Posts tagged: Hackers

Jan 20 2014

Microsoft Remotely Removed Tor Browser Bundle from more than 2 Million Systems

Tor Browser Bundle In August 2013, 4 million infected computers woke up and waited instructions from their master.

The pathogen was Sefnit, a nasty bit of malware that makes infected computers mine bitcoins. Once the computers woke up, they worked under the command of Ukranian and Israeli hackers named Scorpion and Dekadent. The malware communicated with the two by downloading Tor, the powerful anonymizing software, and talking over encrypted channels. It was the first time a botnet, as a collection of slave computers is called, used Tor in such a potentially powerful way.

By using an unconventional method to exploit Windows, the hackers unwittingly forced Microsoft to show a hand few knew it had: The ability to remotely remove progams en masse from people’s computers, without them even knowing it.

All of a sudden, the anonymous network grew from about 1 million users to 5.5 million, a jump that frightened even Tor’s developers.

Sefnit Tor Botnet Metrics

“If this had been a real attacker, if the botnet had been turned against the Tor network, it probably would have been fatal, I think,” developer Jacob Appelbaum said in a speech at the Chaos Communication Congress in December.

On one level, Sefnit’s use of Tor was a mistake. That surge in users brought unwanted attention to the botnet at a time of heightened interested in the Tor network. And the malware, which has existed in various versions of Tor since 2009, specifically targeted Windows users, a fact that got Microsoft’s attention quickly.

To fight back, Microsoft remotely removed the program from as many computers as it could, along with the Tor clients it used.

“That’s a lot of power that Microsoft has there,” Applebaum continued, raising his voice and laughing at the implications. “If you’re using Windows trying to be anonymous, word to the wise: Bad idea.”

It’s no small thing that Microsoft has the ability to reach into certain Windows installations and tear out the parts they deem dangerous, but Andrew Lewman, Tor’s executive director, says there’s little to worry about in this case.

“It sounds scary,” Lewman concluded, “until you realize users opt-in for the most part and agree to have their OS kept ‘secure’ by Microsoft.”

So, yes, Microsoft has the ability to reach into certain computers and delete programs. But, Lewman says, this is the way it’s always been—as long as the user agrees to it first.

Source: The Daily Dot – Microsoft’s secret battle against the Tor botnet

Jan 12 2014

MIT University Website Defaced by Anonymous Hackers in Honor of Aaron Swartz

Aaron Swartz Last year on January 11, a 26-year-old, young hacker, Reddit co-founder and the digital Activist, Aaron H. Swartz committed suicide.
He found dead in his Brooklyn, New York apartment, where he had hanged himself.

Swartz was indicted by a federal grand jury in July 2011, accused of hacking the MIT JSTOR database and stealing over four million documents with the intent to distribute them. He could have prison for 50 years and $4 million in fines by the Court, but before that he committed suicide in fear. Swartz’s father, Robert, later blamed the MIT and the judiciary system for his son’s death.

On the first Anniversary of Aaron Swartz, today the Anonymous group of hackers defaced the sub-domain of the Massachusetts Institute of Technology (MIT) website (http://cogen.mit.edu/) for about an hour as part of #OPLASTRESORT. Defacement page was titled ‘THE DAY WE FIGHT BACK’. The message posted on it, “Remember The Day We Fight Back, Remember. We Never Forget, We Never Surrender, Expect Us.”

Anonymous OpLastResort

The attack on the website of MIT is a part of the tragic suicide of hacker Aaron Swartz to give him tribute.

It was the MIT’s role in the federal prosecution against an activist, which ultimately led to him committing suicide, but the U.S Government has not learned anything and they are planning to make laws stricter against hackers.

Recently, The Senate Judiciary Committee Chairman ‘Patrick Leahy’ reintroduced a revamped version of the “Personal Data Privacy and Security Act” for tough criminal penalties for hackers. The new bill suggests 20 years in prison, rather than 10 years (currently) and also recommending to give same penalties for the hackers who even attempt to hack the systems, but doesn’t succeed.

Oct 21 2013

Facebook Data Mining Tool Uncovers Your Life

You know you shouldn’t post potentially damaging data on Facebook, but more often that not, your friends don’t think twice about it, and this can impact you even more than you think. At the Hack In The Box conference in Kuala Lumpur, security consultants Keith Lee and Jonathan Werrett from SpiderLabs revealed how a simple tool can enable anyone to find a comprehensive amount of data on any user.

Facebook Data Mining
Keith Lee and Jonathan Werrett during their presentation

To get the information, they created the aptly named FBStalker. This tool reverse-engineers the Facebook Graph and can find information on almost anyone. You don’t have to be a friend with someone on the network – the only thing that FBStalker needs to work is for parts of your posts to be marked as public. The tool will find things based on photos you’ve been tagged in, the comments you’ve put on other people’s posts, the things that you like, etc.

If you are tagged in a photo, we can assume you know the people you’re in the photo with. If you comment on a post, FBStalker knows there’s an association. Most people have an open friends list and this gives the tool a variety of people to target for more information. By looking at their posts and your interactions with them, it’s possible to understand how some of those people are important in your life.

Even though many users don’t use the Check-In function, it’s still possible to determine their favorite places to hang-out based on the tagged photos and posts from their friends. Just imagine the level of detail you can achieve and how that can help you if you want to mount a targeted social engineering attack against the user.

The first thing that came to mind when I learned about this tool was to ask if it’s a violation of Facebook’s terms of service. Werrett was expecting the question, he says with a smile: “The tool is basically automating what the user can do in the browser. We’re not using any APIs or unofficial ways of interacting with the interface. We’re using Graph Search to build-up this profile.”

FBStalker goes also a step further and provides private information about the targeted user that might not be obvious to others. It allows you to analyze the time when the person is online and, with time you are able to guess their sleep patterns and active hours.

This type of tool works well if you haven’t locked down your profile, but it can still work even if you have, provided that your friends haven’t locked down their profiles. You know the old saying – the chain is only as strong as its weakest link. With Facebook’s recent announcement that they are removing a privacy feature and that every user is going to be discoverable by name, things are getting increasingly harder to hide.

Even if your account is locked down, you can’t mark your profile picture as private. Once you change it and people like the picture, the attacker can start building a view of your friends list.

What can you do to protect yourself? The authors have a few suggestions: turn off location tracking and tighten your Facebook privacy settings. However, with the social networking giant increasingly removing privacy options, you may have trouble staying hidden.

Sep 27 2013

16-Year Old Arrested Over World’s Biggest Cyber Attack

Spamhaus DDoS AttackIn March 2013, a distributed denial of service (DDoS) attack of unprecedented ferocity was launched against the servers of Spamhaus, an international non-profit dedicated to battling spam.

The March Spamhaus attack peaked at 300 gigabits per second, Spamhaus CEO Steve Linford told the BBC at the time – the largest ever recorded, with enough force to cause worldwide disruption of the internet.

In April, one suspect was arrested in Spain.

Now, it’s come to light, another suspect was also secretly arrested in April – this one being a London schoolboy.

The 16-year-old was arrested as part of an international dragnet against a suspected organised crime gang, reports the London Evening Standard.

Detectives from the National Cyber Crime Unit detained the unnamed teenager at his home in southwest London.

The newspaper quotes a briefing document on the British investigation, codenamed Operation Rashlike, about the arrest:

“The suspect was found with his computer systems open and logged on to various virtual systems and forums. The subject has a significant amount of money flowing through his bank account. Financial investigators are in the process of restraining monies”.

Officers seized his computers and mobile devices.

The boy’s arrest, by detectives from the National Cyber Crime Unit, followed an international police operation against those suspected of carrying out the massive cyber attack, which slowed down the internet worldwide.

The briefing document says that the DDoS affected services that included the London Internet Exchange.

The boy has been released on bail until later this year, the London Evening Standard reports.

Sep 02 2013

Facebook Vulnerability that Allowed any Photo to be Deleted Earns $12,500 Bounty

Facebook BountyAn Indian electronics and communications engineer who describes himself as a “security enthusiast with a passion for ethical hacking” has discovered a Facebook vulnerability that could have allowed for any photo on the site to be deleted without the owner’s knowledge.

Arul Kumar, a 21 year old from Tamil Nadu, discovered that he could delete any Facebook image within a minute, even from verified pages, all without any interaction from the user.

For his efforts in reporting the vulnerability to Facebook’s whitehat bug bounty program Kumar received a reward of $12,500.

The vulnerability that he discovered was based around exploiting the mobile version of the social network’s Support Dashboard, a portal that allows users to track the progress of any reports they make to the site, including highlighting photos that they believe should be removed.

Kumar explained his bug by using a demo account, as well as sending Facebook a proof of concept video in which he showed how he could have removed Mark Zuckerberg’s own photos from his album.

By following Facebook’s whitehat guidelines he was able to pick up his deserved bounty.