Earlier this week, we announced that we had broken into the servers of Xperthis, a Belgian IT company.
However, as Xperthis itself announced a couple of days later, it turns out that, indeed, the data we acquired was somewhat older than we had anticipated. Therefore, we will not release that data.
Might we suggest to Xperthis, however, to better secure their servers? It does not bode well for the healthcare professionals who happen to be your customers that you seem to be unable to secure your own data.
that is when you go too fast
and it shows again that if you don't protect and upgrade your servers and databases that scanners like rex mundi will you will get hacked because those scanners know to find you and they know how to get that data and they will ask you for money and they won't fuck up every time
1. that rexmundi is now demanding enormous 'robin hood taxes' (which it aren't as they aren't given to charities - which in any case as with Anonymous actions like that will have to refund the money as it was illegally obtained). He was now asking for 15000 bitcoins and one bitcoin is 6002 dollars so you know now that this is serious money
the stupidity of this tendency is that their is now more advantage in not paying than in paying The first sums were 300 to 500 euro's or dollars but at the time we laughed about that sum
getting creedy is the beginning of the end
2 that rexmundi is not really checking the data and making claims that are becoming even further away from the truth If he would have looked at the datasets he would have seen that the data was already 10 years old and that with a small double check he would have seen that some of the data wasn't even active anymore on the web or were not the health professionals he claims they are
3. this operation shows a third characteristic of RexMundi operations and that is that he isn't capable of taking his time and penetrate slowly into networks from vulnerable servers to backup servers to administrative accounts to networks and so on (get the picture ?)
real instant hard sex instead of a long foreplay that ends with some intensive moments
although one should keep the following in mind
* we don't know what all the information is that rexmundi downloaded from the servers, it may be that other information was downloaded and that when that information becomes public there are other new questions
* the networks of experthis will be scanned and attacked by other hackers over the coming days and I hope they have their securitypeople on the scene and every monitoring tool activated and manned and all the securityupdates installed and so on because it can be a very hectic and dangerous week for them - and those hackers may be more professional than rexmundi seems to be
this will be even more difficult for experthis to do because they are - as they say themselves - a combination of three firms with their own networks and servers (which is the reason why they had forgotten about those two old servers and the marketing lists on them)
try to defend this, dude with the little resources and manpower you have at your disposal
but experthis and the people responsable for e-health should not cry victory now and think that everything can go on as ever before as if nothing serious happened
for the same price they had lost administrative accounts, client accounts and the source code of their software
it is high time that one stops to concentrate only on the first ring of defense around our ehealth data may be fine but the biggest problem is that all those e-health serviceprovicers (doctors, pharmacies, health organisations,..)
you start with attacking low hanging fruit to break into the defended castle
and that rotten fruit were two servers they were forgotten about .......
#Rex Mundi hacks and steals data from a Belgian provider of software for Belgian and European e-health institutions
Nor the CERT incident line nor the FCCU telephone line are responding at this moment .....
This is the message from Rex Mundi
"Dear friends and foes, We have hacked the servers of Xperthis, a Belgian software company which creates applications for hospitals
and healthcare professionals. These applications are used mostly to maintain and store patient records.
You would therefore expect Xperthis to pay close attention to their servers' security. But, whoops, guess not. Among the data we have obtained are over 800 login credentials and emails of healthcare professionals in Europe. Of course, we offered Xperthis a way out, as we always do. So far, Xperthis has failed to reply to our messages.
They have, however, been smart enough to take their website down (xperthis.be). Xperthis has 2 days left to pay us. If not, well, we already informed them of
what we will do with the data currently in our possession. Rex Mundi
the other question that is even more important is if they have administrative data of the technicians because they have access to most of the network through VPN and so on - but if there is no double authentification and you only use the login than that is no protection at all
another question - as they say that they have several data - is if they have been able to steal the code of these applications so you can look at ease at bugs and security vulnerabilities that could be exploited one day
if some of that code is patented or really something important than there is also the survival of the company itself that may be at stake
he's clearly asking for a lot of attention
and the website of experthis is ..... Under maintenance
"Coordinating Council, a group uniting opposition parties and movements of breakaway Abkhazia, has called for a new, upgraded partnership treaty with Russia, and Abkhazia’s membership in Russian-led Eurasian Union and Customs Union.
A statement by the Coordinating Council comes amid political standoff in Abkhazia as the opposition continues holding control of presidential headquarters in Sokhumi, insisting on Abkhaz leader Alexander Ankvab’s resignation. Russian President’s aide, Vladislav Surkov, is in Sokhumi mediating between the opposition and the authorities.
The statement by Coordinating Council says that after recognition of independence of Abkhazia by Russia in August, 2008, bilateral ties moved to substantially new level. Russia signed comprehensive treaties on friendship and cooperation with Sokhumi and Tskhinvali in September, 2008.
except if they lose control or things get out of hand
so nothing to be excited about for the moment
"Just before the elections wrapped up on May 25, Russia’s state-owned Channel One reported that the neo-fascist Right Sector candidate Dimitri Yarosh had won the election with a plurality of 37 percent of the vote. Their source? Ukraine’s Central Election Commissions Web site.
The reality was much different. Poroshenko claimed victory with almost 60 percent of the vote. Yarosh carried less than one percent—an absolutely disastrous showing for the far right. That’s a pretty big mistake. How could a major news organization like Channel One make such huge error?
Early in the week the Security Service of the Ukraine—or SBU—announced it had arrested several hackers attempting to disrupt the election process.
According to the SBU, the group planned to introduce malware into the election commission’s Web site and servers that would discredit the Ukrainian election by reporting results skewed heavily in the favor of the far-right Yarosh.
The hackers—irresponsibly—bragged about their exploits on the Internet. The SBU paid attention, rounded up members of the group and set to work fixing the election commission’s computer systems. Forty minutes before Channel One aired their story about Yarosh’s victory, the SBU fixed the bug.
So it was meant to happen and even if it was found out the Russian would have won
* the election was broken
* the right sector could be up in arms because they thought that they would have won and that Kiev had stolen their election back
* all this should have been done all over again giving more times to the militia
he wants to get back to the US
and so everything he says is part of that goal
never heard him say that he is against the publishing of all the US targets by Greenwald as he announced
try not to be too naive before you believe him because he was trained to be a spy as he says himself and so he is trained to deceive
one was shot down yesterday above Ukraine territory
aside from that it would be possible to spot the infiltrants and smugglers
the question is if the FIFA should hold her 1936 football games in the neo-USSR
the Olympic Games didn't change a thing
"“As with a fireworks show, you want to save your best for last,” Glenn Greenwald told GQ recently. “There's a story that from the beginning I thought would be our biggest, and I'm saving that. The last one is the one where the sky is all covered in spectacular multicolored hues."
That finale involves the names of U.S. citizens targeted by NSA surveillance, according to an interview Greenwald gave to the Sunday Times. He told GQ that the last of the big stories based on the documents he received from Edward Snowden would be published this summer.
"One of the big questions when it comes to domestic spying is, 'Who have been the NSA's specific targets?,'" Greenwald told The Sunday Times. "Are they political critics and dissidents and activists? Are they genuinely people we’d regard as terrorists? What are the metrics and calculations that go into choosing those targets and what is done with the surveillance that is conducted? Those are the kinds of questions that I want to still answer."
if we would categorize them according to profession and reason and so on, you could say that it is useful and not harmful because it could be used to proof that the NSA was becoming a very dangerous institution for everyone who was involved in politics, journalism and protests (which are not the domains the NSA should have been involved in) while neglecting (because you can't do two things as good at the same time) terrorism, drugs and other criminal networks and corruption schemes or espionage
if he really is thinking about publishing the names that are in the 200.000 documents he has received out of 1.7 milllion documents than there is an immediate threat to any intelligence work the NSA or any other agency is undergoing and he is putting an enormous list of agents and operations and national security an sich into an immediate and big danger - in fact enough to be killed for it (even by natural causes)
not that I am saying that he should be killed for it or hoping that some-one will kill him but only that when you publish such threats publicly you shouldn't be surprised that some-one somewhere with but mostly without any official recognition will have the urge to get into action
except if he wants to use it as an insurance file and only wants to let it known that he has such a list and that the list will be published if something happens to him or his partner
another possibility is that in the end he will maybe not even publish this list because of acceptable reasons of national security and shows himself so in an international PR campaign to be responsable and acceptable (and free to travel to the US and UK and any other country that would like to prosecute or extradite him when he finally publishes this list and crosses every boundery of acceptable journalism, investigation or divulgation of information critical to the national security of the US)
another possibility is that he wants to use it as an bargaining chip to give Snowden the possbility to return to the US without facing the most harsh sentences as long as the file isn't published and he is out of his boring life in Russia (why would you otherwise say that you want to negotiate your return to the US or Germany ?)
the main effect may be that he will be forced to join Snowden in Russia (with his 200.000 documents) - if any country will let this plane cross its national airspace. It will be interesting to see where he will travel in de weeks or days before this publication - which could lead to a total travelban going into effect now.
another effect of this threat - because this is what it is - is that after Snowden Greenwald is now losing also totally his credibility. You can publish information about illegal operations by the security and intelligence community, you can publish information about global total surveillance and why it is dangerous - and we will applaud for doing this (because it means the press is playing its role and the oversight committees aren't) but it is a totally different thing publishing the names of the living targets of the NSA - whatever precautions you are taking
there is no excuse for doing so and no reason for doing publicly
nothing is what it seems and is probably totally different from what it seems so it is necessary to look at the experienced detailed analysis by specialists who have the tools, knowledge and mindset to look for possible other explanations of the things we see on twitter or online
there are many other sites that are trying to discover russian info-operations but none is as professional as this one
one should also remember that one of the info-ops that the Russians tried to use as a reason to invade was shown on twitter to be a total info-ops a few hours afterwards by a detailed analysis of all the different aspects of proof that the Russians wanted to use
that was maybe the first time that in nearly real time all different people from over the world dissected the socalled proof with their knowledge and mindsets to show why it was fake
we have been reducing our defense budgets in such a way that in fact we see now that we even don't have any military or intelligence capacity anymore worthy of that name and that when we are challenged we fail pathethically
this has some consequences for Belgium which is host to SHAPE and NATO and seabruges which is a main gaz terminal and Rotterdam and London and Brussels hosting the EU
it is an aircraft carrier
so next time this happens you will not only have to test your monitoring capabilities but also your airdefenses and the time necessary to get your airplanes in the air in different countries which can be targets - as a test
at the other side, just before the second world war the USA had even not an army that could defend California and after Dunkirk the British had only a homeguard and wouldn't be even capable of stopping a German invasion if it ever took place (but as they believed in air supremacy the wanted to win the battle of Britain first which they nearly did - not)
the only problem is that Putin is NOT yet accepting his defeat and even if Merkel is now sliding into accepting the status quo there is no guarantee that Putin has accepted the status quo....
source for picture and textgrab under
they say that there is too much information that is collected or transferred from the computers and that it can't be analyzed
they say that it is very difficult to know what it is exactly doing
they also say that they don't trust the owners of Kaspersky
he who at the time lead and inspired so many online lulzsec hackers
he who was a hero and was the number one target for the US - first thinking he was Iranian state trained
but now, he was the simple guy living on their doorstep
agreeing very quickly to not only bring a few hackers in but also give the US one of the biggest hacking operations with the biggest leak of governmental contacts ever - stratfor (was done while under FBI control)
and now he is walking free after 8 months of jailtime
he is being relocated because of threats against his life and family
I suppose he will be working for the government or some cyberhacking consultancy group soon
look at the map
it is at the sea front
it is Russian controlled
and it is not small
I have friends who have fled this region after the invasion and left everything behind
they never believed they could go back one day
maybe that day is coming near now
Putin has opened something he is not sure he can continue to control and he has lots of territories to control
As reported by the military intelligence service and intelligence service of the Ministry of Internal Affairs, this was the main training camp, where from 300 to 500 militiamen had been continuously trained for the last two weeks. It was not just a basic military training. This camp worked for combat coordination of military units and small groups of terrorists. The camp’s militiamen have already undergone individual training and had an experience of military service,” the journalist informed.
According to Butusov, the camp’s sole existence was the most insolent provocation. It was located outside the settlement, 500-700 meters from the Russian border. In addition, the borderline on this territory is not demarcated and is visually hard to notice.
“At the Russian part of the border, a concentration of troops had been observed, as well as a supply of militiamen. Based on intelligence data, the camp could have been covered by anti-aircraft guided missile systems, as well as Russian anti-aircraft defense. Sending Mi-24 army helicopters there had been risky. The various options for the camp’s liquidation had been discussed, however the order to do so must have been given by Turchynov as the main risk was that in case of accidental destruction of Russian territory by bombs and missiles, Putin could have used that as an excuse for the military intervention,” Butusov emphasized.
The breach affected less than 0.2 percent or roughly 400,000 of Avast's 200 million users, said Steckler, noting the reason for its limited scope was that it only affected users of its community-support forum, which is run on an "isolated third-party system". Accordingly, the most important customer data it holds, including payment, licence, and financial data, was not impacted.
"We realise that it is serious to have these usernames stolen and regret the concern and inconvenience it causes you," Steckler said.
While the passwords were stored as hashed values, Steckler advised that it was still possible for a sophisticated attacker to derive the plain text passwords, which could pose a risk to affected users that re-used the password from that forum on other sites.
"If you use the same password and user names to log into any other sites, please change those passwords immediately," he warned.
so how many months later and why didn't they tell before
changing your passwords now has as much sense as changing your door after it has been broken down and you have been burgled of everything you have