Wednesday, 8 May 2013

Microsoft Internet Explorer 8 government attack spreads to nine other sites

Nine more websites have fallen victim to a sophisticated cyber attack targeting a zero-day vulnerability in Microsoft's Internet Explorer 8 (IE8).
AlienVault reported uncovering at least another nine hijacked legitimate websites being used by hackers to spread espionage-focused malware.
"We have found that the US Department of Labor website wasn't the only entity affected and we can confirm that at least nine other websites were redirecting to the malicious server at the same time," wrote AlienVault's Jaime Blasco.

"The list of affected sites includes several non-profit groups and institutes as well as a big European company that plays on the aerospace, defence and security markets."
The attack was originally discovered by AlienVault on 1 May, targeting a vulnerability in IE8. Microsoft confirmed that it is aware of the issue and is working on a patch to plug the vulnerability.
"We released Security Advisory 2847140 to alert customers to a vulnerability affecting Internet Explorer 8. Internet Explorer 6, 7, 9 and 10 are not affected," said Microsoft Trustworthy Computing group manager Dustin Childs.
"We strongly encourage customers to follow the workarounds listed in the advisory while we continue working on a full update to address this issue."
The malware is similar to one used in a previous cyber assault believed to stem from China and lets hackers steal useful information such as what security programmes the infected computer system has, as well as which Java and Flash version is being used.
"We do not know if China is responsible but the techniques, the exploit code and the usage of that piece of malware matches what CrowdStrike reported a few months ago and was linked to Chinese actors," Blasco told V3.
Researchers have warned that even with the promised patch, it is likely that the hacker will continue to target the exploit. Security expert Brian Krebs cited the exploits' appearance on free penetration testing service Metasploit as proof that it is only a matter of time before it appears on automated exploit kits like Blackhole.
Krebs wrote: "A new module that exploits this IE8 bug is now available for the Metasploit Framework, a free penetration testing tool. I would expect this exploit or some version of it will soon be rolled into commercial exploit kits that are sold in the cybercrime underground (assuming this has not already happened)."
The attack is one of many to believed to have stemmed from Chinese hackers. Most recently Verizon reported that 96 percent of the known espionage attacks targeting its networks stemmed from China.
Worse still, the US Department of Defense said that the methods used in the attacks are becoming more sophisticated in its Military and Security Developments Involving the People's Republic of China 2013 report to Congress on Monday.

Queen's Speech reveals government's renewed plans for mobile and internet monitoring

The UK government has promised law enforcement agencies new mobile and internet monitoring powers to help combat criminals and terrorists in cyberspace. The plans were revealed by the Queen during a speech on Wednesday and will mainly relate to tracking the activities of specific IP addresses.
The Queen said: "In relation to the problem of matching internet protocol addresses, my Government will bring forward proposals to enable the protection of the public and the investigation of crime in cyberspace."
In its briefing report on the Queen's comments the government claims that the new powers are essential to ensuring the country remains protected against the growing cyber threat.
"As the way in which we communicate changes, the data needed by the police is no longer always available," reads the report. "In order to know who has actually sent an email or made a Skype call, the police need to know who used a certain IP address at a given point in time. Without this, if a suspect used the internet to communicate instead of making a phone call, it may not be possible for the police to identify them."
Law enforcement in the UK already has the power to track phone calls and text messages. The exact details of the new powers remain unknown, though the report indicates that law enforcement will have to justify why they need to use them.
The report continues: "Communications data helps to keep the public safe: it is used by the police to investigate crimes, bring offenders to justice and to save lives. This is not about indiscriminately accessing internet data of innocent members of the public."
The government said it is already working with businesses that will be affected by the new powers. The report mentions voice calling and instant messaging service Skype by name, but at the time of publishing the company had not responded to V3's request for comment on this.
The news comes just after the government chose to kill the controversial Communications Data Bill. Commonly called the Snooper's Charter by rights groups, the legislation would have granted law enforcement the power to force internet service providers (ISPs) to store details of everyone's internet use for up to a year.
The Open Rights Group cautiously welcomed the proposed powers, saying that they are a marked improvement on those previously proposed.
The Open Rights Group's Jim Killock said: "This may still go beyond the basic principle of recording data for business purposes, and allowing lawful access to it when necessary, but is a long way from the original proposals for sweeping trawls for data, plus engines to analyse it.
"However, we have not removed the underlying assumption that recording information about everyone's phone and internet communications is necessary to combat terrorism."
The new powers are one of many initiatives from the UK government designed to improve law enforcement's anti-hacker powers. The initiatives come as a part of the UK's wider cyber strategy and include the creation of a new national cybercrime unit later this year.
Metropolitan Police Central e-crime Unit head Charlie McMurdie warned that even with the new powers police will need help from businesses to combat the growing number of cyber attacks targeting industry, during a question and answer session at Infosec in London earlier in the year.

