Posts tagged hackers

LulzSec Hacker Delivered DefCon Manifesto in 2004

Mar 8th

Posted by Dr. Jones in Crime

I was reading more about Jeremy Hammond, the hacker caught up in the Stratfor hack and realized I saw his scrawny ass give his manifesto screen to the DefCon crowd to boos and hisses in 2004. Many security gurus laughed saying he had seen “Fight Club” way too many times.

His photo doesn’t show that this weasel is 5’6″ but when I saw him, he had the audacity to deliver a speech wearing a bandana around his face.

From FoxNews here:

A top hacker with LulzSec is a committed anarchist who mocked the 9/11 attacks, spoke of burning down the White House and ridiculed pacifist protesters for not using violence to achieve their means, FoxNews.com has learned.

Jeremy Hammond, whose online handles “Anarchaos” and “crediblethreat” and “tylerknowsthis” underscored his virulent anti-government beliefs, was arrested up Tuesday in Chicago as part of an international sweep netting top members of the hacker group LulzSec and its affiliates. The 27-year-old is a self-styled anarchist. He took credit for the massive attack on the global intelligence company Stratfor and even embraced being branded a “terrorist” in a speech at a 2004 hacker convention caught on video.

“One man’s freedom fighter is another man’s terrorist,” Hammond told the audience at the annual DefCon hackers conference in Las Vegas 2004. “So let them call us terrorists,” he added moments later. “I’ll still bomb their buildings.”

I remember being in the audience at that DefCon. I was with the DHS NCSD at the time, and when this guy spoke other hackers hissed him, and taunted him that he wasn’t in “Fight Club,” and I remember one FAA guy vow to put this twat on a watch list. I guess he stayed on that watch list according to the story. In and out of jail for years now, this anarchist and assured Occupy member is going back to the poke.


Like This Post? Rate it and tell your friends! Click the Share button below.

EchHmphHehAlright!Yowza!ZOMG!!1 (1 votes, average: 6.00 out of 6)
Loading ... Loading ...
, ,
Sabuduckface

Sabu Snitched, Anonymous Rounded Up

Mar 7th

Posted by Dr. Jones in Crime

Sabu, aka Hector Xavier Monsegur, has been outed by the FBI as a notorious snitch and former leader of Lulzsec. While he was busy helping the Feds round up his former cohorts who attacked HBGary Federal and other security companies, he lawyered up and copped a plea to avoid jail time.

EncyclopediaDramatica taunts this leftist script kiddie saying:

Sabu would hunt down XSS vulnerabilities in comment fields, so his fellow anons could redirect their enemies to porn and give “hacked by XxAnonymousLegionxX” popups via alert(). Eventually, Sabu’s stance within the Anonymous borg gave him the impression that he could finally do something with his life by founding “notorious troll-hacker group” LulzSec.

Sabu exchanged the dox of Topiary and Kayla for his freedom in order to “protect” his children, despite the fact that they probably would have made a better life for themselves without him, as his parenting techniques involve sitting around eating cereal and sniffing glue. Sabu lived in the projects off of government cheese, all the while bashing big brother via Twitter

Sabu was not an internet champion. He was a criminal and a spoiled OccupyWallSt type of brat who managed to avoid his own jail time by ratting out his friends. And according to CNET, a girl turned him into the FBI.


Like This Post? Rate it and tell your friends! Click the Share button below.

EchHmphHehAlright!Yowza!ZOMG!!1 (No Ratings Yet. Rate It!)
Loading ... Loading ...
, ,
hb_gary

HBGary Acquired by Mantech

Feb 28th

Posted by Dr. Jones in Cyber

HBGary has some good products to handle memory dumps and disk recovery of malware, but their corporate image was severely tarnished with by the hack by Anonymous last year. News came out tonight that HBGary is going to be absorbed by Mantech, a large services and security company that operates in the DC area. A Google image search for HBGary shows mostly Anonymous related images, as is the one below:

From BusinessWire here:

ManTech International Corporation has signed a definitive agreement to acquire the business of HBGary, Inc. of Sacramento, Ca. The transaction, structured as an asset purchase and subject to certain closing conditions, is expected to be completed in March.

HBGary provides a comprehensive suite of software products to detect, analyze, and diagnose Advanced Persistent Threats (APT) and targeted malware. The company has an impressive list of commercial customers in the financial services, energy, critical infrastructure and technology sectors. The business will be an integral part of ManTech’s broad cyber security offering.

I hope that Mantech will be able to integrate the HBGary suite of products, rescue its tarnished image and still keep the great free tools available for use to researchers and cyber incident responders.


Like This Post? Rate it and tell your friends! Click the Share button below.

EchHmphHehAlright!Yowza!ZOMG!!1 (No Ratings Yet. Rate It!)
Loading ... Loading ...
, , ,
blackhole-11

Cryptome.Org Hacked- Hosted Scripts for Drive-By Malware UPDATE! Javascript Captured

Feb 14th

Posted by Dr. Jones in Belch.Com

Cryptome.Org was compromised by some type of PHP vulnerability, adding a download script to each of its pages on the webserver. The compromised pages produced the following AV alerts to visitors- click the photo to embiggen:

Cryptome confirmed each page had been modified here:

(13 Feb 2012) 5,000 more files found infected, still checking, but it looks as though every HTML file on Cryptome was infected. Sneaky: files inside directories and sub-directories were changed to add the SCRIPT with date of change but without changing the directory date. Not clear how access was gained through our ISP. Access logs do not show the infection activity. Any ideas how that was done and how to prevent recurrence: cryptome[at]earthlink.net

ArsTechnica goes on to report that Cryptome seems to think they were breached via the PHPmyadmin configuration page on their server.

A breach that caused Cryptome.org to infect visitors with virulent malware was one of at least six attacks reported to hit high-profile sites or services in the past few days. Others affected included Ticketmaster, websites for Mexico and the state of Alabama, Dutch ISP KPN, and the Microsoft store in India.

Cryptome, a repository of leaked documents and other information concerning free speech, privacy and cryptography, was attacked by hackers who left code on its servers that attempted to infect visitors using Windows PCs with a trojan spawned by the Blackhole Toolkit, the website reported on Sunday.

Cryptome founder John Young said in an e-mail that he believes the attackers were able to infect his website with a poisoned PHP file by exploiting a weakness in security or server software provided by Network Solutions, which hosts the Cryptome website.

If Cryptome was running a standard type of PHP enabled blog, such an attack would be a bit easier- a PHP based attack can compromise the mysql database and the malcode could be easily injected onto each page. But Cryptome doesn’t use PHP. Perhaps they actually do have PHP, but only as an addon available via their webserver administration console software.

The last time Cryptome was hacked, the name of Justin Perras came up- he was jailed for the Lexis Nexis hack back in the day.

Thanks to @AoSHQ Doom.

UPDATE!!

Coincidentally enough, I began to receive AV popups of my own related to the Blackhole malware. My AV of choice is the excellent Microsoft Security Essentials.

I examined the details and found out that one of my RSS feeds that I track was prepending a malicious script to RSS feed page that is served by Internet Explorer. I carved out the script and submitted it to Jsunpack. As is often the case, jsunpack didn’t detect the decoded javascript as malicious, but reading through the eval commands, it is clear that the software attempts to insert an iframe and create a drive-by download. Below is the decoded javascript. Click the image to embiggen.

It is also worthy to note that this threat employs dynamic DNS to prevent anyone from simply blackholing the IP address. And if the threat is widespread enough to begin to infect the RSS feeds of popular blogs, this one is going to be a big deal in the security sector in the next several weeks.


Like This Post? Rate it and tell your friends! Click the Share button below.

EchHmphHehAlright!Yowza!ZOMG!!1 (No Ratings Yet. Rate It!)
Loading ... Loading ...
,
In this famous action sequence, a selfish child that has no soul conceives of an idea that he is afflicted with a special disease that will excuse all of his horrible selfish behavior.

American Psychiatric Association: No Such Thing As Aspergers

Feb 10th

Posted by Dr. Jones in Crime

Freaky, soulless, self-absorbed asshats, yes. Aspies, no. The APA is doing away with a clinical diagnosis of Aspergers since no one can figure out what the hell it is or if it actually exists. There will just be autism on a graduated scale.

In this famous action sequence, a selfish child that has no soul conceives of an idea that he is afflicted with a special disease that will excuse all of his horrible selfish behavior.

From the DailyBeast here:

Asperger’s, Overdiagnosed, Ill Defined, May Not Be a Syndrome Much Longer

Psychiatrists working on the latest edition of their profession’s diagnostic manual are thought to be tightening the definition of autism and dispensing with Asperger’s completely.

It’s a reasonable question to ask in the midst of the furor over the American Psychiatric Association’s proposed changes to the way autism spectrum disorders are diagnosed. According to the plan, the APA’s Diagnostic and Statistical Manual of Mental Disorders, the profession’s standard diagnostic reference for mental disorders will not contain Asperger’s syndrome at all. Instead, all diagnoses of autism—of which Asperger’s is currently considered a subset—will be collapsed together onto one spectrum, and rated in gradations from mild to severe.

For all its clinical and cultural resonance, Asperger’s syndrome is still only a recent addition to the American diagnostic vocabulary. In the 18 years since it arrived, no one has been able to agree on what it is.

So Gary McKinnon, famed Aspergers sufferer who is using his self-diagnosis to prevent being extradited to the United States to face criminal charges, is now considered by the APA to be merely “daft” rather than having a real disease. Eat it, AssPies.


Like This Post? Rate it and tell your friends! Click the Share button below.

EchHmphHehAlright!Yowza!ZOMG!!1 (No Ratings Yet. Rate It!)
Loading ... Loading ...
,
bodiesfrombridge

Anonymous Draws Wrath of Los Zetas

Nov 3rd

Posted by Dr. Jones in Cyber

The hacker group Anonymous, partially responsible for the Occupy Wall Street mobs, thought it would be fun to target the Los Zetas drug cartel. The cartel sent them a message to watch their backs by stringing up a couple of social networking users from a bridge. Anonymous collectively gulped at the news and ran to make sure they were hiding properly behind tor nodes and proxies.

From GMANews here:

Hacktivist group Anonymous is taking real-life security measures to protect bloggers joining it in exposing information about the “Los Zetas” Mexican drug cartel.

Computer security firm Sophos said Anonymous’ Ibero-American wing posted security steps to help bloggers in the #OpsCartel operation protect themselves.

“Anonymous Iberoamerica says it is creating a ‘special task force’ by invitation only. It is advising members to send messages through a proxy server or through Tor and is pleading with members to avoid identifying themselves as part of Anonymous,” Sophos said in a blog post.

Sophos noted Anonymous’ steps followed rumors that Zetas plans to hire “narco-hackers” to track down and physically retaliate against the hacktivists.

“Retaliation by this bloody, brutal cartel has already resulted in a body count: a man and a woman have been killed and hung from a bridge in Nuevo Laredo with signs warning against posting anti-cartel blogs,” it said.

It cited reports another anti-cartel blogger, a girl, was found beheaded in Nuevo Laredo.

Dude, the zetas have thunderdome armored cars and like killing. The kids in their mom’s basements who think they can hide their online activities might be in some real danger.

As Mikko Hyponnen of F-Secure tweeted:


Like This Post? Rate it and tell your friends! Click the Share button below.

EchHmphHehAlright!Yowza!ZOMG!!1 (No Ratings Yet. Rate It!)
Loading ... Loading ...
, ,

Whoops! Online Mob Wannabes Getting Busted for Running LOIC

Jul 26th

Posted by Dr. Jones in Crime

When Anonymous recruited minions to act as dupes to run a simple script to send oversized packets and pings against Paypal as retaliation for dropping the ability to contribute to Wikileaks and their ongoing criminal activity, those dupes had no idea that the payloads of those packets acted as a fingerprint. PayPal turned over logs to the FBI and they are simply going to round up the top 1000 participants. And they are doing it for the lulz.

From Wired here:

It turns out there’s a method behind the FBI’s raids of suspected Anonymous members around the country. The bureau is working from list, provided by PayPal, of the 1,000 internet IP addresses responsible for the most protest traffic during Anonymous’ DDoS attacks against PayPal last December.

FBI agents served 40 search warrants in January on people suspected of hosing down PayPal during ”Operation Payback” — Anonymous’ retaliatory attack against companies who blacklisted WikiLeaks. On July 19, the feds charged the first 14 defendants under the Computer Fraud and Abuse Act, and raided an additional 35 suspects for evidence.

PayPal collected traffic logs on a Radware intrusion prevention system installed on its network.

On December 15, the company turned over a USB thumb drive containing the Radware reports, which documented “approximately 1,000 IP addresses that sent malicious network packets to PayPal during the DDoS attacks.” The list represented the “IP addresses that sent the largest number of packets.”

It was easy to distinguish the packets coming from the’ “Low Orbit Ion Cannon” — Anonymous’ fire-and-forget DDoS tool — because they contained strings like “wikileaks,” “goof,” and “goodnight,” the affidavit notes.

There are many other characteristics of the LOIC traffic that can easily make the attacks distinguishable as opposed to simply hitting the refresh button over and over again. Any decent IDS can detect such traffic, and if these idiots were using their home computers, they are up shit’s creek about now.

Sites like Paypal and Ebay are built to withstand most DDoS’es anyways, and the entire online mob attack only resulted in a few spotty outages. But the righteous fury of the script kiddies that wanted to participate in online “protests” will likely earn them some real time in jail, which is okay with me for supporting a criminal like Assange and his leaks of secret information. So these mob participants wanted to mete out some justice? Seems like things are getting even more justicey now.


Like This Post? Rate it and tell your friends! Click the Share button below.

EchHmphHehAlright!Yowza!ZOMG!!1 (No Ratings Yet. Rate It!)
Loading ... Loading ...
, , ,
wifi

Evil Hacker Gets Jailtime

Jul 13th

Posted by Dr. Jones in Crime

Barry Ardolf is probably the internet’s ugliest troll. He used his neighbor’s open wireless connection to attempt to frame him for kiddie porn download. It backfired, and now Barry will rot for 18 years in prison.

From Yahoo here:

Minnesota hacker Barry Ardolf was sentenced to an 18-year term in a federal prison this Tuesday. Ardolf had terrorized a neighboring family for two years through a carefully planned campaign involving a hijacked Wi-Fi network to harass, frame and embarrass the next-door neighbors in every facet of their lives.

Ardolf’s obsessive passive-aggression was apparently ignited in late 2008 when his neighbors, Matt and Bethany Kostolnik, filed a police report against him. The Kostolniks had a 4-year old son who wandered over to their next-door-neighbors property shortly after moving into the Minnesota suburb of Blaine. Ardolf, 46 and a father of two, had reportedly picked the boy up carried him back to the couple and then kissed the child on the lips. Ardolf was offended when the cops were called and vowed his revenge like every good villain.

The man, a Medtronic computer technician, downloaded a Wi-Fi hacking program to tear into his neighbors WEP encryption. Ardolf created a fake Myspace page as well as several fake emails for Matt Kostolnik. The hacker then posted child porn on the Myspace page and emailed the same child porn to co-workers at Kostolnik’s law office.

To top it all off, the Blaine hacker sent death threats to Vice President Joe Biden and other politicians from Kostolnik’s Yahoo account. This granted Kostolnik a visit from the secret service who had traced the emails back to his IP address. One of the emails told Biden, “I swear to God I’m going to kill you!”

Ardolf’s mischief was detected when a frustrated Kostolnik told bosses he had no clue as to what was going on. The law office hired a firm to poke around the Wi-Fi network and install a packet sniffer to figure it all out. Eventually Ardolf’s name and Comcast account were found which gave the FBI a reason to obtain a search warrant for Ardolf’s house. They found massive evidence that led to the Blaine hacker being slapped with charges for identity theft, making threats against Biden, possession of child pornography as well as distribution of kiddie-porn.

The FBI also found evidence that Ardolf had staged a similar attack against in a family in Brooklyn Park for parking their cars in front of his house. Ardolf’s charges will tag him with lifetime-sex-offender registration requirements and after his release he’ll be supervised for 20 years. According to the Pioneer Press, he’ll also be restricted when working with computers by his parole officers.

I reckon if Ardolf had access to the internets right now he’d make that prosecutor pay dearly! And those jurors too! Im sure when Ardolf was convicted he was all like:


Like This Post? Rate it and tell your friends! Click the Share button below.

EchHmphHehAlright!Yowza!ZOMG!!1 (No Ratings Yet. Rate It!)
Loading ... Loading ...
, ,
kissarmy

Anonymous Versus the Kiss Army

Oct 19th

Posted by Dr. Jones in Crime

Gene Simmons seems to have invited the wrath of Anonymous after saying that musicians should be extra litigious, suing the pants off of every kid who downloads the music illegally.

From Tom’sGuide here:

KISS front man Gene Simmons made headlines recently when he said the music industry fell asleep at the wheel when it came to P2P networks and the advent of file sharing. Speaking at MIPCOM, Simmons said the right way to deal with filesharing would have been to sue the pants off of every “fresh-faced, freckle-faced college kid who downloaded material.” Simmons also said that, in order to save their brands, people needed to be ruthless and stop at nothing to make sure their content is protected.

“Make sure your brand is protected,” he said. “Make sure there are no incursions. Be litigious. Sue everybody. Take their homes, their cars. Don’t let anybody cross that line.”

Anonymous added Gene Simmons to the list of victims of Operation Payback, the DDoS attacks carried out by skiddies and music pirates against those who try to enforce their property rights. Gene said that he is in touch with the FBI and is working to get the cyber attackers jailed, which only makes Anonymous giggle.


Like This Post? Rate it and tell your friends! Click the Share button below.

EchHmphHehAlright!Yowza!ZOMG!!1 (2 votes, average: 3.50 out of 6)
Loading ... Loading ...
, , ,

Justin Perras, Former Lexis Nexis Hacker Fingered for Cryptome Hack

Oct 10th

Posted by Dr. Jones in Crime

3 comments

Last time I wrote about Justin Perras, he was going to jail for breaking into the Lexis Nexis database using stolen law enforcement credentials. Recently the Cryptome website was hacked and Justin’s name came up as a possible culprit in the attack. Looks like he might have to go buy more soap on a rope.

From Cryptome here:

Date: Sat, 9 Oct 2010 13:15:31 -0400
Subject: you’re going down, sir.
From: justin perras
To: jya[at]pipeline.com

You need to stop blaming me for your ineptitude. I understand your
hurt over what happened with your website and that you feel violated.
I continue to read your files and I can not help but laugh as you take
the shotgun approach to ‘backtracing’ what happened over at earthlink.
Trust me: I do not care about your stupid ‘ass burning’ campaign. I am
not guilty so I have nothing to worry about. I will not ‘roll over’ on
anyone — because I don’t have to. Do you understand? Your allegations
are producing conflict and creating strife for me. I have nothing to
hide from you or investigators. I do not care about your mindless
witch hunt having any legal consequences for me whatsoever. The fact
that you’re associating me with people who may or may not have raped
you without lube just demonstrates your ignorance. You’re annoying:
like a mosquito, and I hope that whoever compromised your emails and
LAN takes that information and becomes an annoying parasite just so
you can understand how aggravating this entire thing is.

You’re acting like an angry child which has consequences of it own.
Your behavior is causing you to lose support. Do you understand this?
Your vendetta against innocent people is acting as a detriment. I
wouldn’t imagine you care. Based on the materials on the site and the
communications you post it seems like you’re going to pursue whatever
crazy agenda (earthlink owned by scientoligists.. are you fucking
serious? ) you’ve cooked up in that delusional head of yours.

I am filing suit, John. Since I haven’t been proven guilty and will
never be proven guilty (should things go that far based off your
campaign of lies and misinformation — idc i am not responsible for
what happened to you, so do whatever you must do, fatso. I am not
scared of the fbi / secret service. They are of no consequence here
because there is no threat — they are just aggravating. The more
things you do which aggravate the quality of my life, the better my
case against you will be.) I have no qualms with making a spectacle
out of your fiasco. Maybe you can buy me a new Barbie Mobile. I’ve
always wanted one of those. I am not afraid of you, law enforcement,
or ‘snitches’ since I *really* have done nothing. My lawyer will be
calling you later. Make sure you answer the telephone that way you can
write the synopsis and perhaps change your tone about a C&D being
‘forged’. Careful with how you word things from now on. ‘…forged’ is
accusatory. Might want to change that, or not. Like I said: the
stupider you get, the better my case against you looks. (*twirls
around marvelously*). Any media that contacts me re: your drama will
be considered an attempt on your behalf to aggravate me. I make sure
to tell them about how your violated fat ass is foolishly pointing
fingers here, there, everywhere because you do not know and rely
information from unverified sources with their own agenda. I have many
enemies and have done some pretty fucked up shit in the past. I’m used
to morons trying to continuously take me down, but they are usually
young and retarded. You take the cake for being the most ignorant
since you should be old enough to know better.

Funny that Justin would threaten a lawsuit. And if he didn’t do it, why bother writing in and denying it? Seems to me he’s protesting too much. And his stint in jail did nothing to deter him from committing other cyber crimes, nor did it squelch his own sense of inflated self-importance.

As I write this, Justin’s domain of poisonapple.net has been defaced saying:
You kids shouldn’t play on computers when you don’t know what you’re doing. -0wn3d.


Like This Post? Rate it and tell your friends! Click the Share button below.

EchHmphHehAlright!Yowza!ZOMG!!1 (No Ratings Yet. Rate It!)
Loading ... Loading ...
, ,
sonnetwitter

Byron Sonne Still in Jail, Bail Decision Due Oct 1

Sep 17th

Posted by Dr. Jones in Crime

2 comments

Former CISSP Byron Sonne, who once planted fake bombs in his school, is still getting three squares and a cot in the Toronto jail for bragging to his friends that he acquired triacetone triperoxide, or TATP, for use in bombmaking, or to simply frighten the Canadian government.

His naive friends on Twitter are bemoaning his “lack of justice” because the Canuck gov’t doesn’t understand that Sonne was supposedly playing some type of elaborate prank that only hackers are supposed to understand.

So the government heard both sides of the argument simply for bail- and decided it would take two weeks to make a decision to let the failed hacker out until his trial.

I predict his bail will be denied. His hacker friends would help him flee trial, and anyone psycho enough to fake bomb his high school is psycho enough to plant a TATP bomb because he couldn’t get hired to do a security assessment for the city of Toronto during the runup to the G20.

Don’t free Byron.


Like This Post? Rate it and tell your friends! Click the Share button below.

EchHmphHehAlright!Yowza!ZOMG!!1 (No Ratings Yet. Rate It!)
Loading ... Loading ...
, ,
barksdale

Google Hires Hackers as Engineers

Sep 15th

Posted by Dr. Jones in Crime

An article from Gawker shows how shocking it can be to learn that you’ve entrusted your systems to an internal hacker. David Barksdale was fired from Google for stalking and cyberbullying some children, mostly because he simply could.

From Gawker here:

A Google engineer spied on four underage teens for months before the company was notified of the abuses.

David Barksdale, a 27-year-old former Google engineer, repeatedly took advantage of his position as a member of an elite technical group at the company to access users’ accounts, violating the privacy of at least four minors during his employment. Barksdale met the kids through a technology group in the Seattle area while working as a Site Reliability Engineer at Google’s Kirkland, Wash. office. He was fired in July 2010 after his actions were reported to the company.

In at least four cases, Barksdale spied on minors’ Google accounts without their consent. In an incident this spring involving a 15-year-old boy who he’d befriended, Barksdale tapped into call logs from Google Voice, Google’s Internet phone service, after the boy refused to tell him the name of his new girlfriend. After accessing the kid’s account to retrieve her name and phone number, Barksdale then taunted the boy and threatened to call her.

In other cases involving teens of both sexes, Barksdale exhibited a similar pattern of aggressively violating others’ privacy. He accessed contact lists and chat transcripts, and in one case quoted from an IM that he’d looked up behind the person’s back. (He later apologized to one for retrieving the information without her knowledge.) In another incident, Barksdale unblocked himself from a Gtalk buddy list even though the teen in question had taken steps to cut communications with the Google engineer.

Barksdale’s harassment did not appear to be sexual in nature, although his online communication with the minors (such as inviting underage kids to attend to the movies with him) demonstrated extraordinarily questionable judgment on Barksdale’s part.

A self-described “hacker,” Barksdale seemed to get a kick out of flaunting his position at Google.

