h4ck3r _ N3w5

The famous cyber hacker group Anonymous has vowed an ‘Electronic Holocaust‘ against Israel in response to what the group calls ‘crimes in the Palestinian territories’.

In a spooky video “message to Israel” posted on YouTube March 4, Anonymous declared yet another cyber attack on April 7, which is one week before Holocaust Remembrance day.

Totally in news delivering style, the video clip shows a man wearing an Anonymous mask and threatening to take down Israeli servers and websites related to critical infrastructure next week, promising to ‘erase you from cyberspace’.

“We will erase [Israel] from cyberspace in our electronic Holocaust,” says the video. “As we did many times, we will take down your servers, government websites, Israeli military sites, and Israeli institutions.“

The cyber activist group declared Palestinians youths as a ‘symbol of freedom’, and urged them to “never give up. [Anonymous] are with you and will continue to defend you.” The group criticized the Israeli government, saying that they have not stopped “endless human right violations” and “illegal settlements.”

The video subtitled in Arabic and delivered in English electronic voice, possibly to hide the identity of the real person. The footage includes images of Israeli Prime Minister Benjamin Netanyahu sitting with military leaders and members of his cabinet, as well as images from the Gaza conflict.

The video also shows images of injured Palestinian children and bombed areas that appear to date from Operation Protective Edge conducted by the Israel Defence Forces (IDF) last summer.

“[Israeli government] killed thousands of people, as in the last war against Gaza in 2014. [Israel] have shown that you do NOT respect international law,” says the electronic voice, promising “We are coming back to punish you again.”

“We always say expect us but you always fail. We are unexpected; we’ll show on 7 April 2015 what the electronic holocaust mean…,” the video continues.

Anonymous then continued with a message to the “foolish Benjamin Netanyahu, and all leaders in the Zionist entities” warning that cyber attacks on Israeli government websites, sensitive data and devices will continue “until the people of Palestine are Free.”

In past, Anonymous has targeted Israel a number of times. A cyber attack, called OpIsrael attack, in April 2013 claimed to have caused $3 Billion worth of damage to Israel, when the group targeted about 30,000 Israeli bank accounts, 100,000 websites, 5,000 Twitter accounts and over 40,000 Facebook pages.

During Operation OpIsrael, Anonymous hacking group published the personal data of 5,000 Israeli officials over the Internet, which included names, ID numbers and personal email addresses.

Past targets of the the hacktivist group includes official websites of the Israeli prime minister, the Bank of Israel, the Israeli Defense Force (IDF), the Embassy of Israel to the United States and the Israeli President’s official website.

via The Hacker News http://ift.tt/1xSHu0T

Two former Federal investigators who helped to shut down the infamous black-market website ‘Silk Road‘ accused of fraud and stealing more than a Million dollars in Bitcoins during their investigation.

Silk Road, an infamous online drug market that hosted more than $200 Million in transactions, was seized by the FBI in 2013, but during that period two of FBI agents took advantage of their position.

CHARGES AGAINST FEDS

The US Department of Justice indictment charges 46-year-old former Drug Enforcement Agency (DEA) special agent Carl Force, and 32-year-old former Secret Service agent Shaun Bridges, with the following charges:

• Theft of government property
• Wire fraud
• Money laundering
• Conflict of interest

MILLION DOLLAR EXTORTION

Both Force and Bridges were part of Baltimore’s Silk Road Task Force to investigate illegal activity in the black marketplace.

The creator of Silk Road, Ross Ulbricht, was arrested and found guilty of running the Tor-hidden black marketplace under the moniker “Dread Pirate Roberts” (DPR).

Force was the lead undercover agent who is accused of illegally selling the information about the government’s investigation on Silk Road to Ross Ulbricht. Force used multiple online aliases to extort hundreds of thousands of dollars worth of Bitcoin from Ulbricht, according to the DoJ complaint.

The laptop found during the arrest of Ulbricht also contained evidence against Force and Bridges, including their chats with DPR. Mr. Force accused of stealing at least $235,000, while Bridges allegedly stole $820,000 in Bitcoins.

MISUSE OF POWERS

The DoJ complaint also says that Force created a persona called “French Maid” on the underground black marketplace and took $100,000 from Dread Pirate Roberts for information on the government’s investigation of Silk Road. Force then deposited the money in his personal investment account in the US.

It’s yet unclear if ‘French Maid’ actually gave any details to Ulbricht, but it is claimed Force received $100,000 payment in BTC from Ulbricht.

Ulbricht laptop also contained a “log” file dated September 13, 2013, in which he had written, “French Maid claims that mark karpeles has given my name to DHLS [sic]. I offered him $100K for the name.”

Moreover, Force also created another fake online persona, “Death from Above,” to try and extort $250,000 from Dread Pirate Roberts but was unsuccessful.

According to prosecutors, Death from Above claimed to know who Dread Pirate Roberts really was and also threatened to kill the drug souk boss until or unless the money was paid.

The alleged agent didn’t stop here. Force is also accused to misuse his DEA’s legal powers to freeze a Bitcoin account on a service called CoinMKT and transferred around $300,000 into his own account.

Bridges allegedly direct all the amount into an account at the digital currency exchange Mt. Gox, and then wired funds into his personal accounts.

Force also used an unauthorized DOJ subpoena to convince an online payment service so the company would unfreeze his personal account.

Federal officials arrested Force on Friday, while Bridges surrendered himself to the authorities on Monday. Both appeared before a judge earlier Monday. Force resigned from the DEA in May, while Bridges resigned from the Secret Service earlier this month.

via The Hacker News http://ift.tt/1ILSgXm

Once again, Syrian Electronic Army (SEA) has gain media attention by compromising a number of popular web hosting brands of one of the leading web-hosting companies Endurance International Group INC that manages over 60 different hosting brands.

SEA, a pro-hacker group supposed to be aligned with Syrian President Bashar al-Assad, is famous for hacking high-profile websites and targeting leading organisation with its advanced phishing attacks.

This time the group hacked Endurance Group wings, including Bluehost, Justhost, Hostgator, Hostmonster and FastDomain, which are some of the world’s leading web hosting companies.

The official Twitter account linked to SEA group claimed responsibility for the hack. The group has posted the screenshots of the hacked panels of all the respective web hosting companies.

REASON BEHIND HACK

According to SEA group, Endurance Group’s BlueHost, JustHost, HostGator and HostMonster were hosting terrorists web sites on their servers, which is why the group hacked them.

It isn’t the first time when the group has hacked some companies, earlier SEA hackers hacked a number of websites for posting content against its Syrian President.

On its official Twitter account, SEA hackers posted screenshots of the HostMonstor and BlueHost admin panel access which indicates that the group had complete access to the control panel of these hosting companies.

On a separate Tweet, the group has also warned the web hosting companies that next time it will change the DNS settings.

Apart from this, Syrian Electronic Army has also hacked official Twitter account of Bluebox and had tweeted from the hijacked Account. The tweets were then deleted from the account.

The SEA group is the same hackers group famous for its advanced phishing attack and with the help of the same technique they hacked into the Official Twitter account of Xbox Support, Microsoft News, Skype and also defaced the Skype and Microsoft Official Blog pages in the past.

via The Hacker News http://ift.tt/1Fa8U1L

$US1 may be a very little amount, but it is enough to buy you a stolen Uber account and free car rides around the city.
Two separate vendors on AlphaBay, a relatively new Dark Web marketplace launched in late 2014, are selling active Uber accounts with usernames and passwords for $1 each, Motherboard reports.

Once purchased, these active Uber accounts let you order up rides using the payment information provided on the file.

Additionally, other sensitive information that comes with the purchase includes partial credit card data (the last four digits and expiration date), trip history, email addresses, phone numbers, and location information of users’ home and work addresses.

Over on AlphaBay market, a vendor identified as “Courvoisier” is claiming to sell hacked Uber accounts for $1 each. Under the product listing for ‘x1 UBER ACCOUNT – WORLDWIDE TAXI!,‘ anyone can buy a Uber account anonymously.

