IP addresses are NOT logged in this forum so there's no point asking. Please note that this forum is full of homophobes, racists, lunatics, schizophrenics & absolute nut jobs with a smattering of geniuses, Chinese chauvinists, Moderate Muslims and last but not least a couple of "know-it-alls" constantly sprouting their dubious wisdom. If you believe that content generated by unsavory characters might cause you offense PLEASE LEAVE NOW! Sammyboy Admin and Staff are not responsible for your hurt feelings should you choose to read any of the content here. The OTHER forum is HERE so please stop asking.
Iranian hacker team creates false identities to target Facebook friends
Espionage team creates fake identities on social networks, then builds relationships it can exploit with key international figures
PUBLISHED : Thursday, 29 May, 2014, 9:58pm
UPDATED : Thursday, 29 May, 2014, 9:58pm
Reuters in Boston
In an unprecedented, three-year cyber espionage campaign, Iranian hackers created false social-networking accounts and a fake news website to spy on military and political leaders in the United States, Israel and other countries, a cyber intelligence firm said yesterday.
ISight Partners, which uncovered the operation, said the hackers' targets included a four-star US navy admiral, US lawmakers and ambassadors, members of the US-Israeli lobby, and others from Britain, Saudi Arabia, Syria, Iraq and Afghanistan.
The firm declined to identify the victims and said it could not say what data had been stolen by the hackers, who were seeking credentials to access government and corporate networks, as well as infect machines with malicious software.
"If it's been going on for so long, clearly they have had success," said iSight executive vice-president Tiffany Jones. The privately held company is based in Dallas, Texas and provides intelligence on cyber threats.
ISight dubbed the operation Newscaster because it said the Iranian hackers created six "personas" who appeared to work for a fake news site, NewsOnAir.org which used content from the Associated Press, BBC, Reuters and other media outlets. The hackers created another eight personas who purported to work for defence contractors and other organisations, iSight said.
The hackers set up false accounts on Facebook and other social networks for these 14 personas, populated their profiles with fictitious personal content, and then tried to befriend target victims, according to iSight.
The operation had been active since at least 2011, iSight said, noting that it was the most elaborate cyber espionage campaign using "social engineering" uncovered to date from any nation.
To build credibility, the hackers would approach high-value targets by first establishing ties with the victims' friends, classmates, colleagues, relatives and other connections over social networks run by Facebook, Google and YouTube, LinkedIn and Twitter.
The hackers would initially send the targets content that was not malicious, such as links to news articles on NewsOnAir.org in a bid to establish trust. Then they would send links that infected computers with malicious software, or directed targets to websites that asked for log-in credentials, iSight said.
The hackers used the 14 personas to make connections with more than 2,000 people, the firm said, adding that it believed the group ultimately targeted several hundred individuals.
"This campaign is not loud. It is low and slow," said Jones. "They want to be stealthy. They want to be under the radar."
ISight said it had alerted some victims and social networking sites as well as the US Federal Bureau of Investigation and overseas authorities.
Facebook spokesman Jay Nancarrow said the company had discovered the hacking group while investigating suspicious friend requests and other activity on its website.
"We removed all of the offending profiles we found to be associated with the fake News- OnAir organisation, and we have used this case to further refine our systems that catch fake accounts at various points of interaction on the site and block malware from spreading," Nancarrow said.
LinkedIn spokesman Doug Madey said the site was investigating the report, though none of the 14 fake profiles uncovered by iSight were currently active.
ISight disclosed its findings as evidence emerges that Iranian hacking groups are becoming more aggressive.
Cybersecurity company FireEye reported this month that a group known as the Ajax Security Team had become the first Iranian hacking group to build malicious software for espionage.
Iranian hackers stepped up their activity in the wake of the Stuxnet attack on Tehran's nuclear programme in 2010. The Stuxnet computer virus is widely believed to have been launched by the US and Israel.
ISight said it could not ascertain whether the hackers were tied to the government in Tehran, though it believed that they were supported by a nation state because of the complexity of the operation.
The firm said NewsOnAir.org was registered in Tehran, and was likely hosted by an Iranian provider.
2,000 Singapore users affected by GOZ, CryptoLocker malware
SINGAPORE: The Infocomm Development Authority of Singapore (IDA) confirmed on Wednesday (June 11) that there are 2,000 users in Singapore affected by the Gameover Zeus (GOZ) and CryptoLocker malware, which have hit users internationally.
A multi-national agency effort had earlier this month disrupted the GOZ botnet as well as the CryptoLocker malicious software.
The IDA spokesperson told Channel NewsAsia: "The United States authorities found 2,000 affected users in Singapore and informed SingCERT (Singapore Computer Emergency Response Team), who is working with the local ISPs (Internet service providers) to notify them."
"So far, no Government e-services have been affected. We will continue to strengthen all Government websites and e-services by taking the necessary security measures such as checking and fixing vulnerabilities and patching software," the spokesperson added.
GOZ and CryptoLocker malware encrypt a user's information and demand a ransom from the user in order to decrypt the files. Systems infected by either of the malware could be used to send spam, participate in distributed denial-of-service (DDoS) attacks or cause users to lose sensitive information such as user names, passwords and banking data.
In a blogpost on Wednesday, SingCERT identified the following systems to be affected by the two malware:
- Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8 - Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012
SingCERT advised affected users to scan their computers with an updated anti-malware solution to remove Zeus and other known malware, change all user names and passwords, and to back up important files regularly.
INTERNATIONAL IMPACT The United Kingdom's National Crime Agency (NCA) had issued a warning on June 2 that the GOZ botnet could be up in just two weeks, and urged people to protect their computers from an expected "powerful computer attack".
The US Computer Emergency Readiness Team (US-CERT) posted a technical alert on its website the same day, announcing a multi-national effort that disrupted the GOZ botnet - a global network of infected victim computers used by cybercriminals to steal millions of dollars from businesses and consumers.
"Gameover Zeus' decentralised, peer-to-peer structure differentiates it from earlier Zeus variants. Security researchers estimate that between 500,000 and 1 million computers worldwide are infected with GOZ. The FBI estimates that GOZ is responsible for more than US$100 million in losses," the United States Department of Justice stated in a separate press release.
Updated: 06/11/2014 22:14 | By Channel NewsAsia
GOZ, CryptoLocker infections - tip of the iceberg?
SINGAPORE: Up to a million computers world wide could be hit by the Gameover Zeus and CryptoLocker malware. Gameover Zeus comes innocently in the form of an email, usually from a trusted source - like your friends. The emails have an attachment and if downloaded, your PC will be infected immediately.
Hackers use the malware to perform any kind of operation on your PC. In this case, it commands the installation of Cryptolocker - a kind of cyber-extortion programme. Cryptolocker encrypts all your files, like pictures and documents. It demands a ransom be paid, either by you or a third party, within 72 hours, for the release of your information. If you don't, you lose your data.
"Zeus was one of the most dominant bots in the world. Gameover is the next generation of Zeus, so it is about as sophisticated as it gets. However most of the endpoint protection systems that protect PCs have a mechanism that prevents Zeus or Gameover Zeus from getting on your PC, so somehow these PCs that have gotten infected have made it pass some of the more common intrusion prevention systems," explained Dr Naveen Bhat, Vice-President of Ixia.
The Infocomm Development Authority of Singapore (IDA) told Channel NewsAsia on Wednesday (June 11) that "the United States authorities found 2,000 affected users in Singapore and informed the Singapore Computer Emergency Response Team or SingCERT, who is working with local Internet Service Providers to notify them."
It added that so far, no e-Government services have been affected. Still, authorities will continue to strengthen all Government websites and e-services by taking the necessary security measures such as checking and fixing vulnerabilities and patching software.
SingCERT said some of the systems affected are Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8; Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012.
"It could be the tip of the iceberg, but it's really hard to tell, because what has been reported is an attack by the bots and these bots are pieces of software that sit on your machine and they stay dormant. So we have no way of telling if it's 2,000 or 20,000 at this point," said Dr Bhat.
The Gameover Zeus malware network was shut down by an international police effort this month, spearheaded by the Federal Bureau of Investigation. The mastermind behind it is allegedly Evgeniy Mikhailovich Bogachev from Russia. The FBI estimates that Gameover Zeus is responsible for more than US$100 million in losses. |
Microsoft said in a blog post dated June 2 that it has worked closely with the FBI and industry partners, and has taken action to remove malware, so that infected computers can no longer be used for harm.
IT security firm Trend Micro predicts that there will be one major data breach incident globally every month this year. Attacks will be more targeted, malicious and with more attacks via mobile devices, with the proliferation of smart phones.
"People have to be smart. No amount of government policy or procedures, guidelines will be able to save somebody if they can't save themselves," said Dr Bhat. "So every single individual has to understand the basics of computer security. Make sure that they don't click on either suspicious or anything that could trigger a download of some other software. So people have to educate themselves, people have to educate their kids, because quite often, kids do this, they don't know what the are doing."
He also said the Government should take the lead in educating the public on cyber safety. "Set up some guidelines, protection mechanisms that you set up around the whole country so you have the perimeter well-guarded. You can set up policies for enterprises, the defence department and other organisations. They have to pass certain audits, resiliency checks to ensure that their networks are constantly upgraded to defend against attacks."