sony has again gone down the abyss of total compromise

"The security break at Sony Pictures marks the second time that Sony Corporation had been targeted by hackers. In 2011, the online network for Sony's PlayStation game console was broken into, exposing names and credit card numbers for millions of customers. By the time damages from more than 50 class-action lawsuits had been paid, it's estimated that Sony spent more than $2 billion as a result of the breach.

"Further disturbing is that thus far the studio's IT experts have been unable to reverse the attack and get the computer system back to normal. “The IT department has absolutely no idea what hit them or if they can recover any of their files or operating systems, or even turn on their computers Monday,” said the insider. http://www.thewrap.com/sony-execs-working-on-chalkboards-while-hackers-claim-stolen-data-includes-stars-ids-budget-and-contract-figures/

and here you will find a good overview of what is lost (private keys, code, ID's, contracts,.....) and all other information you may need  inside the discussion https://www.reddit.com/r/hacking/comments/2n9zhv/i_used_t...

Permalink | |  Print |  Facebook | | | | Pin it! |

sony hacking already a digital disaster because of massive downloads

the numbers speak for themselves

Fury is in the States in the theatres while annie still had to be released worldwide

“Fury,” a war film that stars Brad Pitt and Shia LaBeouf, has reportedly been downloaded by over 1.2 million unique IP addresses, while “Annie” has been downloaded by an estimated 206,000 unique IP’s, according to the piracy-tracking firm Excipio.  http://conservativeblogscentral.com/archives/7389

this is a disaster

and proof that if you don't use anonimizing software your torrent traffic will be kept somewhere for some time

Permalink | |  Print |  Facebook | | | | Pin it! |

how to find anything online if you take your time and you know how

there are 5 ways to find anything online

first is Google  

  and than you have to make first a Google account so you can use the advanced search options

  if the data or some of the data has disappeared from Google you should use BING

  there are some operators "term"  you use to find any data in which there is only that term

   "mymailadres"  will give you everything with your emailadres in it

   than there is the period  (last week, last 24hours, last month) but you always will have to use it without time indicator because that indicator doesn't work that well - it is only interesting to find links that have a good time indicator

   you can also limit to a certain domain or site  site:.....

   another interesting is  filetype:txt for example of .cvs   or .pdf  or .whatever

secondly there are torrents

   here you will have to search at torrent search sites because many links aren't in the searchengines anymore

   you will have to use several because there isn't a google for the torrents

thirdly there are the online forums; IRC and usenet

    several of those forums are blocked off from Google and other search engines

    you have to be member to  be able to see the postings and in some cases you have to upload information that others like to have access to data yourself

    for this you probably will need another identity

    for USenet there are few interesting services that are free and for IRC you have really to be careful for viruses, for snoopers and that you have gone through several proxies because on pastebin you will find a whole lot of IRC logs with the full networkname of your identity.

fourth there is twitter with links to download dumps

   so with the download file servers you will find thousands of files online on these servers

   and they are not necessary on Google or they make no sense (who knows that xhx.avi is the latest film for example)

   they are sometimes only on twitter links to such files so you will have to find the necessary twitter links

Fifth there is TOR where you need to download the client and than to follow our guide to find or search for the files - many services are invite only

Permalink | |  Print |  Facebook | | | | Pin it! |

update : this blog is FORBIDDEN TO PUBLISH ANY information about online MENSURA DATA

due to a complaint from the lawyers of Mensura we are not allowed to post specific links to the data

we didn't even publish any direct links just how to find it and even than it was just a posting about using Google to find that data

things anybody with a little bit of intelligence and internetknowledge can do

well you have to learn it yourselfs because I am forbidden to write anything about how to find any particular set of data

so people will continue to think that their data is not online anymore

IT is still online

I know how to find it but I can't write about it

or this whole blog will disappear

which is just what mensura wants

to 'make believe' that the data is not online anymore

and that I am not allowed to publish anything anymore

nothing even not a hint

but believe me that data is ONLINE

Permalink | |  Print |  Facebook | | | | Pin it! |

Sony lost 11 terra of data to hackers (11.000 GB) of which unreleased films

"According to an approximation, 11,000 GB data was ripped off by the hackers and have warned if their demands are not met all this data would be released in the wild.

A thread on Reddit provided information on what hackers could have stolen from the Sony pictures system. According to the thread, the data might contain passport and visa information for cast and crew working on Sony movies, Outlook inboxes, documents detailing the company’s IT systems plus accounting and research information- but all this is just a small part of this gigantic breach.

and this is not a joke


and these are the five unreleased films that you will find on torrents

how do you do that ?

Get 11.000 GB of information past a firewall and security and logs and monitors and people who are supposed to look at those screens without anything or anybody seeing anything

do you understand how MUCH information that is ?

even with a normal trafficvolumemonitor (how much a connection, server or accounts transports normally) you would have seen that something is not right and an alert would have gone off (this is very efficient to leave videostreaming open but blocking downloads of movies)

so we will have  new Sony movies and mailboxes of filmstars and pics of them and so on very soon.... except if they pay up (and they hardly have any choice don't they)

  • "Still Alice" starring Julianne Moore, Alec Baldwin – US release date: Jan 16, 2015

  • "Mr Turner" starring Timothy Spall. – US release date: Dec 19, 2014
  • "Annie" starring Jamie Foxx and Cameron Diaz. – US release date: Dec 19, 2014
  • "Fury" starring Brad Pitt – US release date: Oct 17, 2014
  • "To Write Love on Her Arms" – US release date: March 2015

it is also astonishing that after the massive lulzsec breaches they weren't capable over the last 2 years to upgrade their security to an acceptable level which means that they didn't make any new big investments, didn't install new monitor rooms and didn't extend their staff and procedures

it also means that they don't have any system of Data leakage prevention

even stranger that it came from North Korea - how the hell do you accept an 11 terrabyte download to North Korea ?

follow the information about this hack


Permalink | |  Print |  Facebook | | | | Pin it! |


BND wants to keep security holes in SSL to itself to spy on you

"Confidential plans seen by the SZ and broadcasters WDR and NDR show that the BND said it would spend €4.5 million to help it find security holes in the Secure Sockets Layer (SSL) protocol used by millions of web services to protect personal information. There is a lively grey market online among hackers and security researchers for "zero day" exploits, so called because they are undiscovered and internet users have had no time to prepare for them.


But rather than fixing the security problems, the spies want to use them for surveillance.The programme to penetrate SSL, codenamed Nitidezza, would also target the HTTPS protocol which is the standard for many banks, online shops, webmail providers and social networks.


“Holes in SSL need to be patched [fixed] because it is ubiquitous and everyone depends on it for their security," said Jim Killock of London-based digital rights NGO Open Rights Group."There is a real risk that failing to fix problems means criminal gangs will seek to obtain the same data using the same defects."

Permalink | |  Print |  Facebook | | | | Pin it! |

how the german intelligence agency BND can spy on its own citizens

"Dr Stefan Burbaum, who worked at the BND from 2000 to 2005, said that some Germans were targeted as “office holders”, a legal loophole the spies used to circumvent the law that protects Germans citizens from being spied on by its own intelligence agency.


Normally, the intelligence agencies must overcome high legal hurdles laid out in the so-called “G10 law” to spy on German citizens, including when they live abroad.Otherwise, information regarding German citizens has to be filtered out from any foreign communications intercepted by the BND.


But the German spies argue that a citizen working for a foreign company abroad is only protected in his private life, not in his professional communications, Burbaum told the Bundestag inquiry committee into National Security Agency (NSA) mass spying."The office holder is the legal person," Burbaum said. "It's a small exception. But a German citizen can function as an office holder in a foreign organization."The decisive thing is whether he's communicating as a citizen or as an office holder."

just get a bit legally creative

Permalink | |  Print |  Facebook | | | | Pin it! |

this is why the intelligence 5 eyes cooperation is so important (us-uk-nz-aust-canada)

if you are one of the 5 eyes you are on so much more than any other partner


Permalink | |  Print |  Facebook | | | | Pin it! |

International Atomic Agency in Wenen a target of #Regin

this is typical for a spy operation, always spies have in history get the positions and information of the other parties to the other negotatiors at the table. It was always seen as strategic information

google translate of http://derstandard.at/2000008742912/Spionagesoftware-Regin-nahmAtomenergiebehoerde-in-Wien-ins-Visier

Permalink | |  Print |  Facebook | | | | Pin it! |

the Dutroux documentary (VTM) and the Dutroux files and the unprotected judicial files

When you are watching the Dutroux Documentary on VTM you will see from time to time pictures that come from the judicial files that were used during the trial.

first it is strange that pieces of a trail are used because I am sure if those files are public

but secondly there is a reason for this and I know very well why there is a reason for it

those pictures probably come from the DVDroms that the journalists received during the trial to make it more easy for them to follow the trial and to do their reporting

only there was no protection on those DVDroms - not on how to access them (password) not on the files themselves (encryption eventually with timebomb)

in other words these files of this trial where easily copied and distributed and if you knew how to strip away the source of the files than you could do that without any danger

I have always found that enormously dangerously and even though there seems to be some law that makes it a crime to distribute these files they could be found in a newspaper or with any interested people or on the internet (part of it on wikileaks)

and it is not that the parliament doesn't know because they have a copy of these DVDroms to show how dangerously it is that these kind of documents is distributed freely without any protection (especially if it isn't that hard or expensive to put impose those protections).



Permalink | |  Print |  Facebook | | | | Pin it! |


#regin two important things we are looking in now - while everybody is feeling secure

this based upon analysis of the NSA documents and of information that was leaked during the Belgacom investigation

* we are not sure that there is no more recent version of Regin than the one of 2008 - 2011 and we still have to be sure that the version 2013 was installed before or after discovery and what are the differences between them

* we are not sure either that there is only a windows Regin and that there is no version or no files for the other OS - as you remember the NSA was talking in her slides about a virtual component that was placed on the harddisk BEFORE the OS whatever the OS and that also unix machines were attacked 

there is no clear proof of both things but we are searching 

so don't feel too safe now

because that may have been the intention

remember it is a spyoperation by spies for spies

Permalink | |  Print |  Facebook | | | | Pin it! |

#regin the md5 names of the files according to the phase of the attack and infection

"Stage 1 files, 32 bit:















Unusual stage 1 files apparently compiled from various public source codes merged with malicious code:





Stage 1, 64-bit system infection:




Stage 2, 32 bit:



Stage 2, 64 bit:


Stage 3, 32 bit:



Stage 4, 32 bit:






Stage 4, 64 bit:


Note: Stages 2, 3, and 4 do not appear on infected machines


Permalink | |  Print |  Facebook | | | | Pin it! |

#regin the samples are coming online but attention

THis is one of the places where samples are being uploaded (I know several people (not me) have a sample of the BGC infection) 



Just to be sure that you understand what you are up to if you download this 

* there is no clear definition of what a Regin package is, there are several different packages with different plugins and different timestamps so many antiviruses don't see it 

  this means that if you download it your securitydefenses may not discover it or some of the new or additional code and functions. You should therefore only place it in a sandbox and handle it on a nonconnected computer (don't use USB use a CDROM and throw it away or place it somewhere else (absolutely not safe)

* it is not because it is called Regin that it is Regin 

* some of the samples have personal information about their victims and their employees in the logfiles (if you are a legal expert you will have to destroy these files or inform the local police that you seem to have proof of an infection). 

* As the discovery for the latest samples is quite low, antivirus firms will have to go hunting for real and imaginary Regin samples 

* if you don't have the knowledge and tools to handle this atombomb of code, stay far away - you will have seen nothing like this

In my view it is urgent for the big antivirus-securityfirms to set up a working group to collect all the different samples and information to get a whole picture and to be sure that all companies and networks have sufficient protections independent of their antivirus-securitytool. 

Permalink | |  Print |  Facebook | | | | Pin it! |

#regin was also targeted at Mobile telephone infrastructure

this is much cheaper than installating rogue GSM receivers together with jammers that will block the official normal GSM receivers

source Kaspersky

Permalink | |  Print |  Facebook | | | | Pin it! |


the list of telecommunication cables that are intercepted by GHCQ


Permalink | |  Print |  Facebook | | | | Pin it! |

#leak police website brabant wallon est is dumped

not that there is much information

it was because of an international operation against local police websites

but the attackers seems amateurs


Permalink | |  Print |  Facebook | | | | Pin it! |

suzuki.be hacked by Syrian opposition

Permalink | |  Print |  Facebook | | | | Pin it! |

#Regin Kaspersky publishes the Control Command centers and one is Belgian

https://securelist.com/files/201 ... in_platform_eng.pdf

important the snort rule against Regin  Snort Rules: 32621-32624 

and the command and the control servers were ....... 

C&C IPs: Taiwan, Province Of China Taichung Chwbn India Chetput Chennai Network Operations (team-m.co) India Thane Internet Service Provider Belgium Brussels Perceval S.a.



because that won't be found suspicous, going to India or Taiwan for traffic going out in Belgacom could have been found suspicous 

remember this is a spy operation so all the classical techniques and reflexes by spies are used - even covering up your tracks ..... 

Permalink | |  Print |  Facebook | | | | Pin it! |

#regin half of the antivirus checkers don't find the 64bits Belgacom variant today

this is the list 24/55 don't find the 64bits Belgacom Regin infection 

AegisLab 20141125 Agnitum 20141124 Antiy-AVL 20141125 Avast 20141125 Avira 20141125 Baidu-International 20141125 Bkav 20141120 ByteHero 20141125 CMC 20141124 ClamAV 20141125 Cyren 20141125 DrWeb 20141125 ESET-NOD32 20141125 F-Prot 20141125 Fortinet 20141125 Jiangmin 20141124 Kingsoft 20141125 Malwarebytes 20141125 McAfee-GW-Edition 20141125 NANO-Antivirus 20141125 Panda 20141125 Qihoo-360 20141125 Rising 20141124 SUPERAntiSpyware 20141125 Tencent 20141125 TheHacker 20141124 TotalDefense 20141125 VBA32 20141125 ViRobot 20141125 Zillya 20141124 Zoner 20141125

this is also why it is interesting to write 64bits viruses, many antiviruses can't cope with them yet 

so even if an upgrade to 64bits kills millions of 32bits viruses and secures access to your machine it makes it an absolute necessity to close your machine down, harden it and buy a really professional antivirus that works native in an 64bits environment 

Permalink | |  Print |  Facebook | | | | Pin it! |

#regin if you don't have any money for specialists look at FREEno ex Windows defender

especially if you have found the following three or one of them 

and don't forget the servers 

and don't forget to go back into time







Permalink | |  Print |  Facebook | | | | Pin it! |