China dismisses the Pentagon's cyber spying allegations

China map
China has condemned the US government for releasing a scathing review of the country's cyber attack potential.
In a recent report, the US Department of Defense (DOD) warned that the Chinese military had the skills to mount a cyber attack on government infrastructure.
However, during a recent press conference, Chinese Foreign Ministry spokeswoman Hua Chunying said the country only uses cyber security for defence purposes.
"China resolutely opposes any hacking attack and would like to hold candid and constructive talks with the United States on cyber security. But groundless accusations and speculation will only damage both sides' efforts to talk," said Hua.
In an 83-page report, named the Military and Security Development involving the People's Republic of China 2013, the DOD said that the Chinese Military was behind attacks on US government computer networks last year.
The report said that the Chinese government is predominantly engaged in hacks for the purpose of cyber espionage. Officials also believe that Chinese hackers have the abilities to bring Stuxnet-level attacks on US infrastructure.
China's government officials have called out the report as fear mongering and bad for US-China relations. According to spokeswomen Hua, the report falsely characterises the Chinese military's cyber warfare capabilities.
"China's necessary and moderate military buildup, which meets the country's needs, is completely aimed at safeguarding the country's independence, sovereignty and territorial integrity and part of the country's justified rights," continued spokesperson Hua.
The Chinese government's rebuttal comes in spite of numerous corroborating reports from private companies. Cyber security firm Mandiant recently reported that state-sponsored hackers in China attacked 141 private companies.
Another report from Verizon found that 96 percent of cyber attacks came from Chinese ISP addresses.

IBM software vulnerabilities leave servers open to targeted attacks

IBM logo in black with white text
Flaws in the latest IBM SDK Java Technology Edition software are leaving many companies' servers vulnerable to targeted attacks by hackers, according to Security Explorations and Kaspersky Lab researchers.
Security Explorations researcher Adam Gowdiak reported alerting IBM to the software issues in a public post on Monday.
"Security Explorations discovered seven additional security issues in the latest version of IBM SDK Java Technology Edition software. A majority of the new flaws are due to insecure use or implementation of Java Reflection API," wrote Gowdiak.
Kaspersky Lab security researcher, Marta Janus, told V3 that the bugs are particularly bad as they could be used by hackers to mount targeted attacks on IBM customers' servers.
"Using these vulnerabilities, criminals can bypass the IBM Java Virtual Machine security sandbox and thus get control over the targeted system," he said.
"It is worth underlining that these vulnerabilities affect the Java SDK developed by IBM for operating systems that are supported by IBM Power Systems (Linux, AIX, IBM i). These vulnerabilities could be used in targeted attacks against server systems that run IBM J9 Java Virtual Machine."
Security Explorations also discovered that a number of previously discovered bugs are also still in the software, despite being reported close to a year ago.
Gowdiak added: "We found out that four issues reported to IBM in September 2012 had not been fixed correctly by the company. Upon simple exploit codes modifications they can be still used to achieve a complete compromise of a target IBM Java environment. The problem with IBM fixes is that they aim to detect only one specific exploit vector and miss many other scenarios.
"Today, a vulnerability notice was sent to IBM corporation containing detailed information about identified weaknesses. Along with that, the company was also provided with source and binary codes for proof-of-concept codes illustrating all new security bypass issues and broken fixes."
Targeted attacks are a growing problem facing most businesses, with criminals continuing to develop new and more ingenious ways to dupe people into falling for their scams. Most recently a joint study from trade group ISACA and security firm Trend Micro, found that one in five businesses has already fallen victim to a targeted attack.

