In 2011, LulzSec was a name that everybody knew. They were the hacking group behind the PlayStation Network hack of 2011
that brought the service down for more than a month. They were also
responsible for a number of other attacks on companies over the course
of a few months.
Since then, the members of LulzSec have been rounded up and taken to trial.
The latest trial saw Cody Kretsinger, known as “Recursion” in online
circles, sentenced to a year in prison. He was convicted on one count of
conspiracy and unauthorized impairment of a protected computer. After
his year in prison, he will remain under home detention.
You may be thinking that Kretsinger’s sentence is a little light. He was able to get his sentence down to a year thanks to a plea bargain he made last year
with federal prosecutors. As part of that plea bargain, he admitted to
hacking into a Sony Pictures’ database and sharing the information with
other members of LulzSec.
Home detention won’t be the only thing that Kretsigner has to look
forward to after his stint in prison either. The U.S. district judge
ordered him to complete 1,000 hours of community service. Maybe he can
help clean up Sony Pictures’ studios in Los Angeles to help make up the
$600,000 in damages that federal prosecutors say he caused the studio.
Kretsinger is one of the last original LulzSec members to be
sentenced for their hacking spree in 2011. The hacker collective fell
apart last year when its leader, known as Sabu, went rogue and started working with the FBI as an informant. There have been attempts to resurrect the group since then, but nothing has come of it.
Computing Tips and News
Monday, June 23, 2014
Largest DDoS Attack Hit hong kong democracy voting website
Hackers
and cyber attacks are getting evil and worst nightmare for companies
day-by-day. Just last week a group of hackers ruined the code-hosting
and software collaboration platform, ‘Code Spaces’ by destroying their Amazon cloud server, complete data and its backup files too.
Recently, the largest ever and most severe Distributed Denial of Service (DDoS) attacks
in the history of the Internet has been recorded that hit the online
democracy poll promoting opinion on the upcoming Hong Kong elections.
PopVote,
an online mock election operated by The University of Hong Kong’s
Public Opinion Program, by Saturday recorded more than half a million
votes in less than 30 hours in the unofficial referendum that provided
permanent residents of Hong Kong to choose their preferred political
representatives, that is suppose to be continued until June 29.
However,
the Chief Executive is officially chosen by a 1,200-member Election
Committee under the current political system and drawn largely from
pro-Beijing and business camps.
On the first day of voting, China’s State Council denounced the voting as “illegal and invalid.”
Hong Kong’s chief executive, Leung Chun-ying, said all the proposals on
the ballot are not complied with Hong Kong’s Basic Law, the territory’s
de facto constitution.
On Friday, Matthew Prince,
the CEO and co-founder of San Francisco based CloudFlare, the web
performance company maintaining the voting website, said that the DDoS
attack on the Occupy Central’s voting platform was “one of the largest and most persistent” ever.
According to Prince, the
cybercriminals appeared to be using a network of compromised computers
around the world to effectively disable the service of the voting
website with an overwhelming amount of traffic. In such cases of
attacks, the computer users who are exploited are usually unaware that
their systems have been compromised.
Prince also wrote on Twitter: “Battling 300Gbps+ attack right now,”
on the first day that the vote began. Three hundred gigabits per second
is an enormous amount of data to take down any huge servers.
Also a DDoS attack last year on Spamhaus,
a non-profit organisation that aims to help email providers filter out
spams and other unwanted contents, is largely considered to be the
biggest DDoS attack in the history, which the Cloudflare said the attack
“almost broke the Internet.”
Cisco Open sources experimental small domain block cipher
In cryptography, Block ciphers
such as AES or DES are a symmetric key cipher operating on fixed-length
groups of bits, called blocks, and typically operate on large input
data blocks i.e. 64 or more than 128, 256 bits.
Block cipher encrypts Plain-text to Cipher-text by applying
cryptographic key and algorithm to a block of data at once as a group
rather than to one bit at a time, so that identical blocks of text do
not get encrypted the same way.
However, some applications need smaller blocks, and possibly non-binary blocks. So, to fulfil this need Cisco is providing a small block cipher, what it calls “FNR” (Flexible Naor and Reingold), but currently it is an experimental block cipher rather a production software.
Sashank Dara, software engineer at the security technology group Cisco,
says in a detailed explanation that FNR is a flexible length small
domain block cipher for encrypting objects that works without the need
for padding, as happens in the traditional block ciphers such as AES
(Advanced Encryption Standard) and DES (Data Encryption Standard).
“But one of the issues is the need for padding—so if you need to
encrypt small amounts of data you may end with a huge difference in
input vs. output size. As an example, using AES/128 on ECB mode to
encrypt an IPv4 address results in an input size of 32 bits, but an
output size of 128 bits. This may not be desired for some applications.” Sashank Dara said.
FEATURES OF FNR
- Format-preserving encryption (FPE) - the length of plaintext and ciphertext remains same.
- FNR is flexible for large input domains that are greater than 32 bits and less than 128 bits.
- The encryption key length is not dependent on the input length and rather depends on underlying pseudo-random function (PRF).
