07/16/2013

what to do if you are one of the innocent victims of the rex mundi hacks

first it all depends on how much information is published and how secret that information is for you

* adresse, telephone number

If this information is not secret for one reason or another than there is no urgency, but you could ask the firm to pay for the change of your telephone number if you don't want it to be known (and didn't publish it online either)

* emailaddress

this is more difficult because if you have used the emailaddress of your employer it is possible that the securityguys won't like it and that you will have to change that address (and get some good advice for the further, never use you official workemail for private business online)

if you emailaddress is private and you are bombarded with a lot of spam and you need to change and your business is being hurt by this, than you can complain I suppose

* passwords

if you use the same password anywhere else on the web, than you should change this as fast as possible

for some services with telephone authentification it would be possible to steal your passwords with VOIP or infected SMS when it could be linked to an account (facebook, google)

* personal information

this is a breach and you could complain to commission@privacycommission.be

* business information

this is a breach and you could complain to the fccu.be especially if business insider information has been leaked and that information could be useful for your competitors

Permalink | |  Print |  Facebook | | | | Pin it! |

the three groups of targets of Rex Mundi

after observing rex mundi for the last 2 years you can distinguish three groups of targets

 

the first group are the ISP's

the second group are the online lending companies

the third groups are the online recruitment companies

 

if you are one of these companies

* they will not go away

* you still have to implement strict security and privacy with permanent monitoring and logging and patching

* you need an incidentplan and to look at the new reglementation of the privacycommission.be

maandag, 21 januari, 2013

especially if you belong to one of these targets

Permalink | |  Print |  Facebook | | | | Pin it! |

Rex Mundi hacks places the privacycommission before its first big test

the two new hacks by Rex Mundi places the new Privacycommission and their new reglementation about databreach notification (january 2013) before their first big test

the biggest incident since the new reglementation has been handled behind the scenes because it was a leak and not a breach

this is different

if Rex Mundi blufs and that information is not on their servers and has been faked or copied than even in that case the servers in question have to be inspected by real forensic inspectors to verify that this information was not on their servers and never was - this is the only way those two firms can make me believe that there was no compromise (only believing what you are seeing)

if Rex Mundi is right that there are three questions for the firms (I won't call them victims because the real victims are the innocent bystanders)

* did they inform the privacycommission and started an information campaign to the victims and the necessary investments to answer calls from people and if they didn't why ? The only reason that they shouldn't inform the privacycommission should be if they have the 100% proof that this leaked information from a socalled breach was never on their servers and they can proof that. All the rest is hearsay.

* did they inform the victims in time so that - even if they wouldn't pay - these victims could change the passwords (and eventually the telephone numbers if it was a private one) and they would pay for any costs that that would bring with them

* did they take all the necessary actions to close the securityholes, look out for new backdoors and change the internal passwords and start encrypting that data ?  In fact do anything so that this doesn't happen again.

so the first big test for the privacycommission is to show that its new reglementation from january 2013 has some meaning and that it will be enforced and implemented

if not, the cynics are proven right again

another question is if the personal victims based upon this breach can now step to the court and ask for compensation as not only they weren't protected as it should, but the instances were informed and the procedures weren't followed (48h after the breach the victims should be notified)

my last remark is that in California, the mother of the breach notification law, they have now said after their evaluation of the law that they will go now heavily after firms that don't encrypt their data because that seems to be the biggest problem and loophole

Permalink | |  Print |  Facebook | | | | Pin it! |

Rex Mundi hacks another Belgian recruiter, habeas.be

I wanted to keep this off the record but as numericable has been so stupid sending out a press release and the infosecuritycommunity is now reading the rex mundi tweets again, there is no sense in not publishing this news and other interesting comments and thoughs around it

so this is another interesting one who thinks that nothing happened and that they can neglect such a warning or even don't research in their logs what has happened and if something is true

secondly they don't have a seperate login which is fine but as they are running older PHP scripts it is possible that one of the bugs and security vulnerabilities that has been fixed in the more recent versions (it is not because it is free that you don't have to work on it) was the gaping hole inviting hackers, not rabbits

so now they have a problem

if Rex Mundi is right, than they have lost their database with the profile and personal data of the people who were placed with them (it is an outplacement firm - so their 'candidates' aren't the happiest ones because they are forced to take another job somewhere else and the outplacement is supposed to make life easier for them)

