11/15/12

Iran Sites Open 2 Joomla -K-CMS Hacking

gAtO wAs – in the kitty box scratching and found some sites in Iran that have the same problem that Syria has. Outdated older Content Management systems like Joomla and KCMS_1.0[2] and many other sites have Microsoft Visual Studio.NET 7.0. These require more research as to vulnerabilities but we are working on that. But gAtO found you guessed it Joomla 1.5 CMS all over the place. The same vulnerabilities that Syria has they have

This is easy to do with any browser do a search on any search engine “site:.gov.ir” and you will get a list of all the .gov.ir sites everywhere. Now remember with a translate button(on your browser) you can read these site in any language you want. The other trick is once you get to any site on your browser just go to >>Edit>>Source Code. and lot’s of sites will tell you the content creation: All sites in any language the HTML is always in english.

<meta name=”generator” content=”Joomla! 1.5 – Open Source Content Management” />

If your smart and are doing this in a government site I would remove this information. Now besides Joomla 1.5 gAtO found lots of sites with KCMS_1.0[2] and you guessed it again they are older versions and have vulnerabilities. So now gAtO will publish this list and update it as we find more and more vulnerabilities. Why doe gATo do this. It my way of showing the world that anyone can help, anyone with any talent can contribute to making this world a better world. I hope this informtion helps someone to be free- gAtO oUt.

Some site have this warning be careful :This site may harm your computer.

Research Notes:

IRAN site:.gov.ir

http://xforce.iss.net/xforce/xfdb/33437 Apr 4, 2007 – CVE-2007-2106: Directory traversal vulnerability in index.php in Kai Content Management System (K-CMS) 1.x allows remote attackers to ..

K-CMS (Kai Content Management System) could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request to the index.php script using the current_theme parameter to specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable Web server.

Many of Irans site use ArPortal 7.1.2 while many others us Microsoft Visual Studio.NET 7.0

[1] security tips for Joomla Websites http://www.itoctopus.com/10-security-tips-for-your-joomla-website

[2] <meta name=”generator” content=”KCMS 1.0″ />

K-CMS (Kai Content Management System) index.php file include

http://www.sarvabad.gov.ir/

http://www.abhar.gov.ir/index.php?limitstart=63

http://www.abhar.gov.ir/

pishva.gov.ir

http://www.zanjan.gov.ir/

http://chaloos.gov.ir/

http://mianeh.gov.ir/

http://easabt.gov.ir/protocol/

Saman Information Structure

http://ea.mim.gov.ir/

http://www.sadra-ntoir.gov.ir/

http://www.sarvabad.gov.ir

News – ????? ??? ????? ? ????? ???

sabtyazd.gov.ir/index.php?option=com_newsfeeds…id…

This site may harm your computer.

Joomla 1.5.15 Released. The Joomla Project is pleased to announce the immediate availability of Joomla 2.5.0. This is a security release. Version 2.5.0 is is the …

www.khodabandeh.gov.ir/ - Translate this page

www.sabtyazd.gov.ir/index.php?… - Translate this page

This site may harm your computer.

… C:\Inetpub\vhosts\sabtyazd.gov.ir\httpdocs\libraries\joomla\session\session. php … %PDF-1.5 3 0 obj < > endobj 4 0 obj < > stream x?U?k A ?? ? ?Zz s …

http://www.leader.ir/langs/en/

http://www.president.ir/en/

http://www.saamad.ir

iten.behdasht.gov.ir – Site News

http://uscyberlabs.com/blog/wp-includes/images/smilies/icon_confused.gif

04/6/12

Supply Chain Cyber Attack

gATO rEaDiNg - 2012 Maindiant “An Evolving Threat” and Trend-Micro LuckyCat ReDux reports. Great reading for any security geek but most important it’s about the business side of the hack. Take the old smash and grab of financial information and split town, process the financial windfall and party like it’s 2999. Now it’s more beneficial for the criminals to stay inside the victims servers and collect intelligence and espionage. Ok let the gAtO break it down for you, not as a criminal that’s easy, as a state actor I would go after AeroSpace, Energy, Shipping, Military Research, Engineering, India and Tibetan Activist… Wait a minute a India, a Tibetan Activist group, oh yeah you know it’s China but this is to be expected from China. Now the new spin is why would they go into a banks and use advanced persistent threats (APTs) hacks, well as gAtO understands it the Chinese have a shit load of MONEY— follow the money is not only an american thing it’s for every player in the world.

