• IP addresses are NOT logged in this forum so there's no point asking. Please note that this forum is full of homophobes, racists, lunatics, schizophrenics & absolute nut jobs with a smattering of geniuses, Chinese chauvinists, Moderate Muslims and last but not least a couple of "know-it-alls" constantly sprouting their dubious wisdom. If you believe that content generated by unsavory characters might cause you offense PLEASE LEAVE NOW! Sammyboy Admin and Staff are not responsible for your hurt feelings should you choose to read any of the content here.

    The OTHER forum is HERE so please stop asking.

Hacking 101

Yukimura Sanada

Alfrescian (InfP)
Generous Asset


1965638752416fd6e96bdf9f06807f378a577a53.png



 

Darth Vader

Alfrescian (InfP)
Generous Asset


Hacker takes control of hundreds of rooms in hi-tech 5-star Shenzhen hotel

PUBLISHED : Tuesday, 29 July, 2014, 3:28am
UPDATED : Tuesday, 29 July, 2014, 2:22pm

James Griffiths [email protected]

shenzhenhotel-0729-net.jpg


The St Regis gives guests an iPad that controls room functions.

A San Francisco-based cybersecurity expert claims he has hacked and taken control of hundreds of highly automated rooms at a five-star Shenzhen hotel.

Jesus Molina was staying at the St Regis Shenzhen, which provides guests with an iPad and digital "butler" app to control features of the room including the thermostat, lights, and television.

Realising how vulnerable the system was, Molina wrote a piece of code spoofing the guest iPad so he could control the room from his laptop.

After some investigation, and three room changes, he discovered that the network addresses of each room and the devices within them were sequential, allowing him to write a script to potentially control every one of the hotel's more than 250 rooms.

"Hotels are particularly bad when it comes to security," Molina said. "[They're] using all this new technology, which I think is great, but the problem is that the security architecture and security problems are way different than for residential buildings".

With residential automation, Molina explained, most systems will be closed and encrypted. However, in hotels and airports "or any other space where a lot of people access the network", keeping the network secure is far more difficult.

Molina said the KNX automation system the hotel used was also insecure, which made the hack easier.

"I'm an ethical hacker, if you can say that," Molina said, explaining why he didn't immediately plunge the entire hotel into darkness or switch every television to the same channel. Instead, he stood in the corridor and triggered the do-not-disturb lights, "so I knew I was able to control the room and everything inside".

Molina reported the problem to hotel management, which disabled the entire network while they sought a more secure automation solution. Molina said he hoped the hack, and the attention it had received, would lead to more hotels improving their security systems.

Joost Demarest, a spokesman for the KNX Association, said the most recent version of the standard did feature authentication and encryption and that it was "essential that separate Wi-fi networks are used" for the purposes of guest internet access and automation.

In a statement, St Regis Shenzhen said it had "temporarily suspended the control system of the in-room iPad remote controls for system upgrading".

The hotel described Molina's claim that he took control of the automation system as "unsubstantiated".

Molina will present his findings at the Black Hat Briefings cybersecurity conference in Las Vegas next month.

"The hotel industry needs to wake up when it comes to security," he said of the risk posed to guests by open hotel Wi-fi networks.

"People think that they go to these portals and put in their room number and last name and then you access the internet," but anyone connected to the Wi-fi, even non-guests "can still see you, because we're on the same network".

Security experts have long warned of the dangers of public Wi-fi.

"We have seen an increase in the misuse of Wi-fi in order to steal information, identity or passwords and money from users who use public or insecure Wi-fi connections," Troels Oerting, head of pan-European police force Europol's cybercrime centre, told the BBC in March.


 

StarshipTroopers

Alfrescian (InfP)
Generous Asset


Chinese hackers attack US hospital, stealing 4.5 million patients' records

Personal information stolen - but credit card and medical data remained untouched, US company says

PUBLISHED : Tuesday, 19 August, 2014, 11:26am
UPDATED : Tuesday, 19 August, 2014, 11:26am

Reuters and AFP in New York

magnifying_glass_reuters.jpg


Chinese hacking groups are known for seeking out intellectual property such as product design or information. Photo: Reuters

Chinese hackers allegedly attacked one of America’s biggest hospital groups, stealing personal data belonging to 4.5 million patients – making it the largest such breach since tracking started five years ago.

Community Health Systems (CHS), which operates 206 hospitals across the Unites States, said the hackers infiltrated their systems in April and June this year using “highly sophisticated malware and technology” to bypass its data security protection.

Information such as patient names, addresses, birth dates, telephone numbers and Social Security numbers of people who were referred or received services from CHS-affiliated doctors in the last five years.

Medical information, intellectual property information or any credit card data were untouched, it said.

An investigator said the attackers appeared to be from a sophisticated hacking group in China that had breached other major US companies across several industries.

“They have fairly advanced techniques for breaking into organisations as well as maintaining access for fairly long periods of time without getting detected,” said Charles Carmakal, managing director with FireEye Inc’s Mandiant forensics unit, which led the investigation of the attack.

Working with security experts, CHS said it discovered information that the attackers were a group originating from China which works steadily to gain access to a target’s systems to steal data rather than cause damage to the systems.

Carmakal and CHS officials declined to name the group or say if it was linked to the Chinese government, which US businesses and officials have long accused of orchestrating cyber-espionage campaigns around the globe.

The Department of Homeland Security said it believed the incident was isolated to Community Health Systems, although it shared technical details about the attack with other health care providers.

A department official told Reuters it was too soon to confirm who was behind the attack.

“While attribution of this incident is still being determined by a range of partners, we caution against leaping to premature conclusions about who or how many actors are behind these activities,” said the official, who was not authorised to discuss the investigation publicly.

Social Security numbers and other personal data are typically stolen by cybercriminals to sell on underground exchanges for use by others in identity theft.

chs.jpg


The CHS website. Photo: Screenshot

CHS said it removed malicious software used by the attackers from its systems and completed other “remediation steps”. It is now notifying patients and regulatory agencies, as required by law.

CHS said it would offer affected patients identity-theft protection services.

The scope of those victimised would make this the largest cyber attack of its type involving patient information since a US Department of Health and Human Services website started tracking such breaches in 2009.

The previous record, an attack on a Montana Department of Public Health server, was disclosed in June and affected about 1 million people.

In May, a US grand jury indicted five Chinese military officers on charges they hacked into US companies for sensitive manufacturing secrets, the toughest action to date taken by Washington to address cyberspying. China has denied the charges. FBI spokesman Joshua Campbell said his agency was investigating the case, but declined to elabourate.

Cybersecurity has come under increased scrutiny at health care providers this year, both by law enforcement and attackers.

The FBI warned the industry in April that its protections were lax compared with other sectors, making it vulnerable to hackers looking for details that could be used to access bank accounts or obtain prescriptions.

Over the past six months, security firm Mandiant has seen a spike in cyberattacks on health care providers, although this was the first case it had seen in which a sophisticated Chinese group has stolen personal data, according to Carmakal.

Chinese hacking groups are known for seeking out intellectual property such as product design or information that might be of use in business or political negotiations.

“It’s hard to tell why these guys took the data or what they plan to do with it,” said Carmakal, whose firm monitors about 20 hacking groups in China.

Dmitri Alperovitch, chief technology officer with cybersecurity firm CrowdStrike, said Chinese hackers sometimes attack health care providers to obtain medical records of government officials and even potential intelligence assets.

“Maybe they were trying to get at the medical data, but for some reason they couldn’t, so they exfiltrated everything else, figuring that it might somehow be helpful,” Alperovitch said.


 

SpaceTruckin

Alfrescian (Inf)
Asset


Chinese hackers targeted MH370 investigation a day after jet went missing: report

Malware disguised as a news report that the missing Boeing 777 had been found was emailed to Malaysian officials on March 9, according to report


PUBLISHED : Wednesday, 20 August, 2014, 12:14pm
UPDATED : Wednesday, 20 August, 2014, 5:35pm

Patrick Boehler [email protected]

mh-kl.jpg


An Malaysia Airlines plane taxis on the tarmac at Kuala Lumpur International Airport. Photo: Reuters

Chinese hackers have targeted Malaysian government departments involved in the search for Malaysia Airlines flight 370, a Malaysian newspaper said on Wednesday.

Malware disguised as a news report that the missing jet had been found was emailed to Malaysian officials on March 9, a day after the airliner disappeared in mid-air, The Star said, citing CyberSecurity Malaysia chief executive Amirudin Abdul Wahab.

CyberSecurity Malaysia is a government agency under the Science, Technology and Innovation Ministry.

In a statement to the South China Morning Post, a spokesman said the agency's digital forensics team provided technical assistance to targeted departments. However, the agency declined to say which departments had been targeted and how.

The Star report said affected agencies included Malaysia’s Civil Aviation Department, the National Security Council and Malaysia Airlines, which is majority owned by the Malaysian government.

Malaysian police were investigating the attack, the newspaper said. The information office of Malaysia's Ministry of Home Affairs, which overseas the Royal Malaysia Police could not be reached for comment on Wednesday.

Once the hackers gained access to the networks, the government departments registered a flood of outgoing e-mails, the report said. The outgoing e-mails included classified documents, the report said.

By the time the transmissions were blocked and the affected computers shut down, an unspecified amount of information had already been sent from Malaysian government computers to China, it said.

Such a hacking attack is not technically difficult, but requires preparation, said Dhillon Andrew Kannabhiran, founder and CEO of Kuala Lumpur-based Hack In The Box, which organises IT security conferences.

The timing of the attack, one day after the plane went missing, meant that the attackers had the PDF malware ready to use to infect the Malaysian government computers, he said.

Kannabhiran said investigators could only trace the stolen documents to where they had been sent to, but that might not provide definitive clues to who hacked into the computers.

Stolen documents are often sent to "some other compromised machine belonging to an innocent victim not connected with the attacker”, he said.

Flight MH370 went missing more than an hour after it took off from the Malaysian capital Kuala Lumpur in the early hours of March 8 bound for Beijing, sparking an international search for the plane.

China participated in the multinational search effort in the Indian Ocean, which has so far been futile. Acoustic signals suspected to have come from the missing plane’s black boxes indicated that the airliner left its route to China, turned southwest and crashed in the southern Indian Ocean.

Australia is leading the search effort assisted by the PLA navy ship Zhu Kezhen and private contractors, scouring the vast ocean floor off Australia’s western shore with sonar equipment.

Australian Prime Minister Tony Abbott said on Wednesday that a new underwater hunt for the missing Boeing 777 had a “reasonable chance” of finding the plane, adding that searchers would not give up easily.

Experts have used technical data to finalise the most likely resting place of the plane deep on the ocean seabed and are preparing for a more intense underwater search to find it.

“They are now going to search the entire probable impact zone which is, from memory, something like 60,000 sq km of the ocean floor, off the coast of Western Australia,” Abbott told the Australian Broadcasting Corporation.

Abbott has repeatedly said Australia will do its utmost to find the plane and help determine what went wrong with the Boeing 777 to provide closure to the families of those onboard and the flying public generally.

“We’re determined to do the right thing by the Australian families who lost their loved ones in this plane, we’re determined to do the right thing by all of the bereaved families,” he said.

“And we’ve got a long way to go before we’re going to give this one up.”

Among the 227 passengers on board, 152 were Chinese and six were Australians.

India in March rejected a Chinese request to enter territorial waters in the Andaman Sea in an effort to search for the missing jet, before search efforts switched to the area off the coast of Western Australia, over concerns that the request might be an excuse for military snooping.

Additional reporting by Agence France-Presse


 
Top