Permalink | |  Print |  Facebook | | | | Pin it! |

rex mundi, twitter and PRISM

among all the hysteria about the online spying activities of spy agencies, people (aside from watching the film brasil) should remember that all is not perfect that socalled perfect cooperation on paper between police and intelligence agencies and the webservices (even American ones)

* Rex mundi has kept his twitter account, while the lulzsec and Anonymous accounts on twitter has been suspended or destroyed systematically

but maybe the police services want that account to stay active because it seems to be the only way to communicate and even with the worst enemies and criminals you have to keep some 'line of communicaiton' open

this will maybe explain why on pastebin he has lost quite a lot of posts but the account was not suspended either, while other hackers have seen their full account blocked at pastebin

* Rex Mundi hasn't been arrested yet

as Rex Mundi has been hacking in Switserland, USA, Canada, France, Belgium and so on ..... there are a lots of police investigators looking for them but why don't they find them

there may be two explanations

first there may be a lack of cooperation. Rex mundi is not a threat for the system because it doesn't hack police and governmental databases and doesn't publish them with pamflets about revolt and so on. THere is in other words no political urgency to liberate all the necessary resources to get them.

secondly even if the hacks of Rex Mundi are not nothing, they aren't the big ones (and when they got a very big one it was handled behind the screens without the impact that it could have had), the numbers are small (in comparaison with lulzsec, the ransom is small (in comparasaison with the ransom asked from online casino's) and the public relations effect is relatively small (you're not on CNN)

so before becoming paranoid one should remember that 

* in this international interconnected world it is still possible to blur your tracks enough to not be found by one or more police forces who are NOT working together

* that it all depends on the priorities of the police force and that those are political and that for this reason it is not the live monitoring that is the biggest problem but the fact that the NSA wants to keep the data for always (imagine Hitler getting his hands on such a database - even if he wanted to create one with the help from IBM)

Permalink | |  Print |  Facebook | | | | Pin it! |

Rex mundi hacks numericable.be and they say it ain't true

Rex Mundi publishes a warning that they will publish tomorrow a lot of information about 6000 clients from Numericable.be and other business information that will make them sorrow that they said that

"Belgian cable operator Numericable said none of his customer data or business information was comprised in a recent hacking attack on its systems. The statement follows a claim from the hackers collective Rex Mundi, which claimed to have details on 6,000 of the operator's customers. Numericable said it has filed a complaint with the Computer Crime Unit.
http://www.telecompaper.com/news/numericable-says-data-sa...

the sample is here censuur  for the moment

and have a look at this

DB users:
-sa
-website
 
if this is true, how long it is already known that the default sa user in a database has to be desactivated before you do anything with it ? As far as I remember
 
the second user is the website with its own credentials which means that if you have taken over the website, you have also access to the database as a user (and if your rights weren't limited because why make things always difficult as those securitypeople always ask ?) than you own also the database
 
the server has the following databases  (numericable has to proof that this isn't the case not to say that as far as they know their personal or businessinfo wasn't compromised) and here are some interesting things to see (and you ask yourself if the architecture guy talked to the securityguy at any moment during the installation because a real securityguy would never have accepted this, among other things)
 
censuur
 
and than there are the users, the innocent bystanders
 
a very interesting one working for a bank (phishing and ATP coming your way baby)
 
censuur
 
and some Belgians
 
censuur
 
If Rex Mundi reads, do not publish tomorrow social securitynumbers and passportnumbers, in fact even the phonenumbers are not necessary to be complete (if they are in excell you can scramble with a mathematical formulae) and than you export them again in a csv file - just for the innocent bystanders
 
Numericable isn't the only ISP that hasn't taken Rex Mundi seriously. I have been warning that this group won't give up and has been going on for nearly 2 years now without ever being found out.

