Hacking 101

[KimJongUn]

Hacker Reveals Classified Info About Nuclear Reactors

chosun.com / Dec. 22, 2014 10:24 KST

A hacker who attacked Korea Hydro and Nuclear Power from Dec. 15 to 21 on Sunday posted more highly sensitive information about two South Korean nuclear reactors on the Internet, including operation manuals.

The self-described "president of anti-nuclear reactor group in Hawaii," the hacker posted confidential documents about reactors in Busan and Gyeongju on Twitter. The hacker threatened to leak a total of over 100,000 documents they obtained in the hacking attacks unless South Korea shuts the two reactors down by Christmas Day.

"You will have to bear some cost to have the documents returned," the hacker warned, hinting at a not entirely altruistic motive.

But the government and KHNP continue to insist that although the hacked documents are confidential, they do not contain information about key technologies.

Staff of Korea Hydro and Nuclear Power get off an elevator on the first floor at the firms headquarters in Gangnam, Seoul on Sunday. Staff of Korea Hydro and Nuclear Power get off an elevator on the first floor at the firm's headquarters in Gangnam, Seoul on Sunday.

Investigators say the attack may have been carried out by North Korea, a pro-North Korean group, or anti-nuclear activists.

"Although the hacker described themselves as an anti-nuclear activist, the way in which the attacks were carried out followed a typical North Korean pattern," a senior military officer said. "The malware distributed to KHNP staff is very similar to the one disseminated at Sony Pictures."

Sony Pictures was attacked by a group of hackers ostensibly incensed by the comedy film "The Interview," about a shambolic plot to assassinate North Korean leader Kim Jong-un.

The FBI recently concluded that North Korea was behind the attack.

Cyber security firm ESTsoft said analysis of a virus planted in emails that attacked KHNP on Dec. 9 points to North Korea, with the source coding and the phrase "who am I?" looking very similar to previous attacks carried out by North Korea.

Lim Jong-in of Korea University said, "It seems that North Korea is behind the hacking of the reactors. The way the attacks were carried out is highly similar to previous attacks on KBS and Nonghyup banks in March last year" in which the North has also been fingered.

However, activist Lee Heon-soek said, "Groups of hackers organized at the national level don't usually reveal their identity. They generate huge damage on a massive scale in a very short time and withdraw immediately. But this time the hacker has identified themselves. It may be an anti-nuclear activist who seeks worldwide attention."

North Korea set up a cyber warfare unit in August 2012 and now has an estimated 6,000 hacker, 10 times as many as South Korea. The North reportedly recruits over 300 cyber warfare specialist per year.

North Korea has never admitted responsibility for any hacking attack.

 

[KimJongUn]

Seoul Asks FBI for Help in Finding Hacker

chosun.com / Dec. 23, 2014 09:49 KST

An online leak of nuclear reactor blueprints and manuals from Korea Hydro and Nuclear Power was carefully prepared and probably carried out by an organized group, investigators say.

A government investigation team here said the attack seems to have been carried out by hackers with a high degree of expertise.

Self-described as "president of anti-nuclear reactor group in Hawaii," the hacker or hackers posted confidential documents and photos about reactors on Twitter and Korean portals on four occasions since Dec. 15.

The investigators are not ruling out that North Korea is behind the attack given the hacker's use of North Korean-style wording in messages posted online.

A staffer of Korea Hydro and Nuclear Power monitors equipment at a nuclear plant in Gyeongju, North Gyeongsang Province on Monday. A staffer of Korea Hydro and Nuclear Power monitors equipment at a nuclear plant in Gyeongju, North Gyeongsang Province on Monday.

The investigators have asked the FBI for help in tracking the IP address of the U.S.-based Twitter account, while tracing the messages the hacker posted on domestic portals such as Nate and Naver.

The hackers seem to have used several IP addresses in Japan and the U.S. as well as South Korea. "The hackers probably used numerous IP addresses through virtual private networks and zombie PCs at home and abroad to hide their own location," one investigator said.

A virtual private network makes it possible for one IP address to look like another. A zombie PC, a computer infected with a virus, can be used to attack a server as the hacker can control the computer as he pleases.

Both are used in complicated hacking attacks.

Investigators are tracing data on the computers of staffers of the nuclear plants in Busan and Gyeongju whose data were leaked. They have also investigated KHNP staff to find out whether the data were leaked directly from the company.

KHNP on Monday admitted that four computers went down two days after the company was hacked on Dec. 9. Previously KHNP denied any damage to its computers, claiming it had taken proper steps after the Dec. 9 attack.

A considerable amount of KHNP classified documents must have been leaked if these computers were infected with malware, experts say.

Three of the four computers were connected to KHNP's internal network that handles security-related matters. KHNP was in the dark for more than 10 days about whether the computers were infected with a malicious program.

 

[MortalKombat]

​

 

[MortalKombat]

​

 

[MortalKombat]

​

 

[MortalKombat]

​

 

[MortalKombat]

​

 

[MortalKombat]

​

 

[StarshipTroopers]

'Just for lulz': Hackers leak 13,000 passwords from sites incl Amazon, PlayStation & Xbox

Published time: December 27, 2014 14:43
Edited time: December 27, 2014 15:32

Reuters / Pawel Kopczynski

A group, claiming to be affiliated with the hacktivist collective Anonymous, released a file containing 13,000 passwords and usernames along with credit card numbers from popular sites like Amazon and Walmart.

