Archive for June, 2011

National Security companies use key loggers to spy on suspects the same way parents use key loggers to monitor their children’s Internet activity. Key loggers secretly record all PC key strokes and automatically send them to a remote location.

Thanks to Black Ops emails from HBGary  which were leaked by Anonymous, we know the details of how the most sophisticated rootkit key loggers being developed for the U.S. Government work.

Key loggers are intentionally designed to be very hard to detect (if antivirus software found them, they could be deleted)  but all key loggers have to call home using standard protocols to work.

This is a key logger’s most vulnerable point, when they call home, where they can be detected, identified and tracked.

If enough prominent people find unauthorized key loggers spying on their PCs, their outrage would pressure the media and law enforcement to investigate and stop this spying.

Project Goal: Produce simple, reliable means to detect when key loggers call home and identify where and when they are sending data in a form that can be easily shared widely with activists.

Concept #1: Use Linux firewalls to monitor all outgoing traffic to prove key loggers are present and to identify where the information is being sent.

The system should be designed to be as simple and inexpensive as possible and to minimize the possibility of hacks and back doors being installed to defeat them.

Develop simple step by step procedures for setting up inexpensive Linux firewalls to do this.

Invite hackers to make suggestions as to how it could be defeated and improved.  Solicit better ideas from the hacking community. Review and improve the approach and instructions.

Once the design is finalized, share the instructions widely publicly in different languages.

Key logger sweeps could be a money making opportunity for people who have the interest, equipment and skills to do it.

Note:  Norton and other major security software vendors specifically exempt certain key logger detection functions to protect law enforcement activities. The solution MUST be able to catch these protected exemptions.

Even the simple recording of outgoing addresses that could be easily imported into an Excel spreadsheet might be of value.


Is this the best approach? Has it already been done and documented? What is the best way to proceed?

I don’t have the expertise or skills to develop this myself, but I can certainly help test, polish and promote it.

Please Support This Effort & Help Stop the National Security State.


Source Link


Hackers who exploited a vulnerability on Citigroup’s Citi Account Online website earlier this year managed to steal $2.7 million from the victims’ accounts.

On June 9 Citi announced that its Citi Account Online system was compromised by unidentified attackers who extracted the account data of 1% of its North American card holders.

Originally, it was believed that around 200,000 customers were affected, but it was later revealed by Citi that over 360,000 credit card holders had their information exposed.

The bank confirmed last week that $2.7 million was stolen from 3,400 accounts following the security breach. All of the customers will be reimbursed for the loss.

In addition, the company incurred costs of tens of millions of dollars with the process of notifying all affected individuals and the reissuing of credit cards.

Citi learned of the data breach back in May, but took three weeks until reporting it publicly. This has drawn criticism from consumer protection groups and security experts.

The incident was the result of a vulnerability on the Citi Account Online website which allowed attackers to access account information by simply manipulating an URL.

Interestingly enough, birth dates, Social Security numbers, credit card expiration dates and CVV codes, data that would be required for fraud, were not compromised.

This begs the question of how the $2.7 million were stolen. It is possible the exposed information, names, account numbers, addresses, and emails, was used to craft believable phishing emails to obtain the rest.

Citi has not confirmed any such attacks, but customers are strongly advised to be on the lookout for emails that appear to originate from the bank and ask for personal and financial details. Please confirm any such messages with the company over the phone before following the instructions within.


Source Link

That didn’t take long. Tons of people haven’t even gained access to the Google+ field trial yet, but that hasn’t stopped Chinese authorities from blocking Google’s brand new social networking project, reports Ren Media.

Indeed, Just Ping and the website both confirm that is not accessible from mainland China.

The censoring itself isn’t too surprising; Chinese authorities aren’t too keen on U.S. social networks and block services such as Facebook, Twitter, YouTube and Foursquare.

Still, I’m taken aback by how swiftly China responded to the formal debut of Google+, which until further notice is an invitation-only beta product (although, admittedly, one that has enjoyed a lot of international press over the past 24 hours).

