Monday, 12 August 2013

City of London bans data collecting WiFi smart bins

WiFi-enabled bin collects MAC address data from mobile phones
Recycling bins that collected WiFi data from passers-by have been banned by the City of London Corporation. Even though Renew London – the firm that produces the smart bins – had rebuffed claims from the media that the bins were tracking mobile users, all data collection has stopped following the ban, according to the BBC.
Kaveh Memari, the CEO of the Tech City-based firm said in a statement that the claims made about the bins had been exaggerated. "I'm afraid that in the interest of a good headline and story there has been an emphasis on style over substance that makes our technology trial slightly more interesting than it is," he said.
There are currently 100 Renew bins scattered around the City of London, 12 of which have WiFI installed that takes the MAC address of any device with its WiFi switched on.
The primary purpose of the bins is to display advertising, but the inclusion of WiFi tracking attracted significant media attention, thrusting the company into the spotlight and conjuring up images of Minority Report-style customised advertising and data-collecting worries. It was suggested keeping track of WiFi data would allow personalised ads to be displayed to people walking past.
According to Memari, despite "extrapolations" conjured up by media reports, most of what has been suggested is not yet possible, and ensured the public that their information was not being stored.
"During our current trials, a limited number of pods have been testing and collecting anonymised and aggregated MAC addresses from the street and sending one report every three minutes concerning total footfall data from the sites."
He added: "A lot of what has been extrapolated is capabilities that could be developed and none of these are workable right now. For now, we continue to count devices and are able to distinguish uniques versus repeats. It is very much like a website, you can tell how many hits you have had and how many repeat visitors, but we cannot tell who, or anything personal about any of the visitors on the website."
A spokesperson from the City of London Corporation shrugged off Memari's statement, adding: "Irrespective of what's technically possible, anything that happens like this on the streets needs to be done carefully, with the backing of an informed public."
An ICO statement said: "Any technology that involves the processing of personal information must comply with the Data Protection Act. We are aware of the concerns being raised over the use of these bins and will be making enquiries to establish what action, if any, is required."
in July, Renew London released data collected via its collection of bins, with more than 750,000 wireless gadgets spotted by the devices each day.

The Pirate Bay unveils 'censorship dodging' Pirate Browser

Pirate Bay logo
The Pirate Bay has launched a new Pirate Browser, designed to let users get around internet service providers' (ISPs) online blockades.
The file-sharing service unveiled the Pirate Browser on its 10-year anniversary confirming it will let users bypass the internet blockades put around torrent sites to access copyrighted material. "Do you know any people who can't access TPB or other torrent sites because they are blocked? Recommend Pirate Browser to them. It's a simple one-click browser that circumvents censorship and blockades and makes the site instantly available and accessible," read the blog post.
The browser's launch follows widespread court ordered blockades to file sharing sites within the UK. The UK High Court originally ordered a number of leading ISPs, including BT and Virgin, to block access to The Pirate Bay after a request by rights group the British Recorded Music Industry (BPI) in April 2012.
BT declined V3's request for comment on whether a block is in place but added: "BT will block access to websites for copyright infringement if it is required to do so by court order."
Virgin mirrored BT's sentiment, confirming that it would block the browser if ordered to. "We block web addresses [IP and/or URL], as instructed by UK courts. If Pirate Browser is available to download from a website blocked under UK law then our customers attempting to access this website would see the standard notification," the firm said.
The Pirate Bay said the browser is a preconfigured bundle for the Firefox Tor client (Vidalia), but added it won't hide users' online activities, like most other Tor-based services. "Pirate Browser is a bundle package of the Tor client (Vidalia), Firefox Portable browser (with FoxyProxy add-on) and some custom configurations that allow you to circumvent censorship that certain countries such as Iran, North Korea, United Kingdom, The Netherlands, Belgium, Finland, Denmark, Italy and Ireland impose onto their citizens," read the statement.
"While it uses Tor network, which is designed for anonymous surfing, this browser is intended just to circumvent censorship – to remove limits on accessing websites your government doesn't want you to know about. If you are looking for something more secure you may want to try a VPN like Privacy IO."
Experts within the security community have questioned the purpose of the Pirate Browser.
F-Secure security analyst Sean Sullivan told V3 that the use of Tor is particularly odd, clarifying there are easier ways to circumvent ISP blockades. "I'm not really sure what the gimmick is here. In most of the countries listed, the sites blocked are related to The Pirate Bay and in Finland, I'm pretty sure one only needs a non-ISP DNS provider (such as OpenDNS or Google DNS) to access TPB. There's no need for Tor," he said.

He added that the timing of the browser's arrival is odd, considering recent reports that the FBI has found a way to track Tor users, using a vulnerability in Firefox. The vulnerability was revealed last week when local Irish sources reported the FBI used it to track a child pornography distributor.

Syrian Electronic Army publishes story of tactical nuclear strike on hacked news channel 4channel

Hackers from the Syrian Electronic Army have once again claimed a high profile scalp, compromising the blogs at British broadcaster Channel 4.
The hackers, who back the regime of President Bashar al-Assad, took over the blog of the station’s veteran news presenter Jon Snow and posted a story about a tactical nuclear strike against Syria.
Here’s a partial screenshot of what they posted, courtesy of Google’s cache of the webpage:

Claiming credit for the hack, the Syrian Electronic Army posted a screenshot of what appeared to be the WordPress admin panel for the Channel 4 blogs, something which should normally never be accessible to an unauthorised party.

The suspicion has to be that Channel 4 was running an old version of WordPress, vulnerable to a security exploit that allowed the hackers to gain access, or that an administrator had his password phished. In the last few days, WordPress has released the latest version of its blogging platform – version 3.6.
At the time of writing, all of Channel 4′s blogs are inaccessible and have been replaced with a message saying “Something’s broken (or we’re making things better)” alongside a picture of character’s from the station’s comedy “The IT Crowd”:

Of course, the Syrian Electronic Army is no stranger to hacking media organisations, having successfully compromised the likes of the BBCITVThe TelegraphThe Financial TimesThe Guardian, and Thomson Reuters.
Although clearly embarrassing for Channel 4, the good news is that this appears to have been merely defacement. Imagine how things would have been much worse if the hackers had used the opportunity of breaking into a popular blog to spread malware to unsuspecting readers.

Everything you ever needed to know about SQL Injection

When a corporation’s website is attacked, and sensitive data is leaked onto the internet, the full details of what actually occurred are rarely disclosed.
The media doesn’t report what vulnerability was exploited by the hackers; they prefer to talk about the financial damage inflicted and to link the attack to a notorious hacker group such as Anonymous, all in an attempt to sensationalise the story. That’s OK for everyday consumption, but we should be trying to better educate today’s web designers and computer users about such vulnerabilities so that they do not fall victim to these types of attack.
The purpose of this article is twofold. First, I want to explain SQL Injection, one of the most commonly exploited vulnerabilities found in web applications and second, I will outline possible steps which you can take to ensure that your website is protected from SQL Injection attacks.
What is SQL Injection?
SQL Injection is a process often used by hackers attacking a website’s database. Hackers are able to exploit security vulnerabilities within a website that allows the attacker to input malicious SQL code, which can be used to reveal and damage sensitive data held within the website’s database. These vulnerabilities can occur for several reasons, the most common of which is, in my experience, a lack of proper filtering in relation to user input. In other words, it arises because the website is not properly filtering what the user is attempting to input.
If a website contains vulnerabilities that allow a user to inject SQL code, and thereby manipulate its database, the attacker may be able to copy the contents of the database to his or her own server, drop the website’s original database, and then blackmail the website for the safe return of the copied data. If the vulnerable website is an online store or bank, an attacker may be able to siphon off thousands, or even millions, of customer credit card numbers, addresses and other personal details, and sell these to carders and identity thieves the world over.
One of the better examples of an SQL Injection attack’s capability would be the case of the TJX Hacker, Albert Gonzalez, now serving twenty years in jail for masterminding the theft and subsequent reselling of approximately 170 million credit cards. Gonzalez used SQL Injection vulnerabilities to create malware backdoors into several corporate networks.
Gonzalez was not the first hacker to use an SQL Injection attack to steal credit card numbers, and he certainly won’t be the last. In a world that is dependent on the internet, governments, banks and other corporations need to be constantly working to stop such attacks and bring these hackers to justice.
The Attack Process
When wishing to hack a website the first step that an attacker will take is to locate vulnerability within the site that allows the hacker to manipulate data, take down or deface the site. This can be done by either manually scanning a site or by using a scanning tool such as Acunetix. Such scanning tools have grown in popularity as they require less technical skill than manually scanning a website. In addition, they are normally much faster and more efficient than the majority of hackers would be in manually scanning a site. Scanning tools do not require any administrative logon rights and can be run on any website in the world. The image below illustrates an Acunetix website scan in progress.
Once the attacker has scanned the site, and has found an SQL Injection vulnerability, there are two ways he/she can go about exploiting this vulnerability. The first approach involves manually constructing an SQL string and injecting it into the site. The shortcoming of this approach is that it generally involves a lot of time and patience on the part of the hacker. The second approach involves using an application, such as Havij, that is specifically designed to exploit SQL vulnerabilities.
There are several methods of preventing an SQL Injection attack occurring on your website. The first, and probably the best, method that I have used to prevent SQL Injection attacks is to filter strings being passed to the site by the user. This can be done by simply disallowing characters associated with SQL Injection. For example, if the user attempted to pass a string to the website such as that shown below – a string designed to delete any user accounts with a birth year of 1955 – then a routine designed  to check that the string only contains alphabetic and numeric characters would act to block it.
DELETE FROM Users WHERE BirthYear = ‘1955’;
This would result in the would-be attacker receiving an error message indicating that they had entered several invalid characters, and also being prevented from proceeding any further.
Some more cautious webmasters also mark certain words as invalid in order to give them a higher level of security. Examples of words commonly found on such a list are DELETE, SELECT, EXEC and REPLACE. While this is a great extra step it’s important that any authorised user inadvertently entering one of these invalid words (e.g. DELETE) receives an error message that clearly explains that the word DELETE is not permitted. This will reduce confusion for non-technical users.
The next prevention method is to disable any shell access permissions. This is extremely important as shell access is fundamentally what an attacker requires in order to launch an SQL Injection attack. Without shell access it will be a lot harder for an attacker to manipulate your database in a malicious way through the use of SQL Injection. While you are disabling shell access you should also disable any other functionality your site will not need or use.
A third approach is to ensure users have properly allocated database privileges. This means that users are granted permission to access only the data they need and nothing else. A lot of webmasters forget this and allow their users to access the site’s entire database. Having numerous users with unrestricted access increases the vulnerability of the website, and exacerbates the risk of significant damage should an attack take place. Minimising what a user can access will minimise any damage that may occur.
A final, and potentially more expensive, approach is to actively test your website for vulnerabilities. This can be achieved in several ways. The first is to scan the website yourself by using an application such as Acunetix. These scanner applications will provide you with a full report of the potential vulnerabilities and will point you in the direction of what needs to be changed in order to ensure your website is secure.
Alternatively you can hire a penetration tester to assess your website. The benefits of a penetration tester far outweigh those of a website scanner. Some of these benefits are that a penetration tester is human, is more adaptive to your website’s security, and will provide you with a lot better feedback then a report from a web scanner. The downside to using penetration testers is that they are human, and humans are generally more expensive than applications.
In Conclusion
SQL Injection attacks represent a significant threat to data security. The approaches outlined in this article are, in my opinion, the best ways of reducing, if not eliminating, the risk of such attacks. If you or your website developer is a strong coder and implements the methods outlined in this article it is highly unlikely that you will fall victim to an SQL Injection attack.
Notwithstanding this, it is important to remember that everything can be hacked by a determined and skilled attacker prepared to spend a considerable amount of time trying to attack your site. However by implementing the preventative measures that I have explained in this article, and by ensuring your database server is kept up-to-date, you will definitely be one step ahead of the majority of websites and in a stronger position to defend your website’s database from an attack.

China Chopper Rat Web Shell Tricks Antivirus Engines

A tiny Web shell is easily sneaking past antivirus engines to infect Web servers and, despite its small footprint, researchers at FireEye say it gives attackers a wealth of tools to remotely gain access to systems or set up a more robust attack platform.
Called China Chopper, the remote access Trojan was first identified by malware experts in November and is believed to have been used by financially motivated cybercriminals and targeted attacks as part of cyberespionage activities.
The tiny Trojan is only 4 KB, enabling it to slip past antivirus software, according to a team of researchers at Milpitas, Calif.-based security vendor FireEye, which released an analysis of the threat Wednesday. The researchers said the Trojan is compact, flexible and stealthy.
"China Chopper is so small and simple that you could conceivably type the contents of the shell by hand," the researchers said.
FireEye ran the Web shell through virus-scanning websites No Virus and VirusTotal and found that no antivirus engines identified the Trojan as malicious code. "Most, if not all, antivirus tools would miss the Web shell on an infected system," the researchers said.
Malware writers have been making gains in duping traditional antivirus and network security appliances. In addition to reducing the size of the malware footprint, their methods include code obfuscation and other mechanisms designed to make the malicious code appear legitimate.
Security experts warned of a new banking Trojan last year called Tinba, noting the malware's 20-KB size. The Trojan slipped past antivirus software, hooking into browsers to steal login data and sniff network traffic.
Security experts said the sheer number of malware attacks targeting businesses has overwhelmed most security systems, giving China Chopper and other remote access Trojans a window of opportunity to gain access to systems and remain undetected for lengthy periods of time.
Larger organizations are trying to boost the expertise of their internal incident response teams, while midsize and smaller businesses typically seek outside help when suspicious activity is suspected, said Ken Silva, senior vice president for cybersecurity strategy at ManTech International.
"By and large, companies that continue to invest in building the moat, the big tall wall, and putting defensive measures around it are coming to grips with the fact that no matter how good that is some stuff will get in and when it does they need to be prepared for that," Silva told CRN. "We won't feel the ramifications of all this intellectual property theft for five to seven years, and then it will be too late."
China Chopper appears to be gaining access to systems with the goal of stealing intellectual property, but it could also be used to steal account credentials, credit card data and do further damage, FireEye said. The Trojan contains a command and control component and a payload containing attack and victim-management features.
It can conduct a scan on the infected system to detect vulnerabilities as well as enable a brute force attack against password-protected files or servers. Once inside, an attacker can upload or download files, including additional malware onto the infected system, the FireEye researchers said.

New DDoS Attack Lunched On Citizen bank Customers Warned

Citizens Bank warned its customers that they might not be able to access their online and mobile banking services due to a distributed denial-of-service (DDOS) attack launched against the financial institution’s systems.Report SC
According to a message found on its website as of Thursday afternoon, online and mobile banking services may be inaccessible to account holders due to the issue.
It’s uncertain if Izz ad-Din al-Qassam Cyber Fighters are behind the attacks. The hackers, who launched Operation Ababil allegedly in an effort to get the controversial Innocence of Muslims movie removed from YouTube, have announced phase 4 of the campaign on July 23, 2013.
“While the films exist, no one should expect this operation be fully stopped. Planning the new phase will be a bit different and you'll feel this in the coming days,” they said at the time.

Linux banking Trojan offered for sale

Windows users are by far the most targeted ones by malware-wielding criminals, but that doesn't mean that OS X and Linux users should feel impervious.
In fact, RSA researcher Limor Kessem warns that a banking Trojan targeting the Linux operating system has been spotted being sold online by a cybercrime team based in Russia.
"This malware is currently offered for sale in closed cybercrime communities for $2,000 USD (€1,500 EUR) with free updates," she notes. "The current functionality includes form grabbers and backdoor capabilities, however, it’s expected that the Trojan will have a new suite of web injections and graduate to become full-blown banking malware in the very near future. At that point, the price is expected to rise to $3,000 USD (€2,250 EUR), plus a hefty $550 per major version release."
After having analyzed both the malware builder and the server side source code, the company's researchers say that the Trojan - dubbed "Hand of Thief" by its creators - includes a form grabber for both HTTP and HTTPS sessions within Firefox, Chrome and Linux-only browsers.
It is also able to block the victims' access to hosts offering AV solutions and security updates, and open a backdoor into the system.
In order to prevent being spotted and analyzed both by security researchers and competitors looking to copy it, the Trojan is also able to detect the presence of virtual environments, sandboxes and debuggers, and prevent itself from running in those circumstances.
The researchers were also able to take a peek at the administration panel for the Trojan, which shows a list of the bots, provides a querying interface, and so on. The stolen credentials are stored in a MySQL database.
It's good to note that the Trojan purportedly works on 15 different Linux desktop distributions, (including Ubuntu, Fedora and Debian) and supports 8 different desktop environments (including Gnome and Kde).
But given the hefty price tag, the limited Linux user base, and the lack of Linux exploit packs to spread the malware, only time will tell if Hand of Thief will be a success with cyber crooks.

President Obama Secret Meeting with Hightech Companies

President Barack Obama quietly met with the CEOs of Apple Inc, AT&T Inc as well as other technology and privacy representatives on Thursday to discuss government surveillance, according to a media report.
Google Inc computer scientist Vint Cerf and civil liberties leaders also participated in the meeting, along with Apple's Tim Cook and AT&T's Randall Stephenson, Politico said late Thursday, citing sources familiar with the matter.
The session was not included on Obama's daily public schedule for Thursday.
The closed-door meeting followed another private session on Tuesday between top Obama administration officials, industry lobbyists and privacy advocates, Politico reported, adding that the latest meeting "was organized with greater secrecy."
One administration aide characterized Tuesday's meeting was as part of a larger outreach effort, Politico said.
"This is one of a number of discussions the administration is having with experts and stakeholders in response to the president's directive to have a national dialogue about how to best protect privacy in a digital era, including how to respect privacy while defending our national security," the official told the news outlet.
This report comes after revelations about the U.S. government's secret surveillance tactics detailed in various media reports from information disclosed by fugitive former U.S. spy agency contractor Edward Snowden.
Tuesday's meeting included representatives from tech lobbying groups Information Technology Industry Council, TechNet and TechAmerica as well as The American Civil Liberties Union and the Electronic Privacy Information Center, Politico said, citing sources.
Groups invited to Thursday's meeting included representatives from privacy groups such as the Center for Democracy and Technology, Politico said, citing sources familiar with the meeting. Gigi Sohn, the head of another similar group, Public Knowledge, was also invited, it said.
White House representatives and those for the tech companies and privacy groups could not be immediately reached to comment on Politico's report. Politico said the White House, companies and groups have all declined to comment.

Cyber thieves plunder 250,000 accounts

Online identity theft has exploded in the past months, with a growing number of thieves using social networks, online banking or shopping sites to steal from German bank accounts often without anyone noticing.
More and more people living in Germany are becoming victims of online identity theft – but the majority don't even realise until too late - sometimes almost a year later, wrote Der Spiegel magazine on Thursday.
The country is facing a dramatic rise in hacking attacks, the Federal Office for Information Security (BSI) warned on Thursday.
“In a quarter of a year we have registered 250,000 cases of identity theft,” BSI president Michael Hange told Reuters news agency, the magazine said.
“That's a very big number. It isn't just online banking that's affected, but also e-commerce and social networks,” he added. Most hacker-thieves use credit card or communication data to use strangers' accounts for their own purposes.
The BSI is concerned about a growing online threat to businesses and individuals – not least because security breaches often are not discovered for a very long time.
“According to a survey around 50 percent of users only realise after 300 days that their computer has been infected,” said Hange.
Attacks against government and companies' sites are also on the rise. “In government networks alone we're

Western Express card crime ring members jailed

Several members of a cybercrime ring which trafficked more than 95,000 stolen credit card numbers, causing millions of dollars in losses, have been jailed following a trial in New York.
A jury found three defendants, Egor Shevelev, Douglas Latta and Anna Ciano, guilty of all counts of the indictment against them, including grand larceny, criminal possession of stolen property, scheme to defraud, and conspiracy.
The three were part of an Internet-based criminal enterprise - the "Western Express Cybercrime Group" - which between 2001 and 2007 was dedicated to trafficking in stolen credit card numbers and other personal identifiers.
Operating out of his apartment in Kiev, Ukraine, Shevelev sold tens of thousands of stolen credit card numbers though Internet forums, making millions of dollars, which was mainly paid in digital currencies such as Egold and Webmoney.
Shevelev them used a firm called Western Express, owned by Vadim Vassilenko, to launder much of the money.
Western Express, Vassilenko and 10 other gang members, who all used the company to launder money using digital currencies, have already pleaded guilty to various charges in a 172-count indictment.
Shevelev - who was arrested while on holiday in Greece in 2008 and extradited to the US - pleaded not guilty but has now been sentenced to between 13 years and four months and 40 years in state prison,
Meawnhile, Brooklyn-based Latta and Anna Ciano were convicted of buying more than 800 stolen card numbers from Shevelev and others. Along with other illegally obtained information, the numbers were used by the pair to make purchases, some of which were fenced through eBay.
Ciano has been sentenced to between 19 years and eight months and 47 years, and Latta to between 22 years and 44 years.
Manhattan district attorney Cyrus Vance says: "It was a highly profitable scheme that netted the principals millions of dollars. I am pleased that these defendants have been sentenced to prison sentences appropriate to the scope and breadth of their misconduct."

US judge has sentenced the LulzSec hacker Neuron Year+ Detention

A US judge has sentenced the LulzSec hacker Neuron to over one year of home detention for involvement in a cyber attack on Sony Pictures.
United States district judge John A Kronstadt sentenced 21-year-old Arizona resident Raynaldo Rivera, known online as Neuron, to serve 13 months of home detention, perform 1,000 hours of community service and pay $605,663 in restitution for his involvement in a 2011 data-stealing cyber raid on Sony Pictures.
The attack saw the LulzSec hackers illegally access data stored on Sony Pictures' website with a SQL injection, stealing and posting online information including the names, addresses, phone numbers, and email addresses for tens of thousands of Sony customers.
Rivera originally pleaded guilty to conspiring to cause damage to a protected computer after participating in the attack on Sony Pictures in October 2012. He is the second US LulzSec member to be sentenced for involvement in the raid. Prior to Rivera, Cody Kretsinger, who operated under the alias Recursion, was sentenced in April to one year and one day in federal prison and to pay the same $605,663 restitution fee.
At the time of publishing Sony had not responded to V3's request for comment on Rivera's sentencing.
The Sony Pictures attack was part of a wider two-month rampage by the loose-knit LulzSec hacking group. The campaign saw them target numerous companies and government groups, including the UK's Serious Organised Crime Agency (SOCA).
Outside of the US several British youths have also been arrested and sentenced for participating in LulzSec cyber attacks.
Most recently UK LulzSec member Ryan Ackroyd, 26, pleaded guilty to carrying out an unauthorised act to impair the operation of a computer, contrary to the Criminal Law Act 1977.
Before this, Ryan Cleary and Jake Davis pleaded guilty to involvement in attacks on several high-profile agency and company websites in July 2012.

