Posts Tagged ‘hacker’
Monday, April 22, 2013 @ 09:04 AM gHale
Thirteen popular home and small office routers contain security problems that could allow a hacker to snoop or modify network traffic, new research said.
All of the routers tested by Independent Security Evaluators (ISE), a security consultancy based in Baltimore, MD, could end up taken over if the hacker had access credentials. The tested products came from Linksys, Belkin, Netgear, Verizon and D-Link.
RELATED STORIES
Backdoor Found on Router
Moxa Mitigates Router Hole
Router Vulnerability Unveiled
Junos OS Open to Attacks
All of the router models evaluated ran their company’s latest firmware and ended up tested with their default, out-of-the-box configurations. Consumers have few options for mitigating the attacks, ISE said in its report.
http://securityevaluators.com/content/case-studies/routers/soho_router_hacks.jsp
“Successful mitigation often requires a level of sophistication and skill beyond that of the average user,” ISE said.
Compromised routers are valuable to hackers, since they can intercept the traffic of anyone on that network. If the traffic is unencrypted, the attacker can view it.
Man-in-the-middle attacks can let a hacker launch more sophisticated attacks on all users in the router’s domain, ISE said. Hackers can perform attacks such as sniffing and rerouting non-SSL (Secure Sockets Layer) traffic, tampering with DNS (Domain Name System) settings and conducting distributed denial-of-service attacks.
ISPs deploying large numbers of vulnerable routers could also give hackers a way into their own core infrastructure, ISE wrote.
ISE listed a few of the routers it studied, writing that it has notified vendors and worked in some cases on mitigations. It did not list product details for five of the routers, presumably because patches are not ready for release.
The consultancy divided the attacks into those which required an attacker to be on the same network and those on networks that could suffer a remote attack. Two routers from Belkin, the N300 and N900, were vulnerable to a remote attack that did not require the hacker to have authentication credentials.
All of the named products were vulnerable to an authenticated attack if the hacker was on the same network and had login credentials or access to a victim who had an active session on the particular network.
Those products were the Linksys WRT310v2, Netgear’s WNDR4700, TP-Link’s WR1043N, Verizon’s FiOS Actiontec MI424WR-GEN3I, D-Link’s DIR865L and Belkin’s N300, N900 and F5D8236-4 v2 models.
Monday, March 4, 2013 @ 04:03 PM gHale
A hacker doing time in the UK for hacking, ended up taking an IT course the prison offers inmates to prepare themselves for a successful entry back into society upon their release, ended up breaking into the prison’s mainframe.
Nicholas Webber, 21, the founder of the GhostMarket online forum where cyber crooks were able to trade stolen credit card details, tools to commit computer offenses, and knowledge, is the inmate enrolled in the IT class at HMP Isis prison in South London, according to a report in the Daily Mail of London. Apparently, his actions caused ‘major panic’ but it is not clear what, if anything, he managed to access.
RELATED STORIES
Six Strikes Piracy System on Tap
Guilty Plea in Software Piracy Case
Arrest for Selling Counterfeit Software
LulzSec Member Guilty in Sony Attack
Arrested two years ago along with a few accomplices and sentenced to five years in prison, Webber ended up included in the group that took IT lessons provided by the prison in order to teach inmates skills that would help them once they got out.
This incident would have stayed quiet but the prison’s IT teacher, Michael Fox, has an unfair dismissal case against the prison.
Fox said after they discovered the hack, he was held responsible for it and dismissed first by the prison, and then to his employers at the Kensington and Chelsea College where is also worked as a teacher.
He said he was not knowledgeable of Webber’s hacking background and that, ultimately, he wasn’t the one who allowed him to attend the lessons in the first place.
“At the time of this incident in 2011 the educational computer system at HMP Isis was a closed network. No access to personal information or wider access to the Internet or other prison systems would have been possible,” said a Prison Service spokesman.
Further details were not immediately available.
Wednesday, February 20, 2013 @ 01:02 PM gHale
A site for iPhone developers called iphonedevsdk.com was the hub for a Java Zero Day attack on Twitter, Facebook and Apple.
Investigators identified the site as having been the center of a “waterhole” attack, where users end up drawn to the site in question because of its content, according to a Bloomberg report.
