Archive for October 30, 2015

High School Teen claims he hacked CIA Director’s personal account

An American high school student says he hacked the personal email account of Central Intelligence Agency’s (CIA’s) Director, John Brennan. That’s what the law enforcement sources have also confirmed.

Brennan’s private account held sensitive files, including his 47-page application of SF-86 that Brennan had filled to obtain top-secret security clearance; until he recently learned that it had been infiltrated.

The applications are used by the government to conduct background check. They contain a lot of sensitive data about workers seeking security clearance, about their friends, spouses and other family members. They also include criminal history, psychological records and information about past drug use as well as potentially sensitive information about the applicant’s interactions with foreign nationals which can be used against those nationals in their own country.

The hacker said the director had the information stored on his personal AOL account which reportedly had social security numbers of more than a dozen American senior intelligence officials. Moreover, it also consisted of a document on ‘harsh interrogation techniques’ on terrorism suspects.

The high school kid who had hacked into Brennan’s account has not given his name or location where he lives but according to social media information, he said he was motivated to go after the CIA director’s because he is opposed to US foreign policy and supports Palestine. Even though he says he is not Muslim, his twitter page reportedly uses quotes from Quran and about Allah being the one true God.

He also mentions that he and his classmate will be tweeting “CWA owns John Brennan of the CIA” as a means of verifying his control over the @phphax Twitter account.

CWA stood for “Crackas with Attitude”.

Not only did he break in the account of Brennan but also posted some of the stolen documents and a portion of Brennan’s contact list on Twitter.

The teen claimed he has repeatedly prank-called America’s top spy since August, once reciting Brennan’s Social Security number to him.

The teen told New York post first that he used the tactic called ‘Social engineering’ to hack the account. He posed as a Verizon worker to trick another employee into hacking CIA director general’s personal information and getting duped AOL into resetting his password.

The hacker did not work alone but other unknown people were also involved with him in this work. Their team first did a reverse lookup of Brennan’s mobile number to discover that he was a Verizon customer after which one of them posed as a Verizon technician and called the company asking for details about Brennan’s account.

Brennan’s account was disabled as of Friday.

In a statement, the CIA said: “We are aware of the reports that have surfaced on social media and have referred the matter to the appropriate authorities.”

The Law enforcement agency, Federal Bureau of Investigation (FBI) and other federal agencies have started investigating about the hacker. There is a possibility that criminal charges are put on him.

Apart from Brennan’s account, the hackers also broke into the Comcast account of Homeland Security Secretary, Jeh Johnson.

The news of the breach comes in the midst of another email scandal involving Hillary Clinton who has been under fire for months over a private server and email account she maintained to do official work.

If the director of the CIA had kept a secret database of information on his personal account, it is a violation of the federal law of U S that requires people who have possession of top secret information to keep it only in a secure government venue. Breaking the law is a felony.

A suspect of TalkTalk attack releases on bail

A BBC report says that a 15-year-old year boy, who was arrested in connection with the TalkTalk, a phone and broadband provider, attack in which banking details and personal information could have been accessed, has been released on bail.

The boy had been "bailed to a date in November", the report says.

The boy was arrested in Northern Ireland on suspicion of Computer Misuse Act offences. The Metropolitan Police said he was taken into custody at a County Antrim police station and was being questioned by detectives from the Police Service of Northern Ireland.

The company, which has over four million UK customers, informed that Metropolitan Police Cyber Crime Unit, Police Service of Northern Ireland Cyber Crime Centre and National Crime Agency have been investigating the significant and sustained cyber-attack on the its website.

But credit and debit card numbers had not been stolen, it said.

“News that the TalkTalk website had been hit by a "significant and sustained cyber-attack" broke last week,” the news report read.

Cyber security consultant and former Scotland Yard detective Adrian Culley told BBC Radio that a Russian Islamist group had posted online to claim responsibility for the attacks.

“He said hackers claiming to be a cyber-jihadi group had posted data which appeared to be TalkTalk customers' private information - although he stressed their claim was yet to be verified or investigated,” the report adds.

Dido Harding, chief executive of the TalkTalk group, told BBC News the authorities were investigating and she could not comment on the claims.

Duuzer attacks South Korea that helps to steals data

Symantec, a security firm, has found out that the South Korea has been targeted by an active back door Trojan, dubbed as Backdoor.Duuzer that provides an attacker remote access to the compromised computer, downloads additional files, and steals data.

Researchers from Symantec posted in its blog stating that Duuzer was especially focused on the South Korean manufacturing industry.

It is designed to work on both 32-bit and 64-bit computers. If Duuzer finds the infected computer is a virtual machine that was made using Virtual Box or VMWare, then it stops executing. It allows Duuzer to attempt to evade detection from security researchers who are running virtual machines that are designed to be compromised with malware for analysis.

Once Duuzer infects a computer, it opens a back door, giving the attackers access to almost everything. The attackers can get access to gather system and drive information, create, enumerate, and end processes, access, modify, and delete files, upload and download files, change the time attributes of files and execute commands.

“Based on our analysis of Duuzer, the attackers behind the threat appear to be experienced and have knowledge about security researchers’ analysis techniques. Their motivation seems to be obtaining valuable information from their targets’ computers,” the researchers wrote in the blog. There is also evidence to suggest that the actors behind Duuzer are spreading two other threats, detected as W32.Brambul and Backdoor.Joanap, to target more organizations in South Korea.”

The researcher said that the detected malwares Brambul and Joanap used to download extra payloads and carry out reconnaissance on infected computers. Although, the exact distribution method is still unknown, it is likely that the malware is spreading through spear-phishing emails or watering-hole attacks.

According to the researchers, Duuzer, Brambul, and Joanap are just a small selection of many threats affecting South Korea. The nation has been impacted in high-profile, targeted campaigns over the last few years.

In order to protect, Symantec recommends that users and businesses to change default user names and passwords and not to use common or easy-to-guess passwords, regularly update the operating system and software, don’t open suspicious emails.

French researchers claim fraudsters stole $680,000 Via MitM attack on EMV cards

A French researcher member solved a four-year-old case in which fraudsters stole nearly $680,000 through a man-in-the-middle (MitM) attack, which designs to prevent the PIN verification message from getting to the card in the second phase of the transaction, on Europay Master Visa Cards (EMV) that is known as chip-and-PIN cards is regarded as more secure than the magnetic stripe technology that the country’s banks have been using.

However, the researchers said that such attacks were no longer possible because of the invention of a new authentication mode dubbed “Combined Data Authentication” or CDA, and a series of network-level protections.

According to a blog post by Security Week on October 20, in 2010, researchers at the University of Cambridge in the United Kingdom discovered a flaw that allowed criminals to use stolen chip-and-PIN cards without knowing their PIN.

During that time, researchers noted that it would not be difficult for criminals to miniaturize the MitM device that needed to be attached to the card.

However, next year a French banking group learned that a dozen EMV cards, which were stolen in France, had been used in Belgium. Since conducting fraudulent transactions using EMV cards should have been impossible, an investigation was launched.

“Comparing the time and geographical location of the fraudulent transactions to the International Mobile Subscriber Identity (IMSI) numbers of SIM cards present near the crime scenes led investigators to a 25-year-old woman. Authorities later arrested other members of the gang, including the engineer who created the fake chip-and-PIN cards,” the blog post added.

It is said that roughly €600,000 ($680,000) have stolen by conducting 7,000 transactions using 40 modified cards.

In a research paper published by the French researchers, they regarded it as the most sophisticated smart card fraud encountered to date and during which two chips were used, which the crooks placed on top of each other, to conduct the attack.

“The first chip was clipped from a genuine stolen card, while the second, which acted as the MitM device tasked with ensuring that the card would accept the PIN regardless of the PIN that was entered, was a FUN card, an open card used by hobbyists and for prototypes,” the post added.

Another cyber attack, Fin5 hacking group steals 150000 credit cards !

An un-named casino has lost 150,000 credit cards in a cyber attack. The group responsible behind it- Fin5, a new hacking group that hacked the payment systems of the casino. 

 Researchers Emmanuel Jean-Georges and Barry Vengerik of Mandiant and FireEye uncovered the group.

The casino that had no security, even lacked the basic firewall around its payment platforms. It also didn’t had a proper logging.

(pc-google images)
Fin5  is linked to numerous payment card breaches including Goodwill. According to Emmanuel Jean-Georges, Fin5 has caused a breach in 12 firms. It is expected that even 6 more firms would have been affected by this group. “It was a very flat network, single domain, with very limited access controls for access to payment systems,” Emmanuel told the Cyber Defence Summit in Washington, DC.

Barry Vengerik  explained that the attackers have targeted at least two payment systems and the un-named casino is one of them.

In the specific attack against the Casino, the experts discovered that the Fin5 gang used a backdoor codenamed Tornhull and a VPN dubbed Flipside to maintain the control over the compromised system. 
Fin5 also has a tool called GET2 Penetrator, which is a scanning tool that searches for remote login and hard-coded credentials, and a free tool called EssentialNet that is used to scan the target network.