No trust without independent control - Page 9

  • sony has again gone down the abyss of total compromise

    "The security break at Sony Pictures marks the second time that Sony Corporation had been targeted by hackers. In 2011, the online network for Sony's PlayStation game console was broken into, exposing names and credit card numbers for millions of customers. By the time damages from more than 50 class-action lawsuits had been paid, it's estimated that Sony spent more than $2 billion as a result of the breach.

    "Further disturbing is that thus far the studio's IT experts have been unable to reverse the attack and get the computer system back to normal. “The IT department has absolutely no idea what hit them or if they can recover any of their files or operating systems, or even turn on their computers Monday,” said the insider. http://www.thewrap.com/sony-execs-working-on-chalkboards-while-hackers-claim-stolen-data-includes-stars-ids-budget-and-contract-figures/

    and here you will find a good overview of what is lost (private keys, code, ID's, contracts,.....) and all other information you may need  inside the discussion https://www.reddit.com/r/hacking/comments/2n9zhv/i_used_to_work_for_sony_pictures_my_friend_still

  • sony hacking already a digital disaster because of massive downloads

    the numbers speak for themselves

    Fury is in the States in the theatres while annie still had to be released worldwide

    “Fury,” a war film that stars Brad Pitt and Shia LaBeouf, has reportedly been downloaded by over 1.2 million unique IP addresses, while “Annie” has been downloaded by an estimated 206,000 unique IP’s, according to the piracy-tracking firm Excipio.  http://conservativeblogscentral.com/archives/7389

    this is a disaster

    and proof that if you don't use anonimizing software your torrent traffic will be kept somewhere for some time

  • how to find anything online if you take your time and you know how

    there are 5 ways to find anything online

    first is Google  

      and than you have to make first a Google account so you can use the advanced search options

      if the data or some of the data has disappeared from Google you should use BING

      there are some operators "term"  you use to find any data in which there is only that term

       "mymailadres"  will give you everything with your emailadres in it

       than there is the period  (last week, last 24hours, last month) but you always will have to use it without time indicator because that indicator doesn't work that well - it is only interesting to find links that have a good time indicator

       you can also limit to a certain domain or site  site:.....

       another interesting is  filetype:txt for example of .cvs   or .pdf  or .whatever

    secondly there are torrents

       here you will have to search at torrent search sites because many links aren't in the searchengines anymore

       you will have to use several because there isn't a google for the torrents

    thirdly there are the online forums; IRC and usenet

        several of those forums are blocked off from Google and other search engines

        you have to be member to  be able to see the postings and in some cases you have to upload information that others like to have access to data yourself

        for this you probably will need another identity

        for USenet there are few interesting services that are free and for IRC you have really to be careful for viruses, for snoopers and that you have gone through several proxies because on pastebin you will find a whole lot of IRC logs with the full networkname of your identity.

    fourth there is twitter with links to download dumps

       so with the download file servers you will find thousands of files online on these servers

       and they are not necessary on Google or they make no sense (who knows that xhx.avi is the latest film for example)

       they are sometimes only on twitter links to such files so you will have to find the necessary twitter links

    Fifth there is TOR where you need to download the client and than to follow our guide to find or search for the files - many services are invite only

  • update : this blog is FORBIDDEN TO PUBLISH ANY information about online MENSURA DATA

    due to a complaint from the lawyers of Mensura we are not allowed to post specific links to the data

    we didn't even publish any direct links just how to find it and even than it was just a posting about using Google to find that data

    things anybody with a little bit of intelligence and internetknowledge can do

    well you have to learn it yourselfs because I am forbidden to write anything about how to find any particular set of data

    so people will continue to think that their data is not online anymore

    IT is still online

    I know how to find it but I can't write about it

    or this whole blog will disappear

    which is just what mensura wants

    to 'make believe' that the data is not online anymore

    and that I am not allowed to publish anything anymore

    nothing even not a hint

    but believe me that data is ONLINE

  • Sony lost 11 terra of data to hackers (11.000 GB) of which unreleased films

    "According to an approximation, 11,000 GB data was ripped off by the hackers and have warned if their demands are not met all this data would be released in the wild.

    A thread on Reddit provided information on what hackers could have stolen from the Sony pictures system. According to the thread, the data might contain passport and visa information for cast and crew working on Sony movies, Outlook inboxes, documents detailing the company’s IT systems plus accounting and research information- but all this is just a small part of this gigantic breach.
    http://hackread.com/hackers-leak-sony-movies-after-hack-attack/

    and this is not a joke

    http://thehackernews.com/2014/11/sony-pictures-movies-leaked.html

    and these are the five unreleased films that you will find on torrents

    how do you do that ?

