Tag : hacker

Teenage hacker grabs massive data from 800,000 open FTP servers

hacker

Not all teenagers are sneaking out in the middle of the night, one is sneaking into nearly 800,000 open FTP servers. The story begins with a security researcher, Minxomat, scanning IPv4 addresses to find nearly a million open FTP servers needing no authentication for access. This scan revealed that not only is no authentication needed but that 4.32 percent of all FTP servers in the IPv4 space can be accessed by an anonymous user login with no password. Seriously!!

Shortly there after this report was released, reports surfaced that a young teen hacker by the name of “Fear” had gained access to and downloaded massive amounts of data from every state with a domain on .us, as well as some .gov domains. (In a report to Network World)

“I gained access to an FTP server that listed access to all the FTPs on .us domains, and those .us domains were hosted along with .gov, so I was able to access everything they hosted, such as public data, private data, source codes etc.,” Fear told DataBreaches.net. It was “very simple,” he said, “to gain access to the first box that listed all the .us domains and their FTP server logins.”

Network World

He later added to this claim, stating that the attack was a SQL injection (poorly coded web database that leaks information). Fear gained access to credit card information, social security numbers, email address, home addresses, phone numbers, and web-banking transactions. Fear claims there was no encryption to protect the data and that he could “read all of it in plain text form”

His message to those responsible for securing state and government FTP servers is: “5 char passwords won’t save your boxes.”

On Sunday, someone in Florida attempted to secure the data, taking down the FTP server before password-protecting it and bringing it back up, but Fear said, “Too bad they don’t know its backdoored LOL…. they legit suck at security.”

Network World

Security professions are questioning the reliability of the claim.

“We can’t state unequivocally that he did not hack something, but only because it’s impossible to prove something didn’t happen,” said Neustar Senior Vice President Rodney Joffee.

But as Fear states “It only takes 13 hours and 23 minutes and 12 seconds for somebody to finish gathering data on every US citizen,”

The Hill 


If you would like to learn more about the infomration presented in this blog post please visit: www.networkworld.com  www.thehill.com 

 

Ransomware – Never too late to negotiate

negotiate

Researchers claim that ransomware campaigns are usually willing to negotiate these days.

“Cybersecurity firm F-Secure released a new report, “Evaluating the Customer Journey of Crypto-Ransomware and the Paradox Behind It,” which claims that three out of four ransomware criminal gangs were willing to negotiate the ransom fee.” – Charlie Osborne, writer for ZDNet.

By creating a fake account, researchers were able to negotiate with hackers and even receive up to 30 percent “discounted” from their ransom. This changes what we already know about ransomware. Many times when ransomware takes hold, a deadline for payment is put into place, creating a sense of urgency and stress for the victim. Hackers want you to pay as quickly as possible, and often place a lingering threat of further file deletion if payment is not met in a timely fashion. F-secure states that this is not exactly true, and that ransomware deadlines are more flexible than the average victim is aware of. As proven to be true with the fake account, each cyber attacker contacted by fake victims offered deadline extensions for payment. Remember this is for payment, not for letting victims off without file deletion.

F-Secure believes hackers are interested in establishing trust between victim and hacker to ensure they receive payment in some form. Hackers don’t necessarily care about the files lost, but are willing to work with you, purely for payment purposes. Begging and pleading still won’t get you much more than that.

As always, taking steps to stay secure is the best practice to avoiding ransomware. Negotiating is now on the table, but the reward is small in comparison to avoiding the malware altogether.

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.zdnet.com 

5 Ways to Spy a Hacker in Your Network

download

1. Search for the telltale signs of a breach. 

Port Scans? Excessive failed log-ins? When a hacker infiltrates an unfamiliar network they need to learn the topology of the network, looking for vulnerable points of access in servers. From this point they can pinpoint administrative users and data stores.

2. Look for a “normal” user performing administrative tasks. 

By using native tools on computers and servers, hackers can stay under the radar for much longer than if they were to use known attack tools. Anti-virus software should pick up on malware and attack tools, but not normal administrative tools. Determining who the admins with the organization are can significantly lessen the worry. Active Directory aids in establishing user roles and privileges with which you can then use to see the applications and devices used by administrators or that are managed by administrators. Awareness about what the administrators within the organization are using, should make it easier to spot when an attacker is looming in the background.  If a hacker takes control of a administrator machine and begins performing tasks, you’ll be able to identify if this is normal or suspect activity.

3. Look for a device using multiple accounts and credentials to access network resources. 

Hackers, both internally and externally, generally steal user account information or generate fake accounts in order to gain access to the network. In order to spy indicative markers of of attack activity, analyze credential usage. Make sure to monitor network traffic and analyze log from the authentication and authorization infrastructure in your network. Extract data and look carefully to see how many systems each user interacts with, and monitor abnormalities.

4. Look for an attacker trying to find valuable data in file servers. 

By figuring out what Windows file shares are accessible, attackers hunt for important data such as intellectual property and banking information, or once they find important data they will encrypt it and the rest is history. A valuable signal would be to spot abnormalities in file share access. This is a preventative measure for spotting both hackers and employees considering insider theft.

5. Look for the command and control activity or persistent access mechanisms. 

Keep an eye on outbound communication. Attackers need to be able to communicate between the Internet and endpoints they control within your network. There could be malware and Remote Access Trojans in your network, so be mindful of indications of malicious software phoning home.

 

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit:Five signs an attacker is already in your network

10 year old finds Instagram bug and cashes in big

facebook-instagramJani, the 10 year old that found a bug in Instagram, probably didn’t know you technically have to be 13 years old in order to even have an Instagram account. You may have to be 13 to have an account but there are no rules against age in the bug and hacking community. Jani found the glitch when he was able to delete any users comments off of Instagram. Jani says he was able to delete any text content he wished to, and although he didn’t proceed to delete any user text, he said if he wanted to he could have. The 10 year old, in true 10 year old fashion, related the severity of the bug to that of Justin Bieber, saying he could delete comments from anyone’s page, even Justin Bieber’s. Don’t worry Bieber fanatics, he resisted, and decided to rather exploit the bug to Facebook, wiping one of their comments from their test accounts and cashing in on $10,000.

The bug was detected by Jani in February, patched that same month, with his check in hand a month later. He has decided to buy himself a new soccer ball and bike. He also purchased two new computers for his brothers. Jani wishes to work as a security researcher when he is older, and we think he’s well on his way.


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit:10-year-old claims $10,000 bug bounty from Facebook

 

iPad and iPhone Can Be a Security Risk

BVA has found that these types of mobile devises if not provisioned correctly can seriously be a security risk to your network environment.  Security policies need to be set forth to ensure security at all levels of access.  Apple iPad tablet device as well as the iPhone is slowly becoming a legitimate business tool, your employees will soon have them in hand and invade your business. The reality is that the iPhone changes the playing field for security and really surprised IT consulting companies and their administrators when it got released.   The users needs versus wants changed completely where being able to have a Smartphone that just sync’s calendars, contacts, and emails changes drastically. The iPhone hit the scene and next thing we were getting requests for it to be integrated into a businesses mail environment immediately. These requests were coming from owners and directors, decision makers were being demanding about making it work, totally side-stepping the security protocols set forth by years of experience and best practice.  The bottom line is that the line between corporate tool and consumer gadget has not just been blurred; it has been completely erased.  There have been several studies that have shown that when asked, the iPad and iPhones present the greatest smartphone security risk for IT.  It’s a scary thought that you have locked down your environment but since a new gadget gets releases to the market and owners want it, it diminishes the integrity of the system.

There was recently a few contents by security outfits where they had people hack the iPhone in less than 2 minutes and won a cash price.  This is a scary thought and quite frankly shows how easy it can be for the non-hacker.  Obviously it might take a little longer from a less talented hacker but it can clearly be done.  Apple has little intention to make their OS more secure because it’s not the market that they are targeting.  Again they are targeting the consumer, not the business enterprise.  I am sure there will be a point in time when that day comes but it is not in the near future.  If Apple at the very minimum addressed just the enterprise security, supportability requirements, and new hardware level encryption.  I want to be very clear that the OS on the iPhone is the same as the iPad as well as its security. Apple targeted the iPad primarily as a media consumption gadget for the residential consumer, not the business community but again we have seen this shift.  I am not saying that you should ban the iPhone or iPad but develop policies and procedures that address the rules of engagement for integrating the iPad with your network environment.

As you develop the policies, keep in mind that the iPad is unique and could fall into a few different areas for policies.  Here are some key points to keep in mind:

•    delivers notebook-like functionality
•    smartphone OS platform
•    normally placed in the policy bucket for computer usage and security policies, not recommended
•    a good policy bucket to consider – smartphone usage and security policies (recommended)
•    same smartphone OS was hacked in less than 2 minutes

Make sure that whatever policy selected addresses the most important factor here which is allowing or denying the storage of confidential or sensitive information on the iPad, or how e-mail, instant messaging and other communications conducted through the iPad fit within archiving and compliance requirements.