JPMorgan Chase admits network hack; 465,000 card users' data stolen

The banking giant suffered a network breach this year that resulted in a large data breach — though, funds or critical personal information are not thought to have been stolen.

JPMorgan Chase has warned some 465,000 prepaid cash card customers that their personal information may be at risk after unknown hackers attacked its network earlier this year.

First reported by Reuters, nearly half-a-million cards were issued for companies and businesses to pay employees and for the federal government to issue tax refunds and other welfare benefits. 

The banking giant said on Wednesday its online UCard portal had suffered a breach in mid-September, which allowed an unknown number of hackers to access vast amounts of customer prepaid cash card data.

The issue was subsequently fixed and the breach reported to the FBI and Secret Service. No funds are thought to have been stolen.

It's not yet clear how hackers were able to breach the bank's network, or what information was specifically taken. But the concern is that though card data is encrypted, personal data may have been stored in plain text files.

Social security data and birth dates are not understood to have been taken, but a "small amount" of other data may have been. The bank did not elaborate.

In a statement published by the Louisiana Commissioner of Administration Kristy Nichols, as one of the states requiring banks to notify customers of a data loss or breach: "The data exposure affects only cardholders who registered their cards on the JPMorgan UCard Center website and, between July and September 2013, performed certain actions online.

She added the government will "hold JP Morgan Chase responsible" to ensure state citizen data is protected.

The total number of those affected account for about 2 percent of its roughly 25 million UCard users.

Read More

NSA tracking cellphone locations worldwide, Snowden documents show

The National Security Agency is gathering nearly 5 billion records a day on the whereabouts of cellphones around the world, according to top-secret documents and interviews with U.S. intelligence officials, enabling the agency to track the movements of individuals — and map their relationships — in ways that would have been previously unimaginable.

The records feed a vast database that stores information about the locations of at least hundreds of millions of devices, according to the officials and the documents, which were provided by former NSA contractor Edward Snowden. New projects created to analyze that data have provided the intelligence community with what amounts to a mass surveillance tool.
The NSA does not target Americans’ location data by design, but the agency acquires a substantial amount of information on the whereabouts of domestic cellphones “incidentally,” a legal term that connotes a foreseeable but not deliberate result.

One senior collection manager, speaking on the condition of anonymity but with permission from the NSA, said “we are getting vast volumes” of location data from around the world by tapping into the cables that connect mobile networks globally and that serve U.S. cellphones as well as foreign ones. Additionally, data are often collected from the tens of millions of Americans who travel abroad with their cellphones every year.

In scale, scope and potential impact on privacy, the efforts to collect and analyze location data may be unsurpassed among the NSA surveillance programs that have been disclosed since June. Analysts can find cellphones anywhere in the world, retrace their movements and expose hidden relationships among the people using them.

(Graphic: How the NSA is tracking people right now)

U.S. officials said the programs that collect and analyze location data are lawful and intended strictly to develop intelligence about foreign targets.

Robert Litt, general counsel for the Office of the Director of National Intelligence, which oversees the NSA, said “there is no element of the intelligence community that under any authority is intentionally collecting bulk cellphone location information about cellphones in the United States.”

The NSA has no reason to suspect that the movements of the overwhelming majority of cellphone users would be relevant to national security. Rather, it collects locations in bulk because its most powerful analytic tools — known collectively as CO-TRAVELER — allow it to look for unknown associates of known intelligence targets by tracking people whose movements intersect.

Still, location data, especially when aggregated over time, are widely regarded among privacy advocates as uniquely sensitive. Sophisticated mathematical tech­niques enable NSA analysts to map cellphone owners’ relationships by correlating their patterns of movement over time with thousands or millions of other phone users who cross their paths. Cellphones broadcast their locations even when they are not being used to place a call or send a text message.

Read More

Mass hack affects almost 2 million Internet accounts

Hackers stole almost 1.6 million login credentials and 320,000 e-mail credentials.

Almost 2 million accounts on Facebook, Google, Twitter, Yahoo and other social media and Internet sites have been breached, according to a Chicago-based cybersecurity firm.

