Browsing all articles in Security
Mar
26

Hacking ATM Machines with Just a Text Message

Author admin    Category IT News, Security     Tags
Hacking ATMs with just text message

As we reported earlier, Microsoft will stop supporting the Windows XP operating system after 8th April, apparently 95% of the world’s 3 million ATM machines are run on it. Microsoft’s decision to withdraw support for Windows XP poses critical security threat to the economic infrastructure worldwide.

MORE REASONS TO UPGRADE
Security researchers at Antivirus firm Symantec claimed that hackers can exploit a weakness in Windows XP based ATMs, that allow them to withdraw cash simply by sending an SMS to compromised ATMs.
What was interesting about this variant of Ploutus was that it allowed cybercriminals to simply send an SMS to the compromised ATM, then walk up and collect the dispensed cash. It may seem incredible, but this technique is being used in a number of places across the world at this time.” researchers said.

HARDWIRED Malware for ATMs

According to researchers – In 2013, they detected a malware named Backdoor.Ploutus, installed on ATMs in Mexico, which is designed to rob a certain type of standalone ATM with just the text messages.
To install the malware into ATMs machines, hacker must connect the ATM to a mobile phone via USB tethering and then to initiate a shared Internet connection, which then can be used to send specific SMS commands to the phone attached or hardwired inside the ATM.
Since the phone is connected to the ATM through the USB port, the phone also draws power from the connection, which charges the phone battery. As a result, the phone will remain powered up indefinitely.

HOW-TO HACK ATMs

  • Connect a mobile phone to the machine with a USB cable and install Ploutus Malware.
  • The attacker sends two SMS messages to the mobile phone inside the ATM.
    • SMS 1 contains a valid activation ID to activate the malware
    • SMS 2 contains a valid dispense command to get the money out
  • Mobile attached inside the ATM detects valid incoming SMS messages and forwards them to the ATM as a TCP or UDP packet.
  • Network packet monitor (NPM) module coded in the malware receives the TCP/UDP packet and if it contains a valid command, it will execute Ploutus
  • Amount for Cash withdrawal is pre-configured inside the malware
  • Finally, the hacker can collect cash from the hacked ATM machine.
Researchers have detected few more advanced variants of this malware, some attempts to steal customer card and PIN data, while others attempt man-in-the-middle attacks.
This malware is now spreading to other countries, so you are recommended to pay extra attention and remain cautious while using an ATM.
[thehackernews]
Feb
18

Australia-AS Berbagi Akses Sadap Telkomsel dan Indosat

Author admin    Category IT News, Security     Tags

sadap

Kabar mengejutkan diungkapkan mantan kontraktor rekanan National  Security Agency (NSA) Amerika Serikat (AS) Edward Snowden. Menurut Snowden, intelijen Australia memanfaatkan 2 operator telepon seluler terbesar Indonesia demi memuluskan aksi penyadapan yang dilakukan Australia dan juga AS.

Pria yang kerap kali membocorkan rahasia intelijen AS itu, sebagaimana dilansir The New York Times, Sabtu (15/2/2014), memaparkan lembaga intelijen AS turut terlibat dalam penyadapan yang dilakukan oleh pemeritah Australia. Ia juga mengatakan dalam menyadap komunikasi di Indonesia, pemerintah Australia dan AS telah melibatkan 2 operator seluler terbesar di Indonesia, yakni operator yang mendominasi corporate colour dengan warna merah dan corporate colour warna kuning.

The New York Times yang dikutip Sydney Morning Herald dan Guardian, memaparkan data terbaru Snowden itu menyebutkan bahwa ke-2 operator telepon seluler terbesar di Indonesia itu dilibatkan untuk mengumpulkan data yang mereka inginkan. Incaran terbesar Australia dalam penyadapan itu adalah tokoh besar Indonesia dan tersangka teroris yang kerap beraksi.

Diungkapkan oleh media massa bergengsi AS, Australia dan Inggris tersebut tentang rincian yang berisi cara Australia Signal Directorate (ASD) menawari badan pengawasan AS dan kantor hukum AS dalam skandal penyadapan itu. Dokumen-dokumen tersebut menunjukkan kerja sama yang terjalin NSA dan ASD untuk kali pertama mengungkap akses komprehensif sistem komunikasi nasional Indonesia.

Menurut sebuah dokumen NSA tahun 2012, ASD telah berhasil mengakses data panggilan dari Indosat sebagai operator komunikasi satelit domestik di Indonesia. Data yang disadap tersebut termasuk data pejabat Indonesia di berbagai departemen pemerintah.

Tak tanggung-tanggung berdasarkan dokumen dari tahun 2013 lalu menyatakan ASD telah memperoleh hampir 1,8 juta kunci utama enkripsi yang digunakan untuk melindungi komunikasi rahasia dari jaringan Telkomsel dan mengembangkan sebuah cara untuk mendeskripsikan sandi secara keseluruhan.

Menurur bocoran tersebut Intelejen Australia telah mengintai Indonesia sejak bom Bali di tahun 2002 yang telah menewaskan 202 orang, termasuk 88 warga Australia. Selain Indonesia, penyadapan tersebut juga menyasar beberapa negara di Asia, termasuk China.

[New York Times]

Dec
5

Adobe and Java vulnerabilities leave Windows open for exploitation

Author admin    Category IT News, Security     Tags

A recent report by the AV-Test Institute found that exploits in Adobe Reader, Adobe Flash, and Java account for 66 percent of Windows systems affected by malware.

In a 10-year-plus study, AV-Test uncovered that one exploit for Adobe Reader had nearly 37,000 recorded variants that exploited user machines with high levels of precision. Users with outdated software or versions known to be susceptible stood virtually no chance of avoiding malware damage without some form of protective software.

The biggest offender? Java, which had a whopping 82,000 attacks spread across different versions, making it one of the most vulnerable magnets for exploitation.

The race to secure Java is ongoing. In the meantime, users can take better precautions to protect themselves from PDF exploits by using the following alternatives to Adobe Reader:

1. PDF-XChange Viewer

PDF-XChange Viewer is a free, lightweight app that lets you modify, annotate, and convert PDF files.

2. Sumatra PDF

Sumatra PDF is a free and bloat-free PDF reader, known for its minimalist take on viewing PDFs. Ease of use takes priority in this open-source viewer for Windows.

3. Mozilla Firefox

Don’t want a separate viewing client? Firefox is not only a spectacular browser, but it also comes with native support for PDF files.

[cnet]

Oct
17

Indonesia tops China as source of Internet attacks

Author admin    Category Hacker, Hacking, IT News, Security     Tags

Indonesia tops China as source of Internet attacks

In a somewhat nefarious climb to the top, Indonesia overtook China to become the top source of Internet attacks.

Attack traffic from Indonesia nearly doubled in the second quarter of 2013, according to Akamai’s latest “The State of the Internet” report released Wednesday. This spike in April to June pushed China — where 33 percent of attack traffic for the second quarter originated — out of the top spot. According to Akamai, one of the world’s largest globally distributed networks, 38 percent of observed attack traffic in the second quarter came out Indonesia, a 17 percent climb from the previous quarter.

Rounding out the top 10 on Akamai’s list of attack traffic by country: the United States, Taiwan, Turkey, India, Russia, Brazil, Romania, and South Korea. These ten countries were the source of 89 percent of attacks, said Akamai. In total, Akamai observed attack traffic originating from 175 unique countries/regions in the second quarter, two fewer than in the first quarter.

Akamai noted in the report that its “methodology captures the source IP address of an observed attack and cannot determine attribution of an attacker.” Which basically means, the actual attackers aren’t always in the country where their attack traffic is originating.

The security section of the report also said Akamai customers reported being targeted by 318 DDoS attacks in the second quarter, 54 percent more than the prior quarter, and that enterprise customers were the most frequently targeted.

[cnet]

Sep
26

IBM Publishes 2013 Mid-Year Cyber Security Trend and Risk Report

Author admin    Category IT News, Security     Tags

IBM-Publishes-2013-Mid-Year-Cyber-Security-Trend-and-Risk-Report-386025-2

The IBM X-Force Research and Development team has published its 2013 mid-year report on cyber security trends and risks. The results of the study are based on the analysis of 4,100 new vulnerabilities, and 900 million new webpages and images.

According to the report, social media is increasingly used by cybercriminals for reconnaissance and attacks. Compromised social media accounts can be highly valuable for falsifying reviews of social engineering attacks.

“IBM X-Force expects to see these newer applications of social engineering become more sophisticated as attackers create complex internetworks of identities while refining the art of deceiving victims,” noted Leslie Horacek, worldwide threat response manager for IBM X-Force and senior editor of the report.

“Users must adopt a mindset of guilty until proven innocent when it comes to social media and companies should engender suspicion to protect users and assets,” she added.

As far as vulnerabilities are concerned, researchers found that the number of new vulnerabilities reported in the first half of 2013 was similar to the number reported last year. However, it’s worth noting that the number of web application vulnerabilities has slightly decreased this year.

When it comes to web vulnerabilities, cross-site scripting (XSS) remains the most common type, accounting for over half of all security holes.

In most cases (28%), successful exploitation of a vulnerability has resulted in gaining access to a system or application.

The report names the United States as the country that hosts most malicious links, 42% to be more precise. The US is followed by Germany (9.8%), China (5.9%) and Russia (4.5%).

The IBM X-Force report also covers mobile malware, watering hole attacks, zero-day attacks, and distraction and diversion techniques.

[ibm]

Jul
23

Cyberattacks account for up to $1 trillion in global losses

Author admin    Category IT News, Security     Tags

Cyberattacks account for up to $1 trillion in global losses

While still costly, cyberattacks might not be depleting government cash at the rate previously thought.

A new joint report released Monday by security firm McAfee and the Center for Strategic and International Studies has lowered the estimate from $1 trillion in global annual losses to a range of $300 billion to $1 trillion.

The report’s authors say that estimating the annual costs of cyberattacks is extremely difficult because some companies hide their losses, while others don’t even know the value of what has been stolen from them.

In the new report, the authors look at losses in six categories: the loss of intellectual property, cybercrime, loss of business information, service disruptions, the cost of securing networks, and reputational damage to a hacked company.

“We use several analogies where costs have already been quantified to provide an idea of the scope of the problem, allowing us to set rough bounds — a ceiling and a floor — for the cost of malicious cyber activity, by comparing it to other kinds of crime and loss,” the report reads.

For example, in the U.S., car crashes cost the country $99 billion to $168 billion per year, or 0.7 percent to 1.2 percent of the gross domestic product. In comparison, cyberattacks cost the U.S. $24 billion to $120 billion per year, or 0.2 percent to 0.8 percent of the GDP. The report also puts U.S. job losses from cyberattacks at 508,000.

In 2009, McAfee released a report that said data theft and breaches from cybercrime were costing businesses as much as $1 trillion globally in lost intellectual property and expenditures for repairing the damage. While the global figure from McAfee’s new report still states $1 trillion, it is tampered by the $300 billion low-end figure.

Not only are hackers putting a drain on the global economy, they are also getting their hands on tons of data. A study released by Team Cymru in February said that overseas hackers are stealing as much as one terabyte of data per day from governments, businesses, militaries, and academic facilities. According to Team Cymru, the hackers are so sophisticated and are running such massive campaigns that many of them could be state-sponsored.

McAfee’s report released today is a preliminary analysis for a larger study that looks even deeper into the costs of hacking and cybercrime.

“Cybercrime and cyber espionage cost the global economy billions of dollars every year. The dollar amount, large as it is likely to be, may not fully reflect the damage to the global economy,” the report reads. “Cyber espionage and crime slows the pace of innovation, distorts trade, and brings with it the social costs associated with crime and job loss. This larger effect may be more important than any actual number and it is one we will focus on in our final report.”

[cnet]

Jul
11

Costs And Incidence Of Malicious Corporate Attacks Way Up

Author admin    Category IT News, Security     Tags

It used to be that the biggest threat to corporate data breaches was simple incompetence. But even as the volume of malware remains roughly constant, the incidence and cost of malicious attacks on corporate networks are increasing.

Malware Contained?

Google recently updated its Transparency Report to showcase fluctuating levels of malware and phishing. The good news is that while phishing sites have increased, malware seems to somewhat contained:

This will come as small consolation to enterprises, however, which are coping with a 614% increase in mobile malware exploits in the last year alone, according to a new report from Juniper Networks. Up to 92% of such malware has been targeted at Android, given its dominant market position.

