Category Archives: Black Hats

07/21/11

Security – Hacking Tools & Utilities – good tools to have in your collection

Whatever colour hat you are – White – Gray – Black – these are some of the tools you will need for scuz-security work.

Cyber Ricardo

Cyber Ricardo - el GatoMalo - Cyber Hippy

 

1. Nmap –  Get Nmap Here - nmap -v -sS -A xxx.xxx.xxx.xxx

2. Nessus Remote Security Scanner - Get Nessus Here

3. John the Ripper - Yes, JTR 1.7 was recently releasedYou can get JTR Here

4. Nikto - Get Nikto Here

5. SuperScan - Get SuperScan Here

6. p0f - Get p0f Here

7. Wireshark (Formely Ethereal) - Get Wireshark Here

8. Yersinia - Get Yersinia Here

9. Eraser - Get Eraser Here.

10. PuTTY - Get PuTTY Here.

11. LCP - Get LCP Here

12. Cain and Abel - Get Cain and Abel Here

13. Kismet - Get Kismet Here

14. NetStumbler - Get NetStumbler Here

15. hping - Get hping Here

0.1 Metasploit – Backtrack – Paros – Proxy – Toufeeq – Pedro – BO2k – Optix – Beast – NetCat – LCP – Immunity Debbuger - 

 

 

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
07/13/11

Hacker Cyber Crew (crewz) Diagram

Hacker Moto:-be hidden, be silent, listen and don’t get DOX (documented-revealed). 

Script Kiddies (also hackers) Moto:- Let’s do it, we won’t get caught, let’s tell the world what we done..yeh..me…me…me..me 

New Hacker’s Dictionary, a hacker is “a person who enjoys exploring the details of programmable systems and how to stretch their capabilities” and one who is capable of “creatively overcoming or circumventing limitations”.

These hackers know cyber space. There are some that are young and audacious. Look at Anonymous or AntiSec the authorities have arrested some hackers but they are only foot soldiers. Cyber Space is full of foot soldiers. These young hackers are very gifted and talented. There are “lone wolfs” and there are cyber crew. (Crewz)

Org Chart of Hacker Crew -Groups

uscyberlabs_cyber_crewz

LulzSec Team 

Sabu - Captain of the Ship, organizing the team and planning strategies.
Topiary - Basically PR, updating Twitter and interviews with media.
Kayla - Mostly focused on RFI / LFI / SQLi and coordinating with the rest.
Tflow - Maintenance of LulzSec website and torrents.
Storm  - DDOS and also involved in PBS hack.
Pwnsauce - Coding required tools for the team and involved in Infragard hack.
Neuron - Coding and also involved in Sownage.
M_nerva - Deus Ex Game hack.
TrollPoll - Involved in Fox hack and seems to be the most paranoid of all.
JoePie - Updating the team with news related to LulzSec and other channels of interest.
Avunit - Seems focused on XSS and SQLi
Kl0ps, io, Palladium and Devrandom - Hackers supporting the team
Bitcoin Donations handled by Tflow, Topiary and Joepie
Team Strength - 13 or 15. It could be possible that some handles are used by same person.

Who are these Hacker?

 

Wake up these hackers are our sons and daughter. They are the focused ones the ones that could lock in with laser eyes what they wanted. Remember that nerd you picked on back in school well he just hacked the IMF. Now he has powers and she has friends that think alike and where treated alike, with their own slant on Peace and War and especially on what’s wrong and right. Guess what they are our future – were we good parents? That’s who these hackers are.

 

They have tricked you! Mis/disinformation.

  • To hide in cyber space is simple get a VPN (virtual private network) look it up some are free. It hides you they can’t see your geo-location then get TOR this software hides you even more. With these 2 basic steps that are all free you can hide in cyberspace.
  • Do you think these hackers that hide behind more layers than the 2 above would use “Twitter” http://twitter.com/#!/search?q=%23AntiSec to communicate their plans -
  • How about on the public IRC relay channels. When your on the PUBLIC IRC channels like #AntiSec they know who you are. You don’t look like them. You don’t talk like them. You don’t act like them. They know who you are.
    http://search.mibbit.com/search/antisec
  • The News has interviews with these cyber hacker groups - Really? - LulzSec. If you do not know who they are how can you know they are real. -dis/information
  • How about their leader of the LulzSec cyber revolution http://twitter.com/#!/anonymouSabu Sabu the ring leader of LulzSec
  • How about the LulzSec Twitter – www.twitter.com/lulzsec

 

These hackers know social media they grew up in this technology. Social Engineering it’s second nature, their bread and butter they are hackers. Here is a family picture of the latest Cyber Crew.

US Cyber Labs dot com

  • See how many cyber crewz turned on LulzSec. Why did they dox them? Were they too good? Were they too arrogant? Why did their friends turn on them? Maybe they were forced to in order to not got to jail?
  • These guys are pissed about the flips and betrayal that’s why they are pissed at the world – it’s that simple.
    • We were young and invincible once too.
    • They use these PUBLIC tools to taunt us. To give us clues to put out but to divulge any real information – sometimes.
    • I do admit that they are young and brazen so they kind of show their metal and that’s when the clues really become clear. We can sometimes gleam information from there documentation -chatter.
  • Notes to Myself – mEoW - GatoMalo@uscyberlabs.com

 

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
06/18/11

Chinese software vulnerable to hackers: How long till LulzSec and Anonymous notice? – International Business Times

With news out that parts of China’s networks are currently vulnerable to cyber attacks from hacker’s, analysts have begun to speculate how long will it be until the hacker groups Anonymous and LulzSec take advantage.

 

Google -vs- China

The bug in China‘s software

A report from the U.S. Department of Homeland Security today revealed that parts of the software systems used by China to run its weapons, utilities and chemical plants systems suffer from an inherent bug in their coding.

The bug reportedly creates a crack in the systems cyber security that could potentially be exploited by hackers.

After the weakness was discovered DHS reportedly contacted China warning it over the bug in its software.

China are not the only country that could be affected. The software was designed by Beijing-based Sunway Force Control Technology Co. Sunway’s products, while most widely used in China, are also used by certain Western companies — meaning that they are just as vulnerable.

According to experts, the hole in security is so severe that a successful attack could potentially cause lasting damage on critical parts of China’s infrastructure.

Sunway has since clarified that it has already developed software patches to plug the security holes.

Unfortunately, the company also admitted that it will take the software’s users weeks, maybe months to install the new security fixes — a rather large window of opportunity for any opportunistic hacker.

LulzSec and Anonymous

The hacker collectives LulzSec and Anonymous have both gained notoriety this year for perpetrating high-profile hacks and cyber attacks against numerous companies and government agencies.

Despite both having been born from the older hacking collective 4Chan both operate under very different principles.

Anonymous

The older group Anonymous, has always marketed itself as “hacktivist”. The group in general targets organisations or companies it feels have done wrong.

Most recently Anonymous has targeted the Turkish government, protesting its continued censorship of the internet.

In a statement released earlier this year the group openly stated its motivation writing:

“We are anonymous. Over the last few years, we have witnessed the censorship taken by the Turkish government, such as blocking YouTube, Rapidshare, Fileserve and thousands of other websites.

“Most recently, the government banned access to Google services. These acts of censorship are inexcusable.

“The internet is a platform for freedom, a place where anyone and everyone can come together, discuss topics, and share information, without fear of government interference”.

With China’s propensity to block websites and ongoing feud with Google, it certainly wouldn’t be beyond the realm of possibility for Anonymous to target China for similar reasons — indeed swap Chinese for Turkish and the statement could be seen to ring equally true.

LulzSec

Despite originating from the same source as Anonymous, the hacker collective LulzSec operate under very different principles — if any.

As the name would suggest — Lulz being a reference to lolz which means lots of laughs — LulzSec’s primary motivation for its attacks seems to be simple entertainment.

While the group did originally claim that its attacks on Sony were a punishment for the company’s extended PlayStation Network outage, it has since committed numerous hacks offering no reason past “just for Lulz”.

Most recently the group has released the email, social networking and password information of 62,000 apparently innocent internet users, simply because fans on its Twitter page asked them to.

Similarly, earlier this week LulzSec hacked the games company Bethesda Sofwork’s website just to win an argument on Twitter.

The group has already shown willingness to target high-profile government departments and agencies. Only this week it reported successful attacks on the U.S. Senate and CIA’s websites.

With this in mind, it seems highly unlikely that the group would pass up the opportunity to target one of the most humourless regimes in the world in its moment of weakness.

via Chinese software vulnerable to hackers: How long till LulzSec and Anonymous notice? – International Business Times.

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
05/29/11

SecurID Breach Suggested in Hacking Attempt at Lockheed – NYTimes.com

Lockheed makes fighter planes, spy satellites and other confidential equipment. It also sells cybersecurity services to military and intelligence agencies, and some experts said its failure to take greater precautions with its own systems could be embarrassing.

  • This is BIG...

Lockheed Martin, the nation’s largest military contractor, has battled disruptions in its computer networks this week that might be tied to a hacking attack on a vendor that supplies coded security tokens to millions of users, security officials said on Friday.

The SecurID electronic tokens, which are used to gain access to computer networks by corporate employees and government officials from outside their offices, are supplied by the RSA Security division of the EMC Corporation.

RSA acknowledged in March that it had sustained a data breach that could have compromised some of its security products. Executives in the military industry said Friday that Lockheed’s problems appeared to stem from that data breach and could be the first public signs of damage from it.

The March intrusion reverberated through the computer security community. The RSA technology is used by most Fortune 500 companies and federal agencies to provide an extra layer of security when employees use their networks from customer offices, hotels or their homes.

Many of RSA’s customers have taken extra measures since the intrusion was discovered, either by adding security measures, finding alternative solutions or simply shutting off remote access. Security experts said it was possible that companies other than Lockheed had faced attacks, whether they realized it or not.

“The issue is whether all of the security controls are compromised,” said James A. Lewis, a senior fellow and a specialist in computer security issues at the Center for Strategic and International Studies, a policy group in Washington. “That’s the assumption people are making.”

Neither RSA, which is based in Bedford, Mass., nor Lockheed would discuss the problems on Friday.

Officials in the military industry, who spoke only on the condition of anonymity given the sensitivity of the matter, said Lockheed had detected an intruder trying to break into its networks last Sunday. It shut down much of its remote access and has been providing new tokens and passwords to many workers, company employees said.

Lockheed makes fighter planes, spy satellites and other confidential equipment. It also sells cybersecurity services to military and intelligence agencies, and some experts said its failure to take greater precautions with its own systems could be embarrassing.

“We don’t know what they went after at Lockheed,” Mr. Lewis said, referring to the hackers behind the intrusion attempt. “One possibility is that it’s a state actor, but it could also be criminals who are trying to exploit the company’s customers.”

Industry officials said military contractors, who are bombarded daily by hacking attempts, typically do not keep classified data on computers that can be entered remotely. Federal authorities have said that China, Russia and other countries sponsor hackers trying to ferret out American military and corporate secrets.

Raytheon, another large military contractor, issued a statement on Friday saying that it took “immediate companywide actions” when the RSA breach was disclosed in March. “As a result of these actions,” the company said, “we prevented a widespread disruption of our network.”

General Dynamics said it had not had any problems related to the breach. Other giant military contractors, like Northrop Grumman and Boeing, declined to comment.

Jeffery Adams, a spokesman for Lockheed, said the company would not publicly discuss specific threats or its responses.

“However, to counter any threats, we regularly take actions to increase the security of our systems and to protect our employee, customer and program data,” he said in a statement. “We have policies and procedures in place to mitigate the cyberthreats to our business, and we remain confident in the integrity of our robust, multilayered information systems security.”

Security experts said companies in many industries had increased network monitoring or changed passwords and PINs for the tokens since the RSA breach.

But some of the specialists said that until more details were known, it remained possible that the attempted intrusion at Lockheed was not tied to the RSA breach.

The RSA tokens provide security beyond a user name or password by requiring users to append a unique number generated by the token each time they connect to their corporate or government networks.

Soon after the breach in March, RSA’s chairman, Art Coviello, said the company’s investigation had revealed that the intruder successfully stole digital information from the company that was related to RSA’s SecurID products.

