Indian Air Force issues strict orders to tackle hacking

Indian Air Force issues strict orders to tackle hacking

Indian Air Force issues strict orders to tackle hacking

New Delhi: Every officer of the Indian Air Force (IAF) will now have to sign a declaration that they will not save or view any official document on personal computers. Failure to adhere to this directive will lead to a court marshal and prosecution.

The recent directive from the IAF headquarters to all its formations across the country comes after repeated leaks of sensitive documents - some of which are of operational and sensitive in nature - from personal computers of officers and men.

In a recent case, operational documents were found on the personal computer of a young pilot posted at an airbase in Tamil Nadu. A court of inquiry has been initiated.

In another incident this July, it was found that classified data regarding Indian Naval operations were transmitted to IP addresses in China. Later, inquiries revealed that a few naval officers had, against the rules, taken copies of the plans in pen drives from a naval computer, to study. The Chinese-made pen drives allegedly had malwares which transmitted the data back to IP addresses in China once they were used on computers connected to the internet.

Earlier last year, a major with the Indian Army posted in the crucial Andaman and Nicobar Command was investigated by the Intelligence Bureau (IB) and the National Investigative Agency (NIA) when classified Army plans and other sensitive operational data stored in his personal computer reached Pakistan's Inter-Services Intelligence Agency (ISI). The inquiry revealed that the Major was preparing for a course, and had taken copies of presentations and plans in his personal computer, which was subsequently hacked by malware originating from Pakistan.

In almost every case of cyber leak, subsequent inquiries have revealed that officers wanting to study the documents at leisure copied the data from the official systems into their personal computers, and the data later found its way into the cyberspace.

Over the years, cyberspace has emerged as a critical frontier for espionage as the use of computers and dependence on the internet has grown. Thus, document security has emerged as one of critical areas of concern for the government. It is perhaps alluding to these increasing instances of the cyberspace being used by foreign agencies to collect critical information. Prime Minister Manmohan Singh, while addressing top cops of the country at the annual security conference hosted by the Intelligence Bureau earlier this month, said, "Our country's vulnerability to cybercrime is escalating... Large-scale computer attacks on our critical infrastructure and economy can have potentially devastating results. The government is working on a robust cyber security structure."

The Indian armed forces are considering a joint cyber command to deal with document security and hackers, many of whom are funded and used by foreign governments searching for sensitive and strategic information. The Indian Navy has come up with an exclusive Information Technology brigade to be deployed on warships and various sensitive establishments on shore to manage and secure the network and data.

As a general rule, computers in which sensitive information are stored or prepared are never connected to the internet. "The IAF internal communication network, for instance, is not only a stand-alone network with no connection to the net, but also has the system configured in such a way that it doesn't allow external storage devices like pen drives or CDs," a senior MoD official told NDTV. Nonetheless, some officers have been found "keeping copies or preparing documents using critical information in their personal computers, which have subsequently passed out by malwares in the system or hacked," the officer added.

Banks Fail To Repel Cyber Threat

Banks Fail To Repel Cyber Threat

Attacks that have tied up bank websites show U.S. financial institutions' vulnerability to electronic terrorism.

U.S. Bank branch

A shadowy but well organized hacker group in the Middle East has disrupted the electronic banking operations of America's largest financial institutions in recent days, underscoring U.S. vulnerability to online terrorism.
A group identifying itself as Izz ad-Din al-Qassam Cyber Fighters attacked the websites of Wells Fargo, U.S. Bancorpand Bank of America. The strikes left customers temporarily unable to access their checking accounts, mortgages and other services.
The banks said account and personal information for their tens of millions of online and mobile customers were not compromised. Still, experts said the size and ferociousness of the attacks highlight the broader threat posed by electronic crime and the susceptibility of financial targets.
Of particular concern, experts said, is that the attackers used the Internet to warn the institutions ahead of time — but the banks still couldn't repel the assaults.
"The banks put a lot of effort into cyber security. But they're so desirable as a target, even with all that effort they still have problems," said James Lewis, an expert at the Center for Strategic and International Studies in Washington. "If you can pull together enough resources, you can overwhelm any defense temporarily."
The attacks on banks began last week on the largest institutions in the country: JPMorgan Chase, Citigroup and Bank of America. They spread to Wells Fargo on Tuesday and U.S. Bank on Wednesday. Another attack has been threatened against PNC Financial Services on Thursday.
The U.S. government and banks have been working feverishly to learn more about the attackers. A financial executive not authorized to speak publicly described a "war room" where bankers were coordinating efforts with the Department of Homeland Security
Izz ad-Din al-Qassam is the name of the military wing of Hamas, the political party that governs theGaza Strip. Experts say the attacks appear to have originated from the Middle East, thought it isn't clear who is behind them or the motivation.
However, on Tuesday the group posted a manifesto on the Internet saying attacks would continue until a video insulting the Islamic prophet Muhammad was removed from the Internet. That video, "Innocence of Muslims," has caused violent clashes in the Middle East, and led to the attack of the U.S. embassy in Libya.
Dmitri Alperovitch, a computer security expert investigating the recent attacks, said they are the latest in a series of cyber assaults by the group. The attacks were not only on financial firms, he said, although he declined to identify other industries. Alperovitch said Izz ad-Din al-Qassam has demonstrated "advanced capabilities."
He said it was unlikely that the anti-Islamic video alone had triggered the attacks. He said his firm, CrowdStrike Inc., has linked the group to attacks on other targets since January, long before the trailer for the anti-Islamic film was posted on YouTube.
Wells Fargo, based in San Francisco, had intermittent service interruptions all day Tuesday, distressing many of its 21 million online customers.
Similar problems occurred Wednesday at U.S. Bank. The Minneapolis-based bank said it was experiencing unusually high Web traffic and that the coordinated attacks were "very similar" to those at other major banks. "We are working very closely with federal law enforcement," spokesmanTom Joyce said.
Pittsburgh-based PNC, facing the threatened attack on Thursday, was preparing for the worst. "We've seen the posting" on the Internet, PNC spokesman Fred Solomon said. "We're taking appropriate measures."
Security consultant Alperovitch said the volume of phony demands on bank sites was two to three times heavier than previous records for denial of service attacks, and 10 to 20 times higher than the average such attack. Still, the onslaught so far has had a "very limited impact," resulting in only brief shutdowns of websites.
"The attacks, while very, very large and historic in that sense, are not super sophisticated," he said. Although evidence points to a group "certainly of Middle Eastern origin," his company could not tell whether a state or private group was behind the attacks.
Some speculation centered on whether Iran might be retaliating for economic sanctions placed on the country because of its nuclear program and enforced by U.S. banks.
"I don't believe these were just hackers," Senate Homeland Security Committee Chairman Joe Lieberman (I-Conn.) said last week in an interview on C-SPAN's "Newsmakers" program. "I think this was done by Iran and the Quds Force," a secretive Iran military unit blamed for terrorist activity.
Lieberman was observing Yom Kippur and could not be reached Wednesday. The FBI and Justice Department declined to comment on the origin of the attacks.
Two bankers, who spoke on condition of anonymity, said their banks were also on the alert for cyber thieves who might use the attacks as a diversion.

Google patches 24 Chrome bugs, pays out $29K to bounty hunters

Google patches 24 Chrome bugs, pays out $29K to bounty hunters

Google yesterday patched 24 vulnerabilities in Chrome, and paid out $29,500 in bounties to nine researchers, more than half of that to one of the company's most prolific bug finders.

Chrome 22, which Google started pushing to current users on Tuesday, also debuted improvements in how the browser renders 3-D web apps, including games.

The 24 vulnerabilities include one rated "critical," Google's highest threat ranking, 15 tagged "high," five pegged "medium," and three labeled "low."

[ Get the latest IT news on the Australian government and businesses in Computerworld's Business & Government newsletter ]
Critical bugs are rare in Chrome: Yesterday's, in fact, was not in the browser itself but rather in Windows. In Tuesday's update notification, Google called it a "Windows kernel memory corruption" and attributed the report to a pair of researchers at a Finnish company, Documill, that specializes in creating software for accessing Microsoft Office and Adobe Reader documents through a browser.

For their work, Google awarded the pair $5,000.

The company also paid $15,000 to long-time bug contributor Sergey Glazunov for reporting a pair of critical universal cross site scripting (UXSS) vulnerabilities, one in the browser's frame handling, the other in how it interacts with Google's V8 JavaScript engine.

Glazunov was one of two security researchers who hacked Chrome at Google's inaugural "Pwnium" contest last March. That feat earned him $60,000.

With Tuesday's $15,000 check, Glazunov has taken home nearly $80,000 for his research efforts this year.

So far in 2012, Google has paid over $290,000 in bounties, a number sure to climb. Last month, Google raised the bonuses it pays, saying the change was triggered by a decline in submitted reports.

Several of the researchers who received bounties for the bugs patched in Chrome 22 benefited from the increase, including Glazunov, the two from Documill, and others who received $1,000, the new bonus basement.

Chrome 22 includes few if any visible changes, but yesterday Google touted some behind-the-scenes improvements, notably support for the Pointer Lock JavaScript API, or "Mouse Lock."

The feature should improve play of first-person, 3-D games within Chrome, said Google engineer Vincent Scheib in a Tuesday blog post.

Google also called out some unspecified enhancements to Chrome in preparation for the Oct. 26 launch of Windows 8 by Microsoft.

Although Google announced a Windows 8 version of Chrome -- one that will include not just a desktop browser for that traditional UI, but also one for what was formerly called the "Metro" environment -- in mid-June, it has not shifted the latter from the rough-around-the-edges "Dev" channel since then.

Chrome 22 can be downloaded for Windows, Mac OS X and Linux from Google's website. The browser is updated automatically through its silent service.

China's cyber theft could be more serious than reported: official

 China's cyber theft could be more serious than reported: official

Taipei, Sept. 27 (CNA) China's cyber hacking of Taiwanese websites could be more serious than has been officially reported, Taiwan's intelligence chief said Thursday.

Tsai De-sheng, director-general of the National Security Bureau (NSB), confirmed reports during a Legislative Yuan question-and-answer session that China has hacked some 26,000 pieces of information from Taiwan's Internet system over the past seven years.

However, the figure tallies only those cases that have been discovered, Tsai noted, adding that there are doubtless other hacking cases that have gone undetected.

During the interpellation session, opposition Democratic Progressive Party Legislator Tsai Huang-liang asked about the NSB's stance on a proposal to allow Chinese companies to invest in the local telecommunications sector.

In response, the NSB director said that countries all over the world have adopted strict restrictions on Chinese investment in their telecom sectors because China is known to be incredibly aggressive in its cyber hacking 

'Anonymous Philippines' on a Hacking Spree

'Anonymous Philippines' on a Hacking Spree  

Photo is loading...

MANILA, Philippines – A hacktivist group struck down several government websites Wednesday night in protest against the recently enacted anti-cybercrime law that imposes penalties on hacking, online libel and similar activities.
The hackers replaced the websites with a predominantly black interface, an animated logo and a statement against the Cybercrime Prevention Act of 2012. The group calls the new law "the most notorious act ever witnessed in the cyber-history of the Philippines."
Anonymous Philippines, whose Facebook page boasts over 250 fans, also called the new law's provisions on libel "cunningly deceptive" in implying that everyone can be imprisoned even for their licit online activities.
"It can imprison anyone who commits libel either by written messages, comments, blogs or posts in sites such as Facebook, Twitter or any other comment-spaces of other social media in the Internet," the group claimed, tagging themselves with the lines "We are Legion. We do not forgive. We do not forget. Expect us."
As of posting time, some of the hacked websites have not been restored.
Traditionally, .gov domains are considered the most secure online sites.
'Up and restored'
Certain links at the official website of the BSP remain inaccessible to public hours after the portal was defaced by a group condemning the passage of the anti-cybercrime law..
"As of 2 a.m. today, the website of the (BSP) has been up and running, restored and able to serve the public once again," a statement released on Thursday said.
"The BSP's internal Information Technology Group worked on the immediate restoration of our website after ensuring that our security firewall kept our databse protected," it added.
The BSP website was one of the government portals hacked by Anonymous Philippines in its protest against Republic Act No. 10175 or the Cybercrime Prevention Act, which the group sees as a form of online censorship. A group of journalists on Tuesday filed a stay order petition against the law before the Supreme Court.

However upon checking, despite the website already being restored, certain links to electronic files of BSP issuances and publications remained unavailable.
Recently, the Department of Science and Technology’s Information and Communications Technology Office issued directives to all government system administrators to review their websites’ security to prevent more hacking attacks.
The directive was issued after a series of attacks on government websites at the height of the tense territorial dispute between China and the Philippines over the Panatag Shoal in the West Philippine Sea.

Administrative Director of Social Participation Hacked By P@KhTuN~72

Administrative Director of Social Participation Hacked By P@KhTuN~72

Administrative Director of Social Participation has been Hacked By a Pakistani Hacker named P@KhTuN~72 . The Hacker had hacked it after U.S made an Anti-Islamic Movie.
The Hacker had left the message below on the deface page:

Hello Admin .... 

Pakistani Muslim Soldier P@KhTuN~72 is here 
Muslims want peace all over the world.. 
But Insult of Our Holy Prophet Muhammad ( P.B.U.H), We Can't bear it..
We are more more and more stronger than you that you cannot imagine..
But We Want Peace & Brotherhood 
But You Boobish People and Your Boobish acts Provoked me... :@
And am Again here to Destroy Your CYber Space
And This Is Only The Index Change for Warning...
I Do Not Want Bad Effect On Your Site;)

Syria Information Ministry Email Hacked

Syria Information Ministry Email Hacked

Syria's ministry of information on Monday denied the sacking of the country's ambassador to Lebanon and said a previous email announcement was a result of hacking, state television reported.
"The email account of the ministry was hacked in order to publish inaccurate information" about the reported dismissal of the Syrian Ambassador to Lebanon Ali Abdel Karim Ali, the ministry said in a statement carried by state television.
The ministry said it "denounces this piracy" and confirmed that "Ambassador Ali is still in his post in Lebanon, and the announcement of his dismissal is baseless." Syrian official news agency SANA also said on Monday that its Facebook page had been hacked.
"As part of an aggressive campaign against our national media, hostile parties have hacked the SANA Facebook page," the agency said, adding that it had no links with the contents of the page, which it was working to deactivate. In late August, SANA said a fake email was sent on its behalf announcing the dismissal of Vice President Faruq al-Shara.

ASUS Computers Official Website Hacked By 1337 | Tha Dark

ASUS Computers Official website Hacked By 1337 | Tha Dark | Invectus | H4x0rL1f3 | KhantastiC | Shadow008 | x3o-1337 | Dr.Z0mbie | Tha Disaster | Tha Rude | Sho0ter | MindCracker | Hitcher | Lnxr00t | b0x | M4DSh4K

The Official website of ASUS Computers has been Hacked By 1337 | Tha Dark | Invectus | H4x0rL1f3 | KhantastiC | Shadow008 | x3o-1337 | Dr.Z0mbie | Tha Disaster | Tha Rude | Sho0ter | MindCracker | Hitcher | Lnxr00t | b0x | M4DSh4K. The Hackers are Muslim hackers from Pakistan. The hackers hacked it after U.S had released an Anti-Islamic Movie. The Hackers had left a message on there index below:


[#] Asus Computers 0wn3d ? xD

[#] Reason:U.S People have Insult of Our Prophet Muhammad (S.A.W) and Our Religion Islam !
Islam Means Peace ! 
We want Peace and Brotherhood ! 
Why do you people want to create problems against Muslims ? 
We rispect Other Peoples Religion, And Our Religion Should Be Rispected.
Please stop making cartoons and movies after our Prophet, Please Stop !
This Site Has Been Hacked After U.S Released a Movie after Our Prophet Muhammad (S.A.W).

[#] Dont worry admin Nothing has been deleted or leaked or downloaded :), Just Index Added.

[#] ./Peace

[#] Greets: KhantastiC HaXoR | Sizzling Åžoul | Neo Haxor | Hitler | P@KhTuN~72 | Ment@l Mind | H4x0rL1f3 | InvectuS | Shadow008 | Dr.Z0mbie | b0x | Sho0ter | AL.MaX HaCkEr | 3xp1r3 Cyber Army | Pakistan Cyber Army & All Muslims


Site Hacked:

US Department Of Agriculture Hacked By BCA

US Department Of Agriculture Hacked By Bangladesh Cyber Army

A group of hackers from Bangladesh has hacked US Department Of Agriculture. The hackers group named Bangladesh Cyber Army Hacked it after US released an Anti-Islamic video.

Site Hacked:

100+ Websites Hacked By P@KhTuN~72

100+ Websites Hacked By P@KhTuN~72

A Pakistani Hacker named P@KhTuN~72 from the group called Pakistan Cyber Army has hacked more then 100 sites. The hacker had hacked it after US released an Anti-Islamic movie. The hacker had left a message on the hacked which is provided below:

Hello Admin ....
Pakistani Muslim Soldier P@KhTuN~72 is here
Muslims want peace all over the world.. 
But Insult of Our Holy Prophet Muhammad ( P.B.U.H), We Can't bear it.. 
We are more more and more stronger than you that you cannot imagine.. 
But We Want Peace & Brotherhood 
But You Boobish People and Your Boobish acts Provoked me... :@
And am Again here to Destroy Your CYber Space 
And This Is Only The Index Change for Warning...
I Do Not Want Bad Effect On Your Site;) 
Sites Hacked:

Indian programmer charged with hacking into Toyota's network

Indian programmer charged with hacking into Toyota's network

An Indian computer programmer has been charged by the FBI for hacking into Toyota's computer network and sabotaging it.

WASHINGTON: An Indian computer programmer has been charged by the FBI for hacking into Toyota's computer network and sabotaging it, after he was fired by his company that provided IT services to the Japanese automobile major. 

Ibrahimshah Shahulhameed, who provided contractual services for Toyota Motor Manufacturing in central Kentucky, allegedly hacked into the company's website and issued wrong commands leading to the crashing of the firm's supplier computer network. 

The man was charged with computer fraud in that he "knowingly caused the transmission of programmes, information, codes, and commands, and ... intentionally caused damage, without authorisation, to a protected computer," according to an affidavit in support of an arrest warrant filed in a US District Court. 

Shahulhameed was a former employee of a company called GlobalSource IT, which had assigned him to provide computer services to Toyota, reported. 

GlobalSource IT fired him in August for allegedly harassing another employee who was also assigned to work at Toyota, according to a criminal court affidavit signed by special FBI agent Adam Keown. 

The disgruntled programmer then logged on to Toyota's systems and issued commands that slowed down the functions. 

"Following his termination, Mr Shahulhameed accessed Toyota's computer system and caused damage without authorisation," the affidavit said. 

Shahulhameed, who is being held at a detention centre, had told Toyota officials that he planned to return to India, according to the local paper. 

Toyota spokesman Rick Hesterberg had said earlier that Toyota officials don't think sensitive company material from Toyota's computer system had been distributed. 

Click Here To View Source

Hackers Attack Bank of America Over Anti-Islam Film

Hackers Attack Bank of America Over Anti-Islam Film

Accessing websites

A United States bank had its website targeted by hackers Tuesday in revenge for the obscure amateur video that mocked Islam's Prophet Mohammed. Visitors to the U.S.-based Bank of America website were temporarily unable to perform transactions as a result of the attack.

The hackers, who called themselves “Cyber fighters of Izz ad-din Al qassam” appeared not to be U.S.-born, or at least, seemed to post in English as a second – or third – language. They added in the jihadist statement posted on the website that the attack was the “first step” in a larger plan to target property owned by “American Zionist capitalists.”

The cyber terror group also threatened to continue attacks until the “erasing of that nasty movie” – presumably the obscure amateur video clip mocking the life of Islam's Prophet Mohammed – that ignited worldwide violence. Rioters in Muslim-populated countries attacked U.S. embassies and consulates, as well as diplomatic missions from the UK and Germany. The film was used as the excuse to savagely carry out the murders of an American ambassador to Libya, three other American diplomats and two U.S. Marines, as well as 28 others.

The group blamed production of the film, "Innocence of Muslims," on the "United States of America with the held of Zionist Regime."

The post, made sometime Tuesday, read as follows:

My soul is devoted to you Dear Prophet of Allah
Dear Muslim youths, Muslims Nations and are noblemen
When Arab nations rose against their corrupt regimes (those who support Zionist regime) at the other hand when, Crucify infidels are terrified and they are no more supporting human rights. United States of America with the help of Zionist Regime made a Sacrilegious movie insulting all the religions not only Islam.

All the Muslims worldwide must unify and Stand against the action, Muslims must do whatever is necessary to stop spreading this movie. We will attack them for this insult with all we have.

All the Muslim youths who are active in the Cyber world will attack to American and Zionist Web bases as much as needed such that they say that they are sorry about that insult.

We, Cyber fighters of Izz ad-din Al qassam will attack the Bank of America and New York Stock Exchange for the first step. These Targets are properties of American-Zionist Capitalists. This attack will be started today at 2 pm. GMT. This attack will continue till the Erasing of that nasty movie. Beware this attack can vary in type.

Down with modern infidels.
Allah is the Greatest. Allah is the Greatest.

Charlie Hebdo Website Hacked over Prophet Mohammed Cartoons

Charlie Hebdo Website Hacked over Prophet Mohammed Cartoons

The front page of French satirical magazine Charlie Hebdo (Twitter)

The website of French satirical magazine Charlie Hebdo is under attack by hackers, after the paper published cartoons caricaturing the Prophet Mohammed.
A spokesperson form the magazine said hackers have been blocking access to the site since 5am and the attack is still ongoing.
A spokesperson for Charlie Hebdo told IBTimes UK that the magazine's staff have received several messages condemning the editorial decision to print cartoons featuring Mohammed. However no-one has claimed responsibility for the cyber-attack yet.
Anti-riot police has been sent to patrol the Paris offices of the magazine.
The weekly edition of the satirical magazine features a cartoon of an imam on a wheelchair pushed by a rabbi, accompanied by the words "Untouchables 2: do not laugh!" as well as two cartoons depicting the Prophet naked in provocative positions.

The publication comes following a wave of violent protests in Muslim countries, triggered by the anti-Islamic movie Innocence of Muslims.
According to the Muslim faith, it offensive to depict Muhammad in any manner. However Charlie Hebdo's editor Stephane Charbonnier said the cartoons would "shock those who will want to be shocked," and claimed the right to freedom of expression.
"The freedom of the press, is that a provocation? I'm not asking strict Muslims to read Charlie Hebdo, just like I wouldn't go to a mosque to listen to speeches that go against everything I believe.
"If we start to question whether we have the right to draw Muhammad or not, if that is a dangerous thing to do or not, the next question is going to be: can we depict Muslims in the newspaper? And then: can we represent human beings in the newspaper?"
Dalil Boubakeur, the senior cleric at Paris's biggest mosque, condemned the publication but called for the French Muslim community to keep calm and ignore the publication.
"It is with astonishment, sadness and concern that I have learned that this publication is risking increasing the current outrage across the Muslim world. I would appeal to them not to pour oil on the fire," he said.
France's Muslim Council also appealed for calm: "We urge French Muslims not to yield to the taunt."
French Foreign minister Laurent Fabius said he disapproved Charlie Hebdo's editorial decision.
"I am against all kind of provocations, especially in a sensitive time like the present," he said.
Last year Charlie Hebdo's headquarters in Rue Serpollet was fire-bombed after the magazine's decision to rename a special edition, featuring a cartoon of Mohammed, Charia Hebdo and list the Prophet as the editor-in-chief.
The magazine's website was also hacked in last year's attack.

Virgin Mobile USA online subscriber accounts can be easily hacked, developer says

Virgin Mobile USA online subscriber accounts can be easily hacked, developer says

September 18, 2012 — IDG News Service — The online accounts of Virgin Mobile USA subscribers are vulnerable to brute force attacks because the company forces customers to use weak passwords on its website, according to a software developer.
"Virgin Mobile forces you to use your phone number as your username, and a 6-digit number as your password," Kevin Burke, a software engineer at cloud communication company Twilio said Monday in a blog post. "This means that there are only one million possible passwords you can choose."
"This is horribly insecure," Burke said. "Compare a 6-digit number with a randomly generated 8-letter password containing upper-case letters, lower-case letters, and digits - the latter has 218,340,105,584,896 possible combinations."
Burke claims that he wrote a program which can determine the PIN number for any Virgin Mobile USA online account in less than a day, as long as the target's phone number is known, and which he successfully tested against his own account.
Once inside a Virgin Mobile online account, an attacker can read the account owner's call and SMS logs, change the handset associated with the account, change the email address and the mailing address, purchase a new handset with the credit card information on record and more, Burke said.
Burke claims that he notified Virgin Mobile USA and its parent company, Sprint Nextel, of the security issue on August 15 and he was initially told that the matter will be looked into. However, on September 14, in response to a request for a status update, a Sprint representative said that no further action will be taken by Virgin Mobile, Burke said.
It seems that Virgin Mobile USA does have some protection mechanism against brute force attacks built into its website. However, according to Burke, that protection is poorly implemented.
"Some people are mentioning they freeze you out after 4 invalid login attempts," Burke said Tuesday via email. "However you can get around this limitation by a) clearing your cookies, or b) not using a web browser like Google Chrome or Firefox to try the login attempts."
"I tried 100 bad logins in a row, followed by my good login, without getting locked out last night," the developer said. "An attacker could do the same."
When choosing their PIN on the Virgin Mobile website, customers are asked not to use more than 3 identical digits in a row -- for example 2222 -- and no more than 3 sequential numbers -- for example 2345. This is probably intended to make PINs more random and harder to guess.
Ironically, this actually decreases the number of variants that an attacker has to try in order to determine a PIN number when using a brute force attack.
"Practically speaking there's not much difference between 900K [thousands] possible combinations and a million combinations," Burke said. "It adds a little bit of time but what's an extra few minutes to a computer."
"They [Virgin Mobile USA] should allow people to use any character in their passwords, and probably set a *minimum* of 6 characters in a password," Burke said. "As I pointed out in the blog post, an 8 character password with 62 possibilities for each character has 218 trillion possible different combinations, making it impractical to brute force during our lifetime."
Virgin Mobile USA did not return a request for comment.

Nigeria: Terrorists Hack Into DHQ, Navy Websites

Nigeria: Terrorists Hack Into DHQ, Navy Websites

Abuja — Chief of Defence Staff, Air Chief Marshal Oluseyi Petinrin, raised alarm, Tuesday, that the Defence Headquarters' website and that of the Nigerian Navy had been hacked into by terrorists, adding that the threat posed by the Boko Haram sect, through online reports of their activities needed to be effectively checked.
Petinrin raised the alarm just as the Chief of Defence Communications, Air Vice Marshal Osmond Amu warned that if cyber crime was not checked, "the security challenges the country is currently facing, such as killings, bombs by Boko Haram, kidnapping, pipeline vandalism, oil theft, corruption and so on, which had kept the armed forces and other security agencies on their toes, would be nothing compared to the potential threats inherent in cyber space."

Speaking in Abuja, at the opening of the World Cyber Conference, the CDS, who was represented by Major-General K. Amao, Chief of Research and Development, DHQ, said to checkmate hacking into the websites of security agencies, "DHQ has achieved successes in the deployment of Information and Communication Technology, ICT, surveillance and tracking equipment to locate criminal elements in our society and perpetrators of the Boko Haram menace.
"However, further successes would be achieved if we appropriately apply cyber technology and space researches to tackle the country's contemporary security problems."
Declaring that it was no longer news that Nigeria has been making moves towards the actualisation of a cashless economy, the CDS said: "Before the pronouncement of the cashless policy, cyber attacks had been a major threat to the Nigerian economy. The threat to the Nigerian cashless policy can, therefore, never be overlooked.
"While the country's apex bank, CBN, backs this policy, commercial banks over the last few months have also keyed into the initiative.
"Cyber attacks may stand out as a stumbling block or threat to the actualisation of this project, except concrete measures are put in place to counter such attacks."
On his part, AVM Amu said: "The armed forces and other security agencies are by themselves incapable of containing the physical security challenges, hence the call for collective participation. Same applies to the containment of cyber threat, but with a higher universal involvement."
In her message, Minister of State for Defence, Erelu Olusola Obada, said the prevalence of cyber crime is a worrisome development as Nigeria becomes more reliant on ICT.

Source: Click to View

Private BitTorrent Tracker Hacked, Passwords Leaked By Afghani Hackers

Private BitTorrent Tracker Hacked, Passwords Leaked By Afghani Hackers

Private BitTorrent Tracker Hacked, Passwords Leaked By Afghani Hackers
Hackers generally view BitTorrent trackers as friendly entities. Members of Anonymous are constantly extolling the virtues of The Pirate Bay and other trackers. Some hackers, however, are proving to be not as friendly.
It was revealed this morning that RevolutionTT, a private BitTorrent tracker, had been hacked. A group simply calling themselves “Afghanistan Hackers” uploaded a text file containing 19,000 username/password combinations for the exclusive torrent tracker. They encourage people to log in to private accounts, change the password, and enjoy the site for themselves.
TorrentFreak reports that the information leaked in the document is real. People have been using the username/password combinations to log into paid accounts. From there, people began to send fraudulent emails from the hacked accounts, or began looking to see if the same usernames or passwords had been used on other sites.
It’s already strange to see a torrent tracker get hacked, but the response has been even stranger. The admins at RevolutionTT are claiming they were not hacked. They have even started to ban members who are asking legitimate questions about the hack.
Regardless, old and current members of RevolutionTT are encouraged to change their passwords now. These kind of attacks can have ripple effects across the Internet. A victim on one site can find that all of their accounts across the Internet have been hacked simply because they used the same password across all of them.
There is a sliver of good news in all of this. The data leaked by the hackers may be an old dataset. Some of the usernames/passwords combinations work, but others do not. The hackers say they will release more information in the next few weeks though. The next batch could be more recent datasets that could cause even more harm.
A hack of this level is nothing new. It’s unfortunate, but it’s the kind of world we live in now. The significance of this particular attack shows that nothing is sacred. Hackers aren’t drawing lines anymore, and they will attack anything that has the potential for profit or chaos. The group here has obviously obtained the latter, and they may just obtain the former if the information from RevolutionTT proves to be useful.

255 websites Restored by "Venki" From "Indian Cyber Pirates"

255 websites Re-hacked and after ward restore by "Venki" From "Indian Cyber Pirates". This is kind of act is quit common that hacker restore hacked sites of there country. This will also increase awareness of web admin to increase knowledge and secure there servers.

Restore Sites List:


400+ Greece Sites Pwned By DevilzSec Team

400+ Greece Sites Hacked and Defaced By DevilzSec Team. According to hacker whole server was rooted. This hack also point of lot of question for security experts. These kind of attacks are clearly showing how much awareness about security is need in cyber world.

The list of impacted sites and mirrors was published on Pastebin , at press time, all of them still weren’t restored. 

Hacked Sites List:


Facebook Overtakes Google's Traffic | Facebook Global Alexa Rank 1

Facebook Overtakes Google's Traffic | Facebook Global Alexa Rank 1

Facebook has overtaken Google traffic according to Alexa Ranking. Google's Global Rank as been changed to 2 while Facebook Global Ranking has been changed into 1. Who knew that a site would be able to over take Google's traffic some day.

Alexa Ranking:

Now, get insured against being hacked on Facebook, Twitter

Now, get insured against being hacked on Facebook, Twitter

Now, get insured against being hacked on Facebook, Twitter

You may soon insure your Facebook and Twitter accounts against the nuisance of hacking as a UK-based company has launched the country's first social media insurance.
The information privacy company is offering services to specifically protect against reputational damage, account jacking and ID theft, the Daily Mail reported.
Hacking of users accounts on Facebook, Twitter, LinkedIn and other social media sites are quite common, where another user logs in and posts derogatory or offensive messages, and can cause huge damage to an individual or business's image.
Justin Basini, CEO of the company providing the service, ALLOW, said that insurance "perhaps wouldn't have been needed a few years ago." "That's all changed now. Every internet user faces a certain level of risk that one day a digital criminal will target them or that they will suffer damage to their reputation," Basini said.
The cover, at a cost of 3.99 pounds a month, will pay for legal advice and support if someone suffers an on-line attack and seeks some form of redress.
The insurance includes the cost of disabling accounts, suppressing offensive material and stopping any legal action triggered by hacking, for example if a hacker posts illegal material under a victim's name, the paper said.
It is available via the ALLOW Protect service, which also allows users to monitor how their personal data is used on-line, it added.
On-line abuse and identify theft are so common that social media users are being sold specialist insurance to help protect their reputation.

