Tuesday, 16 July 2013

South Korea blames cyber attacks on North Korean government hackers


North Korean flag
South Korea has accused the North Korean government of being behind a wave of cyber attacks on the country's networks.
The Ministry of Science, ICT and Future Planning reported uncovering evidence linking the North Korean government to the signature malicious computer codes and an internet address used in the attacks mounted on the anniversary of the Korean War last month, in a report published Tuesday.
The campaign saw hackers target several government websites with denial of service (DoS) and defacement attacks. The attackers claimed to be operating as independent hacktivists, though this has been questioned.
Most recently security firm McAfee reported uncovering evidence suggesting that the attacks are part of a larger, sophisticated spying campaign that has been active since at least 2009, in its Dissecting Operation Troy: Cyber espionage in South Korea threat report.
Like the Ministry, the report cited similarities between the DarkSeoul attacks and malware used by a second team, operating under the New Romanic Cyber Army Team alias as proof the use of the Anonymous hacktivist banner was likely a smokescreen designed to fool law enforcement and governments about the true nature of the campaign.
However, unlike the Ministry, McAfee said even with this evidence it is still too early to know whether the North Korean government is behind the attacks.
Prior to the attacks on the government, DarkSeoul hackers also mounted sophisticated cyber attacks on several of the country's banks and broadcasters, crippling thousands of computers. This has increased political tensions between the North and South Korean governments, leading many security researchers to fear potential repercussions.

PRISM: Yahoo wins right to reveal fight against data requests

Yahoo building in silhouette
Yahoo has won a court order allowing the declassification of documents that reveal its efforts to fight data requests under the PRISM system when it was first established in 2008. The decision is a notable victory for the technology industry as it tries to restore user trust after the controversy.
Numerous tech giants such as Yahoo, Twitter and Google said they wanted to provide the public with more information on the data they have to hand over to authorities such as the NSA, but are prevented from doing so under US law.
In response, several have filed legal cases challenging the situation, with Google going as far as citing the first amendment as its right to disclose more information.
Now, in the first notable case since the PRISM scandal broke, Yahoo has won the right to reveal previously classified documents that showed it tried to fight handing over data batches.
Ironically the ruling was made by the Foreign Intelligence Surveillance Act (FISA) court, the same court responsible for signing off the government’s data request to US tech firms such as Yahoo.
“The Government shall conduct a declassification review of this Court's Memorandum Opinion of [the case] and the legal briefs submitted by the parties to this Court," the ruling read.
“After such review, the court anticipates publishing that Memorandum Opinion in a form that redacts any properly classified information."
The Department of Justice (DoJ) now has two weeks to consider how long it would take to declassify the documents. V3 contacted Yahoo for comment on the ruling but had received no reply at the time of publication.
The Electronic Frontier Foundation praised Yahoo for its efforts, claiming its willingness to fight was proof that many companies are determined to try and protect user privacy.
“Yahoo went to bat for its users – not because it had to, and not because of a possible PR benefit – but because it was the right move for its users and the company,” it said.
“It’s precisely this type of fight – a secret fight for user privacy – that should serve as the gold standard for companies, and such a fight must be commended.”
During the PRISM scandal Yahoo revealed that it received between 12,000 and 13,000 requests for customer data from the US government.

Asus router reveal password in plain text over the Internet

Security researcher Kyle Lovett has a Bugtraq indicate a gap in many router models from Asus. Through a very simple attack, it is possible to access the unencrypted files stored configuration of routers via Internet. This is the password for the Aicloud stored function.
An attacker can use it to access the content from USB media connected to the router. The gap is in connection with a previously discovered on the devices vulnerability in Samba shares, or more precisely: The root file system of the internal web server is through directory traversal distance. Due to this error, it is also possible that an attacker gets access to the Windows shares on the local network of the router owner.
Vulnerable Asus Models
  • RT-AC66R   Dual-Band Wireless-AC1750 Gigabit Router
  • RT-AC66U   Dual-Band Wireless-AC1750 Gigabit Router
  • RT-N66R     Dual-Band Wireless-N900 Gigabit Router with 4-Port Ethernet Switch
  • RT-N66U     Dual-Band Wireless-N900 Gigabit Router
  • RT-AC56U   Dual-Band Wireless-AC1200 Gigabit Router
  • RT-N56R     Dual-Band Wireless-AC1200 Gigabit Router
  • RT-N56U     Dual-Band Wireless-AC1200 Gigabit Router
  • RT-N14U     Wireless-N300 Cloud Router
  • RT-N16       Wireless-N300 Gigabit Router
  • RT-N16R     Wireless-N300 Gigabit Router

Judge Considers Request to Dismiss 7 Charges Against Pfc. Bradley Manning

The judge hearing the case against Pfc. Bradley Manning at Fort Meade said she would decide Thursday on his lawyers’ request to dismiss seven of the charges, including allegations that he aided the enemy when he provided hundreds of thousands of classified documents to WikiLeaks. The defense said the prosecution had not provided sufficient evidence that Private Manning had “actual knowledge” that the information would end up with the enemy. Lawyers for the government have said that, based on his training, Private Manning knew that Al Qaeda and other groups could have access to the documents.

Iranian PRISM revealed

Yes - you are reading it right. Iran has its own PRISM program that allows the Iranian government to track each step that is made in the Iranian domain but it is not limited to the Iranian domain.

Iranian PRISM

The Iranian PRISM device is able to monitor internet connections, phone calls and text messages - it does not matter where you are, you can be with your friends, family or colleagues - you will get spied on.

Iranian elections 2013 

Resources tell that during the Iranian elections of 2013 - the Iranian PRISM program was used. Over 200 international journalists applied to report on the Iranian elections - they all got examined and they had to pass the Zionist spy test.

United Kingdom providing the Iranian PRISM program?

In 2011 a article provided information about how the Iranians are obtaining tools from foreign countries that are able to track people down.
Lord Alton has tabled six questions in the House of Lords for the UK government, which are due to be answered by 21 November.
He has asked why there is no existing export ban on UK-made software and equipment that "has been used to track down protesters and democracy activists in Iran". He has also asked the government if it has investigated "the alleged use of intercepts by mobile telephone monitoring devices manufactured in the UK in the interrogation and torture of Iranian democracy activists".

Gmail hacked by Iran

Google reports it has stopped a series of attempts to hack the email accounts of tens of thousands of Iranian users in what the company believes is an attempt to influence the country's upcoming election.
"For almost three weeks, we have detected and disrupted multiple email-based phishing campaigns," Eric Grosse, the vice-president for security engineering, wrote in a post on Google's blog on Wednesday. The phishing campaigns are originating in Iran, targeting users there and representing a big surge in the region's hacking activity before Iran's presidential election" - Google

CrimeTweets: Twitter Job Deals scam on Twitter

Today Cyberwarzone received multiple Tweets that contained a shortened hyperlink to the job-deals.com website. The first thing that was noticed quickly was that the usernames were all containing the same prefix. [name][number][random].
The profiles have no followers and they are not following anyone either. Weird.
Once you click on the link you will be redirected to the twitter.job-deals.com website. This is an website that tries to trick you in earning online money by signing up for an survey module.
On the twitter.job-deals.com page they will only collect your e-mail and username that you wish to use.
Once that is done and you have setup your account you will be redirected to another survey website where they request you to provide more information.
  1. username
  2. password
  3. full name
  4. country
These scams are the oldest in the book. In these type of scams they will obtain personal information step by step.