Archive for Hacked

Prince Albert Police Website Defaced By Hackers

Posted in Commentary with tags on November 8, 2017 by itnerd

For the benefit of those outside Canada, Prince Albert is third-largest city in the province of Saskatchewan. It’s also where the website for the local police force was defaced by hackers claiming to be doing this on behalf of the terrorist group known as ISIS:

The website early Wednesday displayed the message “I Love Islamic state” and played an audio track with a man speaking in Arabic. The speech is propaganda for fundamentalist and violent actions, addressed to Muslims and glorifying ISIS fighters.  

A group named Team System Dz claims responsibility for the hacking. The group has been behind other such incidents in Canada. 

Now let me be clear. While defacing a website is technically hacking, it’s the digital equivalent of painting the side of a building with graffiti. While some skill is involved, the people behind this aren’t exactly people with 3l173 h4ck3r 5k1llz (elite hacker skills in leet speak). Now if they used this as a gateway to pull off something like take over the Prince Albert Police network, leak data or something along those lines, then I’d be impressed. But as it stands at present, while this is embarrassing to the Prince Albert Police, the pwnage was not epic. Though I will note that Team System Dz seems to be very good at this since they popped onto the radar in 2014 as they’ve been responsible for doing this sort of thing about 300 times globally from my research. Thus I guess they deserve their notoriety for the scale of their activities if nothing else.

Advertisements

Backdoor in CCleaner Infects Windows Users With Malware

Posted in Commentary with tags on September 18, 2017 by itnerd

Avast has advised users of its CCleaner which is an optimization application for Windows to immediately update their software after discovering a backdoor in the tool. Here’s what Forbes had to say:

The affected app, CCleaner, is a maintenance and file clean-up software run by a subsidiary of anti-virus giant Avast. It has 2 billion downloads and claims to be getting 5 million extra a week, making the threat particularly severe, researchers at Cisco Talos warned. Comparing it to the NotPetya ransomware outbreak, which spread after a Ukrainian accounting app was infected, the researchers discovered the threat on September 13 after CCleaner 5.33 caused Talos systems to flag malicious activity.

Further investigation found the CCleaner download server was hosting the backdoored app as far back as September 11. Talos warned in a blog Monday that the affected version was released on August 15, but on September 12 an untainted version 5.34 was released. For weeks then, the malware was spreading inside supposedly-legitimate security software.

The malware would send encrypted information about the infected computer – the name of the computer, installed software and running processes – back to the hackers’ server. The hackers also used what’s known as a domain generation algorithm (DGA); whenever the crooks’ server went down, the DGA could create new domains to receive and send stolen data. Use of DGAs shows some sophistication on the part of the attackers.

Now it’s really embarrassing when an anti-virus company has one of its own products be a vehicle for malware. Clearly someone over at Avast was asleep at the switch. If you’re a Windows user who uses this software, I’d be dumping it right now and following these directions to see if you were infected. Then you should install(if you must) to the latest version which is available for download here.

Latest Game Of Thrones Episode Leaked

Posted in Commentary with tags on August 4, 2017 by itnerd

It seems that HBO has a new problem which comes hot off the heels of getting pwned earlier this week by hackers. The upcoming episode of Game Of Thrones has been leaked. It’s apparently a low quality screener copy. But the fact that even that got leaked is what matters because it came from a distribution partner rather than the hack that happened this week. Clearly, they have some issues both inside and outside that they have to deal with. And they likely need to deal with them fast to keep from being in the news for all the wrong reasons.

White House Staffers Pwned By Prankster Via Email

Posted in Commentary with tags on August 1, 2017 by itnerd

Cyber security was supposed to be a top of mind item for the folks running the US right now. But if I had to grade them on their efforts, that grade would be “F” based on the news that White House staffers fell victim to a social engineering attack:

A self-described “email prankster” in the UK fooled a number of White House officials into thinking he was other officials, including an episode where he convinced the White House official tasked with cyber security that he was Jared Kushner and received that official’s private email address unsolicited.

“Tom, we are arranging a bit of a soirée towards the end of August,” the fake Jared Kushner on an Outlook account wrote to the official White House email account of Homeland Security Adviser Tom Bossert. “It would be great if you could make it, I promise food of at least comparible (sic) quality to that which we ate in Iraq. Should be a great evening.”

Bossert wrote back: “Thanks, Jared. With a promise like that, I can’t refuse. Also, if you ever need it, my personal email is” (redacted).

Bossert did not respond to CNN’s request for comment; the email prankster said he was surprised Bossert responded given his expertise. The emails were shared with CNN by the email prankster.