RELATED STORIES
Hiding Code into JavaScript
Adobe Mitigation Plan for Zero Day
Trojan a Work of ‘Poetry’
Ransomware Encrypts Data
The target was iOS developers who used the site’s forums to discuss developing for Apple’s devices. iPhoneDevSDK.com confirmed it suffered a compromise and a single administrator’s account was able to modify the site’s theme and add malicious JavaScript to all the site’s pages. The site said the hacker removed the JavaScript on January 30 and it only found out it had suffered compromise when they ended up identified in an AllThingsD article which cited Facebook. Anyone who accessed the site should check for malware on their systems.
Apple is the latest company to reveal it found malware on employees’ laptops, apparently delivered using those drive-by attacks. The methodology appears to be very similar to what Facebook revealed it had been subject to in January. Apple gave no time frame for when it ended up attacked, but, according to Bloomberg, Apple was the first to discover the attacks. Investigators said they suspected the attacks were the work of Eastern European criminals rather than any state-sponsored hacking group.
Apple said it had “identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple.”
Apple also released an update to its Java 6 in Mac OS X which completely removes Java plugin support and directs users to Oracle for their Java 7 and plugin support. Oracle, who released an emergency patch for 50 vulnerabilities on Feb. 1 – in what appears to have been a response to the Facebook and Apple attacks – has released an updated version of that emergency patch with a handful of critical holes also closed.
Friday, December 14, 2012 @ 01:12 PM gHale
A vulnerability affecting Internet Explorer versions 6 through 10 could make it possible for a hacker to monitor the movements of your mouse, even with a minimized browser window.
This means an attacker could learn passwords and PINs if they end up typed on a virtual (on-screen) keyboard, said researchers at UK-based web analytics firm Spider.io. Two display advertising networks are already exploiting it, the company said. It refused to name them in its statement.
RELATED STORIES
Chrome Wards Off BlackHole
BlackHole Exploit Kit Details
Password Stealing Malware Incognito
Europe Domains Host BlackHole
“As long as the page with the exploitative advertiser’s ad stays open — even if you push the page to a background tab or, indeed, even if you minimize Internet Explorer — your mouse cursor can be tracked across your entire display,” Spider.io researchers said.
The company added, while the problem has been acknowledged by the Microsoft Security Research Center, there are apparently no immediate plans for a patch.
Microsoft published an official blog post on the issue, saying the risk to consumer privacy is almost entirely theoretical, and “the underlying issue has more to do with competition between analytics companies than consumer safety or privacy.”
Spider.io also published the technical details of the exploit, which involves the browser’s global Event object, as well as a game demonstrating how it could monitor user input to a virtual keyboard.
“Internet Explorer’s event model populates the global Event object with some attributes relating to mouse events, even in situations where it should not. Combined with the ability to trigger events manually using the fireEvent() method, this allows JavaScript in any webpage (or in any iframe within any webpage) to poll for the position of the mouse cursor anywhere on the screen and at any time,” the company said.
Friday, December 7, 2012 @ 04:12 PM gHale
A Northampton, U.K., man is guilty of one count of conspiracy to impair the operation of computers for his involvement in the DDoS campaign against PayPal and other companies in 2010.
Christopher Weatherhead, 22, was found guilty of conspiracy in the plan initiated by Anonymous called “Operation Payback,” the campaign focused on movie and music industry organizations at the beginning, and then at PayPal, MasterCard, Visa and other financial institutions for refusing to process donations to WikiLeaks.
RELATED STORIES
Charged Hacker Faces Life
Hacker Guilty in AT&T Breach
Arrest for Selling Counterfeit Software
LulzSec Member Guilty in Sony Attack
Russell Tyner, Crown Advocate for the CPS Organized Crime Division, said before the court that the attacks executed by Weatherhead and his fellow conspirators cost the targeted companies over $5.61 (£3.5) million in additional staffing, software and loss of sales.
“These were lawful companies with ordinary customers and hard working employees. This was not a victimless crime,” he said.
Weatherhead’s conspirators and Anonymous members Peter Gibson, 24, Ashley Rhodes, 28, and Jake Birchall, 18, pleaded guilty to the same charge earlier.
During the trial, Weatherhead insisted he had not taken part in the attacks and that he was acting only as a “communications manager” and “online chatroom creator” for Anonymous.”
Sentencing will occur in January.