Source: View Source

Bangladesh blocks YouTube over film

Bangladesh blocks YouTube over film

Dhaka, Sep 17 (—Authorities in Bangladesh on Monday blocked YouTube's website indefinitely to stop the people watching a US-made film that insults the Prophet Muhammad and has sparked violence in the Muslim world.

Visitors in Bangladesh could not access the site after 5:30pm on Monday, a BTRC System and Service Department official told

Four US officials including the Ambassador to Libya were killed in the east Libyan city of Benghazi last week after anger over the film boiled over and there have also been protests against its content in Egypt and Yemen.

YouTube, the video website owned by Google Inc, has declined to take the film down, saying it fell within their guidelines, but blocked access to the film in Egypt and Libya because of "special circumstances" in those countries.


Your smartphone will (eventually) be hacked

Your smartphone will (eventually) be hacked

NEW YORK (CNNMoney) -- Security experts have warned for years that our smartphones are due for a major cyberattack. Like PCs back in the early days -- the 1990s -- mobile phones are largely unprotected by antivirus software, and they're a treasure trove of valuable information.
So why hasn't the smartphone Armageddon happened yet?
Basic economics is one reason. Cyberthieves are making so much money attacking Windows PCs that there hasn't been much incentive to change tactics. It's hard to track down exact statistics on how much money is stolen each year through cyberattacks, but most security experts put the dollar figure in the billions. One single, recent hack that Verizon (VZ,Fortune 500) investigated -- debit card numbers stolen from merchants through secretly installed keyloggers -- resulted in a loss of $20 million.
Microsoft (MSFTFortune 500) Windows is still the low-hanging fruit. With 92% share of the PC market and a two-thirds share of all Internet-connected devices, Windows is the obvious target to attack if you're a hacker looking to make money.
We're about to hit a tipping point, though. Most people still do their online banking and shopping on their PCs, but those transactions are happening on mobile phones more frequently. Where money goes, cybercrooks follow.
Here are the scary numbers: Cyberattacks on mobile phones rose by a factor of six this year, according to Intel (INTCFortune 500) subsidiary McAfee. Four in 10 mobile users will click an unsafe link on a smartphone this year, according to Lookout Security.
Yet less than a fifth of the devices run any antivirus software, according to security research organization SANS. An RSA study shows we're much more likely to click on phishing attacks on mobile devices than we are on PCs.
Still, not even one major cyberattack has hit smartphones. What's up?
The good news is that developers learned from the industry's long history of cybersecurity debacles. Smartphone operating systems were built from scratch fairly recently -- not much legacy code here -- and were designed with strong security protections. Though it's possible, it's incredibly difficult to attack a device through one program and then own an entire phone.
Fragmentation is also an unexpected protection. With so many different varieties of Google's (GOOGFortune 500) Android operating system out there, it's hard to write the right code for a wide swath of devices.
Even users of Android -- the target of almost all mobile malware -- are far less susceptible to attack than PC users. The growth in mobile threats is dramatic, but the 13,000 different kinds of mobile malware McAfee has found this year is still teeny compared with the 90 million threats it detected for PCs.
Still, experts say it's just a matter of time before mobile catches up.
"The money is in mobile, and that's where they're moving," said Stu Sjouwerman, CEO of KnowBe4, a security training company. "Malware on mobile phones is going to be as prevalent as on the PC. It's inevitable, unfortunately."
Smartphones have become personal computers that travel around with us at all times. Mobile attacks are difficult, and the smartphone space may never be as homogeneous as the PC market, but crooks follow the cash. As smartphones become our primary devices, the cybercriminals' motivation for targeting them grows. All it will take is one slip up by Apple(AAPLFortune 500) or Google.
"What will happen is one of these smartphone makers will release a new OS or browser, and there will be a hole," said Alan Wlasuk, the managing partner of WDDInc., a software development company. "An attacker will exploit that. That's going to happen for sure." 
Source: Change Source

116 USA Based Websites Hacked By Sizzling Soul

116 USA Based Websites Hacked By Sizzling Soul

116 USA Based Websites Has been Hacked By Sizzling Soul, a team member from Pakistan Cyber Army. The Hacker had Hacked it after U.S had made an Anti-Islamic movie. 

Sites Hacked:

Related Posts Plugin for WordPress, Blogger...