• why you should always close the banksite and take your bankcard out of the reader while online banking

    read how they stole 2 million Euro

    the first part shows why you need a good antivirus and why you should never trust emails from banks or so especially with an attachment

    "The victims received emails pretending to be coming from a local bank and state tax authority with a Trojan horse attached. The malware installs the Remote Administration tool that steals victim's e-banking credentials and send it to the cyber criminals. "With stolen credentials and in the case where the victim did not remove the smart card containing the bank-issued certificate from the reader after use, the doors to the company's bank accounts were left open to the criminal gang." SI-CERT's report reads.

    The attackers cleverly planned their attacks to happen on Fridays or the day before national holidays, so that the companies wouldn't immediately notice the theft.


  • belsec reborn : thanks for the visitors

    so there are every month the last months

    * between 15.000 and 25.000 unique visitors

    * who have between 30.000 and 60.000 visits

    * who read between 150.000 and more than 300.000 blogposts

    this makes it all worthwhile off course

    enjoy also the enormous open intelligence links aside the blog

    and help keep the internet a safer place for us and for freedom of speech

  • if you are on that list, you may be asked if you are spy (if you travel for example)

    The hackers in the OPISRAEL campaign claim to have hacked a site from Mossad and to have been able to extract two databases with 35.000 (a wrong number because there are many doubles in it) spies or personnel of Mossad (because in every spy agency you have different kinds of jobs and the less exciting are done by the biggest number of people)

    so if you are on this list

    https://anonfiles.com/file/d9f4c3eaec587f9c97bc8b6c1d91f23b (emailaddresses and two telephone numbers)

    than it maybe that when you travel some-one will follow your travel patterns, if your emailaddress is used with foreign contact that are 'under surveillance' they will be suspected and so on

    this list is not without danger and it is not clear in how far the list is what it is

    in psychological warfare - and cyberwar is psychological warfare in which nothing is what it seems it is - it is  important to double check before to accept things as it is

    at the other side those whose jobs it is to doublecheck that information have now two enormous files to doublecheck against other files and if it is fake they will now fast enough

    meanwhile I think many of those addresses and phone numbers will go dead in the following days - or be targeted with very specific attacks

  • 420.000 linux machines can easily be integrated in a botnet and more lessons from internet survey 2012

    why would you bother with windows machines anymore ? they have all that security and all those antiviruses and securitytools that most linuxboxes don't have 

    the Internet Census 2012 to which we already linked because it amassed 9 terra of data about the infrastructure of the internet (and is the biggest one and probably the last one also because of the legal consequences)is in fact built on the infection of 420.000 LINUX machines with enough ram with 2 very small scripts which were totally hidden and were eliminated once the work was done

    he discovered all these installations with nmap the vulnerability scanner (which is already illegal in Belgium to use against machines that aren't of your own) because they had no or a standard password to log in to

    it is also important to block or stop your telnetservice if you can (in windows you don't really need it anymore - surely not to the outside)

    and what is all the fuss about cyberwar and hacking and security blablabla if even passwords aren't set up

    and as it are linux machines they probably are also servers with websites and webservices making it even more dangerous

    Carna botnet


    "Over the course of three months in mid-2012 we sent approximately 4000 billion service probes, 175 billion of which where reported back and saved"  this shows that half of all probes are responded while it is not always necessary to respond to a probe because you normally had no relationship with those machines before or why respond if the service isn't activated (and even when it is - let them send a real serviceconnection and not a probe)

    you will also find a lot of information because also printers, Apple and other devices were found or used.

    all the information on the number of belgian installations that were found are here http://internetcensus2012.bitbucket.org/tld_overview.html


    I suppose that in those 9 terra you will find enough information to find some of the 420.000 computers are you could add to your botnet (meanwhile you are looking for linuxprogrammers I suppose)

    I think somebody should download the information and seperate it for each country how I am downloading 9 terra is a big question even if it is compressed into 1terra and a half

  • if there is a cyberwar, belgium has a backup center in the UK, really:)

    Adastral Park is BT’s global research and development centre, one of the world’s most pioneering centres of technology and telecommunications.


    Like other visitors to the area, I’ve gazed at the Le Corbusier-designed building and its iconic tower cube rising out of the surrounding flat Suffolk farmland. It announces its modernising mission to passengers staring out of the windows of cars hurtling along the A12 past Ipswich and on to the east coast.


    The site has a rich history of military invention and technical achievement, and is now home to thousands of engineers not just working on the frontier of boffinry but also turning new ideas into practical services.


    BT calls Adastral Park “the home of UK broadband”, and some insiders claim there’s enough high-powered telecoms and computer kit on site to “run Belgium” – which is just a short hop across the North Sea. The park is a place that BT will open up as a science campus and a Suffolk ICT cluster if development plans are approved.

  • protect your ads of thousands of Chameleon botinfected clicking US homecomputors

    A blacklist of 5,000 IP addresses of the worst bots within the Chameleon botnet may be found here.

    pider.io has observed the Chameleon botnet targeting a cluster of at least 202 websites. 14 billion ad impressions are served across these 202 websites per month. The botnet accounts for at least 9 billion of these ad impressions. At least 7 million distinct ad-exchange cookies are associated with the botnet per month. Advertisers are currently paying $0.69 CPM on average to serve display ad impressions to the botnet.

  • the latest from the south korean cyberattack is even more alarming

    By Monday morning things had moved on again with South Korean security software firm AhnLab putting out a release saying hacked corporate patching systems were to blame for the spread of the malware. It said its own security technology was not involved in the distribution of the malware, an apparent reference to the premature and since-discredited theory put up by Fortinet.


    Attackers used stolen user IDs and passwords to launch some of the attacks. The credentials were used to gain access to individual patch management systems located on the affected networks. Once the attackers had access to the patch management system they used it to distribute the malware much like the system distributes new software and software updates. Contrary to early reports, no security hole in any AhnLab server or product was used by the attackers to deliver the malicious code.


    The latest theory suggests hackers first obtained administrator login to a security vendors' patch management server via a targeted attack. Armed with the login information, the hackers then created malware on the PMS server that masqueraded as a normal software update. This fake update file subsequently infected a large number of PCs all at once, deleting a Master Boot Record (MBR) on each Windows PC to prevent it from booting up normally. The malware was designed to activate on March 20 at 14:00 hrs Korea time on the infected PCs, like a time bomb.

    administrator accounts for a patching system - I know many such systems where you have to be in front of the machine to launch the update - there is no way you can access it from outside the firm (this proves my point)

    this is another reason why one should look for double authentification for accounts or for some critical infrastructure

    a time-bomb  wooow 

    the whole reads like a movie because the attack has been executed like a script - never believe that attacks are not related anymore and that the first signs of attack or discovery shouldn't be followed up as if no other stages can follow

  • the belgian police doesn't want content from Microsoft, they want ID information

    so about the Microsoft services it is clear that they are looking for transactional data and about account information

    click to enlarge

    here it is 13% a bit less that can escape identification

    just to be sure, this information is also asked when children or kids disappear, when there are bullying complaints, they have mostly a very good reason to ask for it

  • how many times did the Belgian police get information from Skype in 2012


    the data asked in Skype is conversational data - so the number of accounts is always higher than the number of requests

    one should also note that for 118 accounts or nearly a third no data was found by Skype (which is strange because you have to subscribe to be connected) but probably it means that they can't locate the customer because he is using fake IP addresses, proxies and VPN tunnels or going through Tor

    in total you can say that globally about a fifth of all accounts searched by the police are hidden

  • cyberwar: let's attack China ..... ooops wrong analyses it was an infected server from us

    cyberwar and offensive security in which the attacker is attacked himself (this is interesting in an attackstory - you infect a server and make him to attack a network that uses an offensive security policy - and has announced this in the press because it thought that would turn the attackers away)

    and so the infected host will not only be infected, emptied of data and compromised but it will also be under attack from another big network as a repraisal - eventually through a redirect through a proxy (in which the offensive defender thinks he is attacking a site in China while it is in fact for example a bank in the US)

    well, did you remember the reporting - euh no - echoing of information (wrong or correct, verification is not the job of journalists anymore, they don't have the time for it) about the cyberattack on South Korea (which is an ideal example because of the wardrums in North Korea) ? So what happened.

    It was the North Koreans ..... they didn't know anything

    It was the Chinese ....... it was an IP address in China

    hold your cyberguns

    it was a mistake, the attack was from an infected server in a South Korean bank

    luckily we didn't attack the North Korean or Chinese cyberinstallations because some-one just trusted enough the first reports and didn't let it doublecheck and wait for a final conclusion

    if we talked about nuclear war like that - the first strike and the limited nuclear theater (in Europe) - thousands took to the street to get some sense in that debate

    cyberwar is also a nuclear war because our economy and public services are all constructed around and for the internet - and as an 'modernization' are closing down specific sealed off networks that would continue to function - and they could break down or be interrupted

    so stop talking about cyberwar and talk about cyberpeace and how to accomplish it and to disarm the internet instead of militarizing it

  • even online exercises for schools have injected malwarescripts now


    and there is somewhere an image or a link that is now dangerous because that site is infected

    it means that if you don't need the external links you don't have to place them

    you can for example keep bookmarks in online collections such as diigo.com

    it also means that secure global platforms for all the schools or organisations or services or agencies is one of the most important security-initiatives that one can take because for them it is all about the content and the platform can deliver them secure functionalities

  • so what if volunteers go to Syria, what else if nobody sends in troops and tanks

