Archive | January 2013

FBI Report: Hacker Blackmailed over 350 Women to Strip on Webcam

cybercrime

The FBI has taken into custody a 27-year-old man, claiming that he hacked the accounts of Facebook users coaxing hundreds of women to strip on their webcams, while watching on Skype.

The man identified by the FBI as Karen (“Gary”) Kazaryan of Glendale, CA, was arrested yesterday on federal computer hacking charges.

According to a US Department of Justice press release, Kazaryan is claimed to have broken into victims’ Facebook and email accounts, changing their passwords, and searching for naked and half-naked photographs. He also gathered personally-identifiable information from the users, including passwords, personal details, names of friends, etc.

The report details also that Karen threatened the users who did not comply to his demands of stripping, that he would post nude photos of them on their own Facebook pages. It is also reported that approximately 3,000 photos were seized from the man’s computer. The FBI believes 350 women were lead in to “sextortion”.

The FBI is urging all women who believe they might be a victim to contact the Los Angeles Field Office at +1-(310) 477-6565.

All-Out Cyberwar is Going On in the Dark, Pentagon Increasing Cybersec Teams

cyberwar

Could there be a “cyber 9/11”? Would there be an all-out cyberwar happening right now? There is a war going on, a cyber one at that, going on here in the states. If you work for a defense contractor, bank, train and plane transportation providers (also including RTAs and other digitally-depending transportation methods), power company, water and utilities plants, etc. are in direct line of fire of potential cyberwar problems.

A brewing cyberwar has been going on in the past year, and usually people view it as governments going head to head (like it would in actual wars). However, there is more of a cyberwar against governments, corporations, and of course the entities we named above.

With seeing government threats, like Stuxnet, Flame, etc., to cybercrime units like Red October, Rustock, even Virut/Waledec – seems like the threat is getting out of hand. With the use of tactics like from these malware powerhouses, our worry for a severe (life-threatening) attack should be a lot greater…mainly to the fact that the US should seriously prepare itself.

“The cyber war has been under way in the private sector for the past year,” says Israel Martinez, a board member of the U.S. National Cyber Security Council, a nonprofit group composed of federal government and private sector executives.

“We’re finding espionage, advanced persistent threats (APTs), and other malware sitting in networks, often for more than a year before it’s ever detected,” Martinez says.

Martinez studies different issues, such as US entities being targeted by fronts from China, Iran for intellectual property theft to other cybercrimes such as stealing identities or cash.

When we look at Stuxnet for example, the US and Israel crafted it jointly to disrupt Iranian nuclear facilities. Problem here is, doing that may have just been a provoking edge to the cybcerwar for Iran to develop something else and revenge. Doing this caused Iran then, to strike back with cyber attacks on US banks. Some have thought Iran was behind the Shamoon virus as well, which wipes out 30K hard drives and taking computers offline at Saudi Aramco for several weeks.

Defense firms in the US are hoping that some of the Fortune 500 cybersecurity companies have a good plan to counterattack and defend for the US to these opponents.

The Pentagon has come back with newer accounts of management for this cyberwar by planning to increase cybersecurity teams. The Senate is continually pushing for legislation for information sharing on threats and cyber attacks. President Obama prepares to issue executive order on cybersecurity, so the Department of Defense is looking for a massive increase in the number of trained cybersecurity personnel helping to defend our country’s public and even private networks.

The government has had trouble in the past looking for the right personnel, since most are employed by agencies that don’t discuss operations publicly (due to the risk of the information getting in to the wrong hands). The Pentagon is planning to push up the number of security professionals up to 5,000 in the next few years (which is up from a little under 1,000). They’re hoping for both military and civilian security personnel to join up, so the diversity helps the US prepare for any issue.

Expect a better take charge situation by corporate, government, and private firms in this cyberwar situation!

Take down of the Virut Botnet in Progress

malware

Virut is being targeted now in an effort of allied security forces. Virut is a very dangerous botnet, which when infecting your computer can cause irreversible damage to your files, can steal a lot of personal information, and cause you to lose almost all of your data.

(Our security arm, SecuraGeek Forums, published an article helpful to users about Virut a few years ago, here.)

This takedown effort involved researchers of Poland’s Computer Emergency Response Team (CERT), Russian CERT-GIB, and the Spamhaus Project that aimed at disrupting the operations of the Virut botnet, which involved 300,000 some infected machines.

In December, the Spamhaus Project helped to work against all the domains owned in the Virut botnet, and attempted to have them shutdown. Most of the domains, if not all, were registered under the .pl cc TLD. However, the gang behind the botnet moved all of the malicious domain names toward a new registrar called home.pl.

The botnet’s operations were limited a bit during this time, when NASK (Research and Academic Network) in Poland, began to move on the infrastructure of this botnet. The NASK operates the Poland CERT and is the national registry of the .pl domain. Therefore, its presence in this situation is very important.

“In past few days, Spamhaus has been in close contact with the sponsoring registrar (home.pl), the Polish Computer Emergency Response Team (CERT.pl) to get the domain names suspended,” Morrison blogged Jan. 19. “In cooperation with the Polish CERT and the registrar home.pl, we managed to get all the Virut domain names within the .pl ccTLD sinkholed.”

“In addition, Spamhaus reached out to the Austrian CERT and the Russian-based Company Group-IB CERT-GIB to shut down the remaining Virut domains within the .at and .ru ccTLDs,” he added. “In cooperation with Spamhaus, and due to the evidence and intelligence provided by Spamhaus, CERT-GIB was able to shut down all the Virut domains within the .ru ccTLD within a few hours.”

Symantec researchers have noted that the maintainers of Virut are also involved with the Waledac botnet. The evidence is due in part to the malware writers behind both botnets using affiliate programs to spread the threats. It’s been noted also that Virut has helped to spread malware such as TDL, Zeus, and others. Also, Symantec warned that Virut had been used to redeploy Waledac. Problem is, the Waledac botnet was seized by Microsoft in 2010. So, redeploying that botnet is opening up the fields for lots of trouble.

As this takedown has occurred, three dozen domain names have been seized in total, with no sign (to researchers) of them starting back up on a different network. Since domains are so critical in the infrastructure, it’s going to be difficult for the malware writers to orchestrate a new plan.

For the past five or so years, domains like ircgalaxy.pl, zief.pl, etc. were used by the botnet…now are seized! It’s not exactly clear how NASK will affect the future operations of Virut, but right now, things are looking good and steady!

Passwords are Losing Trust; Hello Fingerprints, Hashes, Unique Codes

One of the biggest vulnerabilities in computer security is the password. Let’s face it. Something’s got to give! What exactly will it take to authenticate somebody with their own personal information or data without being discovered or hacked?

There are many companies attempting to implement new changes in the way that users authenticate themselves. The best example is Google’s 2-step authentication. This system allows a user to log into their Google account like normal when they access it on their common browser/app…however, whenever they log in elsewhere, it requires an access code specialized for that given with a name.

Google has come up with other ideas such as having a smartcard embedded finger ring or using a smartphone to authorize a new device/computer to add to your account.

More companies are attempting hardware-based authentication. Most companies attempting such measures only have prototypes, and are awaiting the ability to beta the use. Most of these types of measures are called security or hardware tokens.

A pin or password is usually needed for devices…right? However, depending on the type of device will show what other forms of authentication are needed in addition to that. For example, a one-time password may be in order, similar to the Google access code as a second step in authentication, which would be too hard to hack. Others would take a challenge code, which would prove that your a human in public, instead of a hacker/robot on a different network trying to hack.

Many networking authentication proposals for authentication would only allow a certain unique IP address to access the login section or be able to enter a password. Some require a smart card or fingerprint. All of these are good ways to help authentication become more physical and legitimate.

Proving possession is everything in the computer security world now, but this type of authentication has been proposed for around ten years, at least. It’s time tpo get serious about authentication, and develop better solutions. This is the call to action.

Oracle FINALLY Releases Critical Security Update for Java 7

vulnerability

New update now available, released by Oracle: Java 7, Update 11. Fixes a critical flaw, CVE-2013-0422. This update addresses the MBeanInstantiator in Java Runtime. It allows attackers to execute arbitrary code via loading unspecified classes.

A big response from security bloggers have sparked harsh criticism on Oracle. See information from Kafeine, ThreatPost, and Krebs. There are more bloggers talking about it. From what it seems, Oracle was rather stubborn about this, as they’ve been before.

The update is available via Java.com Web site, or can be downloaded from with Java via the Java Control Panel. Existing users should be able to update by going to the Control Panel and entering the Java Control Panel, or by searching for “Java” and clicking the “Update Now” button from the Update tab.

This changes the way that Java handles different applications. According to Oracle’s advisory: “The default security level for Java applets and web start applications has been increased from “Medium” to “High”. This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the “High” setting the user is always warned before any unsigned application is run to prevent silent exploitation.”

Apparently, at one time, the issue was fixed. However, this was apparently ineffective. Many security bloggers say to just remove Java. Forget about it, if you don’t need it. It’ll save you time to update it (all the time!) and security trouble.

 

Get totally protected now:
$20 OFF Kaspersky Internet Security 2016

Firefox 18 is HERE! Retina Support, Faster Javascript, Security Fixes

Firefox 18 has been released.

This month, there were 2917 bugs patched, with 21 security fixes. 12 Flaws noted were critical.

Make sure to check out the new JavaScript compiler known as IonMonkey. This us a converting tool for JavaScript code. It helps to optimize the use of JavaScript code. Some worry this can cause startup delay for Firefox.

According to a post on Mozilla’s blog yesterday, Firefox 18 also comes with an awesome new phishing and malware protection component. Therefore, now the browser will warn users when they browse sites that are phishing or malware.

Firefox 18 now supports Retina enhanced-resolution for MacBook Pro devices. So, if you’re wanting to use Retina to your advantage when browsing the web, you have it.

Other than all that, it’s cool! Download from http://www.getfirefox.com or press the Firefox tab in the browser > Help > About Firefox, Check for Updates.

Are Mobile Devices the Next DDoS Threat?

The question that many have had on their minds is if mobile devices will become a source of DDoS attacks. Whether mobile phones will be used as zombies is currently under speculation by many researchers, who say “It may be imminent.”

It can be figured due to the amount of trojans found on Android devices, how iOS devices got attacked, and Windows Phone being vulnerable. Trojans are masks that cover an legitimate looking program. Basically, a program appears to be legitimate, but has hidden features to do something different. Most of the time, either the trojan will steal data and mine some cash, or use your computer as a zombie (using your resources such as CPU, RAM, etc.) to launch a DDoS attack.

A distributed denial of service is used to cause a server to take too many requests that it cannot handle. This is usually done by blackhat hackers or cybercriminals to either protest a specific ideal, or just for fun.

A highly used DDoS tool by Anonymous called “Low Orbit Ion Cannon” (LOIC) was recently redesigned for use on the Android platform. The porting over to Android from the Desktop app took no programming skills. In fact, it’s easy to use old tools and port them over to Android.

With device manufacturers slowly releasing updates to device operating system, firmware, etc. – this leaves an open hole for exploit/cyberattack. Android is particularly vulnerable because of the ability to use ‘unknown source’ apps, or apps outside of the Google Play store.

Although, if it is thought out, it would take thousands of devices to be able to have the power to construct a DDoS attack. However, this would make it a lot simpler for a pre-constructed attack, that can come from many countries – thus making it hard to trace the origin of the attack(s).

It is sure that as carriers and app developers are distributing e-wallet apps, the ability to rob personal data, credit card, etc. will increase. Heads up!

%d bloggers like this: