Hacks and Incidents

Canadian man is the first arrested for Heartbleed

Canadian man is the first arrested for Heartbleed: The Royal Canadian Mounted Police announced today that a 19-year-old man has been arrested for allegedly taking advantage of the Heartbleed bug to steal tax information from a government website. He is believed to have compromised some 900 social insurance numbers Canada’s equivalent of Social Security numbers.This marks the first arrest related to the Heartbleed bug, which was discovered earlier this month, but it probably won’t be the last. The bug is thought to have left up to two-thirds of the Internet vulnerable to attack — while many companies have rushed to update their OpenSSL implementation, many websites, Android smartphones, and Wi-Fi routers are still vulnerable.The Canadian government previously warned its citizens to avoid electronic filing systems after the bug’s revelation. The United States Department of Homeland Security issued its own warning shortly after — a slightly disingenuous warning given the possibility that the National Security Agency knew about and exploited the bug for at least two years, according to one report which the NSA refutes.It’s unclear what this first attack — or at least the first attack that we know about — means for Internet security when so many systems are still affected by Heartbleed. Some have said that the equipment needed to perform damaging attacks would be out of most hackers’ reach; but if they do have that equipment, there’s nothing most consumers can do to protect their data.

Hacks and Incidents

60,000 Personal Credentials Leaked From Syrian Sites

60,000 Personal Credentials Leaked From Syrian Sites: Today a hacker from the European Cyber Army going by the handle @Zer0Pwn has announced a leak of data from two syrian based websites job.sy, realestate.sy.

The leak which is titled “ECA vs. Assad | Part 1″ was posted to pastebin with a preview of some of the users data and a link to sendspace. The attack is apart of a bigger operation that is going on towards what the hackers are claim are pro-assad targets.

The data leak has resulted in over 60,000 Accounts being dumped online and between the two databases are users credentials which have encrypted passwords for job.sy but plaintext for realestate.sy. Both databases have full user details such as full names, contact phone numbers and home addresses. On the march 30th career-sy.com appears to of been breached and posted to pastebin as well with 3 administrator credentials as well as the vuln entry point and link for the control panel login which is located on the job.sy server which career-sy.com redirects to now.

Some attacks by other ECA members have been carried out and posted to twitter by @ECA_Legion with data being leaked from syrianmonster.com, a syrian hosting website, ddos attacks on sites like syria-courts.com, sana.sy and moj.gov.sy. banquecentrale.gov.sy. The leak of data from the realestate.sy database appears to have plaintext passwords to accounts linked to www.scs-net.org which is one of the job.sy official partners to making all three sites linked together or even owned and operated by the same people possibly.

Hacks and Incidents

US blasts Europe’s plan for anti-snooping network as ‘unfair advantage’

US blasts Europe’s plan for anti-snooping network as ‘unfair advantage’: US officials on Friday slammed plans to construct an EU-centric communication system, designed to prevent emails and phone calls from being swept up by the NSA, warning that such a move is a violation of trade laws.

Calling Europe’s proposal to build its own integrated communication system “draconian,” the office of the US Trade Representative (USTR) said American tech companies, which are worth an estimated $8 trillion per year, would take a financial hit if Brussels gives the initiative the green light.

“Recent proposals from countries within the European Union to create a Europe-only electronic network (dubbed a ‘Schengen cloud’ by advocates) or to create national-only electronic networks could potentially lead to effective exclusion or discrimination against foreign service suppliers that are directly offering network services, or dependent on them,” the USTR said in its annual report.

In the aftermath of Edward Snowden’s whistleblowing activities at the National Security Agency, which proved that much of the world’s telecommunication meta-data is being stored away in the United States, European countries – notably Germany and France – are desperate to get a handle on their own networks without relying on a meddlesome middleman.

Germany’s outrage over the revelations hit full stride last month when Der Spiegel, the popular daily newspaper, asked if it is “time for the country to open a formal espionage investigation” following yet more disclosures that Britain’s GCHQ infiltrated German internet companies and the NSA collected information about (German Chancellor Angela) “Merkel in a special database.”

Hacks and Incidents

States probing massive data breach of Social Security numbers

States probing massive data breach of Social Security numbers: In what could be one of the biggest data breaches in history, the federal government and authorities in several states are investigating the criminal sale of Social Security numbers, bank account data and other personal information for up to 200 million U.S. citizens.

The investigations stem from the case of Hieu Minh Ngo, a Vietnamese man who pleaded guilty last month in New Hampshire federal court to selling the data to more than 1,300 of his customers, according to a court transcript.

The breach is the latest demonstration of the growing vulnerability of personal information in the digital age, and is particularly troubling because of the involvement of Social Security numbers.

Hacks and Incidents

Website of Kuwait’s Ministry of Interior Hacked and Defaced

Website of Kuwait’s Ministry of Interior Hacked and Defaced: The official website of Kuwait’s Ministry of Interior (moi.gov.kw) was hacked and defaced last week by a couple of hacktivists using the online monikers Shmook Amer and Dr.Hjd.

The attack on the Ministry of Interior’s website comes around two months after officials of Western and Arab states met in Kuwait for the Second International Humanitarian Pledging Conference for Syria.

Kuwait’s emir, Sheikh Sabah al-Ahmad al-Sabah, has promised $500 million (€363,000) to help the Syrians affected by the civil war that has been taking place in their country for the last three years.

In the message posted on the defaced website of the Ministry of Interior, the hackers apologized for the intrusion and urged Kuwaiti officials to do more to put an end to the current situation in Syria.

They’ve urged Middle Eastern countries to join forces and launch military action to address the Syrian crisis, HackRead reports.

“We need actions because they are louder than words,” the hackers wrote in Arabic on the defaced website.

At the time of writing, the website has been restored. However, mirrors of the defacement are available on zone-h.org and via Google’s cache.

As far as cyber security is concerned, apparently, Kuwait is far from having a secure cyberspace. After all, if the Ministry of Interior’s website can be easily hacked, other government websites are probably just as vulnerable.

Back in September-October 2013, the United States International Trade Administration sent a delegation of 13 US companies that specialize in cyber security and critical infrastructure protection to Saudi Arabia and Kuwait to offer products, technologies and services to public and private entities in the safety and security industries.

Hacks and Incidents

Researcher lights fire under Tesla security

Researcher lights fire under Tesla security: A security researcher is calling on Tesla to introduce two-factor authentication for access to the combination of services that make its Tesla S model one of the most “Internet of Things” vehicles in the world today.

As noted by Threatpost, researcher Nitesh Dhanjani has found that the combination of a mere six-character password used by Tesla S owners to register with the site, plus poor access control and re-use of the password on the iPhone app represent a serious security issue.

As Dhanjani posts, Tesla doesn’t limit the number of login attempts a user can make. This makes the six-character password trivial to brute-force, he writes: “a malicious entity can attempt to brute-force the account and gain access to the iPhone functionality”.

Should an attacker gain access to a user’s credentials, he writes, the Tesla REST API then lets the attacker locate the vehicle, since once logged in, the session token can be used to submit a GET request to obtain vehicle ID, followed by a second request to that ID to retrieve latitude and longitude from the car.

“Once the phisher has obtained the location of the vehicles mapped to the compromised accounts he or she can unlock a particular vehicle or a set of vehicles (buy invoking the following in a loop): GET request to /vehicles/{id}/command/door_unlock,” Dhanjani writes.

This could be deployed by Botnet herders to launch mass attacks, he continues, concluding that “we know we can’t attempt to secure our vehicles the way we have attempted to secure our workstations at home in the past by relying on static passwords and trusted networks”.

Hacks and Incidents

How to Stop Web Sites from Potentially Listening to Your Microphone

How to Stop Web Sites from Potentially Listening to Your Microphone: Heres the lowdown. Once you give a site permission to use your microphone or camera, Chrome assumes that site will have permission to do so in the future. That means every instance of that site, every page on that site, also has access to your camera and microphone, meaning a sketchy site owner could throw up a pop-under window in the background thats listening in to everything you say, or worse, listening and set to trigger some action like recording when you say specific words or phrases.

PAter reported it to Google back in September. For their part, Google doesnt see it as a problem, and says its in compliance with W3C the World Wide Web Consortium standards. Google does have a point: In order for the issue to be a real threat, not only do you have to visit a site that would want to record your speech, youd have to grant it access to your microphone, and then youd have to not notice a pop-under window from that site lingering in the background. Plus, youd also have to not notice the visual cue a red dot in the omnibar that indicates the microphone is active. Even so, Googles engineers did respond to Aters report, did come up with a fix that addressed the issue, but—and this is the confusing part— didnt push that fix to end-users.

Hacks and Incidents

Drugmakers urge FDA security audit after cyber breach

Drugmakers urge FDA security audit after cyber breach: BOSTON (Reuters) – The U.S. Food and Drug Administration is under pressure from the pharmaceutical industry and lawmakers to undergo an independent security audit, after hackers broke into a computer system used by healthcare companies to submit information to the agency.

Drug companies fear the cyber thieves may have accessed corporate secrets that are on file with the agency, such as data about drug manufacturing, clinical trials, marketing plans and other proprietary information.