Update: Penn-Olson says Google+ wasn’t blocked, just made impossible to use by slowing it down to a crawl, which essentially comes down to the same thing: censoring.



Source Link

Anonymous Riot Guide

This is a guide that the group Anonymous want to share to the world so you have the knowledge of protect yourself in some situations.

Shenyang, China — Graffiti denouncing Kim Jong Il has allegedly been found on a wall in Pyongyang, causing the authorities to launch a crackdown to uncover the culprit.

According to one Chinese-Korean trader working between the North Korean capital and Dandong, China, “Graffiti denouncing Kim Jong Il was found on the wall of Pyongyang Railroad College on the 24th; the inspections and regulations are phenomenal. Nobody can come or go from Pyongyang.”

The graffiti apparently stated, “Park Chung Hee and Kim Jong Il are both dictators; Park Chung Hee a dictator who developed his country’s economy, Kim Jong Il a dictator who starved people to death.” One syllable was a man’s head and was written on a red brick wall in white chalk, making it quite striking.

“In order to catch the culprit, regulations and inspections targeting visitors to Pyongyang as well as the city’s citizens went on for three days, until the morning of the 27th,” the source said. “They wouldn’t even sell train tickets, so my schedule got pushed back. One person visiting his son in the military in Pyongyang was not able to get home.”

Pyongyang Railroad College is in Hadang 1-dong in Hyeongjesan-district, a place with no streetlights with the exception of above the college main gate. The neighborhood is also within the scope of the 100,000-home construction project, so buildings in the area have been destroyed and pedestrians are rarely seen. It would have been easier than in some other places to leave graffiti.

According to the trader, the authorities launched the search for the person responsible via a joint investigation team including the National Security Agency and People’s Safety Ministry, specifically targeting students and people from other provinces. They established road blocks on the roads linking Pyongyang Station and West Pyongyang Station, Pyongyang-Pyongsung, Pyongyang-Wonsan and Pyongyang-Kanri, then began questioning all passers’ by.

Reporting the latest, he said, “The investigation unit has now narrowed down the investigation to the Railroad College’s own students, and has blocked the movement of people between provinces in order to stop the spread of rumors. It seems they are dealing with it severely since it happened in Pyongyang not in the provinces.”

Despite the authorities’ efforts to block the spread of the news, people as far away as Pyongsung and even North Hamkyung Province know about it, the source said.



Source Link

TDSS rootkit infects 1.5 million US computers


Millions of PCs around the world appear to have been quietly infected by the dangerous TDSS ‘super-malware’ rootkit as part of a campaign to build a giant new botnet, researchers from security firm Kaspersky Lab have discovered.

Malware and botnets come and go, but TDSS is different. First detected more than three years ago, TDSS (also known as ‘TDL’ and sometimes by its infamous rootkit component, Alureon), it has grown into a multi-faceted malware nexus spinning out ever more complex and dangerous elements as it evolves.

In recent weeks, Kaspersky Lab researchers were able to penetrate three SQL-based command and control (C&C) servers used to control the activities of the malware’s latest version, TDL-4, where they discovered the IP addresses of 4.5 million IP PCs infected by the malware in 2011 alone. Almost 1.5 million of these were in the US.

If active, this number of compromised computers could make it one of the largest botnets in the world, with the US portion alone worth an estimated $250,000 (£155,000) to the underground economy.

The TDL-4 malware has also added technical and economic capabilities to its features list, including some that are out of the ordinary for botnets, the researchers said.

Making use of the malware’s bootkit design – it infects the master boot record of a PC to allow it to load before other programs – it attempts to clean rival malware from an infected PC, searching for an nixing up to 20 different malware types, including Gbot, Zeus and Optima. This stops other programs interfering with its activities as well as hurting their commercial activities.

The researchers noticed a kad.dll component of the infection which appears to allow TDSS/TDL-4 an elaborate C&C channel to control bots using the Kad P2P file exchange network even if the primary encrypted channel has been shut down by rival botnetters or security companies.

Perhaps most intriguing of all are the economic innovations shown by the TDSS creators which help them sell it in a botnet-as-a-service form.

One of these is turning botted PCs into anonymous proxies, which Kaspersky found were being sold for $100 (£60) per month each to customers that wanted to hide their Internet use. They even discovered a Firefox add-on that makes it easier to toggle between different proxies within the browser.

“We don’t doubt that the development of TDSS will continue,” said Kaspersky researcher, Sergey Golovanov, who performed the latest analysis of TDSS. “Active reworkings of TDL-4 code, rootkits for 64-bit systems, the use of P2P technologies, proprietary anti-virus and much more make the TDSS malicious program one of the most technologically developed and most difficult to analyse.”

The bigger question is why TDSS/TDL-4 has invested so much effort in complexity when other malware performs adequately without it. Perhaps its most infamous innovation was the 64-bit version of Alureon that Microsoft claimed in May to have removed from hundreds of thousands of systems despite the fact this version of the OS is supposed to be harder to attack.

The answer is that TDSS’s creators are pioneering in their outlook. Windows might have fewer 64-bit users and the OS might be more of a challenge, but tackling it offers larger rewards because they stay ahead not only of rivals but of the software defences.

“Cybercriminals are trying to future-proof themselves,“ said fellow Kaspersky researcher, Ram Herkanaidu. “They know that a lot of systems are going to go 64-bit,” he said.

For his part, TDSS expert Golovanov thinks TDL-4 is in the hands of a single East European criminal entity which has sold the older and less advanced TDL-3 to another criminal enterprise in the same geography.


Source Link

HAMILTON — A Hamilton area teen could be linked to alleged hacking attempts on U.S. and British government websites.

Last week, British authorities charged Ryan Cleary, 19, with five offences under the Computer Misuse Act, according to reports in the Daily Mail, a London newspaper.

Cleary is accused of launching cyber attacks from the Essex home where he lives with his parents. That investigation has apparently moved to the United States, specifically to Ohio on Jackson Road in St. Clair Twp., where a home was searched Monday morning by federal agents.

“I can confirm a federal search warrant was served,” said Michael Brooks, spokesman for the FBI’s Cincinnati office.

Brooks said the search warrant is sealed and that he could not release any details, nor could he confirm it was related to the international hacking investigation. No one was charged after the warrant was served, he said.

Butler County Sheriff’s deputies were on standby outside the house at the time of the search, but the department has no knowledge about the details of the federal investigation, according to Deputy Chief Anthony Dwyer.

One of the charges against Cleary is connected to allegedly bringing down the website of Britain’s Serious Organized Crime Agency — the U.K.’s FBI equivalent — using a flood of traffic, in what is known as a “distributed denial of service” attack, according to the Daily Mail.

Cleary is suspected of having ties to the Lulz Security hacking collective, which has recently targeted Sony, the CIA website and the U.S. Senate computer system. The news comes as Internet hacking LulzSec took revenge on two people it claimed had “snitched” on them and landed Cleary in custody. One of those two people named is the Hamilton area teen, the Daily Mail reported.

LulzSec denied that Cleary was a member of the group but confirmed it used his computer equipment to host a chatroom.


Source Link






Article by:

The hacking group Anonymous claimsit’s stolen and leaked personal emails and other documents—including “seductive girlfriend pictures”—belonging to Arizona Department of Public Safety officers. Hacker Summer continues.

The leak, a 155.7 megabyte archive uploaded to the Pirate Bay, comes just under a week after the defunct hacking group Lulz Security dumped hundreds of sensitive Arizona DPS documents in retaliation for Arizona’s “racial profiling anti-immigrant” policies.

Anonymous is taking up where LulzSec left off. It’s carrying on “Operation Antisec,” which is aimed at stealing and leaking government documents. (Uh, like pictures of police officers’ girlfriends? Do they have tattoos of classified NSA documents on their backs or something?)

