Search This Blog

Showing posts with label Server breached. Show all posts

Over 100,000 Spam Emails were Sent when Hackers Broke Into FBI Servers


An email spam watchdog group discovered that an apparently malevolent hacker sent spam emails to at least 100,000 people from an FBI email server on Friday night. The individual's motivations remain unknown. The email message was a strange, incomprehensible warning that included cybersecurity journalist Vinny Troia and a cybercriminal gang known as The Dark Overlord. In January, Troia's company, Night Lion Security, released research on The Dark Overlord. 

 The hacker signed off as the Cyber Threat Detection and Analysis Group of the US Department of Homeland Security, which hasn't existed in at least two years. The FBI often alerts American corporations to cyber threats aimed at certain industries or when it learns of criminal hackers employing a successful new tactic. This is thought to be the first instance of a threat actor gaining access to one of those systems in order to distribute spam to a large number of individuals. 

 Hackers broke into the Federal Bureau of Investigation's email servers and sent spam messages, according to the FBI. Hackers were unable to access any personal identifiable information or other information on the bureau's network, according to the bureau. The FBI claimed in a statement on Saturday that the bogus emails seemed to come from a valid FBI email account ending in The hardware affected by the incident was "immediately taken offline upon discovery of the issue," according to the FBI. 

 The incident follows a series of high-profile hacking attacks on US government networks in recent months, including a Russian-based attack that compromised at least nine federal agencies and a Chinese-based hacking campaign so severe that the Cybersecurity and Infrastructure Security Agency had to issue a rare mandate requiring all government agencies to update their software immediately.

 An FBI official said in an amended statement on Sunday that the hacker discovered and exploited a flaw in how an agency messaging system is configured, but that they were unable to access FBI information. 

"The FBI is aware of a software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake emails. LEEP is FBI IT infrastructure used to communicate with our state and local law enforcement partners," the emailed statement said.

Secure your Home Server from being used as a Hacking Server by Crooks

SSH also referred to as Secure Shell, is a cryptographic network protocol which secures remote login from one computer to another. It is employed by almost all the Linux sysadmins and although Windows users are more acquainted with Remote Desktop Protocol (RDP), many of Window sysadmins also use SSH instead of RDP, the reason being its Raw power.

RDP provides full graphical remote control of a Windows computer to its users along with access to the regular Windows desktop through keyboard and mouse, whereas SSH, which is comparatively more genric, allows user to run almost every program remotely which further lets him administer the system automatically from a distance through pre-written scripts or by entering commands live, it also allows user to do both simultaneously.

Resultantly, cybercriminals who somehow can get access to a user's SSH password can also access his system, if not the entire network.

Network tunneling is another feature provided by SSH, wherein, users build an encrypted network connection between multiple computers, they start from one computer to another and extends that connection to a third system to carry out the online work.

SSH server also acts as a special-purpose VPN or encrypting proxy when it allows users to redirect network traffic when they are on the go.

Therefore, criminals who have access to any user's SSH password can use his server as the basis for his future attacks and the victims would be blaming the owner of the server.

Now, unfortunately, people have an SSH server at their home even if they don't realize it as home routers have a pre-configured SSH server which is placed for administrative reasons.

While hacking, cybercriminals do not differentiate between the SSH servers manages by users themselves and those managed by their ISP's, they go on exploiting regardless, as these servers can potentially allow them to breach data and make a profit via reselling it.

Users are advised to take the time to understand and get familiar with their router's configuration settings, in the cases where it is not managed by ISP. Furthermore, turn off all the features you don't require and also the ones you are not certain about. Lastly, ensure that you are using the latest version.

Larceny of $70 million from the largest crypto-mining marketplace

The notice announcing "service unavailable" as well as an official press release was displayed on the website of the Slovenian digital currency mining firm NiceHash, which it said endured a hack of its Bitcoin wallet on the seventh of December.

 In a video update that streamed live on Facebook, the CEO and co-founder Marko Kobal provided an update to a rather startling declaration that the organization, established in 2014, had been subjected to a hack and ensuing theft which additionally compromised its payment system also.

 The news was accompanied by the increasing reports of vacant wallets as well as an additionally expanded downtime period for the service's website; every one of the operations for the website in question has been halted for the following 24 hours.

As per Kobal, the attack began in the early hours of December 6 after a worker's PC had been compromised , he further added that their team is working with law enforcement and clarified that " we're still conducting a forensic analysis” to determine how it all happened and to discover the exact amount of bitcoin that was stolen.

Kobal went ahead to state that he couldn't give extra points of interest, however, he added that the attack seems, by all accounts, to be “an incredibly coordinated and highly sophisticated one.”

However the Wall Street Journal reported that, Andrej P. Škraba, the head of the marketing at NiceHash, affirmed to the outlet that roughly 4,700 bitcoins, worth up to $70 million disappeared from NiceHash's bitcoin wallet, Škraba also told the Journal that he too like Kobal trusted that "it was a professional attack", but would not give any more information on the matter, taking note of that the further improvements would be released at a later date.

NiceHash, which exhorted its clients to change their online passwords after it stopped operations on Wednesday, has given a couple of other insights about the attack on its payment system also.

"We ask for patience and understanding while we investigate the causes and find the appropriate solutions for the future of the service", it said on its website.

The Slovenian police said that were investigating the hack, but however, declined to further comment.

RedHack hackers breached Turkish Finance Ministry but officials deny it

The famous hacker collective RedHack claimed to have hacked into the systems of Turkish Ministry of Finance, as part of the protest against the fact that the salary raises of civil servants had been 'ridiculously small.'

However, Turkey Finance Ministry has denied the hacking claims from RedHack.

“All systems provided by the ministry through the Internet have been working without any problem,” Hurriyet Daily News quoted the statement from the ministry .

A legal investigation into RedHack was launched after the group staged a cyber attack on the Ankara Police Department’s website in February 2012.

Turkish authorities have named RedHack as a terrorist group. Prosecutors demanded up to 24 years in prison for alleged members of the hacker group for the cyberattacks they’ve launched against government systems over the past years.

In the first hearing, held Nov. 26, an Ankara court freed three arrested suspects in the alleged hacking case, pending trial.