He did not give precise details about the nature of the information but said it could potentially reduce the effectiveness of the system in the face of a “broader attack.” The company said then that there was no indication that the information had been used to attack its customers.

Some computer security specialists said at the time that the compromised information was a file of master keys — long numbers — that are a part of the RSA encryption system. If the intruder did gain those numbers, it would make it possible to fashion an attack based on independently generating the keys used by individual customers.

RSA officials have said that the intrusion was only partly successful.

Mr. Lewis, the security specialist at the Center for Strategic and International Studies, said the intruders had been detected as they were trying to transfer data by security software provided by the NetWitness Corporation, a company that provides network monitoring software. In April, NetWitness was acquired by RSA’s parent company, EMC.

via SecurID Breach Suggested in Hacking Attempt at Lockheed – NYTimes.com.

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
05/29/11

Hackers Hit U.S. Army Contractors

(Reuters) – Unknown hackers have broken into the security networks of Lockheed Martin Corp (LMT.N) and several other U.S. military contractors, a source with direct knowledge of the attacks told Reuters.

They breached security systems designed to keep out intruders by creating duplicates to “SecurID” electronic keys from EMC Corp’s (EMC.N) RSA security division, said the person who was not authorized to publicly discuss the matter.

 

Pentagon

It was not immediately clear what kind of data, if any, was stolen by the hackers. But the networks of Lockheed and other military contractors contain sensitive data on future weapons systems as well as military technology currently used in battles in Iraq and Afghanistan.

Weapons makers are the latest companies to be breached through sophisticated attacks that have pierced the defenses of huge corporations including Sony (SNE.N), Google Inc (GOOG.O) and EMC Corp (EMC.N). Security experts say that it is virtually impossible for any company or government agency to build a security network that hackers will be unable to penetrate.

The Pentagon, which has about 85,000 military personnel and civilians working on cybersecurity issues worldwide, said it also uses a limited number of the RSA electronic security keys, but declined to say how many for security reasons.

The hackers learned how to copy the security keys with data stolen from RSA during a sophisticated attack that EMC disclosed in March, according to the source.

EMC declined to comment on the matter, as did executives at major defense contractors.

Rick Moy, president of NSS Labs, an information security company, said the original attack on RSA was likely targeted at its customers, including military, financial, governmental and other organizations with critical intellectual property.

He said the initial RSA attack was followed by malware and phishing campaigns seeking specific data that would link tokens to end-users, which meant the current attacks may have been carried out by the same hackers.

“Given the military targets, and that millions of compromised keys are in circulation, this is not over,” he said.

Lockheed, which employs 126,000 people worldwide and had $45.8 billion in revenue last year, said it does not discuss specific threats or responses as a matter of principle, but regularly took actions to counter threats and ensure security.

“We have policies and procedures in place to mitigate the cyber threats to our business, and we remain confident in the integrity of our robust, multi-layered information systems security,” said Lockheed spokesman Jeffery Adams.

Executives at General Dynamics Corp (GD.N),, Boeing Co (BA.N), Northrop Grumman Corp (NOC.N), Raytheon Co (RTN.N) and other defense companies declined to comment on any security breaches linked to the RSA products.

“We do not comment on whether or not Northrop Grumman is or has been a target for cyber intrusions,” said Northrop spokesman Randy Belote.

ACTIONS PREVENTED WIDESPREAD DISRUPTION

Raytheon spokesman Jonathan Kasle said his company took immediate companywide actions in March when incident information was initially provided to RSA customers.

“As a result of these actions, we prevented a widespread disruption of our network,” he said.

Boeing spokesman Todd Kelley said his company had a “wide range” of systems in place to detect and prevent intrusions of its networks. “We have a robust computing security team that constantly monitors our network,” he said.

Defense contractors’ networks contain sensitive data on sophisticated weapons systems, but all classified information is kept on separate, closed networks managed by the U.S. government, said a former senior defense official, who was not authorized to speak on the record.

SecurIDs are widely used electronic keys to computer systems that work using a two-pronged approach to confirming the identity of the person trying to access a computer system. They are designed to thwart hackers who might use key-logging viruses to capture passwords by constantly generating new passwords to enter the system.