While some lawmakers charge that the hackers breached the FDA’s gateway, compromising confidential business data, the agency argues that the access was limited.

The breach came to light last month when the FDA sent letters to users of an online system at the Center for Biologics Evaluation and Research. The letters said the breach was detected by the FDA on October 15 and that it resulted in the theft of usernames, phone numbers, email addresses and passwords.

The U.S. House of Representatives Energy and Commerce Committee launched an investigation, and last week four senior Republican members of that committee sent a letter to FDA Commissioner Margaret Hamburg asking her to immediately launch a third-party audit that would “assess and ensure the adequacy of FDA’s corrective actions” following the breach.

Washington-based pharmaceutical industry trade group PhRMA said on Tuesday that it supported the committee’s request for an independent audit.

“It is the legal obligation of the Food and Drug Administration to protect companies’ trade secrets and confidential commercial information,” PhRMA Vice President Sascha Haverfield said in a statement. The group’s members include Amgen Inc, Daiichi Sankyo, GlaxoSmithKline, Johnson & Johnson, Merck & Co and Novartis AG.

The FDA’s breach notification letter, which was published in pharmaceutical trade publications, referred to the compromised system as an “online submission system” at the Center for Biologics Evaluation and Research.

That alarmed drugmakers, which provide the FDA with highly sensitive data – which would be priceless to a competitor – when they submit applications seeking approval for new drugs, biologics and medical devices.

In their letter to the FDA, the Energy and Commerce Committee members charged that the attackers had breached the “FDA’s gateway system,” compromising confidential business information along with sensitive data about patients enrolled in clinical trials.

FDA spokeswoman Jennifer Rodriguez said that was wrong.

“The system that was attacked maintains account information for the Biologic Product Deviation Reporting System, the Electronic Blood Establishment Registration System and the Human Cell and Tissue Establishment Registration System,” she said.

“This system is not used to submit any applications. It is not the electronic gateway that was breached,” she added.

She also said that the agency was not aware of any attempts to use stolen information for “criminal or other inappropriate purposes.”

Rodriguez declined to comment on the requests for an outside audit or say whether the breach had affected more than the 14,000 accounts disclosed to date.

Tracy Cooley, a spokeswoman for the Biotechnology Industry Organization, another healthcare industry trade group, said her organization also had concerns about the breach.

“We support Congress investigating this situation,” she said.

Hacks and Incidents

Apple approves homosexual meetup app for users as young as 12

Apple approves homosexual meetup app for users as young as 12: CUPERTINO, CA, December 16, 2013 (LifeSiteNews.com) – “If you’re gay and new to an area, how do you find out where gay people hang out?”  That, according to the creators of a newly-approved app for Apple’s iOS-based phones and tablets, is the “overly simplistic description” of the “problem” they sought to solve with Distinc.tt – billed as “the only gay social app approved by the iTunes store for 12-year-olds and older.”

Describing itself as “Grindr meets Foursquare,” Distinc.tt tracks users’ locations via GPS and lets them search for other users who share their interests and may be near enough for a face-to-face meeting at a restaurant or other venue.  While previous homosexual dating apps like Grindr and Manhunt have been exclusively 18+ due to their focus on facilitating anonymous sexual encounters, Distinc.tt managed to win approval for users 12 and up by advertising itself as the “LGBT app that you can bring home to Mom.”

The app was intended to facilitate dating for people who are already out and about, but one commenter on a gay website warned that those who fail to disable the default tracking settings will constantly broadcast their location to other users even when they are at home.  That may concern parents of children who download the app, as predators could use the information to find vulnerable targets.

While the app is also available for Google’s Android operating system, that company has limited its availability to users 18 and older.

Only Apple has approved Distinc.tt for use by minor children.

Hacks and Incidents

The NSA Uses Google Cookies For Hacking

The NSA Uses Google Cookies For Hacking: The National Security Agency is using the tracking data intended for Google’s advertisers to locate its targets.
According to the Washington Post’s new analysis of an internal presentation Edward Snowden leaked earlier in the year, the NSA has been using the numeric identifiers in Google’s “PREF” cookies for hacking.

A cookie is a small piece of data sent from a website that is stored in a user’s browser. In addition to customizing browsing experiences on some sites, advertisers use them to target ads for specific audiences.

Google’s PREF cookie, short for “preferences,” contains information related to the user’s location and language.

The NSA, as well as its British counterpart GCHQ, used the numeric identifiers contained within these cookies to pinpoint their intended targets’ communications in a sea of data. The tactic is not used to determine possible people of interest, but is similar to placing a laser beam on the target of a missile strike.

The strike in this case refers to sending software to a computer in order to hack it and gain access to information.

In addition, the NSA has accessed information collected from mobile apps.