No trust without independent control - Page 3

  • finalys.be asks personal details of belgians for a loan on badly encrypted french servers

    they have a strange ssl certificate

     

    and this certificate is not strong

     

  • #rexmundi analyzing the Xtra-Interim.be leak WITH 1000 NATIONAL REGISTRY NUMBERS

    It is about 1000 persons

    they used sql injections (several) which means that the programmers have set a database and a form without any securitychecks making mistakes that should have been corrected if one has followed whatever professional book (if you are a professional programmer)

    it also means that the hosting of the site has no good application defense which means that it doesn't have a good firewall because otherwise even with these vulnerabilities it would have become more difficult to execute those attacks

    If I have a site with that site, I would check my forms and databases because this is the third one

    id,langID,hiant_id,cv,tel,naam,email,busnr,huisnr,straat,postcode,voornaam,gemeente,paswoord,

    opmerking,rekeningnr,creationdate,nationaliteit,geboortedatum,geboorteplaats,preferred_jobs,

    burgerlijke_stand,rijksregisternummer

    not everybody filled in all these fields in the form and I would continue to say that there is no obligation to fill personal information or correct information (the only thing that is needed is your emailadres)

    there are about 100 bankaccountnumbers (for the banks the files with the list is with the FCCU and the CERT.be if you would need to contact the people

    there is no guarantee that these files will not be downloaded combined with or sold to other (criminal) networks

    rex mundi didn't keep the promise to not publish the national registry numbers, this means that there are about 1000 of them leaked online (and to the underworld)

  • #rexmundi publishes the dataset from Xtra-Interim.be

    no links due to lawyers but if you know to search Google you will find it

    "Dear friends and foes,

    Here is the full data leak from Xtra-Interim.be, another Novation.be project with numerous SQL injection vulnerabilities. Our advice to Xtra-Interim: ask Novation for a full refund. And damages, if possible.

    Just a quick note: a little bird told us that the Belgian police's new stance is to advise victims not to pay, in the hope that we would eventually quit hacking Belgian websites if there was no money to be made out of it.

    In truth, we won't stop regardless of whether we get paid or not.

    It is just too damn fun.

    Rex Mundi


    id,langID,hiant_id,cv,tel,naam,email,busnr,huisnr,straat,postcode,voornaam,gemeente,paswoord,opmerking,

    rekeningnr,creationdate,nationaliteit,geboortedatum,geboorteplaats,preferred_jobs,

    burgerlijke_stand,rijksregisternummer

  • #belgacomhack this is why Belgacom was hacked in one pic

    hack Belgacom and have access to communications all over the world

    why hack hundreds of mobile companies if you need only one that has a passe-partout (masterkey)

    click to enlarge

    the only thing that was missing was the comprehension of BICS Belgacom that they were the keepers of the kingdom, the center of the Communication Networks and have to have a security that confirms the trust of all their international partners in their capability of securing the castle that is being stormed and attacked and penetrated every second

    bicsnetwork.PNG

  • Microsoft update is under repair (and things mess up) or needs some repair

    because there are some instances and incidents that are strange and they increase the pressure for Microsoft to re-secure (seeing updates before they are launched is not really secure because you could analyse the code if didn't have good intentions) and to make it more robust as it once was

    http://blog.norsecorp.com/2014/12/12/microsoft-issues-patch-to-fix-buggy-windows-root-certificate-patch/

  • #ukraine this is an example of the present tension in the Baltic-Nordic airspace

    trying to prevent collissions from civil aircraft with unidentified Russian military aircraft flying without transponders (sending signals to know what they are doing like the 9-11 terrorists did) and not responding to any demand for identification or information from the airtrafficcontrollers

    madness

    one day there will be a collission and what will happen than

     

  • #belgacomhack userpages of Belgacom users still infectable

    it means that there is not a good antivirus running on these servers so these servers can become infected

    source  scumware.org

    ps telenet has also a page infected like this

    but no, we shouldn't worry they don't need security-audits, they are safe, we should trust them without any independent oversight

  • #belgacomhack is belgacom still infected or not

    this is the wrong question

    it should reshape its securityculture as if they can be infected every day again and that every day when they discover attacks they should be sure that they go to the bottom of it

    they shouldn't take things for granted and should be

    * changing people from time to time so that they don't get used to the number of attacks

    * don't fall into the red traffic gap, it is also the green traffic that has to be looked at because it is not because it leaves the enterprises through accepted rules that it should have left the firm

    * get external people in from time to time to question everything

    * get other securitytools from time to time to re-analyse the traffic or a copy of it so you are sure that there is nothing that has passed your normal controls

    * get some paranoia as a basic part of your security culture, you will be attacked permanently and you will be infected, penetrated and maybe owned all the time over and over again - if they don't have that borderguard mentality they shouldn't be guarding the borders

    security is not having people with cv, it is not huge budgets for enormous expensive tools that show very impressive graphical securitymetrics

    security is finding that connection of that pc that looks normal to everybody except to the second auditor just going through the traffic for the 20th time with specific filters based on new information about infections and dangerous connections

  • #belgacomhack the source of the problem, the Belgacom mailserver was already known as a problem

    "In the summer 2012, system administrators detected errors within Belgacom’s systems. At the company’s offices on Lebeau Street in Brussels, a short walk from the European Parliament’s Belgian offices, employees of Belgacom’s BICS subsidiary complained about problems receiving emails. The email server had malfunctioned, but Belgacom’s technical team couldn’t work out why.

     

    The glitch was left unresolved until June 2013, when there was a sudden flare-up. After a Windows software update was sent to Belgacom’s email exchange server, the problems returned, worse than before. The administrators contacted Microsoft for help, questioning whether the new Windows update could be the reason for the fault. But Microsoft, too, struggled to identify exactly what was going wrong. There was still no solution to be found. (Microsoft declined to comment for this story.)
    https://firstlook.org/theintercept/2014/12/13/belgacom-hack-gchq-inside-story/

    we found that the mailserver was an open relayserver which made it possible for anybody to send mails to anybody with any domain without being the owner of it (and that probably could have been used by the internal hackers to send internal mails)

    and Belgacom found that normal ..... in march 2013

    http://belsec.skynetblogs.be/archive/2013/03/19/belgacom-be-has-a-totally-open-mailrelayserver-and-finds-tha.html

    the external mailserver was already several times blacklisted as spammer or was infected between 2008 and 2013 which makes it naturally a logical victims for attacks - as it seems that the security of the machine is not necessarily uptodate (wrong or not)

    so we were as surprised that this was maybe the digital beachhead of the penetration as we were when we were told that the NMBS used a year later the same insecure platform to place the data of one million clients it had hosted internal data a year before (and didn't bring it down afterwards)

  • #belgacomhack the securityquestion for Cisco to answer

    "The most serious discovery was that the large routers that form the very core of Belgacom’s international carrier networks, made by the American company Cisco, were also found to have been compromised and infected. The routers are one of the most closely guarded parts of the company’s infrastructure, because they handle large flows of sensitive private communications transiting through its networks.

     

    "Earlier Snowden leaks have shown how the NSA can compromise routers, such as those operated by Cisco; the agency can remotely hack them, or physically intercept and bug them before they are installed at a company. In the Belgacom case, it is not clear exactly which method was used by GCHQ—or whether there was any direct NSA assistance. (The NSA declined to comment for this story.)

     

    "Either way, the malware investigators at Belgacom never got a chance to study the routers. After the infection of the Cisco routers was found, the company issued an order that no one could tamper with them. Belgacom bosses insisted that only employees from Cisco could handle the routers, which caused unease among some of the investigators
    https://firstlook.org/theintercept/2014/12/13/belgacom-hack-gchq-inside-story/

    so CISCO you can now explain what you have done lately to make it impossible to do the same attacks again because if you don't than we can't be sure that every CISCO router can fall victim to the same attacks and than we have only two choices

    * install very strict securityrules and controls

    * change the routers to another firm that can guarantee this security and is not from China

  • #belgacomhack this is the most important desastrous fact for Microsoft

    "Before long, Fox-IT discovered strange files on Belgacom’s email server that appeared to be disguised as legitimate Microsoft software. The suspicious files had been enabling a highly sophisticated hacker to circumvent automatic Microsoft software updates of Belgacom’s systems in order to continue infiltrating the company’s systems.
    https://firstlook.org/theintercept/2014/12/13/belgacom-hack-gchq-inside-story/

    this has been one of the most discussed possible attacks in the securityworld since

    years and it was at the time giving the biggest scares at the thought that this would be possible

    imagine that you would be able to circumvate this update process or inject it with malware, the possibilities are enormous because this is the most trusted updatechannel ever having access to all systems everywhere on the world on whatever network - even the most secret

    the fact that they were able to do this and also falsify the Microsoft certificates poses enormous problems for Microsoft

    the question is not if they knew this or if they wanted to help the NSA through this backdoor (or some-one in their organisation without telling anybody else)

    the only question is what are they going to do to make it impossible that their updateprocess - which is of vital importance for the security of millions of computers and is the most efficient one in the world - is compromised again - even by an operation by the NSA

    trust is total or there is no trust, there is no partial trust, you trust something or not and if you can't trust the update process of Microsoft totally than you can't trust it and than than you will have to put securitycontrols in place and they will at one time or another intervene with the updateprocess (false positives)

    so Microsoft ?