The information was released in a massive text document posted to Ghostbin, a filesharing site on Friday. By Saturday afternoon the document was no longer accessible.

The leaked account information came from several popular sites, including PlayStation Network, Xbox Live, Hulu Plus, in addition to a handful of porn sites. The Daily Dot has published a full list of the nearly 40 websites whose users may be compromised.

For good measure, the group also included a pirated copy of ‘The Interview’, a Kim Jong-un assassination buddy comedy, which gained international relevance during this month’s devastating Sony hack, causing the company to initially pull the film from release.

Anonymous, a loosely organized association of hackers and online activists, has a history of cyberattacks targeting governments, corporations and various organizations. The group is not known for going after individuals at random.

However, because the collective is decentralized, any hacker can ostensibly claim affiliation. The group responsible for Friday’s leak gave no ideological explanation for the hack, tweeting, instead, that it was “just for lulz.”

The odds your account info is among the 13,000 stolen combinations are highly unlikely, tech experts suggest it might be a good idea to update your passwords just in case.

This holiday season has seen several high-profile cyberattacks. On Christmas Day, a hacker group calling itself Lizard Squad shut down several online gaming sites. While last Tuesday, another group, dubbed Gator League, took credit for temporarily taking down the GCHQ site.

 

[StarshipTroopers]

Suspected state hacking campaign used commercial software

Reuters
December 28, 2014, 9:03 am

By Joseph Menn

SAN FRANCISCO (Reuters) - A previously undisclosed hacking campaign against military targets in Israel and Europe is probably backed by a country that misused security-testing software to cover its tracks and enhance its capability, researchers said.

The attack program relied on software usually sold by Boston-based Core Security to companies and other customers that want to test their own defences, said researchers coordinated by Israel's independent Computer Emergency Response Team, or CERT.

The researchers from CrowdStrike and startup Cymmetria will present their unusual findings at the annual Chaos Communication Congress security conference in Hamburg on Saturday.

Criminal hackers have made use of penetration-testing tools such as Metasploit for years, other experts said, but most major government-sponsored hacks have specially written tools supplemented by free and widely available programs. That is in part because commercial programs could be traced back to specific customers.

Over time, however, the exposure of campaigns relying on the same tailor-made tools have made it easier for investigators to attribute those attacks to a specific government.

Using the Core Security program, which typically costs $10,000 or $20,000, could help muddy the waters, and CrowdStrike analyst Tillmann Werner said it could also help a second-tier cyber-power skip some of the work frequently undertaken by China, Russia and the United States.

"The most likely answer is they didn't have the capability to do it on their own," Werner said of the hackers, adding that "there is no risk of leaving tool-marks."

Werner and Cymmetria Chief Executive Gadi Evron, who also chairs the Israeli CERT, said they did not know who was behind the campaign.

But Evron said that one suspect would be Iran, judging by the victims and other evidence. The researchers dubbed the new campaign Rocket Kitten, following CrowdStrike's convention for naming all suspected Iranian hacking groups as Kittens.

Iran has beefed up its Internet operations in the years since its nuclear program was attacked by Stuxnet, an unusually destructive virus developed by the United States and Israel.

Evron said the team had uncovered seven connected attacks so far since April, including attempts to steal information from an Israeli company "adjacent to the defence and aerospace industry," an Israeli academic institution, a German-speaking defence agency, and an Eastern European defence ministry. At least the Israeli attempts failed, he said.

The attacks typically began with carefully targeted emails with Excel spreadsheet attachments sent to top executives. The recipients were prompted to allow a type of miniature program known as macros to run inside the Microsoft Corp spreadsheets, and if they agreed, malicious software would install. That software would download part of Core's Core Impact tool, the researchers said.

Core's licensing terms forbid use of its program against unsuspecting third parties, and Core Vice President of Engineering Flavio de Cristofaro said the company had not heard of such misuse in at least five years.

De Cristofaro said the company would assist the CERT if asked and in any case would try to track down how the software was pried away from the watermarks and other technical restrictions designed to limit its spread.

"We will follow that down," de Cristofaro said.

(Reporting by Joseph Menn in San Francisco; Editing by Richard Chang)

 

[NewWorldRecord]

From ransomware to cyberwar, 2015 will be a perilous year for Internet security

PUBLISHED : Sunday, 28 December, 2014, 1:20am
UPDATED : Sunday, 28 December, 2014, 10:29am

The Guardian

Illustration: Sarenen Chan

Will 2015 be a happy new year for internet users? Not if cyber-criminals have their way.

Online security companies have been making predictions for 2015, from the malware that will be trying to weasel its way on to our computers and smartphones to the prospect of cyberwar involving state-sponsored hackers.

Here's a summary of what you should be watching out for.

Preying on innocence

The more we do and share online, the more vulnerable we may be to "targeted" attacks.

"It is possible that our willingness to share and shop online will let criminals become more selective about who they target," suggests Stephen Bonner of KPMG.

"They won't need to maintain the current 'hit and hope' approach of spear phishing, instead only attacking specific users and computers based on the data these give away about owners."

Invading our health

Health care is also expected to be a target.

"Companies operating in the sector are a privileged target because of the wealth of personal data they manage, and that represents a precious commodity in the criminal underground," notes InfoSec Institute.

"Health care data is valuable because medical records can be used to commit several types of fraudulent activities or identity theft. Their value in the hacking underground is greater than stolen credit card data."

WebSense's Carl Leonard agrees, adding: "The health care industry is a prime target for cybercriminals. With millions of patient records now in digital form, health care's biggest security challenge in 2015 will be keeping personally identifiable information from falling through security cracks and into the hands of hackers."

Holding users ransom

One of the most common forms of malware in 2014 was "ransomware"- cybercriminals trying to extort money from victims either by locking their devices and demanding a fee to release them, or by accusing them of various unpleasant crimes.

"Users should remain sceptical of any message accusing them of various crimes such as zoophilic behaviour and distributing child pornography," claims BitDefender.

Symantec notes the growth of one particular strain of ransomware, Cryptolocker, which it claims accounted for 55 per cent of all attacks in October.

"Holding encrypted files for ransom is not entirely new, but getting the ransom paid has previously proven problematic for the crooks," Symantec explains.

"However recently ransomware makers have started leveraging online and electronic payment systems such as Bitcoins, Webmoney, Ukash, greendot (MoneyPak) to get around this challenge.

"Crooks like the relative anonymity and convenience of electronic payments and these are already readily available, putting businesses and consumers at greater risk from losing data, files or memories."

Payments become a target

One of the big announcements for Apple in 2014 was the launch of its mobile payments service, Apple Pay. However, security companies expect cybercriminals to make a concerted effort to crack it and rival services in 2015.

"Not all of these payment systems have been thoroughly tested to withstand real-world threats, and we may see attacks targeting mobile commerce in 2015," warns Trend Micro.

Symantec adds: "Apple Pay certainly addresses some of the weaknesses that have facilitated recent attacks on point-of-sale (PoS) systems. However, this should not be cause for complacency, since attackers will usually look for other weaknesses once an avenue of attack has been closed off."

How popular Apple Pay and rivals are will also be a factor.

"Criminal hackers tend to attack popular platforms where the yield is likely high. If no one adopts Apple Pay, then no one will target it," says Kaspersky.

All platforms under threat

It is now traditional for Apple's senior executives to take public pops at Android over malware, hammering home their claims that the biggest rival to iOS has more security problems. Will they be able to continue that line of attack in 2015?

"The Masque bug in iOS and the corresponding WireLurker malware targeting iOS devices via Apple and Windows port-machines had a lot of experts saying that the age of Apple malware is finally upon us," says Kaspersky, although it also points out that this is still most likely to affect people who have jailbroken their devices.

"Apple's closed-by-default ecosystem makes it harder for malware to successfully take hold of the platform, though some users - particularly those that like to use pirated software - will disable these features."

Others suggest that Android will remain the principal target for cybercriminals, as well as predicting a more general increase in mobile scams and attacks.

"We will see more vulnerabilities found in mobile devices, apps and platforms in the coming year. Cybercriminals will target data stored in these mobile devices," claims Trend Micro.

"A new exploit kit specifically developed to compromise mobile platforms will be available in the wild," adds InfoSec Institute.

"The attacks will benefit from a significant increase of phishing attacks on mobile devices, as malicious links and applications downloaded from third-party stores redirect users to websites hosting the malicious exploit kit. Once visited by victims, their mobile will become infected."

Exposing open-source flaws

Some of the most high-profile vulnerabilities of 2014 - Shellshock and Heartbleed - provoked discussion about the security of open-source code. Several security companies expect this debate to continue into 2015.

"These vulnerabilities were undetected for years and were only brought into the light recently," suggests Trend Micro. "Due to the massive impact of these vulnerabilities, cybercriminals may decide to investigate the existing code and see if other dormant vulnerabilities are present."

"From Heartbleed to Shellshock, it became evident there are significant pieces of insecure code used in a large number of our computer systems today," adds Sophos. "The events of 2014 have boosted the cybercriminals' interest in typically less-considered software and systems - so businesses should be preparing a response strategy."

WebSense agrees. "Old source code is the new Trojan horse waiting to be exploited, and open-source code is only the beginning. With so much code written and in use, it's impossible to catch every dormant exposure point until they've been executed," says Leonard.

Darknet to get even murkier

Meanwhile, technology like Tor - currently used for a variety of reasons, including activists anonymising their online activities when under pressure from authoritarian governments - will also be used by more cybercriminals in 2015.

"We've seen cybercriminals leveraging Deep Web and other darknet services as well as untraceable peer-to-peer networks for selling and exchanging tools and services," says Trend Micro. "Takedowns and collaborative efforts between researchers and law enforcement agencies have disrupted cybercrime gangs, giving them more reasons to go further underground."

BAE's cyber security boss Scott McVicar also thinks criminals will "go to greater lengths" to hide their identity, which will have an impact on efforts to identify them and nullify their efforts.

Watch for unsocial networks

In the social space, the huge number of people using networks like Facebook is proving an appetising target for malware developers.

"Malicious links hidden in atrocious Facebook videos will be on the rise in 2015," warns BitDefender."Malicious 'beheading and murder' videos are expected to multiply in the following year. ehaviour analysts and psychologists say teenagers are the most susceptible to clicking on shocking videos, as their empathy for victims of violence is lower."

Proofpoint has statistics on the growth of this kind of threat, explaining: "In 2014, [we] found a 650 per cent increase in social media spam compared to 2013, and 99 per cent of malicious URLs in inappropriate content led to malware installation or credential phishing sites.

"In 2015, Proofpoint expects inappropriate or malicious social media content to grow 400 per cent as attackers target enterprise social media accounts to perpetrate confidence schemes, distribute malware, and steal customer data."

Tangled by home connections

As more of our devices talk to one another - a mass of interconnections known as the Internet of Things (IoT) - there may also be a range of new security headaches to consider.

"While at present subscribers play an active role in spam prevention by reporting incidents to their operators, with IoT the challenge will be spotting the threats that can infect IoT devices," claims AdaptiveMobile. " The responsibility will fall on the operator to secure IoT services and devices at the network level."

WebSense thinks that in 2015, attacks on the Internet of Things will focus more on businesses than individuals with gadgets.

"While many hacks of refrigerators, home thermostats and cars have found their way to the headlines, the likelihood of a major attack campaign via connected household items in the age of the Internet of Things is minimal," it claims.

"While you may have to worry about cybercriminals successfully melting your butter or spoiling the milk in your refrigerator, there is little reward in attacks against your connected domestic devices. The criminal element has set its sights elsewhere."

Held hostage by rogue elements

Experts say 2015 could bring more cyberattacks from rogue nations like the one that embarrassed Sony Pictures. Photo: EPA

As 2014 ends with the now-infamous hack of Sony Pictures - with intense debate about whether North Korea was involved - security firms see 2015 bringing a greater prospect of cyberattacks on behalf of nation states, even if they don't run them themselves.

"Cyber warfare is very attractive to small nations," notes InfoSec Institute.

"The development of a government-built malware is cheaper than any other conventional weapon and far more accessible to any nation state. Cyber warfare represents for every government an efficient alternative to conventional weapons.

"North Korea, Syria, and Iran are among the countries that have developed great capabilities that pose a serious threat to major Western states. The risk of a serious attack on the critical infrastructure of a Western government is high, and its attribution will be even more difficult."

The boundaries between cybercriminal gangs and governments may also blur, with Kaspersky predicting: "Criminal groups will increasingly adopt nation-state tactics.

"State-sponsored, advanced persistent threat hacking groups, like we've seen in cases such as DarkHotel, Regin and Crouching Yeti/Energetic Bear, will begin to merge with hacking campaigns perpetrated by criminals, like those targeting JP Morgan Chase, Target and others.

"State groups could also contract their espionage activities out to criminal groups that will use criminal tools and expertise to perform spying activities, steal intellectual property or gather intelligence about vulnerabilities in critical infrastructure systems at the behest of government groups."

 

[Sephiroth]

Spokesman for 'Lizard Squad' hacking group allegedly behind attacks on Microsoft and Sony is arrested over PayPal thefts

• Vincent Omari, 22, linked to the Lizard Squad hacking organisation
• But he denies having any part in the attack on Sony and Microsoft
• Arrested on suspicion of fraud and Computer Misuse Act offences
  
• Investigated by police probing funds stolen from PayPal accounts
  

By Mark Duell for MailOnline
Published: 17:19 GMT, 1 January 2015 | Updated: 19:31 GMT, 1 January 2015

A 22-year-old man linked to the hacking group that claimed responsibility for a Christmas Day attack on Sony and Microsoft was arrested today by police investigating PayPal thefts.

Vincent Omari has been linked to the Lizard Squad hacking group that took credit for attacks on Sony’s PlayStation Network and Microsoft’s Xbox Live gaming networks over Christmas.

The man, from Twickenham, south-west London, was arrested on Tuesday on suspicion of fraud by false representation and Computer Misuse Act offences - and has since been bailed to March 10.

Arrested: Vincent Omari (pictured) has been linked to the Lizard Squad hacking group that took credit for attacks on Sony’s PlayStation Network and Microsoft’s Xbox Live gaming networks over Christmas

The man has been arrested by police investigating funds being stolen from PayPal accounts (file picture)

Omari, who is a student of network security and ethical hacking, has said he is simply a spokesman for Lizard Squad - and denies having any part in the attack on Sony and Microsoft.

A spokesman for the South East Regional Organised Crime Unit, speaking via Thames Valley Police, said the arrest was in connection with an ‘ongoing investigation in to cyber fraud offences’.

These were said to have taken place between 2013 and August 2014, during which time alleged

Omani confirmed to MailOnline in an email tonight:‎ 'I'm on bail'. He added that he does not have a court date, contrary to reports in other publications.

Sony said earlier this week that its PlayStation Network was back online after three days of disruptions, although it warned heavy traffic might continue to cause problems for customers.

Problems: Sony said earlier this week that its PlayStation Network was back online after three days of disruptions, although it warned heavy traffic might continue to cause problems for customers

The Lizard Squad group - or someone claiming to speak for it - took credit for the disruptions. The Xbox service, which also went down on Christmas Day, was back online last Friday.

The shutdown prompted angry parents to say that Christmas had been ruined for thousands of children who received the consoles as presents.

The group disabled the Playstation and Xbox networks by flooding them with information, which means that normal users cannot gain access.

But there is no evidence to link these episodes with a recent attack on Sony Pictures Entertainment.

The Federal Bureau of Investigation blamed that attack on North Korea, which was furious about Sony's ‘The Interview’, a comedy about a plot to assassinate the country’s leader Kim Jong Un.

WHAT IS LIZARD SQUAD? NETWORK OF 'VOCAL AND TAUNTING' HACKERS

By MARIO LEDWITH

Lizard Squad is a network of hackers which bears striking similarities to the online anarchist collective Anonymous and is described as ‘vocal, taunting and bit obnoxious’.