Another vendor, identified as ThinkingForward, is giving the similar offer, but for $5 each. “I will guarantee that they are valid and live ONLY. Discounts on bulk purchases,” vendor writes on his product listing.

One of the two vendors reached out by Motherboard claimed to have “thousands” of active Uber accounts for sale, and even provided a sample of them. The seller said to have already sold more than 100 Uber accounts to other buyers.

So far, it is unclear that from where the credentials were stolen. It is believed that Uber’s security was hacked or compromised by the hackers.

However, Uber denies that its servers were hacked and suggested its users to avoid sharing the same login credentials across multiple online sites.

“We investigated [the issue] and found no evidence of a breach,” a Uber spokesperson said in a statement. “Attempting to fraudulently access or sell accounts is illegal and we notified the [law enforcement] authorities about this report.“

The company also recommended its users to use strong and unique usernames and passwords for their accounts and to avoid re-using the same passwords across multiple sites and services.

via The Hacker News http://ift.tt/1OPR7T3

Do you realize how often your smartphone is sharing your location data with various companies? It is more than 5000 times in just two weeks. That is little Shocking but True!

A recent study by the security researchers from Carnegie Mellon reveals that a number of smartphone applications collect your location-related data — a lot more than you think.

The security researcher released a warning against the alarming approach: “Your location [data] has been shared 5,398 times with Facebook, GO Launcher EX, Groupon and seven other [applications] in the last 14 days.”
During their study, researchers monitored 23 Android smartphone users for three weeks.

• First Week – Participants were asked to use their smartphone apps as they would normally do.
• Second Week – An app called App Ops was installed to monitor and manage the data those apps were using.
• Third Week – The team of researchers started sending a daily “privacy nudge” alert that would ping participants each time an app requested location-related data.

Researchers concluded:

• Some apps for Android are tracking user’s movements every three minutes.
• Some apps for Android are attempting to collect more data than it needed.
• Groupon, a deal-of-the-day app, requested one participant’s coordinates 1,062 times in two weeks.
• Weather Channel, a weather report app, asked device location an average 2,000 times, or every 10 minutes.

The participants were unaware of how closely they are being tracked by different apps, and many were surprised by the end results.

“4,182 (times) – are you kidding me?” one of the participants asked. “It felt like I’m being followed by my own phone,” adding “It was scary [that the] number is too high.“

Another participant wrote, “The number (356 times) was huge, unexpected.”

The research team found that privacy managing software helped manage access to data. When the members granted access to App Ops, they collectively checked their App permissions 51 times and restricted 272 permissions on 76 different apps. Just one of the participants failed to review permissions.

As per users mentality, once the participants have made the changes to the app permission, they hardly looked at them after a few days.

“App permission managers are better than nothing, but by themselves they aren’t sufficient,” said Norman Sadeh, a professor at Carnegie Mellon. “Privacy nudges can play an important role in increasing awareness and in motivating people to review and adjust their privacy settings.”

With the help of App Ops privacy app, in the span of eight days, the participants collectively reviewed app permissions 69 times, blocking 122 additional permissions on about 47 different apps.

Ultimately, the team believes that if a user began getting the privacy nudges on a daily basis, they’ll definitely go back to their privacy settings and restrict apps that are tracking users more closely.

via The Hacker News http://ift.tt/1NtBIV7

Thomas Jiřikovský, an alleged Owner of one of the most popular Darknet website ‘Sheep Marketplace,’ has been arrested after laundering around $40 Million, making it one of the biggest exit scams in Darknet history.
After the arrest of Silk Road owner ‘Ross Ulbricht’ in 2013 — Sheep Marketplace became the next famous anonymous underground marketplace among Black Market customers for selling illicit products, especially drugs.

But only after few weeks, Sheep Marketplace was suddenly disappeared and was taken offline by its owner, who had been suspected of stealing $40 million worth of Bitcoins at the time when Bitcoin market value was at the peak.

Shortly after this Bitcoin Scam, a Darknet commentator ‘Gwern Branwen’ doxed the owner, and the suspect was identified — Thomas Jiřikovský as the owner of the black market website. Unfortunately, Jiřikovský forgot to hide his identity and residential address from the Internet, which was exposed by his Facebook page.
However, immediately after his identity exposure, Jiřikovský denied his involvement in the Darknet Sheep Marketplace.

While Investigating for stolen money from online market, Czech police noticed a suspicious young programmer who attempted to buy a luxury home worth 8.7 Million Czech Koruna ($345,000 USD) in Lusatia, a region in the Czech Republic, under his grandfather’s name.

Additional investigation revealed that in January last year, a new bank account of 26-years old Eva Bartošová received a huge payment of almost 900,000 Crowns from a foreign Bitcoin Money Exchange company. However, the young woman was unable to justify the source of the money.

According to Czech media, ‘Eva Bartošová’ is ‘Thomas Jiřikovský’ wife, who helped him to transfer the stolen money to her freshly created bank account.

Czech’s Economic Police wing investigated into Jiřikovský’s money and found that the house had been purchased entirely using Bitcoin.

Two weeks back, another largest Deep Web drugs marketplace ‘Evolution’ disappeared suddenly with rumors circulating that its owners may have scammed its massive user base and stole $12 Million in Bitcoin.

via The Hacker News http://ift.tt/1NtnqWl

The most popular and widely used encryption scheme has been found to be weaker with the disclosure of a new attack that could allow attackers to steal credit card numbers, passwords and other sensitive data from transmissions protected by SSL (secure sockets layer) and TLS (transport layer security) protocols.

The attack leverages a 13-year-old weakness in the less secure Rivest Cipher 4 (RC4) encryption algorithm, which is the most commonly used stream cipher for protecting 30 percent of TLS traffic on the Internet today.

BAR-MITZVAH ATTACK

The attack, dubbed “Bar-Mitzvah“, can be carried out even without conducting man-in-the-middle attack (MITM) between the client and the server, as in the case of most of the previous SSL hacks.

Itsik Mantin, a researcher from security firm Imperva, presented his findings in a research titled, “Attacking SSL when using RC4” at the Black Hat Asia security conference Thursday in Singapore.

Bar Mitzvah attack actually exploits the “Invariance Weakness,” the weak key pattern used in RC4 keys that can leak plain text data from the encrypted SSL/TLS traffic into the cipher text under certain conditions, potentially exposing account credentials, credit card data, or other sensitive information to hackers.

The Invariance Weakness of RC4 pseudo-random stream allows an attacker to distinguish RC4 streams from randomness and increase the probability to leak sensitive data in plain text.

“The security of RC4 [algorithm] has been questionable for many years, in particular its initialization mechanisms,” researchers wrote in a research paper (pdf).
“However, only in recent years has this understanding begun translating into a call to retire RC4. In this research, we follow [researches on 2013 RC4] and show that the impact of the many known vulnerabilities on systems using RC4 is clearly underestimated.“

Bar Mitzvah is the first ‘practical‘ attack on SSL that only requires passive sniffing or eavesdropping on SSL/TLS-encrypted connections, rather a man-in-the-middle attack, Mantin says. Though, researcher says MITM attack could be used as well for hijacking a session.

HOW TO PROTECT YOURSELF

While waiting for a “broad-brush retirement of RC4,” administrators should consider the following steps to protect themselves from RC4 weaknesses:

• Web application admins should disable RC4 in their applications’ TLS configurations.
• Web users (particularly power users) should disable RC4 in their browser’s TLS configuration.
• Browser providers should consider removing RC4 from their TLS cipher lists.

Over last many years, several significant vulnerabilities including BEAST, POODLE, and CRIME, have been discovered in the SSL protocol leveraging the RC4’s weakness. Though, a large number of websites on the Internet relying on RC4.

via The Hacker News http://ift.tt/1EM2zXO

Github – a popular coding website used by programmers to collaborate on software development – was hit by a large-scale distributed denial of service (DDoS) attack for more than 24 hours late Thursday night.

It seems like when users from outside countries visit different websites on the Internet that serve advertisements and tracking code from Chinese Internet giant Baidu, the assailants on Chinese border quietly inject malicious JavaScript code into the pages of those websites.

The code instructs browsers of visitors to those websites to rapidly connect to GitHub.com every two seconds in a way that visitors couldn’t smell, creating “an extremely large amount of traffic,” according to a researcher who goes by the name A nthr@x.

“A certain device at the border of China’s inner network and the Internet has hijacked the HTTP connections went into China, replaced some JavaScript files from Baidu with malicious ones,” A nthr@x wrote at Insight Labs.
“In other words, even people outside China are being weaponized to target things the Chinese government does not like, for example, freedom of speech.”

The attack specifically targets two popular Github projects – GreatFire and CN-NYTimes – anti-censorship tools used to help Chinese citizens circumvent The Great Firewall Of China, the government’s censorship of Internet access in China.

• GreatFire – A well-known group on Github that fights against Chinese government censorship of the Internet.
• CN-NYTimes – A group that hosts New York Times mirrors to allow Chinese citizens to access the news website, which is normally blocked in China.

Since Baidu search engine is extremely popular, the attack results in the massive flood of traffic on the Github website which begun around 2 AM UTC on Friday and last for more than 24 hours.

GitHub said yesterday that the flood of traffic, a continuous string of distributed denial-of-service attacks, caused irregular outages and that their admins have been working to mitigate the attack with periodic success.

However, the most recent status on the site says the company has deployed new defenses.

“We’re aware that GitHub.com is intermittently unavailable for some users during the ongoing DDoS,” GitHub said in a message posted at 1549 UTC Friday.

“Restoring service for all users while deflecting attack traffic is our number one priority. We’ve deployed our volumetric attack defenses against an extremely large amount of traffic. Performance is stabilizing,” a message posted by Github at 15:04 UTC says.

Later, the company noted, “We’ve been under continuous DDoS attack for 24+ hours. The attack is evolving, and we’re all hands on deck mitigating.”

The researcher analyzed the attack and dug out the injected JavaScript that looks like this, once unscrambled:

Chinese search engine giant has denied any involvement in the current DDoS attack, saying that Baidu was not intentionally involved in any traffic redirection. “We’ve notified other security organizations,” the company said in a statement, “and are working together to get to the bottom of this.”

via The Hacker News http://ift.tt/1ELoJcF

Google want to save its users’ bandwidth at home. The company has released a “Data Saver extension for Chrome,“ bringing its data compression feature for its desktop users for the first time.

While tethering to a mobile Hotspot for Internet connection for your laptop, this new Data Saver extension for Chrome helps you reduce bandwidth usage by compressing the pages you visit over the Internet.

If you are unaware of it, the data compression proxy service by Google is designed to save users’ bandwidth, load pages faster, and increase security (by checking for malicious web pages) on your smartphones and tablets.

REDUCE AS MUCH AS 50% OF DATA USAGE

Until now, the data compression service has been meant to benefit only mobile users, but the latest Data Saver Chrome Extension aims at helping desktop users by reducing their data usage by as much as 50 percent.

“Reduces data usage [bandwidth] by using Google servers to optimize pages you visit,” the extension’s official description reads. “Browse more for less! When this [Data Saver] extension is enabled, Chrome will use Google servers to compress [web] pages you visit before downloading them.“

When you visit a website, web server delivers the requested files to your browser. If enabled by the server, Gzip compresses web pages and style sheets before sending them over to the browser.

Gzip compression drastically reduces transfer time since the files are much smaller.

Data Saver Extension for Chrome checks if the website you visited has gzip enabled or not. If not, it compresses the requested web page via Google Data Compression proxy and makes it significantly smaller.

“The proxy performs intelligent compression and minification of HTML, JavaScript and CSS resources, which removes unnecessary whitespace, comments, and other metadata which is not essential to the rendering of the page. These optimizations, combined with mandatory gzip compression for all resources, can yield substantial bandwidth savings for the client.” Google explains.

