Category Archives: Phone Hacks

05/7/12

Will .China Mobile. Spy on U.S?

gAtO wAs- reading Stan Abrams a lawyer and professor in Beijing, China article about “Will China Mobile Get It’s U.S. License Approved? – http://www.businessinsider.com/will-china-mobile-get-its-us-license-approved-2012-5 the FCC “Team Telecom” has all the power in this deal. This is simple when a foreign ownership wants to come into our telecom world we want the DHS, DOJ, FBI DoD to investigate them for backdoor into the infrastructure that no virus scan can detect- in the hardware and firmware….

This is a big deal, we gave the OK a few years ago to China Telecom and China Unicom similar licenses in 2002-03. Why the big deal now. Well the last few years China has increased it’s attacks on U.S companies sucking in their IP (-Intellectual Properties). To top things off Huawei just got turned down down-under in Australia to allow it to come into their Telecom network. Once again when you give access to our telecom network we are giving them the key to all our information. Now keep in mind that we still have over 60-70% of our government C&C (Command and Control) running on our public Internet pipelines. Back a few years ago China re-routed over 15% of all the Internet traffic thru their routers. While we developed a kill switch to isolate us from the rest of the world and do a reset. Anyway the FCC has a lot of power that no one knows about check out there liaison activities list below it quite interesting.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Okay, reality check time. I doubt that China Mobile would want the type of scrutiny that a court case would mandate, so I don’t expect a formal challenge to a rejection from “Team Telecom.” Certainly Beijing doesn’t want China Mobile to disclose to anyone what it is required by Chinese law to do with data on its networks (hint: government monitoring). Moreover, the U.S. national security apparatus certainly wouldn’t want to disclose what it knows to the “other side” (i.e. China). And at the end of the day, neither side wishes to disclose any of this to the general public.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

 

If they turn China Mobile down and it’s contested it would be good to see what evidence the U.S. Government has to say “we believe this company is spying on us with these backdoors they put in”.  Yeah in an election year it’s going to get hot with China if they play a bad boy I think Obama may have to show them what we can really do in cyber space -gAtO oUt

Reference:

FCC Homeland Security – Liaison Activities http://transition.fcc.gov/pshs/docs/liaison.pdf

Read more: http://www.chinahearsay.com/will-china-mobile-get-its-u-s-license-approved/#ixzz1uBhPIJEt

CodeName Tempest http://en.wikipedia.org/wiki/TEMPEST

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
12/28/11

Business Cell Phones Hacks Will Soar In 2012

gAtO sAy -In 2012 businesses information will be the main hacking victims thru their cell phones. IEEE say’s “it is likely to be C-suite executives exposing businesses to vulnerabilities” (CEO -Chief Executive Officer, CFO -Chief Financial Officer, COO -Chief Operations Officer) yes even (CTO’s) Chief Technology Officer will get their cell phones hacked and all kind of IP intellectual property- BI Business Intelligence- KM knowledge management- will go out the door. The hacked information is a treasure to cyber criminals, competition, international/national governments, hackers and scipt-kiddies. Smartphones Danger for Corporate World

GaTo sAiD bEfOrE -Why is this true, the public has been trained to recognize cyber-security threats associated with their PCs and laptops, they do not see their smart phones as computers and subject to the same threats. And in some ways those threats are even worse.

Research by IEEE Fellow Dr. Jeffrey Voas in the US has so far uncovered malware in more than 2,000 free smartphone apps. Voas says free, rogue applications like this will be the most common access-point for hackers over the next year.

Unlike on a PC, where web browsers often give plenty of warning about dodgy websites with warning lights and alerts, the screens on smart phones are too small to display this protection, These devices contain identifying information, potentially saved passwords, and authentication details, and are much more likely to be misplaced or stolen than other larger portable computing equipment.
It takes just one high or low level employee to download malware onto their phone and spread it to the organization systems.

But the fun does not end here you don’t really need to be a hacker to get information to decide who to attack, just like targeted spear phishing attacks.
Here are a few thought:

2012 Security Predictions gAtO working copy v.01-alpha - click to enlarge

  • ? spoofed caller ID -
  • ? low-tech approach of merely guessing someone’s four-digit voicemail PIN number or password
  • ? pretexting -professional imposters

Social engineering if a person uses there cell phones to update Linkedin, Facebook or twitter – “Send an enticing link via SMS, email, Twitter; if the target follows from their phone you’ve got a chance at using one of many remote exploits for iPhone and Android to install a rootkit,”

An attacker can join social media and start collecting friends I’m sure there will be a wealth of information out there. Even indirect if you can get a friend of a friend of a friend you may be able to see your subjects SMS or cell phone update.

Watch how you use your cell phones PEOPLE.

WiFi and VIOP hacking for the personal and corporate data and better still small mom & pop stores and small business, how much information does your local gas station, news stand have on you, they don’t have an IT department. VIOP can allow you to drive by phone phreaking along the back roads of suburbia near the subjects (targets) home address.
Android and iPhones re-syncs phone book data, voicemail, text message logs, browser history, or anything covertly sent to you with your computer. Even your personal computer may have business information.
“Older versions of Android are easiest to hack,” – “Recent versions of iOS [are easy to hack] too, though both Apple and Google have been quick to release patches.”
If a rogue hacker were to hack into someone’s (your) voicemail, is there any way to detect the intrusion? Unfortunately, voicemail systems from the major carriers in the U.S. leave a lot to be desired. None that I’ve encountered offer any sort of access log. The best you can determine is whether or not a message has been listened to. Even then, if a hacker were to listen to and then delete a message, you’d have little way of knowing.”
Getting a person’s personal phone number to spoof could be accomplished by finding it in publicly available documents such as student listings, or these days, on social networking sites like Facebook. A bit of social engineering with real people who know or could access the number would accomplish the same thing

Your E-Mail is the KEY to cell phone hacking. It’s the closest thing to the skeleton key of the digital world. How about if your email is hacked and your password published. How about just simple bad password, in the release of the hacked email from Stratfor there were 100 with “password” in them. How about the last four digits of your phone number, or 1-2-3-4, or publicly available information like your birthday,”

Data Breach Affects 50,000 people; 50,277 Credit Card Numbers, 44,188 Hashed Passwords, 47,680 E-Mail addresses.
personally identifiable information:
• 50,277 Unique Credit Card Numbers, of which 9,651 are NOT expired. Note: Many credit cards are re-issued, and many credit card processors do not check the expiration date. Consequently, more than 9,651 credit card holders may still be at risk.
• 86,594 Email addresses, of which 47,680 are unique.
• 27,537 Phone Numbers, of which 25,680 are unique.
• 44,188 Encrypted Passwords, of which roughly 50% could be easily cracked.
• 73.7% of decrypted passwords were weak
• 21.7% of decrypted passwords were medium strength
• 4.6% of decrypted passwords were strong
• Average decrypted password length: 7.1 Characters.
• 10% of decrypted passwords were less than 5 characters long.
• Anonymous and AntiSec Hackers??Only 4.8% of decrypted passwords were 10+ characters long.
• Presumably the remaining non-decrypted passwords were stronger than the decrypted subset.
• 13,973 of the addresses belonged to United States victims; the remainder belonged to individuals from around the world.
Cell Phone — Password retrieval mechanisms can be exploited, most security protocols send forgotten passwords to a person’s main email address. Every service in the world typically goes back to your email address. Your primary email password should be different than anything else you use, and it should be stronger than any other password you use.”

Ubiquitous computing, of which our smartphones and tablets are but just the beginning, is going to require that we shift our paradigms of privacy and security in profound ways. This isn’t just the responsibility of the average Joe user, however.  We need to be demanding that our mobile service providers aggressively protect our privacy and keep the bar high for device security. In the meantime, to avoid becoming phone hacking victims, users should take extra precautions to regularly reset their PIN numbers to protect their data — just as we’re engrained to do with our computers and online accounts.
It’s not unreasonable to project that [phone hacking] will become more common, as more of our important data finds its way into the cloud, those seeking to exploit that data will seek the weakest point of entry. Your cell phone can talk to a cloud service so think about it. One exploit ran an application on the attacked phone that could retrieve data. The SMS came back with the attack phone’s INSI number; the phone’s unique ID. However the application could have just as easily have stolen a contact list, either personal or corporate. It is also possible in this scenario to push viruses to the device or even initiate a denial of service attack. The app could easily uncheck SSL, leaving the device vulnerable with no encryption when you login at your local coffee shop. These kinds of hacks are unique to smartphones because PCs don’t have SMS capabilities, gAto advised all smartphones that are under an organization’s control be tightly monitored, patched and updated regularly to avoid users taking matters in their own hands… - gAto oUt

References:
IEEE Experts Predict Smartphone Hacking Will Soar in 2012

http://www.prnewswire.com/news-releases/ieee-experts-predict-smartphone-hacking-will-soar-in-2012-134658373.html

http://uscyberlabs.com/blog/2011/12/28/stratfor-hack-personal-identifiable-information/

http://www.cellphonehacks.com/

http://en.wikipedia.org/wiki/Phishing

http://en.wikipedia.org/wiki/Corporate_title

http://www.cisco.com/en/US/products/csa/cisco-sa-20050412-icmp.html

http://www.google.com/search?client=safari&rls=en&q=midnight+raid+attack&ie=UTF-8&oe=UTF-8

http://www.privateline.com/mt_cellbasics/index.html

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
12/21/11

2012 Security Predictions -Smartphone Danger for Corporate World.

gAtO hEaR- Agiliance and Cisco both predict that Smartphones (cell-Phones) will be the big news for 2012 as related to cyber security hacks and attacks. Mobile devices are the biggest seller as to terminal devices that people use to communicate via cyberspace. Look at the power it gave the “Arab Spring” and others. The problem is that smartPhones have a lot of problems as to personal and company owned, that companies need to be address. Delineation of employer-owned versus employee-owned data for the workplace will become a major step that companies do not yet understand. Who own the data on my personal smartphone if I use it to conduct business. Who makes sure that if I lose my cell phone all company data is encrypted and meets regulatory standards.

employees phone have company IP (intellectual property) BI (business intelligence) and KM (knowledge management)

Cell phone have no embedded strong authentication or secure mobile operating systems. Does my company do vulnerability scanning on my phone to find the newest viruses or is it up to the individual to make sure virus scanning is up to date. On top of all these problems are social networks that are being access via these mobile devices. In social network confidential information about a work and/or project can give the competition an edge. With all the new phone apps is it the employees job to monitor that the new “angry bird” may have access to call others and send them geo-location or how about it send out all your business contact you have in your address book that you sync with the office calendar and corporate email.

Mobile devices will make a big change as companies figure out their employees phone have company IP (intellectual property) BI (business intelligence) and KM (knowledge management) and the aspect of who owns the phone and who owns the data will become a big deal for HR departments worldwide. Smartphones need better security since they are used in business transactions everyday.

Strong authentication for mobile devices is non-existence. How about the ability to scan employee’s phones for viruses, trojan that can infect your companies data center. Remember the employee normally owns the phone so the legality of using personal mobile devices and the security of the company data may need regulatory actions to mitigate compliance. So companies need to know who uses personal mobile devices at work.

If the mobile device is personal your company may not be able to stop employee’s from using it on social media. Social media on these device can allow everyone to know confidential company information to be tweeted anywhere even the competition. Cyber criminals are cruising social networks for your company information for targeted phising attacks and mobile devices are very unsecured.

USCyberLabs.co will handle the other Big 2021 Security issues in future post.

gAtO oUt-

 

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
08/16/11

Hacking OK for News Corp

Clive Goodman a former News of the World reporter has alleged that there was a massive cover-up of phone hacking at the paper. So hacking for profit like cyber criminals is OK if you’re an International corporation. News media have rights above the normal citizen, when they abuse these rights and become common cyber criminal they have the power, the influence and the connections so nothing happens. This is outright cyber crime for profits and they just posted new profits in their lates SEC filings.
We have news organizations ranting about Anonymous & others hacktivist but as you follow News Corp and Fox News here in America it does not raise any problems. The Republican Party alignment with Fox news gives these corporations power to not get prosecuted. While we go after 18-year-old hacktivist kids in mom & dad house because they show us that the security of a lot of companies is crap. Yes I understand that they leak information about cops and other things but a police department that goes online should have good security. Imagine if real cyber criminals were to hack police departments and modify documents in murder investigations or for money. Some may hacks the police and gets their case thrown out of court.
Corporations that hack for profit should be held accountable for their actions News Corp just got caught but imagine how many other hacks they have committed and no one knows about. I have the knowledge to hack someone but I have a moral backbone that tells me not to do it. Corporation with such powers should be watched more carefully and the security community should help but if they do they may loose profits. They will gain more respect and the short downturn will in the end mean more profits for companies that do the right thing, the ethical thing. Just because we can do something should not mean we should and for profits that’s just wrong.
Look at what happened in San Francisco and BART. The police took it upon themselves to shut off communication just because they could. No crime was committed but they did because someone thought about it. The movie “Minority Report” criminals are caught before the crimes they commit. This sounds just like it.

The mind Police is here in America be careful of what your think, you may be arrested for it.

My 2© cents – gatoMalo_at_uscyberlabs_dot_com

http://USCyberLabs.com/blog/

http://ChinaCyberWarfare.wordpress.com

http://HacktivistBlog.wordpress.com/

http://www.huffingtonpost.com/2011/08/16/phone-hacking-cover-up-news-of-the-world-clive-goodman_n_927939.html

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
07/20/11

A Legal Company is paying Hackers Legal Fees -

Murdoch Organization Still Paying Phone Hacker’s Legal Fees? Amazing

Telegraph:

Mr Murdoch said: “I asked the question myself and I was very surprised to find the company had made certain contributions to legal settlements.

“I don’t have all of the details around each of those – not legal settlements sorry, legal fees – I was surprised, I was very surprised to find out that had occurred.

“They were done, as I understand it, in accordance with legal counsel and their strong advice.”

Asked who signed the cheques, Rupert Murdoch said “it could have been” Les Hinton, head of News International at the time, or, alternatively, the chief legal officer.

It was put to the Murdochs that their company had been paying legal fees for Mulcaire, a “convicted felon” – a charge James Murdoch admitted.

He said: “I do know certain legal fees were paid for Mr Mulcaire by the company and I was as surprised and shocked to learn that as you are.”

But he denied the fees were paid to buy Mulcaire’s “cooperation and silence”, saying: “When the allegations came out I said: ‘Are we doing this? Is this what the company’s doing?’

“The strong (legal) advice was that from time to time it’s important and customary even to pay co-defendants’ legal fees.”

Read More Via -http://crooksandliars.com/karoli/murdoch-organization-still-paying-phone-hac

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit