Thursday, 6 February 2014

Eastern European hackers caught selling Target customer card data

Eastern European cyber criminals have been caught selling customer data stolen during a raid on US retailer Target, say security researchers at FireEye.
The Target breach is believed to have occurred between 27 November and 15 December. It saw hackers break into Target's systems and compromise over 40 million credit and debit card accounts.
The criminals are believed to have stolen customers' credit and debit card numbers, card expiration dates and debit card PIN numbers.
Senior researcher at FireEye Narottama Villeneuve told V3 the stolen card details were being sold on underground Russian-language forums. "It is not surprising that the data is being sold on underground forums. The buyers may use the card data to make fraudulent purchases. Often, these activities are conducted via ‘pack mules' or ‘re-shipping fraud'," he said.
Villeneuve said FireEye uncovered evidence suggesting the criminals have started developing sophisticated partnerships, known as partnerkas, to maximise their profits.
"The partnerkas are organised using an affiliate model. A source, for say malware, will use a network of re-sellers to sell the malware to operators who actually use the malware," said Villeneuve.
"These operators purchase bulletproof hosting for their operation from providers who market this hosting in a similar way. In effect, the more publicised operations that we hear about in the news rely upon a cybercrime ecosystem that is always operating and adapting – these are not isolated events."
Bulletproof hosting is a service offered by less scrupulous web hosting firms, which gives customers more freedom over what material they can upload. In the past Bulletproof hosts have been used for a variety of criminal purposes, including running cyber black markets, such as those discovered by FireEye, and child pornography sites.
FireEye researchers said the underground markets are also being used as forums to sell malware. The researchers said the malware is currently being sold for between $1,800 to $2,300.
Villeneuve told V3 that the malware will inevitably be used by hackers to mount further data-stealing attacks, but highlighted recent success by law enforcement in shutting down similar operations as cause for hope.
"We expect these types of breaches to continue. However, it should be noted that there have been successful law enforcement actions against those engaged in coding and using malware designed to commit banking and credit card theft or fraud. Recently, the author of SpyEye was arrested as were those behind Carberp," said Villeneuve.
SpyEye is a financially focused malware that is believed to have stolen hundreds of millions of dollars of financial data. The SpyEye author, Aleksandr Andreevich Panin, was arrested by US authorities on 1 July 2013 at the Hartsfield-Jackson Atlanta International Airport. He pleaded guilty to helping create and distribute the SpyEye malware in January.

Police ransomware warning issued by European Cybercrime Centre

Policeman in front of no entry sign representing high security
Europol's European Cybercrime Centre has warned internet users to remain vigilant against the "exponential" growth in police ransomware, which tricks users into handing over cash to criminals.
The scam uses malware that displays warnings on a user’s computer pretending to be from a law enforcement agency and claims that because the user has engaged in activity such as file-sharing or visiting terrorist websites, a fine must be paid before the computer will be unlocked.
It is estimated that millions of euros have been handed over to crooks as a result of this scam. Troels Oerting, head of the European Cybercrime Centre at Europol, said internet users must remain alert to this growing menace.
“Malware attacks in the form of ransomware will unfortunately increase. It is a cash cow for criminal enterprises, easy to use and difficult for victims to protect against. All kinds of innocent users are potential victims of this crime – not just mainstream users but also businesses and public services,” he said.
“EC3 will continue to assist EU member states' law enforcement agencies in combating this crime and tracing the criminal proceeds. In the meantime we all need to increase awareness amongst all internet users to avoid further impact.”
Europol also emphasised the need for greater cross-border co-operation between member states to tackle police ransomware, as well as some guidelines on how to avoid falling victim to the scam.
These included making sure your operating system is up to date, that antivirus software is active and working, carefully checking any attachments before opening them, backing up your computer regularly and reporting any incidents to the police.
The warning was issued as part of new research into the threat of ransomware scams, which noted the ease with which criminals can now access such tools to engage in online scams.

PRISM: GCHQ spies used phishing and DoS attacks against Anonymous hackers

Anonymous news site
A secret spy unit linked to the UK Government Communications Headquarters (GCHQ) proactively attacked hackers related to the Anonymous collective, according to leaked NSA documents.
NBC published documents leaked by whistleblower Edward Snowden showing that the group, codenamed the Joint Threat Research Intelligence Group (JTRIG), attempted to shut down and spread information throughout the Anonymous collective.
The document alleged the unit attempted to phish Anonymous members and launched attacks designed to disrupt and infiltrate its networks as part of an operation called Rolling Thunder.
The documents show the spies mounted a sophisticated espionage campaign that let intelligence officers phish a number of Anonymous members to extrapolate key bits of information.
The leaked documents include conversations between intelligence officers and the GZero, Topiary and pOke Anonymous members in 2011.
One log shows a GCHQ spy duped pOke into clicking on a malicious link dressed up to look like a news article about Anonymous. The link used an unspecified method to extract data from the virtual private network (VPN) being used by pOke.
The documents allege pOke was not arrested, but that the information gathered during the phishing attack was used in the arrest of Jake Davis (Topiary) in July 2011.
Davis' arrest was taken as a key victory for law enforcement. Davis, a British citizen, was believed to have acted as a spokesman for many Anonymous cells and is credited as the author of several of the group's statements.
Intelligence officers also attempted to sabotage and hinder Anonymous members' communications, though it is unclear how they did this as the leaked slides refer to both distributed denial of service (DDoS) and denial of service (DoS) attacks. F-Secure analyst Sean Sullivan told V3 that while it is hard to know which was used, evidence suggests that the spies used DoS attacks.