AVAILABLE FOR CHROME 41 AND HIGHER

The Data Saver Chrome extension currently doesn’t support secure SSL pages or incognito pages, and Google notes that users may experience issues when they have enabled the extension. Data Saver is available on Chrome both for Android as well as iOS.

User will need Chrome 41 or higher version to use the extension. As soon as you install it, the extension starts to work by default. In case you want to disable it, click on the Data Saver icon in the menu bar and select “Turn Off Data Saver.”

You can now download Google’s new Data Saver extension for Chrome, which is currently in beta version, from the Chrome Web Store. The extension was released on March 23, without any announcement from the search engine giant.

via The Hacker News http://ift.tt/1NhrpoG

There is no end to users problem when it comes to security. Everything is easily hackable — from home wireless routers to the large web servers that leak users’ personal data into the world in one shot.

If you love to travel and move hotels to hotels, then you might be dependent on free Wi-Fi network to access the Internet. However, next time you need to be extra cautious before connecting to Hotel’s Wi-Fi network, as it may expose you to hackers.

Security researchers have unearthed a critical flaw in routers that many hotel chains depend on for distributing Wi-Fi networks.

The security vulnerability could allow a hacker to infect guests with malware, steal or monitor personal data sent over the network, and even gain access to the hotel’s keycard systems and reservation.

HACKING GUEST WIFI ROUTER

Several models of InnGate routers manufactured by ANTlabs, a Singapore firm, have a security weakness in the authentication mechanism of the firmware.

The security vulnerability (CVE-2015-0932), discovered by the security firm Cylance, gives hackers direct access to the root file system of ANTlabs’s InnGate devices.

With root access, hackers could be able to read or write any files from or to the devices’ file system respectively, including data that could be used to infect the devices of Wi-Fi users.

Researchers have found nearly 277 hotels, convention centers, and data centers across 29 countries that are affected by this security vulnerability. Although, the number could be much larger as the flaw has potential to impact Millions of users who gets on the hotel’s network for free Wi-Fi access.

However, the security researchers found more than 100 vulnerable devices located in the United States, 35 devices in Singapore, 16 in the UK, and 11 in the United Arab Emirates.

Justin W. Clarke, a senior security researcher of the Cylance SPEAR (Sophisticated Penetration Exploitation and Research) team, says the vulnerability also gives the attacker access to a computer owned by the operating organization.

THE VULNERABILITY GETS WORSE

In some cases, researchers found the InnGate devices were configured to communicate with a Property Management Systems (PMS). This could also be leveraged to gain deeper access into a hotel’s business network, allowing a hacker to identify guests and upcoming guests at a hotel and their room number.

Moreover, PMS is often integrated with the phone system, POS (point-of-sale) system for processing credit card transactions, as well as electronic keycard system for accessing doors to guest rooms at hotels.

So, this vulnerability could also potentially allow an attacker to access and exploit these hotel’s systems.

“In cases where an (ANTlabs) InnGate device stores credentials to the PMS, an attacker could potentially gain full access to the PMS (Property Management Systems) itself,” the researchers wrote in a blog post published Thursday.

HOW THE VULNERABILITY WORKS?

The flaw lies in an unauthenticated Rsync daemon running on TCP 873 used by the ANTlabs devices. The Rsync daemon is an extraordinarily versatile file copying tool widely used to backup file systems as it can automatically copy files from one location to another.

The Rsync daemon can be password-protected, but the ANTlabs device that uses it requires no authentication.

Once hackers have connected to the Rsync daemon, they are then able to read and/or write to the file system of the Linux-based operating system without any restrictions.

Due the widespread nature of the vulnerability, ANTlabs has rolled out a patch addressing CVE-2015-0932 with an alert about the critical flaw being issued by US-CERT.

This isn’t first time when researchers have discovered this kind of attack targeting guests at Hotels, late last year Kaspersky Labs uncovered a hacking campaign, dubbed DarkHotel, targeting guests at five-star hotels in Asia and the US by subverting their Wi-Fi system.

via The Hacker News http://ift.tt/1H407P0