We have to look at the data through 3 different set of eye’s (magnifying glass with gAtO’s old EyE’s) but it’s still the same – Your data (ALL- your little company secrets) needs protection.

Here is the Score-Card your Business — versus – Competition, Government, Criminals, Hacktavist, Economic Espionage, Nuisance Hackers. On top of all this 94% of victims were notified by an external entity that they were hacked. If that doesn’t send chills down every board member in every company in the world, nothing does.

Here you are doing your business and let’s be frank some business well they walk a thin line sometimes like dumping medical and radioactive waste on a beach in New Jersey ( I know Snooki lives there) . IS your company maybe polluting the ground water for a 100 mile radius of the plant. This is not the information that they want hackers, or the press to get a hold of. “Remmember Rudolf Murdock News Hacking Empire- hey hack anyone for a buck”

Protect Customer Data yeah companies and governments want to protect it, but their little illegal/legal stuff companies do like hiding the report of the of shore oil well that just blew up and spilled all kinds of stuff all over the Gulf coast. These are the real thing that keep business people up at night worrying about hackers, it’s plain and simple cover your ass and let’s get that no bid government contract after we pay off the senator and we better encrypt that information…..

Hackers come in all flavors but if you look at the LuckyCat crewz these are very unique. Not only real computer scientist but marketing campaign and project management. They dual tier C&C (Command and Control), they use the victims supply chain to move laterally across trusted networks in order to be more invisible. Invisible takes a new trend here these hacker hide their code in plain site, they used older malware as insertion points sometimes and of course social engineering to gain access.

Bottom line these new hackers- they are business-men, -they are governments, -they are commercial criminals, -they are hacktivist or -they are a lone wolf hacker. Companies are finally getting the message. Protect your data, not just your customer’s data, but all your little secrets because if your online– someone is watching you and these can be a 15 year old kid or a Dual Master degree in computer technology that is unemployed or works for a government. Trust but verify takes on a new meaning now -gAtO oUt

lab notes - The report, which is based on hundreds of advanced threat investigations conducted over the past year, includes analysis, statistics and case studies that highlight how advanced and motivated attackers are stealing sensitive intellectual property and financial assets.

Malware Only Tells Half of the Story Organizations’ investments in malware detection and antivirus capabilities, while effective in detecting characteristics associated with common worms, botnets, and drive-by downloads, do little to help defend against targeted intrusions.

The use of these publicly available tools has added some complexity to identifying threat actors because when organizations identify a piece of publicly available malware they often cleanse the file and — in the process — obscure what could be a larger incident.

It’s unclear why banks wouldn’t already be looking for unusual settlement activity and conducting daily monitoring, but there it is. At any rate, “high-risk” merchants generally handle the dicey and vicey types of online commerce, such as Internet gaming, adult Web sites, rogue anti-virus software sales and online pharmacies. Might be a good idea to keep an extra close eye out for these types of unauthorized charges over the next few days

http://uscyberlabs.com/blog/wp-content/uploads/2012/04/lab_image_mignify_glass-300x62.png

02/12/12

Cyber Iran

gAtO hEaR- In Iran the nation’s telecommunications ministry publicized in early 2011, it would disconnect Iran from the rest of the world and run a parallel internal service (“Islamically permissible ‘halal’ network”) that would automatically censor material and block popular global sites. In Iran two-thirds of the country’s 78 million people are under the age of 35, and about 40 percent of the population have Internet in their homes, according to Internet World Stats, making Iran one of the highest per capita cyber-connected populations in the world. Iran has a pollution of about 77 million people, about 53% of the people are on the Internet and not one of them is a Facebook user. In nearby Jordans they have 1.7 million users and 1.6 millions of them are on Facebook.

Stuxnet was deployed and stopped their nuclear weapons program. 2 leading scientist were killed Iran blames Massad -CIA. Iran is spending billion on cyber Hardware. Arab Spring. Iran took down U.S Drones. Iran threatens closing down the Straits of Hormuz. Iran claims new Cyber Army is ready for war in Cyberspace.

Now with the March 2, 2012 parliamentary elections we see official of Iran’s Judiciary announced “new limitations” on using cyber space and content publishing on the internet. A task force of 250,000 cyber police currently monitors the Internet, specific sites, blogs and individuals suspected of using circumvention tools. Israeli intelligence officials have revealed that they believe Iran has, in the last few years, spent over a billion dollars to upgrade their Cyber War capabilities.

Iranians have friends like Venezuela and China-based Hauwei corporation which is being investigated by Senators like Rhodes Islands Sheldon’s Whitehouse (“gAtO knows Senator Sheldon Whitehouse he is one of several leaders that understand the complex cyber security issues”) for supplying critical cyber infrastructure to Iran while it supplies equipment and supports the (TS)Top Secret DOD projects. This is clearly a violation when a communist country is providing TS support to our governments and we hear that some of the equipment may have digital backdoors into the infrastructure defeating all virus scanning software. On the other side of friendships Univision uncovered Iranina and Venezuelan diplomats working on launching cyber-strikes against energy facilities and to other U.S assets (NYT 12-13-2011).

Iran’s leaders saw what the Arab Spring brought down last year and they see the Parliamentary elections in March as the most sensitive in the history of the Islamic republic and they will do everything to control it. Beacause of the March 2 elections Iran has ordered all Internet Cafe implement all cyber security monitoring software installed and functioning by Jan. 18. The monitoring include requiring a user to provide full name, father’s name, Iranian identification number, zip code and telephone number, in addition to presenting photo identification. The laws require cafes to install closed-circuit surveillance cameras that must be checked at the end of every business day. Cafes also must keep records of all websites and browsing history, along with surveillance tapes, for six months.

The new restrictions forbid cafes to allow the use of any circumvention technology, such as Virtual Private Networks (VPNs) or proxy servers, the devices Iranians typically use to access blocked sites.

This latest attack on Internet users comes amid increasing tensions between Iran and the West and deteriorating economic conditions as the Islamic Republic preemptively prepares for possible civilian unrest during its parliamentary elections. The Iranian people use tools like TOR to circumvent authorities to get their message thru even though these free TOR networks are getting hammered by the Iranians to try and take them down or get the information of the dissidents.

Let’s support these projects and keep Freedom of Speech open in cyberspace -gAtO oUt.

References:

Internet cafes to install surveillance cameras,

U.S. Expels Venezuelan Diplomat Reportedly Involved in Cyber Attack Plot

http://www.nti.org/gsn/article/us-expels-venezuelan-diplomat-reportedly-involved-cyber-attack-plot/

Parliamentary elections in March seen as the most sensitive in the history of the Islamic republic

http://www.guardian.co.uk/world/2012/jan/08/iran-upcoming-parliamentary-elections-march

Huawei’s Work in Iran May Violate U.S. Sanctions, Lawmakers Say

http://www.businessweek.com/news/2012-01-10/huawei-s-work-in-iran-may-violate-u-s-sanctions-lawmakers-say.html

Iran blocks Tor; Tor releases same-day fix

https://blog.torproject.org/blog/iran-blocks-tor-tor-releases-same-day-fix

Iran’s strict cyber regulations lay groundwork for ‘halal’ network

http://www.foxnews.com/world/2012/01/11/irans-strict-cyber-regulations-lay-groundwork-for-halal-network/#ixzz1jYfN3DAV

Iran Sets Cyber Crime Policy ahead of New Elections

http://www.stopfundamentalism.com/index.php?option=com_content&view=article&id=1299:iran-sets-cyber-crime-policy-ahead-of-new-elections&catid=70:iran-uprising&Itemid=80

01/21/12

Iran China Cyber BFF

GaTo tHiNk -that we are naïve not to see the new cyber BFF relationship between these two countries. Iran feigns that relations between the two countries are “cordial”, but it’s complicated. Iran has spent billions of dollars in it new digital infrastructure and China’s Huawei corporation is taking a big chunk of the cyber dollars as we seen with the US investigations into the company.

Iran-Cyber-Guard Network

Last year China was accused of a number of cyber attacks of espionage and Intelligence gathering and now they are transferring that hacking knowledge to the Iranians. The “Iranian Cyber Army” had hacked a few popular social networking site and claimed their dominance in the cyber world but this was mainly a few Iranians militants now with the purchase of the new equipment the real Iranian Cyber Army is getting it’s feet wet. Iran was accused of hacking in Voice of America Farsi website, Twitter as well as Baidu, Dutch government-funded Radio Zamaneh, which also broadcasts in Farsi. My only question is did they go after China’s Baidu.

**”- With the United States and Israel as the developers of Stuxnet the first cyber weapon to be deployed gAtO can see why the Iranians are worried **”-

The biggest hacking by the Iranian CYber Army to -gAtO was Comodo Group. This was the Dutch certificate authority that the hacker created 9 major fraudulent certificates sites for companies like Google, Yahoo, Microsoft, Skypes and Mozilla. The names say it all these were speculated to be used by the Iranians to monitor it’s own people.

**”- seizing entry to such high-traffic consumer sites looks like a government attempting surveillance of Internet use by dissident groups.**”-

gAtO found out that Chinese agents who began work for the Iranian regime in early 2011, are providing Tehran with significant intelligence information. The Iranian officers who were assigned to contact the Chinese agents are using aliases and claim to be businessmen from other countries. China, which imports 11 percent of its oil from Iran thinks it OK for a little spying (between BFF’s) going as long as they can do the same with Iranians agent recruitment by China.

With the re-election of President Mahmoud Ahmadinejad in March 2, 2012 The Iranian cyber polices will certainly be on the lookout for the protesters that are guarantee to protest empowered by the Arab Spring last year. China will do it’s best to keep the U.N sanctions as open as possible during this time-frame, for Iran as long as trade and their mutual enemies keep hammering them in cyberspace. The enemy of my enemy is my friend.

Last year a PBS and Frontline published the activities of Iran’s Cyber Army have attracted growing notice in the Iranian and international media. The suspicion that the Cyber Army’s constituent hacker groups are connected to the Iranian government was strengthened when, after several sites were hacked, they issued warnings to the Green Movement. The scope of the measures taken by the Cyber Army discredits the theory that a group of Ahmandinejad’s admirers spontaneously carried out such acts. The nature of their communications and of the sites targeted for attack indicate that there are hidden hands (China mAyBe) that support the Cyber Army.

Let’s hope this BFF relations comes to an end soon. - gAtO oUt

References:

http://www.rawstory.com/rs/2011/03/14/iran-cyber-army-target-enemy-sites/

PBS – Frontline – Pulling the Strings of the Net: Iran’s Cyber Army

http://www.pbs.org/wgbh/pages/frontline/tehranbureau/2010/02/pulling-the-strings-of-the-net-irans-cyber-army.html#ixzz1k7Zsumlg

Iran Cyber-Army Strikes Digital Certificate Authority COMODO

http://www.readwriteweb.com/archives/iran_cyber_army_strikes_digital_certificate_author.php

Irans President Official web site hacked

http://countermeasures.trendmicro.eu/iranian-president-ahmadinejad-official-web-site-compromised/

Cyber recruiting: The Shifting Digital Sands of Online Jihad

http://cyberwarzone.com/cyberwarfare/cyber-recruiting-shifting-digital-sands-online-jihad

http://uscyberlabs.com/blog/wp-content/uploads/2011/12/Iran-Cyber-Guard_network-150x150.jpg

01/17/12

Middle East CyberWar has Begun

gAtO tHiNkInG – a nineteen (19) year old kid named oxOmar has started a cyber war between Israel and Saudi Arabia. oxOmar and his pals from the group-xp a Saudi Arabian hacker team posted on a hacker posting site thousand of Israeli credit cards. A few day later an Israeli named 0xOmer countered by posting Saudi credit cards. This all started about the 6 of January, Today 16 days into the new year we have the Tel Aviv Stock Exchange and El Al Israel’s national airline their websites hacked (dDoS).

In the muslin world a new cyber empowerment has been born, with it’s history last year of the Arab Spring the ruling parties are worried now about the power of cyberspace. Every country is face with empowering it’s people with the technology they want knowing that these new communication tools can bring down their regimes. The more they continue building their digital infrastructure they become more vulnerable to cyber attacks themselves.

a 19 year old kid starts a cyber war – It’s a cyber catch 22.

Israel has great offensive cyber weapons like “Stuxnet and DuQu virus” which are the new cyber weapon framework of covert and overt attacks. These new cyber weapons are like drone airplanes inside an enemies computer system. Uploading new attack vectors as it learns and communicates with it’s command and control centers were the generals use it in tactical operation. But Israel has no real defensive cyber walls because it’s an open free society.

The cyber tensions in the middle east have escalated with America and Israel joining together and going after Iran and Syria in cyberspace with probes and attacks. Iran is currently building a cyber fortress to keep everyone in and keep everyone else out. Now you add the Saudi’s our friends going after Israel our other friends. -gAtO ThInK iT’S aLl cRaZy

Now a pro-Palestinian hacker group calling themselves “Nightmare” teamed up with Gaza Hacker Team and Anonymous to go after Israel. Meanwhile conventional groups like Hamas has become a cheerleader on the sidelines. The Israeli Defense Minister is to establish a special cyber warfare administration to support it’s country’s websites.

What the gAtO doesn’t understand is how do children set the tone for cyber warfare in the middle east- were are the grown ups? meanwhile back at the ranch Iran is pushing the nuclear agenda, while it play’s with oil disruption. Now people are saying these kids (oxOmar) will bring down our power supplies, our water treatment plants just to scare the population into giving them more money to do. What? Israel as well as other need to learn that the power of the internet cannot be stopped the people will find a way to get their voices heard. Countries that do not treat it’s citizens right can expect more and more hacking by kids, but wait until the grown-ups start then it’s going to be one major cluster-fuck -gAtO OuT

References:

http://www.israelnationalnews.com/News/News.aspx/151713#.TxWPW5gUhnd

Now you got people like “.oO HANNIBAL Oo.” joining in the fun:

http://pastebin.com/yArqhA7V

http://uscyberlabs.com/blog/wp-content/uploads/2012/01/expect_us.tiff

01/9/12

Stuxnet Iran Cyber Recruitment Tool

Iran Cyber recruitment tool Stuxnet.

gAtO ThInK – Stuxnet was the first Cyber Weapon it was targeted at Iran’s nuclear plant. If you think that if your country is attacked you wouldn’t feel compel to help your country- if you had the technical know how. Well Iran and others are using Stuxnet as a way to build a cyber army.

Now Stuxnet has a son the DuQu virus. Duqu looks for information that could be useful in attacking industrial control systems. Its purpose is not to be destructive, but a Trojan that is trying to gather information.

http://upload.wikimedia.org/wikipedia/commons/5/56/Duqu_flow.png

Like Stuxnet, Duqu attacks Microsoft Windows systems using a zero-day vulnerability.

This little malware is a recon unit to sniff out information for a real attack. The way it works it could even do the sniffing and find the best attack vector and then upload an attack file. Another cool thing is it self destroys just like “mission impossible” after it gives the mission.

We know that if you treat people bad they will not like you. In the middle east you have quite a few bad actors that will get into cyber recruitment to build up cyber militia groups. The muslin world is adapting to cyberspace very quickly so we need to understand that cyber weapons scare people as we embrace the internet we become more dependent and in so more vulnerable to cyber attacks - gAtO oUt

contraseña vIeJa

Tor OR-relay map of Italy

Finding Tor Websites –geo-location

Mapping Tor

Tor – Unix Commands

Tor Tells It’s Secrets

Tor is NOT the ONLY Anonymous Network

China Hackers found in Tor

Finding the Bad Guy’s in Tor -triangulated irregular network

Tor Website 36% are Criminals Sites

Mapping Tor Websites

Currency of the Cyber Economy

Cyber Women and Hollywood

China Cyber Attack -AGAIN

Offensive Cyber Capabilities

Is the TorProject protecting Pedos?

Government Spying on everyone -Thanks Microsoft

PEDO’s gAtO is Hunting YOU!

MtGox scam attempt

Tor Users in South America

Happy Birthday Bitcoin -Book Release Jan 9

@gAtOmAlO2 tweets
Loading tweets ...
Follow @gatomalo2 on twitter.

-0-1-0-1-0-1-0-1-0-1-0-1-
.onion network Anonymous Banks BitCoins Black Hats China Attacks china cyber china espionage China Hack China security Chinese Goverment cyber-spies cyber-thieves Cyber Criminals Cyber Dissident Cyber Espionage Cyber Financial Cyber Intelligence Cyber Monitoring Cyber Notebook Cyber Policies Cyber Politics Cyber Reputation Cyber Revenue Cyber Strategy Cyber Study Cyber Threats Cyber Tools Cyber War Cyber Warfare Cyber Weapon Dark Web Deep Web Goverment Hackers Hacks Hacktivist human rights Information Warefare Infrastructure Notes to Myself Onion Web Social Media ToR Tor Network

mUsIcA by gAtO

Celtic Salsa

d-beat of my heart

classical Maggie

alissa's song

gAtO_jam 01

gravity down

mandy's soundsbox

gAtO_jam 02

1-cry-4-d-night

Copyright Notice 2012

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of USCyberLabs.com and the USCyberLabs member that posted this content--this includes using our RSS feed for any purpose other than personal use. ©Copyright ™uscyberlabs.com 2012

USCyberLabs

Cyber Security Notebook

Category Archives: Iran Cyber Army

Iran Sites Open 2 Joomla -K-CMS Hacking

Cyber Iran

Iran China Cyber BFF

Middle East CyberWar has Begun

Stuxnet Iran Cyber Recruitment Tool