McAfee to acquire firewall expert Stonesoft for $389m

A McAfee logo
McAfee has entered into an agreement to purchase Finnish network security firm Stonesoft for $389m.
The acquisition will see McAfee adapt Stonesoft's firewall technology into its security products. McAfee's deal is still awaiting government approval before becoming official.
McAfee president Michael DeCesare said: "With the pending addition of Stonesoft's products and services, McAfee is making a significant investment in next-generation firewall technology. These solutions anticipate emerging customer needs in a continually evolving threat landscape.
"Stonesoft is a leading innovator in this important market segment. We plan to integrate Stonesoft's offerings with other McAfee products to realise the power of McAfee's Security Connected strategy."
McAfee said the acquisition will allow the firm to focus on its intrusion prevention systems (IPS) platform.
Pat Calhoun, McAfee senior vice president and general manager of network security, wrote in a blog post that the purchase will allow McAfee to group Stonesoft's firewall technology with its advanced threat intelligence expertise, threat evasion and web protection solutions.
"With Intel's backing, we can now provide two leading firewall solutions that will be a critical layer in our Security Connected strategy," wrote Calhoun. "This investment in Stonesoft will also allow us to focus our resources on evolving our IPS platform to be the market-leading solution to help businesses defend against the most sophisticated and advanced threats."
Stonesoft touts its firewall technologies as highly adaptable and easy to maintain. The firm's tools are part of the Stonesoft's Security Engine platform. The platform offers users the ability to deploy firewalls as physical appliances, virtual appliances, and software.
McAfee's purchase comes following a recent decree from the firm's CTO. Michael Fey told V3 that hackers were becoming more sophisticated. He said that McAfee must focus more on integrated security technologies to slow the threat of viruses like Flame.

DIY open source hardware write blocker & disk imager-- FireBrick Firmware

Cybercrime has been a growing concern for the past two decades. What used to be the task of specialist national police squads has become the routine work of regional and district police departments. Unfortunately, the funding for cybercrime units does not seem to grow as fast as the amounts of digital evidence.
FIREBrick is an open source alternative to commercial hardware write blockers and disk imagers, which can be assembled from off-the shelf mass-produced components for around $199.

List of parts

To build a FIREBrick you need:
  1. AsRock E350M1 Motherboard
  2. 2Gb DDR3 Desktop RAM (1333 or 1066)
  3. Dynamode PCIX3FW 3-Port Firewire PCIe
  4. An LCD2USB 20×4 display. You can buy it from Lcdmodkit or you can make one yourself according to these instructions.
  5. At least three SATA cables – two for the internal RAIDed drives + one long SATA cable for connecting FIREBrick to the target.
You will need a case of your choice that fits a mini-ITX (pretty much any case) and a PSU with at least three SATA Power connectors (200W is quite enough).
You will also need two equal-sized HDDs for internal RAID array storage.

FIREBrick Assembly steps:

  • Attach the motherboard to the caseDSC_0312
  • Connect the Power SW wire to the motherboard
  • Connect the Reset SW wires to the  motherboard
  • Connect the HDD wires to the motherboard
  • Connect the Power LED header to the motherboardDSC_0322
  • Connect the HD Audio wires to the motherboard
  • Connect the front LCD Screen wires to the motherboard
  • Insert the RAM into the motherboard
  • Connect SATA cables to the motherboardSATA
  • Put the firewire card into the motherboard PCI-E slot.
  • Connect power supply header to the firewire card.
  • The finished product.

Flashing the FIREBrick Firmware (Coming soon)

We will release the FIREBrick firmware and instructions on how to upload it into BIOS very soon (May 2013). Please check back and/or subscribe for updates.

Insider threat cost this company 90 000 dollars

An IT worker caused his former employer $90,000 (£58,000)-worth of damaging by sabotaging its system after resigning from the company, according to charges by the FBI.
Michael Meneses had worked for the unnamed company, which manufactures high-voltage power equipment, until January 2012.According to a criminal complaint filed by the FBI, he resigned after complaining that he had been passed over for promotion.
After leaving the company, the complaint alleges, he "launched a three-week campaign to inflict damage on the company by gaining unauthorised access to its network and sabotaging the company’s business'.
Meneses' network access rights were revoked when he left the company, but he successfully stole former colleagues' login credentials, it says. He used those credential to access the company's virtual private network (VPN) and set about sabotaging various business operations.
"Meneses’ efforts ranged from using a former colleague’s e-mail account to discourage new applicants from taking Meneses’s position, to sending commands to alter the business calendar by one month, disrupting the company’s production and finance operations," the complaint claims.
"The victim company suffered over $90,000 in damages as a result of Meneses’s intrusions."
“The defendant engaged in a 21st Century campaign of cyber-vandalism and high-tech revenge, hacking into the computer network of his former employer to disrupt its operations, thereby causing tens of thousands of dollars in damage,” stated United States Attorney Lynch. “We will hold accountable any individual who victimizes others by exploiting computer network vulnerabilities.”
Meneses faces imprisonment and a $250,000 fine if found guilty.
If the FBI's allegations are true, they reveal how access management – while essential – is not sufficient in thwarting the insider threat to information security.

Google Australia’s security system hacked

SYDNEY: Google's Wharf 7 office in Sydney has stated that their building control system, which monitors the building's mechanical and electrical equipment, has been hacked by two IT security researchers.
The building management system is a computer-based system used to control ventilation, air conditioning, lighting and fire systems, and is said to be easily accessible via the internet, the Sydney Morning Herald reports.
According to the report, American researchers from Cyber security firm Cylance, Billy Rios and Terry McCorkle have found that the building control system for Google's Wharf 7 office is susceptible as it can be traced on the popular hacker search engine Shodan that is known for mapping internet devices.
Researchers have been able to obtain the default password (anyonesguess) for the Pyrmont office, where they could access Google's screen access panels showing alarm and alarm console keys along with the buttons for the Building Management System. The system works on Tridium Niagara AX platform that has certain security flaws which make the system easy to reach.

Syrian Electronic Army Hacks Israel's Main Infrastructure Control System (SCADA)

The Syrian Electronic Army (SEA) launched a successful cyberattack on the main infrastructure system of Haifa, one of the most important ports in Israel, disrupting the operation of the servers in charge of urban management systems and public utilities in the city.(Report FNA)
The SEA said it has hacked into the Haifa infrastructural system at around 22:00 (local time) Monday night, underlining that the hacking was done in retaliation for the recent Israeli strike on a research center in suburban Damascus.
"We would like to announce that in response to the unfair and illegal attacks of Israel on DATE, the SEA has penetrated one of the main infrastructural systems (SCADA) in Haifa and managed to gain access to some sensitive data," SEA said in a message left for the Israeli operators of Haifa SCADA system.
A copy of the SEA message to the Israelis was released by
"Also, the SEA is now able to cause irrecoverable damage to the Israelis' infrastructural systems," it added.
Israel staged an airstrike on Syria on Sunday, hitting the Jamraya research center in the vicinity of the Syrian capital, Damascus. Syria said the Israeli regime had carried out the airstrike - the third in the last few months - after heavy losses were inflicted on al-Qaeda-affiliated groups by the Syrian army.
The SEA warned that it could cause a major blast by continuing the attack on the servers of the Haifa infrastructural systems, but avoided further move due to inescapable human casualties as it did not want a story like the recent accident in Texas which claimed the lives of dozens of the people.
"This message carries a serious warning to the Israeli statesmen. They should know that not receiving a quick reaction to such childish ventures does not show the Syrian inability in doing so, but it is based on wisdom and humanity considerations. We do not approve of killing civilians and innocent people as this is an Israeli type of solution," added the message.
"Also an advice to those who left their homelands for many years, dreaming a happy and safe life, deceived by politicians whose deed is much far from their slogans; Do the best to express your objection to Israeli policies, since we do not like to see innocent people getting killed like in Texas, US, but this time in Haifa."
The SEA has recently gathered a name for itself in the hacking market by successful attacks on a wide range of the western media, most notably the hacking of AP Twitter accounts and sending of bogus messages which wreaked havoc on stock exchanges. The hackers tweeted that President Obama had been injured in a bomb attack at the White House, causing a temporary 143-point drop on the Dow Jones industrial average.
In an apparent effort to cause disruption and embarrassment in the West and to spread support for Syrian President Bashar al-Assad, the SEA has so far hacked the Guardian, the BBC (including BBC weather, BBC Arabic Online and BBC Radio Ulster), France 24 TV, the National Public Radio in the United States, al-Jazeera, the government of Qatar, E!, and Sepp Blatter, the president of football's governing body Fifa, whose Twitter account was hacked.
Cybersecurity experts told the Guardian that the SEA attacks are designed to disrupt and embarrass the West and pro-Israeli lobbies, states and entities.
In the BBC case, the SEA, which emerged two years ago, hacked into the Twitter accounts of the British broadcaster and sent nine bogus tweets in an hour, including some with anti-Israeli sentiments, and others saying "Long Live Syria", and the "Syrian Electronic Army Was Here".
Guardian itself believes that the SEA attack was a reprisal for a number of leaked emails from the Assads and their inner circle that it had published.
Hours after the cyber-attack began, the SEA said it has targeted the Guardian for spreading "lies and slander about Syria" and said it was in a "state of war with the security team of Twitter".
But this last cyberattack is certainly a boost in the platform of SEA operations as it required much more sophisticated knowledge and capabilities compared with the previous hackings; giving the Syrian Electronic Army the opportunity to rise to a different level of fame.
SCADA (supervisory control and data acquisition) is a type of industrial control system (ICS). Industrial control systems are computer controlled systems that monitor and control industrial processes that exist in the physical world. SCADA systems historically distinguish themselves from other ICS systems by being large scale processes that can include multiple sites, and large distances. These processes include industrial, infrastructure, and facility-based processes.
Industrial processes include those of manufacturing, production, power generation, fabrication, and refining, and may run in continuous, batch, repetitive, or discrete modes.
Infrastructure processes may be public or private, and include water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power transmission and distribution, wind farms, civil defense siren systems, and large communication systems.
Facility processes occur both in public facilities and private ones, including buildings, airports, ships, and space stations. They monitor and control heating, ventilation, and air conditioning systems (HVAC), access, and energy consumption.
Hackers usually leave a couple of files for their colleagues to prove that their allegations are true. The SEA has left the following files on its website to show others in the hacking industry that it has had a successful security breach and hacking into the Haifa SCADA system.

Cyberinfocts Ethical Hackers Forum May 11 2013

Event Details

The Hackers Forum is a unique event, where the best of minds in the hacking world, cyber community along with policy makers meet to join their efforts to co-operate in addressing the most topical issues of the Internet Security space.
The next forum will be held in Lagos, on the 11th of May 2013, to share knowledge and leading-edge ideas about information security ad everything related to it.

  • Introduction to Hacking  Foot Printing by Chidi Obumneme

  • Physical security and Operating System Password hacking by  Engr Adesoji Adeyemo TopWaves Technologies

  • IP Surveillance Camera by Azeez Taiwo Perfect Touch Consulting Limited

  • DIgital media marketting by Eugene Celestine King Elite Media

  • Batch Programming and Virus Programming by Adebayo Mofehintoluwa  Appin Technologies

Who can attend?
Government Agencies
IT companies and Security Professionals
System Admins

Database Admins
Network Admins

Website Admins

Date: 11/05/2013
Saturday 11th May 2013
Time 10:00 am - 1:00 pm
Fees: N 500
Venue: 1st Floor Buffallo Plaza No 2 Allen Avenue Ikeja Lagos
Land mark Sweet Sensation Allen
for further details please contact :
or call 07037288651 or visit :

For sit reservation please visit