Archive for March 29, 2017

Wikileaks dump second part of CIA dump

Wikileaks has recently published the codenamed Vault 7 containing details on the work of the Central Intelligence Agency (CIA). On March 23, they published the second part of documents, the dump is called "Dark matter".

The documents in "Dark matter" consists of several projects of the CIA, which have security services that can infect the Apple equipment (Mac, iPhone) with sustainable  Malware. This Malware can continue to remain in the firmware even after you reinstall the OS.

The first publication was known as "Year zero" (Year Zero), and it contained  8761 documents and files. Most of the documents belonged to an isolated, high-security network situated inside the CIA's Center for Cyber Intelligence in Langley, Virgina.

For security reasons, the tool was described such as the Sonic Screwdriver,  a method designed to execute code on a peripheral device, while Mac is loaded. With the help of this hackers can easily attack.

According to the documents, it shows that the CIA used modified adapters Thunderbolt-to-Ethernet to store malicious code. While, you can easily implant "DarkSeaSkies" in the EFI on the Apple MacBook Air and it contains some very useful tools like DarkMatter, SeaPea, and NightSkies, for EFI, for space of kernel and user.

After Wikileaks published the first part of the dump, the Apple representative assured that the bugs have been corrected, and the new version was already released and there is nothing to worry about now, but now the Apple is silent on the release of the second dump.

Malware spread in China through fake mobile base stations

Malware is being spread through text messages sent by fake mobile base stations deployed by Chinese phishing scum. The fake mobile base stations are helping in sending malware that might otherwise get caught by carriers.

According to a research note from Check Point, the android scumware doing the rounds is not new to China, but the fake base station is a new angle in the situation. The profanities in the code comments of the scumware have earned it the name of “The Swearing Trojan”, the authors of which are already under arrest.

(pc- Google Images)
The basic mode of infection is simple. The SMS sent from the base stations appear to be from China Telecom or China Unicom, offering a malicious URL endorsed by a customer’s operator. In another comment, Check Point said that a more conventional malware dropper was also seen in the infected applications of China’s Tencent.

The Trojan pushes phishing texts around carriers' controls and succeeds in extracting private information from the victim.

Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

The process is straightforward. The SMS application of the android is replaced by the Trojan, enabling it to steal message-based 2FA, for example bank tokens. The Trojan then spreads from the infected user to the victim’s contacts by sending phishing messages.

According to Check Point, the most common messages used by the Swearing Trojan include messages about work documents, photos/videos, app update notifications, and the never ending “nude celebrity” message.

The malware uses SMS to send information back to its generators rather than using the command and control servers. Although Tencent had reported arrests of people associated with the Trojan, there seem to be others associated with the campaign.

Farmers turning to hackers to hack their tractors

Farmers in America are increasingly hacking the firmware of their John Deere tractors in order to repair them,  Motherboard reports.

The reason behind this illegal activity is that John Deere has given license agreement to only Deere dealers and "authorized" shops can perform work on tractors.

That may seem fine at a glance -- John Deere built the tractor, so it knows the best way to fix it, right? That's just one part of it, though. According to the farmers, the company charges a heavy prize for its work, and most of the time technicians don't arrive in a hurry.

"If a farmer bought the tractor, he should be able to do whatever he wants with it," Kevin Kenney, a farmer and right-to-repair advocate in Nebraska. "You want to replace a transmission and you take it to an independent mechanic—he can put in the new transmission but the tractor can't drive out of the shop. Deere charges $230, plus $130 an hour for a technician to drive out and plug a connector into their USB port to authorize the part."

The legal license agreement specific didn't allow farmers to sue the company for any kind of "crop loss, lost profits, loss of goodwill, loss of use of equipment ... arising from the performance or non-performance of any aspect of the software."

Due to which farmers are turning to online hackers where they are giving them cracked versions of John Deere software that bypasses required authorization, which allow farmers to work on their own tractors.