Permalink | |  Print |  Facebook | | | | Pin it! |

07/15/2013

why Snowden won't get real political asylm but will be treated and protected as a spy

Glenn Greenwald, a columnist with The Guardian newspaper who closely communicates with Snowden and first reported on his intelligence leaks, told The Associated Press that the former NSA systems analyst has "literally thousands of documents" that constitute "basically the instruction manual for how the NSA is built.
http://www.syracuse.com/news/index.ssf/2013/07/edward_sno...

someone going over with that kind of data is always a spy - period

but that proofs that he will be protected on the reciprocal protection of ex-spies by the different countries

and this is also why Russia (or another friendly country) is so interested

* they have their own full interception system since years and would like to make it more perfect (those keywords alone are very interesting)

* they have to learn their allies and spies how to circumvent the system and stay under the radar

even if you would hack the network of the nsa you would never find so much data in one place (it has been collected during a year - without any one seeing that an employee of an outside contractor was copying all that kind of data)

there are Data protection and data access systems available that would have prevented this (as they would have prevented wikileaks and stopped Mannings)

Maybe some-one should sue the NSA for negligence and endangering the national security by incompetence :) because the technologies are there and they have more manpower than they can recruit (which is why they are using so many contractors with all the securityrisks)

Permalink | |  Print |  Facebook | | | | Pin it! |

metadata : how to bypass the NSA prism (or make it them difficult)

1. don't take an emailaddress with your name in it

2. use temperorary emailaddresses if needed

3. don't use words in your title that reflect your content

4. steganography is a great tool

5. place passwords on encrypted files

6. use a professional proxy or tor to access the internet

7. use a local dialect

8. write it down, scan it, encrypt it and set a password on it

9. use some totally different pseudo identities on the net that have no connection whatever with each other

10. use different computers or telephone accounts or tablets to communicate

and all this shows how relative this interception may be

in fact this means that how much the NSA may invest in infrastructure, the human intelligence will still make the difference because you can make the interception of communications so difficult that it will take too much time and if the supervisors is not  convinced that that message or converstation needs the necessary recources it will be too late for them (9-11)

the advantage of the system is off course that you can get the amateurs and the stupid and that you can find them easily (and as in most of the cases infiltrate the new cell to arrest them all the moment they want to effectively do something instead of just talking about it)

but technologicalobsessed securitythinkers will do everything to proof that they don't need that 'too old spy' tool of Human Intelligence anymore, they say that it is costs too much is ineffective and so on

it is, unless it uses the intelligence that the technological interceptions can collect and this has been the case for the last century

Permalink | |  Print |  Facebook | | | | Pin it! |

metadata : the wrong discussion about the wrong metadata

Metadata are the data about the content

in my job I can use three kinds of metadata

1. the global anonymous metadata

this means that I will only see for example how much videotraffic there is, how much to which country for example and so on. I have no idea to locate the source of the data. This is important to know if you will need to upgrade your infrastructure or limit certain access rights and so on.

2. the specified anonymous metadata

this is important for securityresearchers and securityguardians at the ports of the securityinstallation - a global interdiction of the use of all metadata with very stringent implications would make it very difficult for the securitypeople to do their jobs in time

this means that I don't know who is behind the IP address but I only see the IP address and I even don't want to know who is behind it, I only can use to eliminate botnet, virus and spamtraffic and to get the computer out of the network and than it is up for the local IT people to go and repair the computer, the helpdesk only receives an IP address and the mention that it is probably infected (which is most of the times is)

in the case of spam or the proxy we don't see the IP address or the receiver but only the title or the website when we type in certain words like porn, hack and so on. This just to see if there are mails passing the controls and to adjust the controls. The content of the communication is not seen. The person self is not contacted and the filters are adjusted. He or she will see that his bypass won't work anymore or that the spam is not coming through anymore.

in most systems you can now select the metadata you want to see and so you can chose only those things you effectively need and eliminate all others and you always you have to remember that you don't have to look at all the traffic all the time, you can use filters and searchstrings that give you only those traffic streams that need more research (for example blocking all traffic to Russia and China on your firewall if you don't have any business there)

3. the individualised metadata

in this case (as is the case with the NSA - echelon system) you have everything except the content - but in fact you have everything because most people use words in their subject that reflect the content, you can say that it is in fact a bridge too far.

PRISM

I suppose the NSA systems uses in first instance the second system with around 38.000 triggers and keeps those in their database and than decides or gets the approval to follow some of those with the third system of metadataspying to get more proof. If they have enough proof I think they just get everything.

Permalink | |  Print |  Facebook | | | | Pin it! |

07/14/2013

public folder with documents about Bitcoin

you can download it from here

bitcoin has been built as an answer to the financial blockade of Wikileaks, the activist community needed a currency that was decentralised and anonymous and safe

the last part is always the hardest and there has been some hacking scandals, it is after all money so it is worth something to somebody

bitcoin will not replace our normal money but it will be an important channel to a certain segment

Permalink | |  Print |  Facebook | | | | Pin it! |

07/12/2013

how Homeland Security Department (DHS) trains its agents in interception

This is the official course they got, presentations and lesson plans as published under the freedom of information act (which is a thing we all need)

download (80MB)

Permalink | |  Print |  Facebook | | | | Pin it! |

07/11/2013

articles and guides about the deep web (tor and freenet)

I am placing here some articles together about where to find interesting stuff on the deepweb and tor and how to go your way

https://mega.co.nz/#F!xkF3VZ4Q

Permalink | |  Print |  Facebook | | | | Pin it! |

Stratfor, the most interesting and threatening leak ever by Antisec (link)

Stratfor wanted to be the commercial CIA and even better than the CIA even if they worked for the CIA and other organisations like that. They didn't present themselves like that. They were a business and risk intelligence firm who were paying sources all over the world to know things before they became public and who were recruited on seminars and pseudo-interesting non-events like that.

The list of more than a million contacts with their emailaddresse and sometimes their creditcards was one of the hottest things to get at the end of 2012. But I presume that most of them didn't change their passwords or emailaddresses and that there are still enough valuable contacts in the list.

After this massive leaks the firm just gave away some months of free access and than continued as if nothing happened.

https://mega.co.nz/#F!QwMEUZqY

Permalink | |  Print |  Facebook | | | | Pin it! |

NSA a bundle of documents about the most secretive service everybody talks about

The NSA is in fact the result of the fact that the CIA became too public and had too much 'oversight' and 'controls' which makes it not easy to do spying and counterintelligence operations. The US also needed an agency which had all the necessary intelligence and regrouped budgets to look after the proctection of its own intelligence (encryption) and after the interception of the information that could be of interest (echelon for example)

You will find here articles, documents and reports

if you want to add documents that are missing, place the link in the comments

https://mega.co.nz/#F!lllADCja

Permalink | |  Print |  Facebook | | | | Pin it! |

PRISM a bundle of documents about the upgraded Echelon spy network

Prism is a product of the terrorist attacks on the 11th of september, without it it wouldn't have been possible and it has only grown because of a number of other homegrown terrorist attempts in the US afterwards.

THe planning of the Bush-Cheney presidency was to let the Pentagon and the intelligence community integrate into one big military-intelligence sharing complex that would be monitoring the whole society for dangers (Some projects were called total monitoring) and that would inform police and antiterrorist services of any looming dangers (sometimes going as far as people reading a lot of books about Bin Laden) 

The difference with Echelon is that as a result of the terrorist attacks the 11th of september the NSA-CIA (and the others) got the secret permission to ask a secret court the secret permission to spy on anyone who was deemed to be dangerous in the US (with the biggest danger being that the definition becomes fluid and the proof very thin and the motivation very vague). This gave them the possiblity to collect information on Americans where-ever they were (even in America).

The other thing was that the strategic thinking was also totally different. Where Echelon was primarily an interception network that only wanted to intercept information to be alerted when certain keywords or contacts were mentioned is PRISM a safeguarding environment where as much data as possible is intercepted and stored to be used whenever needed. It is not clear if the NSA can use this datastorage at will or it must have a warrant or motivation.

if you have other interesting documents, you can post the links in the comments

https://mega.co.nz/#F!ghcW1QRR

Permalink | |  Print |  Facebook | | | | Pin it! |

Echelon (NSA) a bundle of documents to read

Echelon is the mother of all international interception networks and is in fact the grandmother of PRISM (of which later more). THere was an investigation by the European Commission, some books and a few articles but afterwards you could say that it was all very quiet and calmy.

Echelon is like Gladio one of the consequences of the second world war in which the US, UK, Canada and Australia worked together to gather intelligence together much more quickly. But as they couldn't spy on their own citizens, they had to use others to spy on theirs and be sure that they got the information if warranted.

One should also remember that one of the biggest lessons from the second world war was that right information was critical and made the difference. You can only get that critical information if you can intercept it without the other side knowing it and before they think you can know or use it.

You will find articles, parliamentary reports and so on that seem interesting

If you have other interesting documents you can post the links in the comments

https://mega.co.nz/#F!ghcW1QRR

Permalink | |  Print |  Facebook | | | | Pin it! |

07/10/2013

Anonymous publishes clientdatabase of relead.com who targets your anonymous webvisitors with marketing

Relead.com (@relead) wants to help its paying customers "convert anonymous web visitors into sales leads", essentially tracking visitors to sites that make use of their service to then target with unsolicited marketing. While Relead is happy to help their customers harass visitors who have not created an account on whatever site they are helping monitor, have not voluntarily provided any information to the site in question for marketing purposes or in fact given any permission to have their privacy invaded so crassly, they are oddly reticent about who their customers are. James Welsh, Relead’s chief marketing officer (@jamesbwelsh) describes himself in his linkedin profile as an "Online Marketing and Sales Hustler", while his business partner at Relead, Robert Zvingulis (@zvingulis) is equally happy to describe himself as the "Chief Hustler of @relead". Elsewhere Robert describes himself as a "Visionary IT entrepreneur". It is a good thing that neither of them mention information security as either a skill or interest, as that would make what we are about to present even more embarrassing for them than it no doubt already is. You see, if you are an enemy of anonymity, you are an enemy of Anonymous, and we love to know who our enemies are. We could simply dox the fools behind this vaporware site, but that is not nearly fun enough. Who is paying Relead to help them snoop on their unsuspecting website visitors? Who is willing to provide cash to a company that is essentially taking the NSA surveillance program as a business model?
http://pastebin.com/raw.php?i=ynr60qXP

there are no belgian emails in it, some dutch and even the british council

Permalink | |  Print |  Facebook | | | | Pin it! |

Anonymous hacks clientbase brickcom camerasurveillance company (belgians included)

If you fight against anonymity, you are fighting us... "To date, Brickcom provides the latest in network security to prevent unauthorized access to the network. Quality products coupled with impenetrable security makes Brickcom the company of choice for global network surveillance solutions." - Brickcom, exaggerating just a little. Bitch, do you even hubris? How do I shot infosec. Seriously, we appreciate the lulz, but don't make us laugh so much we spit our drinks onto our keyboards. So just who are Brickcom? You can find their corporate site at http://brickcom.com/ Basically this is a company that has won multiple awards and government and corporate contracts for developing, producing and selling networked high resolution megapixel surveillance camera systems. These products are then used for license plate recognitions, facial recognition, etc. Brickcom also partners with companies like Saimuth Technologies Inc to provide additional biometric identification integrated systems in countries such as Canada. Who else do they provide these services and products to? An example is Taiwan, as quoted from Brickcom's own press release: The Kaohsiung city is the most populated city in the southern part of Taiwan. To better protect this city against crime and crisis, Kaohsiung City Police Department looked to upgrade its video surveillance system. The challenges the authorities concerned were facing are that the surveillance system must be far reaching, capable of delivering the high quality video during the day and at night, and at a low total cost of ownership and maintenance. The police officers will rely heavily on the system for the traffic monitoring, car number plate surveillance, avenue surveillance, etc. The scale of this project is around 4000 cameras, and is deemed the biggest government project in Taiwan in 2013. Below you will find the details of over 3,400 of their customers, names, usernames, passwords and email addresses. We apologize for the poor formatting of the data, but we have an awful lot to sift through and there just are just not enough hours in the day. This leak is solely for the greater glory of Anonymous, the battle for anonymity and against indiscriminate state and corporate surveillance of the public. No sec groups, no ops, no names, simply Anonymous. This leak is a dedication to those who have given up their liberty for the ideals of free speech, and a surveillance free internet. This leak is also dedicated to those who continue to risk their freedom and refuse to be paralyzed by the ever rising levels of paranoia we all feel as we read the news daily. The war will be a long one, we must fight it one battle at a time. We will. Expect us
http://pastebin.com/raw.php?i=Q99i15bB

hopefully they didn't use the same passwords elsewhere because otherwise they could have a lot of work