The SecurID generates new strings of digits on a minute-by-minute basis that the user must enter along with a secret PIN (personal identification number) before they can access the network. If the user fails to enter the string before it expires, then access is denied.

RSA and other companies have produced a total of about 250 million security tokens, although it is not clear how many are in use worldwide at present, said the former defense official.

The devices provided additional security at a lower cost than biometrics such as fingerprint readers or iris scanning machines, said the official, noting that the RSA incident could increase demand for greater use of biometric devices.

The RSA breach did raise concerns about any security tokens that had been compromised, and EMC now faced tough questions about whether “they can repair that product line or whether they need to ditch it and start over again,” he said.

EMC disclosed in March that hackers had broken into its network and stolen some information related to its SecurIDs. It said the information could potentially be used to reduce the effectiveness of those devices in securing customer networks.

EMC said it worked with the Department of Homeland Security to publish a note on the March attack, providing Web addresses to help firms identify where the attack might have come from.

It briefed individual customers on how to secure their systems. In a bid to ensure secrecy, the company required them to sign nondisclosure agreements promising not to discuss the advice that it provided in those sessions, according to two people familiar with the briefings..

via Hackers Hit U.S. Army Contractors – The Daily Beast.

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
05/25/11

Cyber-Hackers: Faster, Better Equipped Than You

we see U

We are looking at you right NOW!!!!!Mark Clancy is intimately familiar with the in’s and out’s of cyber hacking attacks. As managing director and Corporate Information Security Officer at the Depository Trust and Clearing Corporation (DTCC), Clancy’s job is to pay attention to how crooks use virtual highways to steal data and assets — and stay a step ahead. Today that means much more than loading up some anti-virus software and patching an operating system.
“Mass attacks still continue, but the more sophisticated ones are targeted attacks,” says Clancy. “This style uses social engineering where they collect information they can find on the Internet about a broker or a client, and then send an email so the conversation seems more plausible. And in the broker/dealer world, bad guys are going after more high-net-worth clients. You go where the money is.”

Cyber attacks are not just the territory of large Wall Street firms—independents too have chinks in their armor. And while an 8-man advisory may not have seemed like the prime target for a hack a few years ago, that’s no longer true as criminals have gotten more specific about who they target, in an effort to maximize their return on investment.

Most people are fairly familiar with standard phishing attacks—emails that may offer cheap pharmaceuticals in Canada, or a note sent from Africa offering a cut on a bank balance—all available if a user just sends an account number to the hacker. Most people know to delete these spams.

But social networking has made it easier to make phishing personalized. Maybe the email now targets an investor and mentions their financial advisor’s name, captured after hacking an email account. The email might mention the recent Yankee’s game a client attended, details found on an unsecured Facebook page. Did the investor brag about season tickets on first base? That data just got a lot more interesting to a hacker.

After all, hacker criminals are essentially running businesses too. They have expenses, host software on servers and have to pay those monthly bills. Mass attacks may bring in a return. But a well-targeted hack on a high-net worth client? That’s a big win.

“A small financial firm, simply from the type of their business, and the places where their employees and customers may have gone online, because of the wealth, will get targeted,” says Jennifer Bayuk, a security consultant and industry professor at Stevens Institute of Technology, and former Chief Information Security Officer at Bear Stearns until its collapse in June 2008. “Crime ware operators will harvest that information and then decide where to sell it. Or they may look at the data later, decide the value, exploit it, and you become the target.”

The financial services industry remains a high target for hackers, with 22 percent of all successful attacks aimed at this business, just behind retail (25 percent) and hospitality (40 percent), according to Verizon’s 2011 Data Breach Investigations Report, which the tech firm compiled with help from the U.S. Secret Service and the Dutch High Tech Crime Team, looking at breaches throughout 2010.

Yet before tossing out anti-virus software as insufficient, reps should note that malware—mass software programs designed to hit operating systems without any target in mind—were still behind 49 percent of breaches in 2010, according to Verizon. In other words? An attack can come from anywhere.

“I actually heard a conference speaker say there’s no shame in being attacked,” says Bayuk. “And very good companies have been attacked. However from a security professional’s standpoint, there is shame if the attack is from something that has been known for 10 years, such as malware.”

Dan Guido couldn’t agree more. As a security consultant based in New York with iSEC Partners, and a teacher at the Polytechnic Institute of New York University, where he teaches information security students how to break into computers, Guido believes that targeted or advanced persistent threats, (APT) are growing—but that malware still affects the largest number of people.

“It’s a huge unsolved problem,” he says. “More people are getting compromised, there are more advanced back doors, more stolen banking information and credentials, and it comes with higher consequences than in the past. How do you expect to protect yourself against APT if you can’t even stop getting hacked by accident which is what malware is? It’s an opportunistic attack.”

Guido believes that the basic premise of creating invulnerable software is itself faulty. The number of routine fixes software companies release should be proof enough that programs are not impenetrable—and that as soon as one patch is released, hackers have swarmed to try to find the next chink. And often holes are exploited before a software company can even release its fix.

To Guido, patches are like washing your hands—good personal hygiene, but certainly not the only defense you’d want to employ, for example, if you were in the rainforests of Mexico and wanted to protect yourself against malaria.

Instead, Guido says reps should start thinking about how attackers consider them targets—and then think of the processes they use to perform successful attacks. Like Bayuk, Guido agrees that hackers will use the path of least resistance—and in cases of malware, will create software that will attack the programs people use most.

From his own studies, Guido pings these popular entry ways as Oracle’s Java, Adobe’s Flash, Apple’s QuickTime and, as many already know, Microsoft’s Internet Explorer. Within these programs, hackers can write a simple exploit that can load through a Web site visit, download from a movie, or even be installed from an advertisement. Take the London Stock Exchange, for example, where third-party malware was embedded in hundreds of ads on the exchange’s website earlier this year.

Most users will employ at least one of these programs daily no matter what operating system they use, which browser they launch to surf the Net, or which Web sites they visit. And to Guido, each use is an open door to a hacker.

In the case of Java, for example, Guido says that with most web sites now standardized for HTML, reps have few reasons to use Java on the web. Instead, by removing the plug-in from Internet Explorer, advisors can prevent Java from loading on office computers, closing just one more loophole where a hacker can be, frankly, invited.

With more financial services programs moving to the clouds, such as customer relationship management software, or delivered as web-based applications rather than installed on a client’s hard drive, advisors spend more time on the web than ever before. While Bayuk doesn’t believe cloud-based computing itself makes advisors more vulnerable, she adds that if a rep’s own computer isn’t secure to begin with, then being on the web will make it more easy to be compromised.

Guido believes that web-based application developers actually owe clients a bit more protection on their side. He points to Gmail as a prime example of a more secure environment because of its use of two-factor authentication, allowing users to see where they logged in last, and even sending an authentication number to a mobile device as an extra step if selected. To Guido, every cloud-based firm should be able to offer these kind of options—and reps should ask if stronger authentication is available before signing on.

“Ideally companies should be presenting the information to you,” he says. “So when I see I logged in last from China, I can know that was me. And if I want to use two-factor authentication, I should have the option too. Lots of good cloud services do it well like Gmail. Lots don’t.”

Mobile Hacking

With mobile devices being adopted at a rapid rate among advisors, experts also believe that’s the next terrain hackers will look to exploit, particularly Androids, iPhones and iPads which are growing popular among financial service’s firms.

“The threats to mobile devices are real and we fully expect them to increase and diversify along with the use, uses, and users of such devices,” notes the Verizon report. “The convenience and functionality of these and other similar devices will drive widespread corporate adoption, and security will once again find itself rushing to catch up.”

So where does that leave reps? Install anti-virus, update patches, remove Java from the browser systems, and never send unsecured data over email? To experts, the answer is yes to all and then to also toss in an increasingly rare tool that cyberspace criminals hardly employ—the telephone.

“The big message for me is you must have a multi layered approach,” says Clancy. “And then if you get a strange email, call the client and ask them. My broker knows my voice, and can verify it’s me. And if the marketing group sends them something strange, tell them to call you. That’s okay too. In the end, that might mean more chances to get in touch with your client, which honestly is a good way to help the overall relationship.”

Lay Off the Java

Some tips to keep data safe from cyber hackers and other attacks

While experts believe a holistic approach to cyber security is far more effective than a random series of checklists, there are some points reps can use to at least ensure they’ve strengthened a network to their best advantage.

  • DTCC’s Mark Clancy suggests reps who work in small independent offices create two accounts on their PCs—one that controls administrative privileges, and to which they log in only when updating software, and one where all real work is done. He notes that at large firms, most employees don’t have admin rights, and therefore if their computers are compromised, hackers can’t take over the desktop, and potentially the network. For independents, malware infections on computers where admin rights are up and running means a machine—and all its data—is then vulnerable. “You can’t take control of a machine if it’s current and not the administrator,” he says.
  • Don’t neglect third-party software. While staying up to date with patches on operating systems is critical, so too is ensuring other programs from client relationship management software to Adobe Reader is secure as well.
  • iSEC Partner’s Dan Guido says Windows users have an extra layer of protection most don’t use. Tagged Data Execution Prevention (DEP), the option can be found under advanced systems settings (http://windows.microsoft.com/en-US/windows-vista/Change-Data-Execution-Prevention-settings) and blocks 14 of 19 known exploits, he says. While not a cure-all, it’s an extra roadblock requiring hackers spend more time and take more steps trying to get in, which makes the attack potentially less desirable. “When attacks take more time, it also increases an attacker’s costs which means they get less out of it, and it’s less profitable,” he says.
  • While mobile devices aren’t targets, yet, encrypting all data stored on these handhelds is a wise move. Passwords employed to protect iPhones, Androids and iPads should also be changed as frequently as desktops—which ideally should be reconfigured every 90 days, and with codes that use at least one letter, number, and if possible, a symbol.
  • Jennifer Bayuk notes that security truly should be the responsibility of all employees—not just the chief technology officer, or the principal of an advisory firm. Making every member accountable for ensuring access to data is safe is the best defense. The key is to have this part of everyone’s job,” she says. “Don’t just manage assets, make sure they’re secure as well.”

via Cyber-Hackers: Faster, Better Equipped Than You.

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
05/15/11

Curbing Chinese cyber espionage

According to public reports, over the last several months computer hackers have stolen proprietary information from DuPont, Johnson & Johnson, General Electric, RSA, Epsilon, NASDAQ, and at least a dozen other firms.  Many of these attacks have been traced back to networks in China, but it is unclear whether criminals, government agencies or some combination of the two are responsible for the attacks.

U.S State Department cables obtained by Wikileaks further describe attacks code-named Byzantine Hades on U.S. technology and defense companies that appear to be the work of China’s People’s Liberation Army.

via CPNI :: Curbing Chinese cyber espionage.

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
05/15/11

Now anyone can be a cyber criminal – India – DNA

Cyber crime is no longer the exclusive domain of nerds with advanced coding and hacking skills. Thanks to simple and affordable, DIY downloadable crimeware, even novices can jump into what has turned into a global industry.

This is a far cry from the days when hacks were motivated more by the thrill of the kill than monetary gain, with even Steve Jobs and Steve Wozniak (Apple’s co-founders) allegedly on their rolls. It’s in the last decade, with the widening reach of the internet, that cyber crime turned virulent, as viruses like Melissa and I Love You clogged inboxes and spawned a multi-billion-dollar anti-virus software industry. And now, with the DIY attack kits, cybercrime is evolving into an extremely profitable, distributed global entity.

via Now anyone can be a cyber criminal – India – DNA.

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
05/13/11

Interop: Cyberwar test runs yield information about defenses

Cyber warfare strategy is getting so sophisticated that network attacks suitable for major assaults are being used instead as trial runs meant solely to probe enemies with the aim of figuring out what their defenses are, an audience at an Interop security talk was told.

A distributed denial of service (DDoS) attack against South Korea earlier this year was delivered from a multilayered botnet that persisted for 10 days then halted with command and control servers flushing the bot software out of the zombie machines, according to Brian Contos, director of global security strategy for McAfee

The attack — McAfee called it 10 Days of Rain — came from a difficult to take down, multi-tiered botnet set up by North Korea, he says. Then the botnet suddenly stopped its attack and deleted itself from the systems it had taken over.

via Interop: Cyberwar test runs yield information about defenses.

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit