Showing posts with label cybercrime. Show all posts
Showing posts with label cybercrime. Show all posts

Tuesday 28 February 2017

Stop Charging Your Phone in Public Ports

Credit:Selena Larson, CNN
As the time period of smartphones increases, its battery begins to retard. First 1 year is very enjoyable; when you are just required to charge your phone only once a day and get all the privileges all throughout of the day. In the beginning the battery even stays for two consecutive days if you do not use your phone very frequently, but as time passes you get to experience a huge lot of problems related to your phone, especially your battery.

It generally happens that when you forget to charge your phone completely, that very day you end up with an emergency when your battery runs out and you are forced to take the help of some unknown source to charge your phone, but this alternative can turn out to be very risky. Recent discoveries have been made where a different kind of scamming was discovered. The public plug-ins that are available on roads, railway stations or hospitals can turn out to be your major enemy in lieu of the benefit of charging.

The hackers are inflicting this public USB ports with some hacking device, which as soon as you connect your mobile with these ports in order to get the battery charged immediately all your information gets copied on the other side. In this world of digitalization, cashless society, paytm, mobicash all your data are mainly saved on your phone because with the help of your smartphones you avail these benefits and the data remain on your phone.
You know that this datas includes all your personal details related to your bank account details and if any scammer gets hold of it you will feel to get penalized without any mistake of yours. Just your casualty will force you to face several consequences.

This whole process involves many technicalities where as you plug in your phone into an unreliable source, your device gets infected, just like your phone gets inflicted by virus when you unknowingly visit unauthorized sites. In this case also the problem is the same by connecting your phone into a public outlet your data gets compromised.

Drew Paik who belongs to a security firm known as authentic8. This Authentic8 develops Silo, which is a high defined security browser that safeguards all the activities related to web.

Remember, the cord that you use to charge your phone is also used to share data from one phone to another. So, you can well imagine that when you plug in the cord to an infected socket what can the consequences be. If the port is truly hacked by the hackers then you cannot even imagine that to what extent they can draw your data.

The easiest way to charge your phone will turn out to be the biggest mistake of your life. So, never connect your phones to this public ports this can lead to serious consequences; you might have to face such problems that you didn’t expect to come across ever in your life.

Tuesday 7 February 2017

Lack of Cyber Security Poses Threat to Modern Cars

Cars have evolved so much from being a machine only used for transportation to an all-round smart transport system, integrated with accurate navigation, music and cameras. But as all good things have their own vulnerabilities, equipping cars with accessible technology risks the danger of it being hacked. All cars manufactured in EU should be connected via emergency Call (eCall) services by the month of April in 2018. However these simple mobile devices are not built strong enough to keep away hackers and malicious programs. A research conducted by Hebert Leenstra at the Cyber Security Academy in Hague on Automotive industry, inclines that car manufacturers should take the lead on protecting people from increasing cyber threats.

Modern day cars, including cars that can self-drive are in constant connection with its surroundings. Microchips have been used in almost every car system which controls the basic functioning of the car such as navigation system, music system and managing the car engine. Microchip uses Wifi, Bluetooth, and 4G/5G services to communicate to other cars or networks. A hacker can easily gain access to the car’s network via the internet. The most vulnerable part is the CAN bus where all the vehicle’s ICT systems are stored. A hacker who has gained access to the CAN bus can virtually control the car such as changing speed and applying brakes.

Everything wrong with modern cars

There are some basic flaws and defects in the ICT structure of modern day vehicles that can be exploited by hackers. The entertainment system is often linked with the engine in most of the cars even though there is no apparent reason for these two to be linked together. Also modern day cars rely on using the internet for their navigation systems which can easily be hacked.

What can be done to improve Cyber security?

The research carried out by Leenstra has identified several steps that car manufacturers can take to protect their customers. The first thing car manufacturers should do is change their Can bus design so that essential and non-essential systems are separated making them less vulnerable to cyber-attacks. The government needs to reevaluate their policy that prevents car manufacturers from providing extended support to car software, security and firmware updates. The implementation of the update, which is done via the internet or by a USB stick, should also be reviewed as the UDB device can hold back all kinds of information.

A broader approach could be taken by governments, dealers and insurers in spreading knowledge and information about cyber security. Information Sharing and Analysis Centre (ISAC) established in the United States have taken an aggressive step to stop Cyber-crimes. All parties within the ISAC share information and experiences regarding Cyber-attacks, which Europe can learn from and adapt.

The ICT structures of the modern day cars needs to be completely revamped to ensure customer safety. With the incidents of hacking becoming more frequent, it is necessary to implement measures as soon as possible.

Monday 9 January 2017

Code Associated with Russia Hacking Found on Vermont Utility Computer

Russia Hacking
Hacking of the Russian campaign which dubbed Grizzly Steppe was discovered by the Obama administration and they found that the code associated with the hacking was found on a laptop that was associated to a Vermont electric utility computer but was not connected with the grid.

The Burlington Electric Department said that they took immediate measures in figuring out the laptop by issuing alerts everywhere for its detection. They even assured that their officials are working over it to stop any further infiltration of the utility system by tracing the malware.

The Burlington Electric Department said, that the Department of Homeland Security have discovered a malicious code in Grizzly Steppe, which needs to be decoded. After this discovery they without wasting any time scanned all the computers in their system to locate the malicious software. The infected code was figured out in one of the Laptop which was of Burlington Electric Department and wasn’t connected to the organization’s grid system.

The detected malicious code was intended to have resulted from a comparatively less hazardous episode, due to visiting a website related to certain queries or questions. One of the team working with the concerned problem said that the Russian hackers might not have been involved directly in this case. The exact date of the incident is yet to be detected.

President Barack Obama issued an order where he expelled 35 Russian spies and passed ordinance on two Intelligence Agencies of Russia regarding their involvement in hacking U.S political parties in the election of 2016 presidential chair.

A declaration was passed after the Washington post where it was reported that the hackers of Russia infiltrated a Vermont utility. The government and the officials of utility industry judiciously monitored the nation’s electrical grid on a regular basis because it is all immensely computerized and any malfunctioning might lead to severe disruptions in the functioning of services related to any emergency or medical aid.

One of the senior most official of the administrative department under President Obama declared that all defenders of several networks based in United States can defend themselves against the unauthorized activity related to cyber crime by Russia.

No immediate response towards the request was answered by the Department of Homeland Security. The officials investigating with the case considered the incident as a minor one that on the long run did not lead to any disastrous results. But still they are alert and extremely critical regarding any disturbances that might occur by the disgraced action of the Russians in the field of cyber activities.

The officials have become entirely serious and have kept a strict watch eye on the Russians to avoid further malicious implications from their end. They have traced the infiltrated code and has successfully managed to bring it under control by taking in much advanced technologies and government aided campaigns in the space of cyber crime.

On a positive note Russia is justly held responsible by the U.S. officials for enabling them to develop such a highly intensive security measures to restrict any further hacking

Wednesday 13 April 2016

The Ransomware That Knows Where You Live


Ransomware - Scam Email Quoting People’s Postal Addresses -

As per security researcher, an extensively distributed scam email quoting people’s postal addresses tends to link to a dangerous kind of ransomware. After getting to know of an episode of BBC Radio 4’s You and Yours that discuss about the phishing scam, Andrew Brandt, of US firm Blue Coat had got in touch with BBC. He found that the emails seemed to be linked to ransomware known as Maktub.

The malware tends to encrypt the files of the victims, demanding a ransom to be paid before they can be unlocked. The recipients were told by the phishing emails that they owed hundreds of pounds to UK businesses and that they could print an invoice by clicking a link. However, according to Mr Brandt that leads to malware. One of the said emails had been received by You and Yours reporter, Shari Vahl. Mr Brandt had informed BBC that `it was incredibly fast and by the time the warning message had appeared on the screen, it had already encrypted everything of value on the hard drive, it happened in seconds’. Maktub does not only demand a ransom but it tends to increase the fee which needs to be paid in bitcoin, as time passes.

Addresses Highly Precise

One of the website connected with the malware had explained that during the first three days, the fee is at 1.4 bitcoins or around $580 and rises to 1.9 bitcoins or $799 after the third day. The recipients are told by the phishing emails that they owe money to British business and charities when they do not owe them anything. One of the organisations named was Koestler Trust, a charity that tends to help ex-offenders and prisoners produce artwork.

Chief executive Sally Taylor told You and Yours that they rely on generous members of the public and was very distressed when they discovered that people felt they had received emails from them asking for money when they had not been generated by them at all. A remarkable feature of the scam was that they included not only the victim’s name but the postal address as well. Several of them including the BBC staff had noticed that the addresses were generally highly precise.

Data Derived from Leaked/Stolen Databases

As per cybersecurity expert at the University of London, Dr Steven Murdoch, it is yet not clear how scammers were able to gather people’s addresses and link them to names and emails. The data could have been derived from a number of leaked or stolen databases for instance making it difficult in tracking down the source.

Many of the people had got in touch with You and Yours team to inform that they were concerned that the data could have been taken from their eBay account since their postal addresses had been stored in the same format there as they seemed to appear in the phishing emails.

The firm had mentioned in a statement that eBay tends to work aggressively in protecting customer data and privacy which is their highest priority and they are not aware of any link between this new phishing scam and the data of eBay. In an effort of creating the safest, environment possible for their customers, they tend to constantly update their approach to customer data security.

Wednesday 16 December 2015

Moonfruit takes Websites Offline after Cyber-Attack Threat

Cyber attacks have been increased rapidly throughout the globe. Sony was hacked just a few months which caused leakage of emails, movies details and other. Snapchat has also been hit in the past and now every website is playing cautious when it comes to imminent cyber attacks. Recently Moonfruit took thousands of its hosted business and personal websites offline after being threatened by a cyber-attack.

What is Moonfruit and why it took websites offline? 

Moonfruit is a UK company which helps its consumers and small business to create websites and online stores. Moonfruit is highly popular among the users in UK for its affordable pricing and efficient website builder which makes it simpler and easier to create demanding websites with less coding. Moonfruit has taken thousand of its customer’s website offline after receiving threats about a cyber attack.

Moonfruit had stated that it has kept thousands of its customer websites offline for up to 12 hours in order to make necessary changes in its infrastructure and to safeguard its consumers. Moonfruit has also perceived problems last Thursday when it suffered from a 45 minute of distributed denial-of-service attack. In this attack Moonfruit computer were overwhelmed by unwanted traffic and it made the use of its legitimate services non-functional.

Moonfruit consumers suffers from being offline

Moonfruit has informed its consumers about the decision of taking down the websites for up to 12 hours from Monday and it has generated some angst among the consumers. One such consumer Reece de Ville, a filmmaker, has complained that Moonfruit has been slow in communicating this decision which has the potential to disrupt the website performance and reach.

Moonfruits users had complained that this is bad time for taking down the websites as the holiday season is in full swings which brings higher web traffic and increases the sales volume. Apart from losing money through sales another problem faced by the users is the loss of potential clients or new clients within a day. Online stores will sells items especially for the holiday season like gifts and greeting cards store will take a severe hit in this Christmas week.

Armanda Collective behind the cyber attack threat

Moonfruit has sent emails to its customers where it explained that a notorious cyber hack group called Armanda Collective is attempting to extort money out of the company. Armanda Collective had previously successfully attacked the websites of web mail companies which included Hushmail, ProtonMail, RunBox and quite a number of Greek banking institutions.

The customers have been furious and quite unhappy with the loss of sales and potential clients. But it should also be understood that Moonfruit is a victim too of unpleasant criminal act where cyber criminals are threatening its business for extorting money. Moonfruit is working with the law enforcement authorities regarding this matter and hopes to dissolve this threat at the earliest. In the mean time customers have to bear with the Moonfruit decision of keeping the hosted websites offline.

Thursday 3 September 2015

Web Address Explosion is Bonanza for Cyber-Criminals


Explosion in Internet Addresses

According to an industry study which had been published recently, an explosion in various new Internet addresses has developed opportunities for criminals misusing shady domains like zip. kim. or party. The attackers are on the prowl of new domains like urging users in downloading malware and divulge personal data or spam their friends and a liberalisation of the Web had increased the number of top level domains tenfold in the last two years.

An investigation of tens of millions of websites had been conducted by enterprise security company Blue Coat and found that the most dangerous top level domain – TLDs were .zip, .review and country, while the safest new ones were .london, .tel and .church.

Blue Coat mentioned in its study that TLDs ideally would all be run by security-conscious operators who diligently review new domain name applications and reject those which do not meet a severe set of criteria and the reality for several of these new neighbourhoods is that this does not occur. The body which tends to manage the Web identifiers, the Internet Corporation for Assigned Names and Numbers - ICANN, had launched an initiative in order to expand the number of TLDs to encourage competition and choice online.

Generic Top-Level Domains

Initially there were only six not including country codes like .com, .edu, .gov, .mil, .net and .org. Enterprises interested in selling new TLDs had to pay $185,000 by way of fee to internet industry regulator – ICANN and demonstrate that they had the potential of running a registry.

They are presently in the process of introducing more than a thousand new web address endings which is known as generic top-level domains. The extent of the global Web domain name sales market seems to be hard to determine since several sales are private and sought-after domains tend to change hands for millions of dollars though more vague ones could be had for about 99 cents.

The world’s largest accredited registrar of domain names, - GoDaddy (GDDY.IN) had made sales of $1.4 billion last year and was worth at $3 billion in an earlier public offering this year. This year, Bain Capital had bought Blue Coat for $2.4 billion in an indication of strength of demand for cyber security technology.

Unscrupulous Operators on the Lookout of Hold Companies to Ransom

Law firm Hugh James clarifies that the cyber squatters tend to buy addresses alike those of well-known companies or which they expect that the companies may need in the future. The cyber criminals then expect to sell the web address for an overstated sum or profit from the extra web traffic resulting from well-known brand appearing high in online searches, boosting their own advertising revenue.

Around 198 cybersquatting disputes have been registered over the last eight months in comparison to the 48 in the first eight months after the new naming system had been introduced. This comprise of Red Bull which had challenged the use of `’ and Laura Ashley had challenged the use of Tracey Singlehurst-Ward, Senior Associate at Hugh James had stated that, `businesses are being forced to spend time and money in these disputes. Tech-savvy, though often unscrupulous operators are on the lookout to hold established companies to ransom.

Tuesday 28 July 2015

United Hackers Given Million Free Flight Miles

United Continental Holdings, a US airline has rewarded the two hackers under their bug bounty program because they have spotted security holes in the company website and they disclose the security flaw privately rather than sharing it online.

As a part of reward hackers have received the maximum reward of a million miles on flight, which is worth of hundreds free domestic flights and it is for two people. According to tech experts, its big and very good step in the domain of online security. In conversation with Reuters United Continental Holdings confirmed that they have paid the reward of one millions mile to each hacker, but they didn’t respond on the tweets of individuals which is saying that they have been also paid the small cash reward. This Chicago based carrier is hoping that its bug bounty program will help the company to uncover the cyber risks in the area of airline web security. With the help of bug bounty program web researchers solved the problem before hackers can exploit them and due to that the cost is much less than hiring outside consultancies.

However; all the three major competitors of United have declined any comment on the bug bounty programs and fourth was not available for commenting. Whereas; Trade group Airlines stated that in US all the air carriers should conduct these kinds of tests to make sure that system is secure. United adopted this strategy in the month of May when due to technology glitches they have grounded its fleet more than two times. In one incident company locked its airline reservations system and prevents customers from checking in, however; due to other zapped functionality of the software this air carrier dispatches its entire flight plan. According to spokesperson of United, “We believe that with the help of this program we will continue to provide best, secure and most excellent service”.

Jordan Wiens, who is working on the cyber vulnerabilities, tweeted that last month he received a reward of 1 million miles from United for exposing a security flaw which can allow hackers to control the website of airline. The more he added in an interview that there are not many companies in industry which are doing bug bounty programs, however; according to Wiens it’s normal for big companies such as; United to offer bug bounty program for their websites. Beyond the bug bounty program, United stated that its perfect test system which internally engages the cybersecurity firms to keep its website and online security secure.

According to Dr Jessica Barker, who is security consultant, “Schemes which are rewarding the hackers are perfect way to find and disclose the online security problems in right way and it help us to make the internet safe for all of us”. The more he added that bug bounty programs are common for tech companies because they understand online security and due to certain benefits now other industries are catching them.

Tuesday 21 April 2015

Hackers Who Breached White House Network Allegedly Accessed Sensitive Data

Hackers Breached White House Network

According to recent story published by CNN, Russian government hackers have breached the White House’s computer systems late last year and have gained access to sensitive details though the US officials disagree with it. The officials had stated earlier, that in October, the White House breach had only affected an unclassified network, though sources informed CNN that the hackers had gained access to real time non-public details of the president’s schedule.

 The sources also informed CNN that the hackers were the same ones who were behind a damaging cyber-attack on the US Department of State at the same time last year, which forced the department to close down its email system for an extended period of time. The connected cyber-attack on the State Department recently has been characterized as the worst hack on a federal agency. The White House is not unfamiliar to attacks from foreign spies.

 The Chinese have been associated in many high profile attacks of White House unclassified systems together with employee emails. Reports of the breach came in as government official have become more concerned with regards to cyber threats from Russia. James Clapper, FBI director informed Senate committee in February that `the Russian cyber threat is more severe than they had earlier assessed’.

Immediate Measures to Evaluate/Mitigate Activity

Ben Rhodes, White House deputy national security adviser stated that the breached White House system had no sensitive data. He informed CNN that they had an unclassified system and a classified system, a top secret system. And that they do not believe that their classified systems were compromised.

A White House spokesperson who tried to restrain the report informed that it was based on a security breach which was already revealed to the public. Spokesperson, Mark Stroh, informed the media, that this report was not referred to a new incident and any such activity was something which was taken seriously and in this case, they had made it clear at that time and had taken immediate measures to evaluate and mitigate the activity.

He also informed that as officials did last year, the US would not comment on who could have been behind the attacks. Investigating the security breaches are the Secret Service, FBI and US Intelligent agencies which according to CNN sources say were the outcome of one of the most sophisticated cyber-attacks that was ever directed at US government agencies.

Theft of Private Data – Government/Corporation/Individuals 

The recent report comes amid hacker thefts of private data related to governments, corporations as well as individuals, from sensitive emails to medical reports to financial information and possession of these data could tend to be of great importance to either enable criminal acts or assistance in government spying.

As per a senior department official, none of the department’s classified email system in the State Department breach was affected at that time though hackers used that breach to break into the White House’s network as reported by CNN.

The security researchers were under suspicion after the White House security breach was revealed in October, that hackers working for the Russian government were the cause of both the attacks according to the story of Washington Post and inspite of efforts beingmade by the State Department to safeguard its security, hackers were capable of accessing the system with the result that the network was owned for months by Russian hackers.

Saturday 7 March 2015

5 Simple Tips to Avoid Getting Scammed In 2015


Criminals and computer hackers in all over the world are active; they are working round the clock to steal your personal information as well as money. There is nothing which you can do, but with few simple precautions you can reduce the risk because life in digital age doesn’t come with undo button and your small mistake can crook your Social Security number.
  • Use credit cards for online shopping: 

  • A credit card provides you better fraud protection than debit card and net banking as credit cards follow the different federal rules. If you are using credit cards, so you can dispute an unauthorized charge and later credit card company have to take charge off your bill after doing the investigation, which is not possible if you are using debit card. You can also dispute the charges of a credit card if the merchandise doesn’t arrive or if you have got the defective material. Whereas; some people afraid to use a credit card for online shopping, but this is for what credit card are meant to be. If there is any kind of problem, so it’s a job of credit card companies to deal with it.

  • Protect your personal information:

  • Hacker have variety of tools and techniques to get your account numbers and passwords such as; bogus emails designed to look like authentic e-mails from banks, key-loggers, phishing and more. There are always reasons why they need your personal information, but you shouldn’t forget that your Social Security number is the key to your tension free life because a hacker can use it to steal money or your personal identity. Social Security numbers are essential for financial and medical records, so it is recommended to guard it.

  • Never download unknown attachment or click on suspicious links:

  • It’s easy to click on a certain link which is in text mail or on social media post, but it is recommended to never open such links which are calming as shipping invoice or some other document calming certain lucky draw. Fraudsters are ready to count on your curiosity and your instant response can end-up with an installation of malicious software onto computers and smartphones.

  • Take your time:

  • Never make your purchase in rush as it can lead you towards fraud. Never fall in love with “buy-now-or-else because sometimes hackers use this trick to compromise your financial details. So before taking any final check-out makes sure you are doing shopping or purchase from authentic platform.

  •  Don’t be fooled by e-mails of free prize or free merchandise or money back guarantees: 

  • Never pay for playing in contest, which claims billion of dollars in prize. If the contest is authentic, so you don’t have to buy anything or pay any amount of money to get your prize. Free is good, but nothing comes in free especially when you are living in this meaning full world. The initial product may be free, but the other attached products can end your purchase with heavy bills and this is the technique through which most of the e-commerce companies are making a real profit. 

Monday 26 January 2015

Whatsapp and iMessage Could Be Banned Under New Surveillance Plans


According to recent reports, Snapchat, WhatsApp and iMessage could be banned in the U.K. after the murder of Charlie Hebdo. It was the shocking event in Paris where leaders of the world prove that, how little they understand the latest technology. David Cameron, in an event in Nottingham, England, stated about how Britain has been able to access any form of communication with advanced technology and tools.

Phone calls, internet traffic, letters all can be intercepted due security and intelligence reasons, but as per the Cameron few services such as; WhatsApp, Facebook, iMessage, Snapchat and countless other smaller versions can be problem for national security. At the end of whole speech, David Cameron stated, “The first duty of government is to keep the country safe for our people, so that they can enjoy the life.”

As per another member and Mayor from Cameron’s party, Boris Johnson, “I am pretty interested in civil liberties stuff and if they are threat, so I want to listen their calls and check their emails to”. It can be alarming quote for those who have tipped to be a future British PM. No doubt, David Cameron was referring to listen only terrorists, but we all know that for this they need to keep an eye on all residents.

In the world of democracy, if you have elects those who are best according to you and later you are managing the money after paying taxes to live in better country. According to normal peoples we haven’t elect them to spy on our private life, to stop us from having basic rights and freedom, we didn’t have put them in charge, it means they couldn’t have a understanding about latest technology then our teenagers.

The argument presented by government and its officials, mobile services such as; WhatsApp, Facebook, iMessage, Snapchat are not freely accessible from their intelligence agencies. It is expected that government has approached those companies and asked to keep an eye on their messages, but their request denied. Now government has only option either to break in their security or to get a court order for further records.

But it’s nothing other than stupidity to stop normal people doing normal things through their instant messaging services; the latest technology is the easy medium for terrorists to communicate securely. If two or more machines are running for communications through Tor, while using 256bit encryption with the help of an IRC server so it can give same headache to government. Government can have little trouble to see those chats as the source and destination with the chat content of messages would be fairly secure throughout the process.

Ultimately, this is all what British government wants, and French government seems to follow the same route in a system as China is doing as they are routing all the traffic through government firewalls and normal people can access only approved sites and services. But the other fact is it is more difficult to stop the people from using the communication apps.

Thursday 8 January 2015

The Real Cybercrime Geography

According to cyber experts, the recent cyber attack on Sony Pictures was due to digital infiltration of North Korea. In digital world things change very rapidly and due to that spin doctors of North Korea stated in quick response that they didn’t hack the server of Sony Pictures and some of cybercrime experts from U.S. also telling the same that North Korean propagandists can be right. As per the evidence, which represented by FBI, it’s clear that incriminate hackers were working for the government organizations, communist, but still U.S experts stated that these proof are not just enough to blame Pyongyang.

According to Sam Glines, CEO of Norse (a cyber security firm), “According to data collection which was based on forensic evidence, it’s clear that North Korea is not accountable for any type of hacking activity or on initiating the attack on Sony Pictures”. All the hackers must be busy because thousands of information gathered from Sony Picture’s servers, which they released after few hours. All the leaked information was related to cast salaries, film’s budget, taxes of actors and actresses with little known fact that Kevin Federline act for a cameo appearance in $5,000. We all know that country North Korea is still on war with America, but America was never on the radar for computer attacks. So, who was responsible for cyber attack on Sony Picture’s? India? Russia? or Iran and Iraq? In future the answer can be the surprise.

According to Symantec there are 20 countries in world that can responsible for cyber attacks and the list was generated on following factors; malicious code rank, malicious computer activity, phishing, spam zombies rank, attack origin and bot rank. The top five countries according to survey were the U.S.A., China, Germany, Britain and Brazil, whereas; the in the list bottom three are Argentina, Australia and Israel, however; South Korea came in at No. 14, Russia at No. 12, and the fact is that North Korea didn’t make it to enter into top 20.

If you will say just gather 10 American computer experts on coffee table and soon the talk will turn into hacking and cybercrime, but it’s not true, however the Russians have been active in cybercrime and cyber-hacking from past few decades as they are also playing the vital role in cybercriminal world. In present if you own money, and want to hack into PC or mobile, so all you need to place an order or buy a program for a cyberattack to get someone’s personal information or swipe financial or banking information. IN western firms the online banking fraud and credit card information theft is normal, now the main question is “If the Russians are so good, so why they just landed up on rank at No. 12?

Monday 15 December 2014

FBI warns of ‘destructive’ malware in wake of Sony attack

According to the recent reports, the FBI (Federal Bureau of Investigation) has already intimated all the businesses in The United States of America, that the hackers have been using malicious software to launch a destructive cyber attack in the United States of America.

This was announced post the devastating breach that took place at Sony Pictures Entertainment last week. As per the Cyber security experts, the malicious software that has been described in the FBI alert looks to be describing the software that affected Sony.

This can be considered as the first key destructive cyber attack waged against a company operating on the soil of the United States of America. Until now, these kind of attacks has been seen in the Middle East and Asia, but nothing has been reported in the United States of America. At present, the Federal Bureau of Investigation had not disclosed as to how many companies have actually been victimized by these destructive attacks.

Confidential "flash" warning

According to Tom Kellermann, who is the chief cyber security officer with security software maker Trend Micro Inc, this synchronized cyber attack with the destructive payloads against a business in America clearly represents a turning point event.

For these destructive cyber attacks, Geopolitics will serve as the forerunners. The 5 page confidential "flash" warning issued by the FBI was released for the businesses on Monday; it has all the technical details pertaining to the malicious software that was used on this attack.

As per the reports, the malware has the ability to overrides all data stored on the hard drives of computers, which includes the master boot record. Due to this, the computers will not be able to boot. The reports also highlights that if the companies are unable to restore their data through the standard forensic methods, then overwriting of the data files will become more costly and extremely difficult.

This document was sent through mail with the clear instruction of not sharing the same with anyone else. This document was released post the unprecedented attack on Sony Pictures Entertainment, which affected the entire systems and the email line of the company. This has affected the company as they have crucial movies to be released during the holiday season.

The company’s spokeswoman stated that they are working with the federal and law enforcement officials to check on this issue and the company has been able to restore some of their important services. She declined to comment on the warning issued by FBI.

Actions currently being taken

Currently the FBI is working along with the Department of Homeland Security to investigate these attacks while FireEye Inc's has been hired by Sony to carry out the post attack clean up. Although FBI didn’t reveal the name of the victim of this attack; cyber security experts stated that it is a California-based unit of Sony Corp.

According to technical section of the report, some of the software used in this attacks have been compiled in Korea but no correction has been established with North Korea.

Friday 28 November 2014

China Suspected Of Attacking USPS and NOAA

Last week, National Oceanic and Atmospheric Administration and the United States Postal service had confirmed that that there were attacks on their computer system. These cyber attacks went on for a month and suspected to be originated in China. According to USPS, these attacks compromised the private information of nearly 800,000 employees. The type of information that was at risk includes date of birth, names, addresses, date of employments and Social Security numbers. This information’s is very important as anyone can forge and influence the service as well as other government agencies.

What is at risk? 

According to CTO, Greg Kazmierczak, Wave systems, specific details about any individual can be risky as the attackers can use them to spear phishing attacks later on. According to Eric Chiu, the president and founder of HyTrust, apart from attacking the companies, this personal data can be harmful to the employees against themselves. He stated that compared to the customer’s date, employee data is more valuable as the companies have a record of their social security, finance and home. This can help the attackers to forge the identity.

NOAA Breach: 

Even though USPS had not pointed fingers at anyone pertaining to this attack, but China is being suspected behind these attacks. According to CEO of ThreatTrack, Julian Waits Sr., this revelation could not have come at any bad time, now the customers will get concerned about their identity and their personal security. NOAA was called on the carpet regarding the breach originated from the Chinese systems. They informed Frank R. Wolf from the Virginia Republican that they sure that their systems were hacked by China. However, they were unable to confirm that this attack specifically originated in China.

The Breach Diary: 

1. 10th Nov- USPS confirms the cyber intrusion and gave an estimation of 2.9 million affected customers.

2. 10th Nov- Sarah Hendrickson appointed as the chief of security.

 3. 11th Nov- Microsoft fixed a 19-year-old bug, which can be used by the hackers to launch drive-by attacks.

4. 12th Nov- 24,105 stories about data breach was reported by the Deloitte

According to another news report, after hacking into USPS, days after this event, hackers broke into U.S. National Weather Service computers. This attack was confirmed by the US National Oceanic and Atmospheric Administration. This attack took place just two days after the attack on the USPS. According to the American media reports, many of the NOAA services were put under temporary maintenance or were taken down temporarily. One of the representatives of the company told the Washington post that they know it was an attack from the hackers and it originated from China.

The agency had failed to inform appropriate authorities regarding these attacks. Although there is enough evidence pertaining to these attacks, NOAA refused to comment on the issue pertaining to the Chinese attacks on the United States Satellite network and weather conditions. They haven’t confirmed if this attack affected their notification or impacted any classified data.

Wednesday 5 November 2014

Researchers Identified Sophisticated Chinese Cyber Espionage Team

Collaboration between various security firms has thwarted one of the biggest and most sophisticated cyber espionage crew called the Axiom which is thought to be linked to China. This Axiom Threat Actor Group mostly targeted NGO and pro-democratic along with other individuals who are perceived as potential threat to China.

The Axiom Group

The group mostly targets pro-democratic NGOs in Asia along with industrial espionage by targeting organizations with influential energy policy and environmental policies. Also on the list is IT giants, chip makers, telecom companies and infrastructure providers.

The group mostly used phishing attack and malwares to get the job done. The typical attack seems more like a state-sponsored attack yet again. Their prime is the Hikit tool linked to an attack referred to as Deputy-dog attack, which famously used an IE zero day bug to attack Asian firms mostly.

The group seems to work relatively quietly and is thought to be more heavily funded than say APT1 crew (Shanghai based and PLA affiliated). According to Novetta, the group is active for 6 years, is highly disciplined and is well-resourced. The suspect that Chinese government is related is most certainly true.

The Collaboration and Solution

The attacks performed did not go unnoticed however and sooner rather than later, security firms started collaborating to bring it down. The coalition among the partner is led by Novetta along with Bit9, Cisco, F-Secure, ThreatTrack Security, iSIGHT Partners, Microsoft, FireEye, Tenable, ThreatConnect, Volexity and other unnamed partners. Via Microsoft’s coordinated malware removal campaign, the coalition took its first public action called operation SMN.

Over 43k machines with Axiom tool installations have been removed from machines. Among them 180 were clear examples of Hikit – the last stage persistent and data exfiltration tool that is the peak of the Axiom victim’s lifecycle. This was perhaps the first of its kind from security firms to fight off potentially deadly state-sponsored threats to the whole world.

The Diplomacy 

China has clearly denied any involvement in Axiom. According to Chinese Embassy spokesman, such events and allegations judging from the past are fictitious and China has itself been on the wrong end of cyber espionage according to revelations by Snowden.

With 2 weeks to go before President Barrack Obama gives Beijing a visit, cyber security will be a high priority agenda to discuss. Washington has previously tried hard enough to pressurize China over issues of possible state-sponsored cyber warfare against the US but has failed to sustain it after the Snowden revelations.

Novetta however hopes that the example set by the coalition will be followed in future to fight cyber terrorism. However, it will be very stupid to think that Axiom is gone for good. The operation was more of a remediation than knock-out blow and chances are that Axiom will be back soon though with probably different tools and strategies this time around.

The group has amassed lots of technical data regarding the threat and its workings which will help in future in fighting against such groups.

Wednesday 3 September 2014

Tools Manipulating RAM to Mislead Cyber crime Investigators

ADD, attention deficit disorder, a tool changes the structure of the Windows physical memory and thereby, disturbs the memory functioning of the system and changing the pattern of the memory consolidation within the system. What it does is, make fake files, fake network connections, bad server dumps and ultimately, making a false background of the memory track. With this increasing amount of false server lists along with a great number of fake network connections are allowing cyber manipulators to work without much threat and do their job at a swift pace.

What cyber crime analysts and investigators do? 

There is always a memory dump in any computer system that has been running. Whatever occurs in the process, while the computer is running, every memory goes into the memory dump and that can be identified and objected at any point of time. This memory dump allows you to understand the pattern of surfing along with the network and server connections that have been subjected by the user. Every list of used objects gets located in the memory dump and the analysts using their analytics tools capture this dump and go through it to find any range of crime or misconduct and thereby, work in a way to prevent cyber crimes in a particular location or network. Cybercrime analysts have had a huge amount of job in the present time with an increasing amount of cyber frauds. An analyst looks for:-

  • Proof of private sessions
  • Passwords history
  • Browsing networks
  • Malwares and encrypted codes that form a part of the memory but not the disk.
The new tool creating hazard for the cyber crime investigators:- 

With the advent of internet, there is an increase in the amount of frauds and large network scams in the area of cyber use for thefts, frauds, cheating and other miscellaneous activities. ADD has come up with a facility that allows the user to dislocate itself from the normal network browsing history and relocated at a different location and finally disrupting the RAM. With a change in the memory location, it becomes utterly difficult for the cyber analysts to find the exact IP address and browsing history.

 A bigger problem exists with the fact that the attacker may insert such attacking and fake files into the network that allows another cyber crime group to attack at another networking sites and creating a greater number of malwares that will affect the RAM and disrupt the whole memory dumping process.

The cyber crime network is getting stronger with every passing minute and is using such artifacts that are very tough to validate and analyse. Even if the hacked system gets into the hands of the analyst, the ADD tool that has created the hazard will send the analyst on a journey that is far from the actual event and therefore, will add more to the confusion and hacking the malwares would not be possible.

The anti- cyber crime and cyber theft intercom are also trying to increase their resources and technologies that will allow them to build a stronger cyber rule and disallow the cyber attacker to attack the RAM and disturb the memory use.