why you should always close the banksite and take your bankcard out of the reader while online banking
read how they stole 2 million Euro
the first part shows why you need a good antivirus and why you should never trust emails from banks or so especially with an attachment
The attackers cleverly planned their attacks to happen on Fridays or the day before national holidays, so that the companies wouldn't immediately notice the theft.
so there are every month the last months
* between 15.000 and 25.000 unique visitors
* who have between 30.000 and 60.000 visits
* who read between 150.000 and more than 300.000 blogposts
this makes it all worthwhile off course
enjoy also the enormous open intelligence links aside the blog
and help keep the internet a safer place for us and for freedom of speech
The hackers in the OPISRAEL campaign claim to have hacked a site from Mossad and to have been able to extract two databases with 35.000 (a wrong number because there are many doubles in it) spies or personnel of Mossad (because in every spy agency you have different kinds of jobs and the less exciting are done by the biggest number of people)
so if you are on this list
https://anonfiles.com/file/d9f4c3eaec587f9c97bc8b6c1d91f23b (emailaddresses and two telephone numbers)
than it maybe that when you travel some-one will follow your travel patterns, if your emailaddress is used with foreign contact that are 'under surveillance' they will be suspected and so on
this list is not without danger and it is not clear in how far the list is what it is
in psychological warfare - and cyberwar is psychological warfare in which nothing is what it seems it is - it is important to double check before to accept things as it is
at the other side those whose jobs it is to doublecheck that information have now two enormous files to doublecheck against other files and if it is fake they will now fast enough
meanwhile I think many of those addresses and phone numbers will go dead in the following days - or be targeted with very specific attacks
420.000 linux machines can easily be integrated in a botnet and more lessons from internet survey 2012
why would you bother with windows machines anymore ? they have all that security and all those antiviruses and securitytools that most linuxboxes don't have
the Internet Census 2012 to which we already linked because it amassed 9 terra of data about the infrastructure of the internet (and is the biggest one and probably the last one also because of the legal consequences)is in fact built on the infection of 420.000 LINUX machines with enough ram with 2 very small scripts which were totally hidden and were eliminated once the work was done
he discovered all these installations with nmap the vulnerability scanner (which is already illegal in Belgium to use against machines that aren't of your own) because they had no or a standard password to log in to
it is also important to block or stop your telnetservice if you can (in windows you don't really need it anymore - surely not to the outside)
and what is all the fuss about cyberwar and hacking and security blablabla if even passwords aren't set up
and as it are linux machines they probably are also servers with websites and webservices making it even more dangerous
"Over the course of three months in mid-2012 we sent approximately 4000 billion service probes, 175 billion of which where reported back and saved" this shows that half of all probes are responded while it is not always necessary to respond to a probe because you normally had no relationship with those machines before or why respond if the service isn't activated (and even when it is - let them send a real serviceconnection and not a probe)
you will also find a lot of information because also printers, Apple and other devices were found or used.
all the information on the number of belgian installations that were found are here http://internetcensus2012.bitbucket.org/tld_overview.html
I suppose that in those 9 terra you will find enough information to find some of the 420.000 computers are you could add to your botnet (meanwhile you are looking for linuxprogrammers I suppose)
I think somebody should download the information and seperate it for each country how I am downloading 9 terra is a big question even if it is compressed into 1terra and a half
Adastral Park is BT’s global research and development centre, one of the world’s most pioneering centres of technology and telecommunications.
Like other visitors to the area, I’ve gazed at the Le Corbusier-designed building and its iconic tower cube rising out of the surrounding flat Suffolk farmland. It announces its modernising mission to passengers staring out of the windows of cars hurtling along the A12 past Ipswich and on to the east coast.
The site has a rich history of military invention and technical achievement, and is now home to thousands of engineers not just working on the frontier of boffinry but also turning new ideas into practical services.
BT calls Adastral Park “the home of UK broadband”, and some insiders claim there’s enough high-powered telecoms and computer kit on site to “run Belgium” – which is just a short hop across the North Sea. The park is a place that BT will open up as a science campus and a Suffolk ICT cluster if development plans are approved.
