Cyber-ketju: verkkovakoilu,kännyköiden ja wlanien seuranta, hakkerointi, virukset, DoS etc

LULz

DONALD TRUMP'S hotel chain has been whacked with its third data breach in as many years, which has seen hackers make off with credit card data.

Sabre Hospitality Solutions, which operates the central reservation system used by the Trump Hotels chain, earlier this month notified the company that it had been breached. The first breach was recorded in August last year and the most recent in April this year.

Payment card data (including names, numbers and potentially security codes), along with guests' contact information, was stolen in this latest incident.

The attack has also affected other travel firms working with Sabre. Trump Hotels has issued a statement about the breach, which can be found here, but has not said how many guests were affected.

"The privacy and protection of our guests' information is a matter we take very seriously, and we recommend that affected guests review the information in this letter for some steps they can take to protect themselves against potential misuse of their information," the statement reads.

"We are working with Sabre to address this issue. We understand that Sabre engaged a leading cybersecurity firm to support its investigation. Sabre indicated that they also notified law enforcement and the payment card brands about this incident."

This is the third data breach to affect the hotel chain since 2014. The first saw seven hotels affected by malware between 2014 and 2015, and the second was reported in 2016.

Chris Wysopal, CTO and co-founder of Veracode, told the INQUIRER: "With news that Donald Trump's hotel chain has been hit by its third data breach in just three years, questions will certainly be asked whether it has been triggered as a result of recent political events.

"We're seeing an increasing number of attacks being used to influence socioeconomic events, such as attacking the assets and accounts of persons of power, as seen with the string of breaches of election candidates this year.

"As cybercrime increasingly becomes a tactic used to influence events offline, as well as online, it is increasingly important that all organisations take significant steps to secure their software, web applications and networks to ensure that they aren't their weakest points of attack."
Klikkaa laajentaaksesi...
https://www.theinquirer.net/inquire...h-sees-hackers-make-off-with-credit-card-data
 
Mielenkiintoinen näkökulma

On 23 June the British parliament came under a sustained cyber attack. In a matter of hours hackers made around 200,000 attempts to get into online user accounts. It was Rob Greig who got the call: "You need to get yourself over there right now." And so battle began.

The attack - which led to officials disabling remote access to thousands of email accounts of MPs, peers and their staff - was first spotted by parliament's security operations centre.

This was where Mr Greig, as director of the parliamentary digital service, was summoned to that Friday morning.
Klikkaa laajentaaksesi...
http://www.bbc.co.uk/news/uk-40619309
 
The UK energy sector is likely to have been targeted and probably compromised by nation-state hackers, according to a memo from Britain’s National Cybersecurity Centre.

The NCSC, a subsidiary of GCHQ, warned that it had spotted connections “from multiple UK IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors, who are known to target the energy and manufacturing sectors,” according to Motherboard, which obtained a copy of the document.
Klikkaa laajentaaksesi...
https://www.theguardian.com/technol...ed-gchq-memo-uk-national-cybersecurity-centre
 
Heippa,

Installoin palomuuriini geo blokkerin. Ensitöikseni blokkasin kaiken Venäjälle tulevan ja lähtevän liikenteen. Hämmästyksekseni huomasin, että koneestani lähti Venäjälle kymmeniä HTTPS yhteyksiä, aina kun käyn joillain Jenkkilän uutissivustoilla, esim Fox News.

Yhteysyrityksiä tehdään Yandex LLC -firman IP -osoitteisiin. Firma on ilmeisesti Venäjän vastine Googlelle ja Internet mainonnalle.

No tuon geo bloggerin asentamisen jälkeen ei tracking keksit enää aiheuta yhteydenottoja Venäjälle minun koneestani.

Ei minulla muuta tähän asiaan.

Simpauttaja
 
Käyttäjämäärät jäävät vähäiseksi.

China set to launch an 'unhackable' internet communication
As malicious hackers mount ever more sophisticated attacks, China is about to launch a new, "unhackable" communications network - at least in the sense that any attack on it would be quickly detected.

In the Jinan network, some 200 users from the military, government, finance and electricity sectors will be able to send messages safe in the knowledge that only they are reading them.
Klikkaa laajentaaksesi...
http://www.bbc.com/news/world-asia-40565722
 
Sardaukar kirjoitti:
Juu...mikähän tuossa voisi mennä vikaan....
Klikkaa laajentaaksesi...

Monet näistä ohjelmistoista on ilmaisia, joten kaikki voi tapauhtua taikka sitten meno jatkuu kuten ennen. On muuten helvetin typerää piilottaa jotakin AV ohjelmaan, sillä jos jotakin käy niin maine on mennyt.
 
In 2016, Stanford students started hacking for defense—that is, they took on real projects from National Security Agency, the Army, the Navy, the Air Force, the Army Cyber Command, the Veterans Administration, and other agencies with defense-related problems. The students actually came up with prototype solutions.

The innovative Hacking For Defense (H4D) class, which requires each student team to conduct at least 100 interviews with defense industry “clients,” caught on quickly. Today, according to Steve Blank, an instructor at Stanford and one of the creators of the curriculum, eight universities in addition to Stanford have offered or will offer a Hacking for Defense class this year: Boise State, Columbia, Georgetown, James Madison, the University of California at San Diego, the University of Pittsburgh, the University of Southern California, and the University of Southern Mississippi. The class has spun out Hacking for Diplomacy, Hacking for Energy, and other targeted classes that use the same methodology.

The snowballing effort is now poised to get a big push. This month, the U.S. House of Representatives passed an amendment originated by Rep. Dan Lipinski (D-Ill.) to support development of curriculum, best practices, and recruitment materials for the program to the tune of $15 million (a drop in the $700 billion defense budget but a big deal for a university program).
Klikkaa laajentaaksesi...
http://spectrum.ieee.org/view-from-...p-fund-university-hacking-for-defense-classes
 
For the past year or so, protesters in North Dakota, America, have been trying to prevent an oil pipeline from being built through Native Americans’ sacred land.

As a result, they’ve gone through an astonishing level of electronic surveillance while there, it is claimed.

For instance, fake cellphone towers were used to listen in on personal conversations, draining batteries in the process, leaders of the protest told the BSides security conference in Las Vegas on Tuesday. The protesters also said they saw drones shot down, and had their phone signals jammed and handhelds hacked.

The demonstrations ended in February, after folks either left or were cuffed and taken away, allowing the Dakota Access Pipeline to be built and activated by June.

“These lands were supposed to be protected by treaties,” Myron Dewey, who runs the Digital Smoke Signals website that followed events at the Standing Rock Indian Reservation, told The Register last night. “They weren’t, that’s why we call the US government forked tongues.”

The Standing Rock protests took place in a remote section of North Dakota, where an oil pipeline was being laid through tribal lands. It was feared the line would contaminate the area's drinking water.

Those who showed up to oppose the construction quickly found that electronic countermeasures were being used both overtly and covertly.

For example, a yellow helicopter spent hours flying over the protesters’ encampments, along with numerous small aircraft that the demo organizers believe were being used in a similar way to airborne cellphone tracking systems already in use by the Feds over the US.

Hijacked
Fake cellphone towers were also set up to monitor transmissions, the protesters claim. These only connected to a limited number of phones, Dewey said, and imitated the signals sent out by legitimate telcos. Unbelievably, the spy masts were able to take over and control handsets automatically over the air, it is alleged. This suggests software or firmware on the devices were compromised wirelessly – not impossible given the exploitable bugs in today's handsets.

“I had my iPhone turn on remotely and start transcribing my conversations and texting them out,” Dewey said. “This was quite obvious, and didn’t require any interaction on my part.”

Lisha Sterling, executive director of Geeks Without Bounds, shed some more light on this. When arriving at the camp she set her phone into airplane mode to preserve battery life, but found her phone was discharged within hours. She also claimed four smartphones had been pwned remotely during her time at the protests.

Protesters saw equipment from three national security agencies on site, it is claimed, as well as from private security company TigerSwan, which was also involved and is facing lawsuits for its use of physical and electronic security in the area.

Eight hundred fourteen people were arrested at the site, Dewey said, however none have since been charged. He opined that the protests were a training ground for future electronic surveillance techniques that could be used if protests break out again.
Klikkaa laajentaaksesi...
http://www.theregister.co.uk/2017/07/26/standing_rock_protester_surveillance/
 
DFjPnnhUAAEQj9F.jpg


ROFL okay then LULz
 
Chinese authorities in the province of Xinjiang are forcing locals of the Uyghur Muslim minority to install an app on their phones that will allow the government to scan their device for "terrorist propaganda," local media reports.

In reality, the app creates MD5 hashes for the user's files and matches them against a database of known terrorist content.

The app also makes copies of the user's Weibo and WeChat databases and uploads it to a government server, along with the user's IMEI, IMSI, and WiFi login information.
Klikkaa laajentaaksesi...
https://www.bleepingcomputer.com/ne...-minority-to-install-spyware-on-their-phones/
 
Windows Server admins keep making mistakes that let criminals target the OS, according to Microsoft's lead security architect for Azure management Lee Holmes, Redmond therefore wants you to harden up by using PowerShell Just Enough Administration.

“In running Just Enough Administration, the idea is that admins are your attack surface and you can't treat them as buddies anymore,” he said. “We need admins but people make mistakes. Everything they can do an attacker can do as well, if you’re worried about PowerShell attacks you have to be worried about admins.”

The key to controlling administrator accounts is reducing the time such accounts can be used, and ensuring users have only the privileges they need to do do their jobs. Such restrictions, Holmes argued, can dramatically reduce the attack surface available to hackers.

One of the most common mistakes, he said, was leaving RDP and Telnet connections exposed online. Language modes are also a big issue. NoLanguage mode is the only safe language mode he said, and hackers have proven adept at subverting constrained languages to worm their way onto systems.

Holmes rated vulnerable functions the biggest danger: tools like the Invoke-Expression cmdlet let users run scripts on a local computer. The security implications of doing so are obvious, yet many are offered privileges to use the cmdlet.

“So we’re releasing PowerShell injection hunter, which does all this automatically,” Holmes said. “This will flag everything that you might be worried about and it has integration with Visual Studio code.”
Klikkaa laajentaaksesi...
http://www.theregister.co.uk/2017/07/30/azure_boss_advises_windows_server_hardening/
 
Clarity and the ShadowBrokers are strange bedfellows.

We’re closing in on the first anniversary of the mysterious group’s initial dump of NSA hacking tools and we’re still no closer to understanding who they are, where they got their stuff, and what their true motivations are.
Klikkaa laajentaaksesi...
https://threatpost.com/shadowbrokers-remain-an-enigma/127072/

“What we’ve seen in the last year is them publishing tools and documents that undermine the U.S. government and how legitimate they are in the intelligence community,” Suiche said, pointing to the group’s tendency to jab at the NSA’s operational security its failure to protect it’s exploits, and it’s overall insider problem.

“The ShadowBrokers’ leaks were way more significant than the Snowden releases,” Suiche said. “But there was more of a story with Snowden.”

The ShadowBrokers’ first impression was an odd one given that the group’s dump of firewall attacks against older versions of Cisco, Juniper and other vendors’ gear could be had for 1 million Bitcoin or by winning an auction.

“I don’t think money is their motive,” Suiche said. “Asking for 1 million Bitcoin is not reasonable.”

The pace picked up as the ShadowBrokers began releasing more frequent blogposts, ranting against the U.S. government, the intelligence community and anyone else on Twitter who challenged them. The posts were written in admittedly broken English, and while this was eventually understood to be an intentional opsec strategy, it gave some a false sense of security that the ShadowBrokers needn’t be taken seriously. That, however, changed in April with the release of ETERNALBLUE and other Windows attacks that were eventually used to spread WannaCry and NotPetya.

Suiche said today that one of the WannaCry killswitches he registered still gets pinged on a regular basis with more than one million hits between May and July.

It became apparent too that part of the ShadowBrokers strategy was ambiguity about when and what they would release, Suiche said. That was certainly exacerbated by the plans for monthly bug leaks to paid subscribers, indicating that perhaps there isn’t a finite number of bugs at their disposal.

“People kept wondering how many files do they have,” Suice said as to the ambiguity. “We can scare them if they think we have more and more files to release. Otherwise, there is a finite capacity to scare people. Creating that fear, uncertainty and doubt is definitely part of their strategy.”

Another lingering question is whether anyone will actually subscribe to the ShadowBrokers’ monthly service. The group has at times challenged governments, intelligence agencies or even large vendors to subscribe. One individual surfaced on Twitter in June saying they had subscribed, but alleged they received only one file.

“They are following a pattern where the price keeps doubling and they keep emphasizing more files,” Suiche said, adding that it’s likely that any buyers would keep quiet. “If you do that, it could be considered that you are funding terrorism because some have compared them to a terrorist group. If people are buying bugs, they’re not mentioning it.”
Klikkaa laajentaaksesi...
 
In a discussion I recently had about covert channels someone suggested to use power line communication for data exfiltration of data from malware infected air gapped systems. In this article I look into the feasibility of this idea.
Klikkaa laajentaaksesi...
https://pushstack.wordpress.com/201...apped-systems-using-power-line-communication/

Although air gaps offer a high level of security they don’t guarantee 100% safety. Notable examples from the past are Stuxnet and the CIA’s Brutal Kangaroo.

So getting data into an air gapped system and attacking a system is in some cases viable. However getting data out of an air gapped system tends to be a problem. Data diodes physically guarantee no data can flow back. CD’s are in general destroyed after importing the data. USB thumbdrives do allow data to be written to them, but don’t offer a continuous channel.

Here enters the power line. A power cord is something every air gapped system will have. Also the power cord will, in almost all cases, leave the physically secured area in which the air gapped system is placed to connect to the main power grid.

So if malware would somehow be able to send data over the power line from a standard computer, it might be possible to receive this data outside the physically secured area.
Klikkaa laajentaaksesi...

This article shows that modern unmodified PC hardware can use load modulation to transmit data through the power line. Achievable bit rates are very limited. A simple POC was able to send data at a raw bit rate of up to 78 bits per second. Although this was only possible on one of the tested machines, in a lab situation, and with a lot of packet loss. It is expected that in practice the actual data throughput will be in the order of tens of bits per second.

This technique can be used by malware to exfiltrate information from a system protected by an air gap. In combination with a data diode or similar device this can give an attacker a bi-directional data channel.

In combination with network connected power management devices that can measure power usage, this attack can in theory be executed remotely. In other situations physical access to the power line will be required. Although access to the power line outside of a physically secure room might be sufficient.

Although this article shows a covert channel can be created, its practical use for attackers will be very limited. Therefore defending against this attack is probably only of interest if defending against state sponsored attackers, especially in the cases where physical access is required.
Klikkaa laajentaaksesi...

Toisin sanoin hyökkäys voimalinjoja pitkin on mahdollinen äärimmäisissä tapauksissa. Metodi on kuitenkin aivan liian hidas nopeaan sodankäyntiin.
 
  • Tykkää
Reactions: ctg
Physical Access Group on ryhmä kentällä toimivia cyberoperaattoreita. Ja suurin pointti tässä tarinassa, sillä vuosia penetration testauksen yhteydessä tämä on ollut se suurin kysymys: onko heitä olemassa? Vastaus on, mutta tähän menessä yksikään ei ole päässyt uutisotsikoihin. En usko että suurin osa jengistä edes tiedostaa tätä vaaraa.

Today, August 3rd 2017 WikiLeaks publishes documents from the Dumbo project of the CIA. Dumbo is a capability to suspend processes utilizing webcams and corrupt any video recordings that could compromise a PAG deployment. The PAG (Physical Access Group) is a special branch within the CCI (Center for Cyber Intelligence); its task is to gain and exploit physical access to target computers in CIA field operations.

Dumbo can identify, control and manipulate monitoring and detection systems on a target computer running the Microsoft Windows operating sytem. It identifies installed devices like webcams and microphones, either locally or connected by wireless (Bluetooth, WiFi) or wired networks. All processes related to the detected devices (usually recording, monitoring or detection of video/audio/network streams) are also identified and can be stopped by the operator. By deleting or manipulating recordings the operator is aided in creating fake or destroying actual evidence of the intrusion operation.

Dumbo is run by the field agent directly from an USB stick; it requires administrator privileges to perform its task. It supports 32bit Windows XP, Windows Vista, and newer versions of Windows operating system. 64bit Windows XP, or Windows versions prior to XP are not supported.
Klikkaa laajentaaksesi...
https://wikileaks.org/vault7/#Dumbo
 
ctg kirjoitti:
Physical Access Group on ryhmä kentällä toimivia cyberoperaattoreita. Ja suurin pointti tässä tarinassa, sillä vuosia penetration testauksen yhteydessä tämä on ollut se suurin kysymys: onko heitä olemassa? Vastaus on, mutta tähän menessä yksikään ei ole päässyt uutisotsikoihin. En usko että suurin osa jengistä edes tiedostaa tätä vaaraa.

https://wikileaks.org/vault7/#Dumbo
Klikkaa laajentaaksesi...
Nyt kun olemassaolo on paljastettu, niin se suurin ja paras suojaverho katosi. Tiedostaminen aiheuttaa varautumisen.
 
  • Tykkää
Reactions: ctg
Sinun täytyy kirjautua vastataksesi.
Back
Top