| 

Whoops – Treasury still hacked.

  • Post author: Omid Farhang
  • Post published: May 3, 2010
  • Reading Time: 1 min
  • Word Count: 61 words

I was wrong in my earlier assessment that the three treasury websites had been cleaned
 the attack site was simply tracking ip addresses, and would not serve the iframe on subsequent visits.I really should have noticed that earlier, and have no excuse except that it was very early. And pre-caffeine. Folks should stay away from the sites mentioned until they’re cleaned.

Continue Reading Whoops – Treasury still hacked.

Treasury website hacked

  • Post author: Omid Farhang
  • Post published: May 3, 2010
  • Reading Time: 1 min
  • Word Count: 116 words

For a short while today a couple of treas.gov websites were hacked, and were reaching out to an attack site in Ukraine. The websites involved were bep.gov (Bureau of Engraving and Printing), bep.treas.gov and moneyfactory.gov. They had been script injected with the line of code circled in red
 Btw, you should _not_ mess with the attack site (grepad) 
 it was dead earlier today, but could easily come back to life. ...

Continue Reading Treasury website hacked

Subdomains defaced on The Telegraph website

  • Post author: Omid Farhang
  • Post published: April 15, 2010
  • Reading Time: 1 min
  • Word Count: 201 words

The Telegraph, one of the biggest newspapers in the UK, hasn’t had a good time of it lately where their website is concerned. There were vulnerabilities found in relation to the site back in March involving database access, and it seems a hacking group has gone in and defaced two subdomains. These are the two subdomains in question: shortbreaks(dot)telegraph.co.uk wine-and-dine(dot)telegraph.co.uk/site/index.php They appear to have been compromised by “R.N.S. – Romanian National Security”. Here’s a screenshot, both defacements are identical: ...

Continue Reading Subdomains defaced on The Telegraph website

Iowa bank compromised, serving exploits

  • Post author: Omid Farhang
  • Post published: April 9, 2010
  • Reading Time: 1 min
  • Word Count: 51 words

Northwestern Bank Online – Orange City is compromised and should not be visited until it’s clean. Embedded in the side is a malicious iframe, as you can see in this screen shot: (Testing the site with Wapawet doesn’t work, since it chokes on the javascript emulation. However, the iframe is malicious.)

Continue Reading Iowa bank compromised, serving exploits

China denies connection to high-level hacking

  • Post author: Omid Farhang
  • Post published: April 7, 2010
  • Reading Time: 3 min
  • Word Count: 430 words

“Shadows in the Cloud” hang over the otherwise sunny PRC A spokesperson for the Chinese Foreign ministry has tried to minimize a report from investigators in Toronto that hackers based in China breached computers of the Indian Government and others and downloaded classified material. The Information Warfare Monitor and the Shadowserver Foundation extensively documented an eight-month investigation that revealed a network of infected government and military computers. The net was controlled from servers in China and stole a variety of classified documents. They posted their 52-page report, “Shadows in the Cloud: investigating cyber espionage 2.0” today on scribd.com ...

Continue Reading China denies connection to high-level hacking

Hacking the Matrix

  • Post author: Omid Farhang
  • Post published: April 7, 2010
  • Reading Time: 2 min
  • Word Count: 294 words

I could talk about how The Matrix was a pretty big deal for me back in the day, or how The Matrix Online is (to date) the only MMORPG I ever liked enough to pay a monthly subscription for, or how I think people doing Kung Fu in bullet time is still the best thing ever. Mostly, I’ll just show you this: And this: Is there a glitch in the Matrix? You bet. Unfortunately it seems the website of one of the actors from Reloaded / Revolutions (Harry Lennix, who played Commander Lock) has been hacked and is now, bizarrely, the scene of some Cyber Kung-Fu gone wrong as two warring factions go to, er, war. ...

Continue Reading Hacking the Matrix

Hacking forum or a sting operation?

  • Post author: Omid Farhang
  • Post published: April 3, 2010
  • Reading Time: 2 min
  • Word Count: 292 words

Though it is true that malware is getting more and more sophisticated I am sometimes surprised by the lack of skills coming from wannabe botnet operators. Today, I stumbled upon a hacker’s forum which nicely demonstrates just how low is the technical knowledge level of the forum members. A search for “Zeus” produces several hundred results, many of them surprisingly basic, looking for help with installing a Zeus server or an advice about the best bulletproof hosting. ...

Continue Reading Hacking forum or a sting operation?

The Phishing of Indian Job Sites

  • Post author: Omid Farhang
  • Post published: April 3, 2010
  • Reading Time: 2 min
  • Word Count: 279 words

Despite the global economic slowdown, India witnessed a high number of new jobs in the country during the first quarter of 2010. With the job market looking positive, job sites seem to have benefited with more users accessing their websites. Below is a screenshot of a phishing website that takes advantage of the brand of a popular Indian job site: The increased number of candidates seeking jobs in India has led to the launch of phishing attacks on Indian job sites. The phishing page in the above example is asking for potential employers’ login credentials. The phishing website was created on servers located in the Netherlands. The credentials consist of a username and password as well as the employer’s email ID and password. After stealing these credentials, fraudsters send targeted spam messages to the employers. The spam message states that the employer is required to pay an amount to upgrade or continue his access of particular recruitment solutions. The link provided to make the payment leads to a phishing page that asks for confidential information such as credit card numbers, pin number, etc. Attackers also masquerade as the employer to send spam containing fake job opportunities to job seeking candidates—an action that means the attackers are always seeking financial gain. ...

Continue Reading The Phishing of Indian Job Sites

Arrests on the Rise

  • Post author: Omid Farhang
  • Post published: April 3, 2010
  • Reading Time: 3 min
  • Word Count: 430 words

Lots of little newsworthy updates recently . . . they’ve been well-covered elsewhere, but we wanted to make sure our readers saw them as well. Russia: Safe Haven no more? One of the constant complaints that we hear is “the criminal is probably in Russia”, as an excuse for why a case is not worth investigating. Back on November 11, 2009, we posted a story The $9 Million World-wide Bank Robbery, where VIKTOR PLESHCHUK, 28, of St. Petersburg, Russia; SERGEI TƠURIKOV, 25, of Tallinn, Estonia; and OLEG COVELIN, 28, of ChiƟinău, Moldova were charged with leading the robbery, which actually occurred in 2008. This week the Financial Times has revealed that Viktor Pleshchuk was arrested by the FSB. Their story leads with: ...

Continue Reading Arrests on the Rise

Nokia.de(faced)

  • Post author: Omid Farhang
  • Post published: April 3, 2010
  • Reading Time: 1 min
  • Word Count: 88 words

I’m almost certain this shouldn’t be on the Nokia.de webspace, lurking under the “online.nokia.de” subdomain: Don’t worry though, Admin – they “just changed your index”. This isn’t the first time Nokia domains have come under attack. The above defacement – by an Albanian hacker called “Spammer” – seems eager to let the webmaster know they can help with the bugs, but I’m pretty sure an email would have been just as useful. Nokia.de have been notified of the defacement, but I’ve had no word back as of yet. ...

Continue Reading Nokia.de(faced)