A blacklist of 5,000 IP addresses of the worst bots within the Chameleon botnet may be found here.
pider.io has observed the Chameleon botnet targeting a cluster of at least 202 websites. 14 billion ad impressions are served across these 202 websites per month. The botnet accounts for at least 9 billion of these ad impressions. At least 7 million distinct ad-exchange cookies are associated with the botnet per month. Advertisers are currently paying $0.69 CPM on average to serve display ad impressions to the botnet.
By Monday morning things had moved on again with South Korean security software firm AhnLab putting out a release saying hacked corporate patching systems were to blame for the spread of the malware. It said its own security technology was not involved in the distribution of the malware, an apparent reference to the premature and since-discredited theory put up by Fortinet.
Attackers used stolen user IDs and passwords to launch some of the attacks. The credentials were used to gain access to individual patch management systems located on the affected networks. Once the attackers had access to the patch management system they used it to distribute the malware much like the system distributes new software and software updates. Contrary to early reports, no security hole in any AhnLab server or product was used by the attackers to deliver the malicious code.
The latest theory suggests hackers first obtained administrator login to a security vendors' patch management server via a targeted attack. Armed with the login information, the hackers then created malware on the PMS server that masqueraded as a normal software update. This fake update file subsequently infected a large number of PCs all at once, deleting a Master Boot Record (MBR) on each Windows PC to prevent it from booting up normally. The malware was designed to activate on March 20 at 14:00 hrs Korea time on the infected PCs, like a time bomb.
administrator accounts for a patching system - I know many such systems where you have to be in front of the machine to launch the update - there is no way you can access it from outside the firm (this proves my point)
this is another reason why one should look for double authentification for accounts or for some critical infrastructure
a time-bomb wooow
the whole reads like a movie because the attack has been executed like a script - never believe that attacks are not related anymore and that the first signs of attack or discovery shouldn't be followed up as if no other stages can follow
so about the Microsoft services it is clear that they are looking for transactional data and about account information
click to enlarge
here it is 13% a bit less that can escape identification
just to be sure, this information is also asked when children or kids disappear, when there are bullying complaints, they have mostly a very good reason to ask for it
the data asked in Skype is conversational data - so the number of accounts is always higher than the number of requests
one should also note that for 118 accounts or nearly a third no data was found by Skype (which is strange because you have to subscribe to be connected) but probably it means that they can't locate the customer because he is using fake IP addresses, proxies and VPN tunnels or going through Tor
in total you can say that globally about a fifth of all accounts searched by the police are hidden
cyberwar and offensive security in which the attacker is attacked himself (this is interesting in an attackstory - you infect a server and make him to attack a network that uses an offensive security policy - and has announced this in the press because it thought that would turn the attackers away)
and so the infected host will not only be infected, emptied of data and compromised but it will also be under attack from another big network as a repraisal - eventually through a redirect through a proxy (in which the offensive defender thinks he is attacking a site in China while it is in fact for example a bank in the US)
well, did you remember the reporting - euh no - echoing of information (wrong or correct, verification is not the job of journalists anymore, they don't have the time for it) about the cyberattack on South Korea (which is an ideal example because of the wardrums in North Korea) ? So what happened.
It was the North Koreans ..... they didn't know anything
It was the Chinese ....... it was an IP address in China
hold your cyberguns
it was a mistake, the attack was from an infected server in a South Korean bank
luckily we didn't attack the North Korean or Chinese cyberinstallations because some-one just trusted enough the first reports and didn't let it doublecheck and wait for a final conclusion
if we talked about nuclear war like that - the first strike and the limited nuclear theater (in Europe) - thousands took to the street to get some sense in that debate
cyberwar is also a nuclear war because our economy and public services are all constructed around and for the internet - and as an 'modernization' are closing down specific sealed off networks that would continue to function - and they could break down or be interrupted
so stop talking about cyberwar and talk about cyberpeace and how to accomplish it and to disarm the internet instead of militarizing it
and there is somewhere an image or a link that is now dangerous because that site is infected
it means that if you don't need the external links you don't have to place them
you can for example keep bookmarks in online collections such as diigo.com
it also means that secure global platforms for all the schools or organisations or services or agencies is one of the most important security-initiatives that one can take because for them it is all about the content and the platform can deliver them secure functionalities
this is what it seems
this is what it is