    Get 11.000 GB of information past a firewall and security and logs and monitors and people who are supposed to look at those screens without anything or anybody seeing anything

    do you understand how MUCH information that is ?

    even with a normal trafficvolumemonitor (how much a connection, server or accounts transports normally) you would have seen that something is not right and an alert would have gone off (this is very efficient to leave videostreaming open but blocking downloads of movies)

    so we will have  new Sony movies and mailboxes of filmstars and pics of them and so on very soon.... except if they pay up (and they hardly have any choice don't they)

    • "Still Alice" starring Julianne Moore, Alec Baldwin – US release date: Jan 16, 2015

    • "Mr Turner" starring Timothy Spall. – US release date: Dec 19, 2014
    • "Annie" starring Jamie Foxx and Cameron Diaz. – US release date: Dec 19, 2014
    • "Fury" starring Brad Pitt – US release date: Oct 17, 2014
    • "To Write Love on Her Arms" – US release date: March 2015
    http://thehackernews.com/2014/11/sony-pictures-movies-leaked.html

    it is also astonishing that after the massive lulzsec breaches they weren't capable over the last 2 years to upgrade their security to an acceptable level which means that they didn't make any new big investments, didn't install new monitor rooms and didn't extend their staff and procedures

    it also means that they don't have any system of Data leakage prevention

    even stranger that it came from North Korea - how the hell do you accept an 11 terrabyte download to North Korea ?

    follow the information about this hack

    https://twitter.com/search?q=%23gop%20sony&src=typd

  • BND wants to keep security holes in SSL to itself to spy on you

    "Confidential plans seen by the SZ and broadcasters WDR and NDR show that the BND said it would spend €4.5 million to help it find security holes in the Secure Sockets Layer (SSL) protocol used by millions of web services to protect personal information. There is a lively grey market online among hackers and security researchers for "zero day" exploits, so called because they are undiscovered and internet users have had no time to prepare for them.

     

    But rather than fixing the security problems, the spies want to use them for surveillance.The programme to penetrate SSL, codenamed Nitidezza, would also target the HTTPS protocol which is the standard for many banks, online shops, webmail providers and social networks.

     

    “Holes in SSL need to be patched [fixed] because it is ubiquitous and everyone depends on it for their security," said Jim Killock of London-based digital rights NGO Open Rights Group."There is a real risk that failing to fix problems means criminal gangs will seek to obtain the same data using the same defects."
    http://www.thelocal.de/20141110/spies-hire-hackers-to-check-your-shopping

  • how the german intelligence agency BND can spy on its own citizens

    "Dr Stefan Burbaum, who worked at the BND from 2000 to 2005, said that some Germans were targeted as “office holders”, a legal loophole the spies used to circumvent the law that protects Germans citizens from being spied on by its own intelligence agency.

     

    Normally, the intelligence agencies must overcome high legal hurdles laid out in the so-called “G10 law” to spy on German citizens, including when they live abroad.Otherwise, information regarding German citizens has to be filtered out from any foreign communications intercepted by the BND.

     

    But the German spies argue that a citizen working for a foreign company abroad is only protected in his private life, not in his professional communications, Burbaum told the Bundestag inquiry committee into National Security Agency (NSA) mass spying."The office holder is the legal person," Burbaum said. "It's a small exception. But a German citizen can function as an office holder in a foreign organization."The decisive thing is whether he's communicating as a citizen or as an office holder."
    http://www.thelocal.de/20141128/bnd-spied-on-germans-living-abroad

    just get a bit legally creative

  • this is why the intelligence 5 eyes cooperation is so important (us-uk-nz-aust-canada)

    if you are one of the 5 eyes you are on so much more than any other partner

    https://edwardsnowden.com/2014/10/12/cno-core-secrets/

  • International Atomic Agency in Wenen a target of #Regin

    this is typical for a spy operation, always spies have in history get the positions and information of the other parties to the other negotatiors at the table. It was always seen as strategic information

    google translate of http://derstandard.at/2000008742912/Spionagesoftware-Regin-nahmAtomenergiebehoerde-in-Wien-ins-Visier

  • the Dutroux documentary (VTM) and the Dutroux files and the unprotected judicial files