While most of the malware remains targeted at retail consumers, sending fraudulent premium SMS messages, the report finds that “several attacks…could potentially be used to steal sensitive corporate information or stage larger network intrusions,” giving hackers the ability to “use the mobile device to do reconnaissance and go deeper into the corporate network.”

Unfortunately, this isn’t simply a hypothetical problem.

Corporate IT Under Siege

Even as IT departments and users have apparently become less prone to system glitches and negligence, according to a 2013 study by the Ponemon Institute and Symantec of 277 companies that experienced losses or thefts of protected personal data, the incidence of malicious attacks is rising fast.

And while it’s never been cheap to have hackers hit your system, the cost from malicious breaches is rising sharply.

While all enterprises need to concern themselves with data breaches, the cost of infiltration increases significantly for highly regulated industries like Finance and Healthcare.

Raise The Barricades?

What to do? It’s simply not going to work to demand an entire enterprise use a particular phone – those days of Blackberry uniformity are over – and it’s not clear that attacks mostly originate at the device level, anyway. Mobile devices are being used to infiltrate corporate networks, but much of the threat remains on the server side.

As the report finds, U.S. and U.K. companies received the greatest reduction in data breach costs by having a strong security posture, incident response plan and chief information officer appointment. The U.S. and France also reduced costs by engaging data breach remediation consultants.

In other words, while it’s impossible to blockade all threats – the Ponemon Institute found that 51% of enterprises report getting hit with hourly attacks – a little vigilance goes a long way.

[RWW]

Jul
2

New slides reveal greater detail about PRISM data collection

Author admin    Category IT News, Security     Tags

NSA slide listing current participants in the PRISM data collection program and what type of content may be available for review.

The Washington Post published on Saturday a set of slides regarding PRISM, revealing more details about the National Security Agency’s controversial surveillance program and how it operates.

The new slides, which come nearly a month after former NSA employee Edward Snowden leaked classified documents to the press about the program, appear to confirm that the NSA and FBI have the ability to perform real-time surveillance of e-mail and stored content.

The slides also seem to contradict denials from tech companies such as Google, Apple, Yahoo, and Microsoft about their level of participation in the program. The program “uses government equipment on private company property to retrieve matching information from a participating company, such as Microsoft or Yahoo and pass it without further review to the NSA,” The Washington Post reported.

NSA slide describing the PRISM data collection process.

Another slide shows how the data is collected by an FBI “interception unit” installed at the companies involved and then passed on to “customers” at the NSA, FBI, or CIA. “Depending on the provider,” the program allows the NSA to “receive live notifications when a target logs on or sends an e-mail,” as well as “monitor a voice, text or voice chat as it happens.”

The new data also reveals when each company allegedly joined PRISM. Microsoft was the first company to join the program in September 2007, according to one slide, followed by Yahoo about six months later and Google in early 2009, according to one of the slides. Apple was the last to join the program last October.

The dates companies joined the PRISM program.

Google, Apple, Yahoo, Microsoft, Facebook, and other Internet companies have been left reeling after a pair of articles earlier this month alleged that they provided the NSA with “direct access” to their servers through a so-called PRISM program. Subsequent reporting by CNET revealed that this was not the case, and the Washington Post backtracked from its original story on PRISM.

Legally barred from discussing its participation in the program, Google and Microsoft have petitioned a secretive U.S. surveillance court to lift a gag order prohibiting it from disclosing more information about government requests it receives for customer data. To date, the companies have released only totals that combine legal requests made under the Foreign Intelligence Surveillance Act with other related to criminal investigations involving fraud, homicide, and kidnapping, making it impossible to determine how many FISA requests they have received.

CNET has contacted the Justice Department for comment on the new slides and will update this report when we learn more.

In another revelation, the U.K.-based Guardian reported Sunday that “top secret” documents show that the U.S. intelligence community is spying on European Union diplomatic missions. The documents, leaked by the NSA whistleblower Edward Snowden, lists 38 “targets” and details surveillance methods used against each, including bugs implanted on communications equipment and taps on communications cables.

[cnet]

Jun
27

Hacking Facebook Account with just a text message

Author admin    Category FB, Hacking, IT News, Security     Tags

Hacking Facebook Account with just a text message

Can you ever imagine that a single text message is enough to hack any Facebook account without user interaction or without using any other malicious stuff like Trojans, phishing, keylogger etc. ?