    Syria is the Spanish civil war all over again in which a dictator supported by two other dictators (Iran and Russia) and by the silence and diplomacy of the democratic countries can kill its population with all the military means at its disposal without any limitation

    even in Bosnia there wasn't so much military might used (even if it was horrible) and in Libya we did intervene when airplanes en tanks were going out to bombard the civilean cities

    and now we are astonished that

    * people have taken up arms to defend and protect themselves instead of demonstrating and waiting to be shot

    * that people are using any weapon the get and that they accept any soldier at their side (even if he has a beard :)) because tomorrow both may be dead anyway, so who cares about the after tomorrow

    * younger and older man are going down to Syria to have the fight of their lives because they think it is the only thing that is left to do because all the other promises mean nothing and why should you sit back and watch every day the daily stream of horrorvideos out of Syria and not trying to do something

    If you want to get any control again over the situation, we should implement the international laws of war and implement a no fly zone and we should arm the rebels with antitank weapons or take the tanks out ourselves

    And if youngsters are fighting over there, there should be three conditions (just as in the Spanish Civil war)

    * first they should be adult and not teenagers

    * they should be able to communicate with the homefront and taking away their phones and papers is not the way to do that and they should be able to come back whenever they want to

    * they should be accepted by the local forces and work for them and with them, under them (and if they aren't wanted anymore they should go home)

    that is a volunteer, all the rest is entrapment and abuse

    there is also a great psychosis about those guys when they will come back after the war (as if it is going to be finished in a few weeks) but that just diverts us from the real question, why are we not doing more to help one million refugees and stop this kind of civil war or give the opposition what it needs to win this

    and if all the men who have fought in wars were to become terrorists, we would have bombs going off all the time all around us and if all the man who were extremists at their 20 held the same believes untill their death democracy would have difficulties to survive

  • Birma is burning and Google exec is on a visit to talk about.... internetfreedom

    oh how we celebrated the new democracy in Birma and the role of the woman that was a dissident and was now going to lead Birma in the new century of democracy and prosperity and how she was overloaded with prizes and visits and probably cash

    where is Aung San Suu Kyi  now ? Last year she refused to take sides in another communal ethnic bloody riot. So much for democracy and human rights

    oh how we wanted the Dalai Lama to be free in a free Tibet and how so many where inspired by his thoughts, writings and his silence

    where is he now ? It are Budhist monks trying to cleanse their towns of those strange muslims.....

    while people - whatever their belief or colour or whatever the reason or the 'understanding' of the underlying conditions and situations and whatever the incidents from whatever side

    this is not acceptable in the new century - so you are not welcome and you should not receive any prizes and should probably give all those you have already received back

    burnt muslim bodies after the riots

    whole villages and parts of cities going up in smoke

    and thugs going round looking to kill somebody because ......

    and while the police stand by, hardly intervening

    people flee as refugees without the protection they need

    passing the burnt bodies in the streets

    oh yes and talking about internetfreedom in Birma is really what you should be doing at this moment, this is really the issue of the moment and the internet will stop all that, at the other hand thanks to the internet and ANonymous on Twitter the topic is trending on Twitter and attention is growing for the situation (although that didn't change a thing yet for Syria)

  • Agoweb.be shows the danger of having links to hacked or infected sites

    so there you are

    you have a website with good traffic and a good reputation

    and you place a link (even if it is cleaned up)

    but that links seems to be infected or hacked at some time

    and your reputation goes to being blocked and indicated as dangerous and so on

    and before you know it your online repuation has gone in the toilet

    as is all your work

    this shows why it is necessary to control all your links (your own and those you link to)

    or even limit the number of clickable links

    it is also clear that the website of the AGOWEB.be was an infection which could have more implications than just some text hacked by Anonymous

  • fake virus blacklisting of belsec.skynetblogs.be (and how to doublecheck)

    oops I was in the list of scumware.org for an html iframe

    so I doublechecked because It could be that a poster inserted something in a comment or that the platform itself was under attack - it is now and than

    but than I doublechecked over and over again and all seems clean

    except for scumware  https://www.virustotal.com/en/url/8daad5a3e18ae3e0583d13bb25876cd4b77c908cc914e14625e963e286817aa2/analysis/1364291403/

    but the analysis showed this

    so the hacking of the agoweb.be the official site of the flemish administration is much worse than thought

    there was an iframe in it that made it dangerous and people could have gotten infected

    but according to

    all scripts seem clean http://wepawet.iseclab.org/view.php?hash=484e9282e0c0fd2a555b4cca6c6dccb3&t=1363260308&type=js

    no files on the blog itself were malicious http://quttera.com/detailed_report/belsec.skynetblogs.be






  • Belgacom skynetblogs is hosted in ...... FRANCE

    so much for trust in the Belgian hostingindustry or its own hosting ........

    it also means that the FCCU may have some problems getting blogs down or getting logs (because it becomes immediately an international affair - except if the logs are kept in Belgium)

  • a safe internet is more than some blablabla and a nice picture

    no https for the login for starters

    and the site looked like this