h4ck3r _ N3w5

Again a top secret revelation from the Snowden’s Desk! A new document retrieved by the whistleblower Edward Snowden shows that the Canadian spy agency is tracking airline travelers even days after they left the terminal, just by capturing their device identification from the free Wi-Fi service at a major Canadian airport.
CBC News reported that the US Intelligence agency worked with its counterpart Communications Security Establishment Canada (CSEC) in Canada, and slurped information from the free Internet hotspots to track anyone who passed through the airport terminal, and could be tracked throughout the country by cross-referencing it with the intercepted information from Wifi at cafes, libraries and other public places, although it is not clear that they were tracking only the users who logged-in to the WiFi services or not.

But It is also possible that one can capture the MAC addresses of all the available devices within the range of a Wi-Fi device (using some special tools like Aircrack-NG, a wifi hacking toolkit), even without making a login connection, where the MAC address of the traveler’s device represents its unique identification. Same capturing devices were implemented throughout the country in all public places, hotels, coffee shops and restaurants, libraries, ground transportation hubs, movie halls etc. to capture the MAC addresses.

Using a database of all collected MAC addresses from all over the country, it becomes possible for the spy agencies to track the location of a traveler by cross-referencing its unique identification i.e. MAC address.

The Document shows the federal intelligence agency was collecting MAC addresses also in the U.S. Airports, and literally at other thousands of public places in the U.S.

“The document makes it clear that CSEC intended to share both the technologies and future information generated by it with Canada’s official spying partners — the U.S., Britain, New Zealand and Australia, the so-called Five Eyes intelligence network.”

In a written statement provided by the CSEC to CBC news states that it is “mandated to collect foreign signals intelligence to protect Canada and Canadians. And in order to fulfill that key, foreign intelligence role for the country, CSEC is legally authorized to collect and analyze metadata.” They also added that, “No Canadian communications were (or are) targeted, collected or used.”

The author of the book Black Code: Inside the Battle for Cyberspace, Ronald Deibert said “I can’t see any circumstance in which this would not be unlawful, under current Canadian law, under our Charter, under CSEC’s mandates.”

The Document states that the “Passengers tracking operation” is the trial run of ‘game-changing’, a new software program that the CSEC was developing with the help of NSA (National Security Agency).

The country’s two largest airports, Toronto and Vancouver, both say they have never supplied CSEC or other Canadian intelligence agency with information on passengers’ Wi-Fi use.

Now this is why the most powerful Intelligence official in the United States told a Senate committee Wednesday that the National Security Agency leaker Edward Snowden is a hypocrite; he & his supposed accomplices should return any classified documents he still has.

via The Hacker News http://ift.tt/MDKmID

After the massive data breaches at U.S retailers Target and Neiman Marcus in which financial credentials of more than 110 million and 1.1 million customers were compromised respectively, shows that the Point of Sale (POS) system has become a new target for the cyber criminals.
Despite the BlackPOS malware of Point of Sale (POS) system that comes out as the major cause of these data breaches, malware writers are upgrading and developing more Trojans to target POS system.
In December, the security researchers at anti-virus firm Kaspersky Lab discovered a Tor-based banking trojan, dubbed “ChewBacca“, that was initially categorized as a Financial trojan, but recently security researchers at RSA have uncovered that ‘ChewBacca’ is also capable of stealing credit card details from point of sale systems.
‘ChewBacca’, a relatively new and private Trojan, used in the 11 countries as a POS malware is behind the electronic theft. ChewBacca communicates with its C&C (Command and Control) server over the Tor network obscuring the IP addresses of parties.

ChewBacca steals data from the POS system in two ways:

• Generic keylogger that captures all the keystrokes.
• Memory scanner that reads process memory and dumps the credit card details.

The botnet has been collecting track 1 and track 2 data of payment card since October 25, according to RSA.

During installation, ChewBacca creates a copy of itself as a file named “spoolsv.exe“and place it in the windows Start > Startup folder, so that it can automatically start-up at the login time.

After installation, the keylogger program creates a log file called “system.log” inside the system %temp% folder that contains the keystroke events along with the window focus changes.

“The ChewBacca Trojan appears to be a simple piece of malware that, despite its lack of sophistication and defense mechanisms, succeeded in stealing payment card information from several dozen retailers around the world in a little more than two months.”

Neither the RSA nor the Kaspersky descriptions explain how the ChewBacca bot is propagated, but the RSA investigation has observed it mostly in the US and also detected in 10 other countries, including Russia, Canada and Australia.

The RSA has provided the data to the FBI on the ChewBacca operation, including the location of a command-and-control server used by the hackers.

They advised retailers to increase staffing levels and develop leading-edge capabilities to detect and stop attackers (comprehensive monitoring and incident response), encrypt or tokenize data at the point of capture and ensure that it is not in plain text view on their networks, thereby shifting the risk and burden of protection to the card issuers and their payment processors.

via The Hacker News http://ift.tt/1kiLblg

Downfall in the monopoly of propriety software like Microsoft and Apple accelerated after the Snowden revelations of NSA spying, where technology giants like Microsoft, Google, Apple are sharing a bed with the NSA.

The UK government is again planning to ditch Microsoft for Open Source and Free alternatives. Cabinet Office minister Francis Maude announced yesterday that they are move away from Microsoft Office, towards open source softwares like OpenOffice & LibreOffice suites, in an effort to drive down costs and foster greater innovation.
UK has spent about £200 million in the last three years for Microsoft’s ubiquitous software suite, but now this migration will save large revenue of the kingdom, according to The Guardian.

The cabinet Office minister said, “We know the best technology and digital ideas often come from small businesses, but too often in the past they were excluded from government work. In the civil service there was a sense that if you hired a big multi-national, who everyone knew the name of, you’d never be fired. We weren’t just missing out on innovation, we were paying top dollar for yesterday’s technology. The software we use in government is still supplied by just a few large companies. A tiny oligopoly dominates the marketplace.”

Why Open Source? With unbarred NSA surveillance programs, there is a steep upward inclination of end users towards open source technology. Open source software is available for free, not only that you can read the source code of the product you are going to use, and built executable from that as well.

If you have competent knowledge of programming you are free to edit that source code and generate new software which will be completely customized based on your requirements. Since you have used the source code of an open source product which have been tested by a number of users, hence made is less vulnerable to security breaches.

Most important part is that you have customized it and verified that no backdoor available which is left for surveillance by any government.

Mozilla also recommends using open source technology. In a blog post Inventor of JavaScript & current CTO of Mozilla, Mr. Brendan Eich said “NSA is not just focused on high-tech exploits, but also specialize in inserting secret backdoor to legitimate products. Its Tailored Access Operations (TAO) unit works with the CIA and FBI to intercept shipments of hardware to insert spyware into the devices. This way NSA is able to keep an eye on all levels of our digital lives, from computing centers to individual computers, and from laptops to mobile phones.”

A major component of the proposals will be a move to standardize document formats across government. Other government bodies in Europe have successfully moved to open source software.

via The Hacker News http://ift.tt/1bFEbcc

A really bad year for the world’s second-largest email service provider, Yahoo Mail! The company announced today, ‘we identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts‘, user names and passwords of its email customers have been stolen and are used to access multiple accounts.

Yahoo did not say how many accounts have been affected, and neither they are sure about the source of the leaked users’ credentials. It appears to have come from a third party database being compromised, and not an infiltration of Yahoo’s own servers.

“We have no evidence that they were obtained directly from Yahoo’s systems. Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails.”

For now, Yahoo is taking proactive actions to protect their affected users, “We are resetting passwords on impacted accounts and we are using second sign-in verification to allow users to re-secure their accounts. Impacted users will be prompted (if not, already) to change their password and may receive an email notification or an SMS text if they have added a mobile number to their account.”

People frequently use the same passwords on multiple accounts, so possibly hackers are brute-forcing Yahoo accounts with the user credentials stolen from other data breaches.

Yahoo users can prevent account hijacks by using a strong and unique password. You can use ‘Random strong password generator‘ feature of DuckDuckGo search engine to get a unique & strong password.

Users are also recommended to enable two-factor authentication, which requires a code texted to the legitimate user’s mobile phone whenever a login attempt is made from a new computer.

Yahoo! was hacked in July 2012, with attackers stealing 450,000 email addresses and passwords from a Yahoo! contributor network.

Readers can also download two free Whitepaper related to the Email and account security:

1. Cloud-Based Email Archiving
2. Email Data Loss Prevention

Well, Yahoo is now working with federal law enforcement as a part of its investigation.

via The Hacker News http://ift.tt/1fohEoq

The Encyclopedia giant WIKIPEDIA has been found vulnerable to remote code execution because of a critical flaw in the MediaWiki software.

Wikipedia is a name which has become a major source of information for all of us. It has webpages on almost every topic you need to search.

This giant is powered by an open source wiki software called MediaWiki. MediaWiki not only empowers Wikipedia, but also a number of other wiki websites. This software is a product of the Wikimedia Foundation and is coded in PHP with a database as backend.

Cyber Point Software Technologies found a remote code execution vulnerability in MediaWiki version 1.8 and onwards. The vulnerability assigned with ID CVE-2014-1610 allows an attacker to execute shell code remotely via an incorrectly sanitized parameter on the MediaWiki application server.

“Shell meta characters can be passed in the page parameter to the thumb.php.” Bug 60339.

Key Findings: The vulnerability might have caused Wikipedia’s web servers a malicious content distributor, if left uncovered.

An update was released from the Wikimedia Foundation after knowing about the vulnerability from Check Point. This is the 3rd ‘remote code execution’ vulnerability reported in MediaWiki Platform, since 2006.

“It only takes a single vulnerability on a widely adopted platform for a hacker to infiltrate and wreak widespread damage,” says Dorit Dor, vice president of products, Check Point Software Technologies. Check Point’s Vulnerability Research Group assesses common software to ensure the security of Internet users.

Since almost all cyber security enthusiasts are putting efforts in finding security loopholes in the products available on the Internet, that has put Open source technology to the highest priority in terms of security testing.

via The Hacker News http://ift.tt/1kbI66G

After Financial and Banking Malwares, Ransomware has become the first choice of money motivated cybercriminals.
A new Ransomware Trojan known as ICEPOL has been one of those widespread malware which has been successfully installed approximately 267,786 times worldwide in 42,400 in the USA alone over a five month period, analyzed by the security firm BitDefender.
The ICEPOL Trojan (also known as Reveton) categorized as Ransomware that locks your PC and demand for a ransom amount to unlock it. Malware is using a previously known vulnerability in Java software i.e. CVE-2013-0422 to infect the systems.

The malware threatened the user with accusations of illegal piracy or ‘porn-related activity‘ and requires money for exemption from punishment that pretends to be from the ‘police’.

“The ICEPOL Trojan extorted victims who downloaded it by sending them a message in any one of 25 languages purporting to be from police accusing them of downloading copyrighted material or illegal porn,” said Catalin Cosoi, Chief Security Strategist from Bitdefender.

The malware includes one more money making scheme, i.e. Designed to redirect the victims to the website via pay-per-click scam under the traffic exchange mechanism. The police estimated that more than $32,000 was stolen from the U.S. victims over the five-month period.

The Romanian police in cooperation with the Internet security firm Bitdefender found dozens of C&C servers and successfully seized one of the major C&C servers, which was the part of large distribution of ICEPOL Trojans, located in the Romanian capital Bucharest.

“The results of the investigation of ICEPOL Trojan based on cooperation with various law enforcement agencies and third party vendors. Despite the complex investigations, we have so far achieved very good results and we will continue to fight cybercrime“, says the head of the agency against cyber crime, the Romanian National Police.

This is not the first time when a ransomware tricked the victims successfully, last year Cryptolocker of the same category hits millions of computer users. So, users are advised to keep their systems software and anti-virus solutions up-to-date and most importantly patch your Java distribution immediately to Update 51.

Stay Safe! Stay Tuned!

via The Hacker News http://ift.tt/1fp6aBM

Over the past several months, it has become clear that the Internet and our Privacy have been fundamentally compromised. A Private search engine DuckDuckGo claims that when you click on one of their search results, they do not send personally identifiable information along with your request to the third party.
Like Google dorks (advance search patterns), there are thousands of similar, but technically more useful search hacks are also available in DuckDuckGo called DuckDuckGoodies. Today I am going to share about Handy “Cryptography” using DuckDuckGo search engine.
Whether you are a Hacker, Cracker or a Researcher, you need to face a number of hash strings in your day to day life. Hashing is a one way encryption of a plain text or a file, generally used to secure passwords or to check the integrity of the file. There is a certain set of hashing algorithms, e.g.md5, sha1, sha-512 etc.

A hash function generates the exact output if executed n number of times with the same input. If there is a very small change in the input, there will be a difference between the two outputs.

Duckduckgo is a search engine which gives you a flexibility to perform such operations. It enables user to generate the hash of strings, find the algorithm used for generating a hash, give other equivalent hashes of certain hash input.

1.) Generating a Strong Password: The security and integrity of our passwords are a constant battle. The password is the only lock which can make your private information more secure. One of the biggest reasons why people use weak passwords is usually a combination of convenience, and the ability to recall them easily. But using a weak password is the equivalent to installing a lock on your front door that you could open with a Popsicle stick.

Last year, we reported that hackers managed to crack 16-character alphanumeric password in less than an HOUR. No password is foolproof, but by using a long, unique and strong password you can make your password complicated enough to slow down password cracking programs. DuckDuckGo provides you a feature of generating a strong password instantly.

Search Term: password 15 strong

Where 15 is the password length.

2.) Generating a Hash: Hashing makes it difficult for an attacker to retrieve the original plain text string back from the encrypted password and it lets sites keep a list of hashes, rather than plain text passwords.

Using DuckDuckGo’s Handy option, you can generate a hash value of any string just by using the following syntax on the search engine.

md5 TheHackerNews

sha512 TheHackerNews

sha TheHackerNews

sha224 TheHackerNews

sha256 TheHackerNews

sha384 TheHackerNews

Where TheHackerNews is the plain text string and md5 or sha is the hashing algorithm.

3.) Identifying Hash Algorithm: Manual finding of the algorithm used for generating the hash is a tedious task. DuckDuckGo provides you an inbuilt hash identification tool, which allows you to identify the hashing algorithm used for generating the hash string given as input.

hash a69649f9f5a7f81ac303ea77d748c77a

4.) Finding Plain text from Hashes: One more great feature provided by DuckDuckGo search engine is that it gives you plain text value and equivalent hash code in other algorithms. DuckDuckGo is not cracking hashes for you, but actually matches the hash value of the previously leaked database archive.

Tor exit enclave: DuckDuckGo also operates a Tor exit enclave, which basically means that if you’re using DuckDuckGo through the Tor anonymity tool, you will achieve end-to-end anonymous, encrypted search that is faster than what you might expect with Tor browsing, alone.

via The Hacker News http://ift.tt/1b7MGQu

Now there is really great news for all the supporters of Former National Security Agency (NSA) contractor Edward Snowden, as he is nominated for the 2014 Nobel Peace Prize by two Norwegian lawmakers.

Snorre Valen and Baard Vegar Solhjell, parliamentarians from Norway’s Socialist Left Party said, “He has contributed to revealing the extreme level of surveillance by nations against other nations and of citizens,”

Edward Snowden revealed various widely extended NSA spying projects and responsible for handing over the material from one of the world’s most secretive organizations the NSA. He faces charges of theft and espionage and is in Russia on temporary asylum.

“Snowden contributed to people knowing about what has happened and spurring public debate” on trust in government, which he said was “a fundamental requirement for peace”.

He’s a high school dropout who worked his way into the most secretive computers in U.S. Intelligence as a defense contractor and identifies himself as the source of leaks about US surveillance programs like PRISM, DROPOUTJEEP, DISHFIRE, XKeyscore, MUSCULAR and many more.

Snorre Valen also added that, “There’s no doubt that the actions of Edward Snowden may have damaged the security interests of several nations in the short term”.

According to the Guardian, The five-member panel will not confirm who has been nominated, but those who submit nominations sometimes make them public.

The Nobel Committee accepts nominations from members of national assemblies, governments, international courts, professors and previous laureates. It received a record 259 nominations for last year’s prize.

Snowden is the one who created awareness among all of us when it comes to ‘PRIVACY’. Nominated for the 2014 Nobel Peace Prize is definitely being an honor for the 30 years old young man. Now let’s see if he will fetch the Prize or not.

via The Hacker News http://ift.tt/1k6vv4A

These days botnets are all over the news. In simple terms, a botnet is a group of computers networked together, running a piece of malicious software that allows them to be controlled by a remote attacker.

A major target for most of the malware is still Windows, but the growing market of Mac OS X, Linux and Smartphones, is also giving a solid reason to cyber criminals to focus.

Recently, Kaspersky Lab has detected another cross-platform Java-Bot, capable of infecting computers running Windows, Mac OS X, and Linux that has Java Runtime Environment installed.

Last year, Zoltan Balazs – CTO at MRG Effitas submitted the samples of malicious Java application for analysis to Kaspersky Lab and they identified it as HEUR:Backdoor.Java.Agent.a.

According to researchers, to compromise computers, Java-Bot is exploiting a previously known critical Java vulnerability CVE-2013-2465 that was patched in last June. The vulnerability persists in Java 7 u21 and earlier versions.

CVE-2013-2465 description says:

An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

Once the bot has infected a computer, for automatic initialization the malware copies itself into the home directory, and registers itself with system startup programs. The Malware is designed to launch distributed denial-of-service (DDOS) attacks from infected computers.

It uses the following methods to start it based on the target operating system:

• For Windows – HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
• Mac OS – the standard Mac OS service launch is used
• For Linux – /etc/init.d/

The malware authors used Zelix Klassmaster Obfuscator (encryption) to make the analysis more difficult. It creates a separate key for the classes developed due to which analysis of all classes has to be done to get the decryption keys.

The botnet executable contains an encrypted configuration file for the Mac OS ‘launchd service‘. It also encrypts internal working methodology of malware.

The malware uses PricBot an open framework for implementing communication via IRC. Zombie computers, then report to an Internet relay chat (IRC) channel that acts as a Command-and-control server.
The Botnet supports HTTP, UDP protocols for flooding (DDoS attack) a target whose details i.e. Address, port number, attack duration, number of threads to be used are received from the IRC channel.

Users should update their Java software to the latest release of Java 7 update 51 of 14 January 2014, can be found on Oracle’s Java website. The next scheduled security update for Java is on 14 April 2014.

via The Hacker News http://ift.tt/LnyJol

A Russian man has pleaded guilty to conspiracy charges in a federal court in Atlanta on Tuesday for developing and distributing a malicious banking malware ‘SpyEye‘ that infected more than 1.4 million computers worldwide since 2009.
Aleksandr Andreevich Panin, a 24 year old programmer, also known as Gribodemon and Harderman, was the main author of ‘SpyEye’, a sophisticated malware designed to steal people’s identities and financial information, including online banking credentials, credit card information, user names, passwords and PINs from their bank accounts without their knowledge.

The SpyEye secretly infects the victim’s computer and gives the remote control to the cybercriminals who remotely access the infected computer through command and control servers and steal victims’ personal and financial information through a variety of techniques, including web injects, keystroke loggers, and credit card grabbers without authorization.

Between 2009 and 2011, Panin conspired with Hamza Bendelladj, marketed and advertised the Spy Eye malware on various online forums. He sold versions of the SpyEye virus to almost 150 clients for prices ranging from $1,000 to $8,500 and one of his clients, “Soldier,” is reported to have made over $3.2 million in a six-month period using the SpyEye virus.

SpyEye is a ready-made malware toolkit used by cybercriminals since from 2009 and is still being used today. It has been estimated by the industry that over 10,000 bank accounts have been compromised by SpyEye infections in 2013 alone.

The case is being investigated by Special Agents of the Federal Bureau of Investigation (FBI) who stated,

“This investigation highlights the importance of the FBI’s focus on the top echelon of cyber criminals” adding that “The FBI will continue working with partners domestically and internationally to combat cybercrime.“

Thereafter, in February 2011, the FBI searched and seized a SpyEye command and control server that controlled over 200 computers infected with the SpyEye virus and contained information from numerous financial institutions and was allegedly operated by Hamza Bendelladj in Georgia.

On July 2011, the FBI agents communicated directly with Panin and purchased a version of SpyEye that contained features designed to steal confidential financial information, initiate fraudulent online banking transactions, install keystroke loggers, and initiate distributed denial of service (DDoS) attacks from computers infected with the SpyEye malware.

On January 2013, the Algerian man, Hamza Bendelladj, who was also indicted in the case was arrested in Thailand. The case against him is still pending, and Panin was arrested in July 2013 while he was flying through Hartsfield-Jackson Atlanta International Airport in Atlanta for allegedly using the Web to scam various banks.

via The Hacker News http://ift.tt/1hLXPb5