07/31/2012

European mails hacked : what a very strange story about irresponsable securityresearchers

I am now reading the Bloomberg story and things now get enormously weird if they are exactly wording what happened or how the specialists described it (journalists can be creative in rephrasing what you have said)

Fact 1

"The hackers clocked in at precisely 9:23 a.m. Brussels time on July 18 last year, and set to their task. In just 14 minutes of quick keyboard work, they scooped up the e-mails of the president of the European Union Council, Herman Van Rompuy, Europe’s point man for shepherding the delicate politics of the bailout for Greece, according to a computer record of the hackers’ activity."

so, if one can hack in 14 minutes a mailserver would you call that safe enough to host the emails of the highest officials of the European Union ? No double authentification and probably no penetration test which would have showed the vulnerabilities that the hackers have found.

Fact 2

"Observed for years by U.S. intelligence, which dubbed it Byzantine Candor, the team of hackers also is known in security circles as the Comment group for its trademark of infiltrating computers using hidden webpage computer code known as “comments.”

and they didn't warn the Security officers of the European presidency the first time they accessed the mailbox of the European President if they were watching this the first time ? What were they thinking ? Cool, that will make some international press, let's see what they can do more ? Where is your loyalty and responsability ? Did you ever think of the consequences this could have ? Even if the servers were not well protected, that doesn't give you a reason to not report. If this was a real crime, you would even be open for prosecution for non-assistance !!!! I am sure that you would hurry to the phone to warn the DHS if it were the American President.

Fact 3

"Exploiting a hole in the hackers’ security, the researchers created a digital diary, logging the intruders’ every move as they crept into networks, shut off anti-virus systems, camouflaged themselves as system administrators and covered their tracks, making them almost immune to detection by their victims."

So they had a hole and they kept it all to themselves to make some publicity for themselves while it is the secret service and the national cyberdefense organisations (too many to list) who should be 'in' on it.

It is too late to come clean now, you should have gone to the police with this and helped them with following them and trying to protect their past targets and all of this .... could have been done without leaving trails also. Or don't you think that your and our police aren't capable of such operations and that you are that much better, that you are the saviors of the planet and that everything depends on the chosen few ?

Conclusion

I know you won't read a comment like this while everybody is screaming defense, scandal, attack them

but let us ask the other question, if there is a fire, do you stand by and take pictures or do you help the firemen ?

Permalink | |  Print |  Facebook | | | | Pin it! |

#Anonymous attacks Australian gov and ISP (files and how they did it)

https://twitter.com/#!/search/%2523OpAustralia?q=%2523OpA...

Anonymous has since the new data interception laws that are being discussed in Australia attacking Governmental websites and an ISP AAPT.

In total there has been 40GB of data that has been 'looted' of which about 1.3 customer data of the ISP (more about that later). There has been no dumps, but clean releases in which there is for example no financial data (even if that data is present and is now in the hands of 'anonymous' outsiders and should be considered as unsafe and to be changed).

the files are disappearing from pastebin and the net but re-appearing on Anonymous websites like here

http://par-anoia.net/assessment/au/

http://par-anoia.net/assessment/au/aapt/

and the really interesting file is this one

"Anyway, so far can present 27mb of compressed data, but most importantly we want to direct your attention to the file dsdweb-tracking.mdb. This file gives us some insights on how the Australian government was monitoring its citizens activity. Let us explain what you see here:

 

			
HitDate|SearchID|PageTitle|PageType|MemberID|FirstName|Surname|Organisation|Email|Classification|Postcode|Region|Browser|IPAddress|HttpReferer
 
4/11/2001|9:41:32 AM|538|Regional Development|17|2|Jenny|Rogan|Jenny.Rogan@sd.qld.gov.au|5|4000|2|Mozilla/4.0 (compatible; MSIE 5.01; Windows NT)|172.21.4.199 

 

These lines show what the Australian government is interested in and what they are tracking. The data below was reformatted but you can view the complete database dsdweb-tracking.mdb in the archive (not linking to direct file since it is 200mb).

 

Tracking Fields:

 

			
HitDate - The date the specific Search was initiated
SearchID- The ID of the search
PageTitle- The title of the page that was searched
PageType- They have their own categories of the logging software
MemberID- 
Firstname
Surname
Oragnization
Email
Classification- They classify with their own systems
Postal Code
Region
Browswer- What browser they were using
IPAddress - IP address of the user
HttpReferer - Referer-URL (Previous website, where it was linked from)

http://par-anoia.net/queensland/index.html#recent"

well, there is more to come they promise

oh, and the best I have kept for the last, how did they do it

The government servers was the easiest part, a simple LFI bypass of the authentification

The ISP AAPT was breached with a Cold Fusion exploit that was known but the ISP said they had forgotten about the server .....

need I say more ?

if you can expect them, you should prepare for them and not keep your gates closed but the holes in your wall unfixed

Permalink | |  Print |  Facebook | | | | Pin it! |

this is the business case for increased security investments

Global Payments, which back in the spring reported a data breach in which information associated with an estimated 1.4 million payment cards was stolen, has revealed that expenses associated with investigations, fines and remediation has hit $84.4 million.
http://www.infoworld.com/d/security/global-payments-data-...

and that is without the reputation damage and the loss of business or possible business

Permalink | |  Print |  Facebook | | | | Pin it! |

Your new Anonymous Press Card (free for everyone Anonymous)

Permalink | |  Print |  Facebook | | | | Pin it! |

why Blackberry is the most secure phone (and you should have one if you want some secure communications)

source http://www.csoonline.com/article/print/696493

it means that if you have Android you will have to install other security apps to increase the security.

That it is still not advisable to jailbreak an Apple.

Permalink | |  Print |  Facebook | | | | Pin it! |

Marketeers in South Korea bought millions of hacked stolen data of Korea Telecom

Authorities in South Korea have arrested two computer programmers suspected of hacking into Korea Telecom's customer database and stealing personal information on approximately 8.7 million mobile subscribers. According to the provider, these data included user names, telephone numbers, and resident registration numbers. Police are also investigating seven other suspects accused of selling this information to telemarketers, as part of an operation that began in February.

 

As the Korea Times reports, authorities believe the hackers made at least $877,000 from selling this information to marketers, who purportedly used it to contact customers whose contracts were about to expire, as well as those deemed likely to switch providers. The identities of the two men arrested have not been released, though the Times reports that one is a 40-year-old male whose family name is Choi.
http://www.theverge.com/2012/7/29/3200338/korea-telecom-d...

that is the real title, not that the hackers got arrested

will those who have bought the data now be arrested and punished because if they didn't buy there wouldn't be a market for it, at least a real world market with real businesses

Permalink | |  Print |  Facebook | | | | Pin it! |

meanwhile in #Anaheim

Anaheim

it is not in Syria, but in the US a few kilometer away from Disney Land or world

but while the world is watching the Olympics and trying not to watch Syria although that is difficult

that little city is in 'state of emergency'

quite strange to look at the pics and vids and articles

2 persons shot dead by the police, riots since 5 days and

military with machine guns on the street (no not the beans pistols (very strange pic that)

#anaheim on twitter

an army exercise in crowd control (the city gives the perfect environment)

and as the riots going on and the level of military intervention becomes more apparent and as a consequence the protest go on (and get national) the national interest is increasing and the questions

lots of questions

it is America, not  Syria

the military should not be on the street and the police should protect people, not shoot them while they are arrested and handcuffed

Permalink | |  Print |  Facebook | | | | Pin it! |

Free wifi in the US may be legally totally intercepted - except if you install your routers correctly

The law also has a section protecting certain parts of the wireless spectrum, as defined by Federal Communications Commission rules. But since the law was written, the uses of those parts of the spectrum have changed. Some of the channels on Wi-Fi routers use spectrum that is protected, but some don’t.

 

Different Wi-Fi routers come set to different default channels, but most allow people to change the channel to avoid interference with other nearby routers. According to a literal reading of the law, channel 11 is the only fully protected one. Channels 7 through 10 are partially covered, depending on other technical aspects of the router. And with channels 1 through 6, you’re on your own, Bankston said
http://blogs.wsj.com/digits/2012/07/27/do-you-use-free-wi...

Permalink | |  Print |  Facebook | | | | Pin it! |

interesting new freeware (new encrypted chat from inside the browser)

Cryptocat lets you instantly set up secure conversations. It's an open source encrypted, private alternative to other services such as Facebook chat. 

Messages are encrypted inside your own browser using AES-256. Encrypted data is securely wiped after one hour of inactivity.

Cryptocat also runs as a Tor hidden service (http://xdtfje3c46d2dnjd.onion) and works on your iPhone, Android and BlackBerry.
https://www.crypto.cat

this makes it more easy to use for the masses without having to install tor and consorts

Permalink | |  Print |  Facebook | | | | Pin it! |

07/30/2012

emailaccounts of European officials like Van Rompuy 4 times hacked this year ?

This is another of such kind of investigation which gives you the feeling that you don't know the real story behind - or even can appreciate if it is really true - nor can say anything about the impact of the hacks (if there were 4 such hacks)

first any important emailaccount can be expected to be attacked or hacked, so enabling the best of protection around them and the information in it (or even thinking of using email as a way of sending important information) is just something totally normal (should be)

so the real question that is arising is

how could they hack this emailaccount if one had used double authentification (usb, fingerprint or whatever) and how could have done something useful with the information if that information was encrypted and protected against data leakage

or was there no such protection

and than the question is that such protections should have been put in place and why they weren't, why in the hell somebody thought that the emailaccounts of the most important European leaders in these times of total financial mayhem and with several regional conflicts going on wouldn't be attacked by the best-paid professional hackers and shouldn't have all these protections (supposing that they would be hacked at one point anyway and so the information in it should be protected if it leaves the mailbox).

and than you read that they were attacked not once but 4 times

hu, attacking a mail server 4 times and not going into red alert is something that is really strange, who in the hell did the forensics and decided that it wasn't important

strange world there between the superleaders

Permalink | |  Print |  Facebook | | | | Pin it! |

what do hackers mean with 'only mirror was taken'

so your website was hacked

defaced at first sight

but the message says that a mirror was taken (of the server, of the files, the client data of what)

in fact in that case of everything and you have to presume that it is about everything that will have to worry about

besides the fact that they probably have taken a copy of the total code and customization and that you will have to rebuild everything as new - better even in a totally different environnement

No Worries!!!
Nothing was removed from server!!!
Only Mirror was taken
Kosova Security Group - Crew
[2010-2012]

http://www.dirtyfps.be/

http://www.zone-h.org/mirror/id/18137601


Permalink | |  Print |  Facebook | | | | Pin it! |

website videoconferencing makingithappen.be netconnex.be still hacked

2012/07/25 hacked by khalil bhiri   M   Netherlands   www.netconnex.be/index.htm Win 2008 mirror
2012/07/25 hacked by khalil bhiri   M   Netherlands   divevolution.be/index.htm Win 2008 mirror
2012/07/25 hacked by khalil bhiri   M   Netherlands   makingithappen.be/index.htm Win 2008 mirror

I hope their transaction servers are safer .....

Permalink | |  Print |  Facebook | | | | Pin it! |

regiefonciere.be was hacked

it is back now

but for a while it looked like this

http://www.zone-h.org/mirror/id/18138778

Permalink | |  Print |  Facebook | | | | Pin it! |

official site of Peugeot still on IIS6 asked to be hacked and was hacked

if you are running IIS 6 there is no way you can keep it secure

http://www.zone-h.org/mirror/id/18138514

the problem is you are in Germany so before the FCCU will get their hands on the logs and so on, try to explain that all in ..... german

Permalink | |  Print |  Facebook | | | | Pin it! |

Belgian official sites of Suzuki dealers hacked

2012/07/25 syhmhfz   M   Germany   www.suzuki-leuven.be/index.html Win 2003 mirror
2012/07/25 syhmhfz   M   Germany   www.suzuki-pirmez.be/index.html Win 2003 mirror
2012/07/25 syhmhfz   M   Germany   www.suzuki-verbeeck.be/index.html Win 2003 mirror
2012/07/25 syhmhfz   M   Germany   www.suzuki-mullens.be/index.html Win 2003 mirror
2012/07/25 syhmhfz   M   Germany   www.suzuki-msmotor-houyet.be/i... Win 2003 mirror
2012/07/25 syhmhfz   M   Germany   www.suzuki-msmotor-ciney.be/in... Win 2003 mirror
2012/07/25 syhmhfz   M   Germany   www.suzuki-delfosse.be/index.html Win 2003 mirror
2012/07/25 syhmhfz   M   Germany   www.suzuki-dekoning.be/index.html Win 2003 mirror
2012/07/25 syhmhfz   M   Germany   www.suzuki-dasilva-auto-rallye... Win 2003 mirror
2012/07/25 syhmhfz   M   Germany   www.suzuki-darand.be/index.html Win 2003 mirror
2012/07/25 syhmhfz   M   Germany   www.suzuki-dammemotors.be/inde... Win 2003 mirror
2012/07/25 syhmhfz   M   Germany   www.suzuki-gwijde.be/index.html Win 2003 mirror
2012/07/25 syhmhfz   M   Germany   www.suzuki-gourdin.be/index.html Win 2003 mirror
2012/07/25 syhmhfz   M   Germany   www.suzuki-descamps-menen.be/i... Win 2003 mirror

Permalink | |  Print |  Facebook | | | | Pin it! |

the most often hacked site of Belgium is hacked again ....

2012/07/28 SA3D HaCk3D M R Belgium kust.infometeo.be/x.txt Win 2003 mirror

2012/07/28 SA3D HaCk3D M R Belgium meteokust.be/x.txt Win 2003 mirror
http://www.zone-h.org/archive/filter=1/domain=.be/fulltex...

since 2004 we are watching the .be security

and this server we have seen time after time hacked and hacked again

and even by different attackers

2012/07/26 TOP-TEAM     R Belgium   frankrijk.infometeo.be/ss.txt Win 2003 mirror

if there were awards for that, they would surely win them easily

maybe its security is as good as the summer weather it informs us about

maybe someone was mad as hell :) or bored by the bad weather

Permalink | |  Print |  Facebook | | | | Pin it! |

Belgacom hosting services, some-one is on holiday :) but hackers aren't

Belgacom Web Hosting Services

195.238.2.174/

Coming Soon ... 195.238.2.174.

2012/07/30 ALA3KARI   M   Belgium   www.apo.be/dx.html Win 2003 mirror
2012/07/30 ALA3KARI   M   Belgium   www.giteleniaubois.be/dx.html Win 2003 mirror
2012/07/30 ALA3KARI   M   Belgium   www.henrijacobs.be/dx.html Win 2003 mirror
2012/07/30 ALA3KARI   M   Belgium   www.npm.be/dx.html Win 2003 mirror
2012/07/30 ALA3KARI   M   Belgium   www.gobointernational.be/dx.html Win 2003 mirror
2012/07/30 ALA3KARI   M   Belgium   www.sati.be/dx.html Win 2003 mirror
2012/07/30 ALA3KARI   M   Belgium   www.glacio.be/dx.html Win 2003 mirror
2012/07/30 ALA3KARI   M   Belgium   www.dekeyzer-drinks.be/dx.html Win 2003 mirror
2012/07/30 ALA3KARI   M   Belgium   www.oudimmo.be/dx.html Win 2003 mirror
2012/07/30 ALA3KARI   M   Belgium   www.epic.be/dx.html Win 2003 mirror
2012/07/30 ALA3KARI   M   Belgium   www.sprldurant.be/dx.html Win 2003 mirror
2012/07/30 ALA3KARI   M   Belgium   www.bewima.be/dx.html Win 2003 mirror
2012/07/30 ALA3KARI   M   Belgium   www.moulindubloquia.be/dx.html Win 2003 mirror
2012/07/30 ALA3KARI   M   Belgium   www.schrijnwerkerij-deconinck.... Win 2003 mirror
2012/07/30 ALA3KARI   M   Belgium   www.ocean-voyages.be/dx.html Win 2003 mirror
2012/07/30 ALA3KARI   M   Belgium   www.ctastree.be/dx.html Win 2003 mirror
2012/07/30 ALA3KARI   M   Belgium   www.interieurateljeevoetm.be/d... Win 2003 mirror
2012/07/30 ALA3KARI   M   Belgium   www.policebotha.be/dx.html Win 2003 mirror
2012/07/30 ALA3KARI   M   Belgium   www.bricon.be/dx.html Win 2003 mirror
2012/07/30 ALA3KARI   M   Belgium   www.basnv.be/dx.html Win 2003 mirror
2012/07/30 ALA3KARI   M   Belgium   www.coffez.be/dx.html Win 2003 mirror
2012/07/30 ALA3KARI   M   Belgium   www.blondeel.be/dx.html Win 2003 mirror
2012/07/30 ALA3KARI   M   Belgium   www.domotech.be/dx.html Win 2003 mirror
2012/07/30 ALA3KARI   M   Belgium   www.trianval.be/dx.html Win 2003 mirror
2012/07/30 ALA3KARI   M   Belgium   www.ag-tec.be/dx.html

and more

source zone-h.org

even during holidays you have to monitor all your servers all the time

Permalink | |  Print |  Facebook | | | | Pin it! |

#failsecurity new kids on the #antisec bloc

If you look at their page with their publications of dumps of info

http://pastebin.com/u/FailSecurity

than you can only look quite astonisted

* eset antivirus (but a site in Nepal, which is quite stupid because you can't protect hundreds of websites at the same time, it is better to have one central bunker)

* president of Sri Lanka, Pakistan,...

* some unnamed server of the ONU

* some important administrations somewhere

they are quite international

and gifted

even if the security professionals who got publicly shamed won't agree

but that is what antisec is all about

just like the lulzsec gang, the ugnazi clan and others they will one day or another get arrested

but in tweets it seems as they don't care that much as it is part of their business, their future, their life, their way of being what they are

which makes them more dangerous than those who ckicken out

I don't chicken out because I don't start that kind of stuff because it is not part of my life or my future

Permalink | |  Print |  Facebook | | | | Pin it! |

#antipedo international crackdown on users of the pedo paysites

but you still have to bring the sites themselves down a lot quicker

and this may explain that the most promoted childpornsites are now in ..... Russia

"Fifty police officers across the UK have been arrested as part of a crackdown on suspected paedophiles who pay to access child pornography websites, detectives revealed today.

 

The officers were among 1,300 people arrested on suspicion of accessing or downloading indecent images of children - some as young as five - from US-based Internet sites.

 

Thirty-five men were arrested in London this morning as part of the investigation - codenamed Operation Ore - following raids on 45 addresses across the capital."

Operation Ore is the UK wing of a huge FBI operation which traced 250,000 paedophiles worldwide last year through credit card details used to pay for downloading child porn.

The British government has allocated around 700.000 Euro's to further finance the operation and it is also coordinated with child protection services because there are real kids involved (because their pics were used or because they were abused or because their dads are quite sick in their head and may be a danger to them)

Permalink | |  Print |  Facebook | | | | Pin it! |

the fake NYT editorial about wikileaks raises some other questions

THe NYT offline always said that it publishes everything that is fit to print because it has been researched and gone over twice at least before.

The online edition wants to uphold the same credibility but that is much more difficult and needs more controls because you can't hack a newspaper in paper.

So last week what is since long called 'content hacking' and is the worst nightmare for the newsmedia if they want to keep some credibility online (especially with those permanent virulent newscycles) happened to the biggest example online of the successfull transformation of an offline Newspaper to a succesful online business (if you don't know how to bypass the paywall that is)

but the faker has done all things right

the whois is in the name of the owner of nyt.com   (http://whois.domaintools.com/opinion-nytimes.com) anything different would have immediately risen suspicion (how to do that is a mystery to me)

but the dns servers aren't the same because these are on the ghandi.net servers and the nyt.com servers, but there are many firms who install parts of their servers outside on different infrastructure which leaves naturally a window of opportunity for such hijacking to go unnoticed.

the second part of the operation was to create the webpage in such a manner that it not only looks identical to the NYT but that it behaves like the NYT and is accepted as if it was from the NYT by all additional services on browsers and securityservices and search engines. They were helped with that by the fact that they could copy all the code from the pages which was totally unprotected and unmonitored so the only thing one should do was change the text.

So you have a website that looks like it comes from the NYT and a domainname that looks like it was owned by the NYT. The third thing to do is now to write like the editorialist and the style of the NYT, taking a position that differs a bit from what one should expect, but not too much. In this instance it was defending wikileaks but very carefully worded.

You than launch it on twitter and a bunch of other journalists and ANonymous believe it, retweet it and it becomes the hype of the town untill the person in question tweeted that it was a fake and everybody retweets that it is a good fake.

BUt there is another question looming behind that is becoming even more important with the launch of more than 200 new domeinextensions next year - even if some of them are private (for internal networking reasons).

How in the hell could one sell a domainname with the brandname NYT it without sending a cofirmation mail or alert to the owners or brandmanagers of the brandname.

Because what has been shown here is the perfect example how to set up another phishing site for a government, bank or multinational.

see it for yourself

http://www.opinion-nytimes.com/2012/07/29/opinion/keller-...

Permalink | |  Print |  Facebook | | | | Pin it! |

1 2 3 4 5 6 7 8 Next