The hackers stole 1.58 million website login credentials and 320,000 e-mail account credentials, among other items, the firm Trustwave reported. Included in the breaches were thefts of 318,121 passwords from Facebook, 59,549 from Yahoo, 54,437 from Google, 21,708 from Twitter and 8,490 from LinkedIn. The list also includes 7,978 from ADP, the payroll service provider. According to a Trustwave blog, "Payroll services accounts could actually have direct financial repercussions."

The hacking began Oct. 21 and might still be taking place, according to CNN.

John Miller, a security research manager at Trustwave, told CNN, "We don't have evidence they logged into these accounts, but they probably did."

There are several other servers Trustwave has not yet tracked down, Miller told CNN.

ADP, Facebook, LinkedIn and Twitter told CNN they have notified users and reset passwords for compromised accounts. Google declined to comment and Yahoo did not respond immediately, CNN reported.

The majority of passwords were from the Netherlands, followed by Thailand, Germany, Singapore, Indonesia and the United States, which accounted for 859 reports from machines and 1,943 passwords, according to Trustwave. In all, just over 100 countries were affected, and Trustwave said this shows the attack is "fairly global."

In compiling the data, Trustwave also discovered that many users are doing just what computer specialists advise against – using simplistic passwords that can easily be guessed. For instance, the top five passwords Trustwave found in researching the breaches were: 123456, 123456789, 1234, password and 12345.

According to its website, Trustwave helps businesses fight computer crime, protect data and reduce security risks.

The breaches operated through software maliciously installed on computers around the world, CNN reports Trustwave said. The virus borne from the software has been sending the stolen information over to a server in the Netherlands controlled by the hackers, according to CNN.

Trustwave researchers on Nov. 24 detected the server and found compromised credentials for about 100,000 websites.

Read More

Logins stolen from Facebook, Google, ADP payroll processor

Attackers are using the 'Pony' botnet command-and-control server software

Two million logins and passwords from services such as Facebook, Google and Twitter have been found on a Netherlands-based server, part of a large botnet using controller software nicknamed "Pony."

Another company whose users' login credentials showed up on the server was ADP, which specializes in payroll and human resources software, wrote Daniel Chechik, a security researcher with Trustwave's SpiderLabs.

It's expected that cybercriminals will go after main online services, but "payroll services accounts could actually have direct financial repercussions," he wrote.

ADP moved $1.4 trillion in fiscal 2013 within the U.S., paying one in six workers in the country, according to its website.

Facebook had the most stolen credentials, at 318,121, followed by Yahoo at 59,549 and Google at 54,437. Other companies whose login credentials showed up on the command-and-control server included LinkedIn and two Russian social networking services, VKontakte and Odnoklassniki. The botnet also stole thousands of FTP, remote desktop and secure shell account details.

It wasn't clear what kind of malware infected victims' computers and sent the information to the command-and-control server.

Trustwave found the credentials after gaining access to an administrator control panel for the botnet. The source code for the control panel software, called "Pony," was leaked at some point, Chechik wrote.

The server storing the credentials received the information from a single IP address in the Netherlands, which suggests the attackers are using a gateway or reverse proxy in between infected computers and the command-and-control server, he wrote.

"This technique of using a reverse proxy is commonly used by attackers in order to prevent the command-and-control server from being discovered and shut down -- outgoing traffic from an infected machine only shows a connection to the proxy server, which is easily replaceable in case it is taken down," Chechik wrote.

Information on the server indicated the captured login credentials may have come from as many as 102 countries, "indicating that the attack is fairly global," he wrote.

Read More

Prototype Malware Spreads Via Audio Signals: 

The digital world has its fair share of benefits, but do be aware that there are also dangers and pitfalls to look out for as well. Computer viruses as well as malware have evolved over the years, that even the mobile platform is not spared. Well, researchers have come up with another way that would certainly prove to be a headache for network administrators everywhere – through the creation of a proof-of-concept software which will be able to spread from one machine to another using audio signals via integrated speakers and microphones. This would certainly put a dent to the notion that computers that remain isolated from a network cannot be infected by malware. I guess with this research, it would mean the reliability of the “air gap” is no longer a surefire security measure used to ensure that sensitive information remains well protected. Inaudible audio signals were transmitted in small amounts of data over covert channels, with distances touching 65 feet even. So much for a missing Internet connection being enough of a deterrent against malware. The researchers behind this proof-of-concept did warn that attackers could arm the malware with keyloggers so that sensitive information can be recorded. They shared, “The concept of a covert acoustical mesh network renders many conventional security concepts useless, as acoustical communications are usually not considered.” Now what, an isolated computer to be placed in a sound-proof room? : 