Permalink | |  Print |  Facebook | | | | Pin it! |

do some social taxfraud research with the icji offshoredatabase and Google

They have released 120.000 names and adresses of people and firms that are mentioned in the enormous database of mails and accounts and transactions that was leaked to them (and that they are still keeping as it is theirs to keep and not for the justice departements to use to prosecute - would they do the same if it was childporn ? )

now you can help them a bit - wherever you live

first you do a search in something that may interest you (people or firms that are located in your country for example)

http://offshoreleaks.icij.org/search

than you go to Google and you type the information (name or addresses between "  "  in Google) and you start profiling - from there you will see who the person is or what the firms does and what its relations are and what others have already published

you can send that information to the icij (if they didn't publish it already) or post it elsewhere

meanwhile I still think that database should be made available (even by - technical accident :) )

I believe more in the wikileaks method even if there are some legal and other problems that will come with them. It doesn't mean that every person in the database is a criminal in the same sense because some people seem to have inherited sleeping empty accounts or had forgotten about it

another consequence of this is that those fraudster will never feel themselves as safe as before (except if those firms start investing in some real security)

Permalink | |  Print |  Facebook | | | | Pin it! |

make yourself less visible for Facebook graph search (practical tips)

Facebook graph search is the biggest enemy of your privacy because it will make things available to the whole world that were never intended to be visible and as Facebook Graph search has now been made available to the whole of its US based users it will take only a few months for the rest of us to have access also

Facebook Graph search should be an opt-in and not an opt-out. Facebook should make it possible to choose to make your information available for Facebook Graph Search and should warn you before with a preview what will be available to all others and how you can limit it so you could see with your own eyes what you have made available

this won't happen without big pressure so meanwhile use these practical tips from Trend Micro

Click this link, which will take you to your Facebook Privacy Settings (if you are logged in) make sure that you have restricted the visibility of future posts to your preferences, I would recommend a minimum of “Friends” and then use the Activity Log to review all of the posts and other things in which you have been tagged, removing any tags you wish. Once that’s done, use the Who can look me up? section to control how visible your personal information and profile is. I would heartily recommend disallowing search engines from linking to your timeline and allowing only Friends to look up your profile.

Now click on the Timeline and Tagging section over on the left. Use this section to restrict who can post on your timeline. It is also advisable to enable reviewing of posts you are tagged in before they appear on your timeline. Remember though, these posts will still show up elsewhere, whether you allow them on your own timeline or not. In the section Who can see things on my timeline? there are a couple of really critical options that only become visible if you dig a little deeper. In Who can see posts you’ve been tagged in on your timeline? choose Custom and you will notice that as well as restricting the content to Friends only, you can also restrict certain people or lists from seeing that content if necessary.

Perhaps most importantly, hidden away in Who can see what others post on your timeline? again if you choose the Custom option is a very handy little checkbox. By default, any tagged content is being shared not only with you and your friends, but also with ALL Friends of those tagged. You can pretty much guarantee there will be a lot of people that you don’t know looking at those photos. Yes, those photos. Uncheck that box.

In the bottom section is the rather ambiguous sounding When you’re tagged in a post, who do you want to add to the audience if they aren’t already in it? Do you want all of your friends to automatically see any post in which you are tagged? Normally I’m guessing not. Set this option to “Only me“.

Finally, on your own Facebook profile page, click the “Likes” box, click the “Edit” button and set each section to “Only me“.

Of course Facebook are only doing this to allow more of us to find the things we are actually looking for, but sometimes the things that someone is looking for are not the same as the things that you want them to know. If you remove the context, you remove yourself from the search results.
http://countermeasures.trendmicro.eu/facebook-graph-searc...

Permalink | |  Print |  Facebook | | | | Pin it! |