“Just when you thought it was over, we’re hitting the Arizona police state with our second round of attacks,” reads the press release. This time, it’s personal:

we’re dumping booty pirated from a dozen Arizona police officer’s personal email accounts looking specifically for humiliating dirt. This leak has names, addresses, phone numbers, passwords, social security numbers, online dating account info, voicemails, chat logs, and seductive girlfriend pictures belonging to a dozen Arizona police officers. We found more internal police reports, cops forwarding racist chain emails, k9 drug unit cops who use percocets, and a convicted sex offender who was part of FOP Maricopa Lodge Five.

(We haven’t been able to download the leak to check its contents yet)

Arizona state police have been checking their security following last week’s attack. If this leak is legit, they might want to check harder.


Source Link

Federal law enforcement agencies from around the world have been working to arrest members of the group known as lulzsec. Love them or hate them lulzsec has changed how the public views hackers and hacking. It has brought more attention to the cyber world and the cultures that develop there, and they have changed how some hackers operate Instead of quietly hacking smaller websites or targets of personal interest, they hack or attempt to hack government targets and post about it on social network and public chat rooms. Lulzsec declared war on the US Government and others like them have answered the call to arms. By doing this lulzsec has ensured that even if they themselves are caught their cause will live on without them, in fact if caught this would only likely motivate their followers further.

These “daughter groups” seem based on their region , on twitter I have seen “lulzsec” based groups for brazil and there have been reports of graffiti tags showing the word “antisec” and lulzsec’s mascot image in San Diego, I do not know how many other groups such as this are out there, but considering lulzsec’s over 200,000 twitter followers the number could be significant. Considering law enforcement’s history with dealing with cell based groups if they seriously want to stop the antisec movement they are going to need a different approach  than the one they are currently taking, fighting them directly is only going to expand the antisec movement and fuel its anger.

Right now lulzsec and its allies have the advantage because their operation is popular and costs very little to operate but does a significant amount of damage, while Government forces cost significant amounts of money to train and operate and do very little damage. Considering how slow that governments are to adopt change, even when it directly benefits them lulzsec and its allies will be at this for quite some time.

If the governments were truly serious about stopping this threat they would  work to defuse the anger and outright hate people feel toward the government these days, they would take steps to show people that they are not the bad guys and stop taking such a hard approach.  They would pay more attention to public perceptions and address the issues that people have in a honest and transparent manner, being answerable to the  public when questions are asked. For example there may be a perfectly rational explaination as to why the FBI took servers that didn’t seem to have anything to do with lulzsec from DigitalOne, but the people will never know why because they won’t comment, and when they do people feel like what they are told does not really explain anything, so without answers from official sources right away, people will just draw logical conclusions based on the available evidence , and said evidence makes it look like the FBI has no idea what it is doing and they have good reason to believe that.

As of late the governments actions in public have been disastrous and it has gotten to the point where people feel compelled to act to stop it. People feel like their rights are being stripped away and that they have no control over their own private lives. They are afraid. So when someone comes along and is not afraid, and not only not afraid but willing and able to act against the target of their fears, they rally around them and support them, feeling less afraid to act themselves, and after enough time they lose all fear of any legal repercussions because they believe they are morally right. This is the point we are at right now, they have motivated and emboldened people that the government has alienated and ignored. Stopping lulzsec won’t stop antisec, in fact it will likely do the opposite. The game has been changed, and right now the only winning move is not to play.


Source Link

The government is trying to ram through an anti-Internet set of electronic surveillance laws that will invade your privacy and cost you money. The plan is to force every phone and Internet provider to surrender our personal information to “authorities” without a warrant.

This bizarre legislation will create Internet surveillance that is:

  • Warrantless: A range of “authorities” will have the ability to invade the private lives of law-abiding Canadians and our families using wired Internet and mobile devices, without a warrant or any justification.
  • Invasive and Dangerous: The laws leave our personal and financial information less secure and more susceptible to cybercrime.
  • Costly: Internet services providers may be forced to install millions of dollars worth of spying technology and the cost will be passed down to YOU.

If enough of us speak out now the government will have no choice but to stop this mandatory online spying scheme. Sign the petition now, and forward it to everyone you know.
Sign Petition