Today we are going to explain you that how a UK based Security Researcher, “fin1te” is able to hack any Facebook account within a minute by doing one SMS.

Because 90% of us are Facebook user too, so we know that there is an option of linking your mobile number with your account, which allows you to receive Facebook account updates via SMS directly to your mobile and also you can login into your account using that linked number rather than your email address or username.

According to hacker, the loophole was in phone number linking process, or in technical terms, at file /ajax/settings/mobile/confirm_phone.php

This particular webpage works in background when user submit his phone number and verification code, sent by Facebook to mobile. That submission form having two main parameters, one for verification code, and second is profile_id, which is the account to link the number to.

 Hacking Facebook Account with just a text message
As attacker, follow these steps to execute hack:
Change value of profile_id to the Victim’s profile_id value by tampering the parameters.
Send the letter F to 32665, which is Facebook’s SMS shortcode in the UK. You will receive an 8 character verification code back.
facebook-sms-3-1
Enter that code in the box or as confirmation_code parameter value and Submit the form.
facebook-sms-4

Facebook will accept that confirmation code and attacker’s mobile number will be linked to victim’s Facebook profile.

In next step hacker just need to go to Forgot password option and initiate the password reset request against of victim’s account.

Attacker now can get password recovery code to his own mobile number which is linked to victim’s account using above steps. Enter the code and Reset the password!

Facebook no longer accepting the profile_id parameter from the user end after receiving the bug report from the hacker.

[thehackernews]

Jun
12

PRISM Fallout: In Cloud We Don’t Trust?

Author admin    Category IT News, Security     Tags

U.S. tech firms who have built their business on a free-flowing Internet just got a huge smack in the face. Leaked government documents seemed to reveal the existence of a top-secret program with the capability to mine their users’ data at will.

Right now, the debate is over exactly what data’s being collected and how—and whether the companies were complicit in letting it happen.

But that misses the real impact of such a program. Regardless of the details, it will damage the reputations of the U.S. as a technology marketplace.

There are many operations that will feel the hit, but the biggest one may be in cloud computing. After all, what foreign company would want to host its data in a cloud that could be rifled at will by the U.S. government?

What We Think We Know

Leaked documents from the National Security Agency and the FBI have revealed an apparent secret government program, code-named PRISM, that is “extracting audio, video, photographs, e-mails, documents and connection logs that enable analysts to track a person’s movements and contacts over time,” according to the Washington Post.

The data was pulled from the servers of Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple. Dropbox, the Post reported, is supposedly “coming soon.”

The NSA does not monitor every piece of data, the story reports, only targeted individuals. But the capability to monitor the target within all of the companies’ data is there, according to the slides obtained by the Post.

All of the companies named in the leaked slides have categorically denied being involved in PRISM, which is pretty much the only answer they can give: if such a program exists, they are likely bound by court order from revealing their participation, and if it doesn’t exist, then they are truthful in denying it. The U.S. government, for its part, acknowledges that such programs do exist, but that the documents published by the Post and the U.K.’s Guardian contain “numerous inaccuracies.”

Which, alas for the U.S. tech industry, isn’t exactly a “no.”

Perception-wise, the firms named in the leaked slides are screwed. If PRISM doesn’t exist, it will be very hard to prove otherwise in a climate where distrust of government is at an all-time high. If PRISM does exist, then the perception of these companies will either be as lying co-conspirators in a massive breach of user privacy – or incompetent morons who don’t know that the U.S. government can get into their data whenever it wants.

The most likely scenario here is that the tech companies are being very, very literal: they can deny ever hearing of a program called PRISM because they may have really never heard of it. Ars Technica spoke with Electronic Frontier Foundation Staff Attorney Kurt Opshal, who outlined what’s probably going on with these denials:

“Whether they know the code name PRISM, they probably don’t,” [Opshal] told Ars. “[Code names are] not routinely shared outside the agency. Saying they’ve never heard of PRISM doesn’t mean much. Generally what we’ve seen when there have been revelations is something like: ‘we can’t comment on matters of national security.’ The tech companies responses are unusual in that they’re not saying ‘we can’t comment.’ They’re designed to give the impression that they’re not participating in this.”

In Cloud We Trust?

Successfully pulling off that impression would seem to be nearly impossible and the nine tech companies named in the PRISM documents are in for a world of pain. Already, U.S.-based users, individual and corporate, are up in arms about the perceived breach, even as the U.S. government insists that it is not spying on its own citizens, but is targeting non-U.S. citizens in its quest to maintain national security.

US companies may end up becoming more active participants in cyber/national security related activities anyway, depending on how Department of Defense cyberwar rules of engagement play out.

 

Bit for public cloud users who reside outside the U.S., the statements about non-U.S. targets are sure to have a chilling effect. Especially in the European Union, which has been critically examining their data relationship with the U.S. for some time. That relationship, once precarious, may have just gotten pushed off the cliff.

Currently, data generated by European companies is bound by the strictures of the E.U.’s 1998 European Commission Directive on Data Protection (ECDDP), which, among other things, blocks data from being transferred to outside the European Economic Area unless the E.U.’s strict protection guidelines were followed.

The problem is that U.S. laws and policies let data like names and addresses be handled in ways that were way outside the ECDDP comfort zone. This would have effectively prevented any European data from being stored on U.S.-based clouds and data centers, were it not for Safe Harbor.

Established in the Fall of 2000, Safe Harbor is a compromise that would allow data interchange to take place. Safe Harbor requires that companies follow a certain set of privacy practices, such as informing individuals that their data is being collected and how it will be used. If Safe Harbor rules are followed by U.S. companies, which self-certify themselves to be Safe Harbor compliant, then E.U. data can be stored in the U.S., which is handy since many of the world’s biggest public cloud services are located in the U.S.

All of the E.U. nations, with the exception of Germany, are participants in the E.U.-U.S. Safe Harbor agreement. This is why in Germany, corporate workers are prohibited from using services like Google Docs to store and work with company information. (One has to wonder if the Germans didn’t have an inkling that something like PRISM was going on.)

The Europeans have had some qualms about Safe Harbor already. Last July, an independent European advisory body, the Article 29 Working Party, recommended the existing Safe Harbor agreement between the U.S. and E.U. is not enough to provide true security for European organizations’ data. Their argument? That self-certification was nowhere near enough to assure adequate protections.

“…[I]n the view of the [Article 29] Working Party, sole self-certification with Safe Harbor may not be deemed sufficient in the absence of robust enforcement of data protection principles in the cloud environment,” the recommendation stated. “The Working Party considers that companies exporting data should not merely rely on the statement of the data importer claiming that he has a Safe Harbor certification. On the contrary, the company exporting data should obtain evidence that the Safe Harbor self-certifications exists and request evidence demonstrating that their principles are complied with.”

In other words, don’t take U.S. tech companies at their word that they will comply with Safe Harbor rules.

Safe Harbor At Risk

Fast forward to today, when suddenly the Article 29 Working Party’s non-binding recommendation has some teeth to it. European companies and lawmakers are very likely going to look at the events surrounding PRISM and wonder how safe their data would be if stored in a U.S. system.

Amazon and Rackspace, two large U.S.-based public cloud providers, were not named in the PRISM slides, but Microsoft and Google were. While no one knows if the U.S. intelligence services can and were accessing cloud-based data hosted by Microsoft and Google, the integrity of their cloud hosting services will probably be called into question now, especially by companies outside the U.S., which – by the U.S. government’s own insistence – are valid targets for national security investigations.

The E.U.-U.S. Safe Harbor agreement may be the one of first casualties of the leaking of PRISM – even if PRISM turns out to be fictitious. Just the hint that something like PRISM could exist could evaporate a large amount of trust and business for U.S. cloud vendors – even ones not named in the PRISM documents.

Public cloud infrastructure is under serious threat, as users domestic and international start seriously questioning public cloud security and integrity. This may bring a large shift towards private cloud or virtual data centers deployments, as companies seek to protect their data from government’s prying eyes.

[RWW]

Follow us on Twitter! Follow us on Twitter!
[Powered by Android]

Blogroll

Google Search :)

Calendar

April 2014
M T W T F S S
« Mar    
 123456
78910111213
14151617181920
21222324252627
282930  

Archives

Recent Posts