swartz's family this Friday at the Newseum in Washington, DC. 

-Source (The Verge & Cnet)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Aaron Swartz Will be Honored With Posthumous 'Freedom of Information' Award"https://www.voiceofgreyhat.com/2013/03/AaronSwartz-to-receive-Freedom-of-Information-award.html</a>

White House Calls China to Stop Hacking & Cyber Espionage Against U.S.

White House Calls China to Stop Hacking & Cyber Espionage Against U.S.

The story of cyber espionage by Chinese hackers used to remain on the spot light due to its consistency, but now the situation get nasty and takes a new way as the national security adviser of U.S. President Obama directly pointed his finger to China. Many of our readers might take this issue lightly as earlier China has been blamed for engaging cyber attacks against different countries for many times. But this time there is a twist as the U.S. government vows to take the issue in a very serious manner. In his speech the national security advisory Tom Donilon said that "The international community cannot afford to tolerate such activity from any country," Like earlier China has denied any type of involvement and condemned the report for lack of hard evidence. But this time such reaction will not at all be entertained as the president said in the State of the Union, "we will take action to protect our economy against cyberthreats." The above two statements can be taken in both friendly warning or also in a serious threat. The White House already warned China to end the campaign of cyber espionage against U.S. companies, saying in its toughest language yet on the issue that the hacking activity threatens to derail efforts to build stronger ties between the two countries. 

Donilon did not directly accuse the Chinese government of launching the attacks on U.S. computer systems, only noting that the attacks are coming from inside the country. "Increasingly, U.S. businesses are speaking out about their serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyber intrusions emanating from China on an unprecedented scale," he said. Another important message came from the Obama administration saying United States “will not accept North Korea as a nuclear state” and called on Chinese leaders to get serious about cracking down on cyber-related crimes. 

While covering this story we would like to remind you that couple of weeks ago Chinese officials issued a same complain against United States where they blamed U.S. for engaging massive cyber attacks against Chinese military and defense system. If you look at the story of major cyber attacks of last few days we will find that the name of China has been involved several times for engaging cyber attacks against several high profile websites and organization of U.S. including New York Times, Twitter, NBC and so on. And if you refresh our memory then then we will find the scenario of big cyber attack and espionage by Chinese hackers have been spotted several times. In 2012 Chinese hackers had  breached Telvent's corporate network & gained control of US Power Grid. Also in the middle of last year, we have seen that Chinese hackers have broken into Indian Navy's Computer System & stolen sensitive data. Few months before this hack, Tokyo based computer security firm Trend Micro confirmed that Chinese hackers were responsible for biggest cyber-espionage in India, Japan & Tibet. Also the director of National Security Agency (NSA) General Keith Alexander confirmed that hackers from China was responsible for the serious attack on one of the leading IT security & cyber security company RSA. Also in 2011 China was responsible behind the attack on US Chamber of Commerce, Satellite System of U.S, Nortel Network & so on.  But few days ago National Computer Network Emergency Response Coordination Center of China (CNCERT/CC), China's primary computer security monitoring network claimed that China fallen victim of one of biggest cyber attacks originated from US, Japan & South Korea. We must have to say that this statement is truly irrelevant. Cyber crime investigator have found that China was directly responsible for the hack into Japan's Biggest Defense Contractor Mitsubishi, Japan Aerospace Exploration Agency (JAXA) & Parliament of Japan. In case of South Korea  more than 13 Million of MapleStory players data has been stolen, there also hackers from China was responsible. 

-Source (The Hill, Cnet & WT)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">White House Calls China to Stop Hacking & Cyber Espionage Against U.S."https://www.voiceofgreyhat.com/2013/03/WhiteHouse-Calls-China-to-Stop-Hacking.html</a>

Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned

Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned Only Safari Survived 

Couple of months ago we have talked about 'Pwn2Own 2013' hacking contest sponsored by HP TippingPoint, ZDI and Google where the most famous and widely used browsers have to face challenges. Now the result of this long awaited security competition has came which is showing that the entire browser security landscape can change in a single day, as browsers thought to be secure are proven to be otherwise. Of the Big Four browsers, only Apple's Safari has so far survived the onslaught of the browser-breakers where Chrome, Internet Explorer 10 and Firefox all fell to the mercy of the hackers. Not only browsers but also three other popular applications that is Adobe Reader, Flash Player and yet again Java fallen victim to hackers at 'Pwn2Own'. And for Java it was a true disaster as Java fell three times, though under the contest rules, only the first attacker was due to win the $20,000 prize. Vupen, a renowned security research firm based in France, cracked both Firefox and Internet Explorer. It roughly explained the attack in a tweet, “We’ve pwned Firefox using a use-after-free and a brand new technique to bypass ASLR/DEP on Win7 without the need of any ROP.” This bug hint leads them winning $100,000 for finding a huge hole. Again in a tweet, Security firm Vupen explained “We’ve pwned MS Surface Pro with two IE10 zero-days to achieve a full Windows 8 compromise with sandbox bypass.” Lastly, U.K.-based security firm MWR Labs cracked Chrome and also gained full control of the operating system, this time Windows 7. It also “demonstrated a full sandbox bypass exploit.” The company explained in a blog post that it found a zero-day in Chrome “running on a modern Windows-based laptop.” It was able to exploit the vulnerability by performing a very similar attack to what took down Facebook, Microsoft, and a number of other well-known companies: It had the laptop visit a malicious website. 

Now lets take look at the final score board of Pwn2Own 2013:

Wednesday:
1:30 - Java (James Forshaw) PWNED
2:30 - Java (Joshua Drake) PWNED
3:30 - IE 10 (VUPEN Security) PWNED
4:30 - Chrome (Nils & Jon) PWNED
5:30 - Firefox (VUPEN Security) PWNED
5:31 - Java (VUPEN Security) PWNED

Thursday:
12pm - Flash (VUPEN Security) PWNED
1pm - Adobe Reader (George Hotz) PWNED
2pm - Java (Ben Murphy via proxy) PWNED

The total damage to the prize fund comes out at a whopping $480k. With HP's announcement that everyone will get paid for each attack, the prize monies will be divvied up as follows:-

1. James Forshaw: Java = $20K
2. Joshua Drake: Java = $20k
3. VUPEN Security: IE10 + Firefox + Java + Flash = $250k
4. Nils & Jon: Chrome = $100k
5. George Hotz: Adobe Reader = $70k
6. Ben Murphy: Java = $20k

As you all know that the main motive of these contest is to make applications, software more safe and secure while figuring out hidden vulnerabilities  Here also for Pwn2Own the security holes figured out by the above experts have already been submitted and taken carefully by those organization  along with that, the expected patch for the browsers have already been released. Those who are still using the older version of those above applications are requested to update their system. So, stay tuned with VOGH and be safe on the Internet. 

-Source (HP, Naked Security) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned"https://www.voiceofgreyhat.com/2013/03/Pwn2Own-2013-Result.html</a>

Gang of Cyber Criminals Arrested For Stealing $7 Million From Exchange Companies in Dubai

Gang of Cyber Criminals Arrested For Stealing $7 Million From Exchange Companies in Dubai 

Yet again another infamous gang of cyber criminals who were behind the hack of more than $7 Million from exchange companies in Dubai get busted by the Dubai Police. The special Criminal Investigation Department (CID) of Dubai Police were behind these criminals for a long time, and after a certain period they successfully managed to track down and crack the cyber crime ring. Major General Khamis Matter Al Mazeina, acting chief of Dubai Police, said on last Sunday that a gang of Asians and Africans work with hackers in order to enter different websites and systems of different companies here in Dubai in order to transfer money inside and outside the country. “Cheques worth more than Dh6 billion have been found with the gang after their arrest,” he said. He also said that the gang was able to transfer more than Dh7 million from exchange companies in Dubai to their own accounts. From an exclusive report of Gulf News we came to know that the deputy director of the General Department of Criminal and Investigation for research, Colonel Salem Khalifa Al Rumaithi said the incident happened early this month when police received complaints about a scam and transfer of $2 million from a company’s account. “This was done through hacking the e-mails of this company by someone outside the UAE,” he said.

He said the hackers used to change the data of the transactions, billing, and then transfer the money into their accounts.

He said the first accused, an Asian identified as Kh. Q., used to receive the transferred funds. “He owns three luxury cars which he bought from the proceeds of such crimes,” he said. 

He said the role of the second suspect, another Asian identified as U.K., was to provide the gang with bank account numbers by creating fake companies on the internet and dealing with the victims’ accounts. “After the process of converting the money credited to the first accused U.K. used to take 3 per cent of the money and give the remaining to an African man who was the mastermind. According to Lt Colonel Saeed Al Hajeri, director of the electronic investigation department, the third suspect was identified as D.Q. from Africa.

“The role of this suspect was as a mediator between the gang members and manipulating the business processes and changing the bank accounts to any other account,” he said. The suspect admitted that he was part of the Dh4 billion scam and another Dh6 million scam.

Lt Col Al Hajeri said Dubai Police had taken the necessary measures to obtain sufficient information from the rest of the gang members who operate outside the country in African countries through Interpol. Brigadier Khalil Ebrahim Al Mansouri, director of CID, said the police team worked on arresting the gang quickly.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Gang of Cyber Criminals Arrested For Stealing $7 Million From Exchange Companies in Dubai"https://www.voiceofgreyhat.com/2013/03/Cybercriminals-Arrested-For-Stealing-7Million.html</a>