Category: Privacy Attacks

Jan 18 2012

Another 7000 Israel Credit Cards Exposed

Credit Card ExposedThis week has began under worse auspices worse for Israel, which, despite its attention to the cyber threats posed by cyber-space, has been victim of a series of attacks that have checkmated the government of Jerusalem.

Kosova Hacker’s Security Group of Hackers today claim to release another 7000 Israel credit cards on Internet. Last week xOmar from “group-xp” threatened the Israeli people by exposing millions of credit cards. After that Israel said that it will respond to cyber-attacks in the same way it responds to violent terrorist acts, by striking back with force against hackers who threaten the Jewish state.

The Dump of these 7000 Cards are posted on Tinypaste by Kisova Hackers. Th3 Dir3ctorY, ThEtA.Nu, & X|CRIPO, three hackers from Kosova Hacker’s Security Group posted all the credentials including full name of the card holder, CCV, card no, expiry date.

More, Saudi cyber Hacker OxOmar struck again last Monday by disrupted the websites of Israel’s stock exchange and National air carrier. Israel is facing with a true escalation in cyberwar. Another Interesting Read on Israel Cyber war by Pierluigi Paganini on his Blog.

Sep 25 2011

Doppelganger Domain Attack

Doppelganger Domain AttackDomain typo-squatting is commonly used to spread malware to users whom accidentally misspell a legitimate domain in their web browser. A new type of domain typo-squatting takes advantage of an omission instead of a misspelling.

A Doppelganger Domain is a domain spelled identical to a legitimate fully qualified domain name (FQDN) but missing the dot between host/subdomain and domain, to be used for malicious purposes. Doppelganger Domains have a potent impact via email as attackers could gather information such as trade secrets, user names and passwords, and other employee information.

Each company in the Fortune 500 was profiled for susceptibility to Doppelganger Domains and 151 companies (or 30%) were found to be susceptible. In large corporations, email usage is extremely high and the likelihood of some email being mis-sent is high which could result in data leakage.

Security researcher Peter Kim and Garrett Gee who set up doppelganger domains to mimic legitimate domains belonging to Fortune 500 companies say they managed to vacuum up 20 gigabytes of misaddressed e-mail over six months. The intercepted correspondence included employee usernames and passwords, sensitive security information about the configuration of corporate network architecture that would be useful to hackers, affidavits and other documents related to litigation in which the companies were embroiled, and trade secrets, such as contracts for business transactions.

WhitePaper : Doppelganger.Domains.pdf

Sep 15 2011

DroidSheep – Android Application for Session Hijacking

DroidSheep – One-click session hijacking using your android smartphone or tablet computer.

DroidSheep

DroidSheep makes it easy to use for everybody. Just start DroidSheep, click the START button and wait until someone uses one of the supported websites. Jumping on his session simply needs one more click. That’s it.

What do you need to run DroidSheep?
– You need an android-powered device, running at least version 2.1 of Android
– You need Root-Access on your phone (link)
– You need DroidSheep

Which websites does DroidSheep support?
– amazon.de
– facebook.com
– flickr.com
– twitter.com
– linkedin.com
– yahoo.com
– live.com
– google.de (only the non-encrypted services like “maps”)

Download: droidsheep-current.apk

Aug 30 2011

Hackers Acquire Google Certificate, Could Hijack Gmail Accounts

Hackers have obtained a digital certificate good for any Google website from a Dutch certificate provider.

Google SSL Certificate

Criminals could use the certificate to conduct “man-in-the-middle” attacks targeting users of Gmail, Google’s search engine or any other service.

Attackers could poison DNS, present their site with the fake cert and bingo, they have the user’s credentials.

Man-in-the-middle attacks could also be launched via spam messages with links leading to a site posing as, say, the real Gmail. If recipients surfed to that link, their account login username and password could be hijacked.

Details of the certificate were posted on Pastebin last Saturday.

The SSL certificate is valid, and was issued by DigiNotar, a Dutch certificate authority, or CA.

It’s unclear whether the certificate was obtained because of a lack of oversight by DigiNotar or through a breach of the company’s certificate issuing website.

Given their ties to the government and financial sectors it’s extremely important to find out the scope of the breach as quickly as possible. The situation was reminiscent of a breach last March, when a hacker obtained certificates for some of the Web’s biggest sites, including Google and Gmail, Microsoft, Skype and Yahoo.

Then, Comodo said that nine certificates had been fraudulently issued after attackers used an account assigned to a company partner in southern Europe.

Initially, Comodo argued that Iran’s government may have been involved in the theft. Days later, however, a solo Iranian hacker claimed responsibility for stealing the SSL certificates.

Aug 06 2011

AntiSec Releases Over 10GB of Private Police Files including Informants Details

Operation AntiSecA week after 70 law enforcement agencies were defaced and attacked in what was known as Fuck FBI Friday, Anonymous and LulzSec have released another massive amount of confidential data, this time targeted at US police officers in what they’re now calling Shooting Sherrifs Saturday.

Over 10GBs of information has been leaked including hundreds of private emails, password information, address and social security numbers, credit card numbers, informant details, police training files and more.

The group claims to be acting in solidarity with Topiary, a member of LulzSec who was apparently found to be in posession of 750,000 login credentials when arrested last week as well as with the Anonymous PayPal LOIC defendants whom Anonymous faithful claim should be considered as ‘political prisoners’. From the release ‘notes’:

“We stand in support of all those who struggle against the injustices of the state and capitalism using whatever tactics are most effective, even if that means breaking their laws in order to expose their corruption. You may bust a few of us, but we greatly outnumber you, and you can never stop us from continuing to destroy your systems and leak your data.”

“We have no sympathy for any of the officers or informants who may be endangered by the release of their personal information. For too long they have been using and abusing our personal information, spying on us, arresting us, beating us, and thinking that they can get away with oppressing us in secrecy. Well it’s retribution time: we want them to experience just a taste of the kind of misery and suffering they inflict upon us on an everyday basis. Let this serve as a warning to would-be snitches and pigs that your leaders can no longer protect you: give up and turn on your masters now before it’s too late.”

Source: Shooting Sheriffs Saturday | Official Release Statement