Here is the full statement of John Deere:

Our number one priority is to design and manufacture safe equipment that provides value and performance for our customers, and software is a critical part of this. Software modifications increase the risk that equipment will not function as designed. As a result, allowing unqualified individuals to modify equipment software can endanger machine performance, in addition to Deere customers, dealers and others, resulting in equipment that no longer complies with industry and safety/environmental regulations.

This is why John Deere's relationship with the dealer channel is so important. Working with a John Deere dealer provides every customer access to trained technicians and expertise to assist with any service issues, whether in the shop or remotely in the field. Most of John Deere's late model equipment is equipped with technology that allows an operator to give a dealer remote access to help diagnose concerns real-time over a cellular connection (or satellite communications), which can alleviate the need for an on-site service call in the U.S.

When a customer buys John Deere equipment, he or she owns the equipment. As the owner, he or she has the ability to maintain and repair the equipment. The customer also has the ability through operator and service manuals and other resources to enable operational, maintenance, service and diagnostics activities to repair and maintain equipment. John Deere technical, diagnostic, parts and operator manuals are available and easily accessible to the general public.

Apple being blackmailed by hackers: iPhone accounts under threat of deletion

(pc-Google Images)
With recent threats from hackers of attacking all iPhone accounts, Apple users are under a grey cloud.
The blackmailers demanded that the US-based Technology Corporation pay them $75 million in cryptocurrency by 7th April 2017 to avoid the cyber-attack.

Cryptocurrency is a digital currency in which encryption techniques are used to regulate the generation of units of currency and verify the transfer of funds, operating independently of a central bank.

Solicitors handling the case are demanding that the US Corporation should pay the blackmailers rather than risk the situation.

According to reports, the email accounts under direct threat amount to 300 million, including the domain @icloud and @me. The hackers who are claiming to have gained access to user data, go by the name of The Turkish Crime Family.

As per the current situation, the condition under which the cyberattack could be avoided is the payment of the stipulated amount in the form of a Bitcoin or Ethereum. There might be a possibility of Apple arranging for iTunes gift cards amounting to $100 thousand for the blackmailers.

In a statement to the media, Apple executives said that “Apple doesn’t want to reward criminals for breaking the law”. The American Tech Giant has refused to comply with the perpetuators.

This wasn’t the first time that hackers have tried to get in touch with Apple. According to a media report the hackers had tried to gain access into the official section of the corporation by offering the employees 20,000 euros each, in exchange for their corporate logins and passwords. This incident was reported in February 2016.

This was their attempt to gain access into the closed information section of the technology corporation.

Money stolen from Australian banks by Armenian-Russian group

A criminal group of  Armenian and Russian citizens stole 85 million drams from clients account of Australian banks with the help of computer technology from August to December 2016.

On March 20, the national security Service of Armenia neutralized the criminal group.

"As a result of an extensive investigation and intelligence tracking measures the facts of grand larceny committed by citizens of Armenia and Russia with use the computer equipment were exposed. These measures were done in the framework of the criminal case which is investigating by Department of the national security Service of Armenia " — said the press service of NSC.

According to preliminary data, the members of the group were registered in Armenia 3  trade organization under the trumped-up pretext for the implementation of hotel and restaurant activities. Then they acquired a cash register with a terminal, allowing them to carry out the non-cash transaction by entering card data without any cardholder and the bank card details.

 It clarifies that the purpose of theft in a large scale by using the said cash register with the terminal member of the criminal group, which is in Russia, sent accomplices of the Armenian banking cards data is issued in the name of a number of Australian citizens - 16-digit numbers, information on the period of validity cards and passwords.

The group members from Armenia placed SIM card in the cash register with terminal and the Russian members sent data of clients in Australians bank cards: 16-digit number, information about expiring cards and passwords to members from Armenia.

"Thus, from August to December 2016 the members of the criminal group stolen about 85 million drams ($177 thousand) from the account numbers of Australian banks customers. As a result of extensive investigation and intelligence tracking measures carried out by national security Council of Armenia, the criminal group identified and neutralized", — told in the message of the NSC of Armenia.

The investigation is still going on. However, five persons have been charged, while three of them were arrested.