Posts tagged: BlackHat

Aug 13 2011

DDoS and Hacking Services for Sale

Hacking ServicesAccording to Daniel Krebs an independent security researcher, hackers have started contending among themselves openly by providing DDoS (distributed denial-of-service) services that can help in causing websites to collapse. Signalnews reported this on August 2, 2011.

Apparently, several secret forums exist on which subscribers canvass their skills for carrying out devastating DDoS assaults in return for a payment.

Krebs writes that all services for distributed denial-of-service assault are priced an identical value, with the mean price charged for deactivating an Internet site astonishingly affordable. The prices for DDoS attack services are $5-$10 every hour; $40-$50 daily; $350 to $400 every week; and $1,200 and above every month. InfoSecurity published this on August 2, 2011.

Moreover, for their assaults, the hackers chiefly utilize botnets, while ignorant operators of computers remain unaware that they’ve gotten contaminated with malware as also being controlled remotely. A certain DDoS attackers’ gang canvasses a DIY (do-it-yourself) DDoS toolkit that explains how users can effortlessly assemble their own bot-infected PCs to create a network, which’s complete with an administration panel that’s Web-based to be utilized for remotely monitoring and regulating the compromised PCs i.e. the bots.

A particular Russian gang estimates that 15-30 bots are required for destabilizing small-sized websites, 250-280 for medium-sized ones and 750 to 800 for big websites. If the websites are still larger then 2,000 to 2,500 bots can cripple DDoS safeguards on them, while 15,000 to 20,000 bots can crash nearly all web-pages despite any number of security precautions on them.

Overall, services of DDoS attacks are available for sale pertaining to websites of the above sizes. These attacks are executed via botnets i.e. networks of malware-infected PCs. When contaminated, an average computer operator mayn’t be aware that his PC has been converted into a zombie under a hacker’s control and being used for a DDoS.

Krebs writes that one DDoS gangsters’ group, which has been around for no less than 3-years, has a DIY DDoS toolkit for sale, teaching how one can make his own network of bots, while the kit contains one bot builder along with an admin panel that’s web-based.

Aug 10 2011

Anonymous : Operation Facebook – November 5, 2011

“The more Facebook seems to dominate the world, the closer it seems to be to its end”.
Operation Facebook

Anonymous, the shady-yet-principled hacktivist group that has previously hacked into Iran’s government emails, the Pentagon, possibly the IMF, News Corp, Anders Breivik’s Twitter account, and much more, has a new target in its crosshairs: Facebook. The hackers have set the date for Facebook’s demise as November 5, 2011.

DATE: November 5, 2011.

Irc.Anonops.Li #OpFaceBook

Attention citizens of the world,

We wish to get your attention, hoping you heed the warnings as follows:
Your medium of communication you all so dearly adore will be destroyed. If you are a willing hacktivist or a guy who just wants to protect the freedom of information then join the cause and kill facebook for the sake of your own privacy.

Facebook has been selling information to government agencies and giving clandestine access to information security firms so that they can spy on people from all around the world. Some of these so-called whitehat infosec firms are working for authoritarian governments, such as those of Egypt and Syria.

Everything you do on Facebook stays on Facebook regardless of your “privacy” settings, and deleting your account is impossible, even if you “delete” your account, all your personal info stays on Facebook and can be recovered at any time. Changing the privacy settings to make your Facebook account more “private” is also a delusion. Facebook knows more about you than your family.….

You cannot hide from the reality in which you, the people of the internet, live in. Facebook is the opposite of the Antisec cause. You are not safe from them nor from any government. One day you will look back on this and realise what we have done here is right, you will thank the rulers of the internet, we are not harming you but saving you.

The riots are underway. It is not a battle over the future of privacy and publicity. It is a battle for choice and informed consent. It’s unfolding because people are being raped, tickled, molested, and confused into doing things where they don’t understand the consequences. Facebook keeps saying that it gives users choices, but that is completely false. It gives users the illusion of and hides the details away from them “for their own good” while they then make millions off of you. When a service is “free,” it really means they’re making money off of you and your information.

Think for a while and prepare for a day that will go down in history. November 5 2011, #opfacebook . Engaged.

This is our world now. We exist without nationality, without religious bias. We have the right to not be surveilled, not be stalked, and not be used for profit. We have the right to not live as slaves.

We are anonymous
We are legion
We do not forgive
We do not forget
Expect us

Will Anonymous be able to successfully lay waste to Mark Zuckerberg’s fortress? This is set to be the Internet showdown of the year.

Aug 08 2011

Anonymous Defaces Syrian Defense Ministry Website

The Anonymous hacking group has added the website of the Syrian Ministry of Defense to its ever-lengthening list of victims, defacing it with a message in support of the anti-Government insurrection.

Syrian Defence Ministry Hacked

Overnight, visitors to the website were greeted with the logo of the Anonymous collective plus links to videos showing protests, with a message in Arab and English.

“To the Syrian people: The world stands with you against the brutal regime of Bashar Al-Assad. Know that time and history are on your side – tyrants use violence because they have nothing else, and the more violent they are, the more fragile they become. We salute your determination to be non-violent in the face of the regime’s brutality, and admire your willingness to pursue justice, not mere revenge. All tyrants will fall, and thanks to your bravery Bashar Al-Assad is next.”

“To the Syrian military: You are responsible for protecting the Syrian people, and anyone who orders you to kill women, children, and the elderly deserves to be tried for treason. No outside enemy could do as much damage to Syria as Bashar Al-Assad has done. Defend your country – rise up against the regime! – Anonymous”

By lunchtime on Monday (BST) the site had become unavailable, which suggests either that the site has become overloaded or has been taken offline by the Syrian authorities.

Supporters of the insurrection will claim the successful hack as a propaganda coup although the Syrian regime and its leadership have long since stopped worrying how the outside world views it crackdown on anti-Government protests. The Anonymous hack tells us more about the insecurity of websites that offers convincing evidence of Syrian embarrassment.

Anonymous – and assumed spin-off LulzSec – have successfully attacked so many websites it is becoming easier to list those it hasn’t tried to undermine. It’s an eclectic and sometimes eccentric list.

Aug 06 2011

AntiSec Releases Over 10GB of Private Police Files including Informants Details

Operation AntiSecA week after 70 law enforcement agencies were defaced and attacked in what was known as Fuck FBI Friday, Anonymous and LulzSec have released another massive amount of confidential data, this time targeted at US police officers in what they’re now calling Shooting Sherrifs Saturday.

Over 10GBs of information has been leaked including hundreds of private emails, password information, address and social security numbers, credit card numbers, informant details, police training files and more.

The group claims to be acting in solidarity with Topiary, a member of LulzSec who was apparently found to be in posession of 750,000 login credentials when arrested last week as well as with the Anonymous PayPal LOIC defendants whom Anonymous faithful claim should be considered as ‘political prisoners’. From the release ‘notes’:

“We stand in support of all those who struggle against the injustices of the state and capitalism using whatever tactics are most effective, even if that means breaking their laws in order to expose their corruption. You may bust a few of us, but we greatly outnumber you, and you can never stop us from continuing to destroy your systems and leak your data.”

“We have no sympathy for any of the officers or informants who may be endangered by the release of their personal information. For too long they have been using and abusing our personal information, spying on us, arresting us, beating us, and thinking that they can get away with oppressing us in secrecy. Well it’s retribution time: we want them to experience just a taste of the kind of misery and suffering they inflict upon us on an everyday basis. Let this serve as a warning to would-be snitches and pigs that your leaders can no longer protect you: give up and turn on your masters now before it’s too late.”

Source: Shooting Sheriffs Saturday | Official Release Statement

Jul 27 2011

Half of SAP Systems on the Internet will be Hacked Next Week

SAP HackedOn the 4th of august at the world’s largest technical security conference – BlackHat USA 2011, which will take place in Las Vegas, SAP security expert and CTO of ERPScan Alexander Polyakov will show how any malicious attacker can get access to the systems running on SAP via Internet using new critical vulnerability.

SAP systems are used in more than 100 000 world companies to handle business-critical data and processes. Almost in each company from Forbes 500 system data are set for the handling of any process beginning from purchasing, human resources and financial reporting and ending with communication with other business systems. Thus receiving an access by the malicious attacker leads to complete control over the financial flow of the company, which can be used for espionage, sabotage and fraudful actions against hacked company.

The given attack is possible due to dangerous vulnerability of the new type, detected by Alexander in J2EE engine of SAP NetWeaver software, which allows bypassing authorization checks. For example it is possible to create a user and assign him to the administrators group using two unauthorized requests to the system. It is also dangerous because that attack is possible on systems, protected by the two-factor authentication systems, in which it is needed to know secret key and password to get access. To prove it researchers from ERPScan created a program, which detects SAP servers in the Internet with help of secret Google keyword and checks found servers on potential dangerous vulnerability. As the result, more than half of available servers could be hacked with help of found vulnerability.

“Danger is in that it is not only a new vulnerability, but a whole class of vulnerabilities that was theoretically described earlier but not popular in practice. During our research we only detected several examples in standard system configuration, and because each company customizes the system under its own business processes, new examples of vulnerabilities of the given class can be potentially detected at each company in the future. We have developed a free program which can detect unique vulnerabilities of such type in order to protect companies on time and it is also included in our professional product – ERPScan Security Scanner for SAP.” — noted Alexander.