    When you are watching the Dutroux Documentary on VTM you will see from time to time pictures that come from the judicial files that were used during the trial.

    first it is strange that pieces of a trail are used because I am sure if those files are public

    but secondly there is a reason for this and I know very well why there is a reason for it

    those pictures probably come from the DVDroms that the journalists received during the trial to make it more easy for them to follow the trial and to do their reporting

    only there was no protection on those DVDroms - not on how to access them (password) not on the files themselves (encryption eventually with timebomb)

    in other words these files of this trial where easily copied and distributed and if you knew how to strip away the source of the files than you could do that without any danger

    I have always found that enormously dangerously and even though there seems to be some law that makes it a crime to distribute these files they could be found in a newspaper or with any interested people or on the internet (part of it on wikileaks)

    and it is not that the parliament doesn't know because they have a copy of these DVDroms to show how dangerously it is that these kind of documents is distributed freely without any protection (especially if it isn't that hard or expensive to put impose those protections).

     

     

  • #regin two important things we are looking in now - while everybody is feeling secure

    this based upon analysis of the NSA documents and of information that was leaked during the Belgacom investigation

    * we are not sure that there is no more recent version of Regin than the one of 2008 - 2011 and we still have to be sure that the version 2013 was installed before or after discovery and what are the differences between them

    * we are not sure either that there is only a windows Regin and that there is no version or no files for the other OS - as you remember the NSA was talking in her slides about a virtual component that was placed on the harddisk BEFORE the OS whatever the OS and that also unix machines were attacked 

    there is no clear proof of both things but we are searching 

    so don't feel too safe now

    because that may have been the intention

    remember it is a spyoperation by spies for spies

  • #regin the md5 names of the files according to the phase of the attack and infection

    "Stage 1 files, 32 bit:

    06665b96e293b23acc80451abb413e50

    187044596bc1328efa0ed636d8aa4a5c

    1c024e599ac055312a4ab75b3950040a

    2c8b9d2885543d7ade3cae98225e263b

    4b6b86c7fec1c574706cecedf44abded

    6662c390b2bbbd291ec7987388fc75d7

    b269894f434657db2b15949641a67532

    b29ca4f22ae7b7b25f79c1d4a421139d

    b505d65721bb2453d5039a389113b566

    26297dc3cd0b688de3b846983c5385e5

    ba7bb65634ce1e30c1e5415be3d1db1d

    bfbe8c3ee78750c3a520480700e440f8

    d240f06e98c8d3e647cbf4d442d79475

    ffb0b9b5b610191051a7bdf0806e1e47

    Unusual stage 1 files apparently compiled from various public source codes merged with malicious code:

    01c2f321b6bfdb9473c079b0797567ba

    47d0e8f9d7a6429920329207a32ecc2e

    744c07e886497f7b68f6f7fe57b7ab54

    db405ad775ac887a337b02ea8b07fddc

    Stage 1, 64-bit system infection:

    bddf5afbea2d0eed77f2ad4e9a4f044d

    c053a0a3f1edcbbfc9b51bc640e808ce

    e63422e458afdfe111bd0b87c1e9772c

    Stage 2, 32 bit:

    18d4898d82fcb290dfed2a9f70d66833

    b9e4f9d32ce59e7c4daf6b237c330e25

    Stage 2, 64 bit:

    d446b1ed24dad48311f287f3c65aeb80

    Stage 3, 32 bit:

    8486ec3112e322f9f468bdea3005d7b5

    da03648948475b2d0e3e2345d7a9bbbb

    Stage 4, 32 bit:

    1e4076caa08e41a5befc52efd74819ea

    68297fde98e9c0c29cecc0ebf38bde95

    6cf5dc32e1f6959e7354e85101ec219a

    885dcd517faf9fac655b8da66315462d

    a1d727340158ec0af81a845abd3963c1

    Stage 4, 64 bit:

    de3547375fbf5f4cb4b14d53f413c503

    Note: Stages 2, 3, and 4 do not appear on infected machines

    http://www.spinics.net/lists/security/msg02793.html

  • #regin the samples are coming online but attention

    THis is one of the places where samples are being uploaded (I know several people (not me) have a sample of the BGC infection) 

    http://malwaretips.com/threads/regin-malware-34-samples.38054/

    https://malwr.com/analysis/OTlmYTk1MzA2NjE5NDIxYTgzMWQxOWNhODFmNmRmNDQ/

    Just to be sure that you understand what you are up to if you download this 

    * there is no clear definition of what a Regin package is, there are several different packages with different plugins and different timestamps so many antiviruses don't see it 

      this means that if you download it your securitydefenses may not discover it or some of the new or additional code and functions. You should therefore only place it in a sandbox and handle it on a nonconnected computer (don't use USB use a CDROM and throw it away or place it somewhere else (absolutely not safe)