Hackers switch to new digital currency after Liberty Reserve

Three months after a team of international law enforcement officials raided the digital currency firm Liberty Reserve, cyber experts say criminals are increasingly turning to another online currency called Perfect Money.
Idan Aharoni, the head of cyber intelligence at EMC Corp's (EMC.N) RSA security division, said that some online scam artists and thieves are using Perfect Money's digital currency to launder money and conceal profits in much the same way they allegedly did with Liberty Reserve's currency.
On behalf of their clients, which include major financial institutions, Aharoni and his team monitor Internet forums that hackers use to sell stolen credit card information. After Liberty Reserve was taken down in May, activity on these forums initially slowed and then picked up again, with some hackers saying they would accept Perfect Money for payments, he said.
"We expected a large migration to another e-currency, and that has happened," said Aharoni, whose RSA unit sells security services to 30,000 corporations and government agencies, including the popular Secure ID tokens that protect access to computer systems.
Perfect Money, which has been in operation since at least 2007, could not be reached for comment. A request submitted through its website failed to elicit a response, and the company does not list a phone number for its offices or identify any management or employees.
Reuters could not determine who owns Perfect Money. Its website says it is based in Panama, but the Panamanian government said in a statement in January that Perfect Money does not have offices in the country and has not been issued any licenses by securities regulators to operate there.
Law enforcement agencies in the United States and around the world have expressed concerns that digital currencies, which are not tied to any particular government, are emerging as vehicles for hackers, cyber criminals and drug dealers to launder money.
Currencies like Perfect Money are governed by a single company or entity that administers the transfer of units between customers. Once a user obtains an account, he or she can transfer Perfect Money units to other users inside the system. These units can be redeemed for cash or bank credit by third-party exchange services, which are separate businesses not under control of the currency's operator.
Online vendors of all kinds can choose to accept digital currencies like Perfect Money as payment for their goods and services. But the feature that makes some digital currencies ideal for money laundering is anonymity. User identities can be kept hidden, both from each other and, with varying degrees of effort, from the currency operator itself through false names and locations.
U.S. prosecutors in May accused Liberty Reserve's Costa Rica-based operations of laundering some $6 billion in illicit profits over about seven years. Authorities arrested Liberty Reserve's principals and shuttered the firm.
Seth Ginsberg, a lawyer for former Liberty Reserve principal Mark Marmilev, who has pleaded not guilty to money laundering charges, said it is not fair for the authorities to punish his client because some customers use Liberty Reserve to hide their illicit activities.
"It's my understanding that Liberty Reserve was designed to compete with mainstream financial providers. The fact that it may have been misused by various customers should not reflect on the company," said Ginsburg.
"There is a legitimate need for alternatives to the mainstream financial market, so the fact that there's another company out there filling the void left by Liberty Reserve is not surprising."
A spokesman for the U.S. Secret Service, the U.S. law enforcement agency that focuses most closely on cyber attacks on financial institutions, declined to comment.
Venture capitalists and free market advocates have voiced strong support for online currencies such as Bitcoin, saying they are alternatives to conventional monetary systems that can burden the poorest people in the world with transaction fees.
The more due diligence that currency operators perform on their customers, mostly by verifying the personal information they submit when signing up for an account, the harder it is for criminals to use them to launder money.
According to its website, Perfect Money performs an identity check on each customer to try to identify the computer used to enter the account. It said the company collects information about each customer's online activity and monitors transactions for signs of suspicious activity.
Perfect Money is not the only payment system that cyber criminals use, experts said. Stefan Savage, a computer science professor at the University of California, said he had observed several different currencies, including Bitcoin, being used by people selling stolen credit cards in Internet hacker forums.
"Perfect Money is certainly one that comes up a lot," Savage said. "There are tons of these payment systems out there."
Patrick Murck, general counsel for The Bitcoin Foundation, declined to comment. The Foundation is a non-profit group of software developers and entrepreneurs that helps promote the use of Bitcoin as a currency. Bitcoin exists through an open-source software program and is not managed by any one company. Its supply is controlled through a computer algorithm.
A Reuters review of postings on Internet message boards for digital currencies found hackers offering to sell stolen credit cards are open about accepting Perfect Money as payment.
"If it was expected at first that the Liberty Reserve takedown would have a long-lasting, substantial effect on the level of fraud, that's not true," Aharoni said.
Tyler Moore, an assistant professor at Southern Methodist University, said a 2011 study he conducted with two other academics found that Liberty Reserve and Perfect Money were two of the most widely accepted digital currencies for online Ponzi schemes. Of 1,000 websites that linked to Perfect Money, they found 70 percent that were Ponzi schemes.

Celebrating Eid Fitr by Defacing 500 Websites Dedicated to Palestine

Krad Xin, a hacker of the Bangladesh Grey Hat Hackers (BGHH) collective, has defaced nearly 500 websites in an attack dedicated to Palestine.
The attack coincides with the celebration of Eid al-Fitr, an important Muslim holiday that marks the end of Ramadan. This year, Eid began in the evening of August 7 and ended in the evening of August 8.
The websites defaced by the Bangladeshi hacker appear to belong to organizations from Saudi Arabia, Pakistan, the United States, Turkey and some other countries.
On the defacement page, the hacker explains that no harm has been done to the server on which the sites are hosted. However, he threatens organizations that spread spam and ones that host adult content.
Currently, most of them still display the defacement page posted by the hacker.
Earlier this month and at the end of July, BGHH targeted several high-profile websites, including the ones of the United Nations Refugee Agency in Indonesia, the United Nations in Zambia, McDonald’s Indonesia, and the Bad River Tribe from Wisconsin, US.

Afgan Cyber attack to Responce Pakistan Rocket attack

This hack is a response to the rocket attacks of Pakistan military on Kunar and Jalalabad Provinces of Afghanistan! Next time wait for bigger damage, We will not let any torture and overtaking on our land unanswered. Remember WE ARE AFGHANS, WE DO NOT FORGET, WE DO NOT FORGIVE!,read the hacked Pakistan Government websites.
Afghan Cyber Army is very active in recent weeks with many cyber attack on Pakistani websites as group post on its Facebook page.
  • Website of leading Pakistani Newspaper (Daily Post International Hacked by Afghan Cyber Army
  • Pakistan zeesports official website Got Hacked by Afghan Cyber Army
  • Pakistan Baadban news and Tv Channel Owned by Afghan Cyber Army
  • Pakistan Attock police official website GOt Hacked
  • Taliban official website owned By Afghan Cyber Army

Chinese hackers baiting Indian govt, corporate employees: report

Using faked subject headings as diverse as Gujarat chief minister Narendra Modi and the Jallianwala Bagh Massacre, Chinese hackers have been baiting Indian government officials and corporate employees to open virus-laden emailed attachments and expose themselves to the risk of cyber attacks, a new report says.
The report on “advanced persistent cyber attacks” is based on an investigation conducted by security research firm Research Bundle in collaboration with CERT-ISAC. ISAC is a certification body for information technology (IT) security professionals that handles India’s National Security Database (NSD). CERT (Computer Emergency Response Team)-ISAC deals with mobile and electronic security.
“Some time back, there were a couple of high-profile cyber attacks that came to our notice when we were approached by corporates as well as government entities to look into them,” said Rajshekhar Murthy, director at CERT-ISAC, NSD, at the report’s release on Friday.
“First we thought it might be just these few incidents, but as we went deeper into it, it came to light that these threats were far more (widely) spread than we had initially perceived. During the course of our research, we got proof that the threats originated from China,” he said.
NSD, managed by ISAC and the government, is a programme that provides certification to IT professionals who have capability to protect critical infrastructure and the economy.
“Chinese hackers have been persistent in their attacks. According to our analysis, they have also made a separate wing for these operations,” Murthy said.
The report says, “It’s also a known fact the Indian government and other important sectors from India were heavily targeted during this campaign...focused on stealing confidential documents and sensitive information.”
The threat came in the form of emails with attached documents targeting government and corporate entities. “These documents exploited previously known vulnerabilities to drop ‘Travnet’ malware on to the systems,” said the report, prepared by 20 Internet security professionals over a period of six months.
“These emails showed that China has been gathering information about India and keeping up with current issues, and using those to entice people to open the attachments,” Murthy said.
Some of the attachments had names such as Army Cyber Security Policy 2013.doc, Jallianwala bagh massacre - a deeply shameful act.doc, Report - Asia Defense Spending Boom.doc, His Holiness the Dalai Lama’s visit to Switzerland day 3.doc, and BJP won’t dump Modi for Nitish NDA headed for split.doc.
The malware Travnet was specifically designed to search for “doc, docx, xls, xlsx, txt, rtf and pdf” files on the hacked computer.
“This provides enough hints that this malware was designed to steal confidential information, unlike the usual botnet variants that focus primarily on providing remote access to the system,” the report said. “The malware initially collects system information, a list of files on the victim machine among others, then sends this data to the remote Command & Control server...”
According to industry estimates, losses due to cyber theft from reported attacks alone amount to $8-10 billion (Rs.48,800-61,000 crore). But experts say the figure could be much higher as many threats go unreported.
Worryingly, the security infrastructure of Indian government websites has reportedly failed to keep pace with cyber attackers, who are becoming more focused on stealing information.
“Many of the servers that host ‘’ sites are running outdated software versions, with poorly managed Web servers that do not follow even the most basic Web application security guidelines,” said the report. “Even important government sites, access to which can lead to much deeper intrusion, seem to be managed with little care. While defacements are usually carried out by hackers just for fun or fame, serious hackers can cause much more damage and remain unnoticed for a very long time...”
“Slowly but steadily, serious APT (advanced, persistent attacks) campaigns are on the rise,” the report added. “It’s very important for the nation to start upgrading its IT infrastructure to keep up with the latest security guidelines and practices.”
“Cyber security has become one of the crucial areas for us and we are focusing on putting capacity and capability in place to strengthen the cyber security infrastructure,” said Alok Vijayant, director of the National Technical Research Organisation. “We want to bring IT security professionals under one entity to enhance our existing capability instead of just focusing on putting in additional security infrastructure.”
“India has one of the largest talent pools of IT professionals, but our biggest concern remains the young talent in IT, as most professionals prefer to go abroad to work,” he added.
Additionally, the use of proprietary rather than open-source software increases the vulnerability of Indian entities, according to Sunil Abraham, executive director of Bangalore-based research organization Centre for Internet and Society. “There’s a lack of use of Linux and other kinds of free software at both the desktop level and also the front end... They’re using Microsoft both at the server end and on the client end. Most of these attacks take advantage of that operating system dependency. If one were to look at it at a macro level, we’re vulnerable across the board—vulnerable to the US, we’re vulnerable to attackers from Europe, Pakistan, etc.,” Abraham said.

Beware of bogus Facebook account hack tool offer

If, for whatever reason, you wish to hack into someone else's Facebook account, searching online for ways to do it will likely bring you grief.
Take for example a recently uncovered bogus Facebook account hacking service targeting French-speaking users.
According to Joshua Long, the crooks behind the scheme have been dropping links to the website allegedly hosting the service all over the Internet, including in comments on popular blogs.
Users who fall for the scheme land on the website that first offers account hacking, then an account recovery service, and finally a Facebook penetration testing tool - all on the same page.
In order to use any of these services, the users are urged to sign up and log in, and the crooks are probably betting on the fact that many users recycle their login credentials time and time again.
In addition to this, the victims are asked to pay for the service by sending two SMS messages to what seems to be a premium service number. Long discovered that each SMS cost the victim €4.50, and the other problem is that the crooks now know their cell phone number which will surely be added to a spam list.
"So the moral of the story is that you should never trust sites that claim to let you hack into someone’s account (or, for that matter, any sites that are advertised via spam)," he points out.


New malware have been discovered by Trendmicro that is hosted on Google Code website. This is a very popular web resource that aims to host open source projects developed by the community. The malware is a java Trojan that downloads banker malware and the project called “flashplayerwindows”.
The malware comes to steal sensitive information including bank online account and email information to allow cybercriminal use victims credential and conduct unauthorized transactions. This is not the first case of this kind as the same malware been observed on other compromised websites related to Brazilian government websites. , which affected users from Brazil, the United States, and Angola.
Having the malware hosted on such website will make security software silent during downloading the software packages as it is encrypted with SSL certificate and the protection will come only during executing the payload.
At the moment the project has been removed from Google code and according to Trend Micro “This incident shows that as we have predicted for 2013, legitimate cloud providers like Google Code are likely to come under attack this year. With services like Google Code are likely to increase traction among users, we can expect that similar cases will appear (and increase) in the coming days.”
To protect yourself make sure to apply the following:
  • Install antivirus software with latest signature.
  • Make sure to have all application and software updates to fix any vulnerability on your PC.
  • Use only trusted sources and verify the rate of the project before you download the software.
  • Never click or open attachments from untrusted sources.

Western Union money transfer service was hacked

A local commercial bank has lost millions of shillings to fraudsters based in Russia. The fraud has seen five staff members of the bank, with regional presence sacked. The fired employees have since moved to court and sued the bank management.
Investigations by Weekend in Business revealed the bank lost Sh7.29 million after its   Western Union money transfer service was hacked, and 21 money transactions made, with payments being traced to Russia.
The transactions were made on April 6th, 7th and 8th with Sh356,875.95 being reversed after the fraud was detected. Western Union’s web-based system’s global operations are controlled from a server in the US, with Kenya being under the European Region Operation Centre.
The system used a unique identification called terminal identification (ID) and a digital certificate associated to each terminal ID. It is believed the fraudsters used the terminal identification and a digital certificate but also got access to the first two through hacking the bank’s system.
It has been established that the bank’s management brought in the Banking Fraud Investigation Unit team and KPMG but separate reports  by investigators has not been made public.
In the latest fraud, employees who have been dismissed by the affected bank have argued in court through their lawyer, stated they were being sacrificed for no reason.
“The bank’s system is to blame for the financial loss,” said one of the sacked employees.
The affected staff noted a week before the scandal was committed, they had pointed out to the bank’s management the issue of its system and warned of it risking being compromised if not strengthened.
They have also questioned why the bank dismissed them even before investigations had been carried out to a logical conclusion.  Among those dismissed include an international money transfer manager, two Information Technology experts, one customer care staff and one banking clerk.
Financial fraud is common in Kenya. Last year, a report indicated local banks were victims of more than half the Sh4.1 billion ($48.3 million) fraud that hit East African banks as technology made the crime easier.
A single bank in the economic bloc lost Sh2.72 billion ($32.1 million) to account for a third of the total fraud through data manipulation.
Deloitte Forensic director Robert Nyamu noted that actual statistics were difficult to determine due to the numerous unreported fraud cases. He said incidence of fraud was significantly understated despite cutting across the financial industry, including the insurance sector.
The Director of Public Prosecutions Mr Keriako Tobiko recently said the  latest crimes  necessitate fresh approaches to deal with them. “
New and emerging crimes such as money laundering, drug and human trafficking, cyber crime, terrorism, wildlife crimes and maritime piracy require specialised prosecution skills which calls for continuous training and skills development,” noted Tobiko.

Anonymous’ Secret Presence In The U.S. Army

There are people who I only know as screen names but I have put my career in their hands.” One member tells all.
An active-duty Army captain and member of Anonymous describes how the organization operates, his own involvement in the Arab Spring, how the crackdown on Bradley Manning and Edward Snowden has affected soldiers, and how more leaks are on the way. He has agreed to speak with BuzzFeed on the condition of anonymity.
Are there a lot of members of Anonymous in the Army?
There are more than you would think, more heavily in the techie world [of the military] — especially at Fort Huachuca, where all the intel people are. A lot of them wanted to get the job [there] because they want to learn secret stuff and have a better personal understanding of how the world actually works.
How do you know who is in Anonymous?
Initially we have the handshaking phase. The lingo is still relatively unknown. In conversation, you drop in jokes. If you are with someone on a mission, you’re like, “Man, there are over 9,000 reasons that this is a bad idea.” That initially establishes friendship. Once you feel comfortable with the person and they aren’t just posing as part of the culture, then you talk about what they’ve done and how much a part of it they are. It gets to the point where you are discussing individual operations.
What are the most popular operations amongst soldiers?
Anonymous is so distributed and leaderless that everyone has operations they love and hate. Operation Cartel, especially at Fort Bliss. Operation Dark Net was universally loved. And Operation Payback was pretty well received.
What about you?
I was involved in the Arab Spring opening up internet communications. I was a facilitator for a lot of people who have more skills than me in the cyber world. I knew people who I met through 4chan, 9Chan, and 7Chan and then a lot of AnonOps IRCs and who they needed to talk to — the organizations that would help them, and people in government would give them resources and access — and was able to convince them to talk to people in Anonymous. I got people in the right [internet relay chat] rooms at the right time.
Would the military consider you a white or black hat?
The military sees me as black hat.
Is that a fair assessment?
All hats are gray. Every white hacker I know has a night job that is very much a black-hat job.
What were the results of what you did for the Arab Spring?
From what I heard they were able to establish ways to assist the activists to have a method where they could get information out of Egypt and have certain Twitter accounts tweet that information on their behalf. But I don’t know for sure. As soon as I was like, “Hey, this is this person,” and vice versa, they did tweet confirmation to make sure that certain Twitter accounts were controlled by certain people, and then I headed out of the room so there would be no “taint” of having a fed there
Why do Anonymous members outside the military trust you?
My credibility is incredibly suspect in the group. I admit I work for the feds, and I provide information on myself so that they are comfortable. There are people who I only know as screen names but I have put my career in their hands.
What specific actions have other soldiers taken?
There are several [soldiers] I know that probably did things, but I don’t know know that they did. I can legally say, probably under a [lie] detector, I have no proof that they did it. We keep our activities totally separate because at any point in time I can be put in the chair that I can’t lie in. You have to keep the /b/ [4chan’s “Random” board] brotherhood strong.
Does the military know about the Anonymous presence?
Pre-Manning, there were several academic papers put out trying to analyze it and school the leadership. Because the Army is a very top-down organization, they assume that [Anonymous] is too. Leadership wasn’t concerned with it until Manning happened. Then they read everything under the [lens] of what Manning did and it just scared them — scared them blind. They know we are in there and they assume that we are all going to do a Manning or a Snowden.
How have they addressed it?
Every six months you are mandated to get a Threat Awareness and Reporting Procedures Brief. It used to be very much like how to … spot the Iraqi contractor who is pacing off your base. Now it is, “Look at the person at your left and right. Are they espousing social beliefs that don’t line up with Army values? What websites do they go to at work?” With the caveat that it is OK to have political beliefs that are different. You get a heavy-handed feeling.
I have had more than a few officers come up to me and as we are trying to talk about [Anonymous] they are worried, like, “Are you CID [working undercover for the Central Investigative Division]?” Because you always worry about that.
Are the retaliations against Manning and Snowden discouraging Anonymous activity and the desire to leak information?
A lot [of Anonymous members] have been in long enough and are jaded. They are watching as the government comes down harder and harder. There is a growing sense of disdain and hatred because we are complicit in it. There are some secrets that need to be secrets but the stuff [the military] keeps secret just to protect the bottom line — you just feel like you are selling your soul every day. That is a lot of the motivation. Especially for people of the generation that believe that information should be free.
Are we going to see more leaks?
Yes. A lot [of Anonymous members] are mid- to high-rank NCOs. They are well-respected, have connections, and overly large security clearances. A lot of people who are part of the [Anonymous] culture are just dying at this point for something to come across their table that isn’t already out there. It is so easy to leak information that if you want to, you can do it.

New York Times hackers strike again with evolved malware

Security padlock image
The hacking team behind the notorious attack on The New York Times has targeted an unnamed economic policy agency with new hyper-sophisticated malware, according to FireEye researchers.
FireEye reported unearthing the new hack tools when analysing a recent attack on one of the company's clients, warning that the malware is significantly more advanced than those used in the group's previous campaigns.
"The attackers behind an audacious breach of The New York Times' computer network late last year appear to be mounting fresh assaults that leverage new and improved versions of malware. The new campaigns mark the first significant stirrings from the group since it went silent in January in the wake of a detailed expose of the group and its exploits," wrote the researchers.
News of The New York Times attack broke in January, when the publication reported being the victim of an ongoing cyber campaign. Security firm Mandiant, which helped mitigate the attack, subsequently reported linking the campaign to a Chinese group. The attacks are believed to have been carried out in retaliation to a series of articles about former Chinese prime minister Wen Jiabao.
FireEye senior malware researcher Ned Moran told V3 the new attacks use evolved versions of the longstanding Aumlib and Ixeshe malwares, which have been used by criminals in targeted attacks for several years. He added that the upgraded tools are designed to help the criminals avoid detection, even from advanced systems designed to detect their previous tools, when hacking into their victim's network.
"The network protocol has been altered. Signatures designed to detect the previous version of these tools may not detect these new network protocols. This may enable the threat actor to operate undetected," said Moran.
The report said, while troubling, the development is not surprising and is typical of most hackers; the group that hacked The New York Times is simply amending its strategy having been discovered. "Attackers do not change their approach unless an external force or environmental shift compels them to. As the old saying goes: if it ain't broke, don't fix it," read the report.
The attack is one of many advanced threats uncovered this year. Arbor Networks last week reported uncovering a new bruteforce botnet campaign, which has already infected over 25,000 Windows machines with malware using an unknown infection method.

CCTV code of practice comes into force after privacy concerns

The Home Office has introduced a CCTV code of practice to try to curb the excessive use of cameras for surveillance by increasing numbers of private and public sector organisations. However, there is no enforcement of the code and no fines for breaking it.
The code, set out by the Home Office earlier this year, acknowledges that CCTV can be vital to security and surveillance, but said it must have a “legitimate aim” and be “compliant with any relevant legal obligations”.
In particular, concerns have grown over recent years over the way CCTV is being used for excessive monitoring, such as in taxis, which was deemed illegal by the Information Commissioner’s Office last year.
The code states: “This code has been developed to address concerns over the potential for abuse or misuse of surveillance by the state in public places, with the activities of local authorities and the police the initial focus of regulation."
To try and enforce this there are 12 points that CCTV operators must follow that cover a range of issues, from use to data retention and the ability to contact the people running the cameras to access information.
“Use of a surveillance camera system must always be for a specified purpose, which is in pursuit of a legitimate aim and necessary to meet an identified pressing need,” reads point one of the scheme.
Point two reads: “The use of a surveillance camera system must take into account its effect on individuals and their privacy, with regular reviews to ensure its use remains justified.”
Despite the action by the government, privacy campaigners are still concerned not enough is being done. Civil liberties group Big Brother Watch pointed out that without proper enforcement it could become irrelevant.
"With only a small fraction of cameras covered and without any penalties for breaking the code, we hope that this is only the beginning of the process and that further steps will be taken in the future to protect people’s privacy from unjustified or excessive surveillance," it said in a blog post.
"As CCTV technology improves and issues like facial recognition analysis come to the fore, it is essential that people are able to access meaningful redress where their privacy is infringed. The Surveillance Camera Commissioner must be given the powers and the resources to take action otherwise the public will rightly ask if the surveillance state continues to escape accountability.
The issue of CCTV is just one area of monitoring to hit the headlines recently, with the ICO slamming police in Hertfordshire for "illegal" use of ANPR cameras to create a "ring of steel" around the village of Royston.

PRISM: Obama meets Apple and Google chiefs to discuss spying concerns

Garden view of the front of the White House
US president Barack Obama held a meeting last week with Apple CEO Tim Cook, Google computer scientist Vint Cerf and Randall Stephenson, the CEO of US telecoms giant AT&T, it has emerged.
According to Politico, the meeting discussed the NSA and other privacy issues including tracking consumers online. This followed a gathering earlier last week attended by the bodies representing companies including Facebook, Microsoft, Google and Yahoo: TechAmerica, the Information Technology Industry Council and TechNet.
A White House official told Politico that the talks were a part of the president's ongoing efforts to work out how to best handle the storm surrounding June's PRISM revelations. "This is one of a number of discussions the administration is having with experts and stakeholders in response to the president's directive to have a national dialogue about how to best protect privacy in a digital era, including how to respect privacy while defending our national security," the source said.
The meetings follow an open letter to the president in June, seeking to increase the transparency of government data requests in an effort to limit the PR damage caused by the mysterious and unexplained handing over of data. The signatories included Apple, Facebook, Microsoft, Twitter and Yahoo, as well as 17 other tech corporations.
"Just as the United States has long been an innovator when it comes to the internet and products and services that rely upon the internet, so too should it be an innovator when it comes to creating mechanisms to ensure that government is transparent, accountable, and respectful of civil liberties and human rights," the letter said.
Last week, in a bid to curb further alleged privacy violations, firms Lavabit and Silent Circle both discontinued their secure email services following government interference. Lavabit specifically had been linked to NSA whistleblower Edward Snowden, who revealed the extent of PRISM in June.

LulzSec Sony hacker Neuron gets 13 months of home detention and $605,663 bill

LulzSec logo
A US judge has sentenced the LulzSec hacker Neuron to over one year of home detention for involvement in a cyber attack on Sony Pictures.
United States district judge John A Kronstadt sentenced 21-year-old Arizona resident Raynaldo Rivera, known online as Neuron, to serve 13 months of home detention, perform 1,000 hours of community service and pay $605,663 in restitution for his involvement in a 2011 data-stealing cyber raid on Sony Pictures.
The attack saw the LulzSec hackers illegally access data stored on Sony Pictures' website with a SQL injection, stealing and posting online information including the names, addresses, phone numbers, and email addresses for tens of thousands of Sony customers.
Rivera originally pleaded guilty to conspiring to cause damage to a protected computer after participating in the attack on Sony Pictures in October 2012. He is the second US LulzSec member to be sentenced for involvement in the raid. Prior to Rivera, Cody Kretsinger, who operated under the alias Recursion, was sentenced in April to one year and one day in federal prison and to pay the same $605,663 restitution fee.
At the time of publishing Sony had not responded to V3's request for comment on Rivera's sentencing.

The Sony Pictures attack was part of a wider two-month rampage by the loose-knit LulzSec hacking group. The campaign saw them target numerous companies and government groups, including the UK's Serious Organised Crime Agency (SOCA). Outside of the US several British youths have also been arrested and sentenced for participating in LulzSec cyber attacks.
Most recently UK LulzSec member Ryan Ackroyd, 26, pleaded guilty to carrying out an unauthorised act to impair the operation of a computer, contrary to the Criminal Law Act 1977. Before this, Ryan Cleary and Jake Davis pleaded guilty to involvement in attacks on several high-profile agency and company websites in July 2012.

PRISM: Snowden's Lavabit and Silent Circle's encrypted mail services are pulled

A man in an alleyway using a mobile phone
Lavabit and Silent Circle have discontinued their respective secure email services, hoping to pre-empt future snooping requests from US government agencies.
Lavabit owner Ladar Levison confirmed the news in a public post on the company's website. He said continuing the service would inevitably force him to commit crimes against the American people, due to its links to notorious PRISM whistleblower Edward Snowden, who is a well-known user of its services.
"I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly 10 years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations," read the statement.
Snowden is an ex-CIA analyst who famously leaked details about the NSA's PRISM campaign. The campaign revealed that the agency is siphoning vast amounts of web users' data from big-name tech companies like Google, Microsoft, Twitter and Facebook. Following the leak the US has been doggedly pursuing Snowden, who fled the country moments after.
Levison said he could not share the exact reasons for the decision, but hinted an unnamed number of government agencies had already issued data requests from the company, presumably targeting Snowden.
"I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what's going on – the first amendment is supposed to guarantee me the freedom to speak out in situations like this," read the statement.
"Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests."
The Lavabit head said the company has already begun proceedings to fight the gag order in the Fourth Circuit Court of Appeals, calling for businesses to avoid using American hosted messaging services in the interim.
Following the revelation, Silent Circle announced similar plans to discontinue its own secure Silent Mail service. Silent Circle's Jon Callas announced the company's plans in a public post clarifying that the company has not received any data requests from the US government and is only ending the service to ensure its customers' future privacy.
"We have decided that it is best for us to shut down Silent Mail now. We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now," read the statement.
"We've been debating this for weeks, and had changes planned starting next Monday. We'd considered phasing the service out, continuing service for existing customers, and a variety of other things up until today. It is always better to be safe than sorry, and with your safety we decided that the worst decision is always no decision."
Callas said the company's Silent Phone, Silent Text and Silent Eyes services will keep operating as they do not actually store any user data. "Silent Phone and Silent Text, along with their cousin Silent Eyes, are end-to-end secure. We don't have the encrypted data and we don't collect metadata about your conversations. They're continuing as they have been. We are still working on innovative ways to do truly secure communications. Silent Mail was a good idea at the time, and that time is past," read the statement.
The NSA is one of many agencies caught monitoring citizens' web habits. Within the UK the GCHQ has been accused of tapping the fibre optic cables connecting the country to the internet in an operation codenamed Tempora. Prior to Callas' comments, Silent Circle chief executive Mike Janke cited operations such as Tempora as proof European businesses should be more concerned about local spooks than the NSA, during an interview with V3.

SFO loss of BAE Systems CDs and floppy disks sparks double investigation

A CD and a floppy disk
The Serious Fraud Office (SFO) has revealed that it lost a cache of documents and electronic media used in its investigation of defence contractor BAE Systems. Two internal SFO investigations have been sparked as a result.
The incident, which took place between May and October 2012, included up to 32,000 document pages and 81 audio tapes and a selection of digital information. The SFO confirmed to V3 that the lost digital data included floppy disks, CDs, mini disks and backup tapes, which were sent to the wrong recipient. It said that 98 percent of the lost data had since been recovered, but this would still leave over 600 document pages unaccounted for.
"The SFO has a duty to return material to those who supplied it, upon request, after the close of an investigation," an SFO statement read. "In this instance the party requesting the return was sent additional material, which had in fact been obtained from other sources."
The SFO said that it had informed the 59 suppliers of the mishandled data about the situation.
As a result of the incident, the SFO asked the former director of security at the Palace of Westminster, Peter Mason, to conduct a review of the incident. Mason's recommendations were:
  • Continuing ownership of the data in a concluded case by designated operational staff
  • Redrafting of the responsibilities of the SFO's senior information risk owner
  • Raising the profile of data handling as a key risk in the SFO's business
In addition, a further independent investigation has been instigated to "review all of the organisation's business processes".
The documents lost pertained to a bribery investigation following major arms deals between BAE and Saudi Arabia, including the sale of Typhoon fighter jets. The investigation was discontinued in 2006 following intervention from the prime minister at the time, Tony Blair.

In a statement seen by the BBC, BAE Systems concluded that the matter for the firm was "now closed".

Android security flaw leaving Bitcoin wallets open to cyber theft

Bitcoin 3D logo
Bitcoin has reported finding a critical flaw in Android, leaving users' digital wallets open to cyber pickpockets.
Engineers from Bitcoin found the vulnerability, confirming it affects several different payment apps and services running on Android. "We recently learned that a component of Android responsible for generating secure random numbers contains critical weaknesses that render all Android wallets generated to date vulnerable to theft," read the post.
"Because the problem lies with Android itself, this problem will affect you if you have a wallet generated by any Android app. An incomplete list would be Bitcoin Wallet, wallet, BitcoinSpinner and Mycelium Wallet. Apps where you don't control the private keys at all are not affected. For example, exchange frontends like the Coinbase or Mt Gox apps are not impacted by this issue because the private keys are not generated on your Android phone."
Bitcoin confirmed it is working on fixes for Bitcoin Wallet, BitcoinSpinner, Mycelium Wallet and, recommending users regularly check the Google Play store for updates and install them as soon as they become available.
"In order to re-secure existing wallets, key rotation is necessary. This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself. If you use an Android wallet then we strongly recommend you to upgrade to the latest version available in the Play Store as soon as one becomes available," read the statement.
"Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one. If you use Bitcoin Wallet by Andreas Schildbach, key rotation will occur automatically soon after you upgrade. The old addresses will be marked as insecure in your address book. You will need to make a fresh backup."
Trend Micro security director Rik Ferguson told V3 it could prove tricky for Bitcoin to protect its users given the fractured nature of Android, with almost 12,000 devices in the market.
"There is no evidence yet that it has been actively exploited, so for those people using Bitcoin wallets on their mobile devices, let's hope the app updates with fixed random number generators are timely. It will be also interesting to see how the underlying issue in Android affects other apps that rely on cryptography and how a fix can be rolled out across that notoriously fragmented ecosystem," he said.
Bitcoins are a digital currency created in 2008. They are designed to allow instantaneous, semi-anonymous online transactions to be made.
The anonymous nature of the currency has seen them become favoured by many criminal groups, who use them as a means to hamper law enforcement's ability to track them. Most recently Webroot reported that several black markets have begun taking Bitcoin payments.

FBI Tor exploit appears on Metasploit penetration tester forum

Data security
A Tor exploit pertaining to be one used by the FBI in a recent child pornography bust has been released on the Metasploit penetration tester forum.
The exploit was posted by Metasploit user sinn3r who claimed to have found it during a joint cyber forensics operation at the Defcon hacker conference mere hours after word of its use broke.
"I noticed a Reddit post regarding some Mozilla Firefox zero-day possibly being used by the FBI in order to identify some users using Tor for crackdown on child pornography," sinn3r wrote.
"The security community was amazing: within hours, we found more information such as brief analysis about the payload, simplified PoC, bug report on Mozilla, etc. The same day, I flew back to the Metasploit hideout (with Juan already there), and we started playing catch-up on the vulnerability."
The Tor vulnerability was revealed earlier in the week when local Irish sources reported the FBI used it to track a child pornography distributor. Trend Micro security director Rik Ferguson told V3, the exploit relates to a flaw in the Firefox browser on which the Tor Browser Bundle is based.
"This is the one that was supposedly used by US law enforcement in order to help identify users of child exploitation images online. It takes advantage of a vulnerability in the Tor Browser Bundle to unwittingly have the victim expose their true IP and MAC address," he explained.
"Certain servers (hidden services) on the Tor network containing illegal material were infiltrated and JavaScript containing this exploit was added. Meaning that whenever someone browsed to one of these pages, their browser would automatically generate a HTTP GET request for a resource on the open internet (rather than the ‘darkweb' of hidden services).
"This meant that law enforcement could get a reasonable indication of the location of individuals accessing child exploitation images, even on supposedly anonymous networks such as Tor."
Tor is a free service designed to let people hide their internet activity. It does this by directing internet traffic through a volunteer network of more than 3,000 relays to conceal the user's location. The exploit is thought to be especially significant as prior to it, many users had taken Tor as being a bulletproof means to surf the web anonymously.
Ferguson said even if the exploit is used by law enforcement to track some groups, its appearance should be of little concern to most people.
"Regular Firefox users were not targeted by the original exploit and it was for an older version of the browser anyway (the one that the TOR browser pack was based on) so regular FF users were almost certainly never affected (or targeted by it). TOR Browser Bundle only released a patch for it recently, and in any case, users of that environment tend to update less often, so no doubt it served its purpose there, and that's no bad thing."
The extent to which law enforcement monitors web users has been a growing concern in recent weeks, with the emergence of the notorious PRISM campaign. PRISM is a cyber campaign run by the NSA designed to collect vast reserves of web users personal information from big name companies like Facebook, Google and Twitter.

Vulnerability in Windows Phone OS could allow information disclosure

Microsoft Security Advisory reveals a vulnerability in Windows Phone OS that could allow information disclosure


Microsoft has issued a security advisory related to a vulnerability in Windows Phone OS that could allow information disclosure, the flaw is related to
Wireless PEAP-MS-CHAPv2 Authentication used by Windows Phone to access to wireless network.

According the Microsoft Security Advisory (2876146) a hacker exploiting the vulnerability in Windows Phone OS could access to victims encrypted domain credentials that could be used to collect sensitive data from corporate networks.
"To exploit this issue, an attacker controlled system could pose as a known WI-Fi access point, causing the targeted device to automatically attempt to authenticate with the access point, and in turn allowing the attacker to intercept the victim's encrypted domain credentials. An attacker could then exploit cryptographic weaknesses in the PEAP-MS-CHAPv2 protocol to obtain the victim's domain credentials. Those credentials could then be re-used to authenticate the attacker to network resources, and the attacker could take any action that the user could take on that network resource." stated the bulletin.
Vulnerability in Windows Phone OS
The flaw is related to the WiFi authentication scheme (PEAP-MS-CHAPv2) implemented in Windows Phones for the access to wireless networks that are secured through WI-Fi Protected Access protocol version 2. The affected phone OSs are Windows Phone 8 and Windows Phone 7.8, Microsoft experts recommend to apply the suggested action to require a certificate verifying a wireless access point before starting an authentication process.
Despite the exploitation of the flaw could have serious consequences and could allow attackers to steal corporate data Microsoft hasn't yet received any reports related incidents so it does not intend to patch this vulnerability.
Pierluigi Paganini

#opIsrael reborn: Hackers unite in global operation set for 11 September 2013

Multiple sources are showing that hackers are uniting to strike Israel on 11 September 2013. The #opIsrael reborn operation is an operation that has been initiated by hackers that are active on social media platforms like Facebook and Twitter. This is not the first time Israel is being targeted by an Operation.

#opIsrael April 7th

The first day Israel experienced an attack from this corner was when AnonGhost united in an operation to attack Israel on April 7th
There were multiple hackers that participated in this attack. The operation was mentioned world wide. 

#opIsrael Reloaded

AnonGhost members are former TeaMp0isoN members and it is not a surprise to see that TeaMp0isoN attacked Israel in an operation that was launched in 2012.
Anonymous, TeaMp0isoN and many other hacktivists from around the world have united, we may not be able to stop the Zionist regime, but the least we can do is raise awareness and educate people by defacing zionist websites, Operation Free Palestine is about educating the blind and terrorising the terrorist, the tables have turned, the time has come

#opIsrael Reborn 9 September 2013

Hackers from all the world are uniting on social media networks and IRC channels to start an attack on Israel once again. This time the hackers have picked 9/11/2013 as the perfect date to initiate their attack. The hackers are aware this is the same date two “hijacked” airplanes hit the world trace centers and several other buildings got hit by explosions.
A lot of people left this world on that day. Could it be that the hackers are planning to do the same with Israel but then in an “online/cyber” view?

Israel responded to those earlier attacks

These threats are taken seriously by the Israeli government as Israel setup an emergency hotline in earlier #opIsrael operations.

#opIsrael reborn target list

There has not been a target list published yet but we from Cyberwarzone think that earlier targets might be targeted again. Below you can find the list of websites that had been affected in #opIsrael operations:
  216. http://www.xn—
  217. http://www.xn—
  218. http://www.xn—