Read More

UK man accused of hacking US government computers

A British man has been arrested and charged with hacking into computer systems of the US army, Nasa, the Environmental Protection Agency and other agencies at a cost of millions of dollars to the federal government. 

Lauri Love, 28, of Stradishall, England, and his partners stole information about government employees, including military service members, since at least October 2012 by hacking into government networks and leaving behind "back doors" through which they could return to get data, a grand jury in Newark said in an indictment. 

British authorities said on Monday that Love was also charged under a UK law that allows people to be arrested for starting attacks from the UK on computers anywhere in the world. He has been released on bail until February. Attempts to reach Love for comment on Monday weren't immediately successful. 

The US government said the purpose of the attacks was "to disrupt the operations and infrastructure" of the federal government. The New Jersey indictment does not accuse Love of selling information or doing anything else with it for financial gain. 

Love was arrested on Friday at his home about 70 miles (112 kilometers) north of London. 

He's accused of working with two co-conspirators in Australia and one in Sweden, none of whom have been charged. Their names were not disclosed in the court filing that was made public on Monday. 

The indictment includes pieces of instant message conversations that Love allegedly had with his partners. 

In one, he seems to brag about infiltrating Nasa networks: "ahaha, we owning lots of nasa sites," he said, according to the government. In another exchange, he marvels at the information the group has accessed, writing "this ... stuff is really sensitive," according to prosecutors. 

Love was charged in New Jersey because he allegedly used a server in the township of Parsippany. He also faces federal charges in Virginia for other alleged intrusions.

Read More

Backdoor in D-link router allows attackers full access

D-Link has patched a backdoor present in a number of its routers that was publicized almost two months ago and could allow an attacker to remotely access the administrative panel on the hardware, run code and make any number of changes.

The Thanksgiving patch parade addressed the issue in a number of affected routers, most of them older versions that are still in circulation and largely untouched by consumers in particular.

Customer premise equipment such as wireless routers, modems and other set-top devices pose a real security issue because patches require a firmware update that are often ignored. There’s plenty of research too that examines the risks posed not only by buggy routers, but by other home and small business networking equipment.

Using available tools and online search engines such as Shodan, attackers can easily find Internet-facing equipment that’s vulnerable, and target those boxes with any number of exploits or scripts focusing on weak or default credentials, giving someone remote access to the gear.

The D-Link issue is much more serious given the access it could afford a remote attacker. Researcher Craig Heffner reported finding the vulnerability in October; he said that an attacker using a certain string “xmlset_roodkcableoj28840ybtide” could access the Web interface of a number of different D-Link routers without credentials.

D-Link routers DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+ and TM-G5240, along with Planex routers BRL-04R, BRL-04UR and BRL-04CW also use the same firmware, Heffner said. The firmware revisions issued last Thursday are for DI-524, DI-524UP, DIR 100 and DIR-120 routers, D-Link said in its advisory.

“Various D-Link routers allow administrative web actions if the HTTP request contains a specific User-Agent string,” the company’s original advisory said. “This backdoor allows an attacker to bypass password authentication and access the router’s administrative web interface.”

Backdoors in hardware such as networking gear are generally for remote administration purposes. Researcher Travis Goodspeed told Heffner that this backdoor is used by a particular binary in the firmware enables an administrator to use this particular string to automatically reconfigure the device’s settings.

“My guess is that the developers realized that some programs/services needed to be able to change the device’s settings automatically; realizing that the web server already had all the code to change these settings, they decided to just send requests to the web server whenever they needed to change something,” Heffner wrote. “The only problem was that the web server required a username and password, which the end user could change.”

Read More

Vulnerability in Android 4.3 allow to remove Device lock

There is a vulnerability in Android 4.3 Jelly Bean that enables a malicious app to disable all of the security locks on a given device, leaving it open to further attacks. Jelly Bean is the most widely deployed version of Android right now.

The vulnerability in Android exists in the way that the operating system handles the flow of events when a user wants to change one of the security locks on a device. There are several different kinds of security locks on Android devices, including PIN codes, facial recognition and gesture locks. When a user wants to change one of these locks, he is asked to enter one of the other ones in order to confirm his control of the device. The vulnerability in Jelly Bean, discovered by researchers at Curesec in Germany, allows a malicious app to skip this step and disable the other security locks.

“The bug exists on the ‘com.android.settings.ChooseLockGeneric class’. This class is used to allow the user to modify the type of lock mechanism the device should have. Android implements several locks, like pin, password, gesture and even face recognition to lock and unlock a device. Before a user can change these settings, the device asks the user for confirmation of the previous lock (e.x. If a user wants to change the pin or remove it it has to first enter the previous pin),” the advisory from Curesec says.

If a malicious app is installed on a vulnerable device, it could control the code flow that determines whether Android enables the mechanism that requires a security code in order to change one of the other security locks. A Google representative said the problem was fixed in Android Kit Kat 4.4.

“We can control the flow to reach the updatePreferencesOrFinish() method and see that IF we provide a Password Type the flow continues to updateUnlockMethodAndFinish(). Above we can see that IF the password is of type PASSWORD_QUALITY_UNSPECIFIED the code that gets executed and effectively unblocks the device. As a result any [rogue] app can at any time remove all existing locks,” the advisory says.

The researchers at Curesec said that they reported the vulnerability to the Android security team at Google on Oct. 11, received a reply the next day and then didn’t get any further feedback from Google after that. The advisory includes a short bit of proof-of-concept code which the researchers say could be used by an installed malicious app. In the comments of their blog post on the bug, the researchers explained that the permissions model in Android can be bypassed with this bug.

“The commandline shown is just a simple PoC so the problem is understood by anyone without needing to write his own application to test it. For executing actions in Android your application needs the exact permission to do this.
For instance an app wants to read SMS or use the Internet, there is a Permission for that. However due the bug you do not need any permission to remove all device locks,” the researchers said.

Read More

State Bank of Patiala hacked and defaced by Pakistani Hacker

A Pakistani hacker with the online handle " Kai-H4xOrR" from PAKISTAN HAXORS CREW(PHC), has hacked into the State Bank of Patiala(SBP) sub-domain and managed to deface the website.

In the defacement page, hacker stated that the security breach is payback "For Hacking Sui Gas Site".

"And Dont mess with Pakistan else you will lose both your Name and this Game   Backoff Lamers from our cyber space. Everybody Knows whose cyber space is more vulnerable" The defacement message reads.

"You will hack 1, we will hack thousands" hacker sent a warning message to Indian Hackers who deface Pakistani websites.   

The hacker has uploaded his defacement here: "https://hindi.sbp.co.in/index.html".  The main page and other pages are not affected by this defacement.  At the time of writing, the website still displays the defacement.

Read More

Neverquest Trojan: Built to Steal from Hundreds of Banks

Neverquest is a new banking trojan that spreads itself via social media, email and file transfer protocols. It possesses the capacity to recognize hundreds of online banking and other financial sites. When an infected user attempts to login to one of the sites the trojan reacts by activating itself and pilfering its victim’s credentials.

Neverquest then relays the stolen credentials back to a command and control server. Once there, the attackers can use the credentials to log into affected accounts via virtual network computing (VNC). VNC is essentially a shared desktop system, so the criminals basically use the victim’s computer to log into the victim’s online bank and perform the theft. It makes it quite impossible for the bank to distinguish legitimate users from criminals.

Kaspersky Lab announced earlier this week that the trojan has infected thousands of user-machines but – as malware expert Sergey Golovanov explains – it has the potential to do much more damage throughout the holiday season because of its efficient and versatile self-replication features. In fact, back in 2009, the Bredolab malware used the same methods of distribution that Neverquest is currently using. Bredolab would eventually become the third most widely distributed piece of malware on the Internet.

“When a user on an infected machine visits one of the sites on the list, the malware controls the browser’s connection with the server,” Golovanov explained in an analysis on Securelist. “Malicious users can obtain usernames and passwords entered by the user, and modify webpage content. All of the data entered by the user will be entered onto the modified webpage and transmitted to malicious users.”

Once the attacker has control of a victim’s account, he can empty it completely into an account under his control. In many cases, however, Golovanov notes that the attackers are moving the stolen money through a series of victim accounts. In this way, they dump money from one victim’s account into another and repeat this process several times before directly obtaining the money themselves in order to make their activities difficult to trace.

Neverquest is for sale on at least one underground forum. It only seems to affect users browsing with Internet Explorer and Mozilla Firefox, but Neverquest’s creators boast that it can be modified to attack “any bank in any country.”

The malware also contains a feature that searches for specific banking-related keywords while the infected user surfs the web. If a user visits a site that includes these keywords, the trojan activates itself and begins intercepting user communications and sending them back to the attackers. If the site the victim is visiting ends up being a bank, the attackers add this new site to the list of sites that automatically trigger Neverquest. This update is then sent along through Neverquest’s command and control infrastructure to all other infected machines.

Fidelity.com, the website of one of the world’s largest mutual fund investment firms, appears to be one of the trojan’s top targets according to the report.

“Its website offers clients a long list of ways to manage their finances online,” Golovanov wrote on Securelist. “This gives malicious users the chance to not only transfer cash funds to their own accounts, but also to play the stock market, using the accounts and the money of Neverquest victims.”

Neverquest is also designed to start harvesting data when an infected user visits any number of sites not related to finance, including Google, Yahoo, Amazon AWS, Facebook, Twitter, Skype and many more.

“The weeks prior to the Christmas and New Year holidays are traditionally a period of high malicious user activity,” Golovanov wrote. “As early as November, Kaspersky Lab noted instances where posts were made in hacker forums about buying and selling databases to access bank accounts and other documents used to open and manage the accounts to which stolen funds are sent. We can expect to see mass Neverquest attacks towards the end of the year, which could ultimately lead to more users becoming the victims of online cash theft.”

He continues:

“Protection against threats such as Neverquest requires more than just standard antivirus; users need a dedicated solution that secures transactions. In particular, the solution must be able to control a running browser process and prevent any manipulation by other applications.” 
Luckily, Kaspersky Lab has such technology called Safe Money. As a part of Kaspersky Internet Security and Kaspersky PURE, it protects user’s interactiona with financial sites, paying specific attention to the security of the encrypted connection and the absence of third-party control over web browsers.

Read More

New Linux worm targets routers, cameras,  “Internet of things” devices

Researchers have discovered a Linux worm capable of infecting a wide range of home routers, set-top boxes, security cameras, and other consumer devices that are increasingly equipped with an Internet connection.

Linux.Darlloz, as the worm has been dubbed, is now classified as a low-level threat, partly because its current version targets only devices that run on CPUs made by Intel, Symantec researcher Kaoru Hayashi wrote in a blog post published Wednesday. But with a minor modification, the malware could begin using variants that incorporate already available executable and linkable format (ELF) files that infect a much wider range of "Internet-of-things" devices, including those that run chips made by ARM and those that use the PPC, MIPS, and MIPSEL architectures.

"Upon execution, the worm generates IP addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability," Hayashi explained. "If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target. Currently, the worm seems to infect only Intel x86 systems, because the downloaded URL in the exploit code is hard-coded to the ELF binary for Intel architectures."

The researcher went on to say the attacker behind the Intel version is also hosting ELF files that exploit the other chip architectures.

The “e_machine” value in ELF header indicates that the worm is for ARM architecture.

Symantec

Out of date

While not posing much of a real-world threat now, Darlloz demonstrates a major shortcoming with most Internet-of-things devices available today—they typically run Linux or other types of open source code that are woefully out of date. Making matters worse, many Internet-connected consumer devices can't be updated because their lightweight hardware can't handle the requirements of newer code versions. Hijacking one of these devices thus becomes much easier than exploiting, say, an up-to-date version of Windows, OS X, or Linux.

Darlloz exploits a vulnerability in the PHP scripting language that was patched 18 months ago. Devices that use older versions of PHP to provide a Web-based interface to make configuration changes may be vulnerable to the attack. With minor modifications, the worm could potentially be reprogrammed to exploit dozens of patched vulnerabilities that still haven't made their way into most consumer devices.

Readers who want to tighten the security of their routers and other devices should consider doing research ahead of purchases and buying only gear that can be updated easily. For existing devices, update to the latest available version, change default passwords, and block incoming POST requests and other types of HTTP calls if at all possible.

Read More

Turkish Hackers Hacks official Vodafone Iceland website, leaks 77,000 accounts and SMS logs

Famous Turkish hacker going with the handle of @AgentCorporatio from Turkish Agent Hacker Group has hacked and defaced the official website of telecom giant Vodafone Iceland. As a result of hack, the hacker has leaked around 77k user accounts with customers SMS logs.

The hacker who contacted me on Twitter explained that reason for targeting Vodafone was to mark his protest against USA and Israel. He also left a deface page and a message on hacked site, explained in following words:

• Agent Hacker Group! Turkish hackers says: nsa, mola vakti. Vidafone.is full download, full users account, + vodafone… to be continued.

After analyzing the leaked data I have found it legit and loaded with Vodafone customer’s user details in XLS file such as names, emails, addresses, SMS logs, and phone numbers. Other then the user data, the leak contains database, client details, tender details, accounts and financial details, franchise location maps and business markups.

A screenshot of leaked Vodafone customers SMS logs is available below: 

Read More

Hackers exploit Ruby on Rails vulnerability to compromise servers, create botnet

Hackers are actively exploiting a critical vulnerability in the Ruby on Rails Web application development framework in order to compromise Web servers and create a botnet.

The Ruby on Rails development team released a security patch for the vulnerability, which is known as CVE-2013-0156, back in January. However, some server administrators haven't yet updated their Rails installations.

Ruby on Rails is a popular framework for developing Web applications based on the Ruby programming language and is used by websites including Hulu, GroupOn, GitHub and Scribd.

"It's pretty surprising that it's taken this long [for an exploit] to surface in the wild, but less surprising that people are still running vulnerable installations of Rails," said Jeff Jarmoc, a security consultant with security research firm Matasano Security, Tuesday in a blog post.

The exploit that's currently being used by attackers adds a custom cron job—a scheduled task on Linux machines—that executes a sequence of commands.

Those commands download a malicious C source file from a remote server, compile it locally and execute it. The resulting malware is a bot that connects to an IRC (Internet Relay Chat) server and joins a predefined channel where it waits for commands from the attackers.

A precompiled version of the malware is also downloaded in case the compilation procedure fails on the compromised systems.

"Functionality is limited, but includes the ability to download and execute files as commanded, as well as changing servers," Jarmoc said. "There's no authentication performed, so an enterprising individual could hijack these bots fairly easily by joining the IRC server and issuing the appropriate commands."

Reports of malicious activity using this exploit were posted in recent days on severaldiscussion boards and it also appears that some Web hosting providers were affected, Jarmoc said.

Users should update the Ruby on Rails installations on their servers to at least versions 3.2.11, 3.1.10, 3.0.19 or 2.3.15 which contain the patch for this vulnerability. However, the best course of action is probably to update to the latest available Rails versions, depending on the branch used, since other critical vulnerabilities have been addressed since then.

Attackers are increasingly compromising Web servers to use them as part of botnets. For example, many Apache servers have recently been infected with a piece of malware called Linux/Cdorked and versions of this malware were also developed for Lighttpd and Nginx Web servers

Read More

Three Charged Over FA Computer Hacking
A referee is among three men charged over allegations of computer hacking and dissemination of private information at the FA. 

                                                                             

Referee Dean Mohareb, 30, from Woodley, Stockport, has been charged with perverting the course of justice and unauthorised access to computer data.

Liam Cliff, 18, from Manchester, and Vincent Rossi, 46, from Wilmslow, have been charged with perverting the course of justice.

The trio will appear before Stockport Magistrates Court on Thursday, December 5.

Mohareb is a senior member of the FA's Referees Department in his role as national referee development manager.

He was first arrested over allegations that he hacked into a colleague's email account in October last year. Police seized a number of electrical items from his home on that occasion.

Greater Manchester Police have been investigating allegations of computer hacking and the dissemination of private information at the FA.

Read More

Two Singaporeans arrested for hacking president's website

       

 Two Singaporean men have been arrested for allegedly defacing the president's website during a recent rash of cyber attacks in the city-state, police said today. 

The men, aged 17 and 42, were arrested following a complaint lodged by the website administrators of the Istana, the official residence of President Tony Tan. 

The website was hacked and displayed a crude image in the early hours of November 8, about an hour after Prime Minister Lee Hsien Loong's website displayed mocking messages and pictures from activist hackers' group Anonymous. 

Police said the two attacks are unrelated to each other. 

The suspects in the Istana website hacking will be charged in court tomorrow for offences under the city-state's Computer Misuse and Cybersecurity Act. 

They face a maximum fine of USD 8,000 or imprisonment of up to three years, or both. 

Police did not reveal the identity of the two suspects, but Singaporean businessman Doolson Moo last week revealed to the Straits Times newspaper that he was the one who penetrated the Istana website to "test for vulnerabilities". 

The 42-year-old said he entered a line of computer code into the search box on the website that allowed him to display a picture of an old woman pointing her middle finger, along with a string of offensive words in the southern Chinese dialect of Hokkien. 

He told the newspaper that his accomplice was a 17-year-old student he knew through social networking site Facebook. 

The arrests today come after another Singaporean, 35-year-old James Raj, was charged in court on November 12 with hacking a municipal council's website and posting an image of a Guy Fawkes mask, the international symbol of Anonymous. 

The council is located in a district represented by the prime minister. 

A man claiming to speak for Anonymous has demanded that Singapore scrap a law requiring news websites to obtain annual licences. 

The new Internet licensing rules came into force in June and have angered bloggers and activists who say they are designed to muzzle free expression. 

Singapore strictly regulates the traditional media, but insists the new licensing rules do not impinge on Internet freedom. 

Read More

Phone-hacking trial shown Glenn Mulcaire's investigation whiteboards

Glenn Mulcaire's private investigation wall featuring diagrams, lists of telephone numbers, taskings and names of people including Rebekah Wade and tennis player Venus Williams was shown to the jury at the hacking trial on Thursday.

The jury were shown five large and small whiteboards seized from the premises used by Mulcaire when he was arrested on phone-hacking related charges in 2006.

The largest of the whiteboards shown to the jury had the letters "s" "o" "e" in the middle of a clock-style diagram with the words "mice, money, ideology, compromise, ego, binology" written in "spokes" leading from the centre. The board also featured the words "Gordon, sop, Rayner, Sky"

The first whiteboard featured the word "Swizz Cottage", which detective sergeant James Guest told the jury was "Vodafone's password of the week" followed by the words O2 and Venus Williams.

Several of the boards featured a clock-like diagram, the jury was told by Guest. One had the word "services" in the centre with the words "Charles Rae meeting", a reference to the Sun's former royal editor, and the name "Rebekah Wade" (Rebekah Brooks's maiden name) at 1pm.

Mulcaire had also used the boards as an aide memoire. "Voda: Avoid Damian Team 3", he wrote on the third one shown to the jury.

One board listed footballers David Ginola and Tony Adams, and the words "Bulger Info". On Wednesday the jury were told that Mulcaire, who was paid around £100,000 a year by the News of the World, had been paid £13,500 in relation to inquiries about toddler James Bulger's killers in 2001, the year they were released on licence.

The whiteboards kept by Mulcaire were in addition to the 8,000 pages of notes and the audio recordings of voicemails recovered by police in his home.

Mulcaire, who was convicted of phone-hacking related charges in 2006, has pleaded guilty to another batch of related offences in relation to the 2013 trial.

Read More

College Student Sentenced for stealing passwords to rig Campus Election 

Matthew Weaver, a former Cal State San Marcos student was sentenced one year of prison for stealing almost 750 students password and using 630 of those accounts to cast the ballots.

22 years old Mr. Weaver was a third year business student when he planned to win election as president of the school's student council.

A month before the election Weaver bought three keyloggers.Authorities reports that Weaver installed keyloggers on 19 school computers to steal the passwords.

It has also been reported that he had done a bit of research with computer queries such as “how to rig an election” and “jail time for keylogger.” (utsandiego news reports)

According to a report, Weaver had planned the plot in early 2012. Authorities have found a PowerPoint presentation on his computer about the stipends for the president.

The plot unveiled when in March 2012, the last day of the four voting period, when computer analysts found anomalous activity on one of the college lab computers and they also received an email from a student complaining that the system didn't allow her to vote.

It was then that the technicians called campus police, who found Weaver at the school computer. He had keyloggers with him and was arrested.

After getting caught, Weaver with one of his friend created fake facebook ids for different students and indirectly mentioned a plot against him.
“He’s on fire for this crime, and then he pours gasoline on it to try to cover it up,” the judge reportedly said during Monday’s sentencing hearing.

The school held another election and cleaned security breach at a cost of more than $40,000, which the schools want back.

Meanwhile Mr. Weaver pleaded guilty to three federal charges, including wire fraud and unauthorized access to a computer and is under one year prison sentence.

Read More

Hackers convince bank to send $15000 wire transfer with the help of Hacked Gmail account

It is time to enable the Google two-step authentication feature.  If the website is providing you additional security feature, it is always good to use that feature.  This news will help you to understand the risk of ignoring the additional security feature.

Cybercriminals hacked the Gmail account of a Dubai based Indian expatriate Anil Abraham and used the account to convince bank to transfer $15,000 from his bank account in India.

When Anil contacted the Bank, he was told by the Branch Manager that the Money was transferred at his request only via email.  The cybercriminals are reportedly send a signed document with the email to trick the Bank into transfer the money.

According to Emirates247 report, the money was transferred to someone named Garry Albert Frazer to Westpac bank account in New Zealand.

Anil said whoever hacked into his email id had managed to steal fianancial information and managed to use those info to write email to Bank with forged signature.

I'm still wondering how bank allowed the cyber criminal to steal the money, they usually don't allow us to transfer money via email accounts without any personal verification.  As far as i know, Bank always careful when it comes to big amount of transfer - $15,000(nearly 90,0000 Rupees).

Though it is mistake of Bank, It is always good to enable security feature on your side.  Don't wait until your account get hacked, Enable the Two-step authentication : http://www.google.com/landing/2step/

Read More

How a  bitcoin  transaction  works

The basics for a new user

As a new user, you can get started with Bitcoin without understanding the technical details. Once you have installed a Bitcoin wallet on your computer or mobile phone, it will generate your first Bitcoin address and you can create more whenever you need one. You can disclose your addresses to your friends so that they can pay you or vice versa. In fact, this is pretty similar to how email works, except that Bitcoin addresses should only be used once.

Balances - block chain

The block chain is a shared public ledger on which the entire Bitcoin network relies. All confirmed transactions are included in the block chain. This way, Bitcoin wallets can calculate their spendable balance and new transactions can be verified to be spending bitcoins that are actually owned by the spender. The integrity and the chronological order of the block chain are enforced with cryptography.

Transactions - private keys

A transaction is a transfer of value between Bitcoin wallets that gets included in the block chain. Bitcoin wallets keep a secret piece of data called a private key or seed, which is used to sign transactions, providing a mathematical proof that they have come from the owner of the wallet. The signature also prevents the transaction from being altered by anybody once it has been issued. All transactions are broadcast between users and usually begin to be confirmed by the network in the following 10 minutes, through a process called mining.

Processing - mining

Mining is a distributed consensus system that is used to confirm waiting transactions by including them in the block chain. It enforces a chronological order in the block chain, protects the neutrality of the network, and allows different computers to agree on the state of the system. To be confirmed, transactions must be packed in a block that fits very strict cryptographic rules that will be verified by the network. These rules prevent previous blocks from being modified because doing so would invalidate all following blocks. Mining also creates the equivalent of a competitive lottery that prevents any individual from easily adding new blocks consecutively in the block chain. This way, no individuals can control what is included in the block chain or replace parts of the block chain to roll back their own spends.

Read More