Now, you’re likely wondering what the big deal is. As famed hacker Kevin Mitnick pointed out in his book The Art Of Deception, all the firewalls and security software in the world won’t save you from someone who leverages people to get the information that they want from computer systems. Thus, if this wasn’t a prankster, but instead it was a nation state looking to pwn the White House, the lack of security awareness by these people could be catastrophic.

It looks like the US Government needs some remedial education when it comes to cyber security.

Game Of Pwns: Hackers Pwn HBO

Posted in Commentary with tags on August 1, 2017 by itnerd

Hackers are clearly fans of HBO as EW is reporting that HBO has been pwned by hackers and info related to the network has been leaked:

“HBO recently experienced a cyber incident, which resulted in the compromise of proprietary information,” the network confirmed in a statement. “We immediately began investigating the incident and are working with law enforcement and outside cybersecurity firms. Data protection is a top priority at HBO, and we take seriously our responsibility to protect the data we hold.”

Hackers claimed to have obtained 1.5 terabytes of data from the company. So far, an upcoming episode of Ballers and Room 104 have apparently been put online. There is also written material that’s allegedly from next week’s fourth episode of Game of Thrones. More is promised to be “coming soon.” 

I guess that winter has come for HBO.

It appears that the hackers are looking for fame and not fortune. At least for now because no ransom demand has been made. But this is part of a trend of movie and TV studios and networks being pwned by hackers to leak content. After all, content is king.

Trump Hotels Get Pwned By Hackers

Posted in Commentary with tags , on July 12, 2017 by itnerd

I wrote a while ago that Trump hotels had poorly secured WiFi that potentially made them easy to pwn by hackers. Now a report has surfaced that 14 Trump properties have been pwned by hackers, and in the process underscoring how insecure Trump properties seem to be from an IT perspective:

Guests at 14 Trump properties, including hotels in Washington, New York and Vancouver, have had their credit card information exposed, marking the third time in as many years that a months-long security breach has affected customers of the chain of luxury hotels.

The latest instance occurred between August 2016 and March 2017, according to a notice on the company’s website, and included guest names, addresses and phone numbers, as well as credit card numbers and expiration dates. The breach took place on the systems of Sabre Hospitality Solutions, a reservation booking service used by Trump Hotels, but did not compromise the Trump Hotels’ systems.

“The privacy and protection of our guests’ information is a matter we take very seriously,” the notice said, adding that Trump Hotels was notified of the breach on June 5. Trump Hotels declined to comment beyond what was posted in the notice.

The story goes on to show that Trump properties have had a long history of epic pwnage by hackers. Not only that, they’ve been slapped by governments like New York State for being so pwnable and not reporting data breaches promptly. Now hotels are a popular target for hackers wishing to swipe credit card data. But it seems that Trump hotels are a really popular target for whatever reason. Thus it might be a good idea to avoid staying in a Trump hotel if you value your credit card data.

 

This Week’s Ransomware Attack May Have Been Aimed At Ukraine

Posted in Commentary with tags on June 29, 2017 by itnerd

Research and investigation into Petya ransomware which has affected computers in over 60 countries has yielded three interesting facts according to Comae’s Matthieu Suiche:

  1. Ukraine was the epicenter of the attack. According to Kaspersky, 60 percent of all machines infected were located within Ukraine.
  2. The attackers behind the attack have made little money. At most they made around $10,000. Which suggests that money wasn’t a motive at all.
  3. Petya was either “incredibly buggy, or irreversibly destructive on purpose.” Thus Suiche suggests that this ransomware was really a “wiper” which is malicious code meant to destroy and damage.

Here’s some more details from Suiche:

We believe the ransomware was in fact a lure to control the media narrative, especially after the WannaCry incidents to attract the attention on some mysterious hacker group rather than a national state attacker like we have seen in the past in cases that involved wipers such as Shamoon.

The attacker took an existing ransomware which he repackaged.

Lately, the number of attacks against Ukraine increased from Power Grids being shut down to the car a top military intelligence officer exploding yesterday — the day Petya.2017 infected Ukraine.

The fact of pretending to be a ransomware while being in fact a nation state attack — especially since WannaCry proved that widely spread ransomware aren’t financially profitable — is in our opinion a very subtle way from the attacker to control the narrative of the attack.

That would suggest that Russia was behind this as nobody else that I know of would gain a lot from destabilizing Ukraine. It also suggests that the computers in other countries that were affected by this were cover for this operation or they were simply collateral damage. Here’s the danger for any country, Russia or otherwise, who chooses to engage in activities like this. Sooner or later, someone will hit someone with some sort of cyber attack, and the recipient will hit back and hit back hard. That will lead to an all-out cyber war and that has the potential not to end well because the potential for a cyber war to spill out into something with bombs and guns is a very real possibility.