    * it is not because it is called Regin that it is Regin 

    * some of the samples have personal information about their victims and their employees in the logfiles (if you are a legal expert you will have to destroy these files or inform the local police that you seem to have proof of an infection). 

    * As the discovery for the latest samples is quite low, antivirus firms will have to go hunting for real and imaginary Regin samples 

    * if you don't have the knowledge and tools to handle this atombomb of code, stay far away - you will have seen nothing like this

    In my view it is urgent for the big antivirus-securityfirms to set up a working group to collect all the different samples and information to get a whole picture and to be sure that all companies and networks have sufficient protections independent of their antivirus-securitytool. 

  • #regin was also targeted at Mobile telephone infrastructure

    this is much cheaper than installating rogue GSM receivers together with jammers that will block the official normal GSM receivers

    source Kaspersky

  • the list of telecommunication cables that are intercepted by GHCQ

    http://international.sueddeutsche.de/post/103543418200/snowden-leaks-how-vodafone-subsidiary-cable

  • #leak police website brabant wallon est is dumped

    not that there is much information

    it was because of an international operation against local police websites

    but the attackers seems amateurs

     http://pastebin.com/nBaVpsZV

  • suzuki.be hacked by Syrian opposition

  • #Regin Kaspersky publishes the Control Command centers and one is Belgian

    https://securelist.com/files/201 ... in_platform_eng.pdf

    important the snort rule against Regin  Snort Rules: 32621-32624 

    and the command and the control servers were ....... 

    C&C IPs:

    61.67.114.73 Taiwan, Province Of China Taichung Chwbn

    202.71.144.113 India Chetput Chennai Network Operations (team-m.co)

    203.199.89.80 India Thane Internet Service Provider

    194.183.237.145 Belgium Brussels Perceval S.a.

     

    why

    because that won't be found suspicous, going to India or Taiwan for traffic going out in Belgacom could have been found suspicous 

    remember this is a spy operation so all the classical techniques and reflexes by spies are used - even covering up your tracks ..... 

  • #regin half of the antivirus checkers don't find the 64bits Belgacom variant today

    this is the list 24/55 don't find the 64bits Belgacom Regin infection 

    AegisLab 20141125 Agnitum 20141124 Antiy-AVL 20141125 Avast 20141125 Avira 20141125 Baidu-International 20141125 Bkav 20141120 ByteHero 20141125 CMC 20141124 ClamAV 20141125 Cyren 20141125 DrWeb 20141125 ESET-NOD32 20141125 F-Prot 20141125 Fortinet 20141125 Jiangmin 20141124 Kingsoft 20141125 Malwarebytes 20141125 McAfee-GW-Edition 20141125 NANO-Antivirus 20141125 Panda 20141125 Qihoo-360 20141125 Rising 20141124 SUPERAntiSpyware 20141125 Tencent 20141125 TheHacker 20141124 TotalDefense 20141125 VBA32 20141125 ViRobot 20141125 Zillya 20141124 Zoner 20141125
    https://www.virustotal.com/en/file/4d6cebe37861ace885aa00046e2769b500084cc79750d2bf8c1e290a1c42aaff/analysis/

    this is also why it is interesting to write 64bits viruses, many antiviruses can't cope with them yet 

    so even if an upgrade to 64bits kills millions of 32bits viruses and secures access to your machine it makes it an absolute necessity to close your machine down, harden it and buy a really professional antivirus that works native in an 64bits environment 

  • #regin if you don't have any money for specialists look at FREEno ex Windows defender

    especially if you have found the following three or one of them 

    and don't forget the servers 

    and don't forget to go back into time

    http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Trojan%3AWinNT%2FRegin.A#tab=2

    http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWinNT%2FRegin.gen!B#tab=2

    http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan%3AWinNT%2FRegin.gen!C#tab=2

    http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin64%2FPrax.A

    http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%25253aWin64%25252fPrax.B&ThreatID=-2147285153&Search=true&SearchType=2#tab=2