"The Rolling Thunder slide has 'DDoS' at the top, the slide previous to that states  ‘Denial of Service on Key Communications outlets’,” he told V3.

“I’m of the opinion that the Rolling Thunder slide is mislabeled – thus, the GCHQ performed a DoS on Anonymous, not a DDoS. There’s a difference in scale, and if the GCHQ had engaged in a DDoS in the summer of 2011 we would have learned about it then, not now.”
A GCHQ spokesman declined V3's request for comment on NBC's report, but reiterated the agency's previous insistence that all its operations are carried out within the letter of the law.
"It is a longstanding policy that we do not comment on intelligence matters. Furthermore, all of GCHQ's work is carried out in accordance with a strict legal and policy framework," read the statement.
Experts within the security community have questioned the GCHQ's argument. Chief operating officer at Corero Network Security Andrew Miller said the secret unit's use of black hat tactics is at the very least morally questionable.
"We have to remember that cyber spooks within GCHQ are equally if not more skilled than many black hat hackers, and the tools and techniques they are going to use to fight cybercrime are surely going to be similar to those of the bad guys," he said.
"Legally, we enter a very grey area here; where members of Lulzsec were arrested and incarcerated for carrying out DDoS attacks, but it seems that JTRIG are taking the same approach with impunity."
The campaign against Anonymous is one of many revelations to stem from the leaked Snowden files.
The files were originally leaked to the press in 2013 and detail several intelligence operations carried out by the UK GCHQ and US National Security Agency (NSA). Documents emerged alleging that the GCHQ and NSA were using mobile applications such as Angry Birds to spy on citizens earlier in January.

Government plans cyber attack tests for UK critical industries

The government has announced plans to stress test the defences of public sector departments and businesses involved in critical infrastructure areas, as a part of a set of reforms designed to protect the nation from cyber attacks.
The plans were unveiled by secretary of state for Business, Innovation and Skills, Vince Cable at the Government and Regulators Summit on Wednesday morning.
The summit saw representatives from regulators for the financial, water, energy, communications and transport sectors and intelligence agencies and MPs meet to discuss new ways to bolster the country's cyber defences.
The representatives agreed to take part in critical infrastructure cyber tests similar tests to those seen in the recent Waking Shark I and II operations. Waking Shark is the codename used for the resilience tests inflicted on the financial sector in 2013.
Other key reforms include the adoption a new "10 Steps to Cyber Security" standard and increased information sharing between the public and private sector using initiatives like the Cyber Security Information Sharing Partnership (CISP).
Cable said the reforms are an essential step in the UK government's ongoing battle to protect its digital economy and critical systems from hackers.
"Cyber attacks are a serious and growing threat to British businesses, but it is particularly important that those industries providing essential services such as power, telecommunications and banking are adequately protected to avoid disruption to our everyday lives, he said

"We can only achieve this objective through a partnership between government, the regulators and industry. Today's event marks the next step in highlighting the important role of the regulators in overseeing the adoption of robust cyber security measures by the companies that supply these crucial services".
Deputy governor for Prudential Regulation at the Bank of England, Andrew Bailey, mirrored Cable's sentiment, promising to release information and guidance accrued during Waking Shark II as a sign of good will to other businesses.
"It is essential for financial stability that the UK financial system and its infrastructure continues to work towards improving its ability to withstand cyber-attacks," he said.
"To support this, the Bank of England will also publish today the findings of Waking Shark II, an exercise which tested the response of the wholesale banking sector to a simulated cyber-attack, which is part of the ongoing work recommended by the Financial Policy Committee to improve and test resilience."
KPMG Information Protection and Business Resilience team partner, Stephen Bonner, also praised the government for the reforms, urging companies to resist the temptation to go it alone when fighting hackers.
"Fear of damaged reputations or stuttering share prices are major factors behind many organisations' decision to keep a low profile when their cyber defences have been breached. But the days of isolationist thinking have long since disappeared, as an attack on one institution can lead to the exposure of commercially sensitive details for another," he said.
"Organisations may like to think of themselves as impenetrable islands, but the reality is that, with so much data stored - and so many relationships managed - online, they are bridged together and only by standing as one can they avoid being breached."
Attacks on critical infrastructure have been a growing concern over the last few years with a number of campaigns targeting critical infrastructure uncovered in recent months. A sophisticated campaign targeting the energy industry, codenamed Energetic Bear, was uncovered by security firm CrowdStrike earlier in January.

Facebook hoax: Facebook will not be accessible february 29 30 and 31

There is a hoax going around on Facebook that is tricking the users into believing that the Facebook website will be offline on February 29, 30 and 31. This is fake as the dates do not exist in the year 2014.