The group seeks to cause mayhem online ‘for a laugh’ and has called itself the ‘next generation Grinch’ after the children’s character that hates Christmas, often using Twitter to boast of upcoming attacks.

Some reports say it mainly operates from Russia but others believe it is more likely to be made up of underground networks of hackers from around the world, communicating using the ‘dark web’.

Lizard Squad has a history of targeting computer game companies, particularly Sony.

In August it sent a bomb threat to Sony chief executive John Smedley, the same month in which it attacked Playstation just to cause ‘havoc’.

Dan Holden, of online security company Arbor Networks, said: ‘If they’re coming after you, you’re going to have a bad day.’

 

[Sephiroth]

​

 

[Sephiroth]

​

 

[Sephiroth]

​

 

[Guile]

Netflix Cracks Down on VPN and Proxy “Pirates”

By Ernesto
on January 3, 2015

Netflix is starting to block subscribers who access its service using VPN services and other tools that bypass geolocation restrictions. The changes, which may also affect legitimate users, have been requested by the movie studios who want full control over what people can see in their respective countries.

netflix-logoDue to complicated licensing agreements Netflix is only available in a few dozen countries, all of which have a different content library.

Some people bypass these content and access restrictions by using VPNs or other circumvention tools that change their geographical location. This makes it easy for people all around the world to pay for access to the U.S. version of Netflix, for example.

The movie studios are not happy with these deviant subscribers as it hurts their licensing agreements. Previously entertainment industry sources in Australia complained bitterly that tens of thousands of Netflix “VPN-pirates” were hurting their business.

Over the past weeks Netflix has started to take action against people who use certain circumvention tools. The Android application started to force Google DNS which now makes it harder to use DNS based location unblockers, and several VPN IP-ranges were targeted as well.

Thus far the actions are limited in scope, so not all VPN users may experience problems just yet. However, TorGuard is one of the VPN providers which noticed a surge in access problems by its users, starting mid-December.

“This is a brand new development. A few weeks ago we received the first report from a handful of clients that Netflix blocked access due to VPN or proxy usage. This is the very first time I’ve ever heard Netflix displaying this type of error message to a VPN user,” TorGuard’s Ben Van der Pelt tells us.

In TorGuard’s case the users were able to quickly gain access again by logging into another U.S. location. It further appears that some of the blocking efforts were temporary, probably as a test for a full-scale rollout at a later date.

“I have a sneaking suspicion that Netflix may be testing these new IP blocking methods temporarily in certain markets. At this time the blocks do not seem aggressive and may only be targeted at IP ranges that exceed too many simultaneous logins.”

Netflix is reportedly testing a variety of blocking methods. From querying the user’s time zone through the web browser or mobile device GPS and comparing it to the timezone of their IP-address, to forcing Google’s DNS services in the Android app.

TorGuard told us that if Netflix continues with a strict ban policy, they will provide an easy solution to bypass the blocks. Other services, such as Unblock-us are also suggesting workarounds to their customers.

Netflix’ efforts to block geoblocking circumvention tools doesn’t come as a surprise. TF has seen a draft of the content protection agreement Sony Pictures prepared for Netflix earlier this year. This agreement specifically requires Netflix to verify that registered users are indeed residing in the proper locations.

Among other things Netflix must “use such geolocation bypass detection technology to detect known web proxies, DNS based proxies, anonymizing services and VPNs which have been created for the primary intent of bypassing geo-restrictions.”

Blocking VPN and proxy “pirates” has become a priority for the movie studios as streaming services have failed to introduce proper countermeasures. Early 2014 the movie studio looked into the accessibility of various services through popular circumvention tools, including TorGuard, to find out that most are not blocked.

In a follow-up during the summer of 2014 Sony Pictures conducted research to identify the IP-ranges of various VPNs and proxies. These results were shared with Netflix and other streaming services so they could take action and expand their blocklists where needed.

Based on the above it’s safe to conclude that Netflix will continue to roll out more aggressive blocking tools during the months to come. As with all blocks, this may also affect some people who use VPNs for privacy and security reasons. Whether Netflix will factor this in has yet to be seen.

TF contacted Netflix for a comment on the findings and its future plans, but a few days have passed and we have yet to receive a response from the company.

Netflix is not the only streaming service that’s targeting VPN and proxy users. A few months ago Hulu implemented similar restrictions. This made the site unusable for location “pirates,” but also U.S. based paying customers who used a VPN for privacy reasons.

 

[AnonOps]

From mobile devices to interconnected toasters: How hackers steal your info

Newsweek
04 Jan 2015 at 20:16 ET

The Wild, Wild Web: How To Catch Cybercrooks

Hacking programs are being more accessible, making taking precautions online more important.Kacper Pempel/Reuters

When cybercriminals can easily buy cheap hacking programs with exotic names like Fiesta, Lucky, Nuke, Siberia, Sploit, Tornado, Sweet Orange and Cool, what chance that anything online can remain safe? Lillian Ablon and Martin C. Libicki offer ideas for how to close down Web thieves.

Black markets for computer-hacking tools, services and by-products, including stolen credit card numbers, continue to grow, posing threats to businesses, governments and individuals. A prominent recent example was the capture of an estimated 40 million credit card numbers and 70 million user accounts in the December 2013 breach of retail giant Target. Within days, those data appeared—available for purchase—on black market websites.

The markets for cybercrime products and by-products have become so pervasive and accessible that the malicious hacking trade today can be, in certain respects and for some, more lucrative and easier to carry out than the illegal drug trade. Once the domain of lone hackers, cybercrime has become a burgeoning powerhouse of highly organized groups, often tied to drug cartels, mafias, terrorist cells and even nation-states.

It has matured into specialized markets, in which those who have gained the greatest access deal freely in the tools and spoils of the trade: exploit kits (software for creating, distributing and managing attacks), botnets (remotely controlled computers used for sending spam or flooding websites), "as-a-service" offerings (hacking for hire), compromised hosts and a continually flooded market for stolen credit card numbers and other personal credentials.

Consumers and businesses have fortified their data systems in response, but hackers have come back stronger. Increased arrests, meanwhile, spur increased media attention, which advertises the lucrative markets to those once unaware of the possibilities and reveals the tactics and techniques of law enforcement to those already in the markets, causing them to adapt. As more participants enter the market, and as current participants upgrade their methods of conducting business, the increasingly competitive and resilient hackers go after bigger targets and become harder to take down.

Everything from cars to toasters will offer hackers points of entry.

As a result, the ability to attack is outpacing the ability to defend. Hyper-connectivity—particularly through the rise of the "Internet of Things"—will create even more opportunities for attack, as everything from insulin pumps and pacemakers to cars, toasters and refrigerators will offer malicious hackers networked points of entry. Exploitation of social media networks and mobile devices will also grow. Crime will increasingly have a networked or cyber component.

Sketching the current and predicted landscape for cybercrime can lay the groundwork for exploring options to minimize the harmful influence of these markets. As part of ongoing studies on the future security environment, we examined these markets with support from Juniper Networks, a Silicon Valley manufacturer of networking equipment.

Our findings could help private firms, public law enforcement agencies and network security vendors gain a better understanding of the cybercriminal activity they aim to suppress. Without studying this activity and exploring the options to subdue it, very little is likely to change.

There are YouTube videos for "where to buy credit cards."

The black markets for cybercrime are a collection of activities that range from simple to extremely sophisticated and that operate all over the world, from New Jersey to Nigeria to China. There is no single location from which the markets emanate; a unique aspect of operating in cyberspace is that it is simultaneously nowhere specific yet everywhere. Goods and services are usually reliable.

Implementation and transactions are quick and efficient. Cybercrime black markets are comparable to other underground markets for illicit goods, such as drugs, with the difference being that digital goods carry less risk and, for some, offer greater profit. Some organizations can make hundreds of millions of dollars per year.

The number of participants in cyber black markets is likely to rise, because it is easier to get involved than it was 10 years ago. This is due to the proliferation of websites, forums and chat channels where goods can be bought and sold. An increased number of YouTube videos and Google guides for "how to use exploit kit X" or "where to buy credit cards" also facilitates entry into the market, especially for buyers.

Figure 1 shows the proliferation of exploit kits over the past decade. Too numerous to name them all, the kits tend to go by feisty names such as Fiesta, Liberty, Lucky, Nuke, Siberia, Sploit, Tornado, Blackhole, Whitehole, Sweet Orange and Cool. The price for kits varies based on whether they are purchased outright or rented. Do-it-yourself kits can cost as little as $15; high-end rentals can command $10,000 per month.

Figure 1. Dozens of New Exploit Kits Expand the Cybercrime Market Each Year, While the Old Kits Remain in Use

SOURCE: Markets for Cybercrime Tools and Stolen Data: Hackers' Bazaar, 2014. NOTE: Annual data are noncumulative.

Originally, the major players in the cyber black market were former state employees of Eastern European countries who were well educated but found themselves searching for gainful employment after the Berlin Wall fell in 1989. Since then, the entrepreneurial savvy of the players has soared with the entry of a whole new generation of "digital natives" who can do more things for themselves. (They do not have to, for example, hire anyone to reverse-engineer a program or create an exploit.)

In terms of quantity, the leaders in malware attacks today operate out of China, Latin America and Eastern Europe. In terms of quality, the leader is Russia. There are Vietnamese groups that focus on e-commerce, while a majority of Russian, Romanian, Lithuanian, Ukrainian and other Eastern European groups focus on attacking financial institutions.

Chinese hackers are believed to focus on seizing intellectual property, as underscored in May 2014 by the U.S. Department of Justice's accusations against five members of the Chinese military who have allegedly stolen trade secrets from five American companies and the United Steelworkers.

Some groups have partnered across international lines. As one expert put it, "Groups that would traditionally never work together are working together." One Vietnamese group partnered with Nigerians on a fraud scheme involving stolen e-commerce accounts. A Colombian group set up money-laundering "villages" in China.

U.S.-based participants in the market are becoming more involved. In 2007, the majority of participants were from Russia, with the United States having only a small representation. By 2013, almost a fifth of the market was U.S.-based, ranked third behind Ukraine and Romania.

Although English is the universal language of commerce, it is not necessarily the universal language of this commerce. The Web forums are generally in Russian or Ukrainian. There are reports of English-only, Mandarin-only, German-only and Vietnamese-only sites, among others. At the same time, the victim-deception campaigns of "phishing," "spear-phishing" and other social engineering operations are typically conducted in English, because a majority of the targeted victims know that language.

A stolen Twitter account now costs more than a stolen credit card.

The product slate keeps evolving with the technology. Malware for mobile devices has been growing, in part because attacking mobile devices now brings in money faster than attacking personal computers.

A stolen Twitter account now costs more than a stolen credit card, because a Twitter account potentially has a greater yield, for two reasons: A Twitter account can be used to target friends and family through spear-phishing schemes, and many unsuspecting consumers use the same password for their social media accounts as they do for their online banking and e-commerce accounts. Twitter is also becoming a channel of choice for the everyday transactions of malicious hackers, who are increasingly using private Twitter accounts to make deals rather than using open online forums or chat rooms.

Whatever is new or novel for the traditional consumer—from mobile devices to cloud computing to social media platforms—offers new entries for attack and will thus elicit a counterpart exploit on the black market. The trend will accelerate, because more and more of the world will have a digital component: By 2020, the number of connected devices will outnumber that of connected people by a ratio of 6:1, compared with about 3:1 today, doubling the avenues of potential exploitation.

Law enforcement "takedowns" (or arrests) have had little effect on the size or composition of the black market. As one entity goes down, another takes its place, often within days. As the enduring entities implement countermeasures (such as stronger encryption, more vetting and increased stealth), the market just hiccups, becoming somewhat less accessible and less open but mostly returning to normal.

More of the market's transactions simply move to the "darknet"—that is, to anonymous private networks that use encryption and proxies to obfuscate who is communicating with whom. Illicit websites are also starting to accept only digital cryptocurrencies, with their anonymity, non-traceability and other security advantages.

As one entity goes down, another takes its place, often within days.

The consequences of takedowns are transitory not only because of the market behaviors cited above but also because many countries condone hacker activity that is illegal in the United States. One Russian hacker was arrested, released on a technicality, given an apology and now has ties to the government. China tends to turn a blind eye as well. On the other hand, Vietnam is very helpful to law enforcement groups, and Romania, Ukraine and Poland have been selectively helpful.

Despite the transitory effects of cybercrime takedowns, they have recently been on the rise, for three reasons. First, law enforcement has gotten better over the past 10 to 15 years. Those entering the profession today have grown up comfortable with technology and computers, and training in the digital world has improved for law enforcers all over the world.

Overseas partnerships and cross-pollination of ideas have also strengthened law enforcement—although perhaps more so at the federal level. Leadership in law enforcement, intelligence and the U.S. Department of Defense has accorded cybercrime top priority and moved resources accordingly.

Second, suspects are going after bigger targets and thus are attracting more attention. Since around 2002, attacks have shifted from opportunistic one-offs (against whichever individuals may have been unsecure) to companies. Now that companies understand they are targets, they are more willing to work with law enforcement, and the public-private partnership has tightened.

Third, because almost every aspect of crime today involves a digital component, law enforcement has a multitude of opportunities to encounter crime in cyberspace and to learn from these encounters. (Figure 2 illustrates the biggest data breaches in history as a result of malicious hacking.)

However, as mentioned above, law enforcement could also become a victim of its own success. More arrests and takedowns lead to more media coverage, drawing more perpetrators into the black markets and compelling those already in the markets to grow smarter.

Data breaches by size (number of user accounts captured by hackers)

Figure 2. Data Breaches Show No Sign of Letting Up

SOURCE: InformationisBeautiful.net, as of July 2, 2014. Used and adapted under Creative Commons Attribution-NonCommercial 3.0 licensing guidelines. NOTE: Orange represents an "interesting story"; the other colors are grouped generally by year.

Today, malicious hackers appear to have the upper hand. The maturation of cybercrime markets threatens individuals, businesses, law enforcement agencies, national governments and military services around the world. The deleterious effects on cybersecurity suggest the need for coordinated efforts across the private and public sectors, nationally and internationally, to suppress the black market activity.

In the private sector, computer security companies, device manufacturers, Internet service providers and defense contractors should routinely collaborate on developing updated approaches to thwarting online attacks. Beyond the technical solutions (such as ever-thicker firewalls and ever-stricter access controls), there are intriguing possibilities for private firms to harness the power of their legitimate markets to fight illegitimate ones.

For example, more private firms could sponsor "bug bounty" programs or related contests, which offer financial rewards to anyone who finds or reports a bug, virus or other vulnerability in a particular computer software product. Google's bounty program pays $3,000 to $5,000 for ordinary, easier-to-find bugs, with bounties in the range of $20,000 or even upward of $200,000 or more for exotic and exceptionally nefarious bugs, or those that affect a large market segment.

The U.S. government could funnel money to security vendors to help with their bug bounty programs, or even create its own. As for computer hacking contests, one good example is the annual Pwn2Own competition, which began in 2007 and paid out $850,000 of prize money in 2014.

Companies could offer pay to lure hackers away from illicit markets.

Commercial companies, defense contractors and government agencies alike could also offer better pay and incentives to lure talented hackers away from the illicit markets and into legitimate business and government operations (especially those targeting the activities of other hackers).

All of these strategies could work in tandem: The bug bounty programs and recurrent contests could serve as recruiting programs for permanent hires. With better pay and incentive packages, the savviest hackers would gravitate toward legitimate work, and the private firms and government agencies would reap the benefits while removing the dangers. Over time, this approach might even stop the arms race between security vendors and those trying to render their products obsolete.

When hackers succeed in stealing customer data and placing the data on the open market, banks or other merchants could possibly buy back their customers' stolen information. This strategy would raise valid ethical questions about legitimate businesses participating in the black market for the implicit purpose of paying "ransom" for data "hostages."

But if the information is already stolen, this strategy might be a viable way to protect it. On the other hand, this strategy could backfire by alerting the attackers to what merchants believe is most important, or most vulnerable, thereby bidding up the price for this particular kind of stolen data and enticing the thieves to seize even more.

Law enforcement agencies could pursue several strategies, some of which would benefit from advice from computer security firms. For instance, law enforcement agencies could explore the costs and benefits of establishing fake credit card shops, fake forums, fake websites or other cyber sting operations to boost the number and quality of arrests, while simultaneously tarnishing the reputation and confidence of the black markets.

These agencies could also explore the ramifications of hacking back—or including an offensive component within law enforcement—to deny, degrade or disrupt black market business operations. The lessons learned from infiltrating, disrupting and combating the black markets for illegal drugs and illegal arms could also be applied to the black markets for cybercrime.

Law enforcement could establish fake credit card shops, fake forums, fake websites.

Law enforcement and other government agencies could perhaps use the black market to their advantage in their own offensive operations: By using black market cybergoods, such as exploit kits and encryption tools, a government officer would appear online as just another criminal, would not stand out and would reduce the risk of being "fingerprinted."

Public opinion could collapse, however, if word got out that the U.S. government were involved in the black market. Therefore, this tactic might be allowed for only highly sensitive operations or extremely targeted attacks.

Law enforcement agencies will also need to determine whether it is more effective to pursue the small number of top-tier cybercriminals or the large number of lower-tier participants. Worldwide, law enforcement agencies will need to work together to prosecute and extradite the most wanted criminals, coordinating their arrests and indictments.

From a regulatory standpoint, both private companies and law enforcement agencies should inform legislators about the costs and benefits of implementing various potential mandates: for encryption on point-of-sale terminals (cash registers and online shopping carts), for safer storage of passwords and user credentials, for worldwide adoption of credit cards with embedded computer chips and personal identification numbers and for regular checks of websites to prevent common vulnerabilities. All such mandates would be intended to put a dent in the black market or to force major changes in how it operates.

The urgency of these strategies will grow over time. In their absence, not only will very little likely change to deter the criminals, but the victims will stand to lose more and more.

A Glossary of Cybercrime

As-a-service: pertaining to outsourced hacking.

Botnet: a collection of compromised computers remotely controlled by a central authority to send out spam, spread malware, launch attacks or support illegal websites.

Bug bounty: a reward given for finding and reporting a bug or vulnerability in a computer software product.

Cryptocurrency: a digital currency that incorporates codes and often offers anonymity.

Darknet: an anonymous private network that uses encryption and proxies to obfuscate who is communicating with whom.

Distributed denial of service: an attack by multiple compromised systems on a single system.

Encryption: the process of encoding messages or information in such a way that only authorized parties can read it.

Exploit kit: a tool that can be used to create, distribute and manage malware to control user Web traffic, infect users or manage networks of infected machines.

Fraudware/fakeware: malicious software that poses as legitimate but is really not; it may falsely notify a user that a computer is infected with (other) malware.

Hacking: gaining access to a computer surreptitiously.

Malware: software intended to damage or disable computers or computer systems. Types of malware include viruses, worms, and Trojans.

Phishing: the attempt to capture usernames, passwords, and financial information by masquerading as a trustworthy entity using email or other electronic communications.

Rippers: people who do not provide the underground goods or services they advertise.

Spear-phishing: phishing attempts directed at specific individuals or companies.

Watering-hole attack: an attack on a popular website to infect all legitimate visitors.

Zero-day vulnerability: an exploitable vulnerability unknown to a software vendor and for which no patch has been created.

 

[NewWorldRecord]

'Password' and '123456' keep top spot on list of most popular passwords, as security experts panic

New entries include '696969' and 'batman'

Andrew Griffin
Tuesday 20 January 2015

The most popular passwords in 2014 were also the most obvious —leading security experts to once again urge people to change their passwords.

As with 2013, variations on passwords like 123456 continue to be the most popular passwords. Other obvious choices such as “password” and “qwerty” are also in the top five.

But other new (if still easily guessable) passwords have made the list, including “696969” and “batman”.

The data is compiled from leaked passwords in 2014, by password company SplashData. The passwords used were mostly from North American and Western European leaks — a large batch of leaked passwords from Russian accounts were excluded from the list, for example.

SplashData recommends using passwords of eight characters or more, with mixed types of characters such as numbers or special letters. It also suggests not using the same username and password on multiple websites — a process that can be helped out with automatic password management programs like LastPass or SplashID.

The full list of the worst passwords is:

1 123456 (Unchanged from 2013)

2 password (Unchanged)

3 12345 (Up 17)

4 12345678 (Down 1)

5 qwerty (Down 1)

6 1234567890 (Unchanged)

7 1234 (Up 9)

8 baseball (New)

9 dragon (New)

10 football (New)

11 1234567 (Down 4)

12 monkey (Up 5)

13 letmein (Up 1)

14 abc123 (Down 9)

15 111111 (Down 8)

16 mustang (New)

17 access (New)

18 shadow (Unchanged)

19 master (New)

20 michael (New)

21 superman (New)

22 696969 (New)

23 123123 (Down 12)

24 batman (New)

25 trustno1 (Down 1)

 

[MagoichiSaika]

​

 

[MagoichiSaika]

​