Syria is the Spanish civil war all over again in which a dictator supported by two other dictators (Iran and Russia) and by the silence and diplomacy of the democratic countries can kill its population with all the military means at its disposal without any limitation
even in Bosnia there wasn't so much military might used (even if it was horrible) and in Libya we did intervene when airplanes en tanks were going out to bombard the civilean cities
and now we are astonished that
* people have taken up arms to defend and protect themselves instead of demonstrating and waiting to be shot
* that people are using any weapon the get and that they accept any soldier at their side (even if he has a beard :)) because tomorrow both may be dead anyway, so who cares about the after tomorrow
* younger and older man are going down to Syria to have the fight of their lives because they think it is the only thing that is left to do because all the other promises mean nothing and why should you sit back and watch every day the daily stream of horrorvideos out of Syria and not trying to do something
If you want to get any control again over the situation, we should implement the international laws of war and implement a no fly zone and we should arm the rebels with antitank weapons or take the tanks out ourselves
And if youngsters are fighting over there, there should be three conditions (just as in the Spanish Civil war)
* first they should be adult and not teenagers
* they should be able to communicate with the homefront and taking away their phones and papers is not the way to do that and they should be able to come back whenever they want to
* they should be accepted by the local forces and work for them and with them, under them (and if they aren't wanted anymore they should go home)
that is a volunteer, all the rest is entrapment and abuse
there is also a great psychosis about those guys when they will come back after the war (as if it is going to be finished in a few weeks) but that just diverts us from the real question, why are we not doing more to help one million refugees and stop this kind of civil war or give the opposition what it needs to win this
and if all the men who have fought in wars were to become terrorists, we would have bombs going off all the time all around us and if all the man who were extremists at their 20 held the same believes untill their death democracy would have difficulties to survive
oh how we celebrated the new democracy in Birma and the role of the woman that was a dissident and was now going to lead Birma in the new century of democracy and prosperity and how she was overloaded with prizes and visits and probably cash
where is Aung San Suu Kyi now ? Last year she refused to take sides in another communal ethnic bloody riot. So much for democracy and human rights
oh how we wanted the Dalai Lama to be free in a free Tibet and how so many where inspired by his thoughts, writings and his silence
where is he now ? It are Budhist monks trying to cleanse their towns of those strange muslims.....
while people - whatever their belief or colour or whatever the reason or the 'understanding' of the underlying conditions and situations and whatever the incidents from whatever side
this is not acceptable in the new century - so you are not welcome and you should not receive any prizes and should probably give all those you have already received back
burnt muslim bodies after the riots
whole villages and parts of cities going up in smoke
and thugs going round looking to kill somebody because ......
and while the police stand by, hardly intervening
people flee as refugees without the protection they need
passing the burnt bodies in the streets
oh yes and talking about internetfreedom in Birma is really what you should be doing at this moment, this is really the issue of the moment and the internet will stop all that, at the other hand thanks to the internet and ANonymous on Twitter the topic is trending on Twitter and attention is growing for the situation (although that didn't change a thing yet for Syria)
so there you are
you have a website with good traffic and a good reputation
and you place a link (even if it is cleaned up)
but that links seems to be infected or hacked at some time
and your reputation goes to being blocked and indicated as dangerous and so on
and before you know it your online repuation has gone in the toilet
as is all your work
this shows why it is necessary to control all your links (your own and those you link to)
or even limit the number of clickable links
it is also clear that the website of the AGOWEB.be was an infection which could have more implications than just some text hacked by Anonymous
oops I was in the list of scumware.org for an html iframe
so I doublechecked because It could be that a poster inserted something in a comment or that the platform itself was under attack - it is now and than
but than I doublechecked over and over again and all seems clean
except for scumware https://www.virustotal.com/en/url/8daad5a3e18ae3e0583d13bb25876cd4b77c908cc914e14625e963e286817aa2/analysis/1364291403/
but the analysis showed this
so the hacking of the agoweb.be the official site of the flemish administration is much worse than thought
there was an iframe in it that made it dangerous and people could have gotten infected
but according to
all scripts seem clean http://wepawet.iseclab.org/view.php?hash=484e9282e0c0fd2a555b4cca6c6dccb3&t=1363260308&type=js
no files on the blog itself were malicious http://quttera.com/detailed_report/belsec.skynetblogs.be
so much for trust in the Belgian hostingindustry or its own hosting ........
it also means that the FCCU may have some problems getting blogs down or getting logs (because it becomes immediately an international affair - except if the logs are kept in Belgium)
no https for the login for starters
and the site looked like this