Don’t trust Google as a provider of anything sensitive, folks. I use Gmail as an online alias to subscribe to disposable internet services and to receive google alerts on news items. If Google goes away tomorrow, I’ve lost no data I care about, or if they get hacked, I am not exposed to any personal data theft or privacy breach. Remember when Google’s motto was “don’t be evil?” Now it’s “there is no evil.”


Like This Post? Rate it and tell your friends! Click the Share button below.

EchHmphHehAlright!Yowza!ZOMG!!1 (No Ratings Yet. Rate It!)
Loading ... Loading ...
,

How Ad Agencies Prevent Driveby Malware Ads

Aug 9th

Posted by Dr. Jones in Crime

On of the most effective ways to distribute malware to unsuspecting users is to poison the advertising banners used by some of the most popular websites on the Internet. The malware author’s ad would take advantage of local browser weaknessses to inject trojan software or otherwise compromise the system. If a malware author could get his malware to be delivered to everyone visiting Gawker for instance, it could represent thousands of compromised systems before anyone could react and remove the ad.

When malware authors first started using this metholdology, many of the ad agencies each had to learn the hard way that advertisers weren’t always who they claimed they were. Lots of background checks were put into place to prevent these criminals from placing bogus infected ads- credit checks, investigation into domain registration, business history, references- and still some bad guys kept breaking through.

Many ad agencies had their reputations thrashed because they unwittingly enabled the compromise of thousands of systems, so it was in their best interest to protect the cyber community by vetting their clients as well as they could.

This article here at MediaPost provides a great web advertising insider’s account of dealing with very clever malware authors who were creating shell companies specifically so they could get their ad banners on their ad network.


Like This Post? Rate it and tell your friends! Click the Share button below.

EchHmphHehAlright!Yowza!ZOMG!!1 (No Ratings Yet. Rate It!)
Loading ... Loading ...
, ,

Anti-Antivirus- Concentrated Binary Evil!

Jun 1st

Posted by Dr. Jones in Crime

There are loads of malware authors out there on the Internets. Some of them work for national groups, and others are just in it for the cash. So where does a virus author go when he needs to validate, in a secure fashion, that his own malware is undetectable by all the big AV companies?


Hiding Malware Right Behind Their Backs.

Maybe something like Scan4You. This is a hacker’s service that will store your binary malware, keep it out of the hands of the big AV companies, and will run corporate Antivirus scans against it every day. If an AV signature triggers, the hacker gets notified that his binaries can be detected.

From Networkforensics.com here:

Scan4u.biz is essentially a “criminal virustotal plus”. That is, it is a service where a miscreant can submit a newly created malware binary to gauge the detection rate of various antivirus vendors. While similar to virustotal in this regard, the key is that scanned binaries aren’t submitted to the antivirus vendors in question, as is done with virustotal. And it’s even affordable and easy to pay for…$25 a month or 15 cents per scan, and a discount for referrals. As well as flexible payment options and multiple contact points.

This means that your AV will only catch the old and busted viruses. It is simply blind to the real modern threats and malware that could impact your network. IDS, AV and firewalls won’t stop it.


Like This Post? Rate it and tell your friends! Click the Share button below.

EchHmphHehAlright!Yowza!ZOMG!!1 (No Ratings Yet. Rate It!)
Loading ... Loading ...
, ,
gtfo

The Real Reason Google is Pulling Out of China?

Mar 22nd

Posted by Dr. Jones in China

2 comments

I had written previously here about Google’s righteous indignation at how the Chinese had hacked their Gmail accounts to scrape information on dissidents and internal corporate secrets and how Google vowed to GTFO of China. Suddenly Google was sick of China’s censorship policies even though they knew what those policies were when they began their ventures there. They vowed to shutter Google.CN.

There is a Reuters story here about how China is accusing Google of simply backing down on their own commitments in the pending shutdown of Google.CN. But is the real reason why they are shutting down simply because they got their asses kicked in the market by Baidu? And does blaming Chinese hackers allow them to back out of a market without looking like their search engine is not the best?

Joseph Evers of EncyclopediaDramatica thinks so, and I must admit his theory looks pretty good to me. He wrote on the ED blog during the Aboriginal article scandal:

The “Aboriginal” article was recently removed from Google Australia’s search engine results. This was right after Google had done a large amount of grandstanding about fighting Chinese censorship. Which proves they’re a bunch of spineless hypocrites. Really, you have to admire the shrewdness of Google. China was a gigantic business failure, and a loss leader. With a bunch of CIA and shareholder money Google went in promising that their search technology was really so much better that the Chinese market would fall in a fortnight. Years and what is likely billions later, Baidu completely dominates the Chinese search market. By spinning an obvious business failure as a failure of RED POLITICS Google was able to pull out of China without losing face. Their idiot shareholders sat there and applauded them for wasting billions of their money. For that I give Google a lot of respect. They are some of the most brilliant marketers around, but as anyone who has used Google’s ad placement can attest, the only thing they really excel at selling is themselves.

So if you hear Google touting how they are fighting censorship, remember that they are the world leader in Censorship. Maybe they are finding out that censorship is bad business, but make no mistake. Business failure in China is why Google is getting out of China.


Like This Post? Rate it and tell your friends! Click the Share button below.

EchHmphHehAlright!Yowza!ZOMG!!1 (No Ratings Yet. Rate It!)
Loading ... Loading ...
, ,

Hacking Cap and Trade of CO2 for Fun and Profit

Feb 3rd

Posted by Dr. Jones in Cyber

I still don’t fully understand how carbon trading works in Europe. I think they tax all industries based on what eco-religionists think is a pollutant- carbon dioxide which is a non-toxic, odorless, invisible gas. And they give that money to people who don’t work for a living. Whatever they do, it is very simple to shut it down. You just spearphish the customer base.

From the Copenhagen Post here:

Virus laden emails direct registry’s users to a fake website. All trading suspended until damage ascertained

The Danish CO2 quota register has been shut down since Tuesday after a spate of virus infected false emails were sent to registry users.

The Danish Energy Agency (DEA), charged with maintaining the registry, indicated that the closure has affected some 375 energy companies, together with 1200 private customers who speculate on CO2 quota trading in Denmark.

In cooperation with the EU and UN, the DEA has suspended all trading on the register until the eventual damage of the harmful emails is determined.

The viral attack did not involve the hacking of the register’s website directly, but instead targeted the users of the register, sending them an email virus purporting to originate from the DEA.

The agency is currently trying to determine how many registry customers have been affected and has warned more than 1500 users about the virus. In addition, the DEA has ordered the company hosting the fake website to remove it from the internet.

So the hackers were stealing credentials because this must be a lucrative market. Plus you could fudge how much taxes you owe if you managed to steal a critical account. It seems like cap and trade is important to keep in place, but not really critical to keep it up and running in the face of a simple phishing attack. I wonder if you can shut down other government services as easily?

McAffee’s blog says the hackers have spearphished more sites and more markets are taking themselves offline out of some type of fear. I applaud these efforts because the wind generated by my clapping hands powers a pinwheel that turns tiny turbines that generate green energy.


Like This Post? Rate it and tell your friends! Click the Share button below.

EchHmphHehAlright!Yowza!ZOMG!!1 (No Ratings Yet. Rate It!)
Loading ... Loading ...
, ,

TJMaxx Hacker Flaps Arms; Hopes Aspergers Keeps Him Out of Jail

Dec 17th

Posted by Dr. Jones in Crime

1 comment

First Gary McKinnon pretended he had the assburgers. Accused of one of the largest cyber breaches against the DoD of all time, he has managed to whip up so much sympathy from leftists in Britain by faking a disease that he has managed to postpone extradition for five years. Now the biggest hacks ever committed on the commercial side will possibly go underpunished because Albert Gonzalez, aka “Segvec” started flapping his arms to say he has the assburgers too.

From the Reg here:

The international hacker who has admitted to stealing more than 130 million payment card numbers has mounted a new defense claim that he might suffer from Asperger’s syndrome, a court filing indicates.

On Tuesday, attorneys for Albert Gonzalez filed a report from a forensic psychologist that questioned the criminal hacker’s “capacity to knowingly evaluate the wrongfulness of his actions and consciously behave lawfully and avoid crime,” according to federal prosecutors. The report went on to state that his “behavior was consistent with description of the Asperger’s disorder.”

Gonzalez becomes the latest hacker under prosecution to raise the Asperger’s defense in arguing for leniency. Most notably, NASA hacker Gary McKinnon has cited the Autism-related disorder in fighting extradition to the US to face computer trespass charges. UK Home Secretary Alan Johnson has repeatedly rejected claims raised by McKinnon’s attorneys and supporters and has indicated he will not stop the forced transfer.

In August, convicted hacker Viachelav Berkovich received two years less than the minimum called for under federal sentencing guidelines after the judge in the case took the disability into consideration as a mitigating factor.

The judge hearing Gonzalez’s case has canceled a December 21 sentencing hearing, according to an entry made Wednesday on a federal court website. It’s unclear when a new hearing will be held.

People with Asperger’s are said to display behavior that’s repetitive and restricted, and they also show social awkwardness and an inability to empathize. The link between Asperger’s and crime, however, has been disputed by some researchers.

Being a social outcast is no excuse for crime. But I really don’t like this new trend of criminals claiming to suffer from an undiagnosable mental disorder to avoid prosecution or justice. People that really do suffer from this disorder should be equally upset, but of course they won’t be- they will just gather in their moms’ basements, flap their arms, and send me hate mail for daring to speak out against it.


Like This Post? Rate it and tell your friends! Click the Share button below.

EchHmphHehAlright!Yowza!ZOMG!!1 (No Ratings Yet. Rate It!)
Loading ... Loading ...
,

Hactivism I Can Support

Nov 20th

Posted by Dr. Jones in Crime

Hackers broke into computers at a Global Warming Research lab and exfiltrated tons of email and documents showing scientists lying about their data to promote fraud that Global Warming is real. They knew the evidence said otherwise, so they made up the data. This is religious fanaticism, folks. It just confirms what these protesters in the most liberal city in America, Portland, Oregan were chanting at a recent protest:

From News.Com.Au here:

Hackers have broken into the data base of the University of East Anglia’s Climatic Research Unit – one of the world’s leading alarmist centres – and put the files they stole on the Internet, on the grounds that the science is too important to be kept under wraps.

Go there and read the emails. I had tried to locate the zip file myself but it has since moved due to the flood of requests for it. But the emails show how scientists have been manipulating data to support their own beliefs in global warming. Data that refuted it were wiped, deleted or flat out falsified.

And there is another email exchange where these folks colluded to delete data that was requested in an audit. That is a criminal act if the research is funded with government money. HotAir has more details too. Thanks to Aaron for sending me down this trail.


Like This Post? Rate it and tell your friends! Click the Share button below.

EchHmphHehAlright!Yowza!ZOMG!!1 (No Ratings Yet. Rate It!)
Loading ... Loading ...
,

McAfee’s H*Commerce Web Series

May 21st

Posted by Dr. Jones in Crime

Yes, there is an underground business of buying and selling stolen credentials and identities. It is a huge business that really does wreck peoples’ lives and credit histories. But I’m not quite sure it is as scary as McAfee is making it out to be. This is the first video in a six-part series at their new site, StopHCommerce.Com. Kudos for raising awareness, but jeers on the parade of idiot victims, fear, uncertainty and doubt. Enjoy.


Like This Post? Rate it and tell your friends! Click the Share button below.

EchHmphHehAlright!Yowza!ZOMG!!1 (1 votes, average: 6.00 out of 6)
Loading ... Loading ...
,

WSJ Screams: Get the Chinese Out of Our Joint Strike Fighter Computers!

Apr 21st

Posted by Dr. Jones in China

1 comment

I think the Wall Street Journal is turning into the cyber equivalent of Chicken Little when it comes to Chinese Hackers. A couple of weeks ago they ran a story about Chinese Hackers trying to shut down the power grid, threatening to plunge the country back to the 18th century. Now they are screaming about the Joint Strike fighter program and how the Chinese have stolen the plans. Or at least, they stole something, no one really knows because it was encrypted… but everyone should panic anyways!

From the WSJ here:

Computer spies have broken into the Pentagon’s $300 billion Joint Strike Fighter project — the Defense Department’s costliest weapons program ever — according to current and former government officials familiar with the attacks. Joint Strike Fighter test aircraft are already flying, and money to build the jet is included in the Pentagon’s budget for this year and next.

The intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, potentially making it easier to defend against the craft.

Six current and former officials familiar with the matter confirmed that the fighter program had been repeatedly broken into.  They say the attacks appear to have originated in China.

Computer systems involved with the program appear to have been infiltrated at least as far back as 2007. Evidence of penetrations continued to be discovered at least into 2008. The intruders appear to have been interested in data about the design of the plane, its performance statistics and its electronic systems.

The intruders compromised the system responsible for diagnosing a plane’s maintenance problems during flight. However, the plane’s most vital systems — such as flight controls and sensors — are physically isolated from the publicly accessible Internet, they said.

The intruders entered through vulnerabilities in the networks of two or three contractors helping to build the high-tech fighter jet. The spies inserted technology that encrypts the data as it’s being stolen; as a result, investigators can’t tell exactly what data has been taken.

Many details couldn’t be learned, including the specific identity of the attackers, and the scope of the damage to the U.S. defense program, either in financial or security terms. In addition, while the spies were able to download sizable amounts of data related to the jet-fighter, they weren’t able to access the most sensitive material, which is stored on computers not connected to the Internet. Investigators traced the penetrations back with a “high level of certainty” to known Chinese Internet protocol, or IP, addresses.

There have been multiple reports of chinese trojans that siphon off documents from victim machines.  The WSJ is panicking about the fact that these trojans have been on a few critical systems owned by DoD contractors.  But these trojans are everywhere-  banking computers, computers in law firms, and even in high schools.  And documents are indeed being stolen, including legal briefs and 11th grade homework assignments. And yeah, probably a few documents and internal memos related to defense contracting, and not just with the Joint Strike Fighter mission.

If the WSJ wants to be alarmed, they should find out how many of these same people who don’t patch their computers and allow Chinese trojans onto their systems – also leave their laptops in unlocked cars outside of bars during Happy Hour, where they are routinely stolen and sold on Craigslist.

The point is that data on an internet accessible machine is always vulnerable, and workers in the defense industry by and large know this.  Such computers are never supposed to have classified information on them, under penalty of law and under threat of having their contracts revoked. Any exfiltrated data may have been sensitive but it was unclassified.

And besides, what will the Chinese do with the information?  Build their own warplanes with our designs?  If there are any vulnerabilities in the fighter design, the Chinese only have the partial plans.  We have all of it.  And don’t get me started on Asian drivers pilots.


Like This Post? Rate it and tell your friends! Click the Share button below.

EchHmphHehAlright!Yowza!ZOMG!!1 (No Ratings Yet. Rate It!)
Loading ... Loading ...
, ,
12»