h4ck3r _ N3w5

The very first question we always try to figure before choosing a trusted VPN service – Can’t a VPN provider just look at my traffic all they want and see what I’m doing?
Well, a reputated VPN provider today answers the Question and admitted that they sniffed the traffic on one of its United States-based servers in order to catch an alleged hacker.
Proxy.sh, a quality VPN service with no-logging policy, made a surprise announcement:

“We are unfortunate to announce that there have been abuses complaints about hacking activities on our U.S. Illinois 1 node. We have been saddened to learn that these actions were harmful to individuals (human beings). As a result, we will open this node again and monitor it with Wireshark for a period of 7 days.

Torrentfreak noticed that there was no mention of any legal process, court order, police action or other similar outside influence compelling Proxy.sh to do so.

The monitoring was triggered after Proxy.sh received a complaint from someone who claimed they were being harassed by a Proxy.sh user. The VPN provider then allegedly took it upon themselves to try and sort out the problem.

“If you are the hacker, please stop your activities and leave our network. You are not welcome here. Our heaven is reserved for those who are not harmful to other human beings. If you do not leave, we will find you and report your activities to NGO and press officers. For all others, the heaven is still safe for you, dear ones. We will completely remove Wireshark after 7 days and restart the node so that everything is erased (RAM-switch). All other nodes are left unaffected by these actions. Update: Wireshark has now been removed/wiped.”

Later Proxy.sh provided the final statement that, “We have decided to install a monitor on our Illinois 1 node so as to locate the hacker. A few hours after we announced this move to our public, the hacker came to us to apologize. We then completely removed the Wireshark installation.”

Not all VPN service providers are worth your trust. Some diligently logs your connection times, dates, IP addresses, keep track of how long you’re connected, and some even keep an eye on the types of traffic that you send through their networks while you’re logged in.

The best defense for user data is a quality VPN service, which will send the data through an encrypted tunnel to a secure inhouse server, hiding sensitive information from potential data thieves.

Author

Mohit Kumar aka ‘Unix Root’ is Founder and Editor-in-chief of ‘The Hacker News’. He is a Security Researcher and Analyst, with experience in various aspects of Information Security. Other than this : He is an Internet Activist, Strong supporter of Anonymous & Wikileaks.
Follow him @ Twitter | LinkedIn | Google | Email | Facebook Profile

Popular Stories

via The Hacker News http://thehackernews.com/2013/09/vpn-provider-proxysh-sniffed-traffic-of.html

In a series of high profile hacks, ‘Syrian Electronic Army (SEA)‘ just a few minutes before took control twitter account and website of ‘GlobalPost‘, a US based news agency.

‘Syrian Electronic Army is an organized hacking group loyal to the Syrian President Bashar al-Assad and known for their high profile cyber attacks.

The hacker posted two tweets from the victim’s account, saying “Think twice before you publish untrusted information about Syrian Electronic Army” and “This time we hacked your website and your Twitter account, the next time you will start searching for new job 🙂” (as shown in the screenshot).

GlobalPost’s Deputy Social Media and News Desk Editor ‘Kyle Kim’ also tweeted that “We’ve been hacked“.

At this point it is unclear that How group managed to access the website and twitter account. We are connecting to the hackers for further information, stay tuned to the page for more updates on this.

Author

Mohit Kumar aka ‘Unix Root’ is Founder and Editor-in-chief of ‘The Hacker News’. He is a Security Researcher and Analyst, with experience in various aspects of Information Security. Other than this : He is an Internet Activist, Strong supporter of Anonymous & Wikileaks.
Follow him @ Twitter | LinkedIn | Google | Email | Facebook Profile

Popular Stories

via The Hacker News http://thehackernews.com/2013/09/us-news-agency-globalposts-twitter-and.html

Here we go again! Earlier this week, Apple released iOS 7.0.2 just to fix some Lockscreen bugs in iOS 7 and but a researcher has found a new Lockscreen bug in new iOS 7.0.2.

This new Lockscreen bug is found by Dany Lisiansky, and he uploaded a proof of concept video on YouTube with the complete step by step guide.

Unlike the previous bugs it will not expose your Email, Photos, Facebook and Twitter but allows attackers to access your phone call history, voicemails and entire list of contacts.

A step by step guide released by iDownloadblog:

1. Make a phone call (with Siri / Voice Control)
2. Click the FaceTime button
3. When the FaceTime App appears, click the Sleep button
4. Unlock the iPhone
5. Answer and End the FaceTime call at the other end
6. Wait a few seconds
7. Done. You are now in the phone app

Video demonstration

It would be easy for someone who knows you or your love partner or your business partner to obtain your phone and call themselves from it to take advantage of this trick and they may only gain access to the Phone app.

Fixing this bug is pretty simple, Disable the Siri in Lockscreen by navigating to “Settings –> General –> Passcode –> Siri” and disable it there.

Also read that how an Iranian group defeated the iPhone Fingerprinting scanner Touch ID again, which allows them to unlock an iPhone device with multiple Fingerprints.

Author

Mohit Kumar aka ‘Unix Root’ is Founder and Editor-in-chief of ‘The Hacker News’. He is a Security Researcher and Analyst, with experience in various aspects of Information Security. Other than this : He is an Internet Activist, Strong supporter of Anonymous & Wikileaks.
Follow him @ Twitter | LinkedIn | Google | Email | Facebook Profile

Popular Stories

via The Hacker News http://thehackernews.com/2013/09/another-iphone-lockscreen-bypass.html

The Wall Street Journal reported that Iranian hackers have successfully penetrated unclassified US Navy computers, the allegations were made by US officials that consider the attacks a serious intrusion within the Government network.

“The U.S. Officials said the attacks were carried out by hackers working for Iran’s government or by a group acting with the approval of Iranian leaders. The most recent incident came in the week starting Sept. 15, before a security upgrade, the officials said. Iranian officials didn’t respond to requests to comment.”

US officials revealed that a group of Iranian state-sponsored hackers have repeatedly violated US Navy computer systems for cyber espionage purpose, despite no sensitive information has been leaked the event is considered very concerning. US Intelligence fears that such attacks could expose confidential information like the blueprints of a new cyber weapon.
US officials added that Congress has been briefed on the attack, Defense Secretary Chuck Hagel and Chairman of the Joint Chiefs of Staff Gen. Martin Dempsey discussed on the necessity further improve government network security.

“The Pentagon wouldn’t confirm the alleged Iranian hacks. A department spokesman said its networks are attacked daily. We take these attempts seriously and work to learn lessons from every one of them,” the spokesman said.

“Their ability to also play in this [cyber] sandbox compounds that concern,” “The series of Iranian intrusions revealed a weakness in the Navy network and a shortcoming in the service’s defenses compared with other unclassified military networks, according to U.S. Officials.

Once the intruders got into the Navy computer system, they were able to exploit security weaknesses to penetrate more deeply into the unclassified network, the officials said.”

Iran’s cyber abilities have increased gradually reaching a concerning level, US Intelligence believes that Iranian cyber units today have sufficient cyber abilities to attack the US causing serious damages to the critical infrastructures of the country.
The situation is very serious if we consider that the foreign hackers could sabotage the critical infrastructure using malicious code and tools freely available on the internet and purchased in the underground.
The study “Iran: How a Third Tier Cyber Power Can Still Threaten the United States” (PDF), published by the Atlantic Council sustains that despite the Iranian cyber capabilities are considered modest, they could be sufficient to launch attacks against the US that would do more damage to public perceptions than actual infrastructure.
The Iranian menace continues, Iranian state-sponsored hackers already hit US in the past the US major banks and energy industry computer networks, but if the event is confirmed there is the concrete risk that the cyber conflict may escalate.
Between US and Iran, there is a dangerous tension that has repercussions in the cyber space while US President Barack Obama and Iranian President Hassan Rouhani are trying to define a diplomatic conduct to reach an agreement on the development of Iranian nuclear program. The two leaders spoke on Friday, from the White House Friday afternoon, Obama announced he just got off the phone with Iranian President Hassan Rouhani and discussed “our ongoing efforts to reach an agreement over Iran’s nuclear program.”
The cyber war between US and Iran started a long ago, US in a joint effort with Israel is considered responsible for the sabotage of Iranian uranium enrichment facilities made with a cyber weapon known as Stuxnet.

Cybersecurity experts are not concerned only by Iran, most dangerous players in the cyberspace like China and Russia that have more sophisticated hacking capabilities than Iran.

The conflict between US and Iran is ongoing in the cyberspace and could have serious repercussions on the diplomatic dialogue established between the two governments, a cyber attack could have the same effect of a conventional strike … This could be just the beginning.

Author

Pierluigi Paganini is Company Director, Researcher, Security Evangelist, Security Analyst and Freelance Writer. Security expert with over 20 years experience in the field. The passion for writing and a strong belief that security is founded on sharing and awareness led me to found the security blog ‘Security Affairs‘ He is also Author of the book “The Deep Dark Web“. Follow him @ Facebook | Google | Email | Twitter

Popular Stories

via The Hacker News http://thehackernews.com/2013/09/iranian-hackers-infiltrated-us-navy.html

The Iranian group defeated the very basic phenomenon of an iPhone Fingerprinting scanner, which allows them to unlock an iPhone device with Fingerprints of 5-6 different users.

Apple‘s iPhone 5s, was launched just available in stores two weeks before with a new feature of biometrics-based security system called “Touch ID“, that involves analyzing a user’s fingerprint and using that to unlock the phone.

Apple launched the technology that it promises will better protect devices from criminals and snoopers seeking access. With this you can purchase things from the iTunes App Store. Basically, you can now use it in place of your password.

“Fingerprint is one of the best passcodes in the world. It’s always with you, and no two are exactly alike,” according to the Apple’s website.

Last week Germany Hackers showed that how they were able to deceive Apple’s latest security feature into believing they’re someone they’re not, using a well-honed technique for creating a latex copy of someone’s fingerprint.
Another interesting fact is that, Touch ID is not only designed to scan the fingerprints of your fingers, it works with various human body parts and appendages which are also not fingers.

An Iranian group of iPhone Geeks from Tehran running a blog i.e. “The Hacker News’ with another awesome Touch ID hack, shown that how they defeated the very basic phenomenon of Fingerprinting scanner i.e. “No two Fingerprints are exactly alike“. (Greets to Bashir Khoshnevis , Mohsen Lotfi , Shayan Khabazian and other members of i-Phone.ir support team)

In a video demonstration, provided to The Hacker News, the Group set up a mixed Fingerprint scan of 5-6 people for an iPhone 5S handset (as shown in the video), which allowed all of them to unlock the locked device with their individual fingerprints.

According to Apple, the chance that Touch ID will misread a finger is 1 in 50,000 , this is because Touch ID is designed to unlock the device with partial part of the scan. That means, if we will sup up the unlock settings of an iPhone with a merged thumbscan of multiple users, it will be able to read at least some partial scan of an individual user.

I asked my co-researchers “Wang Wie” and “Jiten Jain” to reproduce the hack, and it worked successfully for both and many times on latest IOS firmware 7.0.2 and I feel that iPhone users will not receive any patch soon for this.

Conclusion, Fingerprints taken by iPhone’s Touch ID are no more unique for a user. Touch ID is intended to reduce the number of times a person must enter a passcode, But you should use Passcode to make sure no one else has access to your iPhone.

Earlier this morning, a new report came from a Chinese weblog, DoNews stating that Apple will introduce the new Touch ID in iPad mini 2.

Author

Mohit Kumar aka ‘Unix Root’ is Founder and Editor-in-chief of ‘The Hacker News’. He is a Security Researcher and Analyst, with experience in various aspects of Information Security. Other than this : He is an Internet Activist, Strong supporter of Anonymous & Wikileaks.
Follow him @ Twitter | LinkedIn | Google | Email | Facebook Profile

Popular Stories

via The Hacker News http://thehackernews.com/2013/09/Apple-TouchID-fingerprint-scanner-hacking-unlock-iphone.html

Kaspersky Lab has identified another Chinese APT campaign, dubbed ‘Icefog’, who targeted Governmental institutions, Military contractors, maritime / shipbuilding groups, telecom operators, industrial and high technology companies and mass media.

The Hacking group behind the attack who carry out surgical hit and run operations, is an advanced persistent threat (APT) group, used a backdoor dubbed Icefog that worked across Windows and Mac OS X to gain access to systems.

“The Mac OS X backdoor currently remains largely undetected by security solutions and has managed to infect several hundred victims worldwide,” the report (PDF) said.

This China-based campaign is almost two years old and follows the pattern of similar APT-style attacks where victims are compromised via a malicious attachment in a spear-phishing email, or are lured to a compromised website and infected with malware.

The attackers embed exploits for several known vulnerabilities (CVE-2012-1856 and CVE-2012-0158) into Microsoft Word and Excel documents.

Once a computer has been compromised, the hackers upload malicious tools and backdoors. They look for email account credentials, sensitive documents and passwords to other systems.

“We observed many victims in several other countries, including Taiwan, Hong Kong, China, USA, Australia, Canada, UK, Italy, Germany, Austria, Singapore, Belarus and Malaysia,” the research team said.

There is no concrete evidence to confirm this was a nation-state sponsored operation, but based on where the stolen data were transferred to, Kaspersky wrote the attackers are assumed to be in China, South Korea and Japan.

In total, Kaspersky Lab observed more than 4,000 uniquely infected IPs and several hundred victims. They are now in contact with the targeted organizations as well as government entities in order to help them identify and eradicate the infections.

Author

Mohit Kumar aka ‘Unix Root’ is Founder and Editor-in-chief of ‘The Hacker News’. He is a Security Researcher and Analyst, with experience in various aspects of Information Security. Other than this : He is an Internet Activist, Strong supporter of Anonymous & Wikileaks.
Follow him @ Twitter | LinkedIn | Google | Email | Facebook Profile

Popular Stories

via The Hacker News http://thehackernews.com/2013/09/chinese-apt-espionage-campaign-dubbed.html

16-Year-Old Teenager has been arrested over his alleged involvement in the World’s biggest largest DDoS attacks against the Dutch anti-spam group Spamhaus.

The teenager, whose name is unknown at this point, was arrested by British police in April, but details of his arrest were just leaked to the British press on Thursday.

He was taken into custody when police swooped on his south-west London home after investigations identified significant sums of money were flowing through his bank account. The suspect was found with his computer systems open and logged on to various virtual systems and forums.
The March 20 attack on Spamhaus has been dubbed as the “biggest cyber attack in the history of the Internet” which saw server of the Dutch anti-spam organization being bombarded with traffic in tune of 300 billion bits per second (300Gbps).

A DDoS attack takes place when hackers use an army of infected computers to send traffic to a server, causing a shutdown in the process.

It’s unclear what role the teenager played in the massive distributed denial of service (DDoS) attack. The boy has been released on bail until later this year. A 35-year-old Dutchman was detained and his computers, data carriers and mobile phones were seized, local media speculates that the person is none other than CyberBunker spokesman Sven Olaf Kamphuis.

The attack on Spamhaus is believed to have started after the anti-spam organization blacklisted CyberBunker for allegedly spreading spam.

Author

Mohit Kumar aka ‘Unix Root’ is Founder and Editor-in-chief of ‘The Hacker News’. He is a Security Researcher and Analyst, with experience in various aspects of Information Security. Other than this : He is an Internet Activist, Strong supporter of Anonymous & Wikileaks.
Follow him @ Twitter | LinkedIn | Google | Email | Facebook Profile

Popular Stories

via The Hacker News http://thehackernews.com/2013/09/16-year-old-teenager-arrested-for.html

A College 19-year-old college student and Hacker from Temecula, California has been arrested for hacking the webcams of Miss Teen USA ‘Cassidy Wolf‘ and other women to extort nude photos and videos from them.

Earlier this year Cassidy Wolf received an anonymous email in which the sender claimed to have stolen images from the camera on her home computer. According to the complaint, he threatened to turn her “dream of being a model … into a pornstar.”

Jared James Abrahams, 19 years-old man forced several women to strip. Based on an investigation launched in March the FBI raided THE suspect’s home in June, seizing computers, cell phones and hacking software.

Abrahams is accused of hacking the computers of several young women and charged with extortion, that could send him to federal prison for up to two years.

Abrahams used malicious software to disguise his identity in order to capture nude photos or videos of victims through remote operation of cameras on their home computers without their consent.

“He was later freed on $50,000 bail but a judge confined him to his family home, ordered him to wear a GPS monitor, and said he could only use the home computer for schoolwork, with software to be installed that will monitor its use.” Fox News explained.

Investigators have identified several other victims in the case. The affidavit does not name the victims.

Author

Wang Wei has been a security consultant for the government, financial securities, banks. Working as Researcher with The Hacker News. He is also a renowned speaker on the subject of ‘Exploit Writing’. He is Malware analyst, Freelancer Penetration Tester, Cloud Computing, Mobile application & Software Developer. Follow him @ Twitter | Google | Email

Popular Stories

via The Hacker News http://thehackernews.com/2013/09/fbi-arrested-19-year-old-hacker-for.html

An illegal service that sells personal data of US citizens online, which can then be used for identity theft hacked into the networks of three major data brokers and Hacker stole their databases.
Cyber attack has given them access to Social Security Numbers, dates of birth, and other personal details that could put all our finances at risk.
Krebs’s blog revealed that the service, known as SSNDOB (ssndob.ms) (Social Security Number Date of Birth) used malware to obtain secret access to the databases of LexisNexis, Dun & Bradstreet and Kroll Background America.

Hackers are charging from 50 cents to $2.50 per record and from $5 to $15 for credit and background checks. It was discovered in March that another website, exposed.su was using data collected by SSNDOB to sell to its customers.

Through the use of a botnet Malware, ID thieves the ID thieves gained access to the networks of LexisNexis, that it provides coverage of more than 500 million unique consumer identities.

“The botnet’s online dashboard for the LexisNexis systems shows that a tiny unauthorized program called “nbc.exe” was placed on the servers as far back as April 10, 2013, suggesting the intruders have had access to the company’s internal networks for at least the past five months,” Krebs’ report.

“The program was designed to open an encrypted channel of communications from within LexisNexis’s internal systems to the botnet controller on the public Internet.”

SSNDOB itself was compromised by multiple attacks earlier this year, and website’s records show that 1,300 customers have spent hundreds of thousands of dollars looking up SSNs, birthdays, drivers license records, and obtaining unauthorized credit and background reports on more than four million Americans.
The service’s main website at ssndob.ms has been taken offline, but similar services can be found at ssndob.cc and ssndob.biz.

Dun&Bradstreet and Altegrity have said they are investigating the claims. LexisNexis said that it has found no evidence of data theft.

Author details

Wang Wei has been a security consultant for the government, financial securities, banks. Working as Researcher with The Hacker News. He is also a renowned speaker on the subject of ‘Exploit Writing’. He is Malware analyst, Freelancer Penetration Tester, Cloud Computing, Mobile application & Software Developer. Follow him @ Twitter | Google | Email

Latest Hacking News Updates

via The Hacker News http://thehackernews.com/2013/09/hacker-sold-personal-data-of-4-million.html

Italian Researcher Michele Spagnuolo recently revealed a serious vulnerability in the popular Mailbox iPhone app.

Mailbox is a tidy iOS the email app recently purchased by Dropbox, has a pretty wide-open hole that could allow bad actors to hijack your device.

The flaw occurs in the latest version of Mailbox (1.6.2) currently available from the App Store, that executes any Javascript which is present in the body of HTML emails.

With exploitation of this vulnerability, users could be subject to account hijacking, spam and phishing attacks by simply opening an HTML email containing embedded javascript.

You can see a video demonstration below:

The good news is that the problem is probably not as bad as it looks, because iOS is tightly sandboxed, its security features are built with this functionality in mind and normally do not allow any potentially harmful operation to take place without the user’s permission.

Mailbox’s statement on this issue, “Many thanks to the community for continuing to push Mailbox to be as great an app as possible. As others have noted, the risks here are extremely limited thanks to the inter-app security built into iOS. That being said, we’re working on an improvement to mail formatting that will mitigate the issue entirely and aim to ship it soon.”

Author details

Mohit Kumar aka ‘Unix Root’ is Founder and Editor-in-chief of ‘The Hacker News’. He is a Security Researcher and Analyst, with experience in various aspects of Information Security. Other than this : He is an Internet Activist, Strong supporter of Anonymous & Wikileaks.
Follow him @ Twitter | LinkedIn | Google | Email | Facebook Profile

Latest Hacking News Updates

via The Hacker News http://thehackernews.com/2013/09/mailbox-iphone-app-vulnerability.html