He is free on bail and cannot use Internet chat relays or post anything online under his known pseudonym or any other name but his own. He also has to wear an electronic tag and will have to abide to a set curfew.
Tuesday, December 4, 2012 @ 05:12 PM gHale
Jeremy Hammond could face up to 30 years to life on charges of conspiracy to commit computer hacking, computer hacking and conspiracy to commit access device fraud after the Southern District Court of New York opened a three-count federal indictment last week.
Hammond, 27, known “Anarchaos,” “sup_g,” “burn,” “yohoho,” “POW,” “tylerknowsthis,” and “crediblethreat,” is being held without bail since his arrest in March on charges connected with last year’s hacking of Strategic Forecasting, or Stratfor, an Austin, TX-based international intelligence broker. The attack was by AntiSec, an offshoot of LulzSec, which is in turn an offshoot of the hacktivist collective Anonymous, officials said.
RELATED STORIES
Hacker Guilty in AT&T Breach
Arrest for Selling Counterfeit Software
LulzSec Member Guilty in Sony Attack
Busted for Trade Secret Theft
The government said starting last December, Hammond and others from AntiSec stole information from about 860,000 Stratfor subscribers, including emails, account information, and data from about 60,000 credit cards. The government said he published some of that information online, and used some of the stolen credit card data to run up at least $700,000 in unauthorized charges.
He also stands accused of giving about five million internal emails to WikiLeaks, published under the name The Global Intelligence Files.
Unknown to Hammond, however, was the then-leader of AntiSec, Hector Xavier Monsegur, a New York hacker known as “Sabu,” arrested the previous June, agreed to cooperate with the FBI, officials said. Some of the Stratfor information Hammond uploaded went directly into a honey pot server maintained by the FBI.
At a hearing last week, Hammond was denied bail, based on U.S. District Judge Loretta Preska’s determination he was a danger to the community and a flight risk.
The bail denial sparked another round of protest from Hammond’s supporters. Anonymous published a message on Pastebin demanding that Preska recuse herself for conflict of interest. The group said her husband, Thomas J. Kavaler, was among Stratfor’s clients, and therefore one of the alleged victims of the hack. Kavaler is a partner at Cahill Gordon & Reindel LLP in New York City.
“Judge Preska by proxy is a victim of the very crime she intends to judge Jeremy Hammond for,” Anonymous wrote in a message posted last Friday. “Judge Preska has failed to disclose the fact that her husband is a client of Stratfor and recuse herself from Jeremy’s case, therefore violating multiple Sections of Title 28 of the United States Code.”
Hammond should go to trial sometime next year.
Wednesday, September 5, 2012 @ 12:09 PM gHale
Companies often say “we don’t need security, why would anyone attack us?” Sometimes hackers take valuable company intellectual property, sometimes names and addresses, and even sometimes they take money.
That is exactly what happened to a Berks County, PA, train engine parts manufacturer as a hacker got into its computer system and stole almost $200,000, state police said.
RELATED STORIES
FBI Computer Hacked; 12M IDs Breached
Philips Hit for Second Time in Month
Sony Hacked Again
Sony Hack: LulzSec Suspect Busted
The banking system at CWI Railroad System Specialists, a Barto company, ended up hacked last month, troopers said.
The hacker entered the company’s system and issued payments to banks in Virginia, police said.
No arrests have been made but state police and the FBI continue to investigate.
Using the Internet protocol address, which is essentially each electronic device’s license plate number, investigators were able to track the origin of the attack.
“The IP address of the hacker’s computer comes from Virginia,” Trooper David C. Beohm said. “Once they got into the computer, the hacker made payments to four different banks in Virginia.”
A total of $190,000 went to the banks Aug. 24 and 27, investigators said.
“Malware must have been placed somewhere to make the withdrawal,” CWI Vice President Greg Scott said Sunday. “There is only one computer in our company that has access to our Quaker National Bank account. I don’t know how they could have gotten to it.”
According to investigators, people were waiting at the banks to either deposit the money into an account or cash the checks.
The bank’s fraud protection covered most, but not all, of the stolen money, Scott said. He said bank officials said up to 90 percent of the money has protection.
“I’m very frustrated and confused as to why they wouldn’t cover the whole transaction,” he said.
“It is sad,” Scott added. “We have a very protected server, so it can happen to anybody.”