I have taken an example from Wikipedia to explain the importance of Format-preserving encryption (FPE):
Suppose we want to encrypt a 16-digit credit card number 1234567812345670 using AES algorithm like ECB or CBC that will transform a credit card number into a large, fixed-length, binary value i.e. hexadecimal output value - 0x96a45cbcf9c2a9425cde9e274948cb67, which contains many bytes that are considered invalid when compared to a typical credit card number. If a credit card number is stored in a column of a database whose entries are char or varchar data, then the encrypted data cannot be stored in same column without changing the format of the column. If the encrypted data is Base64 encoded to ensure that it only contains valid characters, the size of the encrypted credit card number increases from 16 bytes to 24 bytes, changing the encrypted credit card number to lqRcvPnCqUJc3p4nSUjLZw==. In either case, applications that process the credit number may similarly be unable to handle an encrypted value without some modification.
SMALL-BLOCK ENCRYPTION SECURITY?
Small domain block ciphers are useful tool in designing privacy of
sensitive data fields of smaller length, but smaller blocks leads to
important security issues and building a secure small block cipher is
known to be a tricky task.
According to Cisco, FNR is an experimental small domain block cipher for
encrypting objects like IPv4, Port numbers, MAC Addresses, IPv6 address
and any random short strings and numbers, while preserving their input
length.
“Like all deterministic encryption methods, this does not provide
semantic security, but determinism is needed in situations where
anonymizing telemetry and log data (especially in cloud based network
monitoring scenarios) is necessary,” Cisco warned.
Cisco has Open Sourced the FNR encryption scheme under open source license LGPLv2 on Github.
Cisco has Open Sourced the FNR encryption scheme under open source license LGPLv2 on Github.
CASH CASH! Hacking ATM machines with just a text Message
As we reported earlier, Microsoft will stop supporting the Windows XP operating system after 8th April, apparently 95% of the world’s 3 million ATM machines are run on it. Microsoft's decision to withdraw support for Windows XP poses critical security threat to the economic infrastructure worldwide.
MORE REASONS TO UPGRADE
Security researchers at Antivirus firm Symantec
claimed that hackers can exploit a weakness in Windows XP based ATMs,
that allow them to withdraw cash simply by sending an SMS to compromised
ATMs.
"What was interesting about this variant of Ploutus was that it allowed cybercriminals to
simply send an SMS to the compromised ATM, then walk up and collect the
dispensed cash. It may seem incredible, but this technique is being
used in a number of places across the world at this time." researchers said.
HARDWIRED Malware for ATMs
According to researchers - In 2013, they detected a malware named Backdoor.Ploutus, installed on ATMs in Mexico, which is designed to rob a certain type of standalone ATM with just the text messages.
To install the malware into ATMs machines,
hacker must connect the ATM to a mobile phone via USB tethering and
then to initiate a shared Internet connection, which then can be used to
send specific SMS commands to the phone attached or hardwired inside
the ATM.
"Since
the phone is connected to the ATM through the USB port, the phone also
draws power from the connection, which charges the phone battery. As a
result, the phone will remain powered up indefinitely."
HOW-TO HACK ATMs
- Connect a mobile phone to the machine with a USB cable and install Ploutus Malware.
- The attacker sends two SMS messages to the mobile phone inside the ATM.
- SMS 1 contains a valid activation ID to activate the malware
- SMS 2 contains a valid dispense command to get the money out
- Mobile attached inside the ATM detects valid incoming SMS messages and forwards them to the ATM as a TCP or UDP packet.
- Network packet monitor (NPM) module coded in the malware receives the TCP/UDP packet and if it contains a valid command, it will execute Ploutus
- Amount for Cash withdrawal is pre-configured inside the malware
- Finally, the hacker can collect cash from the hacked ATM machine.
Researchers have detected
few more advanced variants of this malware, some attempts to steal
customer card and PIN data, while others attempt man-in-the-middle
attacks.
This malware is now spreading to other countries, so you are recommended to pay extra attention and remain cautious while using an ATM.
Tuesday, January 14, 2014
Thursday, December 12, 2013
Microsoft has released Security Patch for CVE-2013-5065 TIFF Zero-Day vulnerability and 5 other emote code execution flaws

Hacker fined with $183,000 for just One-Minute of DDoS attack
Eric Rosol, A 38-year-old hacker who joined an Anonymous hacker attack for just one minute has been sentenced to two years of federal probation and ordered to pay $183,000 fine. Yes you read right! $183,000 fine for just 1 Minute of DDoS attack.
In 2011, Eric participated in a distributed denial-of-service (DDoS) attack organized by hacker collective Anonymous against the servers of Koch Industries. The DDoS attack was organized in opposition to Koch Industries’ reported weakening of trade unions. He used a software called a Low Orbit Ion Cannon Code, LOIC is a popular DDoS tool used by anonymous hackers and other hackers to perform the DDoS attack. Rosol pleaded guilty and was agreed to direct pay for the losses as a result of the attack on the company website i.e. around $5,000 only, but Koch Industries had argued that it hired a consulting group to protect its web sites at a cost of approximately $183,000. Unfortunately, the company website was knocked offline for just 15 minutes and now Eric has to pay the bill of the Cyber Security consulting group. Similar crimes have also carried heavy punishments i.e. Jeremy Hammond, 28, Anonymous group member was sentenced last month to 10 years in prison for hacking various government agencies and a global intelligence company - Stratfor.
Subscribe to:
Posts (Atom)