Archive for January 31, 2017

TREASON CHARGES PRESSED AGAINST RUSSIAN CYBERSECURITY EXPERT

(pc-Google Images)
Manager of Russia’s biggest cybersecurity firm, Kaspersky; in charge of investigating hacking attacks has been arrested, the company has said.

Kaspersky Labs on Wednesday confirmed reports in Russia’s respected Kommersant newspaper that Ruslan Stoyanov, head of its computer incidents investigations unit, was arrested in December. Kommersant said Stoyanov was detained along with a senior Russian FSB intelligence officer under the charges of treason.

Kaspersky’s spokeswoman, Maria Shirokova, released a statement that Stoyanov’s arrest " has no association with Kaspersky Labs and its operations”. She said the company has no information of the charges Stoyanov faced, but added that the investigation dated back to the time before Stoyanov was hired by Kaspersky.

According to his LinkedIn page, Stoyanov’s previous jobs include a position at the cybercrime unit at the Russian interior ministry in the early 2000s.

US intelligence agencies have accused Russia of meddling in the presidential election through hacking to help Donald Trump win – claims that Russia has rejected. US and EU officials have also accused Russia of hacking other western institutions and voiced concern that Russia may try to alter this year’s election results in Germany, France and the Netherlands. It was not immediately clear if the arrests were linked to these allegations.

The FSB’s press office was not immediately available for comment. Kremlin spokesman Dmitry Peskov also declined to comment.

Andrei Soldatov, who has studied the internet and Russian security services for more than a decade, said the arrest of the Kaspersky manager was unprecedented.

“It destroys a system that has been 20 years in the making, the system of relations between intelligence agencies and companies like Kaspersky,” he told the Associated Press. “Intelligence agencies used to ask for Kaspersky’s advice, and this is how informal ties were built. This romance is clearly over.”

DELHI HACKERS ARRESTED FOR DUPING ONLINE VOUCHERS WORTH 92 LAKHS

(pc-Google Images)
Four young hackers have been arrested for allegedly digitally shoplifting vouchers worth Rs92 lakh by tampering with the data of e-commerce websites at the payment gateway stage. Two of them are BTech dropouts, one is pursuing engineering while the other is a BCA from Delhi University, police said.

Calling it the first such case reported from the national capital, DCP (south) Ishwar Singh said these hackers used the stolen vouchers at popular e-commerce sites such as MakeMyTrip, Flipkart, Amazon, Dominos Pizza, Myntra and Shoppers Stop, among others, said police.

To avoid tracking, the accused never stayed in any place for more than two days, but they spent their time putting up at five star hotels, flying by expensive flights and spending incessantly on their girlfriends. They would ‘show-off’ their lavish lifestyle and offer expensive laptops and mobile phones for dirt-cheap to their friends on social media.

To come across as well-off persons, the four would hire cars like Mercedes and BMW while travelling with their girlfriends, said the DCP on Wednesday. The three 18-year-old arrested youths, led by the alleged mastermind, Sunny Nehra, had allegedly undergone extensive training in hacking and had tied up with professional hackers in India, Netherlands and Indonesia to learn the tricks of the trade. Nehra, a BTech dropout student, had obtained an additional expertise in looking for vulnerabilities in online payment sites. A few months ago, one of his hacker friends informed him that PayU, a payment gateway, was suffering from vulnerability and could be tested for “data tampering”, said the DCP.

(pc-Google Images)
Explaining the modus operandi, Singh said, Nehra and his friends would first opt for a purchasing an e-voucher from the website. Using credit or debit cards obtained on fake documents, the hackers would enter the card details and make the payment using the PayU payment gateway.

Once the payment was being processed, one is generally led to a page that asks not to ‘refresh’, ‘cancel’ or ‘go back’ until the payment is through.

It is at this particular point that these hackers would press the cancel button to “freeze” the page. Using their hacking skills, they would change certain values before again proceeding with the payment.

VULNERABILITY RESEARCHER EARNS 32k AS REWARDS

(pc-Google Images)
For the second time in less than a year, researcher Mariusz Mlynski has been rewarded more than $30,000 through Google’s Chrome Rewards program.

Google on Wednesday released Chrome 56.0.02924.76 for Windows, Mac and Linux platforms, and Mlynski was acknowledged with finding and disclosing four high-severity vulnerabilities that were patched. The vulnerabilities earned Mlynski $32,337; last May, he pocketed $45,000 after finding a number of high-severity issues that were patched in the browser.

Mlynski has been an active browser vulnerability researcher, in particular at the annual Pwn2Own contest. In 2015, he used a cross-origin bug in Firefox to gain Windows admin privileges on a machine, earning himself $55,000; in 2014 he won another $50,000 with chaining together two Firefox flaws to gain privilege escalation on a Windows machine.

The latest version of Chrome includes patches for 51 vulnerabilities, seven of which that were rated high severity qualified for rewards. Google patched 14 high-severity bugs in total, with the remainder discovered internally.

Google is also expected to begin deprecating SHA-1 in this version of Chrome. In line with the other browser makers, Google said in November that it would remove support for SHA-1 certificates starting with Chrome 56; Microsoft and Mozilla have announced similar deprecation schedules through the next month.

SHA-1 has long been considered a weakened hashing algorithm and susceptible to collisions attacks. Experts are urging site owners and application developers to migrate to SHA-2 or other modern algorithms, but success on that front has been mixed.

KEYCARD SYSTEM; A NEW TARGET FOR RANSOMWARES

(pc-Google Images)
Recently, hundreds of guests of a luxurious hotel in Austria were locked from entering their rooms when a ransomware hit the hotel's IT system, and the hotel had no choice left except for paying the attackers.

Romantik Seehotel Jäegerwirt 4-Star Superior Hotel had confirmed that it paid €1,500 (£1,275/$1,600) in Bitcoin ransom to cybercriminals who managed to break into their network and hack their key card system that prevented its guests from entering or leaving their rooms.

Besides gaining control of the electronic key system, the hackers even gained control over the general computer system, shutting down all hotel computers, just for the fun of it. Once the hotel made the payment, the system was completely restored that allowed the hotel staff to gain access to the network and hotel guests to enter and exit their rooms.

Fortunately, the security standards of the hotel had been improved by its IT department, and critical networks had been separated to thwart the attack, giving attackers no chance to harm the hotel again. 

"The house was totally booked with 180 guests; we had no other choice. Neither police nor insurance helps you in this case. The restoration of our system after the first attack in summer has cost us several thousand Euros. We did not get any money from the insurance so far because none of those to blame could be found. Every euro that is paid to blackmailers hurts us. We know that other colleagues have been attacked, who have done similarly."

The Ransomware had stolen the nights of many businesses and organizations, as they would often be blamed to fight up to this nasty threat.

Austria’s top hotel keycard system hacked

Recently One of Europe' top hotel had to pay thousands in Bitcoin as ransom to cyber criminals in order to free hundreds of guest who were unable to enter in their hotel rooms because cyberhackers managed to hack their electronic key system.
Hotel managers at the Romantik Seehotel Jaegerwirt, a luxurious 4-star hotel with a beautiful lakeside setting on the Alpine Turracher Hoehe Pass in Austria were very furious with the incident and had decided to open up about the incident in public to warn others of the dangers of cybercrime. They wanted serious steps to be taken to curb such kind of activity in future. The hotel has modern IT system which included key cards for hotel doors like any other modern hotel in the industry.
Hotel staff confirmed that the hotel security system has been compromised three times, and the cyber criminals have managed to break system security three times in the past.Hackers used to take down an entire key system and the hotel guests were unable to get into their hotel rooms and new cards could not be programmed.
The latest cyber attack which happened on the opening weekend of the winter season was  so huge that it had shut down all hotel computers, including all the cash desk system and the reservation system.
The hackers demanded ransom of 1,500 EUR(1,272 GBP) in Bitcoin and promised to restore the system quickly if the demanded money was paid to them.
"The house was totally booked with 180 guests, we had no other choice. Neither police nor insurance helps you in this case.", Managing Director Christoph Brandstaetter said.
"The restoration of our system after the first attack in summer has cost us several thousand Euros. We did not get any money from the insurance so far because none of those to blame could be found."The manager said it was cheaper and faster for the hotel to just pay the Bitcoin.
Brandstaetter said: "Every euro that is paid to blackmailers hurts us. We know that other colleagues have been attacked, who have done similarly."
After the hackers received money, they unlocked the key registry system and all other computers, making all the systems run as normal again. But according to the hotel staff, the hackers left a back door open in the system and tried to attack the systems again.
After the third attack, the hotel administration replaced the computers and the latest security system was integrated into all the systems, and the previously vulnerable networks were decoupled.
The Seehotel Jaegerwirt, which has existed for 111 years, cybercriminals have decided to go traditional to keep away hackers from any kind of manipulation as Brandstaetter said: "We are planning at the next room refurbishment for old-fashioned door locks with real keys. Just like 111 years ago at the time of our great-grandfathers."Using cyber criminal activities is becoming increasingly commonplace, as tracing payments is much harder due to the way the cryptocurrency works.