  • #belgacomhack and De Standaard the good and the bad

    First we should honour the courage and persistance of De Standaard for several reasons

    * to give its journalists the possibility to research, read and understand what has happened

    * to contact the keepers of the Snowden cache of documents to get more documents about this operation

    * to publish a story on 4 pages about this particular hacking

    we are also very impressed that

    * they have understood that this is NOT a hacking operation but an espionage operation and it is important to understand this because this needs another framework of interpretation and analysis

    * they seem to have read a lot from this blog and have understood some of the points that we were and are making

    but

    * they seem to have misunderstood that with this Regin that was found at Belgacom the question of the certificates was also resolved. It were fake Microsoft certificates that signed the code as if it was from Microsoft. This also makes it necessary for Microsoft and others to think about some way to control those cerfiticates without any doubt

    * the Belgacompeople said at their securityevent that they were suprised that only so few data effectively left the company. It were very small textpackages. This is understandable if you understand that both operations were according to the Canadians and the British Official Operations (which means that there will have been given permission to look for certain specific information and nothing more and that everything should have been programmed like that). We also know that it was not Belgacom but the mobile network of BICS that was targeted and more particulary certain networks that was used by certain telephone numbers. (nowadays one would install the IMTS spy mobilecatchers that were discovered in Norway today) This means that only certain metadata was extracted. The possible repercussions for all the other instances and organisations is maybe limited but we also don't know what some services or representatives have been telling all those people since than. The fact that so few of their important customers are protesting is maybe a sign that they have been briefed or informed that this operation was linked to the tracking of terrorists and some other people.

    So that they have hacked the NATO and the European Union is a bit jumping to conclusions. As a legal spyoperation it could also have gone rogue this way and made some big problems for those involved and those who gave the permission.

    and as we have said, we have moved on from Snowden, the real question is not Snowden but how we can incorporate the european intelligence services in the five eyes operations as we have to prepare for the new cold war (that may become hotter during some local wars in Eastern Europe and the baltics)

    we don't have to wait too long to start those negotiations and to build a new extended framework for the democratic intelligence services to exchange information faster and more effectively with the necesary democratic oversight and the strict definition of rights and duties of those agencies.

    this important question should also have been asked

  • #belgacomhack the 5 eyes are one and not so easy to seperate

    source http://www.theguardian.com/uk-news/2013/aug/01/nsa-paid-gchq-spying-edward-snowden

    there is no question that the attacks on Belgacom and others came from the UK and more precise from the GCHQ bases

    but these bases although on UK territory are not necessarily totally under the control of the UK government because they are paid and led by also the NSA while people from the other partners are also working on these bases

    so the question is more complicated than at first sight

    the 5 allies after the second world war formed an intelligence alliance because they also discovered that the British and other intelligence agencies were deeply penetrated by Russian spies during the second world war (while they were concentrating on the nazis and saw the russians as allies) and needed the intelligence from the USA to help them keeping their secrets secret from the Russians which weren't the allies anymore but became the new enemies because they were occupying eastern europe and installing a strange form of people democracy

    so the real question is if the new europe can have a place in the new 6 eyes intelligence coalition ?

    In De Standaard they refer to the story about the spying on Merkel and the diplomatic row that followed but it now seems that the story is crap and that there are doubts about these specific documents so you can say that Di Rupo was only cautious because in Germany they are now embarrassed that they have made such a row with so little real evidence

  • #rexmundi announces third Belgian leak soon

    they won't pay even if the sum is stupidly low

    they won't pay because the police advises them not to pay

    but there will be a reason why Rexmundi keeps on hacking here and elsewhere

    because there are those who pay and we about which  we will never know about

    oh and about novation.be

  • from one #rexmundi to many .....

    or it is just a mindgame to make understanding it all much more difficult

    or it are different groups who are only using the same methods (and that doesn't need so much exercise and knowledge)

    but it is not up for me to say what is wrong and who is right

    by the way these hackers are only the result of a situation, they are not the cause of the problem

    the problem is that cybersecurity has been too lax in Belgium and as long as that is possible you will always have such attacks

    by a rex mundi or by somebody else

    for money or for espionage or for politics or just LOL

  • #ukraine Russian Santaclaus also hurrying to Mariupol to be in time for christmas

    joke of the day in a place where there is hardly any time to joke because there is nothing to joke about